\n if input.tail and input.type != 'radio':\n param['description'] = enforce_period(input.tail)\n elif isinstance(input, lxml.html.SelectElement):\n if args.verbose >= 2:\n print(f'Found select element: name={input.name} value={input.value} value_options={input.value_options} multiple={input.multiple} attrib={input.attrib}')\n\n # Strip any trailing []\n input.name = re.sub(r'\\[]$', '', input.name)\n\n if input.attrib.get('class') == 'form-control' and input.attrib.get('data-toggle') == 'collapse':\n args.type_param = input.name\n\n if input.value is not None:\n param['default'] = input.value\n\n if input.value_options is not None:\n if input.name == 'interface':\n param['type'] = 'str'\n # If a GW Group is present, allow them - this would be better to check for GW Group in the option text\n # but this would require extracting that which will take a bit of work\n if any('GW' in s for s in input.value_options):\n param['parse'] = 'p2o_interface_with_gwgroup'\n if 'p2o_interface_with_gwgroup' not in args_imports:\n args_imports.append('p2o_interface_with_gwgroup')\n\n # By default, interfaces will be parsed allowing virtual interfaces. If not allowed we need a different parser.\n elif len(set(input.value_options).intersection(['enc0', 'openvpn'])) == 0:\n param['parse'] = 'p2o_interface_without_virtual'\n if 'p2o_interface_without_virtual' not in args_imports:\n args_imports.append('p2o_interface_without_virtual')\n else:\n if input.multiple:\n param['type'] = 'list'\n param['default'] = []\n for selected in input.value:\n print(f'selected = {selected}')\n param['default'].append(selected)\n else:\n param['type'] = 'str'\n param['choices'] = input.value_options\n param['multiple'] = input.multiple\n\n elif input.tag == 'textarea':\n param['type'] = 'str'\n\n# \n\n form_groups = input.xpath('./ancestor::div[@class=\"form-group\"]')\n if form_groups:\n form_group = form_groups[0]\n descr_elt = form_group.find('*span')\n if descr_elt is not None:\n if descr_elt.text:\n if args.verbose >= 2:\n print(f'Found descr_elt {descr_elt.tag} {descr_elt.text} {descr_elt.attrib}')\n if input.get('type') == 'radio':\n param['description'] = f'{descr_elt.text.strip()} of the {module_name}.'\n else:\n param['description'] += f'{descr_elt.text.strip()} of the {module_name}.'\n if 'class' in descr_elt.attrib and descr_elt.attrib['class'] == 'element-required':\n if args.verbose >= 2:\n print(f'Found element-required')\n param['required'] = True\n else:\n if args.verbose >= 3:\n print(f'Could not find descriptive element for item')\n help_elt = form_group.find('./div/span[@class=\"help-block\"]')\n if help_elt is not None and help_elt.text is not None:\n if args.verbose >= 2:\n print(f'help_elt text {help_elt.text.strip()}')\n descr = enforce_period(help_elt.text.strip())\n if input.get('type') == 'radio':\n param['description'] = f' {descr}'\n else:\n param['description'] += f' {descr}'\n\n if args.verbose >= 2:\n print(f'Final param = {param}\\n')\n params[input.name] = param\n\nif not args.is_config:\n # Key is handled separately from other parameters so remove it\n # TODO - keep the description, etc?\n params.pop(module_key, None)\n\n# Debug\nif args.verbose >= 2:\n print(f'Web paramters: {params.keys()}')\n\n# Determine the type of the bool parameters\nbool_style = None\nbool_values = {}\nfor name, param in params.items():\n if param.get('type') != 'bool':\n continue\n bool_values[name] = param['value']\n if bool_style is None:\n bool_style = param['value']\n elif bool_style != param['value']:\n # Not consistent\n bool_style = 'inconsistent'\n\n# Determine if the form produces different types of items\nif args.type_param in params_full:\n # The type of item is recorded in the item configuration\n module_type = params_full[args.type_param]['example']\n if args.type_suffix is True:\n module_name += f'_{module_type}'\n if isinstance(args.type_suffix, str):\n module_name += f'_{args.type_suffix}'\nelif (match := re.match(r'type=([^&]+)', uri.query)):\n module_type = match.group(1)\n module_name += f'_{module_type}'\nelif args.type_param in params:\n # The type of item is purely a fuction of the web form\n choices = params[args.type_param].get('choices')\n if choices is None:\n sys.exit(f\"Detected item type parameter '{args.type_param}' but no choices parameter in {params[args.type_param]}. You must set --type-suffix to something.\")\n if args.type_suffix not in params[args.type_param]['choices']:\n sys.exit(f\"Detected item type parameter '{args.type_param}' with choices {params[args.type_param]['choices']}. You must set --type-suffix to one of these.\")\n else:\n module_type = args.type_suffix\n module_name += f'_{args.type_suffix}'\n params_full[args.type_param] = params[args.type_param]\n args.keep_params = True\nelse:\n module_type = None\n\nif not args.is_config:\n # Consistency\n params_web_only = list(set(params.keys()) - set(params_full.keys()))\n if args.verbose >= 2:\n print('Web parameters not in xml: ' + str(params_web_only))\n\n # Cleanup extra web parameters\n for param in params_web_only:\n # See if the items are numbered, likely maps to an unnumbered XML tag\n newp = re.sub(r'0$', '', param)\n if newp != param:\n if newp in params_full:\n if args.verbose >= 2:\n print(f'Renaming {param} to {newp}')\n params[newp] = params.pop(param)\n continue\n\n # See if the items are prefixed by a type, likely maps to un-prefixed XML tag\n newp = re.sub(f'^{module_type}_', '', param)\n if newp != param:\n if newp in params_full and newp not in params:\n if args.verbose >= 2:\n print(f'Renaming {param} to {newp}')\n params[newp] = params.pop(param)\n continue\n\n # Common renamings\n for f, t in [('dst', 'destination'), ('src', 'source')]:\n if param == f and t in params_full:\n if args.verbose >= 2:\n print(f'Renaming {f} to {t}')\n params[t] = params.pop(f)\n break\n else:\n # Otherwise, drop - probably just used to construct the final elements\n if param in params and not args.keep_params:\n if args.verbose >= 2:\n print(f'Removing {param}')\n del params[param]\n\n params_xml_only = list(set(params_full.keys()) - set(params.keys()) - {module_key, 'refid'})\n if args.verbose >= 2:\n print(f'XML parameters not in web: {params_xml_only}\\n')\n if len(params_xml_only) > 0:\n print(f'You may need to use {module_node.upper()}_MAP_PARAMS')\n\n for param in params_xml_only:\n params[param] = params_full[param]\n\n # Create some sample descriptions\n for name, param in params.items():\n # TODO - wrap long descriptions\n if 'description' not in param or param['description'] == '':\n param['description'] = f'The {name} of the {module_node}.'\n if 'example' not in param or param['example'] == '':\n if name in params_full and 'example' in params_full[name]:\n param['example'] = params_full[name]['example']\n if 'default' in param:\n param['description'] += f' Defaults to {param[\"default\"]}.'\n\nif args.is_config:\n module_base = 'PFSenseModuleConfigBase'\n\n# Generate PFSense module name\nif package == 'core':\n pfsense_module_name = 'PFSense' + ''.join([word.capitalize() for word in module_name.split('_')]) + 'Module'\nelse:\n pfsense_module_name = f'PFSense{package}' + ''.join([word.capitalize() for word in module_name.split('_')[1:]]) + 'Module'\n\n# Template variables\ncontext = dict(\n module_base=module_base,\n module_name=module_name,\n module_root=module_root,\n module_node=module_node,\n module_key=module_key,\n pfsense_module_name=pfsense_module_name,\n params=params,\n params_xml_only=params_xml_only,\n name_param=name_param,\n bool_style=bool_style,\n bool_values=bool_values,\n args_imports=args_imports,\n is_config=args.is_config,\n is_simple_package=is_simple_package,\n is_full_package=is_full_package,\n package=package,\n author_name=args.author_name,\n author_email=args.author_email,\n author_handle=args.author_handle,\n php_requires=php_requires,\n php_save=php_save,\n php_subsystem=php_subsystem,\n year=datetime.date.today().year,\n)\n\n# Render our module!\njenv = jinja2.Environment(loader=jinja2.FileSystemLoader(\"misc/\"), trim_blocks=True, keep_trailing_newline=True)\njenv.filters['dict2items'] = dict_to_list_of_dict_key_value_elements\njenv.filters['unique'] = unique\ntemplate = jenv.get_template(\"pfsense_module.py.j2\")\n\nfilename = f'plugins/modules/pfsense_{module_name}.py'\nif os.path.isfile(filename) and not args.force:\n sys.exit(f'{filename} already exists! Use --force to overwrite.')\nif args.verbose > 0:\n print(f'Writing module {filename} with {context}')\nelse:\n print(f'Writing module {filename}')\nf = open(f'{filename}', 'w')\nf.write(template.render(context))\nf.close()\n"
},
{
"path": "misc/pytest",
"content": "#!/bin/sh\n\nmisc/local2ansible\nif [ ! -f .coveragerc ]; then\n cp -f misc/.coveragerc .\nfi\npython3 -m pytest -v -r a test/units/modules/network/pfsense/ test/units/plugins/lookup/test_pfsense.py --cov --cov-report html $*\n"
},
{
"path": "misc/run_ansible_sanity_tests",
"content": "#!/bin/sh\n\nif [ -z \"${ANSIBLE_HOME}\" ]\nthen\n echo \"ANSIBLE_HOME is undefined. Go into ansible directory and run 'source hacking/env-setup'\"\n exit 1\nfi\n\nmisc/local2ansible\n\nTO_CHECK='lib/ansible/modules/network/pfsense/\n lib/ansible/module_utils/network/pfsense/\n lib/ansible/plugins/lookup/pfsense.py\n test/units/modules/network/pfsense/'\n\ncd ${ANSIBLE_HOME}\nansible-test sanity --python 3.5 ${TO_CHECK} $*\nansible-test sanity --python 2.7 ${TO_CHECK} $*\n"
},
{
"path": "misc/setup_units_tests",
"content": "#!/bin/sh\n\nif [ -z \"${ANSIBLE_HOME}\" ]\nthen\n echo \"ANSIBLE_HOME is undefined. Go into ansible directory and run 'source hacking/env-setup'\"\n exit 1\nfi\n\nrm -f test/units/compat test/units/modules/utils.py test/units/modules/utils.pyc test/units/module_utils test/units/__init__.py test/units/__init__.pyc test/units/modules/__init__.py test/units/modules/__init__.pyc\n\nln -s ${ANSIBLE_HOME}/test/units/compat test/units/compat\nln -s ${ANSIBLE_HOME}/test/units/modules/utils.py test/units/modules/utils.py\nln -s ${ANSIBLE_HOME}/test/units/module_utils test/units/module_utils\n\ntouch test/units/__init__.py\ntouch test/units/modules/__init__.py\n\n"
},
{
"path": "plugins/lookup/pfsense.py",
"content": "# -*- coding: utf-8 -*-\n\n# Copyright: (c) 2018, Frederic Bor \n# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)\n\nfrom __future__ import (absolute_import, division, print_function)\n__metaclass__ = type\n\nDOCUMENTATION = \"\"\"\nname: pfsense\nauthor: Frederic Bor (@f-bor)\nversion_added: 0.1.0\nshort_description: Generate pfSense aliases, rules and rule_separators\ndescription:\n- This lookup plugin is designed to be used with pfsense_aggregate module.\n It takes a yaml file and generate list of aliases and rules definitions.\n The aim is to be able to easily manage a fleet of pfSenses and avoiding any\n redundant work, like defining the sames hosts/ports aliases or rules\n on multiples pfSenses. The plugin determine what is required to be defined\n on each pfsense, leaving to the network administrator only the task of updating\n the yaml definition file.\noptions:\n file:\n description: The yaml file defining the network\n type:\n description: What to generate\n choices:\n - aliases\n - rules\n - rule_separators\n\"\"\"\n\nEXAMPLES = \"\"\"\n- name: Get all aliases to be defined\n debug:\n aliases: \"{{ lookup('pfsensible.core.pfsense', 'all_pf_defs.yml', 'aliases') }}\"\n\n- name: Get all rules to be defined\n debug:\n rules: \"{{ lookup('pfsensible.core.pfsense', 'all_pf_defs.yml', 'rules') }}\"\n\n- name: Get all rule_separators to be defined\n debug:\n rule_separators: \"{{ lookup('pfsensible.core.pfsense', 'all_pf_defs.yml', 'rule_separators') }}\"\n\n\"\"\"\n\nRETURN = \"\"\"\n _list:\n description:\n - list of dictionaries with aliases, rules or rule_separators\n type: list\n\"\"\"\n\n\"\"\"\nTo determine if a rule and corresponding aliases has to be declared on a pfsense\nand on which interfaces, the plugin check if rule source or destination is\nmatching any local or routed network on the pfsense. To avoid having every rule\ndeclared on a wan interface, if a rule can be declared on multiple interfaces\nit is not on the ones routing 0.0.0.0/0 if there is another which is not routing it.\nIf a network is declared as remote (routed thru) on an interface and is also defined\nas the local network on an interface of the target pfsense, the local network is preffered.\nThe same apply to adjacent networks, which indicates neighbor networks that are routed thru a pfSense.\n\nFollowing pfSense rule definition (one host/alias per source/destination,\none port/alias per source/destination), each rule declared in the yaml is breaked\ninto smaller rules until having rules than can be declared.\n\nThe generated rules order follows the yaml file rules order.\n\nRule separators name are taken from parent rules' groups (see 'ADMIN', 'VOIP',\n'MISC' or 'ACTIVE DIRECTORY' in the example below). Nested groups generate separators\nnames in the form 'GROUP1 - GROUP2 - ...'\n\nYou can define a default value for all rules and subrules of a separator using\nthe name 'options'. The parameters supported this way are gateway, log, queue, ackqueue,\nin_queue, out_queue and sched. You can override those default values setting other values\non a deeper options set or inside the rule definition.\n\nYou can use an extra parameter in rules and options, filter, to restrict the rule\ngeneration only to the pfsenses set in this parameter. Same goes for ifilter and interfaces.\n\nThe yaml file must include the following definitions to describe the network topology:\n- pfsenses\n- rules\n- hosts_aliases\n- ports_aliases\n\nYou can run the plugin alone to debug rules and aliases generation, for example:\n- ./lookup_plugins/pfsense.py defs.yml pf1\n- ./lookup_plugins/pfsense.py defs.yml pf1 ping_from_poc3\n\nA typical pfsense_aggregate task using the lookup plugin will look like this:\n tasks:\n - name: \"setup aliases & rules\"\n pfsense_aggregate:\n purge_aliases: true\n purge_rules: true\n purge_rule_separators: true\n aggregated_aliases: |\n {{ lookup('pfsensible.core.pfsense', 'defs.yml', 'aliases') }}\n aggregated_rules: |\n {{ lookup('pfsensible.core.pfsense', 'defs.yml', 'rules') }}\n aggregated_rule_separators: |\n {{ lookup('pfsensible.core.pfsense', 'defs.yml', 'rule_separators') }}\n\n\nHere is an example of yaml file:\n---\n\npfsenses:\n pf1: {\n interfaces: {\n lan: { ip: 192.168.1.1/24, adjacent_networks: lan_data_poc4 },\n lan_100: { ip: 172.16.1.1/24 },\n vpn: { remote_networks: lan_data_all lan_voip_all},\n }\n }\n\n pf2: {\n interfaces: {\n lan: { ip: 192.168.2.1/24 },\n lan_100: { ip: 172.16.2.1/24 },\n vpn: { remote_networks: lan_data_all lan_voip_all},\n }\n }\n\n pf3: {\n interfaces: {\n bridge_lan: { ip: 192.168.3.1/24, remote_networks: lan_data_all, bridge: True },\n bridge_lan_100: { ip: 172.16.3.1/24, remote_networks: lan_voip_all, bridge: True },\n wan: { remote_networks: 0.0.0.0/0 }\n }\n }\n\nrules:\n options: { log: yes }\n\n ADMIN:\n antilock_out: { src: any, dst: any, protocol: tcp, dst_port: port_ssh port_http 443 }\n admin_bypass: { src: srv_admin, dst: any }\n MISC:\n ping_from_poc3: { src: lan_poc3_all, dst: srv_admin, protocol: icmp }\n\n VOIP:\n voip_conf_tftp: { src: all_ipbx, dst: lan_voip_all, dst_port: 69, protocol: udp }\n\n ACTIVE DIRECTORY:\n ads_to_ads_tcp: { src: all_ads, dst: all_ads, dst_port: port_dns port_ldap port_ldap_ssl, protocol: tcp }\n ads_to_ads_udp: { src: all_ads, dst: all_ads, dst_port: port_dns port_ldap, protocol: udp }\n\n DNS:\n options: { log: no }\n any_to_local_dns: {src: any, dst: all_ads, dst_port: port_dns, protocol: udp }\n\nhosts_aliases:\n # hosts\n ipbx_poc1: { ip: 172.16.1.3 }\n ipbx_poc2: { ip: 172.16.2.3 }\n ipbx_poc3: { ip: 172.16.3.3 }\n all_ipbx: { ip: ipbx_poc1 ipbx_poc2 ipbx_poc3 }\n\n ad_poc1: { ip: 192.168.1.3 }\n ad_poc2: { ip: 192.168.2.3 }\n ad_poc3: { ip: 192.168.3.3 }\n all_ads: { ip: ad_poc1 ad_poc2 ad_poc3 }\n\n # networks\n lan_voip_poc1: { ip: 172.16.1.0/24 }\n lan_voip_poc2: { ip: 172.16.2.0/24 }\n lan_voip_poc3: { ip: 172.16.3.0/24 }\n lan_voip_all : { ip: lan_voip_poc1 lan_voip_poc2 lan_voip_poc3 }\n\n lan_data_poc1: { ip: 192.168.1.0/24 }\n lan_data_poc2: { ip: 192.168.2.0/24 }\n lan_data_poc3: { ip: 192.168.3.0/24 }\n lan_data_poc4: { ip: 192.168.4.0/24 }\n lan_data_all : { ip: lan_data_poc1 lan_data_poc2 lan_data_poc3 lan_data_poc4 }\n\n lan_poc3_all : { ip: lan_voip_poc3 lan_data_poc3 }\n\n srv_admin: { ip: 192.168.1.165 }\n\nports_aliases:\n port_ssh: { port: 22 }\n port_telnet: { port: 23 }\n port_dns: { port: 51 }\n port_http: { port: 80 }\n port_ldap: { port: 389 }\n port_ldap_ssl: { port: 636 }\n\n \"\"\"\n\nfrom copy import copy, deepcopy\nfrom collections import OrderedDict\nfrom ansible.utils.display import Display\nfrom functools import lru_cache\n\ntry:\n from dns import resolver, exception\nexcept ImportError as imp_exc:\n DNS_IMPORT_ERROR = imp_exc\nelse:\n DNS_IMPORT_ERROR = None\n\n\nimport argparse\nimport json\nimport re\nimport socket\nimport sys\nimport yaml\nimport traceback\nimport os\n\nfrom ansible.errors import AnsibleError\nfrom ansible.plugins.lookup import LookupBase\nimport ipaddress\n\nOPTION_FIELDS = [\n 'gateway', 'log', 'queue', 'ackqueue', 'in_queue', 'out_queue', 'queue_error', 'icmptype', 'filter', 'efilter', 'ifilter', 'eifilter', 'sched', 'quick',\n 'direction', 'staticnatport', 'ipprotocol',\n 'associated_rule', 'natreflection',\n]\nOUTPUT_OPTION_FIELDS = ['gateway', 'log', 'queue', 'ackqueue', 'in_queue', 'out_queue', 'queue_error', 'icmptype', 'sched', 'quick', 'direction', 'ipprotocol']\nOUTPUT_SRC_NAT_OPTION_FIELDS = ['staticnatport', 'ipprotocol']\nOUTPUT_DST_NAT_OPTION_FIELDS = ['associated_rule', 'natreflection']\n\ndisplay = Display()\n\n\ndef to_unicode(string):\n \"\"\" return a unicode representation of string if required \"\"\"\n if sys.version_info[0] >= 3:\n return string\n return string.decode(\"utf-8\")\n\n\ndef ordered_load(stream, loader_cls=yaml.SafeLoader, object_pairs_hook=OrderedDict):\n \"\"\" load and return yaml data from stream using ordered dicts \"\"\"\n\n class OrderedLoader(loader_cls):\n def __init__(self, stream):\n self._root = os.path.split(stream.name)[0]\n super(OrderedLoader, self).__init__(stream)\n\n def include(self, node):\n filename = os.path.join(self._root, self.construct_scalar(node))\n with open(filename, 'r') as f:\n return yaml.load(f, OrderedLoader)\n\n def construct_mapping(loader, node):\n loader.flatten_mapping(node)\n return object_pairs_hook(loader.construct_pairs(node))\n\n if DNS_IMPORT_ERROR:\n raise AnsibleError('dns must be installed to use ordered_load from this plugin') from DNS_IMPORT_ERROR\n\n OrderedLoader.add_constructor(\n yaml.resolver.BaseResolver.DEFAULT_MAPPING_TAG,\n construct_mapping)\n OrderedLoader.add_constructor(\n '!include',\n OrderedLoader.include)\n return yaml.load(stream, OrderedLoader)\n\n\ndef static_vars(**kwargs):\n \"\"\" static decorator to declare static vars \"\"\"\n\n def decorate(func):\n \"\"\" static decorator func \"\"\"\n for k in kwargs:\n setattr(func, k, kwargs[k])\n return func\n return decorate\n\n\n@lru_cache(maxsize=None)\ndef to_ip_address(address):\n \"\"\" convert address to IPv4Address or IPv6Address \"\"\"\n return ipaddress.ip_address(to_unicode(address))\n\n\n@lru_cache(maxsize=None)\ndef to_ip_network(address, strict=True):\n \"\"\" convert address to IPv4Network or IPv6Network \"\"\"\n return ipaddress.ip_network(to_unicode(address), strict=strict)\n\n\n@lru_cache(maxsize=None)\n@static_vars(\n classA=ipaddress.IPv4Network((u\"10.0.0.0\", u\"255.0.0.0\")),\n classB=ipaddress.IPv4Network((u\"172.16.0.0\", u\"255.240.0.0\")),\n classC=ipaddress.IPv4Network((u\"192.168.0.0\", u\"255.255.0.0\")),\n)\ndef is_private_ip(address):\n \"\"\" check if ip address is class A, B or C \"\"\"\n if not isinstance(address, ipaddress.IPv4Address):\n ip_address = to_ip_address(to_unicode(address))\n else:\n ip_address = address\n return ip_address in is_private_ip.classA or ip_address in is_private_ip.classB or ip_address in is_private_ip.classC\n\n\n@lru_cache(maxsize=None)\n@static_vars(\n classA=ipaddress.IPv4Network((u\"10.0.0.0\", u\"255.0.0.0\")),\n classB=ipaddress.IPv4Network((u\"172.16.0.0\", u\"255.240.0.0\")),\n classC=ipaddress.IPv4Network((u\"192.168.0.0\", u\"255.255.0.0\")),\n)\ndef is_private_network(address):\n \"\"\" check if network is class A, B or C \"\"\"\n if not isinstance(address, ipaddress.IPv4Network):\n net = to_ip_network(to_unicode(address))\n else:\n net = address\n return net.subnet_of(is_private_network.classA) or net.subnet_of(is_private_network.classB) or net.subnet_of(is_private_network.classC)\n\n\n@lru_cache(maxsize=None)\n@static_vars(\n ip_broadcast=ipaddress.IPv4Address((u\"255.255.255.255\")),\n net_multicast=ipaddress.IPv4Network((u\"224.0.0.0\", u\"255.255.255.0\")),\n)\ndef is_ip_broadcast(address):\n \"\"\" check if ip address is ip broadcast address \"\"\"\n if not isinstance(address, ipaddress.IPv4Address):\n ip_address = to_ip_address(to_unicode(address))\n else:\n ip_address = address\n return ip_address == is_ip_broadcast.ip_broadcast or ip_address in is_ip_broadcast.net_multicast\n\n\n@static_vars(re_cache=None)\ndef is_fqdn(address):\n \"\"\" check if address is a fqdn address \"\"\"\n if is_fqdn.re_cache is None:\n is_fqdn.re_cache = re.compile(r'(?=^.{4,253}$)(^((?!-)[a-zA-Z0-9-]{0,62}[a-zA-Z0-9]\\.)+[a-zA-Z]{2,63}$)')\n return is_fqdn.re_cache.match(address) is not None\n\n\ndef resolve_hostname(address, dns_servers=None):\n \"\"\" get ip for hostname \"\"\"\n if dns_servers is None:\n try:\n resolved_ip = socket.gethostbyname(address)\n return resolved_ip\n except socket.gaierror:\n pass\n msg = \"Unable to resolve: {0}\".format(address)\n else:\n if DNS_IMPORT_ERROR:\n raise AnsibleError('dns must be installed to use ordered_load from this plugin') from DNS_IMPORT_ERROR\n\n error = None\n try:\n res = resolver.Resolver()\n res.timeout = 15\n res.lifetime = 15\n res.nameservers = dns_servers\n answers = res.query(address)\n if answers:\n return answers[0].address\n except exception.Timeout:\n error = 'timeout'\n\n msg = \"Unable to resolve: {0} using {1} dns servers\".format(address, ','.join(dns_servers))\n if error is not None:\n msg += ' ({0})'.format(error)\n\n raise AssertionError(msg)\n\n\ndef is_valid_ip(address):\n \"\"\" validate ip address format \"\"\"\n try:\n to_ip_address(to_unicode(address))\n return True\n except ValueError:\n return False\n\n\ndef is_valid_port(port):\n \"\"\" validate port format \"\"\"\n if not port.isdigit():\n return False\n\n nport = int(port)\n return nport >= 0 and nport <= 65535\n\n\ndef is_valid_port_range(port_range):\n \"\"\" validate port range format \"\"\"\n group = re.match(r'^(\\d+)-(\\d+)$', port_range)\n if not group:\n return False\n nport1 = int(group.group(1))\n nport2 = int(group.group(2))\n\n return nport1 >= 0 and nport1 <= 65535 and nport2 >= 0 and nport2 <= 65535\n\n\ndef is_valid_network(address):\n \"\"\" validate network address format \"\"\"\n try:\n to_ip_network(to_unicode(address))\n return True\n except ValueError:\n return False\n\n\ndef rule_product_dict(tab, rule, field, out_field=None):\n \"\"\" Return cartesian product between rule[field] and tab as dicts \"\"\"\n if field not in rule:\n return tab\n if not out_field:\n out_field = field\n out = []\n for new_val in rule[field].split():\n for existing_val in tab:\n obj = existing_val.copy()\n obj[out_field] = new_val\n out.append(obj)\n\n return out\n\n\ndef rule_product_ports(rule, field, field_port):\n \"\"\" Return cartesian product between rule[field] and field_port as string \"\"\"\n if field_port not in rule:\n return rule[field]\n\n aliases = rule[field].split()\n ports = rule[field_port].split()\n ret = []\n for alias in aliases:\n added = False\n for port in ports:\n if port:\n ret.append(alias + \":\" + port)\n added = True\n if not added:\n ret.append(alias)\n\n return ' '.join(ret)\n\n\ndef get_bool(values, field):\n \"\"\" Return boolean field value from values \"\"\"\n field_value = False\n if isinstance(values[field], bool):\n field_value = values[field]\n elif isinstance(values[field], str):\n if values[field].lower() in ['yes', 'true']:\n field_value = True\n elif values[field].lower() not in ['no', 'false']:\n raise AnsibleError('{0} must be yes/no or true/false (got \"{1}\")'.format(field, values[field]))\n return field_value\n\n\nclass PFSenseHostAlias(object):\n \"\"\" Class holding structured pfsense host alias definition \"\"\"\n def __init__(self):\n self.name = None\n self.descr = None\n self.definition = []\n self.ips = []\n self.networks = []\n self.dns = None\n self.fake = False\n\n # define all interfaces on which the alias may be defined as a local source\n # interfaces['gw_poc1_1'] = ['lan', 'obs']\n self.local_interfaces = {}\n\n # define all interfaces on which the alias may be defined as a routed source\n self.routed_interfaces = {}\n\n self._computed = False\n\n def copy(self):\n copy_object = PFSenseHostAlias()\n\n copy_object.name = self.name\n copy_object.descr = self.descr\n copy_object.dns = self.dns\n copy_object.fake = self.fake\n copy_object._computed = self._computed\n copy_object.definition = self.definition[:]\n\n # ips\n copy_object.ips = self.ips[:]\n\n # networks\n copy_object.networks = self.networks[:]\n\n # local_interfaces\n for k, v in self.local_interfaces.items():\n copy_object.local_interfaces[k] = v.copy()\n\n # routed_interfaces\n for k, v in self.routed_interfaces.items():\n copy_object.routed_interfaces[k] = v.copy()\n\n return copy_object\n\n def __str__(self):\n return \"name={0}, descr={1}, definition={2}, ips={3}, networks={4}, local_interfaces={5}, routed_interfaces={6}, fake={7}\".format(\n self.name, self.descr, self.definition, self.ips, self.networks, self.local_interfaces, self.routed_interfaces, self.fake)\n\n def compute_any(self, data):\n \"\"\" Do all computations for object 'any' \"\"\"\n # we add all interfaces of all pfsenses\n for pfsense in data.pfsenses_obj.values():\n for interface in pfsense.interfaces.values():\n self.local_interfaces[pfsense.name].append(interface.name)\n self.routed_interfaces[pfsense.name].append(interface.name)\n\n def compute_all(self, data):\n \"\"\" Do all computations \"\"\"\n if not self._computed:\n self._computed = True\n if self.name != 'any':\n self.compute_addresses(data)\n self.compute_local_interfaces(data)\n self.compute_routed_interfaces(data)\n\n def compute_addresses(self, data):\n \"\"\" Convert all aliases to structured ip addresses or networks \"\"\"\n\n todo = []\n todo.extend(self.definition)\n\n while todo:\n address = todo.pop()\n\n # special case when (self) is used in nat rules\n if address == '':\n continue\n\n # it's an ip address\n try:\n host_ip = to_ip_address(to_unicode(address))\n self.ips.append(host_ip)\n continue\n except ValueError:\n pass\n\n # it's an ip network\n try:\n net = to_ip_network(to_unicode(address))\n self.networks.append(net)\n continue\n except ValueError:\n pass\n\n # it's a fqdn\n if address not in data.all_aliases:\n if is_fqdn(address):\n resolved_ip = resolve_hostname(address, self.dns)\n host_ip = to_ip_address(to_unicode(resolved_ip))\n self.ips.append(host_ip)\n continue\n\n raise AssertionError(\"Invalid address: \" + address + \" for \" + self.name)\n\n # it's another alias\n alias = data.hosts_aliases_obj.get(address)\n if alias is not None:\n if not alias._computed:\n alias.compute_all(data)\n self.ips += alias.ips\n self.networks += alias.networks\n continue\n\n todo.extend(data.all_aliases[address]['ip'].split())\n\n def _is_in_networks(self, interface, fcheckname):\n \"\"\" check if an alias is in a network of an interface \"\"\"\n fcheck = getattr(interface, fcheckname)\n for alias_ip in self.ips:\n if is_ip_broadcast(alias_ip):\n continue\n\n if not fcheck(alias_ip):\n return False\n\n for alias_net in self.networks:\n if not fcheck(alias_net):\n return False\n return True\n\n def is_in_local_network(self, interface):\n \"\"\" check if an alias is in the local network of an interface \"\"\"\n return self._is_in_networks(interface, 'local_network_contains')\n\n def is_in_remote_networks(self, interface):\n \"\"\" check if an alias is in the remote networks of an interface \"\"\"\n return self._is_in_networks(interface, 'remote_networks_contains')\n\n def is_in_adjacent_networks(self, interface):\n \"\"\" check if an alias is in the adjacent networks of an interface \"\"\"\n return self._is_in_networks(interface, 'adjacent_networks_contains')\n\n def compute_routed_interfaces(self, data):\n \"\"\" Find all interfaces on all pfsense where the alias may be used as a routed source \"\"\"\n for pfsense in data.pfsenses_obj.values():\n # if the target alias is local, we do not consider the other interfaces\n self.routed_interfaces[pfsense.name] = set()\n\n if pfsense.name in self.local_interfaces:\n continue\n\n cache = pfsense._interfaces_remote_networks_contains_cache\n _compute = pfsense._interfaces_network_contains\n local_ifaces = self.routed_interfaces[pfsense.name]\n for address in self.ips:\n cache_key = id(address)\n interfaces = cache.get(cache_key)\n if interfaces is None:\n interfaces = _compute(address, 'remote_networks')\n cache[cache_key] = interfaces\n local_ifaces.update(interfaces)\n\n for address in self.networks:\n cache_key = id(address)\n interfaces = cache.get(cache_key)\n if interfaces is None:\n interfaces = _compute(address, 'remote_networks')\n cache[cache_key] = interfaces\n local_ifaces.update(interfaces)\n\n def compute_local_interfaces(self, data):\n \"\"\" Find all interfaces on all pfsense where the alias may be used as a local source \"\"\"\n for pfsense in data.pfsenses_obj.values():\n self.local_interfaces[pfsense.name] = set()\n cache = pfsense._interfaces_local_networks_contains_cache\n _compute = pfsense._interfaces_network_contains\n local_ifaces = self.local_interfaces[pfsense.name]\n for address in self.ips:\n cache_key = id(address)\n interfaces = cache.get(cache_key)\n if interfaces is None:\n interfaces = _compute(address, 'local_networks')\n cache[cache_key] = interfaces\n local_ifaces.update(interfaces)\n\n for address in self.networks:\n cache_key = id(address)\n interfaces = cache.get(cache_key)\n if interfaces is None:\n interfaces = _compute(address, 'local_networks')\n cache[cache_key] = interfaces\n local_ifaces.update(interfaces)\n\n def is_whole_local(self, pfsense):\n \"\"\" check if all ips/networks match a local network interface in pfense \"\"\"\n for alias_ip in self.ips:\n if is_ip_broadcast(alias_ip):\n continue\n\n if not pfsense.any_local_network_contains(alias_ip):\n return False\n\n for alias_net in self.networks:\n if not pfsense.any_local_network_contains(alias_net):\n return False\n\n return True\n\n def routed_by_interfaces(self, pfsense, use_remote_networks=True):\n \"\"\" return all interfaces for which all ips/networks match an adjacent/remote network in pfsense \"\"\"\n\n all_interfaces = set()\n\n # we always search through all interfaces to handle cases with internet\n for alias_ip in self.ips:\n interfaces = pfsense.interfaces_adjacent_or_remote_networks_contains(alias_ip, use_remote_networks=True)\n interfaces = pfsense.hack_internet_routing(interfaces, alias_ip, use_remote_networks=True)\n all_interfaces.update(interfaces)\n\n for alias_net in self.networks:\n interfaces = pfsense.interfaces_adjacent_or_remote_networks_contains(alias_net, use_remote_networks=True)\n interfaces = pfsense.hack_internet_routing(interfaces, alias_net, use_remote_networks=True)\n all_interfaces.update(interfaces)\n\n # if we didn't want the remote interfaces, we only keep the adjacents\n if not use_remote_networks:\n interfaces = set()\n for interface in all_interfaces:\n if self.is_in_adjacent_networks(pfsense.interfaces[interface]):\n interfaces.add(interface)\n all_interfaces = interfaces\n\n return all_interfaces\n\n def is_adjacent_or_remote(self, pfsense):\n \"\"\" check if all ips/networks are in an adjacent/remote network in pfsense \"\"\"\n return len(self.routed_by_interfaces(pfsense, use_remote_networks=True)) > 0\n\n def is_adjacent(self, pfsense):\n \"\"\" check if all ips/networks are in an adjacent network in pfsense \"\"\"\n return len(self.routed_by_interfaces(pfsense, use_remote_networks=False)) > 0\n\n def is_ip_broadcast(self):\n \"\"\" check if an alias is the ip_broadcast \"\"\"\n if len(self.ips) != 1 or self.networks:\n return False\n return is_ip_broadcast(self.ips[0])\n\n def is_whole_in_pfsense(self, pfsense):\n \"\"\" check if all ips/networks have at least one interface in pfsense \"\"\"\n if self.name in pfsense.is_whole_in_pfsense_cache:\n return pfsense.is_whole_in_pfsense_cache[self.name]\n\n for alias_ip in self.ips:\n if is_ip_broadcast(alias_ip):\n pfsense.is_whole_in_pfsense_cache[self.name] = False\n return False\n\n if not pfsense.any_network_contains(alias_ip):\n pfsense.is_whole_in_pfsense_cache[self.name] = False\n return False\n\n for alias_net in self.networks:\n if not pfsense.any_network_contains(alias_net):\n pfsense.is_whole_in_pfsense_cache[self.name] = False\n return False\n\n pfsense.is_whole_in_pfsense_cache[self.name] = True\n return True\n\n def is_whole_not_in_pfsense(self, pfsense):\n \"\"\" check if all ips/networks have at least one interface in pfsense \"\"\"\n if self.name in pfsense.is_whole_not_in_pfsense_cache:\n return pfsense.is_whole_not_in_pfsense_cache[self.name]\n\n for alias_ip in self.ips:\n if is_ip_broadcast(alias_ip):\n pfsense.is_whole_not_in_pfsense_cache[self.name] = False\n return False\n if pfsense.any_network_contains(alias_ip):\n pfsense.is_whole_not_in_pfsense_cache[self.name] = False\n return False\n\n for alias_net in self.networks:\n if pfsense.any_network_contains(alias_net):\n pfsense.is_whole_not_in_pfsense_cache[self.name] = False\n return False\n\n pfsense.is_whole_not_in_pfsense_cache[self.name] = True\n return True\n\n def is_whole_in_same_routing_ifaces(self, pfsense):\n \"\"\" check if all ips/networks have the same interfaces in pfense \"\"\"\n if self.name in pfsense.is_whole_in_same_routing_ifaces_cache:\n return pfsense.is_whole_in_same_routing_ifaces_cache[self.name]\n\n # we loop through all ips/networks in the alias\n # if there is any difference in the interfaces where the address need to be defined\n # then we return False so the parent function split the alias\n target_ar_interfaces = None\n target_local_interfaces = None\n\n for alias_ip in self.ips:\n interfaces = pfsense.interfaces_adjacent_or_remote_networks_contains(alias_ip)\n interfaces = pfsense.hack_internet_routing(interfaces, alias_ip)\n if target_ar_interfaces is None:\n target_ar_interfaces = interfaces\n elif target_ar_interfaces ^ interfaces:\n pfsense.is_whole_in_same_routing_ifaces_cache[self.name] = False\n return False\n\n interfaces = pfsense.interfaces_local_networks_contains(alias_ip)\n interfaces = pfsense.hack_internet_routing(interfaces, alias_ip)\n if target_local_interfaces is None:\n target_local_interfaces = interfaces\n elif target_local_interfaces ^ interfaces:\n pfsense.is_whole_in_same_routing_ifaces_cache[self.name] = False\n return False\n\n for alias_net in self.networks:\n interfaces = pfsense.interfaces_adjacent_or_remote_networks_contains(alias_net)\n interfaces = pfsense.hack_internet_routing(interfaces, alias_net)\n if target_ar_interfaces is None:\n target_ar_interfaces = interfaces\n elif target_ar_interfaces ^ interfaces:\n pfsense.is_whole_in_same_routing_ifaces_cache[self.name] = False\n return False\n\n interfaces = pfsense.interfaces_local_networks_contains(alias_net)\n interfaces = pfsense.hack_internet_routing(interfaces, alias_net)\n if target_local_interfaces is None:\n target_local_interfaces = interfaces\n elif target_local_interfaces ^ interfaces:\n pfsense.is_whole_in_same_routing_ifaces_cache[self.name] = False\n return False\n\n pfsense.is_whole_in_same_routing_ifaces_cache[self.name] = True\n return True\n\n def match_local_interface_ip(self, pfsense):\n \"\"\" Return True if the alias IP matches one interface on the pfsense \"\"\"\n all_local_ips = pfsense._all_local_ips\n for alias_ip in self.ips:\n if alias_ip in all_local_ips:\n return True\n return False\n\n\nclass PFSenseRule(object):\n \"\"\" Class holding structured pfsense rule declaration \"\"\"\n def __init__(self):\n self.name = None\n self.separator = None\n self.src = []\n self.src_port = []\n self.dst = []\n self.dst_port = []\n self.src_nat = []\n self.dst_nat = []\n self.dst_nat_port = []\n self.protocol = []\n self.action = \"pass\"\n self.options = dict()\n self.floating = False\n self.force = False\n self.asymmetric = False\n self.invert_dst = False\n self.invert_src = False\n self.invert_dst_nat = False\n self.invert_src_nat = False\n\n self.sub_rules = []\n self.interfaces = None\n self.generated_names = {}\n\n def copy(self):\n copy_object = PFSenseRule()\n copy_object.name = self.name\n copy_object.separator = self.separator\n\n copy_object.src = [alias.copy() for alias in self.src]\n copy_object.dst = [alias.copy() for alias in self.dst]\n\n copy_object.src_port = self.src_port[:]\n copy_object.dst_port = self.dst_port[:]\n copy_object.src_nat = self.src_nat\n copy_object.dst_nat = self.dst_nat\n copy_object.dst_nat_port = self.dst_nat_port\n copy_object.protocol = self.protocol\n copy_object.action = self.action\n copy_object.options = self.options\n copy_object.floating = self.floating\n copy_object.force = self.force\n copy_object.asymmetric = self.asymmetric\n copy_object.invert_dst = self.invert_dst\n copy_object.invert_src = self.invert_src\n copy_object.invert_dst_nat = self.invert_dst_nat\n copy_object.invert_src_nat = self.invert_src_nat\n\n copy_object.sub_rules = [rule.copy() for rule in self.sub_rules]\n\n if self.interfaces is not None:\n copy_object.interfaces = self.interfaces.copy()\n else:\n copy_object.interfaces = None\n\n copy_object.generated_names = self.generated_names.copy()\n\n return copy_object\n\n def _copy_for_decompose(self):\n \"\"\" Lightweight copy for rule decomposition - shares alias objects instead of deep-copying them.\n Callers always replace src or dst immediately after copying. \"\"\"\n copy_object = PFSenseRule()\n copy_object.name = self.name\n copy_object.separator = self.separator\n\n copy_object.src = list(self.src)\n copy_object.dst = list(self.dst)\n\n copy_object.src_port = self.src_port[:]\n copy_object.dst_port = self.dst_port[:]\n copy_object.src_nat = self.src_nat\n copy_object.dst_nat = self.dst_nat\n copy_object.dst_nat_port = self.dst_nat_port\n copy_object.protocol = self.protocol\n copy_object.action = self.action\n copy_object.options = self.options\n copy_object.floating = self.floating\n copy_object.force = self.force\n copy_object.asymmetric = self.asymmetric\n copy_object.invert_dst = self.invert_dst\n copy_object.invert_src = self.invert_src\n copy_object.invert_dst_nat = self.invert_dst_nat\n copy_object.invert_src_nat = self.invert_src_nat\n\n if self.interfaces is not None:\n copy_object.interfaces = self.interfaces.copy()\n else:\n copy_object.interfaces = None\n\n copy_object.generated_names = {}\n\n return copy_object\n\n def get_option(self, name):\n \"\"\" return option value for name \"\"\"\n if name in self.options:\n return self.options[name]\n separator = self.separator\n while separator is not None:\n if separator.options is not None and name in separator.options:\n return separator.options[name]\n separator = separator.parent\n return None\n\n def to_json(self):\n \"\"\" return JSON String containing rule \"\"\"\n srcs = []\n for src in self.src:\n srcs.append(src.name)\n\n dsts = []\n for dst in self.dst:\n dsts.append(dst.name)\n\n res = self.name + \": { src: \" + \" \".join(srcs) + \", dst: \" + \" \".join(dsts)\n\n if self.src_port:\n res += \", src_port: \" + \" \".join(self.src_port)\n\n if self.dst_port:\n res += \", dst_port: \" + \" \".join(self.dst_port)\n\n if self.protocol:\n res += \", protocol: \" + \" \".join(self.protocol)\n\n if self.action != \"pass\":\n res += \", action: \" + \" \".join(self.action)\n\n for field in OUTPUT_OPTION_FIELDS:\n value = self.get_option(field)\n if value is not None:\n res += ', {0}: {1}'.format(field, value)\n\n res += \" }\"\n return res\n\n\nclass PFSenseRuleSeparator(object):\n \"\"\" Class holding structured pfsense rule separator declaration \"\"\"\n def __init__(self):\n self.name = None\n self.interface = None\n self.parent = None\n self.options = None\n\n def __hash__(self):\n return hash(self.name + self.interface)\n\n def __eq__(self, other):\n return self.__class__ == other.__class__ and self.name == other.name and self.interface == other.interface\n\n\nclass PFSenseInterface(object):\n \"\"\" Class holding structured pfsense interface definition \"\"\"\n def __init__(self):\n self.name = None\n self.local_ip = None # first ip defined\n self.local_network = None # first network defined\n self.local_ips = set()\n self.local_networks = set()\n self.remote_networks = set()\n self.adjacent_networks = set()\n self.tags = set()\n self.bridge = False\n self._remote_networks_contains_cache = dict()\n self._adjacent_networks_contains_cache = dict()\n # Pre-split networks by private/public (populated by precompute_network_splits)\n self._private_local_networks = None\n self._public_local_networks = None\n self._private_remote_networks = None\n self._public_remote_networks = None\n self._private_adjacent_networks = None\n self._public_adjacent_networks = None\n\n def precompute_network_splits(self):\n \"\"\" Pre-split networks into private/public for faster containment checks \"\"\"\n for attr in ('local_networks', 'remote_networks', 'adjacent_networks'):\n networks = getattr(self, attr)\n private = []\n public = []\n for net in networks:\n if is_private_network(net):\n private.append(net)\n else:\n public.append(net)\n setattr(self, '_private_' + attr, private)\n setattr(self, '_public_' + attr, public)\n\n @staticmethod\n def _networks_contains(address, networks):\n \"\"\" return true if address is in networks \"\"\"\n if isinstance(address, ipaddress.IPv4Address):\n private_address = is_private_ip(address)\n for snet in networks:\n private_net = is_private_network(snet)\n if private_address and private_net or not private_address and not private_net:\n if address in snet:\n return True\n elif isinstance(address, ipaddress.IPv4Network):\n private_address = is_private_network(address)\n for snet in networks:\n private_net = is_private_network(snet)\n if private_address and private_net or not private_address and not private_net:\n if address.subnet_of(snet):\n return True\n else:\n raise AssertionError('wrong type in remote_networks_contains:' + type(address))\n return False\n\n def remote_networks_contains(self, address):\n \"\"\" return true if address is defined in remote_networks of this interface \"\"\"\n cache_key = id(address)\n res = self._remote_networks_contains_cache.get(cache_key)\n if res is None:\n res = self._networks_contains(address, self.remote_networks)\n self._remote_networks_contains_cache[cache_key] = res\n return res\n\n def adjacent_networks_contains(self, address):\n \"\"\" return true if address is defined in adjacent_networks of this interface \"\"\"\n cache_key = id(address)\n res = self._adjacent_networks_contains_cache.get(cache_key)\n if res is None:\n res = self._networks_contains(address, self.adjacent_networks)\n self._adjacent_networks_contains_cache[cache_key] = res\n return res\n\n def local_network_contains(self, address):\n \"\"\" return true if address is in the local network of this interface \"\"\"\n if self.local_networks:\n for local_network in self.local_networks:\n if isinstance(address, ipaddress.IPv4Address):\n private_address = is_private_ip(address)\n private_net = is_private_network(local_network)\n if private_address and private_net or not private_address and not private_net:\n if address in local_network:\n return True\n elif isinstance(address, ipaddress.IPv4Network):\n private_address = is_private_network(address)\n private_net = is_private_network(local_network)\n if private_address and private_net or not private_address and not private_net:\n if address.subnet_of(local_network):\n return True\n else:\n raise AssertionError('wrong type in local_network_contains:' + type(address))\n return False\n\n def are_in_same_network(self, src, dst):\n \"\"\" return true if both the aliases are in the same network on the interface \"\"\"\n def _match(snet, alias):\n for ip in alias.ips:\n if ip not in snet:\n return False\n for net in alias.networks:\n if not net.subnet_of(snet):\n return False\n return True\n\n for snet in self.local_networks:\n if _match(snet, src) and _match(snet, dst):\n return True\n return False\n\n\nclass PFSense(object):\n \"\"\" Class holding structured pfsense definition \"\"\"\n def __init__(self, name, interfaces):\n self.name = name\n self.interfaces = interfaces\n self.is_whole_in_pfsense_cache = dict()\n self.is_whole_not_in_pfsense_cache = dict()\n self.is_whole_in_same_routing_ifaces_cache = dict()\n self._interfaces_local_networks_contains_cache = dict()\n self._iface_networks_by_attr = {}\n # Pre-computed set of all local IPs across all interfaces\n self._all_local_ips = set()\n for iface in interfaces.values():\n self._all_local_ips.update(iface.local_ips)\n self._interfaces_remote_networks_contains_cache = dict()\n self._interfaces_adjacent_networks_contains_cache = dict()\n self._hack_internet_routing_cache = dict()\n\n def any_adjacent_networks_contains(self, address):\n \"\"\" return true if address is defined in adjacent_networks of any interface \"\"\"\n return len(self.interfaces_adjacent_networks_contains(address)) != 0\n\n def any_remote_networks_contains(self, address):\n \"\"\" return true if address is defined in remote_networks of any interface \"\"\"\n return len(self.interfaces_remote_networks_contains(address)) != 0\n\n def any_local_network_contains(self, address):\n \"\"\" return true if address is defined in local network of any interface \"\"\"\n return len(self.interfaces_local_networks_contains(address)) != 0\n\n def any_network_contains(self, address):\n \"\"\" return true if address is defined in the local, remote or adjacent networks of any interface \"\"\"\n return self.any_local_network_contains(address) or self.any_remote_networks_contains(address) or self.any_adjacent_networks_contains(address)\n\n def _get_iface_networks(self, attr):\n \"\"\" return cached list of (interface_name, networks) for given attr \"\"\"\n result = self._iface_networks_by_attr.get(attr)\n if result is None:\n result = [(iface.name, getattr(iface, attr)) for iface in self.interfaces.values()]\n self._iface_networks_by_attr[attr] = result\n return result\n\n def _interfaces_network_contains(self, address, networks_name):\n \"\"\" return interfaces names where address is in the interface network \"\"\"\n res = set()\n if isinstance(address, ipaddress.IPv4Address):\n if is_private_ip(address):\n attr = '_private_' + networks_name\n else:\n attr = '_public_' + networks_name\n for iface_name, networks in self._get_iface_networks(attr):\n for snet in networks:\n if address in snet:\n res.add(iface_name)\n break\n elif isinstance(address, ipaddress.IPv4Network):\n if is_private_network(address):\n attr = '_private_' + networks_name\n else:\n attr = '_public_' + networks_name\n for iface_name, networks in self._get_iface_networks(attr):\n for snet in networks:\n if address.subnet_of(snet):\n res.add(iface_name)\n break\n else:\n raise AssertionError('wrong type in _interfaces_network_contains:' + type(address))\n return frozenset(res)\n\n def interfaces_local_networks_contains(self, address):\n \"\"\" return interfaces names where address is in the interface local network \"\"\"\n cache_key = id(address)\n res = self._interfaces_local_networks_contains_cache.get(cache_key)\n if res is None:\n res = self._interfaces_network_contains(address, 'local_networks')\n self._interfaces_local_networks_contains_cache[cache_key] = res\n return res\n\n def interfaces_remote_networks_contains(self, address):\n \"\"\" return interfaces names where address is in the interface remote networks \"\"\"\n cache_key = id(address)\n res = self._interfaces_remote_networks_contains_cache.get(cache_key)\n if res is None:\n res = self._interfaces_network_contains(address, 'remote_networks')\n self._interfaces_remote_networks_contains_cache[cache_key] = res\n return res\n\n def interfaces_adjacent_networks_contains(self, address):\n \"\"\" return interfaces names where address is in the interface adjacent networks \"\"\"\n cache_key = id(address)\n res = self._interfaces_adjacent_networks_contains_cache.get(cache_key)\n if res is None:\n res = self._interfaces_network_contains(address, 'adjacent_networks')\n self._interfaces_adjacent_networks_contains_cache[cache_key] = res\n return res\n\n def interfaces_adjacent_or_remote_networks_contains(self, address, use_remote_networks=True):\n \"\"\" return interfaces names where address is in the interface local or remote networks \"\"\"\n if use_remote_networks:\n return self.interfaces_adjacent_networks_contains(address) | self.interfaces_remote_networks_contains(address)\n return self.interfaces_adjacent_networks_contains(address)\n\n @static_vars(internet=ipaddress.IPv4Network((u\"0.0.0.0\", u\"0.0.0.0\")))\n def hack_internet_routing(self, interfaces, address, use_remote_networks=True):\n \"\"\" internet (defined as route to 0.0.0.0/0) is an issue to automatically detect interfaces on which routing is done,\n because every host or network match.\n If multiple interfaces can be used and there is at least one specific route which match the address,\n we consider the internet ones as mistakes and remove them \"\"\"\n if not isinstance(interfaces, frozenset):\n interfaces = frozenset(interfaces)\n key = (interfaces, id(address), use_remote_networks)\n res = self._hack_internet_routing_cache.get(key)\n if res is None:\n has_non_internet = False\n internet_interfaces = set()\n is_net = isinstance(address, ipaddress.IPv4Network)\n for interface in interfaces:\n route_found = False\n internet_found = False\n if use_remote_networks:\n for network in self.interfaces[interface].remote_networks:\n if network == self.hack_internet_routing.internet:\n internet_found = True\n elif is_net and address.overlaps(network) or not is_net and address in network:\n route_found = True\n\n for network in self.interfaces[interface].adjacent_networks:\n if network == self.hack_internet_routing.internet:\n internet_found = True\n elif is_net and address.overlaps(network) or not is_net and address in network:\n route_found = True\n\n if route_found:\n has_non_internet = True\n elif internet_found:\n internet_interfaces.add(interface)\n\n if has_non_internet:\n res = interfaces - frozenset(internet_interfaces)\n else:\n res = interfaces\n self._hack_internet_routing_cache[key] = res\n\n return res\n\n\nclass PFSenseData(object):\n \"\"\" Class holding all data \"\"\"\n\n def __init__(self, hosts_aliases, ports_aliases, pfsenses, rules, target_name, gendiff=False, debug=None, aggregate=True):\n self._hosts_aliases = hosts_aliases\n self._ports_aliases = ports_aliases\n self._pfsenses = pfsenses\n self._rules = rules\n self._rules_separators = list()\n self._target_name = target_name\n self._rules_obj = OrderedDict()\n self._pfsenses_obj = {}\n self._hosts_aliases_obj = OrderedDict()\n self._target = None\n self._errors = []\n self.log_errors = False\n self.gendiff = gendiff\n self.debug = debug\n self.aggregate = aggregate\n self._all_aliases = copy(self._hosts_aliases)\n self._all_aliases.update(self._ports_aliases)\n\n self._ignored_aliases = set()\n self._ignored_rules = set()\n self._hosts_alias_by_content = None\n\n @property\n def all_aliases(self):\n \"\"\" all_aliases getter \"\"\"\n return self._all_aliases\n\n @property\n def hosts_aliases(self):\n \"\"\" hosts_aliases getter \"\"\"\n return self._hosts_aliases\n\n @property\n def ignored_aliases(self):\n \"\"\" ignored_aliases getter \"\"\"\n return self._ignored_aliases\n\n @property\n def hosts_aliases_obj(self):\n \"\"\" hosts_aliases_obj getter \"\"\"\n return self._hosts_aliases_obj\n\n @property\n def ports_aliases(self):\n \"\"\" ports_aliases getter \"\"\"\n return self._ports_aliases\n\n @property\n def pfsenses(self):\n \"\"\" pfsenses getter \"\"\"\n return self._pfsenses\n\n @property\n def pfsenses_obj(self):\n \"\"\" pfsenses_obj getter \"\"\"\n return self._pfsenses_obj\n\n @property\n def rules_obj(self):\n \"\"\" rules_obj getter \"\"\"\n return self._rules_obj\n\n @property\n def rules(self):\n \"\"\" rules getter \"\"\"\n return self._rules\n\n @property\n def ignored_rules(self):\n \"\"\" ignored_rules getter \"\"\"\n return self._ignored_rules\n\n @property\n def rules_separators(self):\n \"\"\" rules_separators getter \"\"\"\n return self._rules_separators\n\n @property\n def target_name(self):\n \"\"\" target_name getter \"\"\"\n return self._target_name\n\n @property\n def target(self):\n \"\"\" target getter \"\"\"\n return self._target\n\n @target.setter\n def target(self, target):\n \"\"\" target setter \"\"\"\n self._target = target\n\n @property\n def errors(self):\n \"\"\" errors getter \"\"\"\n return self._errors\n\n def set_error(self, error):\n \"\"\" add an error \"\"\"\n display.error(error)\n self._errors.append(error)\n\n @staticmethod\n def is_child_def(values):\n \"\"\" check if values contains more definitions \"\"\"\n for value in values.values():\n if isinstance(value, (OrderedDict, dict, list)):\n return False\n return True\n\n def unalias_ip(self, alias):\n \"\"\" expand alias to its IP definition \"\"\"\n ret = []\n todo = []\n todo.extend(alias.split())\n\n while todo:\n elts = todo.pop()\n if elts in self._all_aliases:\n todo.extend(self._all_aliases[elts]['ip'].split())\n else:\n ret.append(elts)\n\n return ret\n\n def get_hosts_alias(self, hosts, ips, networks, _basename):\n \"\"\" return an alias with all the hosts\n create it if required \"\"\"\n\n # Build index on first call for O(1) lookups instead of O(N) scan\n if self._hosts_alias_by_content is None:\n self._hosts_alias_by_content = {}\n for alias in self._hosts_aliases_obj.values():\n if alias.ips or alias.networks:\n key = (frozenset(alias.ips), frozenset(alias.networks))\n if key not in self._hosts_alias_by_content:\n self._hosts_alias_by_content[key] = alias\n\n key = (frozenset(ips), frozenset(networks))\n existing = self._hosts_alias_by_content.get(key)\n if existing is not None:\n return existing\n\n obj = PFSenseHostAlias()\n obj.definition = list(hosts)\n obj.definition.sort()\n obj.ips = list(ips)\n obj.networks = list(networks)\n obj.fake = False\n\n # alias can only be 32 chars long so we truncate a bit if required\n basename = _basename[0:26]\n idx = 1\n while True:\n obj.name = 'h_{0}_{1}'.format(basename, idx)\n if obj.name not in self._all_aliases:\n break\n idx = idx + 1\n\n self._hosts_aliases_obj[obj.name] = obj\n self._hosts_alias_by_content[key] = obj\n\n alias = dict()\n alias['ip'] = ' '.join(obj.definition)\n alias['type'] = 'network'\n self._all_aliases[obj.name] = alias\n\n return obj\n\n def get_ports_alias(self, ports, _basename):\n \"\"\" return an alias with all the ports\n create it if required \"\"\"\n\n for name, alias in self._ports_aliases.items():\n alias_ports = set(alias['port'].split())\n if not alias_ports ^ ports:\n return name\n\n # alias can only be 32 chars long so we truncate a bit if required\n basename = _basename[0:26]\n idx = 1\n while True:\n name = 'p_{0}_{1}'.format(basename, idx)\n if name not in self._all_aliases:\n break\n idx = idx + 1\n\n alias = dict()\n alias['descr'] = name\n sorted_ports = list(ports)\n sorted_ports.sort()\n alias['port'] = ' '.join(sorted_ports)\n self._all_aliases[name] = alias\n self._ports_aliases[name] = alias\n\n return name\n\n\nclass PFSenseDataParser(object):\n \"\"\" Class doing all data checks and pfsense objects generation \"\"\"\n\n def __init__(self, data):\n self._data = data\n\n @staticmethod\n def check_alias_name(name):\n \"\"\" check an alias name \"\"\"\n # todo: check reserved keywords (any, self, ...)\n if re.match('^[a-zA-Z0-9_]+$', name) is None:\n raise AnsibleError(name + ': the name of the alias may only consist of the characters \"a-z, A-Z, 0-9 and _\"')\n\n def parse_host_alias(self, obj, src_name, type_name, name, allow_any, dns_servers=None):\n \"\"\" Parse a host alias definition \"\"\"\n ret = True\n value = obj[src_name]\n values = str(value).split()\n if not values:\n self._data.set_error(\"Empty \" + src_name + \" field for \" + type_name + \" \" + name)\n return False\n\n # we check that all exist\n ip_defs = 0\n net_defs = 0\n fqdn_defs = 0\n other_defs = 0\n for value in values:\n if is_valid_ip(value):\n if value not in self._data.hosts_aliases_obj:\n self._data.hosts_aliases_obj[value] = self.create_obj_host_alias(value)\n ip_defs = ip_defs + 1\n continue\n\n if is_valid_network(value):\n if value not in self._data.hosts_aliases_obj:\n self._data.hosts_aliases_obj[value] = self.create_obj_host_alias(value)\n net_defs = net_defs + 1\n continue\n\n if value not in self._data.hosts_aliases and (value != 'any' or not allow_any):\n if is_fqdn(value):\n if value not in self._data.hosts_aliases_obj:\n self._data.hosts_aliases_obj[value] = self.create_obj_host_alias(value, dns_servers)\n fqdn_defs = fqdn_defs + 1\n continue\n\n self._data.set_error(value + \" is not a valid alias, ip address or network in \" + type_name + \" \" + name)\n ret = False\n other_defs = other_defs + 1\n\n if fqdn_defs and (ip_defs + net_defs + other_defs) > 0:\n self._data.set_error(\"fqdn definitions can't be mixed with aliases, IP or networks addresses (in \" + type_name + \" \" + name + \")\")\n ret = False\n\n # if it's a real alias, we must check for mixed network definitions\n if not allow_any:\n if net_defs > 0:\n if net_defs != len(values):\n self._data.set_error(\"mixed network definitions and aliases or IP addresses in \" + type_name + \" \" + name)\n ret = False\n else:\n obj['type'] = 'network'\n else:\n obj['type'] = 'host'\n\n return ret\n\n def parse_hosts_aliases(self):\n \"\"\" Parse all hosts aliases definitions \"\"\"\n dups = {}\n ret = True\n for name, alias in self._data.hosts_aliases.items():\n self.check_alias_name(name)\n if 'ignored' in alias and get_bool(alias, 'ignored'):\n self._data.ignored_aliases.add(name)\n continue\n\n # ip field is mandatory\n if 'ip' not in alias and 'host' not in alias:\n self._data.set_error(\"No ip or host field for alias \" + name)\n ret = False\n continue\n\n # we check that all fields are valid\n for field in alias:\n if field not in ['ip', 'host', 'descr', 'dns', 'ignore_dup', 'ignored']:\n self._data.set_error(field + \" is not a valid field name in alias \" + name)\n ret = False\n\n dns_servers = None\n if 'dns' in alias:\n dns_servers = alias['dns'].split()\n\n # we check that all IPs exist and are not empty\n if not self.parse_host_alias(alias, 'ip', 'alias', name, False, dns_servers):\n ret = False\n continue\n\n # we check for duplicates\n _alias = deepcopy(alias)\n if 'descr' in _alias:\n del _alias['descr']\n dup = json.dumps(_alias)\n if dup in dups:\n display.warning(\"duplicate alias definition for ip \" + alias['ip'] + \" (\" + dups[dup] + \", \" + name + \")\")\n elif 'ignore_dup' not in alias:\n dups[dup] = name\n\n obj = PFSenseHostAlias()\n obj.name = name\n obj.definition = alias['ip'].split()\n if 'descr' in alias:\n obj.descr = alias['descr']\n obj.dns = dns_servers\n self._data.hosts_aliases_obj[obj.name] = obj\n\n return ret\n\n def check_port_alias(self, ports, src_name, type_name, name):\n \"\"\" Checking a port alias definition \"\"\"\n ret = True\n values = str(ports).split()\n if src_name == 'dst_nat_port':\n if '-' in ports:\n self._data.set_error(\"There must be only one port in dst_nat_port of \" + name)\n return False\n\n if len(values) > 1:\n self._data.set_error(\"There must be only one port in {0} of {1}\".format(src_name, name))\n return False\n\n if not values:\n self._data.set_error(\"Empty \" + src_name + \" field for \" + type_name + \" \" + name)\n return False\n\n # we check that all exist\n for value in values:\n if not is_valid_port(value) and not is_valid_port_range(value) and value not in self._data.ports_aliases:\n self._data.set_error(value + \" is not a valid alias, port or port range in \" + type_name + \" \" + name)\n ret = False\n\n return ret\n\n def parse_ports_aliases(self):\n \"\"\" Checking all ports alias definitions \"\"\"\n dups = {}\n ret = True\n for name, alias in self._data.ports_aliases.items():\n self.check_alias_name(name)\n\n # port field is mandatory\n if 'port' not in alias:\n self._data.set_error(\"No port field for alias \" + name)\n ret = False\n continue\n\n if not isinstance(alias['port'], str):\n alias['port'] = str(alias['port'])\n\n # we check that all IPs exist and are not empty\n if not self.check_port_alias(alias['port'], 'port', 'alias', name):\n ret = False\n continue\n\n # we check that all fields are valid\n for field in alias:\n if field != 'port' and field != 'descr':\n self._data.set_error(field + \" is not a valid field name in alias \" + name)\n ret = False\n\n # we check for duplicates\n _alias = deepcopy(alias)\n if 'descr' in _alias:\n del _alias['descr']\n dup = json.dumps(_alias)\n if dup in dups:\n display.warning(\"duplicate alias definition for port \" + alias['port'] + \" (\" + dups[dup] + \", \" + name + \")\")\n else:\n dups[dup] = name\n\n return ret\n\n def create_obj_any_alias(self):\n \"\"\" Create a PFSenseHostAlias object for address any (for easier processing later) \"\"\"\n obj = PFSenseHostAlias()\n obj.name = 'any'\n obj.definition = ['any']\n obj.fake = True\n obj.compute_any(self._data)\n\n self._data.all_aliases['any'] = {}\n self._data.all_aliases['any']['ip'] = '0.0.0.0/0'\n self._data.all_aliases['any']['type'] = 'network'\n\n return obj\n\n def create_obj_host_alias(self, src, dns_servers=None):\n \"\"\" Create a PFSenseHostAlias object from address (for easier processing later) \"\"\"\n obj = PFSenseHostAlias()\n obj.name = src\n obj.definition = [src]\n obj.fake = True\n obj.dns = dns_servers\n if src == 'any':\n return self.create_obj_any_alias()\n\n return obj\n\n def create_obj_rule_from_def(self, name, rule, separator):\n \"\"\" Create a PFSenseRule object from yaml definition \"\"\"\n def _get_bool(field):\n field_value = False\n if isinstance(rule[field], bool):\n field_value = rule[field]\n elif isinstance(rule[field], str):\n if rule[field].lower() in ['yes', 'true']:\n field_value = True\n elif rule[field].lower() not in ['no', 'false']:\n self._data.set_error('{0} must be yes/no or true/false (got \"{1}\")'.format(field, rule[field]))\n return field_value\n\n obj = PFSenseRule()\n obj.name = name\n obj.separator = separator\n\n if 'src_port' in rule:\n if not isinstance(rule['src_port'], str):\n obj.src_port = str(rule['src_port'])\n else:\n obj.src_port = rule['src_port'].split()\n\n if 'dst_port' in rule:\n if not isinstance(rule['dst_port'], str):\n obj.dst_port = str(rule['dst_port'])\n else:\n obj.dst_port = rule['dst_port'].split()\n\n if 'dst_nat_port' in rule:\n if not isinstance(rule['dst_nat_port'], str):\n obj.dst_nat_port = str(rule['dst_nat_port'])\n else:\n obj.dst_nat_port = rule['dst_nat_port'].split()\n\n if 'protocol' in rule:\n obj.protocol = rule['protocol'].split()\n\n if 'action' in rule:\n obj.action = rule['action']\n\n for field in OPTION_FIELDS:\n if field in rule:\n obj.options[field] = rule[field]\n\n if 'force' in rule:\n obj.force = _get_bool('force')\n if obj.force and not (obj.get_option('filter') and obj.get_option('ifilter')):\n self._data.set_error('force must not be used without filter and ifilter')\n\n if 'floating' in rule:\n obj.floating = _get_bool('floating')\n\n if 'quick' in rule and not obj.floating:\n self._data.set_error('Quick must only be used with floating rules')\n\n for src in rule['src'].split():\n if src not in self._data.hosts_aliases_obj:\n self._data.hosts_aliases_obj[src] = self.create_obj_host_alias(src)\n target = self._data.hosts_aliases_obj[src]\n obj.src.append(target)\n\n for dst in rule['dst'].split():\n if dst not in self._data.hosts_aliases_obj:\n self._data.hosts_aliases_obj[dst] = self.create_obj_host_alias(dst)\n target = self._data.hosts_aliases_obj[dst]\n obj.dst.append(target)\n\n if 'src_nat' in rule:\n src = rule['src_nat']\n if src not in self._data.hosts_aliases_obj:\n self._data.hosts_aliases_obj[src] = self.create_obj_host_alias(src)\n target = self._data.hosts_aliases_obj[src]\n obj.src_nat.append(target)\n\n if 'dst_nat' in rule:\n dst = rule['dst_nat']\n if dst not in self._data.hosts_aliases_obj:\n self._data.hosts_aliases_obj[dst] = self.create_obj_host_alias(dst)\n target = self._data.hosts_aliases_obj[dst]\n obj.dst_nat.append(target)\n\n if 'asymmetric' in rule:\n obj.asymmetric = _get_bool('asymmetric')\n\n if 'invert_src' in rule:\n obj.invert_src = _get_bool('invert_src')\n if not obj.force:\n self._data.set_error('invert_src must be used with force (for now)')\n\n if 'invert_dst' in rule:\n obj.invert_dst = _get_bool('invert_dst')\n if not obj.force:\n self._data.set_error('invert_dst must be used with force (for now)')\n\n if 'invert_src_nat' in rule:\n obj.invert_src_nat = _get_bool('invert_src_nat')\n if not obj.force:\n self._data.set_error('invert_src_nat must be used with force (for now)')\n\n if 'invert_dst_nat' in rule:\n obj.invert_dst_nat = _get_bool('invert_dst_nat')\n if not obj.force:\n self._data.set_error('invert_dst_nat must be used with force (for now)')\n\n return obj\n\n def parse_rules(self, parent=None, parent_separator=None):\n \"\"\" Parse all rules definitions \"\"\"\n ret = True\n if parent is None:\n parent = self._data.rules\n if parent_separator is None:\n parent_separator = PFSenseRuleSeparator()\n\n for name, rule in parent.items():\n # not a rule\n if rule is None:\n continue\n if not self._data.is_child_def(rule):\n separator = PFSenseRuleSeparator()\n separator.parent = parent_separator\n if parent_separator.name is None or not parent_separator.name:\n separator.name = name\n else:\n separator.name = parent_separator.name + ' - ' + name\n self._data.rules_separators.append(separator)\n if not self.parse_rules(rule, separator):\n ret = False\n continue\n if name == 'options':\n parent_separator.options = rule\n if parent_separator.options and parent_separator.options.get('invisible'):\n if parent_separator.name is None or not parent_separator.name:\n parent_separator.name = ''\n else:\n parent_separator.name = parent_separator.parent.name\n continue\n\n if 'ignored' in rule and get_bool(rule, 'ignored'):\n self._data.ignored_rules.add(name)\n continue\n\n for field in ['src', 'dst']:\n # src and dst field are mandatory\n if field not in rule:\n self._data.set_error(\"No {0} field for rule {1}\".format(field, name))\n ret = False\n continue\n\n # we check that all exist and are not empty\n if not self.parse_host_alias(rule, field, 'rule', name, True):\n ret = False\n\n for field in ['src_nat', 'dst_nat']:\n if field not in rule:\n continue\n if len(rule[field].split()) > 1:\n self._data.set_error('There must be only one address in {0} field of {1}'.format(field, name))\n ret = False\n continue\n\n if field == 'src_nat' and rule['src_nat'] == '(self)':\n rule['src_nat'] = ''\n continue\n\n # we check that all exist and are not empty\n if not self.parse_host_alias(rule, field, 'rule', name, True):\n ret = False\n\n # checking ports\n for field in ['src_port', 'dst_port', 'dst_nat_port']:\n if field in rule:\n if not isinstance(rule[field], str):\n rule[field] = str(rule[field])\n\n if not self.check_port_alias(rule[field], field, 'rule', name) or not self.check_tcp_udp(rule, name):\n ret = False\n\n if 'dst_nat_port' in rule and 'dst_nat' not in rule:\n self._data.set_error('dst_nat_port field is set on {0} without any dst_nat target'.format(name))\n ret = False\n continue\n\n if 'dst_nat' in rule and 'dst_nat_port' not in rule:\n self._data.set_error('dst_nat field is set on {0} without any dst_nat_port target'.format(name))\n ret = False\n continue\n\n # we check that all fields are valid\n valid_fields = ['src', 'dst', 'src_port', 'dst_port', 'protocol', 'action', 'floating', 'force']\n valid_fields.extend(['src_nat', 'dst_nat', 'dst_nat_port', 'asymmetric', 'invert_dst', 'invert_src', 'invert_dst_nat', 'invert_src_nat', 'ignored'])\n valid_fields.extend(OPTION_FIELDS)\n for field in rule:\n if field not in valid_fields:\n self._data.set_error(field + \" is not a valid field name in rule \" + name)\n ret = False\n\n if name in self._data.rules_obj:\n display.warning(\"Rule already defined: {0}\".format(name))\n\n self._data.rules_obj[name] = self.create_obj_rule_from_def(name, rule, parent_separator)\n\n if self._data.errors:\n return False\n\n return ret\n\n def parse_target_name(self):\n \"\"\" Parse target's name definition \"\"\"\n if self._data.target_name not in self._data.pfsenses:\n self._data.set_error(self._data.target_name + \" does not exist in pfsenses section\")\n return False\n self._data.target = self._data.pfsenses_obj[self._data.target_name]\n return True\n\n def check_tcp_udp(self, rule, name):\n \"\"\" check if protocol is valid when ports are set \"\"\"\n if 'protocol' not in rule:\n return True\n protocols = str(rule['protocol']).split()\n for protocol in protocols:\n if protocol != 'udp' and protocol != 'tcp' and protocol != 'tcp/udp':\n self._data.set_error(protocol + \" protocol used with src_port or dst_port in rule \" + name)\n return False\n return True\n\n def check_pfsense_interfaces_objs(self, interfaces, name):\n \"\"\" Checking all interfaces networks between them \"\"\"\n for src_name, src in interfaces.items():\n for dst_name, dst in interfaces.items():\n if src_name != dst_name and src.local_networks and dst.local_networks:\n for src_network in src.local_networks:\n for dst_network in dst.local_networks:\n if src_network.overlaps(dst_network):\n self._data.set_error(\"Local networks of \" + src_name + \" and \" + dst_name + \" overlap in \" + name)\n return False\n\n return True\n\n def create_pfsenses_aliases(self):\n \"\"\" Generate useful aliases for pfsenses \"\"\"\n def _warn_alias(alias):\n if len(alias) >= 32:\n display.warning(\"Autogenerated alias {0} is too long and will trigger an error if used\".format(alias))\n\n # if pf_paris has lan and wan interfaces declared, we will generate\n # - pf_paris_ips with all its ips\n # - pf_paris_nets with all its subnets\n\n # - pf_paris_lan_ips and pf_paris_wan_ips containing pf_paris lan and wan ips (respectivly)\n # - pf_paris_lan_nets and pf_paris_wan_nets containing pf_paris lan and wan subnets (respectivly)\n\n # - all_lan_ips and all_wan_ips containing all pfsenses lan and wan ips (respectivly)\n # - all_lan_nets and all_wan_nets containing all pfsenses lan and wan subnets (respectivly)\n\n # if lan has a tag named 'voip':\n # - pf_paris_voip_ips containing pf_paris lan ips\n # - pf_paris_voip_nets containing pf_paris lan subnets\n # - all_voip_ips containing all pfsenses ips of interfaces with tag voip\n # - all_voip_nets containing all pfsenses subnets of interfaces with tag voip\n\n # - all_pfsenses_ips containing all pfsenses ips\n # - all_pfsenses_nets containing all pfsenses subnets\n\n # all_pfsenses\n all_pfsenses_definition = list()\n\n # all_lan, all_wan\n all_pfsenses_interfaces_definition = dict()\n\n # all_pfsenses_nets\n net_all_pfsenses_definition = list()\n\n # all_lan_nets, all_wan_nets\n net_all_pfsenses_interfaces_definition = dict()\n\n for name, pfsense in self._data.pfsenses.items():\n\n # maybe do some options for this\n ipext = '_ips'\n netext = '_nets'\n\n # interfaces field is mandatory\n if 'interfaces' not in pfsense:\n continue\n\n # pf_paris_ips\n pfsense_definition = list()\n\n # pf_paris_nets\n net_pfsense_definition = list()\n\n # pf_paris_lan_ips, pf_paris_tag_ips\n interfaces_definition = dict()\n\n # pf_paris_lan_nets, pf_paris_tag_nets\n net_interfaces_definition = dict()\n\n for iname, interface in pfsense['interfaces'].items():\n if 'ip' not in interface:\n continue\n\n if 'id' in interface and interface.get('id'):\n interface_id = str(interface['id'])\n else:\n interface_id = iname\n\n # get the tags\n tags = list()\n tags.append(interface_id)\n if 'tags' in interface:\n for tag in sorted(interface['tags'].split()):\n if tag not in tags:\n tags.append(tag)\n\n # pf_paris_lan_ips, pf_paris_wan_ips\n interface_definition = list()\n\n # pf_paris_lan_nets, pf_paris_wan_nets\n net_interface_definition = list()\n\n # get the ips and networks\n for ip in interface['ip'].split():\n try:\n local_network = to_ip_network(to_unicode(ip), False)\n str_net = str(local_network)\n net_interface_definition.append(str_net)\n except ValueError:\n # we will fail later\n pass\n\n group = re.match(r'([^\\/]*)\\/(\\d+)', ip)\n try:\n if group:\n ip = to_ip_address(to_unicode(group.group(1)))\n str_ip = str(ip)\n interface_definition.append(str_ip)\n except ValueError:\n # we will fail later\n pass\n\n # interface ip alias\n if interface_definition:\n for idx, tag in enumerate(tags):\n interface_definition_name = name + '_' + tag + ipext\n\n ikey = 'all_' + tag + ipext\n if ikey not in all_pfsenses_interfaces_definition:\n all_pfsenses_interfaces_definition[ikey] = list()\n if interface_definition_name not in all_pfsenses_interfaces_definition[ikey]:\n all_pfsenses_interfaces_definition[ikey].append(interface_definition_name)\n\n if idx == 0:\n # we only add the interface and not all the tags in the pfsense_definition\n pfsense_definition.append(interface_definition_name)\n interface_definition.sort()\n\n if interface_definition_name not in interfaces_definition:\n interfaces_definition[interface_definition_name] = list()\n interfaces_definition[interface_definition_name].extend(interface_definition)\n\n # interface network alias\n if net_interface_definition:\n for idx, tag in enumerate(tags):\n interface_definition_name = name + '_' + tag + netext\n\n ikey_net = 'all_' + tag + netext\n if ikey_net not in net_all_pfsenses_interfaces_definition:\n net_all_pfsenses_interfaces_definition[ikey_net] = list()\n if interface_definition_name not in net_all_pfsenses_interfaces_definition[ikey_net]:\n net_all_pfsenses_interfaces_definition[ikey_net].append(interface_definition_name)\n\n if idx == 0:\n # we only add the interface and not all the tags in the pfsense_definition\n net_pfsense_definition.append(interface_definition_name)\n net_interface_definition.sort()\n\n if interface_definition_name not in net_interfaces_definition:\n net_interfaces_definition[interface_definition_name] = list()\n net_interfaces_definition[interface_definition_name].extend(net_interface_definition)\n\n # pf_paris_lan_ips, pf_paris_tag_ips\n for interface_definition_name in sorted(interfaces_definition.keys()):\n interface_definition = interfaces_definition[interface_definition_name]\n interface_definition = list(dict.fromkeys(interface_definition))\n interface_definition.sort()\n\n alias = dict()\n alias['ip'] = ' '.join(interface_definition)\n alias['ignore_dup'] = True\n self._data.all_aliases[interface_definition_name] = alias\n self._data.hosts_aliases[interface_definition_name] = alias\n _warn_alias(interface_definition_name)\n\n # pf_paris_lan_nets, pf_paris_tag_nets\n for interface_definition_name in sorted(net_interfaces_definition.keys()):\n net_interface_definition = net_interfaces_definition[interface_definition_name]\n net_interface_definition = list(dict.fromkeys(net_interface_definition))\n net_interface_definition.sort()\n\n alias = dict()\n alias['ip'] = ' '.join(net_interface_definition)\n alias['ignore_dup'] = True\n self._data.all_aliases[interface_definition_name] = alias\n self._data.hosts_aliases[interface_definition_name] = alias\n _warn_alias(interface_definition_name)\n\n # pfsense ip alias\n if pfsense_definition:\n pfsense_definition.sort()\n all_pfsenses_definition.append(name + ipext)\n\n alias = dict()\n alias['ip'] = ' '.join(pfsense_definition)\n alias['ignore_dup'] = True\n self._data.all_aliases[name + ipext] = alias\n self._data.hosts_aliases[name + ipext] = alias\n _warn_alias(name + ipext)\n\n # pfsense network alias\n if net_pfsense_definition:\n net_pfsense_definition.sort()\n net_all_pfsenses_definition.append(name + netext)\n\n alias = dict()\n alias['ip'] = ' '.join(net_pfsense_definition)\n alias['ignore_dup'] = True\n self._data.all_aliases[name + netext] = alias\n self._data.hosts_aliases[name + netext] = alias\n _warn_alias(name + netext)\n\n # generate interfaces groups ip aliases\n for name in sorted(all_pfsenses_interfaces_definition.keys()):\n definition = all_pfsenses_interfaces_definition[name]\n definition.sort()\n\n alias = dict()\n alias['ip'] = ' '.join(definition)\n alias['ignore_dup'] = True\n self._data.all_aliases[name] = alias\n self._data.hosts_aliases[name] = alias\n _warn_alias(name)\n\n # generate interfaces groups network aliases\n for name in sorted(net_all_pfsenses_interfaces_definition.keys()):\n definition = net_all_pfsenses_interfaces_definition[name]\n definition.sort()\n\n alias = dict()\n alias['ip'] = ' '.join(definition)\n alias['ignore_dup'] = True\n self._data.all_aliases[name] = alias\n self._data.hosts_aliases[name] = alias\n _warn_alias(name)\n\n # generate all ip aliases\n all_pfsenses_definition.sort()\n\n alias = dict()\n alias['ip'] = ' '.join(all_pfsenses_definition)\n alias['ignore_dup'] = True\n self._data.all_aliases['all_pfsenses' + ipext] = alias\n self._data.hosts_aliases['all_pfsenses' + ipext] = alias\n\n # generate all network aliases\n net_all_pfsenses_definition.sort()\n\n alias = dict()\n alias['ip'] = ' '.join(net_all_pfsenses_definition)\n alias['ignore_dup'] = True\n self._data.all_aliases['all_pfsenses' + netext] = alias\n self._data.hosts_aliases['all_pfsenses' + netext] = alias\n\n def parse_pfsense_interfaces(self, pfsense, name):\n \"\"\" Parse all pfsense interfaces definitions \"\"\"\n ret = {}\n ids = set()\n for iname, interface in pfsense['interfaces'].items():\n # extracting & checking local network\n local_ips = set()\n local_networks = set()\n first_local_ip = None\n first_local_network = None\n\n tags = set()\n tags.add(iname)\n if 'tags' in interface:\n for tag in interface['tags'].split():\n tags.add(tag)\n\n for key in interface:\n if key not in ['adjacent_networks', 'remote_networks', 'ip', 'tags', 'id']:\n self._data.set_error(\"Invalid field \" + key + \" in \" + iname + \" of \" + name)\n return {}\n\n if 'id' in interface and interface.get('id'):\n interface_id = str(interface['id'])\n else:\n interface_id = iname\n\n if interface_id in ids:\n self._data.set_error(\"Duplicate interface id \" + interface_id + \" in \" + iname + \" of \" + name)\n return {}\n ids.add(interface_id)\n\n if 'ip' in interface:\n for ip in interface['ip'].split():\n try:\n local_network = to_ip_network(to_unicode(ip), False)\n if first_local_network is None:\n first_local_network = local_network\n except ValueError:\n self._data.set_error(\"Invalid network \" + ip + \" in \" + name)\n return {}\n\n if local_network.prefixlen == 32:\n self._data.set_error(\"Invalid network prefix length for network \" + ip + \" in \" + name)\n return {}\n\n # extracting & checking ip\n group = re.match(r'([^\\/]*)\\/(\\d+)', ip)\n try:\n local_ip = to_ip_address(to_unicode(group.group(1)))\n if first_local_ip is None:\n first_local_ip = local_ip\n except ValueError:\n self._data.set_error(\"Invalid ip \" + ip + \" in \" + name)\n return {}\n local_ips.add(local_ip)\n local_networks.add(local_network)\n\n # extracting & checking remote networks\n remote_networks = set()\n if 'remote_networks' in interface:\n networks = self._data.unalias_ip(interface['remote_networks'])\n for network in networks:\n try:\n remote_networks.add(to_ip_network(to_unicode(network)))\n except ValueError:\n self._data.set_error(\"Invalid network \" + network + \" in remote_networks of \" + name)\n return {}\n\n # extracting & checking adjacent networks\n adjacent_networks = set()\n if 'adjacent_networks' in interface:\n networks = self._data.unalias_ip(interface['adjacent_networks'])\n for network in networks:\n try:\n adjacent_networks.add(to_ip_network(to_unicode(network)))\n except ValueError:\n self._data.set_error(\"Invalid network \" + network + \" in adjacent_networks of \" + name)\n return {}\n\n obj = PFSenseInterface()\n obj.name = iname\n obj.local_ip = first_local_ip\n obj.local_network = first_local_network\n obj.local_ips = local_ips\n obj.local_networks = local_networks\n obj.bridge = (interface.get('bridge'))\n obj.remote_networks = remote_networks\n obj.adjacent_networks = adjacent_networks\n obj.tags = tags\n obj.precompute_network_splits()\n ret[iname] = obj\n\n if not self.check_pfsense_interfaces_objs(ret, name):\n ret = {}\n\n return ret\n\n def parse_pfsenses(self):\n \"\"\" Checking all pfsenses definitions \"\"\"\n dups = {}\n ret = True\n for name, pfsense in self._data.pfsenses.items():\n # interfaces field is mandatory\n if 'interfaces' not in pfsense:\n self._data.set_error(\"No interfaces field for pfsense \" + name)\n ret = False\n continue\n\n if not pfsense['interfaces']:\n self._data.set_error(\"Empty interfaces field for pfsense \" + name)\n ret = False\n continue\n\n interfaces = self.parse_pfsense_interfaces(pfsense, name)\n # checking interfaces\n if not interfaces:\n ret = False\n continue\n\n # we check that all fields are valid\n for field in pfsense:\n if field != 'interfaces':\n self._data.set_error(field + \" is not a valid field name in pfsense \" + name)\n ret = False\n\n # we check for duplicates\n _pfsense = deepcopy(pfsense)\n if 'descr' in _pfsense:\n del _pfsense['descr']\n dup = json.dumps(_pfsense)\n if dup in dups:\n display.warning(\"duplicate pfsense definition (\" + dups[dup] + \", \" + name + \")\")\n else:\n dups[dup] = name\n\n obj = PFSense(name, interfaces)\n self._data.pfsenses_obj[obj.name] = obj\n\n return ret\n\n def parse_hosts_aliases_objs(self):\n \"\"\" Checking all host alias objs, addresses and finding pfsenses interfaces \"\"\"\n for obj in self._data.hosts_aliases_obj.values():\n obj.compute_all(self._data)\n\n return True\n\n def parse(self):\n \"\"\" Check and parse everything \"\"\"\n ret = True\n self.create_pfsenses_aliases()\n ret = ret and self.parse_hosts_aliases()\n ret = ret and self.parse_ports_aliases()\n ret = ret and self.parse_rules()\n ret = ret and self.parse_pfsenses()\n ret = ret and self.parse_target_name()\n ret = ret and self.parse_hosts_aliases_objs()\n\n return ret\n\n\nclass PFSenseRuleDecomposer(object):\n \"\"\" Class decomposing rules into smaller rules (more suited to pfsense logic ) \"\"\"\n\n def __init__(self, data):\n self._data = data\n\n def host_separate(self, host):\n \"\"\" separate aliases to remove mixed configuration\n where there is a local and remote network/ip is the host\n host is expanded to sub-aliases if required \"\"\"\n ret = []\n if host.is_whole_not_in_pfsense(self._data.target):\n if self._data.debug is not None and self._data.debug == host.name:\n display.warning('{0}: is_whole_not_in_pfsense {1}'.format(host.name, self._data.target.name))\n\n ret.append(host)\n elif host.is_whole_in_pfsense(self._data.target):\n if self._data.debug is not None and self._data.debug == host.name:\n display.warning('{0}: is_whole_in_pfsense {1}'.format(host.name, self._data.target.name))\n\n ret.append(host)\n elif host.is_ip_broadcast():\n if self._data.debug is not None and self._data.debug == host.name:\n display.warning('{0}: is_ip_broadcast'.format(host.name))\n ret.append(host)\n else:\n alias = self._data.all_aliases[host.name]\n if 'ip' in alias:\n for alias_ip in alias['ip'].split():\n ret_n = self.host_separate(self._data.hosts_aliases_obj[alias_ip])\n if self._data.debug is not None and self._data.debug == host.name:\n display.warning('{0}: host_separate: {1}'.format(host.name, ret_n))\n ret.extend(ret_n)\n\n return ret\n\n def host_separate_by_iface(self, host):\n \"\"\" separate aliases to remove mixed configuration\n where there is a local and remote network/ip is the host\n host is expanded to sub-aliases if required \"\"\"\n ret = []\n if host.is_whole_in_same_routing_ifaces(self._data.target):\n if self._data.debug is not None and self._data.debug == host.name:\n display.warning('{0}: is_whole_in_same_routing_ifaces {1}'.format(host.name, self._data.target.name))\n ret.append(host)\n else:\n alias = self._data.all_aliases[host.name]\n if 'ip' in alias:\n for alias_ip in alias['ip'].split():\n ret_n = self.host_separate_by_iface(self._data.hosts_aliases_obj[alias_ip])\n if self._data.debug is not None and self._data.debug == host.name:\n display.warning('{0}: host_separate_by_iface: {1}'.format(host.name, ret_n))\n ret.extend(ret_n)\n\n return ret\n\n def separate_aliases(self, rule, field, attr, func):\n \"\"\" Separate aliases from field using func, setting new aliases in attr \"\"\"\n sub_rules = []\n function = getattr(self, func)\n src_sep = function(field)\n if len(src_sep) > 1:\n for src in src_sep:\n new_rule = rule._copy_for_decompose()\n setattr(new_rule, attr, [src])\n sub_rules.append(new_rule)\n\n return sub_rules\n\n def decompose_rule(self, rule):\n \"\"\" Returns smaller rules from rule \"\"\"\n # A PFSense rule can have only one src or dst\n blocking = rule.action != 'pass'\n\n sub_rules = []\n if len(rule.src) > 1 or len(rule.dst) > 1:\n for src in rule.src:\n for dst in rule.dst:\n new_rule = rule._copy_for_decompose()\n new_rule.src = [src]\n new_rule.dst = [dst]\n sub_rules.append(new_rule)\n\n return sub_rules\n\n if len(rule.src) != 1 or len(rule.dst) != 1:\n raise AssertionError()\n\n # forced rules are generated\n if rule.force:\n return []\n\n src = rule.src[0]\n dst = rule.dst[0]\n\n # if it's blocking or reject rule, we don't split the destination\n # since we only need the source to know how to define the rule\n sub_rules = self.separate_aliases(rule, src, 'src', 'host_separate')\n if not blocking and not sub_rules:\n sub_rules = self.separate_aliases(rule, dst, 'dst', 'host_separate')\n if not sub_rules:\n sub_rules = self.separate_aliases(rule, src, 'src', 'host_separate_by_iface')\n if not blocking and not sub_rules:\n sub_rules = self.separate_aliases(rule, dst, 'dst', 'host_separate_by_iface')\n\n return sub_rules\n\n def decompose_rules(self):\n \"\"\" Returns smaller rules (more suited to pfsense logic ) \"\"\"\n for rule in self._data.rules_obj.values():\n todo = []\n todo.append(rule)\n while todo:\n obj = todo.pop()\n res = self.decompose_rule(obj)\n if not res:\n rule.sub_rules.append(obj)\n else:\n todo.extend(res)\n\n\nclass PFSenseAliasFactory(object):\n \"\"\" Class generating aliases definitions \"\"\"\n\n def __init__(self, data):\n self._data = data\n\n def add_host_alias_rec(self, alias, aliases):\n \"\"\" set aliases hosts names to define (recursive) \"\"\"\n if ':' in alias.name:\n return\n\n name = alias.name\n aliases[name] = self._data.all_aliases[name]\n for target in alias.definition:\n obj = self._data.hosts_aliases_obj[target]\n if obj.fake:\n continue\n self.add_host_alias_rec(obj, aliases)\n\n def add_port_alias_rec(self, alias, aliases):\n \"\"\" Return aliases ports names to define (recursive) \"\"\"\n if alias in self._data.all_aliases:\n if alias not in aliases:\n aliases[alias] = self._data.all_aliases[alias]\n\n if 'port' in aliases[alias]:\n for port in aliases[alias]['port'].split():\n self.add_port_alias_rec(port, aliases)\n\n def add_hosts_aliases(self, rule, aliases):\n \"\"\" Return aliases hosts names to define \"\"\"\n for rule_aliases in [rule.src, rule.dst, rule.src_nat, rule.dst_nat]:\n for alias in rule_aliases:\n if alias.fake:\n continue\n self.add_host_alias_rec(alias, aliases)\n\n def add_ports_aliases(self, rule, aliases):\n \"\"\" Return aliases ports names to define \"\"\"\n for alias in rule.src_port:\n self.add_port_alias_rec(alias, aliases)\n\n for alias in rule.dst_port:\n self.add_port_alias_rec(alias, aliases)\n\n def generate_aliases(self, rule_filter=None):\n \"\"\" Return aliases definitions for pfsense_aggregate \"\"\"\n\n hosts_aliases = {}\n ports_aliases = {}\n\n for name, rule in self._data.rules_obj.items():\n if rule_filter is not None and name != rule_filter:\n continue\n for subrule in rule.sub_rules:\n if not subrule.interfaces:\n continue\n self.add_hosts_aliases(subrule, hosts_aliases)\n self.add_ports_aliases(subrule, ports_aliases)\n\n ret = []\n for name, alias in hosts_aliases.items():\n definition = {}\n definition['name'] = name\n definition['type'] = alias['type']\n definition['address'] = ' '.join(alias['ip'].split())\n definition['state'] = 'present'\n if 'descr' in alias:\n definition['descr'] = alias['descr']\n else:\n definition['descr'] = ''\n definition['detail'] = ''\n ret.append(definition)\n\n for name, alias in ports_aliases.items():\n definition = {}\n definition['name'] = name\n definition['type'] = 'port'\n definition['address'] = ' '.join(alias['port'].replace('-', ':').split())\n definition['state'] = 'present'\n if 'descr' in alias:\n definition['descr'] = alias['descr']\n else:\n definition['descr'] = ''\n definition['detail'] = ''\n ret.append(definition)\n\n return ret\n\n @staticmethod\n def output_aliases(aliases, ignored_aliases):\n \"\"\" Output aliases definitions for pfsense_aggregate \"\"\"\n print(\" #===========================\")\n print(\" # Hosts & network aliases\")\n print(\" # \")\n definitions = list()\n for alias in aliases:\n if alias['type'] == 'port':\n continue\n definition = \" - { name: \\\"\" + alias['name'] + \"\\\", type: \\\"\" + alias['type'] + \"\\\", address: \\\"\"\n definition += ' '.join(alias['address'].split()) + \"\\\"\"\n if 'descr' in alias:\n definition = definition + \", descr: \\\"\" + alias['descr'] + \"\\\"\"\n definition = definition + \", state: \\\"present\\\" }\"\n definitions.append(definition)\n definitions.sort()\n print('\\n'.join(definitions))\n\n print(\" #===========================\")\n print(\" # ports aliases\")\n print(\" # \")\n definitions = list()\n for alias in aliases:\n if alias['type'] != 'port':\n continue\n definition = \" - { name: \\\"\" + alias['name'] + \"\\\", type: \\\"port\\\", address: \\\"\" + ' '.join(alias['address'].split()) + \"\\\"\"\n if 'descr' in alias:\n definition = definition + \", descr: \\\"\" + alias['descr'] + \"\\\"\"\n definition = definition + \", state: \\\"present\\\" }\"\n definitions.append(definition)\n definitions.sort()\n print('\\n'.join(definitions))\n\n print(\" #===========================\")\n print(\" # ignored aliases\")\n print(\" # \")\n definitions = list()\n for alias in ignored_aliases:\n definition = \" - { name: \\\"\" + alias + \"\\\" }\"\n definitions.append(definition)\n definitions.sort()\n print('\\n'.join(definitions))\n\n\nclass PFSenseRuleFactory(object):\n \"\"\" Class generating rules definitions \"\"\"\n\n def __init__(self, data, display_warnings=True):\n self._data = data\n self._decomposer = PFSenseRuleDecomposer(data)\n self._display_warnings = display_warnings\n\n def rule_interfaces_any(self, rule_obj):\n \"\"\" Return interfaces set on which the rule is needed to be defined\n Manage rules with any src or dst \"\"\"\n\n src = rule_obj.src[0]\n dst = rule_obj.dst[0]\n\n # if rule is forced, we return the interface defined\n if rule_obj.force:\n return set(rule_obj.get_option('ifilter').split())\n\n if src.name == 'any' and dst.name == 'any':\n # we return all interfaces of target\n return set(self._data.target.interfaces.keys())\n elif src.name == 'any':\n # if the destination is local, we return all interfaces of target\n if dst.is_whole_local(self._data.target):\n return set(self._data.target.interfaces.keys())\n\n # otherwise we return all interfaces of target if the destination is adjacent/remote\n # (we must be able to reach the destination to allow any src to access it)\n for iface, interface in self._data.target.interfaces.items():\n if dst.is_in_adjacent_networks(interface) or dst.is_in_remote_networks(interface):\n return set(self._data.target.interfaces.keys())\n return set()\n\n elif rule_obj.dst[0].name == 'any':\n # we allow the interfaces matching the source ip/networks\n # or the adjacent/remote networks\n interfaces = set()\n for iface, interface in self._data.target.interfaces.items():\n if src.is_in_local_network(interface) or src.is_in_adjacent_networks(interface) or src.is_in_remote_networks(interface):\n interfaces.add(iface)\n if self._data.debug is not None and self._data.debug == rule_obj.name:\n display.warning('{0}: to_any_dst interfaces={1}'.format(rule_obj.name, interfaces))\n\n return interfaces\n return None\n\n def rule_interfaces_ip_broadcast(self, rule_obj):\n \"\"\" Return interfaces set on which the rule is needed to be defined\n Manage rules with src or dst ip broadcast \"\"\"\n src = rule_obj.src[0]\n dst = rule_obj.dst[0]\n src_is_bcast = src.is_ip_broadcast()\n dst_is_bcast = dst.is_ip_broadcast()\n if not src_is_bcast and not dst_is_bcast:\n return None\n\n if src_is_bcast and rule_obj.dst[0].is_whole_local(self._data.target):\n return rule_obj.dst[0].local_interfaces[self._data.target.name] | rule_obj.dst[0].routed_interfaces[self._data.target.name]\n\n if dst_is_bcast and rule_obj.src[0].is_whole_local(self._data.target):\n return rule_obj.src[0].local_interfaces[self._data.target.name] | rule_obj.src[0].routed_interfaces[self._data.target.name]\n\n # we return no rules for:\n # - broadcast to broadcast\n # - broadcast to remote\n # - remote to broadcast\n return []\n\n def bridged_by_interfaces(self, routing_interfaces, dst):\n \"\"\" if all the routing_interfaces are bridged and the destinations are on local bridges too\n return the destination bridges \"\"\"\n for iface in routing_interfaces:\n if not self._data.target.interfaces[iface].bridge:\n return None\n\n if self._data.target.name in dst.local_interfaces:\n for iface in dst.local_interfaces[self._data.target.name]:\n if not self._data.target.interfaces[iface].bridge:\n return None\n else:\n return None\n\n return dst.local_interfaces[self._data.target.name]\n\n def rule_interfaces(self, rule_obj):\n \"\"\" Return interfaces list on which the rule is needed to be defined \"\"\"\n def filter_interfaces(interfaces):\n if interface_filter is not None:\n interfaces = interfaces & interface_filter\n if interface_efilter is not None:\n interfaces = interfaces - interface_efilter\n return interfaces\n\n # if the rule has a filter, apply it\n rule_filter = rule_obj.get_option('filter')\n if rule_filter and self._data.target.name not in rule_filter.split():\n return set()\n\n # if the rule has an efilter, apply it\n rule_efilter = rule_obj.get_option('efilter')\n if rule_efilter and self._data.target.name in rule_efilter.split():\n return set()\n\n interface_efilter = rule_obj.get_option('eifilter')\n if interface_efilter is not None:\n interface_efilter = set(interface_efilter.split())\n\n interface_filter = rule_obj.get_option('ifilter')\n if interface_filter is not None:\n interface_filter = set(interface_filter.split())\n\n if len(rule_obj.src) != 1 or len(rule_obj.dst) != 1:\n raise AssertionError()\n\n if self._data.debug is not None and self._data.debug == rule_obj.name:\n display.warning('{0}: src={1} dst={2}'.format(rule_obj.name, rule_obj.src[0].name, rule_obj.dst[0].name))\n\n # if the rule uses 'any'\n interfaces = self.rule_interfaces_any(rule_obj)\n if interfaces is not None:\n return filter_interfaces(interfaces)\n\n # if the rule uses broadcasts\n interfaces = self.rule_interfaces_ip_broadcast(rule_obj)\n if interfaces is not None:\n return filter_interfaces(interfaces)\n\n interfaces = set()\n src_is_local = rule_obj.src[0].is_whole_local(self._data.target)\n dst_is_local = rule_obj.dst[0].is_whole_local(self._data.target)\n\n if self._data.debug is not None and self._data.debug == rule_obj.name:\n display.warning('{0}: src_is_local={1} dst_is_local={2}'.format(rule_obj.name, src_is_local, dst_is_local))\n\n # if it's a blocking or reject rule, we only use the src\n if rule_obj.action != 'pass':\n if src_is_local:\n interfaces = rule_obj.src[0].local_interfaces[self._data.target.name]\n else:\n interfaces = rule_obj.src[0].routed_by_interfaces(self._data.target, True)\n\n return filter_interfaces(interfaces)\n\n # if source and dst are local, return the local interface\n if src_is_local and dst_is_local:\n if len(rule_obj.src[0].local_interfaces[self._data.target.name]) != 1:\n raise AssertionError(\n 'Invalid local interfaces count for {0}: {1}'\n .format(rule_obj.name, len(rule_obj.src[0].local_interfaces[self._data.target.name])))\n if len(rule_obj.dst[0].local_interfaces[self._data.target.name]) != 1:\n raise AssertionError(\n 'Invalid local interfaces count for {0}: {1}'\n .format(rule_obj.name, len(rule_obj.dst[0].local_interfaces[self._data.target.name])))\n\n # if they are both on the same interface, we dont need any rule when:\n # - the interface is not a bridge\n # - src and dst are in the same network on the interface\n # - the pfsense is not the source/destination of the rule\n src_interface = ''.join(rule_obj.src[0].local_interfaces[self._data.target.name])\n dst_interface = ''.join(rule_obj.dst[0].local_interfaces[self._data.target.name])\n if (src_interface == dst_interface and\n not self._data.target.interfaces[src_interface].bridge and\n self._data.target.interfaces[src_interface].are_in_same_network(rule_obj.src[0], rule_obj.dst[0])):\n if not rule_obj.src[0].match_local_interface_ip(self._data.target) and not rule_obj.dst[0].match_local_interface_ip(self._data.target):\n return set()\n\n return filter_interfaces(rule_obj.src[0].local_interfaces[self._data.target.name])\n\n # if the destination is unreachable\n if not dst_is_local and src_is_local and not rule_obj.dst[0].is_adjacent_or_remote(self._data.target):\n if self._display_warnings:\n display.warning(\n 'Destination {0} is not accessible from this pfSense for {1}.Please add the right adjacent/remote network if it\\'s not an error'\n .format(rule_obj.dst[0].name, rule_obj.name))\n return set()\n\n # if the source is unreachable\n if not src_is_local and dst_is_local and not rule_obj.src[0].is_adjacent_or_remote(self._data.target):\n if self._display_warnings:\n display.warning(\n 'Source {0} can not access to this pfSense for {1}. Please add the right adjacent/remote network if it\\'s not an error'\n .format(rule_obj.src[0].name, rule_obj.name))\n return set()\n\n # we add all the interfaces the source can use to go out\n if self._data.target.name in rule_obj.src[0].local_interfaces:\n interfaces.update(rule_obj.src[0].local_interfaces[self._data.target.name])\n\n # we add interfaces the source can use to get in\n if not src_is_local:\n src_is_adjacent = rule_obj.src[0].is_adjacent(self._data.target)\n routing_interfaces = rule_obj.src[0].routed_by_interfaces(self._data.target, not src_is_adjacent)\n\n if self._data.debug is not None and self._data.debug == rule_obj.name:\n display.warning('{0}: src_is_adjacent={1}, routing_interfaces={2}, src={3}'.format(\n rule_obj.name, src_is_adjacent, routing_interfaces, rule_obj.src[0].name))\n\n # if they are both not local and on the same interfaces or with an unreachable destination\n # we return nothing\n if not dst_is_local:\n dst_is_adjacent = rule_obj.dst[0].is_adjacent(self._data.target)\n\n # if the source is remote and the destination is adjacent, we return the source interfaces\n if not src_is_adjacent and dst_is_adjacent:\n if self._data.debug is not None and self._data.debug == rule_obj.name:\n display.warning(\n '{0}: dst_is_adjacent={1}, routing_interfaces={2}, dst={3}'.format(\n rule_obj.name, dst_is_adjacent, filter_interfaces(routing_interfaces), rule_obj.dst[0].name))\n return filter_interfaces(routing_interfaces)\n\n # if the source is on adjacent networks, it can get out to reach remote networks\n dst_routing_interfaces = rule_obj.dst[0].routed_by_interfaces(self._data.target, src_is_adjacent)\n if self._data.debug is not None and self._data.debug == rule_obj.name:\n display.warning('{0}: dst_is_adjacent={1}, dst_routing_interfaces={2}, dst={3}'.format(\n rule_obj.name, dst_is_adjacent, dst_routing_interfaces, rule_obj.dst[0].name))\n\n # if the source is adjacent and the destination is remote, we return the source interfaces\n if src_is_adjacent and len(dst_routing_interfaces):\n return filter_interfaces(routing_interfaces)\n\n routing_interfaces = routing_interfaces.difference(dst_routing_interfaces)\n if not routing_interfaces or not dst_routing_interfaces:\n return set()\n\n # if the interfaces we would use are bridged, and the destinations are on local bridges too\n # we declare the rule on the destination bridges since packets would come from there\n bridge_interfaces = self.bridged_by_interfaces(routing_interfaces, rule_obj.dst[0])\n if bridge_interfaces:\n interfaces.update(bridge_interfaces)\n else:\n interfaces.update(routing_interfaces)\n\n if not interfaces and (src_is_local or dst_is_local):\n msg = 'Invalid sub-rule interfaces count ({0}), src={1}, dst={2}'.format(len(interfaces), rule_obj.src[0].name, rule_obj.dst[0].name)\n raise AssertionError(msg)\n return filter_interfaces(interfaces)\n\n def generate_rule(self, name, rule_obj, interfaces, last_name):\n \"\"\" Generate rules definitions for rule \"\"\"\n def _gen_rule_dict(rule_def, name, interface=None):\n if interface is None:\n interface = 'floating'\n floating = True\n else:\n floating = False\n definition = {}\n definition['name'] = name\n definition['action'] = rule_obj.action\n for field in OUTPUT_OPTION_FIELDS:\n value = rule_obj.get_option(field)\n if value is not None:\n definition[field] = value\n\n if floating:\n definition['floating'] = 'yes'\n if 'direction' not in definition:\n definition['direction'] = 'any'\n definition['interface'] = ','.join(rule_interfaces)\n else:\n definition['interface'] = interface\n\n definition['state'] = 'present'\n if interface in last_name and last_name[interface]:\n definition['after'] = last_name[interface]\n else:\n definition['after'] = 'top'\n\n if rule_obj.asymmetric:\n definition['statetype'] = 'sloppy state'\n definition['tcpflags_any'] = True\n\n definition.update(rule_def)\n interfaces[interface].append(definition)\n last_name[interface] = name\n\n if rule_obj.invert_src and 'source' in definition:\n definition['source'] = '!' + definition['source']\n\n if rule_obj.invert_dst and 'destination' in definition:\n definition['destination'] = '!' + definition['destination']\n\n if interface not in rule_obj.generated_names:\n rule_obj.generated_names[interface] = name\n\n def _gen_src_nat_rule_dict(rule_def, name, interface, src_nat):\n definition = {}\n definition['descr'] = '{0}_{1}'.format(name, interface)\n definition['interface'] = interface\n definition['state'] = 'present'\n definition['address'] = '{0}'.format(src_nat.name)\n definition.update(rule_def)\n for field in OUTPUT_SRC_NAT_OPTION_FIELDS:\n value = rule_obj.get_option(field)\n if value is not None:\n definition[field] = value\n\n for field in ['source', 'destination']:\n key = field + '_port'\n if key in definition:\n definition[field] = '{0}:{1}'.format(definition[field], definition[key])\n del definition[key]\n\n interfaces[interface].append(definition)\n\n def _gen_dst_nat_rule_dict(rule_def, name, interface, dst_nat, dst_nat_port):\n definition = {}\n definition['descr'] = '{0}_{1}'.format(name, interface)\n definition['interface'] = interface\n definition['state'] = 'present'\n definition['target'] = '{0}:{1}'.format(dst_nat.name, dst_nat_port)\n definition.update(rule_def)\n for field in OUTPUT_DST_NAT_OPTION_FIELDS:\n value = rule_obj.get_option(field)\n if value is not None:\n definition[field] = value\n\n if 'associated_rule' not in definition:\n definition['associated_rule'] = 'pass'\n\n for field in ['source', 'destination']:\n key = field + '_port'\n if key in definition:\n definition[field] = '{0}:{1}'.format(definition[field], definition[key])\n del definition[key]\n\n if rule_obj.invert_src_nat and 'source' in definition:\n definition['source'] = '!' + definition['source']\n\n if rule_obj.invert_dst_nat and 'destination' in definition:\n definition['destination'] = '!' + definition['destination']\n\n interfaces[interface].append(definition)\n\n base = []\n base.append({})\n\n if len(rule_obj.src) != 1 or len(rule_obj.dst) != 1:\n raise AssertionError()\n\n rule = {}\n rule['src'] = rule_obj.src[0].name\n rule['dst'] = rule_obj.dst[0].name\n if rule_obj.protocol:\n rule['protocol'] = ' '.join(rule_obj.protocol)\n\n if self._data.aggregate:\n if rule_obj.src_port:\n if len(rule_obj.src_port) == 1:\n rule['src_port'] = ' '.join(rule_obj.src_port)\n else:\n rule['src_port'] = self._data.get_ports_alias(set(rule_obj.src_port), name)\n rule_obj.src_port = [rule['src_port']]\n\n if rule_obj.dst_port:\n if len(rule_obj.dst_port) == 1:\n rule['dst_port'] = ' '.join(rule_obj.dst_port)\n else:\n rule['dst_port'] = self._data.get_ports_alias(set(rule_obj.dst_port), name)\n rule_obj.dst_port = [rule['dst_port']]\n\n else:\n if rule_obj.src_port:\n rule['src_port'] = ' '.join(rule_obj.src_port)\n if rule_obj.dst_port:\n rule['dst_port'] = ' '.join(rule_obj.dst_port)\n\n base = rule_product_dict(base, rule, 'src', 'source')\n base = rule_product_dict(base, rule, 'dst', 'destination')\n base = rule_product_dict(base, rule, 'protocol')\n base = rule_product_dict(base, rule, 'src_port', 'source_port')\n base = rule_product_dict(base, rule, 'dst_port', 'destination_port')\n\n if rule_obj.floating:\n rule_interfaces = list(rule_obj.interfaces)\n rule_interfaces.sort()\n if len(base) == 1:\n _gen_rule_dict(base[0], name)\n else:\n rule_idx = 1\n for rule_def in base:\n rule_name = name + \"_\" + str(rule_idx)\n _gen_rule_dict(rule_def, rule_name)\n rule_idx = rule_idx + 1\n else:\n for interface in rule_obj.interfaces:\n if len(base) == 1:\n if rule_obj.src_nat:\n _gen_src_nat_rule_dict(base[0], name, interface, rule_obj.src_nat[0])\n\n if rule_obj.dst_nat:\n _gen_dst_nat_rule_dict(base[0], name, interface, rule_obj.dst_nat[0], rule_obj.dst_nat_port[0])\n\n if not rule_obj.src_nat and not rule_obj.dst_nat:\n _gen_rule_dict(base[0], name, interface)\n else:\n rule_idx = 1\n for rule_def in base:\n rule_name = name + \"_\" + str(rule_idx)\n if rule_obj.src_nat:\n _gen_src_nat_rule_dict(rule_def, rule_name, interface, rule_obj.src_nat[0])\n\n if rule_obj.dst_nat:\n _gen_dst_nat_rule_dict(rule_def, rule_name, interface, rule_obj.dst_nat[0], rule_obj.dst_nat_port[0])\n\n if not rule_obj.src_nat and not rule_obj.dst_nat:\n _gen_rule_dict(rule_def, rule_name, interface)\n rule_idx = rule_idx + 1\n\n def aggregate_subrules(self, rule, interfaces, subrules, sub_interfaces):\n \"\"\" aggregate generated subrules \"\"\"\n def _get_same_rule(new_rules, src, dst):\n for rule in new_rules:\n if rule.src[0].name == src.name and rule.dst[0].name == dst.name:\n return rule\n return None\n\n def _add_list(group, objs):\n for obj in objs:\n group.add(obj)\n\n def _aggregate_job(interface=None):\n # we create fake alias when required\n # we also use interfaces IP and NET when possible\n src = subrule.src[0]\n dst = subrule.dst[0]\n if len(src_group_name) != 1:\n src = self._data.get_hosts_alias(src_group_name, src_group_ip, src_group_net, rule.name)\n elif (not rule.src_nat and not rule.floating and len(subrule.src[0].networks) == 1 and\n len(subrule.src[0].ips) == 0 and\n subrule.src[0].networks[0] == self._data.target.interfaces[interface].local_network):\n src = subrule.src[0].copy()\n src.name = \"NET:{0}\".format(interface)\n elif (not rule.src_nat and not rule.floating and len(subrule.src[0].networks) == 0 and\n len(subrule.src[0].ips) == 1 and\n subrule.src[0].ips[0] == self._data.target.interfaces[interface].local_ip):\n src = subrule.src[0].copy()\n src.name = \"IP:{0}\".format(interface)\n\n if len(dst_group_name) != 1:\n dst = self._data.get_hosts_alias(dst_group_name, dst_group_ip, dst_group_net, rule.name)\n elif (not rule.src_nat and not rule.floating and len(subrule.dst[0].networks) == 1 and\n len(subrule.dst[0].ips) == 0 and\n subrule.dst[0].networks[0] == self._data.target.interfaces[interface].local_network):\n dst = subrule.dst[0].copy()\n dst.name = \"NET:{0}\".format(interface)\n elif (not rule.src_nat and not rule.floating and len(subrule.dst[0].networks) == 0 and\n len(subrule.dst[0].ips) == 1 and\n subrule.dst[0].ips[0] == self._data.target.interfaces[interface].local_ip):\n dst = subrule.dst[0].copy()\n dst.name = \"IP:{0}\".format(interface)\n\n # when aggregating, we merge rules with same src/dst\n existing_rule = _get_same_rule(new_rules, src, dst)\n if existing_rule is None:\n existing_rule = copy(subrule)\n existing_rule.src[0] = src\n existing_rule.dst[0] = dst\n existing_rule.interfaces = set()\n new_rules.append(existing_rule)\n\n if rule.floating:\n for sub_interface in sub_interfaces:\n existing_rule.interfaces.add(sub_interface)\n if sub_interface not in interfaces:\n interfaces[sub_interface] = []\n else:\n existing_rule.interfaces.add(interface)\n\n if interface not in interfaces:\n interfaces[interface] = []\n\n new_rules = list()\n if rule.floating:\n src_group_name = set()\n dst_group_name = set()\n src_group_ip = set()\n dst_group_ip = set()\n src_group_net = set()\n dst_group_net = set()\n subrule = None\n for interface in sorted(sub_interfaces):\n for subrule in sub_interfaces[interface]:\n src_group_name.add(subrule.src[0].name)\n dst_group_name.add(subrule.dst[0].name)\n _add_list(src_group_ip, subrule.src[0].ips)\n _add_list(src_group_net, subrule.src[0].networks)\n _add_list(dst_group_ip, subrule.dst[0].ips)\n _add_list(dst_group_net, subrule.dst[0].networks)\n _aggregate_job()\n else:\n for interface in sorted(sub_interfaces):\n src_group_name = set()\n dst_group_name = set()\n src_group_ip = set()\n dst_group_ip = set()\n src_group_net = set()\n dst_group_net = set()\n subrule = None\n for subrule in sub_interfaces[interface]:\n src_group_name.add(subrule.src[0].name)\n dst_group_name.add(subrule.dst[0].name)\n _add_list(src_group_ip, subrule.src[0].ips)\n _add_list(src_group_net, subrule.src[0].networks)\n _add_list(dst_group_ip, subrule.dst[0].ips)\n _add_list(dst_group_net, subrule.dst[0].networks)\n _aggregate_job(interface)\n\n if rule.floating and 'floating' not in interfaces:\n interfaces['floating'] = []\n\n subrules.extend(new_rules)\n\n def guess_rules(self, rule_filter):\n \"\"\" Return interfaces, rules and rules names \"\"\"\n interfaces = {}\n rules = list()\n\n for name, rule in self._data.rules_obj.items():\n subrules = []\n sub_interfaces = dict()\n\n # for each subrule, we guess on which interfaces the subrule needs to be generated, if any\n for subrule in sorted(rule.sub_rules, key=lambda x: x.src[0].name + x.dst[0].name):\n subrule.interfaces = self.rule_interfaces(subrule)\n if rule_filter is not None and name != rule_filter:\n continue\n if not subrule.interfaces:\n continue\n\n # when aggregating, we group the rules by interface for later\n # otherwise, we add the subrule\n if self._data.aggregate:\n for interface in subrule.interfaces:\n if interface not in sub_interfaces:\n sub_interfaces[interface] = []\n sub_interfaces[interface].append(subrule)\n else:\n subrules.append(subrule)\n for interface in subrule.interfaces:\n if interface not in interfaces:\n interfaces[interface] = []\n\n # let's aggregate\n if self._data.aggregate and sub_interfaces:\n self.aggregate_subrules(rule, interfaces, subrules, sub_interfaces)\n\n if self._data.gendiff:\n rules.extend(subrules)\n else:\n for subrule in subrules:\n rules.append((name, subrule))\n\n # we only keep the subrules having interfaces\n rule.sub_rules = subrules\n\n return (interfaces, rules)\n\n def generate_rules(self, rule_filter=None):\n \"\"\" Return rules definitions for pfsense_aggregate\n if rule_filter, process only rules matching rule_filter\n \"\"\"\n\n filter_rules = []\n src_nat_rules = []\n dst_nat_rules = []\n\n # first, we break rules in small parts (one src, one dst)\n self._decomposer.decompose_rules()\n\n # then, we guess the rules which are required on the target\n (interfaces, rules) = self.guess_rules(rule_filter)\n\n # last, we generate each required rule\n last_name = dict()\n if self._data.gendiff:\n for rule in rules:\n self.generate_rule(rule.name, rule, interfaces, last_name)\n else:\n for (name, rule) in rules:\n self.generate_rule(name, rule, interfaces, last_name)\n\n # since nat is not separated by interface, we manage the order here\n last_src_nat = 'top'\n last_dst_nat = 'top'\n for name in sorted(interfaces.keys()):\n interface = interfaces[name]\n for rule in interface:\n if 'address' in rule:\n rule['after'] = last_src_nat\n last_src_nat = rule['descr']\n src_nat_rules.append(rule)\n elif 'target' in rule:\n rule['after'] = last_dst_nat\n last_dst_nat = rule['descr']\n dst_nat_rules.append(rule)\n else:\n filter_rules.append(rule)\n\n return (filter_rules, src_nat_rules, dst_nat_rules)\n\n def output_rules(self, rules, ignored_rules):\n \"\"\" Output rules definitions for pfsense_aggregate \"\"\"\n print(\" #===========================\")\n print(\" # Rules\")\n print(\" # \")\n interfaces = list(self._data.target.interfaces.keys())\n interfaces.append('floating')\n definitions = list()\n for interface in interfaces:\n for rule in rules:\n if interface == rule['interface'] or interface == 'floating' and rule.get('floating'):\n definition = ' - { name: \"%s\", source: \"%s\", ' % (rule['name'], rule['source'])\n if 'source_port' in rule:\n definition += 'source_port: \"{0}\", '.format(rule['source_port'])\n\n definition += 'destination: \"{0}\", '.format(rule['destination'])\n if 'destination_port' in rule:\n definition += 'destination_port: \"{0}\", '.format(rule['destination_port'])\n\n definition += 'interface: \"{0}\", action: \"{1}\"'.format(rule['interface'], rule['action'])\n\n if rule.get('protocol'):\n definition += \", protocol: \\\"\" + rule['protocol'] + \"\\\"\"\n if rule.get('descr'):\n definition += \", descr: \\\"\" + rule['descr'] + \"\\\"\"\n for field in OUTPUT_OPTION_FIELDS:\n value = rule.get(field)\n if value is not None:\n definition += ', {0}: {1}'.format(field, value)\n\n if rule.get('floating'):\n definition += \", floating: True\"\n\n if rule.get('statetype') is not None:\n definition += \", statetype: '{0}'\".format(rule.get('statetype'))\n\n if rule.get('tcpflags_any'):\n definition += \", tcpflags_any: True\"\n\n if rule.get('after') and not self._data.gendiff:\n definition += \", after: \\\"\" + rule['after'] + \"\\\"\"\n definition += \", state: \\\"present\\\" }\"\n if self._data.gendiff:\n definitions.append(definition)\n else:\n print(definition)\n definitions.sort()\n print('\\n'.join(definitions))\n\n print(\" #===========================\")\n print(\" # ignored rules\")\n print(\" # \")\n definitions = list()\n for rule in ignored_rules:\n definition = \" - { name: \\\"\" + rule + \"\\\" }\"\n definitions.append(definition)\n definitions.sort()\n print('\\n'.join(definitions))\n\n def output_src_nat_rules(self, rules):\n \"\"\" Output outbound definitions for pfsense_aggregate \"\"\"\n print(\" #===========================\")\n print(\" # Nat outbound rules\")\n print(\" # \")\n interfaces = list(self._data.target.interfaces.keys())\n interfaces.append('floating')\n definitions = list()\n for interface in sorted(interfaces):\n for rule in rules:\n if interface == rule['interface']:\n definition = ' - { descr: \"%s\", source: \"%s\", ' % (rule['descr'], rule['source'])\n if 'source_port' in rule:\n definition += 'source_port: \"{0}\", '.format(rule['source_port'])\n\n definition += 'destination: \"{0}\", '.format(rule['destination'])\n if 'destination_port' in rule:\n definition += 'destination_port: \"{0}\", '.format(rule['destination_port'])\n\n definition += 'interface: \"{0}\", address: \"{1}\"'.format(rule['interface'], rule['address'])\n\n for field in OUTPUT_SRC_NAT_OPTION_FIELDS:\n value = rule.get(field)\n if value is not None:\n definition += ', {0}: {1}'.format(field, value)\n\n if rule.get('protocol'):\n definition += \", protocol: \\\"\" + rule['protocol'] + \"\\\"\"\n if rule.get('descr'):\n definition += \", descr: \\\"\" + rule['descr'] + \"\\\"\"\n\n if rule.get('after') and not self._data.gendiff:\n definition += \", after: \\\"\" + rule['after'] + \"\\\"\"\n definition += \", state: \\\"present\\\" }\"\n if self._data.gendiff:\n definitions.append(definition)\n else:\n print(definition)\n definitions.sort()\n print('\\n'.join(definitions))\n\n def output_dst_nat_rules(self, rules):\n \"\"\" Output outbound definitions for pfsense_aggregate \"\"\"\n print(\" #===========================\")\n print(\" # Nat port forward rules\")\n print(\" # \")\n interfaces = list(self._data.target.interfaces.keys())\n interfaces.append('floating')\n definitions = list()\n for interface in sorted(interfaces):\n for rule in rules:\n if interface == rule['interface']:\n definition = ' - { descr: \"%s\", source: \"%s\", ' % (rule['descr'], rule['source'])\n definition += 'destination: \"{0}\", '.format(rule['destination'])\n definition += 'interface: \"{0}\", target: \"{1}\"'.format(rule['interface'], rule['target'])\n\n for field in OUTPUT_SRC_NAT_OPTION_FIELDS:\n value = rule.get(field)\n if value is not None:\n definition += ', {0}: {1}'.format(field, value)\n\n if rule.get('descr'):\n definition += \", descr: \\\"\" + rule['descr'] + \"\\\"\"\n\n if rule.get('after') and not self._data.gendiff:\n definition += \", after: \\\"\" + rule['after'] + \"\\\"\"\n definition += \", state: \\\"present\\\" }\"\n if self._data.gendiff:\n definitions.append(definition)\n else:\n print(definition)\n definitions.sort()\n print('\\n'.join(definitions))\n\n\nclass PFSenseRuleSeparatorFactory(object):\n \"\"\" Class generating rule separators definitions \"\"\"\n\n def __init__(self, data):\n self._data = data\n\n def _find_first_separator_rule(self, separator):\n \"\"\" return the name of the first rule in the separator \"\"\"\n for rule in self._data.rules_obj.values():\n for subrule in rule.sub_rules:\n if subrule.separator.name == separator.name and separator.interface in subrule.generated_names:\n return subrule.generated_names[separator.interface]\n return None\n\n def generate_rule_separators(self, rule_filter=None):\n \"\"\" Return rule_separators definitions for pfsense_aggregate \"\"\"\n\n separators = OrderedDict()\n\n for name, rule in self._data.rules_obj.items():\n if rule_filter is not None and name != rule_filter:\n continue\n for subrule in rule.sub_rules:\n if subrule.separator is None or subrule.separator.name is None:\n continue\n for interface in subrule.interfaces:\n separator = PFSenseRuleSeparator()\n separator.name = subrule.separator.name\n if rule.floating:\n separator.interface = 'floating'\n else:\n separator.interface = interface\n if separator not in separators:\n separators[separator] = separator\n\n ret = []\n for separator in separators.values():\n definition = {}\n definition['name'] = separator.name\n if separator.interface == 'floating':\n definition['floating'] = True\n else:\n definition['interface'] = separator.interface\n definition['before'] = self._find_first_separator_rule(separator)\n if definition['before'] is None:\n # for now we don't manage empty separators\n continue\n definition['state'] = 'present'\n ret.append(definition)\n\n return ret\n\n def output_rule_separators(self, separators):\n \"\"\" Output rule separators definitions for pfsense_aggregate \"\"\"\n print(\" #===========================\")\n print(\" # Rule separators\")\n print(\" # \")\n interfaces = list(self._data.target.interfaces.keys())\n interfaces.append('floating')\n definitions = list()\n for interface in interfaces:\n for separator in separators:\n if 'interface' in separator and interface == separator['interface'] or interface == 'floating' and 'floating' in separator:\n definition = \" - { name: \\\"\" + separator['name'] + \"\\\", \"\n if interface == 'floating':\n definition += \"floating: True, \"\n else:\n definition += \"interface: \\\"\" + separator['interface'] + \"\\\", \"\n definition += \"before: \\\"\" + separator['before'] + \"\\\", state: \\\"present\\\" }\"\n definitions.append(definition)\n definitions.sort()\n print('\\n'.join(definitions))\n\n\ndef _create_target_data(cached_data, target_name):\n \"\"\" Create a lightweight per-target copy from cached global data.\n Shares immutable state (aliases, pfsense objects with their caches),\n copies only what generate_rules mutates (rules_obj, alias/port dicts). \"\"\"\n data = PFSenseData.__new__(PFSenseData)\n\n # Shared immutable state (read-only after global parse)\n data._hosts_aliases = cached_data._hosts_aliases\n data._pfsenses = cached_data._pfsenses\n data._pfsenses_obj = cached_data._pfsenses_obj\n data._rules = cached_data._rules\n data._rules_separators = cached_data._rules_separators\n data._ignored_aliases = cached_data._ignored_aliases\n data._ignored_rules = cached_data._ignored_rules\n data.log_errors = False\n data.gendiff = cached_data.gendiff\n data.debug = cached_data.debug\n data.aggregate = cached_data.aggregate\n data._errors = []\n\n # Per-target copies (get_hosts_alias/get_ports_alias add entries during generation)\n data._all_aliases = dict(cached_data._all_aliases)\n data._hosts_aliases_obj = OrderedDict(cached_data._hosts_aliases_obj)\n data._ports_aliases = dict(cached_data._ports_aliases)\n data._hosts_alias_by_content = None\n\n # Copy rules (sub_rules, generated_names, src_port/dst_port get mutated by generate_rules)\n data._rules_obj = OrderedDict()\n for name, rule in cached_data._rules_obj.items():\n data._rules_obj[name] = rule._copy_for_decompose()\n\n # Set target\n data._target_name = target_name\n data._target = data._pfsenses_obj[target_name]\n\n return data\n\n\n# Module-level cache: parsed global data persists across Ansible lookup invocations\n# (all hosts share the same Python process on the controller)\n_PARSED_CACHE = {}\n\n\nclass LookupModule(LookupBase):\n \"\"\" Lookup module generating pfsense definitions \"\"\"\n\n def get_hostname(self):\n \"\"\" Just for easier mock \"\"\"\n myvars = getattr(self._templar, '_available_variables', {})\n return myvars['inventory_hostname']\n\n @staticmethod\n def get_definitions(from_file):\n \"\"\" Just for easier mock \"\"\"\n return ordered_load(open(from_file), yaml.SafeLoader)\n\n def load_data(self, from_file):\n \"\"\" Load and return pfsense data \"\"\"\n fvars = self.get_definitions(from_file)\n if fvars is None:\n raise AnsibleError(\"No usable data found in {0}\".format(from_file))\n\n for section in ['hosts_aliases', 'ports_aliases', 'pfsenses', 'rules']:\n if section not in fvars:\n raise AnsibleError(\"Missing {0} section in {1}\".format(section, from_file))\n\n data = PFSenseData(\n hosts_aliases=fvars['hosts_aliases'],\n ports_aliases=fvars['ports_aliases'],\n pfsenses=fvars['pfsenses'],\n rules=fvars['rules'],\n target_name=self.get_hostname()\n )\n return data\n\n def _run(self, terms, variables, **kwargs):\n \"\"\" Main function \"\"\"\n if len(terms) != 2:\n raise AnsibleError(\"pfsense lookup requires a filename and another parameter in [aliases, rules, rule_separators, all_definitions]\")\n\n from_file = terms[0]\n target_name = self.get_hostname()\n\n # Check module-level cache for parsed global data\n abs_path = os.path.abspath(from_file)\n try:\n mtime = os.path.getmtime(abs_path)\n except OSError:\n mtime = 0\n cache_key = (abs_path, mtime)\n\n cached_data = _PARSED_CACHE.get(cache_key)\n\n if cached_data is not None:\n # Cache hit: validate target and create lightweight per-target copy\n if target_name not in cached_data._pfsenses_obj:\n raise AnsibleError(target_name + \" does not exist in pfsenses section\")\n data = _create_target_data(cached_data, target_name)\n else:\n # Cache miss: full parse\n data = self.load_data(from_file)\n parser = PFSenseDataParser(data)\n if not parser.parse():\n raise AnsibleError(\"Error checking pfsense data\")\n # Cache the fully-parsed global state (before generate_rules mutates anything)\n _PARSED_CACHE[cache_key] = data\n # Create per-target copy (generate_rules will mutate it, not the cached original)\n data = _create_target_data(data, target_name)\n\n alias_factory = PFSenseAliasFactory(data)\n rule_factory = PFSenseRuleFactory(data, display_warnings=(terms[1] == 'rules'))\n rule_separator_factory = PFSenseRuleSeparatorFactory(data)\n\n (rules, src_nat_rules, dst_nat_rules) = rule_factory.generate_rules()\n rule_separators = rule_separator_factory.generate_rule_separators()\n aliases = alias_factory.generate_aliases()\n\n if terms[1] == 'aliases':\n return [aliases]\n elif terms[1] == 'rules':\n return [rules]\n elif terms[1] == 'nat_outbounds':\n return [src_nat_rules]\n elif terms[1] == 'nat_port_forwards':\n return [dst_nat_rules]\n elif terms[1] == 'rule_separators':\n return [rule_separators]\n elif terms[1] == 'all_definitions':\n res = {}\n res['aggregated_aliases'] = aliases\n res['aggregated_rules'] = rules\n res['aggregated_rule_separators'] = rule_separators\n res['aggregated_nat_outbounds'] = src_nat_rules\n res['aggregated_nat_port_forwards'] = dst_nat_rules\n res['ignored_rules'] = list(data.ignored_rules)\n res['ignored_aliases'] = list(data.ignored_aliases)\n return [res]\n\n return []\n\n def run(self, terms, variables, **kwargs):\n \"\"\" Entry point for main function (to properly catch & display exceptions stacktrace)\"\"\"\n trace = None\n res = []\n\n try:\n res = self._run(terms, variables, **kwargs)\n except AnsibleError:\n raise\n except AssertionError:\n raise\n except Exception:\n trace = traceback.format_exc()\n finally:\n if trace is not None:\n raise AnsibleError(trace)\n\n return res\n\n\ndef unit_test_helper(filename, pfname):\n \"\"\" Unit test helper \"\"\"\n rule_filter = None\n fvars = ordered_load(open(filename), yaml.SafeLoader)\n\n data = PFSenseData(\n hosts_aliases=fvars['hosts_aliases'],\n ports_aliases=fvars['ports_aliases'],\n pfsenses=fvars['pfsenses'],\n rules=fvars['rules'],\n target_name=pfname,\n )\n\n parser = PFSenseDataParser(data)\n\n if not parser.parse():\n return False\n alias_factory = PFSenseAliasFactory(data)\n rule_factory = PFSenseRuleFactory(data)\n rule_separator_factory = PFSenseRuleSeparatorFactory(data)\n\n (rules, src_nat_rules, dst_nat_rules) = rule_factory.generate_rules(rule_filter)\n rule_separators = rule_separator_factory.generate_rule_separators()\n aliases = alias_factory.generate_aliases(rule_filter)\n\n alias_factory.output_aliases(aliases, data.ignored_aliases)\n rule_factory.output_rules(rules, data.ignored_rules)\n rule_factory.output_src_nat_rules(src_nat_rules)\n rule_factory.output_dst_nat_rules(dst_nat_rules)\n rule_separator_factory.output_rule_separators(rule_separators)\n\n return (aliases, rules)\n\n\ndef main():\n \"\"\" Output debug helper \"\"\"\n parser = argparse.ArgumentParser()\n parser.add_argument(\"file\", help=\"input file\")\n parser.add_argument(\"pfsense\", help=\"target_fw\")\n parser.add_argument('filter', help=\"rule_name\", nargs='?')\n parser.add_argument(\"-a\", \"--dont-aggregate\", action=\"store_false\", help=\"dont generate aliases to aggregate rules\")\n parser.add_argument(\"-g\", \"--gendiff\", action=\"store_true\", help=\"output more suitable for diffs (debugging)\")\n parser.add_argument(\"-d\", \"--debug-rule\", action=\"store\", help=\"debug rule\")\n args = parser.parse_args()\n\n rule_filter = None\n if args.filter:\n rule_filter = args.filter\n\n print('Loading data...')\n fvars = ordered_load(open(args.file), yaml.SafeLoader)\n\n data = PFSenseData(\n hosts_aliases=fvars['hosts_aliases'],\n ports_aliases=fvars['ports_aliases'],\n pfsenses=fvars['pfsenses'],\n rules=fvars['rules'],\n target_name=args.pfsense,\n gendiff=args.gendiff,\n debug=args.debug_rule,\n aggregate=args.dont_aggregate,\n )\n\n parser = PFSenseDataParser(data)\n print('Parsing data...')\n if not parser.parse():\n return\n\n alias_factory = PFSenseAliasFactory(data)\n rule_factory = PFSenseRuleFactory(data)\n rule_separator_factory = PFSenseRuleSeparatorFactory(data)\n\n print('Generating rules...')\n (rules, src_nat_rules, dst_nat_rules) = rule_factory.generate_rules(rule_filter)\n\n if rule_filter is None:\n print('Generating rule separators...')\n rule_separators = rule_separator_factory.generate_rule_separators(rule_filter)\n else:\n print('Filter set. Skipping rule separators...')\n\n print('Generating aliases...')\n aliases = alias_factory.generate_aliases(rule_filter)\n\n alias_factory.output_aliases(aliases, data.ignored_aliases)\n rule_factory.output_rules(rules, data.ignored_rules)\n rule_factory.output_src_nat_rules(src_nat_rules)\n rule_factory.output_dst_nat_rules(dst_nat_rules)\n if rule_filter is None:\n rule_separator_factory.output_rule_separators(rule_separators)\n\n\nif __name__ == '__main__':\n profile = False\n if profile:\n import cProfile\n import pstats\n profiler = cProfile.Profile()\n profiler.enable()\n main()\n profiler.disable()\n stats = pstats.Stats(profiler).sort_stats('tottime')\n stats.print_stats()\n else:\n main()\n"
},
{
"path": "plugins/module_utils/__init__.py",
"content": ""
},
{
"path": "plugins/module_utils/alias.py",
"content": "# -*- coding: utf-8 -*-\n\n# Copyright: (c) 2018-2024, Orion Poplawski \n# Copyright: (c) 2018, Frederic Bor \n# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)\n\nfrom __future__ import absolute_import, division, print_function\n__metaclass__ = type\nfrom ansible_collections.pfsensible.core.plugins.module_utils.module_base import PFSenseModuleBase\n\nALIAS_ARGUMENT_SPEC = dict(\n name=dict(required=True, type='str'),\n state=dict(default='present', choices=['present', 'absent']),\n type=dict(required=False, choices=['host', 'network', 'port', 'urltable', 'urltable_ports']),\n address=dict(default=None, required=False, type='str'),\n url=dict(default=None, required=False, type='str'),\n descr=dict(default=None, required=False, type='str'),\n detail=dict(default=None, required=False, type='str'),\n updatefreq=dict(default=None, required=False, type='int'),\n)\n\nALIAS_MUTUALLY_EXCLUSIVE = [\n ('address', 'url'),\n]\n\nALIAS_REQUIRED_IF = [\n [\"state\", \"present\", [\"type\"]],\n [\"type\", \"host\", [\"address\"]],\n [\"type\", \"network\", [\"address\"]],\n [\"type\", \"port\", [\"address\"]],\n [\"type\", \"urltable\", [\"updatefreq\"]],\n [\"type\", \"urltable_ports\", [\"updatefreq\"]],\n # When \"address\" deprecation period is over\n # [\"type\", \"urltable\", [\"updatefreq\", \"url\"]],\n # [\"type\", \"urltable_ports\", [\"updatefreq\", \"url\"]],\n]\n\nALIAS_MAP_PARAM_IF = [\n [\"type\", \"urltable\", (\"address\", \"url\")],\n [\"type\", \"urltable_ports\", (\"address\", \"url\")],\n]\n\nALIAS_CREATE_DEFAULT = dict(\n descr='',\n detail='',\n)\n\nALIAS_PHP_COMMAND_SET = \"\"\"\nrequire_once(\"filter.inc\");\nif (filter_configure() == 0) { clear_subsystem_dirty('aliases'); }\n\"\"\"\n\n\nclass PFSenseAliasModule(PFSenseModuleBase):\n \"\"\" module managing pfsense aliases \"\"\"\n\n ##############################\n # unit tests\n #\n # Must be class method for unit test usage\n @staticmethod\n def get_argument_spec():\n \"\"\" return argument spec \"\"\"\n return ALIAS_ARGUMENT_SPEC\n\n ##############################\n # init\n #\n def __init__(self, module, pfsense=None):\n super(PFSenseAliasModule, self).__init__(module, pfsense, root='aliases', node='alias', key='name', update_php=ALIAS_PHP_COMMAND_SET,\n map_param_if=ALIAS_MAP_PARAM_IF, create_default=ALIAS_CREATE_DEFAULT)\n # Override for use with aggregate\n self.argument_spec = ALIAS_ARGUMENT_SPEC\n\n ##############################\n # params processing\n #\n def _validate_params(self):\n \"\"\" do some extra checks on input parameters \"\"\"\n params = self.params\n\n # check name\n self.pfsense.check_name(params['name'], 'alias')\n\n if params['state'] == 'present':\n # the GUI does not allow to create 2 aliases with same name and differents types\n alias_elt = self.pfsense.find_alias(params['name'])\n if alias_elt is not None:\n if params['type'] not in ['host', 'network'] or alias_elt.find('type').text not in ['host', 'network']:\n if params['type'] != alias_elt.find('type').text:\n self.module.fail_json(msg='An alias with this name and a different type already exists: \\'{0}\\''.format(params['name']))\n\n # Aliases cannot have the same name as an interface description\n if self.pfsense.get_interface_by_display_name(params['name']) is not None:\n self.module.fail_json(msg='An interface description with this name already exists: \\'{0}\\''.format(params['name']))\n\n # updatefreq is for urltable only\n if params['updatefreq'] is not None and params['type'] != 'urltable' and params['type'] != 'urltable_ports':\n self.module.fail_json(msg='updatefreq is only valid with type urltable or urltable_ports')\n\n details = params['detail'].split('||') if params['detail'] is not None else []\n if params['address'] is not None:\n # check details count\n addresses = params['address'].split(' ')\n if len(details) > len(addresses):\n self.module.fail_json(msg='Too many details in relation to addresses')\n\n # warn if address is used with urltable to urltable_ports\n if params['type'] in ['urltable', 'urltable_ports']:\n self.module.warn('Use of \"address\" with {type} is depracated, please use \"url\" instead'.format(type=params['type']))\n\n # pfSense GUI rule\n for detail in details:\n if detail.startswith('|') or detail.endswith('|'):\n self.module.fail_json(msg='Vertical bars (|) at start or end of descriptions not allowed')\n"
},
{
"path": "plugins/module_utils/arg_route.py",
"content": "# -*- coding: utf-8 -*-\n\n# Copyright: (c) 2024, Orion Poplawski \n# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)\n\nfrom __future__ import (absolute_import, division, print_function)\n__metaclass__ = type\n\n\n# module_base _params_to_obj currently does not call thse functions if\n# params[name] is None.\n\ndef p2o_cert(self, name, params, obj):\n obj[name] = self.pfsense.get_certref(params[name])\n\n\ndef p2o_interface(self, name, params, obj):\n obj[name] = self.pfsense.parse_interface(params[name], with_virtual=True)\n\n\ndef p2o_interface_with_gwgroup(self, name, params, obj):\n obj[name] = self.pfsense.parse_interface(params[name], with_virtual=False, with_gwgroup=True)\n\n\ndef p2o_interface_without_virtual(self, name, params, obj):\n obj[name] = self.pfsense.parse_interface(params[name], with_virtual=False)\n\n\ndef p2o_port(self, name, params, obj):\n obj[name] = self.pfsense.parse_port(params[name], with_virtual=True)\n\n\ndef p2o_strip(self, name, params, obj):\n if params[name] is not None:\n obj[name] = params[name].strip()\n"
},
{
"path": "plugins/module_utils/arg_validate.py",
"content": "# -*- coding: utf-8 -*-\n\n# Copyright: (c) 2025, Orion Poplawski \n# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)\n\nfrom __future__ import (absolute_import, division, print_function)\n__metaclass__ = type\n\n\n# TODO - allow specifying type of cert, e.g. HTTPS\ndef validate_cert(self, cert):\n if self.pfsense.get_certref(cert) is None:\n raise ValueError(f\"Unknown certificate '{cert}'.\")\n"
},
{
"path": "plugins/module_utils/default_gateway.py",
"content": "# -*- coding: utf-8 -*-\n\n# Copyright: (c) 2018, Frederic Bor \n# Copyright: (c) 2023, Nicolas Zagulajew \n#\n# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)\n\nfrom __future__ import absolute_import, division, print_function\n__metaclass__ = type\n\nfrom ansible_collections.pfsensible.core.plugins.module_utils.module_base import PFSenseModuleBase\n\n\nDEFAULT_GATEWAY_ARGUMENT_SPEC = dict(\n gateway=dict(type='str'),\n ipprotocol=dict(default='inet', choices=['inet', 'inet6']),\n)\n\n\nclass PFSenseDefaultGatewayModule(PFSenseModuleBase):\n \"\"\" module managing pfsense default gateways \"\"\"\n\n @staticmethod\n def get_argument_spec():\n \"\"\" return argument spec \"\"\"\n return DEFAULT_GATEWAY_ARGUMENT_SPEC\n\n ##############################\n # init\n #\n def __init__(self, module, pfsense=None):\n super(PFSenseDefaultGatewayModule, self).__init__(module, pfsense, root='gateways')\n self.name = \"pfsense_default_gateway\"\n self.target_elt = self.root_elt\n self.interface_elt = None\n self.read_only = False\n\n ##############################\n # params processing\n #\n def _params_to_obj(self):\n \"\"\" return a dict from module params\n gateway required, str\n ipprotocol default : inet, choice inet/inet6\n \"\"\"\n params = self.params\n\n obj = dict()\n\n # Modification\n if params[\"gateway\"]:\n my_defaultgw = self._gw2machine(params['gateway'])\n if params['ipprotocol'] == \"inet\":\n obj['defaultgw4'] = my_defaultgw\n self.result[\"defaultgw4\"] = params[\"gateway\"]\n elif params['ipprotocol'] == \"inet6\":\n obj['defaultgw6'] = my_defaultgw\n self.result[\"defaultgw6\"] = params[\"gateway\"]\n else:\n self.module.fail_json(msg='Please specify a valid ipprotocol (inet/inet6)')\n\n return obj\n\n def _validate_params(self):\n \"\"\" do some extra checks on input parameters\n gateway required, str\n ipprotocol default : inet, choice inet/inet6\n \"\"\"\n params = self.params\n gateway_list = [\"none\", \"automatic\"] + [gw[\"Name\"] for gw in self.pfsense.find_active_gateways()]\n\n # get list of current default gateways and append gateway_groups to list\n for elt in self.root_elt:\n if elt.tag in [\"gateway_group\"]:\n gateway_list.append(elt.find(\"name\").text)\n elif elt.tag == \"defaultgw4\":\n self.result[\"defaultgw4\"] = self._gw2human(elt.text)\n elif elt.tag == \"defaultgw6\":\n self.result[\"defaultgw6\"] = self._gw2human(elt.text)\n\n if params[\"gateway\"]:\n if str(params[\"gateway\"]) not in gateway_list:\n self.module.fail_json(msg=\"Unknown gateway %s : %s\" % (params[\"gateway\"], gateway_list))\n\n ##############################\n # XML processing\n #\n def _create_target(self):\n \"\"\" create the XML target_elt \"\"\"\n if self.params[\"ipprotocol\"] == \"inet\":\n return self.pfsense.new_element('defaultgw4')\n elif self.params[\"ipprotocol\"] == \"inet6\":\n return self.pfsense.new_element('defaultgw6')\n\n ##############################\n # Utilities\n #\n\n @staticmethod\n def _gw2machine(gateway):\n \"\"\"\n Translates special gateway to machine-readable\n \"-\" means none\n \"\" means automatic\n \"\"\"\n if gateway is not None:\n if gateway.lower() == \"automatic\":\n return \"\"\n elif gateway.lower() == \"none\":\n return \"-\"\n return gateway\n\n @staticmethod\n def _gw2human(gateway):\n \"\"\"\n Translates special gateway as human-readable\n \"-\" means none\n \"\" means automatic\n \"\"\"\n if gateway is None:\n return \"automatic\"\n elif gateway == \"-\":\n return \"none\"\n else:\n return gateway\n\n @staticmethod\n def _get_params_to_remove():\n \"\"\" returns the list of params to remove if they are not set \"\"\"\n return []\n\n ##############################\n def run(self, params):\n \"\"\" process input params to add/update/delete \"\"\"\n self.params = params\n self._check_deprecated_params()\n self._check_onward_params()\n self._validate_params()\n\n self.obj = self._params_to_obj()\n\n if params[\"gateway\"]:\n self._add()\n\n def _update(self):\n \"\"\" make the target pfsense reload \"\"\"\n return self.pfsense.phpshell('''\nrequire_once(\"filter.inc\");\n$retval = 0;\n\n$retval |= system_routing_configure();\n$retval |= system_resolvconf_generate();\n$retval |= filter_configure();\n/* reconfigure our gateway monitor */\nsetup_gateways_monitor();\n/* Dynamic DNS on gw groups may have changed */\nsend_event(\"service reload dyndnsall\");\n\nif ($retval == 0) clear_subsystem_dirty('staticroutes');\n''')\n\n ##############################\n # Logging\n #\n def _get_obj_name(self):\n \"\"\" return obj's name \"\"\"\n return \"\"\n\n def _log_fields(self, before=None):\n \"\"\" generate pseudo-CLI command fields parameters to create an obj \"\"\"\n values = ''\n if self.params[\"ipprotocol\"] == \"inet\":\n values += self.format_updated_cli_field(self.obj, before, 'defaultgw4', add_comma=values)\n elif self.params[\"ipprotocol\"] == \"inet6\":\n values += self.format_updated_cli_field(self.obj, before, 'defaultgw6', add_comma=values)\n\n return values\n"
},
{
"path": "plugins/module_utils/dhcp_server.py",
"content": "# -*- coding: utf-8 -*-\n\n# Copyright: (c) 2024, David Rosado \n# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)\n\nfrom __future__ import absolute_import, division, print_function\n__metaclass__ = type\n\nfrom ipaddress import ip_address, ip_network\nimport re\n\nfrom ansible_collections.pfsensible.core.plugins.module_utils.module_base import PFSenseModuleBase\n\nDHCPSERVER_ARGUMENT_SPEC = dict(\n state=dict(type='str', default='present', choices=['present', 'absent']),\n interface=dict(required=True, type='str'),\n enable=dict(type='bool', default=True),\n range_from=dict(type='str'),\n range_to=dict(type='str'),\n failover_peerip=dict(type='str'),\n defaultleasetime=dict(type='int'),\n maxleasetime=dict(type='int'),\n netmask=dict(type='str'),\n gateway=dict(type='str'),\n domain=dict(type='str'),\n domainsearchlist=dict(type='str'),\n ddnsdomain=dict(type='str'),\n ddnsdomainprimary=dict(type='str'),\n ddnsdomainkeyname=dict(type='str', no_log=False),\n ddnsdomainkeyalgorithm=dict(type='str', default='hmac-md5', choices=['hmac-md5', 'hmac-sha1', 'hmac-sha224', 'hmac-sha256', 'hmac-sha384', 'hmac-sha512']),\n ddnsdomainkey=dict(type='str', no_log=True),\n mac_allow=dict(type='list', elements='str'),\n mac_deny=dict(type='list', elements='str'),\n ddnsclientupdates=dict(type='str', default='allow', choices=['allow', 'deny', 'ignore']),\n tftp=dict(type='str'),\n ldap=dict(type='str'),\n nextserver=dict(type='str'),\n filename=dict(type='str'),\n filename32=dict(type='str'),\n filename64=dict(type='str'),\n rootpath=dict(type='str'),\n numberoptions=dict(type='str'),\n winsserver=dict(type='list', elements='str'),\n dnsserver=dict(type='list', elements='str'),\n ntpserver=dict(type='list', elements='str'),\n ignorebootp=dict(type='bool'),\n denyunknown=dict(type='str', choices=['disabled', 'enabled', 'class']),\n nonak=dict(type='bool'),\n ignoreclientuids=dict(type='bool'),\n staticarp=dict(type='bool'),\n dhcpinlocaltime=dict(type='bool'),\n statsgraph=dict(type='bool'),\n disablepingcheck=dict(type='bool'),\n)\n\n\nclass PFSenseDHCPServerModule(PFSenseModuleBase):\n \"\"\" module managing pfsense DHCP server settings \"\"\"\n\n @staticmethod\n def get_argument_spec():\n \"\"\"return argument spec\"\"\"\n return DHCPSERVER_ARGUMENT_SPEC\n\n ##############################\n # init\n #\n def __init__(self, module, pfsense=None):\n super(PFSenseDHCPServerModule, self).__init__(module, pfsense)\n self.name = \"pfsense_dhcp_server\"\n self.obj = dict()\n\n self.root_elt = self.pfsense.get_element('dhcpd', create_node=True)\n self.target = None\n self.network = None\n\n ##############################\n # params processing\n #\n def _get_logical_interface(self, interface):\n \"\"\"Find the logical interface name\"\"\"\n for iface in self.pfsense.interfaces:\n # Check if it matches the logical name (e.g., 'lan', 'wan', 'opt1')\n if iface.tag.lower() == interface.lower():\n return iface.tag\n\n # Check if it matches the physical interface name (e.g., 'em0', 'igb0')\n if_elt = iface.find('if')\n if if_elt is not None and if_elt.text.strip().lower() == interface.lower():\n return iface.tag\n\n # Check if it matches the interface description\n descr_elt = iface.find('descr')\n if descr_elt is not None and descr_elt.text.strip().lower() == interface.lower():\n return iface.tag\n\n return None\n\n def _is_valid_netif(self, netif):\n for nic in self.pfsense.interfaces:\n if nic.tag == netif:\n if nic.find('ipaddr') is not None:\n ipaddr = nic.find('ipaddr').text\n if ipaddr is not None:\n if nic.find('subnet') is not None:\n subnet = int(nic.find('subnet').text)\n if subnet < 31:\n self.network = ip_network(u'{0}/{1}'.format(ipaddr, subnet), strict=False)\n return True\n return False\n\n def _is_valid_macaddr(self, macaddr):\n return bool(re.fullmatch(r'(?:[0-9a-fA-F]{2}[:-]){5}[0-9a-fA-F]{2}', macaddr, re.I))\n\n def _params_to_obj(self):\n \"\"\"return a dict from module params\"\"\"\n params = self.params\n\n obj = dict()\n self.obj = obj\n\n if params['state'] == 'present':\n\n self._get_ansible_param(obj, 'range', force_value={}, force=True)\n self._get_ansible_param(obj['range'], 'range_from', fname='from', force=True)\n self._get_ansible_param(obj['range'], 'range_to', fname='to', force=True)\n\n # Forced options\n for option in ['failover_peerip', 'defaultleasetime', 'maxleasetime',\n 'netmask', 'gateway', 'domain', 'domainsearchlist',\n 'ddnsdomain', 'ddnsdomainprimary', 'ddnsdomainkeyname',\n 'ddnsdomainkeyalgorithm', 'ddnsdomainkey', 'mac_allow',\n 'mac_deny', 'ddnsclientupdates', 'tftp', 'ldap',\n 'nextserver', 'filename', 'filename32', 'filename64',\n 'rootpath', 'numberoptions']:\n self._get_ansible_param(obj, option, force=True)\n\n for option in ['mac_allow', 'mac_deny']:\n if params[option] is None:\n params[option] = \"\"\n self._get_ansible_param(obj, ','.join(params[option]))\n\n # Non-forced options\n for option in ['winsserver', 'dnsserver', 'ntpserver']:\n self._get_ansible_param(obj, option)\n\n for option in ['enable', 'ignorebootp', 'nonak', 'ignoreclientuids',\n 'staticarp', 'disablepingcheck']:\n self._get_ansible_param_bool(obj, option, value='')\n\n for option in ['dhcpinlocaltime', 'statsgraph']:\n self._get_ansible_param_bool(obj, option, value='yes')\n\n self._get_ansible_param(obj, 'denyunknown')\n if obj.get('denyunknown') == 'disabled':\n del obj['denyunknown']\n\n # Defaulted options\n self._get_ansible_param(obj, 'ddnsdomainkeyalgorithm', force_value='hmac-md5', force=True)\n\n return obj\n\n def _validate_params(self):\n \"\"\"do some extra checks on input parameters\"\"\"\n params = self.params\n\n self.target = self._get_logical_interface(params['interface'])\n if self.target is None or self.target.lower() == \"wan\":\n self.module.fail_json(msg=f\"The specified interface {params['interface']} is not a valid logical interface or cannot be mapped to one\")\n\n if not self._is_valid_netif(self.target):\n self.module.fail_json(msg=f\"The specified interface {params['interface']} is not a valid logical interface\")\n\n if params['state'] == 'present' and params['enable']:\n if params.get('range_from') is None or params.get('range_to') is None:\n self.module.fail_json(msg=f\"The specified interface {params['interface']}'requires an IP range\")\n\n if not self.pfsense.is_ipv4_address(params['range_from']):\n self.module.fail_json(msg=\"The 'range_from' address is not a valid IPv4 address\")\n if not self.pfsense.is_ipv4_address(params['range_to']):\n self.module.fail_json(msg=\"The 'range_to' address is not a valid IPv4 address\")\n\n if not ip_address(params['range_from']) in self.network or not ip_address(params['range_to']) in self.network:\n self.module.fail_json(msg=f\"The IP address must lie in the {params['interface']} subnet\")\n\n if ip_address(params['range_from']) >= ip_address(params['range_to']):\n self.module.fail_json(msg=f\"The interface {params['interface']} must have a valid IP range pool\")\n\n if params.get('gateway'):\n if not self.pfsense.is_ipv4_address(params['gateway']):\n self.module.fail_json(msg=\"The 'gateway' is not a valid IPv4 address\")\n\n if params.get('mac_allow'):\n for macaddr in params[\"mac_allow\"]:\n is_valid = self._is_valid_macaddr(macaddr)\n if not is_valid:\n self.module.fail_json(msg=f\"The MAC address {macaddr} is invalid\")\n\n if params.get('mac_deny'):\n for macaddr in params[\"mac_deny\"]:\n is_valid = self._is_valid_macaddr(macaddr)\n if not is_valid:\n self.module.fail_json(msg=f\"The MAC address {macaddr} is invalid\")\n\n if params.get('denyunknown') not in [None, 'disabled', 'enabled', 'class']:\n self.module.fail_json(msg=f\"The option {params['denyunknown']} is invalid, use 'disabled', 'enabled' or 'class'\")\n\n ##############################\n # XML processing\n #\n def _get_params_to_remove(self):\n \"\"\"returns the list of params to remove if they are not set\"\"\"\n params = ['enable', 'ignorebootp', 'nonak', 'ignoreclientuids', 'staticarp', 'disablepingcheck', 'dhcpinlocaltime', 'statsgraph']\n if self.params.get('denyunknown') == 'disabled':\n params.append('denyunknown')\n return params\n\n def _create_target(self):\n \"\"\"create the XML target_elt\"\"\"\n return self.pfsense.new_element(self.target)\n\n def _find_target(self):\n \"\"\"find the XML target_elt\"\"\"\n return self.pfsense.get_element(self.target, root_elt=self.root_elt)\n\n ##############################\n # Logging\n #\n def _get_obj_name(self):\n \"\"\"return obj's name\"\"\"\n return f\"'{self.target}'\"\n\n def _log_fields(self, before=None):\n \"\"\"generate pseudo-CLI command fields parameters to create an obj\"\"\"\n values = ''\n if before is None:\n values += self.format_cli_field(self.obj, 'enable', fvalue=self.fvalue_bool)\n values += self.format_cli_field(self.obj[\"range\"], 'from', fname=\"range_from\")\n values += self.format_cli_field(self.obj[\"range\"], 'to', fname=\"range_to\")\n values += self.format_cli_field(self.obj, 'failover_peerip')\n values += self.format_cli_field(self.obj, 'defaultleasetime')\n values += self.format_cli_field(self.obj, 'maxleasetime')\n values += self.format_cli_field(self.obj, 'netmask')\n values += self.format_cli_field(self.obj, 'gateway')\n values += self.format_cli_field(self.obj, 'domain')\n values += self.format_cli_field(self.obj, 'domainsearchlist')\n values += self.format_cli_field(self.obj, 'ddnsdomain')\n values += self.format_cli_field(self.obj, 'ddnsdomainprimary')\n values += self.format_cli_field(self.obj, 'ddnsdomainkeyname')\n values += self.format_cli_field(self.obj, 'ddnsdomainkeyalgorithm')\n values += self.format_cli_field(self.obj, 'ddnsdomainkey')\n values += self.format_cli_field(self.obj, 'mac_allow')\n values += self.format_cli_field(self.obj, 'mac_deny')\n values += self.format_cli_field(self.obj, 'ddnsclientupdates')\n values += self.format_cli_field(self.obj, 'tftp')\n values += self.format_cli_field(self.obj, 'ldap')\n values += self.format_cli_field(self.obj, 'nextserver')\n values += self.format_cli_field(self.obj, 'filename')\n values += self.format_cli_field(self.obj, 'filename32')\n values += self.format_cli_field(self.obj, 'filename64')\n values += self.format_cli_field(self.obj, 'rootpath')\n values += self.format_cli_field(self.obj, 'numberoptions')\n values += self.format_cli_field(self.obj, 'denyunknown')\n else:\n values += self.format_updated_cli_field(self.obj, before, 'enable', fvalue=self.fvalue_bool)\n values += self.format_updated_cli_field(self.obj[\"range\"], before[\"range\"], 'from', fname=\"range_from\")\n values += self.format_updated_cli_field(self.obj[\"range\"], before[\"range\"], 'to', fname=\"range_to\")\n values += self.format_updated_cli_field(self.obj, before, 'failover_peerip')\n values += self.format_updated_cli_field(self.obj, before, 'defaultleasetime')\n values += self.format_updated_cli_field(self.obj, before, 'maxleasetime')\n values += self.format_updated_cli_field(self.obj, before, 'netmask')\n values += self.format_updated_cli_field(self.obj, before, 'gateway')\n values += self.format_updated_cli_field(self.obj, before, 'domain')\n values += self.format_updated_cli_field(self.obj, before, 'domainsearchlist')\n values += self.format_updated_cli_field(self.obj, before, 'ddnsdomain')\n values += self.format_updated_cli_field(self.obj, before, 'ddnsdomainprimary')\n values += self.format_updated_cli_field(self.obj, before, 'ddnsdomainkeyname')\n values += self.format_updated_cli_field(self.obj, before, 'ddnsdomainkeyalgorithm')\n values += self.format_updated_cli_field(self.obj, before, 'ddnsdomainkey')\n values += self.format_updated_cli_field(self.obj, before, 'mac_allow')\n values += self.format_updated_cli_field(self.obj, before, 'mac_deny')\n values += self.format_updated_cli_field(self.obj, before, 'ddnsclientupdates')\n values += self.format_updated_cli_field(self.obj, before, 'tftp')\n values += self.format_updated_cli_field(self.obj, before, 'ldap')\n values += self.format_updated_cli_field(self.obj, before, 'nextserver')\n values += self.format_updated_cli_field(self.obj, before, 'filename')\n values += self.format_updated_cli_field(self.obj, before, 'filename32')\n values += self.format_updated_cli_field(self.obj, before, 'filename64')\n values += self.format_updated_cli_field(self.obj, before, 'rootpath')\n values += self.format_updated_cli_field(self.obj, before, 'numberoptions')\n values += self.format_updated_cli_field(self.obj, before, 'denyunknown')\n return values\n\n ##############################\n # run\n #\n def _update(self):\n \"\"\"make the target pfsense reload\"\"\"\n return self.pfsense.phpshell(\"\"\"\n require_once(\"util.inc\");\n require_once(\"services.inc\");\n services_dhcpd_configure();\n \"\"\")\n\n def _pre_remove_target_elt(self):\n self.diff['after'] = {}\n if self.target_elt is not None:\n self.diff['before'] = self.pfsense.element_to_dict(self.target_elt)\n else:\n self.diff['before'] = {}\n"
},
{
"path": "plugins/module_utils/gateway.py",
"content": "# -*- coding: utf-8 -*-\n\n# Copyright: (c) 2018, Frederic Bor \n# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)\n\nfrom __future__ import absolute_import, division, print_function\n__metaclass__ = type\nfrom ansible_collections.pfsensible.core.plugins.module_utils.module_base import PFSenseModuleBase\nfrom ipaddress import ip_address, ip_network\n\nGATEWAY_ARGUMENT_SPEC = dict(\n state=dict(default='present', choices=['present', 'absent']),\n name=dict(required=True, type='str'),\n interface=dict(required=False, type='str'),\n ipprotocol=dict(default='inet', choices=['inet', 'inet6']),\n gateway=dict(required=False, type='str'),\n descr=dict(default='', type='str'),\n disabled=dict(default=False, type='bool'),\n monitor=dict(required=False, type='str'),\n monitor_disable=dict(default=False, type='bool'),\n action_disable=dict(default=False, type='bool'),\n force_down=dict(default=False, type='bool'),\n weight=dict(default=1, required=False, type='int'),\n losslow=dict(required=False, type='int'),\n losshigh=dict(required=False, type='int'),\n nonlocalgateway=dict(default=False, type='bool'),\n)\n\nGATEWAY_REQUIRED_IF = [\n [\"state\", \"present\", [\"interface\", \"gateway\", \"weight\"]],\n]\n\n\nclass PFSenseGatewayModule(PFSenseModuleBase):\n \"\"\" module managing pfsense gateways \"\"\"\n\n @staticmethod\n def get_argument_spec():\n \"\"\" return argument spec \"\"\"\n return GATEWAY_ARGUMENT_SPEC\n\n ##############################\n # init\n #\n def __init__(self, module, pfsense=None):\n super(PFSenseGatewayModule, self).__init__(module, pfsense, root='gateways', create_root=True, node='gateway_item', key='name')\n self.name = \"pfsense_gateway\"\n self.interface_elt = None\n self.dynamic = False\n\n ##############################\n # params processing\n #\n def _check_gateway_groups(self):\n \"\"\" check if gateway is in use in gateway groups \"\"\"\n for elt in self.root_elt:\n if (elt.tag == 'defaultgw4' or elt.tag == 'defaultgw6') and (elt.text is not None and elt.text == self.params['name']):\n return False\n\n if elt.tag != 'gateway_group':\n continue\n\n items = elt.findall('.//item')\n for item in items:\n fields = item.text.split('|')\n if fields and fields[0] == self.params['name']:\n return False\n\n return True\n\n def _check_routes(self):\n \"\"\" check if gateway is in use in static routes \"\"\"\n routes = self.pfsense.get_element('staticroutes')\n if routes is None:\n return True\n\n for elt in routes:\n if elt.find('gateway').text == self.params['name']:\n return False\n\n return True\n\n def _check_subnet(self):\n \"\"\" check if addr lies into interface subnets \"\"\"\n def _check_vips():\n virtualips = self.pfsense.get_element('virtualip')\n if virtualips is None:\n return False\n\n for vip_elt in virtualips:\n if vip_elt.find('interface').text != self.interface_elt.tag or vip_elt.find('mode').text != 'other' or vip_elt.find('type').text != 'network':\n continue\n\n subnet = ip_network(u'{0}/{1}'.format(vip_elt.find('subnet').text, vip_elt.find('subnet_bits').text), strict=False)\n if addr in subnet:\n return True\n return False\n\n if self.params['ipprotocol'] == 'inet':\n inet_type = 'IPv4'\n f1_elt = self.interface_elt.find('ipaddr')\n f2_elt = self.interface_elt.find('subnet')\n else:\n inet_type = 'IPv6'\n f1_elt = self.interface_elt.find('ipaddrv6')\n f2_elt = self.interface_elt.find('subnetv6')\n if f1_elt is None or f1_elt.text is None or f2_elt is None or f2_elt.text is None:\n self.module.fail_json(msg='Cannot add {0} Gateway Address because no {0} address could be found on the interface.'.format(inet_type))\n\n try:\n if self.params['nonlocalgateway']:\n return\n\n addr = ip_address(u'{0}'.format(self.params['gateway']))\n subnet = ip_network(u'{0}/{1}'.format(f1_elt.text, f2_elt.text), strict=False)\n if addr in subnet or _check_vips():\n return\n\n self.module.fail_json(msg=\"The gateway address {0} does not lie within one of the chosen interface's subnets.\".format(self.params['gateway']))\n except ValueError:\n self.module.fail_json(msg='Cannot add {0} Gateway Address because no {0} address could be found on the interface.'.format(inet_type))\n\n def _params_to_obj(self):\n \"\"\" return a dict from module params \"\"\"\n params = self.params\n\n obj = dict()\n\n obj['name'] = params['name']\n if params['state'] == 'present':\n obj['interface'] = self.pfsense.parse_interface(params['interface'])\n self.interface_elt = self.pfsense.get_interface_elt(obj['interface'])\n self._get_ansible_param(obj, 'ipprotocol')\n self._get_ansible_param(obj, 'gateway')\n self._get_ansible_param(obj, 'descr')\n self._get_ansible_param(obj, 'monitor')\n self._get_ansible_param(obj, 'weight')\n self._get_ansible_param(obj, 'losslow')\n self._get_ansible_param(obj, 'losshigh')\n\n self._get_ansible_param_bool(obj, 'disabled', value=None)\n self._get_ansible_param_bool(obj, 'monitor_disable', value=None)\n self._get_ansible_param_bool(obj, 'action_disable', value=None)\n self._get_ansible_param_bool(obj, 'force_down', value=None)\n self._get_ansible_param_bool(obj, 'nonlocalgateway', value=None)\n\n if not self.dynamic:\n self._check_subnet()\n elif self.target_elt.find('interface').text != obj['interface']:\n self.module.fail_json(msg=\"The gateway use 'dynamic' as a target. You can not change the interface\")\n elif self.target_elt.find('ipprotocol').text != params['ipprotocol']:\n self.module.fail_json(msg=\"The gateway use 'dynamic' as a target. You can not change ipprotocol\")\n\n return obj\n\n def _validate_params(self):\n \"\"\" do some extra checks on input parameters \"\"\"\n params = self.params\n\n self.target_elt = self.pfsense.find_gateway_elt(params['name'], dhcp=True, vti=True)\n if self.target_elt is not None and self.target_elt.find('gateway').text == 'dynamic':\n self.dynamic = True\n\n if params['state'] == 'present':\n # check weight\n if params.get('weight') is not None and (params['weight'] < 1 or params['weight'] > 30):\n self.module.fail_json(msg='weight must be between 1 and 30')\n\n # check loss thresholds\n for param in ['losslow', 'losshigh']:\n if params.get(param) is not None and (params[param] < 1 or params[param] > 100):\n self.module.fail_json(msg=f'{param} must be between 1 and 100')\n\n if self.dynamic:\n if params['gateway'] != 'dynamic':\n self.module.fail_json(msg=\"The gateway use 'dynamic' as a target. This is read-only, so you must set gateway as dynamic too\")\n else:\n self.pfsense.check_ip_address(params['gateway'], params['ipprotocol'], 'gateway', fail_ifnotip=True)\n if params.get('monitor') is not None and params['monitor'] != '':\n self.pfsense.check_ip_address(params['monitor'], params['ipprotocol'], 'monitor', fail_ifnotip=True)\n\n self.pfsense.check_name(params['name'], 'gateway')\n\n else:\n if self.dynamic:\n self.module.fail_json(msg=\"The gateway use 'dynamic' as a target. You can not delete it\")\n if not self._check_gateway_groups() or not self._check_routes():\n self.module.fail_json(msg=\"The gateway is still in use. You can not delete it\")\n\n ##############################\n # XML processing\n #\n @staticmethod\n def _get_params_to_remove():\n \"\"\" returns the list of params to remove if they are not set \"\"\"\n return ['disabled', 'monitor', 'monitor_disable', 'action_disable', 'force_down', 'nonlocalgateway']\n\n ##############################\n # run\n #\n def _update(self):\n \"\"\" make the target pfsense reload \"\"\"\n return self.pfsense.phpshell('''\nrequire_once(\"filter.inc\");\n$retval = 0;\n\n$retval |= system_routing_configure();\n$retval |= system_resolvconf_generate();\n$retval |= filter_configure();\n/* reconfigure our gateway monitor */\nsetup_gateways_monitor();\n/* Dynamic DNS on gw groups may have changed */\nsend_event(\"service reload dyndnsall\");\n\nif ($retval == 0) clear_subsystem_dirty('staticroutes');\n''')\n\n ##############################\n # Logging\n #\n def _get_obj_name(self):\n \"\"\" return obj's name \"\"\"\n return \"'{0}'\".format(self.obj['name'])\n\n def _log_fields(self, before=None):\n \"\"\" generate pseudo-CLI command fields parameters to create an obj \"\"\"\n values = ''\n if before is None:\n values += self.format_cli_field(self.params, 'interface')\n values += self.format_cli_field(self.obj, 'ipprotocol', default='inet')\n values += self.format_cli_field(self.obj, 'gateway')\n values += self.format_cli_field(self.obj, 'descr', default='')\n values += self.format_cli_field(self.params, 'disabled', fvalue=self.fvalue_bool, default=False)\n values += self.format_cli_field(self.obj, 'monitor')\n values += self.format_cli_field(self.params, 'monitor_disable', fvalue=self.fvalue_bool, default=False)\n values += self.format_cli_field(self.params, 'action_disable', fvalue=self.fvalue_bool, default=False)\n values += self.format_cli_field(self.params, 'force_down', fvalue=self.fvalue_bool, default=False)\n values += self.format_cli_field(self.obj, 'weight', default='1')\n values += self.format_cli_field(self.obj, 'losslow')\n values += self.format_cli_field(self.obj, 'losshigh')\n values += self.format_cli_field(self.params, 'nonlocalgateway', fvalue=self.fvalue_bool, default=False)\n else:\n fbefore = dict()\n fbefore['interface'] = self.pfsense.get_interface_display_name(before['interface'])\n\n values += self.format_updated_cli_field(self.params, fbefore, 'interface', add_comma=(values))\n values += self.format_updated_cli_field(self.obj, before, 'ipprotocol', default='inet', add_comma=(values))\n values += self.format_updated_cli_field(self.obj, before, 'gateway', add_comma=(values))\n values += self.format_updated_cli_field(self.obj, before, 'descr', default='', add_comma=(values))\n values += self.format_updated_cli_field(self.obj, before, 'disabled', fvalue=self.fvalue_bool, default=False, add_comma=(values))\n values += self.format_updated_cli_field(self.obj, before, 'monitor', add_comma=(values))\n values += self.format_updated_cli_field(self.obj, before, 'monitor_disable', fvalue=self.fvalue_bool, default=False, add_comma=(values))\n values += self.format_updated_cli_field(self.obj, before, 'action_disable', fvalue=self.fvalue_bool, default=False, add_comma=(values))\n values += self.format_updated_cli_field(self.obj, before, 'force_down', fvalue=self.fvalue_bool, default=False, add_comma=(values))\n values += self.format_updated_cli_field(self.obj, before, 'weight', default='1', add_comma=(values))\n values += self.format_updated_cli_field(self.obj, before, 'losslow', add_comma=(values))\n values += self.format_updated_cli_field(self.obj, before, 'losshigh', add_comma=(values))\n values += self.format_updated_cli_field(self.obj, before, 'nonlocalgateway', fvalue=self.fvalue_bool)\n\n return values\n"
},
{
"path": "plugins/module_utils/haproxy_backend.py",
"content": "# -*- coding: utf-8 -*-\n\n# Copyright: (c) 2019, Frederic Bor \n# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)\n\nfrom __future__ import absolute_import, division, print_function\n__metaclass__ = type\nimport re\nfrom ansible_collections.pfsensible.core.plugins.module_utils.module_base import PFSenseModuleBase\n\nHAPROXY_BACKEND_ARGUMENT_SPEC = dict(\n state=dict(default='present', choices=['present', 'absent']),\n name=dict(required=True, type='str'),\n balance=dict(default='none', choices=['none', 'roundrobin', 'static-rr', 'leastconn', 'source', 'uri']),\n balance_urilen=dict(required=False, type='int'),\n balance_uridepth=dict(required=False, type='int'),\n balance_uriwhole=dict(required=False, type='bool'),\n connection_timeout=dict(required=False, type='int'),\n server_timeout=dict(required=False, type='int'),\n check_type=dict(default='none', choices=['none', 'Basic', 'HTTP', 'Agent', 'LDAP', 'MySQL', 'PostgreSQL', 'Redis', 'SMTP', 'ESMTP', 'SSL']),\n check_frequency=dict(required=False, type='int'),\n retries=dict(required=False, type='int'),\n log_checks=dict(required=False, type='bool'),\n httpcheck_method=dict(required=False, choices=['OPTIONS', 'HEAD', 'GET', 'POST', 'PUT', 'DELETE', 'TRACE']),\n monitor_uri=dict(required=False, type='str'),\n monitor_httpversion=dict(required=False, type='str'),\n monitor_username=dict(required=False, type='str'),\n monitor_domain=dict(required=False, type='str'),\n)\n\n\nclass PFSenseHaproxyBackendModule(PFSenseModuleBase):\n \"\"\" module managing pfsense haproxy backends \"\"\"\n\n @staticmethod\n def get_argument_spec():\n \"\"\" return argument spec \"\"\"\n return HAPROXY_BACKEND_ARGUMENT_SPEC\n\n ##############################\n # init\n #\n def __init__(self, module, pfsense=None):\n super(PFSenseHaproxyBackendModule, self).__init__(module, pfsense)\n self.name = \"pfsense_haproxy_backend\"\n self.obj = dict()\n\n pkgs_elt = self.pfsense.get_element('installedpackages')\n self.haproxy = pkgs_elt.find('haproxy') if pkgs_elt is not None else None\n self.root_elt = self.haproxy.find('ha_pools') if self.haproxy is not None else None\n if self.root_elt is None:\n self.module.fail_json(msg='Unable to find backends XML configuration entry. Are you sure haproxy is installed ?')\n\n ##############################\n # params processing\n #\n def _params_to_obj(self):\n \"\"\" return a backend dict from module params \"\"\"\n obj = dict()\n obj['name'] = self.params['name']\n if self.params['state'] == 'present':\n self._get_ansible_param(obj, 'balance', force=True)\n if obj['balance'] == 'none':\n obj['balance'] = None\n self._get_ansible_param(obj, 'balance_urilen', force=True)\n self._get_ansible_param(obj, 'balance_uridepth', force=True)\n self._get_ansible_param(obj, 'connection_timeout', force=True)\n self._get_ansible_param(obj, 'server_timeout', force=True)\n self._get_ansible_param(obj, 'check_type', force=True)\n self._get_ansible_param(obj, 'check_frequency', fname='checkinter', force=True)\n self._get_ansible_param(obj, 'retries', force=True)\n self._get_ansible_param_bool(obj, 'log_checks', fname='log-health-checks', force=True)\n self._get_ansible_param_bool(obj, 'balance_uriwhole', force=True)\n self._get_ansible_param(obj, 'httpcheck_method', force=True)\n self._get_ansible_param(obj, 'monitor_uri', force=True)\n self._get_ansible_param(obj, 'monitor_httpversion', force=True)\n self._get_ansible_param(obj, 'monitor_username', force=True)\n self._get_ansible_param(obj, 'monitor_domain', force=True)\n\n return obj\n\n def _validate_params(self):\n \"\"\" do some extra checks on input parameters \"\"\"\n # check name\n if re.search(r'[^a-zA-Z0-9\\.\\-_]', self.params['name']) is not None:\n self.module.fail_json(msg=\"The field 'name' contains invalid characters.\")\n\n ##############################\n # XML processing\n #\n def _create_target(self):\n \"\"\" create the XML target_elt \"\"\"\n server_elt = self.pfsense.new_element('item')\n self.obj['id'] = self._get_next_id()\n return server_elt\n\n def _find_target(self):\n \"\"\" find the XML target_elt \"\"\"\n for item_elt in self.root_elt:\n if item_elt.tag != 'item':\n continue\n name_elt = item_elt.find('name')\n if name_elt is not None and name_elt.text == self.obj['name']:\n return item_elt\n return None\n\n def _get_next_id(self):\n \"\"\" get next free haproxy id \"\"\"\n max_id = 99\n id_elts = self.haproxy.findall('.//id')\n for id_elt in id_elts:\n if id_elt.text is None:\n continue\n ha_id = int(id_elt.text)\n if ha_id > max_id:\n max_id = ha_id\n return str(max_id + 1)\n\n ##############################\n # run\n #\n def _update(self):\n \"\"\" make the target pfsense reload haproxy \"\"\"\n return self.pfsense.phpshell('''require_once(\"haproxy/haproxy.inc\");\n$result = haproxy_check_and_run($savemsg, true); if ($result) unlink_if_exists($d_haproxyconfdirty_path);''')\n\n ##############################\n # Logging\n #\n def _log_fields(self, before=None):\n \"\"\" generate pseudo-CLI command fields parameters to create an obj \"\"\"\n values = ''\n if before is None:\n values += self.format_cli_field(self.params, 'balance')\n values += self.format_cli_field(self.params, 'balance_urilen')\n values += self.format_cli_field(self.params, 'balance_uridepth')\n values += self.format_cli_field(self.params, 'balance_uriwhole', fvalue=self.fvalue_bool)\n values += self.format_cli_field(self.params, 'connection_timeout')\n values += self.format_cli_field(self.params, 'server_timeout')\n values += self.format_cli_field(self.params, 'check_type')\n values += self.format_cli_field(self.params, 'check_frequency')\n values += self.format_cli_field(self.params, 'retries')\n values += self.format_cli_field(self.params, 'log_checks', fvalue=self.fvalue_bool)\n values += self.format_cli_field(self.params, 'httpcheck_method')\n values += self.format_cli_field(self.params, 'monitor_uri')\n values += self.format_cli_field(self.params, 'monitor_httpversion')\n values += self.format_cli_field(self.params, 'monitor_username')\n values += self.format_cli_field(self.params, 'monitor_domain')\n else:\n for param in ['balance', 'log-health-checks', 'balance_uriwhole']:\n if param in before and before[param] == '':\n before[param] = None\n values += self.format_updated_cli_field(self.obj, before, 'balance', add_comma=(values))\n values += self.format_updated_cli_field(self.obj, before, 'balance_urilen', add_comma=(values))\n values += self.format_updated_cli_field(self.obj, before, 'balance_uridepth', add_comma=(values))\n values += self.format_updated_cli_field(self.obj, before, 'balance_uriwhole', add_comma=(values), fvalue=self.fvalue_bool)\n values += self.format_updated_cli_field(self.obj, before, 'connection_timeout', add_comma=(values))\n values += self.format_updated_cli_field(self.obj, before, 'server_timeout', add_comma=(values))\n values += self.format_updated_cli_field(self.obj, before, 'check_type', add_comma=(values))\n values += self.format_updated_cli_field(self.obj, before, 'checkinter', add_comma=(values), fname='check_frequency')\n values += self.format_updated_cli_field(self.obj, before, 'retries', add_comma=(values))\n values += self.format_updated_cli_field(self.obj, before, 'log-health-checks', add_comma=(values), fname='log_checks', fvalue=self.fvalue_bool)\n values += self.format_updated_cli_field(self.obj, before, 'httpcheck_method', add_comma=(values))\n values += self.format_updated_cli_field(self.obj, before, 'monitor_uri', add_comma=(values))\n values += self.format_updated_cli_field(self.obj, before, 'monitor_httpversion', add_comma=(values))\n values += self.format_updated_cli_field(self.obj, before, 'monitor_username', add_comma=(values))\n values += self.format_updated_cli_field(self.obj, before, 'monitor_domain', add_comma=(values))\n return values\n\n def _get_obj_name(self):\n \"\"\" return obj's name \"\"\"\n return \"'{0}'\".format(self.obj['name'])\n"
},
{
"path": "plugins/module_utils/haproxy_backend_server.py",
"content": "# -*- coding: utf-8 -*-\n\n# Copyright: (c) 2019, Frederic Bor \n# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)\n\nfrom __future__ import absolute_import, division, print_function\n__metaclass__ = type\nimport re\nfrom ansible_collections.pfsensible.core.plugins.module_utils.module_base import PFSenseModuleBase\n\nHAPROXY_BACKEND_SERVER_ARGUMENT_SPEC = dict(\n state=dict(default='present', choices=['present', 'absent']),\n backend=dict(required=True, type='str'),\n name=dict(required=True, type='str'),\n mode=dict(default='active', choices=['active', 'backup', 'disabled', 'inactive']),\n forwardto=dict(required=False, type='str'),\n address=dict(required=False, type='str'),\n port=dict(required=False, type='int'),\n ssl=dict(required=False, type='bool'),\n checkssl=dict(required=False, type='bool'),\n weight=dict(required=False, type='int'),\n sslserververify=dict(required=False, type='bool'),\n verifyhost=dict(required=False, type='str'),\n ca=dict(required=False, type='str'),\n crl=dict(required=False, type='str'),\n clientcert=dict(required=False, type='str'),\n cookie=dict(required=False, type='str'),\n maxconn=dict(required=False, type='int'),\n advanced=dict(required=False, type='str'),\n istemplate=dict(required=False, type='str'),\n)\n\nHAPROXY_BACKEND_SERVER_MUTUALLY_EXCLUSIVE = [\n ['forwardto', 'address'],\n ['forwardto', 'port'],\n]\n\n\nclass PFSenseHaproxyBackendServerModule(PFSenseModuleBase):\n \"\"\" module managing pfsense haproxy backend servers \"\"\"\n\n @staticmethod\n def get_argument_spec():\n \"\"\" return argument spec \"\"\"\n return HAPROXY_BACKEND_SERVER_ARGUMENT_SPEC\n\n ##############################\n # init\n #\n def __init__(self, module, pfsense=None):\n super(PFSenseHaproxyBackendServerModule, self).__init__(module, pfsense)\n self.name = \"pfsense_haproxy_backend_server\"\n self.root_elt = None\n self.obj = dict()\n\n pkgs_elt = self.pfsense.get_element('installedpackages')\n self.haproxy = pkgs_elt.find('haproxy') if pkgs_elt is not None else None\n self.backends = self.haproxy.find('ha_pools') if self.haproxy is not None else None\n if self.backends is None:\n self.module.fail_json(msg='Unable to find backends XML configuration entry. Are you sure haproxy is installed ?')\n\n self.backend = None\n self.servers = None\n\n ##############################\n # params processing\n #\n def _params_to_obj(self):\n \"\"\" return a dict from module params \"\"\"\n params = self.params\n\n obj = dict()\n obj['name'] = params['name']\n if params['state'] == 'present':\n obj['status'] = params['mode']\n\n for param in ['ssl', 'checkssl', 'sslserververify']:\n self._get_ansible_param_bool(obj, param)\n\n self._get_ansible_param(obj, 'forwardto')\n self._get_ansible_param(obj, 'address')\n self._get_ansible_param(obj, 'port')\n self._get_ansible_param(obj, 'weight')\n self._get_ansible_param(obj, 'verifyhost')\n\n if 'ca' in params and params['ca'] is not None and params['ca'] != '':\n ca_elt = self.pfsense.find_ca_elt(params['ca'])\n if ca_elt is None:\n self.module.fail_json(msg='%s is not a valid certificate authority' % (params['ca']))\n obj['ssl-server-ca'] = ca_elt.find('refid').text\n\n if 'crl' in params and params['crl'] is not None and params['crl'] != '':\n crl_elt = self.pfsense.find_crl_elt(params['crl'])\n if crl_elt is None:\n self.module.fail_json(msg='%s is not a valid certificate revocation list' % (params['crl']))\n obj['ssl-server-crl'] = crl_elt.find('refid').text\n\n if 'clientcert' in params and params['clientcert'] is not None and params['clientcert'] != '':\n cert = self.pfsense.find_cert_elt(params['clientcert'])\n if cert is None:\n self.module.fail_json(msg='%s is not a valid certificate' % (params['clientcert']))\n obj['ssl-server-clientcert'] = cert.find('refid').text\n\n self._get_ansible_param(obj, 'cookie')\n self._get_ansible_param(obj, 'maxconn')\n self._get_ansible_param(obj, 'advanced')\n self._get_ansible_param(obj, 'istemplate')\n\n return obj\n\n def _validate_params(self):\n \"\"\" do some extra checks on input parameters \"\"\"\n params = self.params\n # check name\n if re.search(r'[^a-zA-Z0-9\\.\\-_]', params['name']) is not None:\n self.module.fail_json(msg=\"The field 'name' contains invalid characters\")\n\n if len(params['name']) < 2:\n self.module.fail_json(msg=\"The field 'name' must be at least 2 characters\")\n\n self.backend = self._find_backend(params['backend'])\n if self.backend is None:\n self.module.fail_json(msg=\"The backend named '{0}' does not exist\".format(params['backend']))\n\n self.root_elt = self.backend.find('ha_servers')\n if self.root_elt is None:\n self.root_elt = self.pfsense.new_element('ha_servers')\n self.backend.append(self.root_elt)\n\n if 'forwardto' in params and params['forwardto'] is not None:\n frontend_elt = None\n frontends = self.haproxy.find('ha_backends')\n for item_elt in frontends:\n if item_elt.tag != 'item':\n continue\n name_elt = item_elt.find('name')\n if name_elt is not None and name_elt.text == params['forwardto']:\n frontend_elt = item_elt\n break\n if frontend_elt is None:\n self.module.fail_json(msg=\"The frontend named '{0}' does not exist\".format(params['forwardto']))\n\n ##############################\n # XML processing\n #\n def _create_target(self):\n \"\"\" create the XML target_elt \"\"\"\n server_elt = self.pfsense.new_element('item')\n self.obj['id'] = self._get_next_id()\n return server_elt\n\n def _find_backend(self, name):\n \"\"\" return the target backend_elt if found \"\"\"\n for item_elt in self.backends:\n if item_elt.tag != 'item':\n continue\n name_elt = item_elt.find('name')\n if name_elt is not None and name_elt.text == name:\n return item_elt\n return None\n\n def _find_target(self):\n \"\"\" find the XML target_elt \"\"\"\n for item_elt in self.root_elt:\n if item_elt.tag != 'item':\n continue\n name_elt = item_elt.find('name')\n if name_elt is not None and name_elt.text == self.obj['name']:\n return item_elt\n return None\n\n @staticmethod\n def _get_params_to_remove():\n \"\"\" returns the list of params to remove if they are not set \"\"\"\n params = ['ssl', 'checkssl', 'sslserververify', 'forwardto', 'address', 'port', 'weight', 'istemplate', 'verifyhost']\n params += ['ssl-server-crl', 'ssl-server-ca', 'ssl-server-clientcert', 'cookie', 'maxconn', 'advanced']\n return params\n\n def _get_next_id(self):\n \"\"\" get next free haproxy id \"\"\"\n max_id = 99\n id_elts = self.haproxy.findall('.//id')\n for id_elt in id_elts:\n if id_elt.text is None:\n continue\n ha_id = int(id_elt.text)\n if ha_id > max_id:\n max_id = ha_id\n return str(max_id + 1)\n\n ##############################\n # run\n #\n def _update(self):\n \"\"\" make the target pfsense reload \"\"\"\n return self.pfsense.phpshell('''require_once(\"haproxy/haproxy.inc\");\n$result = haproxy_check_and_run($savemsg, true); if ($result) unlink_if_exists($d_haproxyconfdirty_path);''')\n\n ##############################\n # Logging\n #\n def _get_ref_names(self, before):\n \"\"\" get cert and ca names \"\"\"\n if 'ssl-server-ca' in before and before['ssl-server-ca'] is not None and before['ssl-server-ca'] != '':\n elt = self.pfsense.find_ca_elt(before['ssl-server-ca'], 'refid')\n if elt is not None:\n before['ca'] = elt.find('descr').text\n if 'ca' not in before:\n before['ca'] = None\n\n if 'ssl-server-crl' in before and before['ssl-server-crl'] is not None and before['ssl-server-crl'] != '':\n elt = self.pfsense.find_crl_elt(before['ssl-server-crl'], 'refid')\n if elt is not None:\n before['crl'] = elt.find('descr').text\n if 'crl' not in before:\n before['crl'] = None\n\n if 'ssl-server-clientcert' in before and before['ssl-server-clientcert'] is not None and before['ssl-server-clientcert'] != '':\n elt = self.pfsense.find_cert_elt(before['ssl-server-clientcert'], 'refid')\n if elt is not None:\n before['clientcert'] = elt.find('descr').text\n if 'clientcert' not in before:\n before['clientcert'] = None\n\n def _get_obj_name(self):\n \"\"\" return obj's name \"\"\"\n return \"'{0}' on '{1}'\".format(self.obj['name'], self.params['backend'])\n\n def _log_fields(self, before=None):\n \"\"\" generate pseudo-CLI command fields parameters to create an obj \"\"\"\n values = ''\n if before is None:\n values += self.format_cli_field(self.params, 'mode', fname='status')\n values += self.format_cli_field(self.params, 'forwardto')\n values += self.format_cli_field(self.params, 'address')\n values += self.format_cli_field(self.params, 'port')\n values += self.format_cli_field(self.params, 'ssl', fvalue=self.fvalue_bool)\n values += self.format_cli_field(self.params, 'checkssl', fvalue=self.fvalue_bool)\n values += self.format_cli_field(self.params, 'weight')\n values += self.format_cli_field(self.params, 'sslserververify', fvalue=self.fvalue_bool)\n values += self.format_cli_field(self.params, 'ca')\n values += self.format_cli_field(self.params, 'crl')\n values += self.format_cli_field(self.params, 'clientcert')\n values += self.format_cli_field(self.params, 'cookie')\n values += self.format_cli_field(self.params, 'maxconn')\n values += self.format_cli_field(self.params, 'advanced')\n values += self.format_cli_field(self.params, 'istemplate')\n else:\n for param in ['ssl', 'checkssl', 'sslserververify']:\n if param in before and before[param] == '':\n before[param] = None\n self._get_ref_names(before)\n values += self.format_updated_cli_field(self.obj, before, 'status', add_comma=(values), fname='mode')\n values += self.format_updated_cli_field(self.obj, before, 'forwardto', add_comma=(values))\n values += self.format_updated_cli_field(self.obj, before, 'address', add_comma=(values))\n values += self.format_updated_cli_field(self.obj, before, 'port', add_comma=(values))\n values += self.format_updated_cli_field(self.obj, before, 'ssl', add_comma=(values), fvalue=self.fvalue_bool)\n values += self.format_updated_cli_field(self.obj, before, 'checkssl', add_comma=(values), fvalue=self.fvalue_bool)\n values += self.format_updated_cli_field(self.obj, before, 'weight', add_comma=(values))\n values += self.format_updated_cli_field(self.obj, before, 'sslserververify', add_comma=(values), fvalue=self.fvalue_bool)\n values += self.format_updated_cli_field(self.obj, before, 'verifyhost', add_comma=(values))\n values += self.format_updated_cli_field(self.params, before, 'ca', add_comma=(values))\n values += self.format_updated_cli_field(self.params, before, 'crl', add_comma=(values))\n values += self.format_updated_cli_field(self.params, before, 'clientcert', add_comma=(values))\n values += self.format_updated_cli_field(self.obj, before, 'cookie', add_comma=(values))\n values += self.format_updated_cli_field(self.obj, before, 'maxconn', add_comma=(values))\n values += self.format_updated_cli_field(self.obj, before, 'advanced', add_comma=(values))\n values += self.format_updated_cli_field(self.obj, before, 'istemplate', add_comma=(values))\n return values\n"
},
{
"path": "plugins/module_utils/interface.py",
"content": "# -*- coding: utf-8 -*-\n\n# Copyright: (c) 2018, Frederic Bor \n# Copyright: (c) 2021-2022, Orion Poplawski \n# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)\n\nfrom __future__ import absolute_import, division, print_function\n__metaclass__ = type\nimport re\nfrom ansible_collections.pfsensible.core.plugins.module_utils.module_base import PFSenseModuleBase\nfrom ansible_collections.pfsensible.core.plugins.module_utils.rule import PFSenseRuleModule\ntry:\n from ipaddress import ip_network\nexcept ImportError:\n from ansible_collections.community.general.plugins.module_utils.compat.ipaddress import ip_network\n\n\nINTERFACE_ARGUMENT_SPEC = dict(\n state=dict(default='present', choices=['present', 'absent']),\n descr=dict(required=True, type='str'),\n interface=dict(required=False, type='str'),\n interface_descr=dict(required=False, type='str'),\n enable=dict(default=False, type='bool'),\n ipv4_type=dict(default='none', choices=['none', 'static', 'dhcp']),\n ipv6_type=dict(default='none', choices=['none', 'static', 'slaac']),\n mac=dict(required=False, type='str'),\n mtu=dict(required=False, type='int'),\n mss=dict(required=False, type='int'),\n speed_duplex=dict(default='autoselect', required=False, type='str'),\n ipv4_address=dict(required=False, type='str'),\n ipv4_prefixlen=dict(default=24, required=False, type='int'),\n ipv4_gateway=dict(required=False, type='str'),\n ipv6_address=dict(required=False, type='str'),\n ipv6_prefixlen=dict(default=128, required=False, type='int'),\n ipv6_gateway=dict(required=False, type='str'),\n blockpriv=dict(required=False, type='bool'),\n blockbogons=dict(required=False, type='bool'),\n slaacusev4iface=dict(required=False, type='bool'),\n)\n\nINTERFACE_REQUIRED_IF = [\n [\"state\", \"present\", [\"ipv4_type\", \"ipv6_type\"]],\n [\"ipv4_type\", \"static\", [\"ipv4_address\", \"ipv4_prefixlen\"]],\n [\"ipv6_type\", \"static\", [\"ipv6_address\", \"ipv6_prefixlen\"]],\n]\n\nINTERFACE_MUTUALLY_EXCLUSIVE = [['interface', 'interface_descr']]\n\n\nclass PFSenseInterfaceModule(PFSenseModuleBase):\n \"\"\" module managing pfsense interfaces \"\"\"\n\n @staticmethod\n def get_argument_spec():\n \"\"\" return argument spec \"\"\"\n return INTERFACE_ARGUMENT_SPEC\n\n ##############################\n # init\n #\n def __init__(self, module, pfsense=None):\n super(PFSenseInterfaceModule, self).__init__(module, pfsense)\n self.name = \"pfsense_interface\"\n # Override for use with aggregate\n self.argument_spec = INTERFACE_ARGUMENT_SPEC\n self.obj = dict()\n\n self.root_elt = self.pfsense.interfaces\n self.setup_interface_cmds = \"\"\n self.setup_interface_pre_cmds = \"\"\n\n ##############################\n # params processing\n #\n def _check_overlaps(self, ipfield, netfield):\n \"\"\" check new address does not overlaps with one existing \"\"\"\n\n if not self.obj.get(ipfield) or self.obj.get(netfield) is None:\n return\n\n our_addr = ip_network(u'{0}/{1}'.format(self.obj[ipfield], self.obj[netfield]), strict=False)\n\n for iface in self.root_elt:\n if iface == self.target_elt:\n continue\n\n ipaddr_elt = iface.find(ipfield)\n subnet_elt = iface.find(netfield)\n if ipaddr_elt is None or subnet_elt is None or ipaddr_elt.text in ['dhcp', None] or ipaddr_elt.text in ['dhcpv6', None]:\n continue\n\n other_addr = ip_network(u'{0}/{1}'.format(ipaddr_elt.text, subnet_elt.text), strict=False)\n if our_addr.overlaps(other_addr):\n descr_elt = iface.find('descr')\n if descr_elt is not None and descr_elt.text:\n ifname = descr_elt.text\n else:\n ifname = iface.tag\n msg = 'IP address {0}/{1} is being used by or overlaps with: {2} ({3}/{4})'.format(\n self.obj[ipfield],\n self.obj[netfield],\n ifname,\n ipaddr_elt.text,\n subnet_elt.text\n )\n self.module.fail_json(msg=msg)\n\n def _params_to_obj(self):\n \"\"\" return an interface dict from module params \"\"\"\n params = self.params\n\n obj = dict()\n self.obj = obj\n obj['descr'] = params['descr']\n if params['state'] == 'present':\n obj['if'] = params['interface']\n\n for param in ['enable', 'blockpriv', 'blockbogons']:\n self._get_ansible_param_bool(obj, param, value='')\n\n self._get_ansible_param(obj, 'mac', fname='spoofmac', force=True)\n self._get_ansible_param(obj, 'mtu')\n self._get_ansible_param(obj, 'mss')\n self._get_ansible_param(obj, 'speed_duplex', fname='media', exclude='autoselect')\n\n if params['ipv4_type'] == 'static':\n self._get_ansible_param(obj, 'ipv4_address', fname='ipaddr')\n self._get_ansible_param(obj, 'ipv4_prefixlen', fname='subnet')\n self._get_ansible_param(obj, 'ipv4_gateway', fname='gateway')\n elif params['ipv4_type'] == 'dhcp':\n obj['ipaddr'] = 'dhcp'\n\n if params['ipv6_type'] == 'static':\n self._get_ansible_param(obj, 'ipv6_address', fname='ipaddrv6')\n self._get_ansible_param(obj, 'ipv6_prefixlen', fname='subnetv6')\n self._get_ansible_param(obj, 'ipv6_gateway', fname='gatewayv6')\n\n if params['ipv6_type'] == 'slaac':\n obj['ipaddrv6'] = 'slaac'\n self._get_ansible_param_bool(obj, 'slaacusev4iface', value='')\n\n # get target interface\n self.target_elt = self._find_matching_interface()\n self._check_overlaps('ipaddrv6', 'subnetv6')\n self._check_overlaps('ipaddr', 'subnet')\n\n # check gateways\n if self.obj.get('gateway') and not self.pfsense.find_gateway_elt(self.obj['gateway'], self.target_elt.tag, 'inet'):\n self.module.fail_json(msg='Gateway {0} does not exist on {1}'.format(self.obj['gateway'], self.obj['descr']))\n\n if self.obj.get('gatewayv6') and not self.pfsense.find_gateway_elt(self.obj['gatewayv6'], self.target_elt.tag, 'inet6'):\n self.module.fail_json(msg='Gateway {0} does not exist on {1}'.format(self.obj['gatewayv6'], self.obj['descr']))\n\n else:\n self.target_elt = self._get_interface_elt_by_display_name(self.obj['descr'])\n\n return obj\n\n def _validate_params(self):\n \"\"\" do some extra checks on input parameters \"\"\"\n\n params = self.params\n\n # check name\n if re.match('^[a-zA-Z0-9_]+$', params['descr']) is None:\n self.module.fail_json(msg='The name of the interface may only consist of the characters \"a-z, A-Z, 0-9 and _\"')\n\n if params['state'] == 'present':\n if params.get('mac') and re.match('^([0-9A-F]{2}[:-]){5}([0-9A-F]{2})$', params['mac']) is None:\n self.module.fail_json(msg='MAC address must be in the following format: xx:xx:xx:xx:xx:xx (or blank).')\n\n # todo can't change mac address on vlan interface\n\n if params.get('ipv4_prefixlen') is not None and params['ipv4_prefixlen'] < 1 or params['ipv4_prefixlen'] > 32:\n self.module.fail_json(msg='ipv4_prefixlen must be between 1 and 32.')\n\n if params.get('ipv6_prefixlen') is not None and params['ipv6_prefixlen'] < 1 or params['ipv6_prefixlen'] > 128:\n self.module.fail_json(msg='ipv6_prefixlen must be between 1 and 128.')\n\n if params.get('mtu') is not None and params['mtu'] < 1:\n self.module.fail_json(msg='mtu must be above 0')\n\n if params.get('mss') is not None and params['mtu'] < 1:\n self.module.fail_json(msg='mtu must be above 0')\n\n interfaces = self._get_interface_list()\n if params.get('interface') is not None:\n if params['interface'] not in interfaces.keys():\n self.module.fail_json(\n msg='{0} can\\'t be assigned. Interface may only be one the following: {1}'.format(params['interface'], list(interfaces.keys())))\n elif params.get('interface_descr') is not None:\n for interface, attributes in interfaces.items():\n if 'descr' in attributes and attributes['descr'] == params['interface_descr']:\n if params.get('interface') is not None:\n self.module.fail_json(msg='Multiple interfaces found for \"{0}\"'.format(params['interface_descr']))\n else:\n params['interface'] = interface\n else:\n self.module.fail_json(msg='one of the following is required: interface, interface_descr')\n\n media_modes = set(self._get_media_mode(params['interface']))\n media_modes.add('autoselect')\n if params.get('speed_duplex') and params['speed_duplex'] not in media_modes:\n self.module.fail_json(msg='For this interface, media mode may only be one the following: {0}'.format(media_modes))\n\n if params['ipv4_type'] == 'static':\n if params.get('ipv4_address') and not self.pfsense.is_ipv4_address(params['ipv4_address']):\n self.module.fail_json(msg='{0} is not a valid IPv4 address'.format(params['ipv4_address']))\n\n if params['ipv6_type'] == 'static':\n if params.get('ipv6_address') and not self.pfsense.is_ipv6_address(params['ipv6_address']):\n self.module.fail_json(msg='{0} is not a valid IPv6 address'.format(params['ipv6_address']))\n\n ##############################\n # XML processing\n #\n def _copy_and_add_target(self):\n \"\"\" create the XML target_elt \"\"\"\n self.pfsense.copy_dict_to_element(self.obj, self.target_elt)\n self.diff['after'] = self.obj\n self.setup_interface_cmds += \"interface_configure('{0}', true);\\n\".format(self.target_elt.tag)\n self.result['ifname'] = self.target_elt.tag\n\n def _copy_and_update_target(self):\n \"\"\" update the XML target_elt \"\"\"\n (before, changed) = super(PFSenseInterfaceModule, self)._copy_and_update_target()\n\n if changed:\n if self.params['enable']:\n self.setup_interface_cmds += \"interface_bring_down('{0}', false);\\n\".format(self.target_elt.tag)\n self.setup_interface_cmds += \"interface_configure('{0}', true);\\n\".format(self.target_elt.tag)\n else:\n self.setup_interface_cmds += \"interface_bring_down('{0}', true);\\n\".format(self.target_elt.tag)\n\n self.result['ifname'] = self.target_elt.tag\n return (before, changed)\n\n def _create_target(self):\n \"\"\" create the XML target_elt \"\"\"\n # wan can't be deleted, so the first interface we can create is lan\n if self.pfsense.get_interface_elt('lan') is None:\n interface_elt = self.pfsense.new_element('lan')\n self.root_elt.insert(1, interface_elt)\n return interface_elt\n\n # lan is used, so we must create an optX interface\n i = 1\n while True:\n interface = 'opt{0}'.format(i)\n if self.pfsense.get_interface_elt(interface) is None:\n interface_elt = self.pfsense.new_element(interface)\n # i + 1 = i + (lan and wan) - 1\n self.root_elt.insert(i + 1, interface_elt)\n return interface_elt\n i = i + 1\n\n def _get_interface_elt_by_port_and_display_name(self, interface_port, name):\n \"\"\" return pfsense interface_elt \"\"\"\n for iface in self.root_elt:\n descr_elt = iface.find('descr')\n if descr_elt is None:\n continue\n if iface.find('if').text.strip() == interface_port and descr_elt.text.strip().lower() == name.lower():\n return iface\n return None\n\n def _get_interface_elt_by_display_name(self, name):\n \"\"\" return pfsense interface by name \"\"\"\n for iface in self.root_elt:\n descr_elt = iface.find('descr')\n if descr_elt is None:\n continue\n if descr_elt.text.strip().lower() == name.lower():\n return iface\n return None\n\n def _get_interface_display_name_by_port(self, interface_port):\n \"\"\" return pfsense interface physical name \"\"\"\n for iface in self.root_elt:\n if iface.find('if').text.strip() == interface_port:\n descr_elt = iface.find('descr')\n if descr_elt is not None:\n return descr_elt.text.strip()\n return iface.tag\n\n return None\n\n def _get_interface_elt_by_port(self, interface_port):\n \"\"\" find pfsense interface by port name \"\"\"\n for iface in self.root_elt:\n if iface.find('if').text.strip() == interface_port:\n return iface\n return None\n\n def _find_matching_interface(self):\n \"\"\" return target interface \"\"\"\n\n # we first try to find an interface having same port and display name\n interface_elt = self._get_interface_elt_by_port_and_display_name(self.obj['if'], self.obj['descr'])\n if interface_elt is not None:\n return interface_elt\n\n # we then try to find an existing interface with the same display name\n interface_elt = self._get_interface_elt_by_display_name(self.obj['descr'])\n if interface_elt is not None:\n # we check the target port can be used\n used_by = self._get_interface_display_name_by_port(self.obj['if'])\n if used_by is not None:\n self.module.fail_json(msg='Port {0} is already in use on interface {1}'.format(self.obj['if'], used_by))\n return interface_elt\n\n # last, we try to find an existing interface with the port (interface will be renamed)\n return self._get_interface_elt_by_port(self.obj['if'])\n\n def _find_target(self):\n \"\"\" find the XML target_elt \"\"\"\n return self.target_elt\n\n @staticmethod\n def _get_params_to_remove():\n \"\"\" returns the list of params to remove if they are not set \"\"\"\n params = ['mtu', 'mss', 'gateway', 'enable', 'mac', 'media', 'ipaddr', 'subnet', 'ipaddrv6', 'subnetv6', 'gatewayv6', 'blockpriv', 'blockbogons']\n return params\n\n def _pre_remove_target_elt(self):\n \"\"\" processing before removing elt \"\"\"\n super(PFSenseInterfaceModule, self)._pre_remove_target_elt()\n self.obj['if'] = self.target_elt.find('if').text\n\n ifname = self.target_elt.tag\n if self.pfsense.ifgroups is not None:\n for ifgroup_elt in self.pfsense.ifgroups.findall(\"ifgroupentry\"):\n if ifgroup_elt.find('members') is not None:\n members = ifgroup_elt.find('members').text.split()\n if ifname in members:\n self.module.fail_json(msg='The interface is part of the group {0}. Please remove it from the group first.'.format(\n ifgroup_elt.find('ifname').text))\n\n self._remove_all_separators(ifname)\n self._remove_all_rules(ifname)\n\n self.setup_interface_pre_cmds += \"interface_bring_down('{0}');\\n\".format(ifname)\n self.result['ifname'] = ifname\n\n def _remove_all_rules(self, interface):\n \"\"\" delete all interface rules \"\"\"\n\n # we use the pfsense_rule module to delete the rules since, at least for floating rules,\n # it implies to recalculate separators positions\n # if we have to just remove the deleted interface of a floating rule we do it ourselves\n todel = []\n for rule_elt in self.pfsense.rules:\n if rule_elt.find('floating') is not None:\n interfaces = rule_elt.find('interface').text.split(',')\n old_ifs = ','.join([self.pfsense.get_interface_display_name(old_interface) for old_interface in interfaces])\n if interface in interfaces:\n if len(interfaces) > 1:\n interfaces.remove(interface)\n new_ifs = ','.join([self.pfsense.get_interface_display_name(new_interface) for new_interface in interfaces])\n rule_elt.find('interface').text = ','.join(interfaces)\n cmd = 'update rule \\'{0}\\' on \\'floating({1})\\' set interface=\\'{2}\\''.format(rule_elt.find('descr').text, old_ifs, new_ifs)\n self.result['commands'].append(cmd)\n continue\n todel.append(rule_elt)\n else:\n continue\n else:\n iface = rule_elt.find('interface')\n if iface is not None and iface.text == interface:\n todel.append(rule_elt)\n\n if todel:\n pfsense_rules = PFSenseRuleModule(self.module, self.pfsense)\n for rule_elt in todel:\n params = {}\n params['state'] = 'absent'\n params['name'] = rule_elt.find('descr').text\n params['interface'] = rule_elt.find('interface').text\n if rule_elt.find('floating') is not None:\n params['floating'] = True\n pfsense_rules.run(params)\n if pfsense_rules.result['commands']:\n self.result['commands'].extend(pfsense_rules.result['commands'])\n\n def _remove_all_separators(self, interface):\n \"\"\" delete all interface separators \"\"\"\n todel = []\n separators = self.pfsense.rules.find('separator') or []\n for interface_elt in separators:\n if interface_elt.tag != interface:\n continue\n for separator_elt in interface_elt:\n todel.append(separator_elt)\n for separator_elt in todel:\n cmd = 'delete rule_separator \\'{0}\\', interface=\\'{1}\\''.format(separator_elt.find('text').text, interface)\n self.result['commands'].append(cmd)\n interface_elt.remove(separator_elt)\n separators.remove(interface_elt)\n break\n\n ##############################\n # run\n #\n def _get_interface_list(self):\n return self.pfsense.php(\n \"require_once('/etc/inc/interfaces.inc');\"\n \"$portlist = get_interface_list();\"\n \"\"\n \"/* add wireless clone interfaces */\"\n \"if (is_array($config['wireless']) && is_array($config['wireless']['clone']) && count($config['wireless']['clone']))\"\n \" foreach ($config['wireless']['clone'] as $clone) $portlist[$clone['cloneif']] = $clone;\"\n \"\"\n \"/* add VLAN interfaces */\"\n \"if (is_array($config['vlans']) && is_array($config['vlans']['vlan']) && count($config['vlans']['vlan']))\"\n \" foreach ($config['vlans']['vlan'] as $vlan) $portlist[$vlan['vlanif']] = $vlan;\"\n \"\"\n \"/* add Bridge interfaces */\"\n \"if (is_array($config['bridges']) && is_array($config['bridges']['bridged']) && count($config['bridges']['bridged']))\"\n \" foreach ($config['bridges']['bridged'] as $bridge) $portlist[$bridge['bridgeif']] = $bridge;\"\n \"\"\n \"/* add GIF interfaces */\"\n \"if (is_array($config['gifs']) && is_array($config['gifs']['gif']) && count($config['gifs']['gif']))\"\n \" foreach ($config['gifs']['gif'] as $gif) $portlist[$gif['gifif']] = $gif;\"\n \"\"\n \"/* add GRE interfaces */\"\n \"if (is_array($config['gres']) && is_array($config['gres']['gre']) && count($config['gres']['gre']))\"\n \" foreach ($config['gres']['gre'] as $gre) $portlist[$gre['greif']] = $gre;\"\n \"\"\n \"/* add LAGG interfaces */\"\n \"if (is_array($config['laggs']) && is_array($config['laggs']['lagg']) && count($config['laggs']['lagg']))\"\n \" foreach ($config['laggs']['lagg'] as $lagg) {\"\n \" $portlist[$lagg['laggif']] = $lagg;\"\n \" /* LAGG members cannot be assigned */\"\n \" $lagifs = explode(',', $lagg['members']);\"\n \" foreach ($lagifs as $lagif)\"\n \" if (isset($portlist[$lagif])) unset($portlist[$lagif]);\"\n \" }\"\n \"\"\n \"/* add QinQ interfaces */\"\n \"if (is_array($config['qinqs']) && is_array($config['qinqs']['qinqentry']) && count($config['qinqs']['qinqentry']))\"\n \" foreach ($config['qinqs']['qinqentry'] as $qinq) {\"\n \" $portlist[\\\"{$qinq['vlanif']}\\\"] = $qinq;\"\n \" /* QinQ members */\"\n \" $qinqifs = explode(' ', $qinq['members']);\"\n \" foreach ($qinqifs as $qinqif) $portlist[\\\"{$qinq['vlanif']}.{$qinqif}\\\"] = $qinqif;\"\n \" }\"\n \"\"\n \"/* add PPP interfaces */\"\n \"if (is_array($config['ppps']) && is_array($config['ppps']['ppp']) && count($config['ppps']['ppp']))\"\n \" foreach ($config['ppps']['ppp'] as $pppid => $ppp) $portlist[$ppp['if']] = $ppp;\"\n \"\"\n \"if (is_array($config['openvpn'])) {\"\n \" if (is_array($config['openvpn']['openvpn-server']))\"\n \" foreach ($config['openvpn']['openvpn-server'] as $s) $portlist[\\\"ovpns{$s['vpnid']}\\\"] = $s;\"\n \" if (is_array($config['openvpn']['openvpn-client']))\"\n \" foreach ($config['openvpn']['openvpn-client'] as $c) $portlist[\\\"ovpnc{$c['vpnid']}\\\"] = $c;\"\n \"}\"\n \"\"\n \"$ipsec_descrs = interface_ipsec_vti_list_all();\"\n \"foreach ($ipsec_descrs as $ifname => $ifdescr) $portlist[$ifname] = array('descr' => $ifdescr);\"\n \"\"\n \"echo json_encode($portlist, JSON_PRETTY_PRINT);\")\n\n def _get_media_mode(self, interface):\n \"\"\" Find all possible media options for the interface \"\"\"\n return self.pfsense.php(\n '$mediaopts_list = array();\\n'\n 'exec(\"/sbin/ifconfig -m ' + interface + ' | grep \\'media \\'\", $mediaopts);\\n'\n 'foreach ($mediaopts as $mediaopt) {\\n'\n ' preg_match(\"/media (.*)/\", $mediaopt, $matches);\\n'\n ' if (preg_match(\"/(.*) mediaopt (.*)/\", $matches[1], $matches1)) {\\n'\n ' // there is media + mediaopt like \"media 1000baseT mediaopt full-duplex\"\\n'\n ' array_push($mediaopts_list, $matches1[1] . \" \" . $matches1[2]);\\n'\n ' } else {\\n'\n ' // there is only media like \"media 1000baseT\"\\n'\n ' array_push($mediaopts_list, $matches[1]);\\n'\n ' }\\n'\n '}\\n'\n 'echo json_encode($mediaopts_list);')\n\n def get_pre_update_cmds(self):\n \"\"\" build and return php commands to setup interfaces before changing config \"\"\"\n cmd = 'require_once(\"filter.inc\");\\n'\n cmd += 'require_once(\"interfaces.inc\");\\n'\n\n if self.setup_interface_pre_cmds != \"\":\n cmd += self.setup_interface_pre_cmds\n\n return cmd\n\n def get_update_cmds(self):\n \"\"\" build and return php commands to setup interfaces \"\"\"\n cmd = 'require_once(\"filter.inc\");\\n'\n cmd += 'require_once(\"interfaces.inc\");\\n'\n cmd += 'require_once(\"services.inc\");\\n'\n cmd += 'require_once(\"gwlb.inc\");\\n'\n cmd += 'require_once(\"rrd.inc\");\\n'\n cmd += 'require_once(\"shaper.inc\");\\n'\n\n if self.setup_interface_cmds != \"\":\n cmd += self.setup_interface_cmds\n\n cmd += 'services_snmpd_configure();\\n'\n cmd += 'setup_gateways_monitor();\\n'\n cmd += \"clear_subsystem_dirty('interfaces');\\n\"\n cmd += \"filter_configure();\\n\"\n cmd += \"enable_rrd_graphing();\\n\"\n cmd += \"if (is_subsystem_dirty('staticroutes') && (system_routing_configure() == 0)) clear_subsystem_dirty('staticroutes');\"\n return cmd\n\n def _pre_update(self):\n \"\"\" tasks to run before making config changes \"\"\"\n return self.pfsense.phpshell(self.get_pre_update_cmds())\n\n def _update(self):\n \"\"\" make the target pfsense reload interfaces \"\"\"\n return self.pfsense.phpshell(self.get_update_cmds())\n\n ##############################\n # Logging\n #\n def _get_obj_name(self):\n \"\"\" return obj's name \"\"\"\n return \"'{0}'\".format(self.obj['descr'])\n\n def _log_fields(self, before=None):\n \"\"\" generate pseudo-CLI command fields parameters to create an obj \"\"\"\n values = ''\n if before is None:\n values += self.format_cli_field(self.obj, 'if', fname='port')\n values += self.format_cli_field(self.obj, 'enable', fvalue=self.fvalue_bool)\n values += self.format_cli_field(self.params, 'ipv4_type', default='none')\n values += self.format_cli_field(self.obj, 'ipaddr', fname='ipv4_address')\n values += self.format_cli_field(self.obj, 'subnet', fname='ipv4_prefixlen')\n values += self.format_cli_field(self.obj, 'gateway', fname='ipv4_gateway')\n values += self.format_cli_field(self.params, 'ipv6_type', default='none')\n if self.obj.get('ipaddrv6') != 'slaac':\n values += self.format_cli_field(self.obj, 'ipaddrv6', fname='ipv6_address')\n values += self.format_cli_field(self.obj, 'subnetv6', fname='ipv6_prefixlen')\n values += self.format_cli_field(self.obj, 'gatewayv6', fname='ipv6_gateway')\n values += self.format_cli_field(self.params, 'mac')\n values += self.format_cli_field(self.obj, 'mtu')\n values += self.format_cli_field(self.obj, 'mss')\n values += self.format_cli_field(self.obj, 'blockpriv', fvalue=self.fvalue_bool)\n values += self.format_cli_field(self.obj, 'blockbogons', fvalue=self.fvalue_bool)\n values += self.format_cli_field(self.params, 'speed_duplex', fname='speed_duplex', default='autoselect')\n else:\n # todo: - detect before ipv4_type for proper logging\n values += self.format_updated_cli_field(self.obj, before, 'descr', add_comma=(values), fname='interface')\n values += self.format_updated_cli_field(self.obj, before, 'if', add_comma=(values), fname='port')\n values += self.format_updated_cli_field(self.obj, before, 'enable', add_comma=(values), fvalue=self.fvalue_bool)\n values += self.format_updated_cli_field(self.obj, before, 'ipv4_type', add_comma=(values), log_none='True')\n values += self.format_updated_cli_field(self.obj, before, 'ipaddr', add_comma=(values), fname='ipv4_address')\n values += self.format_updated_cli_field(self.obj, before, 'subnet', add_comma=(values), fname='ipv4_prefixlen')\n values += self.format_updated_cli_field(self.obj, before, 'gateway', add_comma=(values), fname='ipv4_gateway')\n if self.obj.get('ipaddrv6') == 'slaac' and before.get('ipaddrv6') != 'slaac':\n res = \"ipv6_type=slaac\"\n if values:\n values += \", \" + res\n else:\n values += res\n else:\n values += self.format_updated_cli_field(self.obj, before, 'ipv6_type', add_comma=(values), log_none='True')\n values += self.format_updated_cli_field(self.obj, before, 'ipaddrv6', add_comma=(values), fname='ipv6_address')\n values += self.format_updated_cli_field(self.obj, before, 'subnetv6', add_comma=(values), fname='ipv6_prefixlen')\n values += self.format_updated_cli_field(self.obj, before, 'gatewayv6', add_comma=(values), fname='ipv6_gateway')\n values += self.format_updated_cli_field(self.obj, before, 'spoofmac', add_comma=(values), fname='mac')\n values += self.format_updated_cli_field(self.obj, before, 'mtu', add_comma=(values))\n values += self.format_updated_cli_field(self.obj, before, 'mss', add_comma=(values))\n values += self.format_updated_cli_field(self.obj, before, 'media', add_comma=(values), fname='speed_duplex')\n values += self.format_updated_cli_field(self.obj, before, 'blockpriv', add_comma=(values), fvalue=self.fvalue_bool)\n values += self.format_updated_cli_field(self.obj, before, 'blockbogons', add_comma=(values), fvalue=self.fvalue_bool)\n return values\n\n def _log_update(self, before):\n \"\"\" generate pseudo-CLI command to update an interface \"\"\"\n log = \"update {0} '{1}'\".format(\n self._get_module_name(True),\n # pfSense doesn't enforce a descr on an interface, especially on\n # first-run so fallback to interface specifier if not known\n before.get('descr', before['if']),\n )\n values = self._log_fields(before)\n self.result['commands'].append(log + ' set ' + values)\n"
},
{
"path": "plugins/module_utils/interface_group.py",
"content": "# -*- coding: utf-8 -*-\n\n# Copyright: (c) 2018, Frederic Bor \n# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)\n\nfrom __future__ import absolute_import, division, print_function\n__metaclass__ = type\nimport re\nfrom ansible_collections.pfsensible.core.plugins.module_utils.module_base import PFSenseModuleBase\nfrom ansible_collections.pfsensible.core.plugins.module_utils.rule import PFSenseRuleModule\n\nINTERFACE_GROUP_ARGUMENT_SPEC = dict(\n state=dict(default='present', choices=['present', 'absent']),\n name=dict(required=True, type='str'),\n descr=dict(type='str'),\n members=dict(type='list', elements='str'),\n)\n\nINTERFACE_GROUP_REQUIRED_IF = [\n ['state', 'present', ['members']],\n]\n\nINTERFACE_GROUP_PHP_COMMAND = '''\nrequire_once(\"interfaces.inc\");\n{0}\ninterface_group_setup($ifgroupentry);'''\n\n\nclass PFSenseInterfaceGroupModule(PFSenseModuleBase):\n \"\"\" module managing pfsense interfaces \"\"\"\n\n @staticmethod\n def get_argument_spec():\n \"\"\" return argument spec \"\"\"\n return INTERFACE_GROUP_ARGUMENT_SPEC\n\n ##############################\n # init\n #\n def __init__(self, module, pfsense=None):\n super(PFSenseInterfaceGroupModule, self).__init__(module, pfsense, root='ifgroups', create_root=True, node='ifgroupentry', key='ifname')\n self.name = \"pfsense_interface_group\"\n\n ##############################\n # params processing\n #\n def _params_to_obj(self):\n \"\"\" return an interface dict from module params \"\"\"\n params = self.params\n\n obj = dict()\n self.obj = obj\n obj['ifname'] = params['name']\n if params['state'] == 'present':\n obj['descr'] = params['descr']\n members = []\n for interface in params['members']:\n if self.pfsense.is_interface_display_name(interface):\n members.append(self.pfsense.get_interface_by_display_name(interface))\n elif self.pfsense.is_interface_port(interface):\n members.append(interface)\n else:\n self.module.fail_json(msg='Unknown interface name \"{0}\".'.format(interface))\n obj['members'] = ' '.join(members)\n self.result['member_ifnames'] = members\n\n return obj\n\n def _validate_params(self):\n \"\"\" do some extra checks on input parameters \"\"\"\n\n params = self.params\n\n # check name\n if re.match('^[a-zA-Z0-9_]+$', params['name']) is None:\n self.module.fail_json(msg='The name of the interface group may only consist of the characters \"a-z, A-Z, 0-9 and _\"')\n if len(params['name']) > 15:\n self.module.fail_json(msg='Group name cannot have more than 15 characters.')\n if re.match('[0-9]$', params['name']) is not None:\n self.module.fail_json(msg='Group name cannot end with a digit.')\n # Make sure list of interfaces is a unique set\n if params['state'] == 'present':\n if len(params['members']) > len(set(params['members'])):\n self.module.fail_json(msg='List of members is not unique.')\n # TODO - check that name isn't in use by any interfaces\n\n ##############################\n # XML processing\n #\n def _remove_all_rules(self, interface):\n \"\"\" delete all interface rules \"\"\"\n\n # we use the pfsense_rule module to delete the rules since, at least for floating rules,\n # it implies to recalculate separators positions\n # if we have to just remove the deleted interface of a floating rule we do it ourselves\n todel = []\n for rule_elt in self.pfsense.rules:\n if rule_elt.find('floating') is not None:\n interfaces = rule_elt.find('interface').text.split(',')\n old_ifs = ','.join([self.pfsense.get_interface_display_name(old_interface) for old_interface in interfaces])\n if interface in interfaces:\n if len(interfaces) > 1:\n interfaces.remove(interface)\n new_ifs = ','.join([self.pfsense.get_interface_display_name(new_interface) for new_interface in interfaces])\n rule_elt.find('interface').text = ','.join(interfaces)\n cmd = 'update rule \\'{0}\\' on \\'floating({1})\\' set interface=\\'{2}\\''.format(rule_elt.find('descr').text, old_ifs, new_ifs)\n self.result['commands'].append(cmd)\n continue\n todel.append(rule_elt)\n else:\n continue\n else:\n iface = rule_elt.find('interface')\n if iface is not None and iface.text == interface:\n todel.append(rule_elt)\n\n if todel:\n pfsense_rules = PFSenseRuleModule(self.module, self.pfsense)\n for rule_elt in todel:\n params = {}\n params['state'] = 'absent'\n params['name'] = rule_elt.find('descr').text\n params['interface'] = rule_elt.find('interface').text\n if rule_elt.find('floating') is not None:\n params['floating'] = True\n pfsense_rules.run(params)\n if pfsense_rules.result['commands']:\n self.result['commands'].extend(pfsense_rules.result['commands'])\n\n def _remove_all_separators(self, interface):\n \"\"\" delete all interface separators \"\"\"\n todel = []\n separators = self.pfsense.rules.find('separator')\n for interface_elt in separators:\n if interface_elt.tag != interface:\n continue\n for separator_elt in interface_elt:\n todel.append(separator_elt)\n for separator_elt in todel:\n cmd = 'delete rule_separator \\'{0}\\', interface=\\'{1}\\''.format(separator_elt.find('text').text, interface)\n self.result['commands'].append(cmd)\n interface_elt.remove(separator_elt)\n separators.remove(interface_elt)\n break\n\n ##############################\n # run\n #\n\n def _update(self):\n \"\"\" make the target pfsense reload interfaces \"\"\"\n return self.pfsense.phpshell(INTERFACE_GROUP_PHP_COMMAND.format(self.pfsense.dict_to_php(self.obj, 'ifgroupentry')))\n\n ##############################\n # Logging\n #\n def _log_fields(self, before=None):\n \"\"\" generate pseudo-CLI command fields parameters to create an obj \"\"\"\n values = ''\n if before is None:\n values += self.format_cli_field(self.obj, 'descr')\n values += self.format_cli_field(self.obj, 'members')\n else:\n values += self.format_updated_cli_field(self.obj, before, 'descr', add_comma=(values), log_none=False)\n values += self.format_updated_cli_field(self.obj, before, 'members', add_comma=(values))\n return values\n"
},
{
"path": "plugins/module_utils/ipsec.py",
"content": "# -*- coding: utf-8 -*-\n\n# Copyright: (c) 2018, Frederic Bor \n# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)\n\nfrom __future__ import absolute_import, division, print_function\n__metaclass__ = type\n\nfrom ansible_collections.pfsensible.core.plugins.module_utils.module_base import PFSenseModuleBase\n\n\nIPSEC_ARGUMENT_SPEC = dict(\n state=dict(default='present', choices=['present', 'absent']),\n descr=dict(required=True, type='str'),\n iketype=dict(choices=['ikev1', 'ikev2', 'auto'], type='str'),\n protocol=dict(default='inet', choices=['inet', 'inet6', 'both']),\n interface=dict(required=False, type='str'),\n remote_gateway=dict(required=False, type='str'),\n nattport=dict(required=False, type='int'),\n\n disabled=dict(required=False, type='bool'),\n\n authentication_method=dict(choices=['pre_shared_key', 'rsasig']),\n mode=dict(required=False, choices=['main', 'aggressive']),\n myid_type=dict(default='myaddress', choices=['myaddress', 'address', 'fqdn', 'user_fqdn', 'asn1dn', 'keyid tag', 'dyn_dns', 'auto']),\n myid_data=dict(required=False, type='str'),\n peerid_type=dict(default='peeraddress', choices=['any', 'peeraddress', 'address', 'fqdn', 'user_fqdn', 'asn1dn', 'keyid tag', 'auto']),\n peerid_data=dict(required=False, type='str'),\n certificate=dict(required=False, type='str'),\n certificate_authority=dict(required=False, type='str'),\n preshared_key=dict(required=False, type='str', no_log=True),\n\n lifetime=dict(default=28800, type='int'),\n rekey_time=dict(required=False, type='int'),\n reauth_time=dict(required=False, type='int'),\n rand_time=dict(required=False, type='int'),\n\n disable_rekey=dict(required=False, type='bool'),\n margintime=dict(required=False, type='int'),\n startaction=dict(default='', choices=['', 'none', 'start', 'trap']),\n closeaction=dict(default='', choices=['', 'none', 'start', 'trap']),\n disable_reauth=dict(default=False, type='bool'),\n mobike=dict(default='off', choices=['on', 'off']),\n gw_duplicates=dict(required=False, type='bool'),\n splitconn=dict(default=False, type='bool'),\n\n nat_traversal=dict(default='on', choices=['on', 'force']),\n enable_dpd=dict(default=True, type='bool'),\n dpd_delay=dict(default=10, type='int'),\n dpd_maxfail=dict(default=5, type='int'),\n apply=dict(default=True, type='bool'),\n\n # Dropped in 2.5.2\n responderonly=dict(required=False, type='bool'),\n)\n\nIPSEC_REQUIRED_IF = [\n [\"state\", \"present\", [\"remote_gateway\", \"interface\", \"iketype\", \"authentication_method\"]],\n\n [\"enable_dpd\", True, [\"dpd_delay\", \"dpd_maxfail\"]],\n [\"iketype\", \"auto\", [\"mode\"]],\n [\"iketype\", \"ikev1\", [\"mode\"]],\n [\"authentication_method\", \"pre_shared_key\", [\"preshared_key\"]],\n [\"authentication_method\", \"rsasig\", [\"certificate\", \"certificate_authority\"]],\n [\"myid_type\", \"address\", [\"myid_data\"]],\n [\"myid_type\", \"fqdn\", [\"myid_data\"]],\n [\"myid_type\", \"user_fqdn\", [\"myid_data\"]],\n [\"myid_type\", \"asn1dn\", [\"myid_data\"]],\n [\"myid_type\", \"keyid tag\", [\"myid_data\"]],\n [\"myid_type\", \"dyn_dns\", [\"myid_data\"]],\n\n [\"peerid_type\", \"address\", [\"peerid_data\"]],\n [\"peerid_type\", \"fqdn\", [\"peerid_data\"]],\n [\"peerid_type\", \"user_fqdn\", [\"peerid_data\"]],\n [\"peerid_type\", \"asn1dn\", [\"peerid_data\"]],\n [\"peerid_type\", \"keyid tag\", [\"peerid_data\"]],\n]\n\n# Booleans that map to different values\nIPSEC_BOOL_VALUES = dict(\n gw_duplicates=(None, ''),\n)\n\nIPSEC_MAP_PARAM = [\n ('preshared_key', 'pre-shared-key'),\n ('remote_gateway', 'remote-gateway'),\n]\n\nIPSEC_CREATE_DEFAULT = dict(\n rand_time=None,\n reauth_time=None,\n rekey_time=None,\n)\n\n\ndef p2o_ipsec_interface(self, name, params, obj):\n # Valid interfaces are physical, virtual IPs, and gateway groups\n # TODO - handle gateway groups\n if params[name].lower().startswith('vip:'):\n obj[name] = self.pfsense.get_virtual_ip_interface(params[name][4:])\n else:\n obj[name] = self.pfsense.parse_interface(params[name], with_virtual=False)\n\n\nIPSEC_ARG_ROUTE = dict(\n interface=dict(parse=p2o_ipsec_interface,),\n)\n\n\nclass PFSenseIpsecModule(PFSenseModuleBase):\n \"\"\" module managing pfsense ipsec tunnels phase 1 options \"\"\"\n\n @staticmethod\n def get_argument_spec():\n \"\"\" return argument spec \"\"\"\n return IPSEC_ARGUMENT_SPEC\n\n ##############################\n # init\n #\n def __init__(self, module, pfsense=None):\n super(PFSenseIpsecModule, self).__init__(module, pfsense, arg_route=IPSEC_ARG_ROUTE, bool_values=IPSEC_BOOL_VALUES, map_param=IPSEC_MAP_PARAM,\n create_default=IPSEC_CREATE_DEFAULT)\n # Override for use with aggregate\n self.argument_spec = IPSEC_ARGUMENT_SPEC\n self.name = \"pfsense_ipsec\"\n self.apply = True\n\n self.root_elt = self.pfsense.ipsec\n\n ##############################\n # XML processing\n #\n def _create_target(self):\n \"\"\" create the XML target_elt \"\"\"\n ipsec_elt = self.pfsense.new_element('phase1')\n self.obj['ikeid'] = str(self._find_free_ikeid())\n return ipsec_elt\n\n def _find_free_ikeid(self):\n \"\"\" return first unused ikeid \"\"\"\n ikeid = 1\n while True:\n found = False\n for ipsec_elt in self.root_elt:\n ikeid_elt = ipsec_elt.find('ikeid')\n if ikeid_elt is not None and ikeid_elt.text == str(ikeid):\n found = True\n break\n\n if not found:\n return ikeid\n ikeid = ikeid + 1\n\n def _find_target(self):\n \"\"\" find the XML target_elt \"\"\"\n if self.params.get('ikeid') is not None:\n return self.pfsense.find_ipsec_phase1(self.params['ikeid'], 'ikeid')\n return self.pfsense.find_ipsec_phase1(self.obj['descr'])\n\n def _get_params_to_remove(self):\n \"\"\" returns the list of params to remove if they are not set \"\"\"\n params = ['disabled', 'rekey_enable', 'reauth_enable', 'splitconn', 'nattport', 'gw_duplicates']\n if self.params.get('disable_rekey'):\n params.append('margintime')\n\n if not self.params['enable_dpd']:\n params.append('dpd_delay')\n params.append('dpd_maxfail')\n\n return params\n\n def _pre_remove_target_elt(self):\n \"\"\" processing before removing elt \"\"\"\n self._remove_phases2()\n\n def _remove_phases2(self):\n \"\"\" remove phase2 elts from xml \"\"\"\n ikeid_elt = self.target_elt.find('ikeid')\n if ikeid_elt is None:\n return\n ikeid = ikeid_elt.text\n phase2_elts = self.root_elt.findall('phase2')\n for phase2_elt in phase2_elts:\n ikeid_elt = phase2_elt.find('ikeid')\n if ikeid_elt is None:\n continue\n if ikeid == ikeid_elt.text:\n self.root_elt.remove(phase2_elt)\n\n ##############################\n # params processing\n #\n def _params_to_obj(self):\n \"\"\" return an ipsec dict from module params \"\"\"\n\n ipsec = super(PFSenseIpsecModule, self)._params_to_obj()\n params = self.params\n self.apply = params['apply']\n ipsec.pop('apply', None)\n\n if params['state'] == 'present':\n if params['authentication_method'] == 'rsasig':\n ca_elt = self.pfsense.find_ca_elt(params['certificate_authority'])\n if ca_elt is None:\n self.module.fail_json(msg='%s is not a valid certificate authority' % (params['certificate_authority']))\n ipsec['caref'] = ca_elt.find('refid').text\n\n cert = self.pfsense.find_cert_elt(params['certificate'])\n if cert is None:\n self.module.fail_json(msg='%s is not a valid certificate' % (params['certificate']))\n ipsec['certref'] = cert.find('refid').text\n ipsec['pre-shared-key'] = ''\n else:\n ipsec['caref'] = ''\n ipsec['certref'] = ''\n\n if params.get('disable_rekey'):\n ipsec['rekey_enable'] = ''\n\n if params.get('enable_dpd'):\n ipsec['dpd_delay'] = str(params['dpd_delay'])\n ipsec['dpd_maxfail'] = str(params['dpd_maxfail'])\n del ipsec['enable_dpd']\n\n if params.get('disable_reauth'):\n ipsec['reauth_enable'] = ''\n\n return ipsec\n\n def _deprecated_params(self):\n return [\n ['disable_rekey', self.pfsense.is_at_least_2_5_0],\n ['margintime', self.pfsense.is_at_least_2_5_0],\n ['responderonly', self.pfsense.is_at_least_2_5_2],\n ]\n\n def _onward_params(self):\n return [\n ['gw_duplicates', self.pfsense.is_at_least_2_5_0],\n ['nattport', self.pfsense.is_at_least_2_5_0],\n ['rekey_time', self.pfsense.is_at_least_2_5_0],\n ['reauth_time', self.pfsense.is_at_least_2_5_0],\n ['rand_time', self.pfsense.is_at_least_2_5_0],\n # TODO - Cannot add because it has a default value\n # ['startaction', self.pfsense.is_at_least_2_5_2],\n # ['closeaction', self.pfsense.is_at_least_2_5_2],\n ]\n\n def _validate_params(self):\n \"\"\" do some extra checks on input parameters \"\"\"\n params = self.params\n if params['state'] == 'absent':\n return\n\n if params.get('lifetime') is not None:\n if (params.get('rekey_time') is not None and params.get('rekey_time') >= params.get('lifetime') or\n params.get('reauth_time') is not None and params.get('reauth_time') >= params.get('lifetime')):\n self.module.fail_json(msg='Life Time must be larger than Rekey Time and Reauth Time.')\n\n for ipsec_elt in self.root_elt:\n if ipsec_elt.tag != 'phase1':\n continue\n\n # don't check on ourself\n name = ipsec_elt.find('descr')\n if name is None:\n name = ''\n else:\n name = name.text\n\n if name == params['descr']:\n continue\n\n # Valid interfaces are physical, virtual IPs, and gateway groups\n # TODO - handle gateway groups\n if params['interface'].lower().startswith('vip:'):\n if self.pfsense.get_virtual_ip_interface(params['interface'][4:]) is None:\n self.module.fail_json(msg='Cannot find virtual IP \"{0}\".'.format(params['interface'][4:]))\n\n # two ikev2 can share the same gateway\n iketype_elt = ipsec_elt.find('iketype')\n if iketype_elt is None:\n continue\n\n if iketype_elt.text == 'ikev2' and iketype_elt.text == params['iketype']:\n continue\n\n # others can't share the same gateway\n rgw_elt = ipsec_elt.find('remote-gateway')\n if rgw_elt is None:\n continue\n\n if rgw_elt.text == params['remote_gateway']:\n self.module.fail_json(msg='The remote gateway \"{0}\" is already used by phase1 \"{1}\".'.format(params['remote_gateway'], name))\n\n ##############################\n # run\n #\n def _update(self):\n \"\"\" make the target pfsense reload \"\"\"\n return self.pfsense.apply_ipsec_changes()\n\n ##############################\n # Logging\n #\n def _log_fields(self, before=None):\n \"\"\" generate pseudo-CLI command fields parameters to create an obj \"\"\"\n values = ''\n if before is None:\n values += self.format_cli_field(self.params, 'disabled', fvalue=self.fvalue_bool)\n values += self.format_cli_field(self.diff['after'], 'iketype')\n if self.diff['after']['iketype'] != 'ikev2':\n values += self.format_cli_field(self.diff['after'], 'mode')\n\n values += self.format_cli_field(self.diff['after'], 'protocol')\n values += self.format_cli_field(self.params, 'interface')\n values += self.format_cli_field(self.diff['after'], 'remote-gateway', fname='remote_gateway')\n values += self.format_cli_field(self.diff['after'], 'nattport')\n values += self.format_cli_field(self.diff['after'], 'authentication_method')\n if self.diff['after']['authentication_method'] == 'rsasig':\n values += self.format_cli_field(self.params, 'certificate')\n values += self.format_cli_field(self.params, 'certificate_authority')\n else:\n values += self.format_cli_field(self.diff['after'], 'pre-shared-key', fname='preshared_key')\n\n id_types = ['address', 'fqdn', 'user_fqdn', 'asn1dn', 'keyid tag', 'dyn_dns']\n values += self.format_cli_field(self.diff['after'], 'myid_type')\n if self.diff['after']['myid_type'] in id_types:\n values += self.format_cli_field(self.diff['after'], 'myid_data')\n\n values += self.format_cli_field(self.diff['after'], 'peerid_type')\n if self.diff['after']['peerid_type'] in id_types:\n values += self.format_cli_field(self.diff['after'], 'peerid_data')\n\n values += self.format_cli_field(self.diff['after'], 'lifetime')\n values += self.format_cli_field(self.diff['after'], 'rekey_time')\n values += self.format_cli_field(self.diff['after'], 'reauth_time')\n values += self.format_cli_field(self.diff['after'], 'rand_time')\n\n if self.diff['after']['iketype'] == 'ikev2':\n values += self.format_cli_field(self.diff['after'], 'reauth_enable', fname='disable_reauth', fvalue=self.fvalue_bool)\n values += self.format_cli_field(self.diff['after'], 'mobike')\n values += self.format_cli_field(self.diff['after'], 'splitconn', fvalue=self.fvalue_bool)\n\n values += self.format_cli_field(self.diff['after'], 'gw_duplicates', fvalue=self.fvalue_bool)\n\n values += self.format_cli_field(self.params, 'startaction')\n values += self.format_cli_field(self.params, 'closeaction')\n values += self.format_cli_field(self.diff['after'], 'nat_traversal')\n\n values += self.format_cli_field(self.params, 'enable_dpd', fvalue=self.fvalue_bool)\n if self.params['enable_dpd']:\n values += self.format_cli_field(self.diff['after'], 'dpd_delay')\n values += self.format_cli_field(self.diff['after'], 'dpd_maxfail')\n else:\n values += self.format_updated_cli_field(self.diff['after'], before, 'disabled', add_comma=(values), fvalue=self.fvalue_bool)\n values += self.format_updated_cli_field(self.diff['after'], before, 'iketype', add_comma=(values))\n if self.diff['after']['iketype'] != 'ikev2':\n values += self.format_updated_cli_field(self.diff['after'], before, 'mode', add_comma=(values))\n values += self.format_updated_cli_field(self.diff['after'], before, 'protocol', add_comma=(values))\n values += self.format_updated_cli_field(self.diff['after'], before, 'interface', add_comma=(values))\n values += self.format_updated_cli_field(self.diff['after'], before, 'remote-gateway', add_comma=(values), fname='remote_gateway')\n values += self.format_updated_cli_field(self.diff['after'], before, 'nattport', add_comma=(values))\n values += self.format_updated_cli_field(self.diff['after'], before, 'authentication_method', add_comma=(values))\n if self.diff['after']['authentication_method'] == 'rsasig':\n values += self.format_updated_cli_field(self.params, before, 'certificate', add_comma=(values))\n values += self.format_updated_cli_field(self.params, before, 'certificate_authority', add_comma=(values))\n else:\n values += self.format_updated_cli_field(self.diff['after'], before, 'pre-shared-key', add_comma=(values), fname='preshared_key')\n values += self.format_updated_cli_field(self.diff['after'], before, 'myid_type', add_comma=(values))\n id_types = ['address', 'fqdn', 'user_fqdn', 'asn1dn', 'keyid tag', 'dyn_dns']\n if self.diff['after']['myid_type'] in id_types:\n values += self.format_updated_cli_field(self.diff['after'], before, 'myid_data', add_comma=(values))\n\n values += self.format_updated_cli_field(self.diff['after'], before, 'peerid_type', add_comma=(values))\n if self.diff['after']['peerid_type'] in id_types:\n values += self.format_updated_cli_field(self.diff['after'], before, 'peerid_data', add_comma=(values))\n\n values += self.format_updated_cli_field(self.diff['after'], before, 'lifetime', add_comma=(values))\n values += self.format_updated_cli_field(self.diff['after'], before, 'rekey_time', add_comma=(values))\n values += self.format_updated_cli_field(self.diff['after'], before, 'reauth_time', add_comma=(values))\n values += self.format_updated_cli_field(self.diff['after'], before, 'rand_time', add_comma=(values))\n\n if self.diff['after']['iketype'] == 'ikev2':\n values += self.format_updated_cli_field(self.diff['after'], before, 'reauth_enable', add_comma=(values), fname='disable_reauth',\n fvalue=self.fvalue_bool)\n values += self.format_updated_cli_field(self.diff['after'], before, 'mobike', add_comma=(values))\n values += self.format_updated_cli_field(self.diff['after'], before, 'splitconn', add_comma=(values), fvalue=self.fvalue_bool)\n\n values += self.format_updated_cli_field(self.diff['after'], before, 'gw_duplicates', add_comma=(values), fvalue=self.fvalue_bool)\n\n values += self.format_updated_cli_field(self.diff['after'], before, 'startaction', add_comma=(values))\n values += self.format_updated_cli_field(self.diff['after'], before, 'closeaction', add_comma=(values))\n values += self.format_updated_cli_field(self.diff['after'], before, 'nat_traversal', add_comma=(values))\n values += self.format_updated_cli_field(self.diff['after'], before, 'enable_dpd', add_comma=(values), fvalue=self.fvalue_bool)\n if self.params['enable_dpd']:\n values += self.format_updated_cli_field(self.diff['after'], before, 'dpd_delay', add_comma=(values))\n values += self.format_updated_cli_field(self.diff['after'], before, 'dpd_maxfail', add_comma=(values))\n return values\n\n def _get_ref_names(self, before):\n \"\"\" get cert and ca names \"\"\"\n if before['caref'] is not None and before['caref'] != '':\n elt = self.pfsense.find_ca_elt(before['caref'], 'refid')\n if elt is not None:\n before['certificate_authority'] = elt.find('descr').text\n\n if before['certref'] is not None and before['certref'] != '':\n elt = self.pfsense.find_cert_elt(before['certref'], 'refid')\n if elt is not None:\n before['certificate'] = elt.find('descr').text\n"
},
{
"path": "plugins/module_utils/ipsec_p2.py",
"content": "# -*- coding: utf-8 -*-\n\n# Copyright: (c) 2018, Frederic Bor \n# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)\n\nfrom __future__ import absolute_import, division, print_function\n__metaclass__ = type\nfrom ansible_collections.pfsensible.core.plugins.module_utils.pfsense import PFSenseModule\nfrom ansible_collections.pfsensible.core.plugins.module_utils.module_base import PFSenseModuleBase\nfrom copy import deepcopy\n\nIPSEC_P2_ARGUMENT_SPEC = dict(\n apply=dict(default=True, type='bool'),\n state=dict(default='present', choices=['present', 'absent']),\n descr=dict(required=True, type='str'),\n p1_descr=dict(required=True, type='str'),\n\n disabled=dict(default=False, type='bool'),\n mode=dict(choices=['tunnel', 'tunnel6', 'transport', 'vti'], type='str'),\n protocol=dict(default='esp', choices=['esp', 'ah'], type='str'),\n\n # addresses\n local=dict(required=False, type='str'),\n nat=dict(required=False, type='str'),\n remote=dict(required=False, type='str'),\n\n # encryptions\n aes=dict(required=False, type='bool'),\n aes128gcm=dict(required=False, type='bool'),\n aes192gcm=dict(required=False, type='bool'),\n aes256gcm=dict(required=False, type='bool'),\n blowfish=dict(required=False, type='bool'),\n des=dict(required=False, type='bool'),\n cast128=dict(required=False, type='bool'),\n aes_len=dict(required=False, choices=['auto', '128', '192', '256'], type='str'),\n aes128gcm_len=dict(required=False, choices=['auto', '64', '96', '128'], type='str'),\n aes192gcm_len=dict(required=False, choices=['auto', '64', '96', '128'], type='str'),\n aes256gcm_len=dict(required=False, choices=['auto', '64', '96', '128'], type='str'),\n blowfish_len=dict(required=False, choices=['auto', '128', '192', '256'], type='str'),\n\n # hashes\n sha1=dict(required=False, type='bool'),\n sha256=dict(required=False, type='bool'),\n sha384=dict(required=False, type='bool'),\n sha512=dict(required=False, type='bool'),\n aesxcbc=dict(required=False, type='bool'),\n\n # misc\n pfsgroup=dict(\n default='14',\n choices=['0', '1', '2', '5', '14', '15', '16', '17', '18', '19', '20', '21', '22', '23', '24', '28', '29', '30', '31', '32'],\n type='str'\n ),\n lifetime=dict(default=3600, type='int'),\n pinghost=dict(required=False, type='str')\n)\n\nIPSEC_P2_REQUIRED_IF = [\n [\"state\", \"present\", [\"mode\"]],\n\n [\"mode\", \"tunnel\", [\"local\", \"remote\"]],\n [\"mode\", \"tunnel6\", [\"local\", \"remote\"]],\n [\"mode\", \"vti\", [\"local\", \"remote\"]],\n\n # encryptions\n [\"aes\", True, [\"aes_len\"]],\n [\"aes128gcm\", True, [\"aes128gcm_len\"]],\n [\"aes192gcm\", True, [\"aes192gcm_len\"]],\n [\"aes256gcm\", True, [\"aes256gcm_len\"]],\n [\"blowfish\", True, [\"blowfish_len\"]],\n]\n\n\nclass PFSenseIpsecP2Module(PFSenseModuleBase):\n \"\"\" module managing pfsense ipsec phase 2 options and proposals \"\"\"\n\n @staticmethod\n def get_argument_spec():\n \"\"\" return argument spec \"\"\"\n return IPSEC_P2_ARGUMENT_SPEC\n\n ##############################\n # init\n #\n def __init__(self, module, pfsense=None):\n super(PFSenseIpsecP2Module, self).__init__(module, pfsense)\n self.name = \"pfsense_ipsec_p2\"\n self.apply = True\n self.obj = dict()\n\n if pfsense is None:\n pfsense = PFSenseModule(module)\n self.module = module\n self.pfsense = pfsense\n self.root_elt = self.pfsense.ipsec\n\n self._phase1 = None\n self.before_elt = None\n\n ##############################\n # params processing\n #\n def _check_for_duplicate_phase2(self, phase2):\n \"\"\" check for another phase2 with same remote and local \"\"\"\n def strip_phase(phase):\n _phase2 = {}\n if phase.get('localid') is not None:\n _phase2['localid'] = phase['localid']\n if phase.get('remoteid') is not None:\n _phase2['remoteid'] = phase['remoteid']\n return _phase2\n\n _phase2 = strip_phase(phase2)\n ikeid = self._phase1.find('ikeid').text\n for phase2_elt in self.root_elt:\n if phase2_elt.tag != 'phase2':\n continue\n\n if phase2_elt.find('ikeid').text != ikeid:\n continue\n\n if phase2_elt.find('descr').text == phase2['descr']:\n continue\n\n other_phase2 = self.pfsense.element_to_dict(phase2_elt)\n if _phase2 == strip_phase(other_phase2):\n self.module.fail_json(msg='Phase2 with this Local/Remote networks combination is already defined for this Phase1.')\n\n def _id_to_phase2(self, name, phase2, address, param_name):\n \"\"\" setup ipsec phase2 with address \"\"\"\n def set_ip_address():\n phase2[name]['type'] = 'address'\n phase2[name]['address'] = address\n\n def set_ip_network():\n phase2[name]['type'] = 'network'\n (phase2[name]['address'], phase2[name]['netbits']) = self.pfsense.parse_ip_network(address, False)\n phase2[name]['netbits'] = str(phase2[name]['netbits'])\n phase2[name] = dict()\n\n interface = self.pfsense.parse_interface(address, fail=False, with_virtual=False)\n if interface is not None:\n if phase2['mode'] == 'vti':\n msg = 'VTI requires a valid local network or IP address for its endpoint address.'\n self.module.fail_json(msg=msg)\n phase2[name]['type'] = interface\n elif self.pfsense.is_ipv4_address(address):\n if self.params['mode'] == 'tunnel6':\n self.module.fail_json(msg='A valid IPv6 address or network must be specified in {0} with tunnel6.'.format(param_name))\n set_ip_address()\n elif self.pfsense.is_ipv6_address(address):\n if self.params['mode'] == 'tunnel':\n self.module.fail_json(msg='A valid IPv4 address or network must be specified in {0} with tunnel.'.format(param_name))\n set_ip_address()\n elif self.pfsense.is_ipv4_network(address, False):\n if self.params['mode'] == 'tunnel6':\n self.module.fail_json(msg='A valid IPv6 address or network must be specified in {0} with tunnel6.'.format(param_name))\n set_ip_network()\n elif self.pfsense.is_ipv6_network(address, False):\n if self.params['mode'] == 'tunnel':\n self.module.fail_json(msg='A valid IPv4 address or network must be specified in {0} with tunnel.'.format(param_name))\n set_ip_network()\n else:\n self.module.fail_json(msg='A valid IP address, network or interface must be specified in {0}.'.format(param_name))\n\n def _params_to_obj(self):\n \"\"\" return an phase2 dict from module params \"\"\"\n params = self.params\n\n obj = dict()\n obj['descr'] = params['descr']\n self.apply = params['apply']\n\n if params['state'] == 'present':\n obj['mode'] = params['mode']\n if obj['mode'] != 'transport':\n\n if obj['mode'] == 'vti' and not self.pfsense.is_ipv4_address(params['remote']):\n msg = 'VTI requires a valid remote IP address for its endpoint address.'\n self.module.fail_json(msg=msg)\n\n self._id_to_phase2('localid', obj, params['local'], 'local')\n self._id_to_phase2('remoteid', obj, params['remote'], 'remote')\n\n if obj['mode'] != 'vti' and params.get('nat') is not None:\n self._id_to_phase2('natlocalid', obj, params['nat'], 'nat')\n\n if params.get('disabled'):\n obj['disabled'] = ''\n\n obj['protocol'] = params['protocol']\n obj['pfsgroup'] = params['pfsgroup']\n if params.get('lifetime') is not None and params['lifetime'] > 0:\n obj['lifetime'] = str(params['lifetime'])\n else:\n obj['lifetime'] = ''\n\n if obj.get('pinghost'):\n obj['pinghost'] = params['pinghost']\n else:\n obj['pinghost'] = ''\n\n self._check_for_duplicate_phase2(obj)\n\n return obj\n\n def _validate_params(self):\n \"\"\" do some extra checks on input parameters \"\"\"\n def has_one_of(bools):\n for name in bools:\n if params.get(name):\n return True\n return False\n\n params = self.params\n\n # called from ipsec_aggregate\n if params.get('ikeid') is not None:\n self._phase1 = self.pfsense.find_ipsec_phase1(params['ikeid'], 'ikeid')\n if self._phase1 is None:\n self.module.fail_json(msg='No ipsec tunnel with ikeid {0}'.format(params['ikeid']))\n else:\n self._phase1 = self.pfsense.find_ipsec_phase1(params['p1_descr'])\n if self._phase1 is None:\n self.module.fail_json(msg='No ipsec tunnel named {0}'.format(params['p1_descr']))\n\n if params['state'] == 'present':\n encs = ['aes', 'aes128gcm', 'aes192gcm', 'aes256gcm', 'blowfish', 'des', 'cast128']\n if params['protocol'] == 'esp' and not has_one_of(encs):\n self.module.fail_json(msg='At least one encryption algorithm must be selected.')\n\n if self.pfsense.is_at_least_2_5_0():\n need_one_hash = has_one_of(['aes', 'blowfish', 'des', 'cast128'])\n else:\n need_one_hash = True\n\n if need_one_hash and not has_one_of(['sha1', 'sha256', 'sha384', 'sha512', 'aesxcbc']):\n self.module.fail_json(msg='At least one hashing algorithm needs to be selected.')\n\n ##############################\n # XML processing\n #\n def _copy_and_add_target(self):\n \"\"\" create the XML target_elt \"\"\"\n self.pfsense.copy_dict_to_element(self.obj, self.target_elt)\n self._sync_encryptions(self.target_elt)\n self._sync_hashes(self.target_elt)\n self.root_elt.append(self.target_elt)\n\n def _copy_and_update_target(self):\n \"\"\" update the XML target_elt \"\"\"\n self.before_elt = deepcopy(self.target_elt)\n before = self.pfsense.element_to_dict(self.target_elt)\n changed = self.pfsense.copy_dict_to_element(self.obj, self.target_elt)\n\n if self._sync_encryptions(self.target_elt):\n changed = True\n\n if self._sync_hashes(self.target_elt):\n changed = True\n\n if self._remove_deleted_ipsec_params():\n changed = True\n\n return (before, changed)\n\n def _create_target(self):\n \"\"\" create the XML target_elt \"\"\"\n target_elt = self.pfsense.new_element('phase2')\n self.obj['ikeid'] = self._phase1.find('ikeid').text\n self.obj['uniqid'] = self.pfsense.uniqid()\n self.obj['reqid'] = str(self._find_free_reqid())\n return target_elt\n\n def _find_free_reqid(self):\n \"\"\" return first unused reqid \"\"\"\n reqid = 1\n while True:\n found = False\n for phase2_elt in self.root_elt:\n if phase2_elt.tag != 'phase2':\n continue\n reqid_elt = phase2_elt.find('reqid')\n if reqid_elt is not None and reqid_elt.text == str(reqid):\n found = True\n break\n\n if not found:\n return reqid\n reqid = reqid + 1\n\n def _find_target(self):\n \"\"\" return ipsec phase2 elt if found \"\"\"\n ikeid = self._phase1.find('ikeid').text\n for phase2_elt in self.root_elt:\n if phase2_elt.tag != 'phase2':\n continue\n\n if phase2_elt.find('ikeid').text != ikeid:\n continue\n\n descr_elt = phase2_elt.find('descr')\n if descr_elt is not None and descr_elt.text == self.obj['descr']:\n return phase2_elt\n\n return None\n\n def _remove_deleted_ipsec_params(self):\n \"\"\" Remove from phase2 a few deleted params \"\"\"\n changed = False\n params = ['disabled']\n\n for param in params:\n if self.pfsense.remove_deleted_param_from_elt(self.target_elt, param, self.obj):\n changed = True\n\n for param in ['localid', 'remoteid', 'natlocalid']:\n if self._remove_extra_deleted_ipsec_params(param):\n changed = True\n\n return changed\n\n def _remove_extra_deleted_ipsec_params(self, name):\n \"\"\" Remove from phase2 a few extra deleted params \"\"\"\n changed = False\n\n params = ['type', 'address', 'netbits']\n sub_elt = self.target_elt.find(name)\n if sub_elt is not None:\n for param in params:\n if name in self.obj:\n if self.pfsense.remove_deleted_param_from_elt(sub_elt, param, self.obj[name]):\n changed = True\n else:\n if self.pfsense.remove_deleted_param_from_elt(sub_elt, param, dict()):\n changed = True\n\n if len(sub_elt) == 0:\n self.target_elt.remove(sub_elt)\n\n return changed\n\n def _sync_encryptions(self, phase2_elt):\n \"\"\" sync encryptions params \"\"\"\n def get_encryption(encryptions_elt, name):\n for encryption_elt in encryptions_elt:\n name_elt = encryption_elt.find('name')\n if name_elt is not None and name_elt.text == name:\n return encryption_elt\n return None\n\n def sync_encryption(encryptions_elt, name, param_name):\n encryption_elt = get_encryption(encryptions_elt, name)\n if self.params.get(param_name):\n encryption = dict()\n encryption['name'] = name\n if self.params.get(param_name + '_len') is not None:\n encryption['keylen'] = self.params[param_name + '_len']\n if encryption_elt is None:\n encryption_elt = self.pfsense.new_element('encryption-algorithm-option')\n self.pfsense.copy_dict_to_element(encryption, encryption_elt)\n phase2_elt.append(encryption_elt)\n return True\n else:\n old_encryption = self.pfsense.element_to_dict(encryption_elt)\n if old_encryption != encryption:\n self.pfsense.copy_dict_to_element(encryption, encryption_elt)\n return True\n else:\n if encryption_elt is not None:\n phase2_elt.remove(encryption_elt)\n return True\n return False\n\n changed = False\n encryptions_elt = phase2_elt.findall('encryption-algorithm-option')\n if sync_encryption(encryptions_elt, 'aes', 'aes'):\n changed = True\n if sync_encryption(encryptions_elt, 'aes128gcm', 'aes128gcm'):\n changed = True\n if sync_encryption(encryptions_elt, 'aes192gcm', 'aes192gcm'):\n changed = True\n if sync_encryption(encryptions_elt, 'aes256gcm', 'aes256gcm'):\n changed = True\n if sync_encryption(encryptions_elt, 'blowfish', 'blowfish'):\n changed = True\n if sync_encryption(encryptions_elt, '3des', 'des'):\n changed = True\n if sync_encryption(encryptions_elt, 'cast128', 'cast128'):\n changed = True\n return changed\n\n def _sync_hashes(self, phase2_elt):\n \"\"\" sync hashes params \"\"\"\n def get_hash(hashes_elt, name):\n for hash_elt in hashes_elt:\n if hash_elt.text == name:\n return hash_elt\n return None\n\n def sync_hash(hashes_elt, name, param_name):\n if self.params.get(param_name) is True:\n if get_hash(hashes_elt, name) is None:\n hash_elt = self.pfsense.new_element('hash-algorithm-option')\n hash_elt.text = name\n phase2_elt.append(hash_elt)\n return True\n else:\n hash_elt = get_hash(hashes_elt, name)\n if hash_elt is not None:\n phase2_elt.remove(hash_elt)\n return True\n return False\n\n changed = False\n hashes_elt = phase2_elt.findall('hash-algorithm-option')\n if sync_hash(hashes_elt, 'hmac_sha1', 'sha1'):\n changed = True\n if sync_hash(hashes_elt, 'hmac_sha256', 'sha256'):\n changed = True\n if sync_hash(hashes_elt, 'hmac_sha384', 'sha384'):\n changed = True\n if sync_hash(hashes_elt, 'hmac_sha512', 'sha512'):\n changed = True\n if sync_hash(hashes_elt, 'aesxcbc', 'aesxcbc'):\n changed = True\n return changed\n\n ##############################\n # run\n #\n def _update(self):\n return self.pfsense.apply_ipsec_changes()\n\n ##############################\n # Logging\n #\n def _get_obj_name(self):\n \"\"\" return obj's name \"\"\"\n return \"'{0}' on '{1}'\".format(self.obj['descr'], self.params['p1_descr'])\n\n def _log_fields(self, before=None):\n \"\"\" generate pseudo-CLI command fields parameters to create an obj \"\"\"\n def log_enc(name):\n log = ''\n log += self.format_cli_field(self.params, name, fvalue=self.fvalue_bool)\n if self.params.get(name) and self.params.get(name + '_len') is not None:\n log += self.format_cli_field(self.params, name + '_len')\n return log\n values = ''\n if before is None:\n values += self.format_cli_field(self.params, 'disabled', fvalue=self.fvalue_bool)\n values += self.format_cli_field(self.obj, 'mode')\n\n values += self.format_cli_field(self.params, 'local')\n values += self.format_cli_field(self.params, 'remote')\n values += self.format_cli_field(self.params, 'nat')\n\n values += log_enc('aes')\n values += log_enc('aes128gcm')\n values += log_enc('aes192gcm')\n values += log_enc('aes256gcm')\n values += log_enc('blowfish')\n values += log_enc('des')\n values += log_enc('cast128')\n\n values += self.format_cli_field(self.params, 'sha1', fvalue=self.fvalue_bool)\n values += self.format_cli_field(self.params, 'sha256', fvalue=self.fvalue_bool)\n values += self.format_cli_field(self.params, 'sha384', fvalue=self.fvalue_bool)\n values += self.format_cli_field(self.params, 'sha512', fvalue=self.fvalue_bool)\n values += self.format_cli_field(self.params, 'aesxcbc', fvalue=self.fvalue_bool)\n\n values += self.format_cli_field(self.params, 'pfsgroup')\n values += self.format_cli_field(self.params, 'lifetime')\n values += self.format_cli_field(self.params, 'pinghost')\n else:\n self._prepare_log_address(before, 'local', 'localid')\n self._prepare_log_address(before, 'nat', 'natlocalid')\n self._prepare_log_address(before, 'remote', 'remoteid')\n self._prepare_log_encryptions(before, self.before_elt)\n self._prepare_log_hashes(before, self.before_elt)\n\n values += self.format_updated_cli_field(self.obj, before, 'disabled', add_comma=(values), fvalue=self.fvalue_bool)\n values += self.format_updated_cli_field(self.obj, before, 'mode', add_comma=(values))\n\n values += self.format_updated_cli_field(self.params, before, 'local', add_comma=(values))\n values += self.format_updated_cli_field(self.params, before, 'remote', add_comma=(values))\n values += self.format_updated_cli_field(self.params, before, 'nat', add_comma=(values))\n\n values += self.format_updated_cli_field(self.params, before, 'aes', add_comma=(values), fvalue=self.fvalue_bool)\n values += self.format_updated_cli_field(self.params, before, 'aes_len', add_comma=(values))\n values += self.format_updated_cli_field(self.params, before, 'aes128gcm', add_comma=(values), fvalue=self.fvalue_bool)\n values += self.format_updated_cli_field(self.params, before, 'aes128gcm_len', add_comma=(values))\n values += self.format_updated_cli_field(self.params, before, 'aes192gcm', add_comma=(values), fvalue=self.fvalue_bool)\n values += self.format_updated_cli_field(self.params, before, 'aes192gcm_len', add_comma=(values))\n values += self.format_updated_cli_field(self.params, before, 'aes256gcm', add_comma=(values), fvalue=self.fvalue_bool)\n values += self.format_updated_cli_field(self.params, before, 'aes256gcm_len', add_comma=(values))\n values += self.format_updated_cli_field(self.params, before, 'blowfish', add_comma=(values), fvalue=self.fvalue_bool)\n values += self.format_updated_cli_field(self.params, before, 'blowfish_len', add_comma=(values))\n values += self.format_updated_cli_field(self.params, before, 'des', add_comma=(values), fvalue=self.fvalue_bool)\n values += self.format_updated_cli_field(self.params, before, 'cast128', add_comma=(values), fvalue=self.fvalue_bool)\n\n values += self.format_updated_cli_field(self.params, before, 'sha1', add_comma=(values), fvalue=self.fvalue_bool)\n values += self.format_updated_cli_field(self.params, before, 'sha256', add_comma=(values), fvalue=self.fvalue_bool)\n values += self.format_updated_cli_field(self.params, before, 'sha384', add_comma=(values), fvalue=self.fvalue_bool)\n values += self.format_updated_cli_field(self.params, before, 'sha512', add_comma=(values), fvalue=self.fvalue_bool)\n values += self.format_updated_cli_field(self.params, before, 'aesxcbc', add_comma=(values), fvalue=self.fvalue_bool)\n\n values += self.format_updated_cli_field(self.obj, before, 'pfsgroup', add_comma=(values))\n values += self.format_updated_cli_field(self.obj, before, 'lifetime', add_comma=(values))\n values += self.format_updated_cli_field(self.obj, before, 'pinghost', add_comma=(values))\n return values\n\n def _prepare_log_address(self, before, param, name):\n \"\"\" reparse some params for logging \"\"\"\n if before.get(name) is None or not isinstance(before[name], dict) or before[name].get('type') is None:\n before[param] = None\n return\n\n if before[name]['type'] == 'address':\n before[param] = before[name]['address']\n elif before[name]['type'] == 'network':\n before[param] = before[name]['address'] + '/' + str(before[name]['netbits'])\n else:\n before[param] = self.pfsense.get_interface_display_name(before[name]['type'])\n\n @staticmethod\n def _prepare_log_encryptions(before, before_elt):\n \"\"\" reparse some params for logging \"\"\"\n encryptions_elt = before_elt.findall('encryption-algorithm-option')\n for encryption_elt in encryptions_elt:\n name = encryption_elt.find('name').text\n len_elt = encryption_elt.find('keylen')\n if name == '3des':\n name = 'des'\n before[name] = True\n if len_elt is not None:\n before[name + '_len'] = len_elt.text\n\n encs = ['aes', 'aes128gcm', 'aes192gcm', 'aes256gcm', 'blowfish', 'des', 'cast128']\n for enc in encs:\n if enc not in before.keys():\n before[enc] = False\n if enc + '_len' not in before.keys():\n before[enc + '_len'] = None\n\n @staticmethod\n def _prepare_log_hashes(before, before_elt):\n \"\"\" reparse some params for logging \"\"\"\n hashes_elt = before_elt.findall('hash-algorithm-option')\n for hash_elt in hashes_elt:\n name = hash_elt.text.replace(\"hmac_\", \"\")\n before[name] = True\n"
},
{
"path": "plugins/module_utils/ipsec_proposal.py",
"content": "# -*- coding: utf-8 -*-\n\n# Copyright: (c) 2018, Frederic Bor \n# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)\n\nfrom __future__ import absolute_import, division, print_function\n__metaclass__ = type\nfrom ansible_collections.pfsensible.core.plugins.module_utils.module_base import PFSenseModuleBase\nfrom copy import deepcopy\n\n\nIPSEC_PROPOSAL_ARGUMENT_SPEC = dict(\n state=dict(default='present', choices=['present', 'absent']),\n descr=dict(required=False, type='str'),\n encryption=dict(required=True, choices=['aes', 'aes128gcm', 'aes192gcm', 'aes256gcm', 'blowfish', '3des', 'cast128'], type='str'),\n key_length=dict(required=False, choices=[64, 96, 128, 192, 256], type='int'),\n hash=dict(required=True, choices=['md5', 'sha1', 'sha256', 'sha384', 'sha512', 'aesxcbc'], type='str'),\n prf=dict(required=False, choices=['md5', 'sha1', 'sha256', 'sha384', 'sha512', 'aesxcbc'], type='str'),\n dhgroup=dict(required=True, choices=[1, 2, 5, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 28, 29, 30, 31, 32], type='int'),\n apply=dict(default=True, type='bool'),\n)\n\nIPSEC_PROPOSAL_REQUIRED_IF = [\n [\"encryption\", \"aes\", [\"key_length\"]],\n [\"encryption\", \"aes128-gcm\", [\"key_length\"]],\n [\"encryption\", \"aes192-gcm\", [\"key_length\"]],\n [\"encryption\", \"aes256-gcm\", [\"key_length\"]],\n [\"encryption\", \"blowfish\", [\"key_length\"]],\n]\n\n\nclass PFSenseIpsecProposalModule(PFSenseModuleBase):\n \"\"\" module managing pfsense ipsec phase 1 proposals \"\"\"\n\n @staticmethod\n def get_argument_spec():\n \"\"\" return argument spec \"\"\"\n return IPSEC_PROPOSAL_ARGUMENT_SPEC\n\n ##############################\n # init\n #\n def __init__(self, module, pfsense=None):\n super(PFSenseIpsecProposalModule, self).__init__(module, pfsense)\n self.name = \"pfsense_ipsec_proposal\"\n self.root_elt = None\n self.obj = dict()\n self.apply = True\n\n self.ipsec = self.pfsense.ipsec\n self._phase1 = None\n\n ##############################\n # params processing\n #\n def _onward_params(self):\n return [\n ['prf', self.pfsense.is_at_least_2_5_0],\n ]\n\n def _params_to_obj(self):\n \"\"\" return a dict from module params \"\"\"\n params = self.params\n\n obj = dict()\n obj['encryption-algorithm'] = dict()\n obj['encryption-algorithm']['name'] = params['encryption']\n if params.get('key_length') is not None:\n obj['encryption-algorithm']['keylen'] = str(params['key_length'])\n else:\n obj['encryption-algorithm']['keylen'] = ''\n obj['hash-algorithm'] = params['hash']\n obj['dhgroup'] = str(params['dhgroup'])\n\n if self.pfsense.is_at_least_2_5_0():\n if params.get('prf') is not None:\n obj['prf-algorithm'] = params['prf']\n else:\n obj['prf-algorithm'] = 'sha256'\n\n self.apply = params['apply']\n\n return obj\n\n def _validate_params(self):\n \"\"\" do some extra checks on input parameters \"\"\"\n params = self.params\n\n key_length = dict()\n key_length['aes'] = ['128', '192', '256']\n key_length['aes192gcm'] = ['64', '96', '128']\n key_length['aes128gcm'] = ['64', '96', '128']\n key_length['aes256gcm'] = ['64', '96', '128']\n key_length['blowfish'] = ['128', '192', '256']\n if params['encryption'] in key_length.keys() and str(params['key_length']) not in key_length[params['encryption']]:\n msg = 'key_length for encryption {0} must be one of: {1}.'.format(params['encryption'], ', '.join(key_length[params['encryption']]))\n self.module.fail_json(msg=msg)\n\n # called from ipsec_aggregate\n if params.get('ikeid') is not None:\n self._phase1 = self.pfsense.find_ipsec_phase1(params['ikeid'], 'ikeid')\n if self._phase1 is None:\n self.module.fail_json(msg='No ipsec tunnel with ikeid {0}'.format(params['ikeid']))\n else:\n self._phase1 = self.pfsense.find_ipsec_phase1(params['descr'])\n if self._phase1 is None:\n self.module.fail_json(msg='No ipsec tunnel named {0}'.format(params['descr']))\n\n self.root_elt = self._phase1.find('encryption')\n if self.root_elt is None:\n self.root_elt = self.pfsense.new_element('encryption')\n self._phase1.append(self.root_elt)\n\n if params['encryption'] in ['aes128gcm', 'aes192gcm', 'aes256gcm']:\n iketype_elt = self._phase1.find('iketype')\n if iketype_elt is not None and iketype_elt.text != 'ikev2':\n self.module.fail_json(msg='Encryption Algorithm AES-GCM can only be used with IKEv2')\n\n ##############################\n # XML processing\n #\n @staticmethod\n def _copy_and_update_target():\n \"\"\" update the XML target_elt \"\"\"\n return (None, False)\n\n def _create_target(self):\n \"\"\" create the XML target_elt \"\"\"\n return self.pfsense.new_element('item')\n\n def _find_target(self):\n \"\"\" find the XML target_elt \"\"\"\n # 2.5.0: when deleting, if prf is not specified we're taking the first matching proposal without taking prf into account\n if self.params['state'] == 'absent' and self.params.get('prf') is None and self.pfsense.is_at_least_2_5_0():\n obj = deepcopy(self.obj)\n obj.pop('prf-algorithm', None)\n else:\n obj = self.obj\n\n items_elt = self.root_elt.findall('item')\n for item in items_elt:\n existing = self.pfsense.element_to_dict(item)\n if self.params['state'] == 'absent' and self.params.get('prf') is None and self.pfsense.is_at_least_2_5_0():\n existing.pop('prf-algorithm', None)\n if existing == obj:\n return item\n return None\n\n ##############################\n # run\n #\n def _update(self):\n \"\"\" make the target pfsense reload \"\"\"\n return self.pfsense.apply_ipsec_changes()\n\n ##############################\n # Logging\n #\n def _get_obj_name(self):\n \"\"\" return obj's name \"\"\"\n return \"'{0}'\".format(self.params['descr'])\n\n def _log_fields(self, before=None):\n \"\"\" generate pseudo-CLI command fields parameters to create an obj \"\"\"\n values = ''\n values += self.format_cli_field(self.params, 'encryption')\n values += self.format_cli_field(self.params, 'key_length')\n values += self.format_cli_field(self.obj, 'hash-algorithm', fname='hash')\n values += self.format_cli_field(self.obj, 'dhgroup')\n if self.pfsense.is_at_least_2_5_0():\n values += self.format_cli_field(self.obj, 'prf-algorithm', fname='prf')\n return values\n\n def _log_fields_delete(self):\n \"\"\" generate pseudo-CLI command fields parameters to delete an obj \"\"\"\n return self._log_fields()\n"
},
{
"path": "plugins/module_utils/module_base.py",
"content": "# -*- coding: utf-8 -*-\n\n# Copyright: (c) 2019, Frederic Bor \n# Copyright: (c) 2024, Orion Poplawski \n# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)\n\nfrom __future__ import (absolute_import, division, print_function)\n__metaclass__ = type\n\nfrom ansible_collections.pfsensible.core.plugins.module_utils.pfsense import PFSenseModule\nfrom ansible_collections.pfsensible.core.plugins.module_utils.arg_route import p2o_interface\n\nBASE_ARG_ROUTE = dict(\n interface=dict(parse=p2o_interface,),\n)\n\n\n# Merge two nested dictionaries, combining instead of overwriting elements\ndef merge_dicts(a: dict, b: dict, path=None):\n if path is None:\n path = []\n for key in b:\n if key in a:\n if isinstance(a[key], dict) and isinstance(b[key], dict):\n merge_dicts(a[key], b[key], path + [str(key)])\n else:\n a[key] = b[key]\n else:\n a[key] = b[key]\n return a\n\n\n# Move a key in dict to a new one, allowing the use '/' to specify nested dict location\ndef move_dict_key(obj, src, dst):\n item = None\n for n in reversed(dst.split('/')):\n if item is None:\n item = dict()\n item[n] = obj[src]\n else:\n parent = dict()\n parent[n] = item\n item = parent\n merge_dicts(obj, item)\n del obj[src]\n\n\nclass PFSenseModuleBase(object):\n \"\"\" class providing base services for pfSense modules \"\"\"\n\n ##############################\n # unit tests\n #\n # Must be class method for unit test usage\n @staticmethod\n def get_argument_spec():\n \"\"\" return argument spec \"\"\"\n raise NotImplementedError()\n\n ##############################\n # init\n #\n def __init__(self, module, pfsense=None, package=None, name=None, root=None, root_is_exclusive=True, create_root=False, node=None, key='descr',\n update_php=None, arg_route=None, map_param=None, map_param_if=None, param_force=None, bool_style=None, bool_values=None, have_refid=False,\n create_default=None):\n self.module = module # ansible module\n self.argument_spec = module.argument_spec # Allow for being overriden for use with aggregate\n\n # pfSense helper module\n if pfsense is None:\n pfsense = PFSenseModule(module)\n self.pfsense = pfsense\n\n if name is not None: # ansible module name\n self.name = name\n elif node is not None:\n self.name = 'pfsense_' + node\n else:\n self.name = None\n\n self.apply = True # apply configuration at the end\n\n # xml parent of target_elt, node named by root\n # TODO - handle paths with creation - e.g. \n if root is not None:\n if root == 'pfsense':\n self.root_elt = self.pfsense.root\n self.root_is_exclusive = False\n else:\n if package is not None:\n self.package_elt = self.pfsense.find_elt('package', package, search_field='name', root_elt=self.pfsense.root.find('installedpackages'))\n if self.package_elt is None:\n self.module.fail_json(\n msg=f'Unable to find package {package} in installed packages. Are you sure that it is installed?')\n self.root_elt = self.pfsense.get_element(root, root_elt=self.pfsense.root.find('installedpackages'), create_node=create_root)\n if self.root_elt is None:\n self.module.fail_json(\n msg=f'Unable to find configuration for the package {package}. Are you sure that it is installed?')\n else:\n root_elt = self.pfsense.root\n for this in root.split('/'):\n root_elt = self.pfsense.get_element(this, root_elt=root_elt, create_node=create_root)\n self.root_elt = root_elt\n\n if root in ['system']:\n self.root_is_exclusive = False\n else:\n self.root_is_exclusive = root_is_exclusive\n else:\n self.root_elt = None\n self.root_is_exclusive = root_is_exclusive\n self.root = root\n\n # List of elements named node\n if node is not None:\n self.elements = self.root_elt.findall(node)\n else:\n self.elements = None\n self.node = node\n\n self.key = key # item that identifies a target element\n self.obj = dict() # dict holding target pfsense parameters\n self.package = package\n\n # routing for argument handling\n self.arg_route = BASE_ARG_ROUTE.copy()\n if arg_route is not None:\n self.arg_route.update(arg_route)\n\n # rules for mapping parameters\n if map_param is not None:\n self.map_param = map_param\n else:\n self.map_param = list()\n\n # conditional rules for mapping parameters\n if map_param_if is not None:\n self.map_param_if = map_param_if\n else:\n self.map_param_if = list()\n\n if param_force is not None:\n self.param_force = param_force # parameters that are forced to be present\n else:\n self.param_force = list()\n self.bool_style = bool_style # default boolean value style for arguments\n if bool_values is not None:\n self.bool_values = bool_values # boolean values for specific arguments\n else:\n self.bool_values = dict()\n self.create_default = create_default # default values for a created target\n self.have_refid = have_refid # if the element has a refid item\n self.target_elt = None # xml object holding target pfsense parameters\n\n self.update_php = update_php # php code to update configuration\n\n self.change_descr = ''\n\n self.result = {}\n self.result['changed'] = False\n self.result['commands'] = []\n\n self.diff = {'after': {}, 'before': {}}\n self.result['diff'] = self.diff\n\n ##############################\n # params processing\n #\n def _get_ansible_param(self, obj, name, fname=None, force=False, exclude=None, force_value='', params=None):\n \"\"\" get parameter from params and set it into obj \"\"\"\n if fname is None:\n fname = name\n if params is None:\n params = self.params\n\n if params.get(name) is not None:\n if not (exclude is not None and exclude == params[name]):\n if isinstance(self.params[name], int):\n obj[fname] = str(self.params[name])\n else:\n obj[fname] = self.params[name]\n elif force:\n obj[fname] = force_value\n\n def _get_ansible_param_bool(self, obj, name, fname=None, force=False, value='yes', value_false=None, params=None):\n \"\"\" get bool parameter from params and set it into obj \"\"\"\n if fname is None:\n fname = name\n if params is None:\n params = self.params\n\n if params.get(name) is not None:\n if params.get(name):\n obj[fname] = value\n elif value_false is not None:\n obj[fname] = value_false\n elif force:\n obj[fname] = None\n elif value_false is None and fname in obj:\n del obj[fname]\n elif force:\n obj[fname] = value_false\n\n def _params_to_obj(self, obj=None):\n \"\"\" return a dict from module params that sets self.obj \"\"\"\n if obj is None:\n obj = dict()\n # Not all modules have 'state', treat them like they did\n if self.params.get('state', 'present') == 'present':\n # Skip 'state', but otherwise process all parameters. Ansible sets unspecified parameters to None.\n for param in [p for p in self.params if p != 'state']:\n force = False\n if param in self.param_force:\n force = True\n\n # If we have defined a parser for this arg, use it\n if param in self.arg_route and 'parse' in self.arg_route[param] and self.params.get(param) is not None:\n self.arg_route[param]['parse'](self, param, self.params, obj)\n elif self.argument_spec[param].get('type') == 'bool':\n if param in self.bool_values:\n self._get_ansible_param_bool(obj, param, value=self.bool_values[param][1], value_false=self.bool_values[param][0], force=force)\n elif self.bool_style == 'absent/present':\n self._get_ansible_param_bool(obj, param, value='', force=force)\n elif self.bool_style == 'on':\n self._get_ansible_param_bool(obj, param, value='on', force=force)\n else:\n self._get_ansible_param_bool(obj, param, force=force)\n else:\n self._get_ansible_param(obj, param, force=force)\n\n # Handle renaming of parameters\n for p, o in self.map_param:\n if self.params.get(p) is not None:\n move_dict_key(obj, p, o)\n\n # Handle conditional renaming of parameters\n for map_param, map_value, map_tuple in self.map_param_if:\n if self.params.get(map_param) == map_value and map_tuple[0] in obj:\n # Do not overwrite destination if it exists\n if map_tuple[1] not in obj:\n move_dict_key(obj, map_tuple[0], map_tuple[1])\n else:\n del obj[map_tuple[0]]\n else:\n # Just use the key to remove items\n obj[self.key] = self.params[self.key]\n\n return obj\n\n ##############################\n # params processing\n #\n def _validate_params(self):\n \"\"\" do some extra checks on input parameters \"\"\"\n params = self.params\n # Not all modules have 'state', treat them like they did\n if self.params.get('state', 'present') == 'present':\n # Ansible sets unspecied parameters to None, skip them\n for param in [p for p in self.params if self.params[p] is not None]:\n if param in self.arg_route and 'validate' in self.arg_route[param]:\n try:\n self.arg_route[param]['validate'](self, params[param])\n except ValueError as e:\n self.module.fail_json(msg=str(e))\n\n def _deprecated_params(self):\n \"\"\" return deprecated params \"\"\"\n return None\n\n def _onward_params(self):\n \"\"\" return onwards params \"\"\"\n return None\n\n def _check_deprecated_params(self):\n \"\"\" check if input parameters are deprecated \"\"\"\n deprecated_params = self._deprecated_params()\n if deprecated_params is None:\n return\n\n for deprecated in deprecated_params:\n if self.params.get(deprecated[0]) is not None and deprecated[1]():\n self.module.fail_json(msg='{0} is deprecated on pfSense {1}.'.format(deprecated[0], self.pfsense.get_version()))\n\n def _check_onward_params(self):\n \"\"\" check if input parameters are too recents \"\"\"\n onwards_params = self._onward_params()\n if onwards_params is None:\n return\n\n for onward in onwards_params:\n if self.params.get(onward[0]) is not None and not onward[1]():\n self.module.fail_json(msg='{0} is not supported on pfSense {1}.'.format(onward[0], self.pfsense.get_version()))\n\n ##############################\n # XML processing\n #\n def _copy_and_add_target(self):\n \"\"\" create the XML target_elt \"\"\"\n self.pfsense.copy_dict_to_element(self.obj, self.target_elt)\n self.diff['after'] = self.obj\n if self.root_is_exclusive:\n self.root_elt.append(self.target_elt)\n else:\n self.root_elt.insert(self._find_last_element_index(), self.target_elt)\n # Reset elements list\n self.elements = self.root_elt.findall(self.node)\n\n def _copy_and_update_target(self):\n \"\"\" update the XML target_elt \"\"\"\n before = self.pfsense.element_to_dict(self.target_elt)\n self.diff['before'] = before\n changed = self.pfsense.copy_dict_to_element(self.obj, self.target_elt)\n if self._remove_deleted_params():\n changed = True\n self.diff['after'] = self.pfsense.element_to_dict(self.target_elt)\n\n return (before, changed)\n\n def _create_target(self):\n \"\"\" create the XML target_elt \"\"\"\n if self.node is not None:\n elt = self.pfsense.new_element(self.node)\n if self.have_refid:\n # Store in obj so that we can refer to it later if needed\n self.obj['refid'] = self.pfsense.uniqid()\n elt.append(self.pfsense.new_element('refid', text=self.obj['refid']))\n if self.create_default is not None:\n self.pfsense.copy_dict_to_element(self.create_default, elt)\n return elt\n else:\n raise NotImplementedError()\n\n def _find_this_element_index(self):\n return self.elements.index(self.target_elt)\n\n def _find_last_element_index(self):\n if len(self.elements):\n return list(self.root_elt).index(self.elements[len(self.elements) - 1])\n else:\n return len(list(self.root_elt))\n\n def _find_target(self):\n \"\"\" find the XML target_elt \"\"\"\n if self.node is not None:\n result = self.root_elt.findall(\"{node}[{key}='{value}']\".format(node=self.node, key=self.key, value=self.obj[self.key]))\n if len(result) == 1:\n return result[0]\n elif len(result) > 1:\n self.module.fail_json(msg='Found multiple {node}s for {key} {value}.'.format(node=self.node, key=self.key, value=self.obj[self.key]))\n else:\n return None\n else:\n raise NotImplementedError()\n\n def _get_params_to_remove(self):\n \"\"\" returns the list of params to remove if they are set to false \"\"\"\n to_remove = []\n # We need to remove any booleans set to false that are \"None\" when unset\n for param in [n for n in self.argument_spec.keys() if self.argument_spec[n].get('type') == 'bool']:\n if self.params.get(param, None) is False:\n if param in self.bool_values and self.bool_values[param][0] is None:\n to_remove.append(param)\n elif self.bool_style == 'absent/present':\n to_remove.append(param)\n return to_remove\n\n def _remove_deleted_params(self):\n \"\"\" Remove from target_elt a few deleted params \"\"\"\n changed = False\n params = self._get_params_to_remove()\n for param in params:\n if self.pfsense.remove_deleted_param_from_elt(self.target_elt, param, self.obj):\n changed = True\n\n return changed\n\n def _remove_target_elt(self):\n \"\"\" delete target_elt from xml \"\"\"\n self.root_elt.remove(self.target_elt)\n self.result['changed'] = True\n\n ##############################\n # run\n #\n def _add(self):\n \"\"\" add or update obj \"\"\"\n if self.target_elt is None:\n self.target_elt = self._create_target()\n self._copy_and_add_target()\n\n changed = True\n self.change_descr = 'ansible {0} added {1}'.format(self._get_module_name(), self._get_obj_name())\n self._log_create()\n else:\n (before, changed) = self._copy_and_update_target()\n if changed:\n self.change_descr = 'ansible {0} updated {1}'.format(self._get_module_name(), self._get_obj_name())\n self._log_update(before)\n\n if changed:\n self.result['changed'] = changed\n\n def commit_changes(self):\n \"\"\" apply changes and exit module \"\"\"\n self.result['stdout'] = ''\n self.result['stderr'] = ''\n if self.result['changed'] and not self.module.check_mode:\n if self.apply:\n (dummy, self.result['stdout'], self.result['stderr']) = self._pre_update()\n\n self.pfsense.write_config(descr=self.change_descr)\n\n if self.apply:\n (dummy, stdout, stderr) = self._update()\n self.result['stdout'] += stdout\n self.result['stderr'] += stderr\n\n self.module.exit_json(**self.result)\n\n def _post_remove_target_elt(self):\n \"\"\" processing after removing elt \"\"\"\n pass\n\n def _pre_remove_target_elt(self):\n \"\"\" processing before removing elt \"\"\"\n self.diff['before'] = self.pfsense.element_to_dict(self.target_elt)\n\n def _remove(self):\n \"\"\" delete obj \"\"\"\n if self.target_elt is not None:\n self._pre_remove_target_elt()\n self._log_delete()\n self._remove_target_elt()\n self._post_remove_target_elt()\n self.change_descr = 'ansible {0} removed {1}'.format(self._get_module_name(), self._get_obj_name())\n\n @staticmethod\n def _pre_update():\n \"\"\" tasks to run before making config changes \"\"\"\n return ('', '', '')\n\n def _update(self):\n \"\"\" make the target pfsense reload \"\"\"\n if self.update_php is not None:\n return self.pfsense.phpshell(self.update_php)\n else:\n return ('', '', '')\n\n def _run_post(self):\n \"\"\" used to do some post-processing like adding results or decoding diff entries \"\"\"\n pass\n\n # We take params here for use with pfsense_aggregate and the test framework\n def run(self, params):\n \"\"\" process input params to add/update/delete \"\"\"\n self.params = params\n self.target_elt = None\n self._check_deprecated_params()\n self._check_onward_params()\n self._validate_params()\n\n self.obj = self._params_to_obj()\n if self.target_elt is None:\n self.target_elt = self._find_target()\n\n if params.get('state', None) == 'absent':\n self._remove()\n else:\n self._add()\n\n self._run_post()\n\n ##############################\n # Logging\n #\n def _log_create(self):\n \"\"\" generate pseudo-CLI command to create an obj \"\"\"\n log = \"create {0} {1}\".format(self._get_module_name(True), self._get_obj_name())\n log += self._log_fields()\n self.result['commands'].append(log)\n\n def _log_delete(self):\n \"\"\" generate pseudo-CLI command to delete an obj \"\"\"\n log = \"delete {0} {1}\".format(self._get_module_name(True), self._get_obj_name())\n log += self._log_fields_delete()\n self.result['commands'].append(log)\n\n def _log_fields(self, before=None):\n \"\"\" generate pseudo-CLI command fields parameters to create an obj \"\"\"\n values = ''\n if before is None:\n for param in [n for n in self.argument_spec.keys() if n != 'state' and n != self.key]:\n values += self.format_cli_field(self.obj, param)\n else:\n for param in [n for n in self.argument_spec.keys() if n != 'state' and n != self.key]:\n if self.argument_spec[param].get('type') == 'bool':\n values += self.format_updated_cli_field(self.diff['after'], before, param, fvalue=self.fvalue_bool, add_comma=(values))\n else:\n values += self.format_updated_cli_field(self.diff['after'], before, param, add_comma=(values))\n return values\n\n @staticmethod\n def _log_fields_delete():\n \"\"\" generate pseudo-CLI command fields parameters to delete an obj \"\"\"\n return \"\"\n\n def _log_update(self, before):\n \"\"\" generate pseudo-CLI command to update an obj \"\"\"\n log = \"update {0} {1}\".format(self._get_module_name(True), self._get_obj_name())\n values = self._log_fields(before)\n self.result['commands'].append(log + ' set ' + values)\n\n def _get_obj_name(self):\n \"\"\" return obj's name \"\"\"\n return \"'{0}'\".format(self.obj[self.key])\n\n def _get_module_name(self, strip=False):\n \"\"\" return ansible module's name \"\"\"\n if strip:\n return self.name.replace(\"pfsense_\", \"\")\n return self.name\n\n def format_cli_field(self, after, field, log_none=False, add_comma=True, fvalue=None, default=None, fname=None, none_value=None, force=False):\n \"\"\" format field for pseudo-CLI command \"\"\"\n if fvalue is None:\n fvalue = self.fvalue_idem\n\n if fname is None:\n fname = field\n\n if none_value is None:\n none_value = 'none'\n\n res = ''\n if field in after:\n if log_none and after[field] is None:\n res = \"{0}={1}\".format(fname, fvalue(none_value))\n if after[field] is not None:\n if default is None or after[field] != default:\n if isinstance(after[field], str) and fvalue != self.fvalue_bool:\n res = \"{0}='{1}'\".format(fname, fvalue(after[field].replace(\"'\", \"\\\\'\")))\n else:\n res = \"{0}={1}\".format(fname, fvalue(after[field]))\n elif log_none or force:\n res = \"{0}={1}\".format(fname, fvalue(none_value))\n\n if add_comma and res:\n return ', ' + res\n return res\n\n def format_updated_cli_field(self, after, before, field, log_none=True, add_comma=True, fvalue=None, default=None, fname=None, none_value=None):\n \"\"\" format field for pseudo-CLI update command \"\"\"\n log = False\n if none_value is None:\n none_value = 'none'\n\n if field in after and field in before:\n if fvalue is None and after[field] != before[field]:\n log = True\n elif fvalue is not None and fvalue(after[field]) != fvalue(before[field]):\n log = True\n elif fvalue is None:\n if field in after and field not in before or field not in after and field in before:\n log = True\n elif field in after and field not in before and fvalue(after[field]) != fvalue(none_value):\n log = True\n elif field not in after and field in before and fvalue(before[field]) != fvalue(none_value):\n log = True\n\n if log:\n return self.format_cli_field(\n after, field, log_none=log_none, add_comma=add_comma, fvalue=fvalue, default=default, fname=fname, none_value=none_value, force=True\n )\n return ''\n\n @staticmethod\n def fvalue_idem(value):\n \"\"\" dummy value formatting function \"\"\"\n return value\n\n @staticmethod\n def fvalue_bool(value):\n \"\"\" boolean value formatting function \"\"\"\n if value is None or value is False or value == 'none':\n return 'False'\n\n return 'True'\n"
},
{
"path": "plugins/module_utils/module_config_base.py",
"content": "# -*- coding: utf-8 -*-\n\n# Copyright: (c) 2019, Frederic Bor \n# Copyright: (c) 2024, Orion Poplawski \n# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)\n\nfrom __future__ import (absolute_import, division, print_function)\n__metaclass__ = type\n\nimport re\nfrom ansible_collections.pfsensible.core.plugins.module_utils.module_base import PFSenseModuleBase, merge_dicts\n\n\nclass PFSenseModuleConfigBase(PFSenseModuleBase):\n \"\"\" class for implementing pfSense modules that manage a set of configuration settings \"\"\"\n\n ##############################\n # init\n #\n def __init__(self, module, pfsense=None, package=None, name=None, root=None, root_is_exclusive=True, create_root=False, node=None, key='descr',\n update_php=None, arg_route=None, map_param=None, map_param_if=None, param_force=None, bool_style=None, bool_values=None, have_refid=False,\n create_default=None):\n super(PFSenseModuleConfigBase, self).__init__(module, pfsense=pfsense, package=package, name=name, root=root, node=node, root_is_exclusive=True,\n create_root=create_root, update_php=update_php, arg_route=arg_route, map_param=map_param,\n map_param_if=map_param_if, param_force=param_force, bool_style=bool_style, bool_values=bool_values,\n create_default=create_default)\n\n ##############################\n # params processing\n #\n def _params_to_obj(self):\n \"\"\" return a dict from module params \"\"\"\n # We need to pre-populate our object with the current config (if it exists) so that we only modify the options we specified\n config_elt = self.pfsense.get_element(self.node, root_elt=self.root_elt)\n if config_elt is None:\n obj = {}\n else:\n obj = self.pfsense.element_to_dict(config_elt)\n merge_dicts(obj, super(PFSenseModuleConfigBase, self)._params_to_obj(obj=obj))\n return obj\n\n ##############################\n # XML processing\n #\n def _find_target(self):\n \"\"\" find the XML target_elt \"\"\"\n return self.pfsense.get_element(self.node, root_elt=self.root_elt, create_node=True)\n\n ##############################\n # Logging\n #\n def _get_obj_name(self):\n \"\"\" return obj's name \"\"\"\n return re.sub(r'pfsense_', '', self.name)\n"
},
{
"path": "plugins/module_utils/nat_outbound.py",
"content": "# -*- coding: utf-8 -*-\n\n# Copyright: (c) 2019, Frederic Bor \n# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)\n\nfrom __future__ import absolute_import, division, print_function\n__metaclass__ = type\n\nfrom ansible_collections.pfsensible.core.plugins.module_utils.module_base import PFSenseModuleBase\nfrom string import hexdigits\nfrom hashlib import md5\nimport re\nimport sys\n\nNAT_OUTBOUND_ARGUMENT_SPEC = dict(\n descr=dict(required=True, type='str'),\n state=dict(default='present', choices=['present', 'absent']),\n disabled=dict(default=False, required=False, type='bool'),\n nonat=dict(default=False, required=False, type='bool'),\n interface=dict(required=False, type='str'),\n ipprotocol=dict(required=False, default='inet46', choices=['inet', 'inet46', 'inet6']),\n protocol=dict(default='any', required=False, choices=[\"any\", \"tcp\", \"udp\", \"tcp/udp\", \"icmp\", \"esp\", \"ah\", \"gre\", \"ipv6\", \"igmp\", \"carp\", \"pfsync\"]),\n source=dict(required=False, type='str'),\n destination=dict(required=False, type='str'),\n invert=dict(default=False, required=False, type='bool'),\n address=dict(required=False, type='str'),\n poolopts=dict(\n default='', required=False, choices=[\"\", \"round-robin\", \"round-robin sticky-address\", \"random\", \"random sticky-address\", \"source-hash\", \"bitmask\"]\n ),\n source_hash_key=dict(default='', type='str', no_log=True),\n staticnatport=dict(default=False, required=False, type='bool'),\n nosync=dict(default=False, required=False, type='bool'),\n after=dict(required=False, type='str'),\n before=dict(required=False, type='str'),\n)\n\nNAT_OUTBOUND_MUTUALLY_EXCLUSIVE = [\n ('after', 'before'),\n]\n\nNAT_OUTBOUND_REQUIRED_IF = [\n [\"state\", \"present\", [\"interface\", \"source\", \"destination\"]]\n]\n\n# Booleans that map to different values\nNAT_OUTBOUND_BOOL_VALUES = dict(\n disabled=(None, ''),\n staticnatport=(None, ''),\n nonat=(None, ''),\n nosync=(None, ''),\n)\n\n\ndef p2o_after(self, name, params, obj):\n self.after = params[name]\n\n\ndef p2o_before(self, name, params, obj):\n self.before = params[name]\n\n\ndef p2o_ipprotocol(self, name, params, obj):\n # IPv4+6 is marked by the absense of an ipprotocol element\n if params[name] != 'inet46':\n obj[name] = params[name]\n\n\ndef p2o_protocol(self, name, params, obj):\n # 'any' is marked by the absense of a protocol element\n if params[name] != 'any':\n obj[name] = params[name]\n\n\nNAT_OUTBOUND_ARG_ROUTE = dict(\n after=dict(parse=p2o_after),\n before=dict(parse=p2o_before),\n ipprotocol=dict(parse=p2o_ipprotocol),\n protocol=dict(parse=p2o_protocol),\n)\n\n\nclass PFSenseNatOutboundModule(PFSenseModuleBase):\n \"\"\" module managing pfsense NAT rules \"\"\"\n\n @staticmethod\n def get_argument_spec():\n \"\"\" return argument spec \"\"\"\n return NAT_OUTBOUND_ARGUMENT_SPEC\n\n ##############################\n # init\n #\n def __init__(self, module, pfsense=None):\n super(PFSenseNatOutboundModule, self).__init__(module, pfsense, root='nat/outbound', create_root=True, arg_route=NAT_OUTBOUND_ARG_ROUTE,\n bool_values=NAT_OUTBOUND_BOOL_VALUES)\n self.name = \"pfsense_nat_outbound\"\n # Override for use with aggregate\n self.argument_spec = NAT_OUTBOUND_ARGUMENT_SPEC\n\n self.after = None\n self.before = None\n self.position_changed = False\n\n ##############################\n # params processing\n #\n def _params_to_obj(self):\n \"\"\" return a dict from module params \"\"\"\n\n obj = super(PFSenseNatOutboundModule, self)._params_to_obj()\n params = self.params\n if params['state'] == 'present':\n self._parse_address(obj, 'source', 'sourceport', True, 'network')\n self._parse_address(obj, 'destination', 'dstport', False, 'network')\n if params['invert']:\n obj['destination']['not'] = None\n self._parse_translated_address(obj)\n\n if obj['source_hash_key'] != '' and not obj['source_hash_key'].startswith('0x'):\n if sys.version_info[0] >= 3:\n obj['source_hash_key'] = '0x' + md5(obj['source_hash_key'].encode('utf-8')).hexdigest()\n else:\n obj['source_hash_key'] = '0x' + md5(obj['source_hash_key']).hexdigest()\n\n return obj\n\n def _parse_address(self, obj, field, field_port, allow_self, target):\n \"\"\" validate param address field and returns it as a dict \"\"\"\n if self.params.get(field) is None or self.params[field] == '':\n return\n\n param = self.params[field]\n addr = param.split(':')\n if len(addr) > 3:\n self.module.fail_json(msg='Cannot parse address %s' % (param))\n\n address = addr[0]\n\n ret = dict()\n\n if address == 'NET':\n interface = addr[1] if len(addr) > 1 else None\n ports = addr[2] if len(addr) > 2 else None\n if interface is None or interface == '':\n self.module.fail_json(msg='Cannot parse address %s' % (param))\n\n ret['network'] = self.pfsense.parse_interface(interface)\n else:\n ports = addr[1] if len(addr) > 1 else None\n if address == 'any':\n if field == 'source':\n ret[target] = 'any'\n else:\n ret['any'] = ''\n # rule with this firewall\n elif allow_self and address == '(self)':\n ret[target] = '(self)'\n elif self.params['ipprotocol'] != 'inet6' and self.pfsense.is_ipv4_address(address):\n ret[target] = address + '/32'\n self.module.warn('Specifying an address without a CIDR prefix is depracated. Please add /32 if you want a single host address')\n elif self.params['ipprotocol'] != 'inet4' and self.pfsense.is_ipv6_address(address):\n ret[target] = address + '/128'\n self.module.warn('Specifying an address without a CIDR prefix is depracated. Please add /128 if you want a single host address')\n elif self.params['ipprotocol'] != 'inet6' and self.pfsense.is_ipv4_network(address, False):\n (addr, bits) = self.pfsense.parse_ip_network(address, False, False)\n ret[target] = addr + '/' + str(bits)\n elif self.params['ipprotocol'] != 'inet4' and self.pfsense.is_ipv6_network(address, False):\n (addr, bits) = self.pfsense.parse_ip_network(address, False, False)\n ret[target] = addr + '/' + str(bits)\n elif self.pfsense.find_alias(address, 'host') is not None or self.pfsense.find_alias(address, 'network') is not None:\n ret[target] = address\n else:\n self.module.fail_json(msg='Cannot parse address %s, not %s network or alias' % (address, self.params['ipprotocol']))\n\n if ports is not None:\n self._parse_ports(obj, ports, field_port, param)\n\n obj[field] = ret\n\n def _parse_ports(self, obj, ports, field_port, param):\n \"\"\" validate param address field and returns it as a dict \"\"\"\n if ports is not None:\n ports = ports.split('-')\n if len(ports) > 2 or ports[0] is None or ports[0] == '' or len(ports) == 2 and (ports[1] is None or ports[1] == ''):\n self.module.fail_json(msg='Cannot parse address %s' % (param))\n\n if not self.pfsense.is_port_or_alias(ports[0]):\n self.module.fail_json(msg='Cannot parse port %s, not port number or alias' % (ports[0]))\n obj[field_port] = ports[0]\n\n if len(ports) > 1:\n if not self.pfsense.is_port_or_alias(ports[1]):\n self.module.fail_json(msg='Cannot parse port %s, not port number or alias' % (ports[1]))\n obj[field_port] += ':' + ports[1]\n\n def _parse_translated_address(self, obj):\n \"\"\" validate param address field and returns it as a dict \"\"\"\n obj['target'] = ''\n obj['target_subnet'] = ''\n\n if self.params.get('address') is None or self.params['address'] == '':\n return\n\n param = self.params['address']\n addr = param.split(':')\n if len(addr) > 2:\n self.module.fail_json(msg='Cannot parse address %s' % (param))\n\n address = addr[0]\n\n ports = addr[1] if len(addr) > 1 else None\n if address is not None and address != '':\n if self.pfsense.is_virtual_ip(address):\n obj['target'] = address\n obj['target_subnet'] = None\n elif self.pfsense.find_alias(address, 'host') is not None or self.pfsense.find_alias(address, 'network') is not None:\n obj['target'] = address\n if obj['poolopts'] != '' and not obj['poolopts'].startswith('round-robin'):\n self.module.fail_json(msg='Only Round Robin pool options may be chosen when selecting an alias.')\n obj['target_subnet'] = '32'\n elif self.pfsense.is_ipv4_address(address):\n obj['target'] = address\n obj['target_subnet'] = '32'\n else:\n (addr, part) = self.pfsense.parse_ip_network(address, False, False)\n if addr is None:\n self.module.fail_json(msg='Cannot parse address %s, not IP or alias' % (address))\n obj['target'] = addr\n obj['target_subnet'] = str(part)\n del obj['address']\n\n self._parse_ports(obj, ports, 'natport', param)\n\n def _validate_params(self):\n \"\"\" do some extra checks on input parameters \"\"\"\n\n if self.params.get('after'):\n if self.params['after'] == self.params['descr']:\n self.module.fail_json(msg='Cannot specify the current rule in after')\n elif self.params.get('before'):\n if self.params['before'] == self.params['descr']:\n self.module.fail_json(msg='Cannot specify the current rule in before')\n\n if self.params.get('source_hash_key') is not None and self.params['source_hash_key'].startswith('0x'):\n hash = self.params['source_hash_key'][2:]\n if len(hash) != 32 or not all(c in hexdigits for c in hash):\n self.module.fail_json(msg='Incorrect format for source-hash key, \\\"0x\\\" must be followed by exactly 32 hexadecimal characters.')\n\n ##############################\n # XML processing\n #\n def _copy_and_add_target(self):\n \"\"\" create the XML target_elt \"\"\"\n self.pfsense.copy_dict_to_element(self.obj, self.target_elt)\n self.diff['after'] = self.obj\n self._insert(self.target_elt)\n\n def _copy_and_update_target(self):\n \"\"\" update the XML target_elt \"\"\"\n before = self.pfsense.element_to_dict(self.target_elt)\n self.diff['before'] = before\n\n # Remove empty/None optional fields from obj when the XML doesn't have them to avoid false change detection\n # (copy_dict_to_element would create empty elements and report changed=True even though the semantic value is unchanged)\n for field in ['poolopts', 'source_hash_key', 'target', 'target_subnet', 'address']:\n if field in self.obj and (self.obj[field] == '' or self.obj[field] is None) and field not in before:\n del self.obj[field]\n\n # pfSense omits for single-host IPs (implicit /32).\n # Don't create it if the target itself hasn't changed.\n if ('target_subnet' in self.obj and 'target_subnet' not in before\n and 'target' in self.obj and before.get('target', '') == self.obj['target']):\n del self.obj['target_subnet']\n\n # pfSense XML may use either 'network' or 'address' as the key inside /.\n # Adjust to match the existing XML to avoid a phantom sub-element swap.\n for field in ('source', 'destination'):\n if field in self.obj and isinstance(self.obj[field], dict) and 'network' in self.obj[field]:\n field_elt = self.target_elt.find(field)\n if field_elt is not None and field_elt.find('network') is None and field_elt.find('address') is not None:\n self.obj[field]['address'] = self.obj[field].pop('network')\n\n # pfSense may store a special reference (e.g. 'other-subnet') in instead of the raw IP.\n # When the existing XML target is not a plain IP and the semantic value hasn't changed, preserve it.\n if 'target' in self.obj:\n xml_target_elt = self.target_elt.find('target')\n if xml_target_elt is not None and xml_target_elt.text:\n xml_target = xml_target_elt.text\n if (xml_target != self.obj['target']\n and not self.pfsense.is_ipv4_address(xml_target)\n and not self.pfsense.is_ipv4_network(xml_target, False)):\n self.obj['target'] = xml_target\n if 'target_subnet' in self.obj and self.target_elt.find('target_subnet') is None:\n del self.obj['target_subnet']\n\n # For presence-based booleans (true_val=''), pfSense may store the element text as 'yes' or '' - both mean \"present/true\".\n # Match the existing XML text so copy_dict_to_element doesn't see a difference.\n for param, (false_val, true_val) in NAT_OUTBOUND_BOOL_VALUES.items():\n if true_val == '' and param in self.obj and self.obj[param] == '':\n param_elt = self.target_elt.find(param)\n if param_elt is not None and param_elt.text is not None and param_elt.text != '':\n self.obj[param] = param_elt.text\n\n changed = self.pfsense.copy_dict_to_element(self.obj, self.target_elt)\n self.diff['after'] = self.pfsense.element_to_dict(self.target_elt)\n if self._remove_deleted_params():\n changed = True\n\n if self._update_rule_position(self.target_elt):\n changed = True\n\n return (before, changed)\n\n def _create_target(self):\n \"\"\" create the XML target_elt \"\"\"\n target_elt = self.pfsense.new_element('rule')\n return target_elt\n\n def _find_first_rule_idx(self):\n \"\"\" find the XML first rule idx \"\"\"\n for idx, rule_elt in enumerate(self.root_elt):\n if rule_elt.tag != 'rule':\n continue\n return idx\n\n return len(self.root_elt)\n\n def _find_rule_by_descr(self, descr):\n \"\"\" find the XML target_elt \"\"\"\n for idx, rule_elt in enumerate(self.root_elt):\n if rule_elt.tag != 'rule':\n continue\n\n if rule_elt.find('descr').text == descr:\n return (rule_elt, idx)\n return (None, None)\n\n def _find_target(self):\n \"\"\" find the XML target_elt \"\"\"\n for rule_elt in self.root_elt:\n if rule_elt.tag != 'rule':\n continue\n\n if rule_elt.find('descr').text == self.obj['descr']:\n return rule_elt\n return None\n\n def _get_expected_rule_position(self):\n \"\"\" get expected rule position in interface/floating \"\"\"\n if self.before == 'bottom':\n return len(self.root_elt)\n elif self.after == 'top':\n return self._find_first_rule_idx()\n elif self.after is not None:\n return self._get_rule_position(self.after) + 1\n elif self.before is not None:\n position = self._get_rule_position(self.before) - 1\n if position < 0:\n return self._find_first_rule_idx()\n return position\n else:\n position = self._get_rule_position(self.after, fail=False)\n if position is not None:\n return position\n return len(self.root_elt)\n return -1\n\n def _get_expected_rule_xml_index(self):\n \"\"\" get expected rule index in xml \"\"\"\n if self.before == 'bottom':\n return len(self.root_elt)\n elif self.after == 'top':\n return self._find_first_rule_idx()\n elif self.after is not None:\n found, i = self._find_rule_by_descr(self.after)\n if found is not None:\n return i + 1\n else:\n self.module.fail_json(msg='Failed to insert after rule=%s' % (self.after))\n elif self.before is not None:\n found, i = self._find_rule_by_descr(self.before)\n if found is not None:\n return i\n else:\n self.module.fail_json(msg='Failed to insert before rule=%s' % (self.before))\n else:\n found, i = self._find_rule_by_descr(self.obj['descr'])\n if found is not None:\n return i\n return len(self.root_elt)\n return -1\n\n @staticmethod\n def _get_params_to_remove():\n \"\"\" returns the list of params to remove if they are not set \"\"\"\n return ['disabled', 'nonat', 'invert', 'staticnatport', 'nosync', 'dstport', 'natport', 'ipprotocol', 'protocol']\n\n def _get_rule_position(self, descr=None, fail=True):\n \"\"\" get rule position in interface/floating \"\"\"\n if descr is None:\n descr = self.obj['descr']\n\n (res, idx) = self._find_rule_by_descr(descr)\n if fail and res is None:\n self.module.fail_json(msg='Failed to find rule=%s' % (descr))\n return idx\n\n def _insert(self, rule_elt):\n \"\"\" insert rule into xml \"\"\"\n rule_xml_idx = self._get_expected_rule_xml_index()\n self.root_elt.insert(rule_xml_idx, rule_elt)\n\n def _update_rule_position(self, rule_elt):\n \"\"\" move rule in xml if required \"\"\"\n current_position = self._get_rule_position()\n expected_position = self._get_expected_rule_position()\n if current_position == expected_position:\n self.position_changed = False\n return False\n\n self.root_elt.remove(rule_elt)\n self._insert(rule_elt)\n self.position_changed = True\n return True\n\n ##############################\n # run\n #\n def _update(self):\n \"\"\" make the target pfsense reload \"\"\"\n return self.pfsense.phpshell('''require_once(\"filter.inc\");\nif (filter_configure() == 0) { clear_subsystem_dirty('natconf'); clear_subsystem_dirty('filter'); }''')\n\n ##############################\n # Logging\n #\n @staticmethod\n def fvalue_protocol(value):\n \"\"\" boolean value formatting function \"\"\"\n if value is None or value == 'none':\n return 'any'\n\n return value\n\n @staticmethod\n def fvalue_ipprotocol(value):\n \"\"\" boolean value formatting function \"\"\"\n if value is None or value == 'none':\n return 'inet46'\n\n return value\n\n def _log_fields(self, before=None):\n \"\"\" generate pseudo-CLI command fields parameters to create an obj \"\"\"\n values = ''\n fafter = self._obj_to_log_fields(self.obj)\n if before is None:\n values += self.format_cli_field(self.params, 'disabled', fvalue=self.fvalue_bool, default=False)\n values += self.format_cli_field(self.params, 'nonat', fvalue=self.fvalue_bool, default=False)\n values += self.format_cli_field(self.params, 'interface')\n values += self.format_cli_field(self.params, 'ipprotocol', fvalue=self.fvalue_ipprotocol, default='inet46')\n values += self.format_cli_field(self.params, 'protocol', fvalue=self.fvalue_protocol, default='any')\n values += self.format_cli_field(self.params, 'source')\n values += self.format_cli_field(self.params, 'destination')\n values += self.format_cli_field(self.params, 'invert', fvalue=self.fvalue_bool, default=False)\n values += self.format_cli_field(fafter, 'address', default='')\n values += self.format_cli_field(self.params, 'poolopts', default='')\n values += self.format_cli_field(self.obj, 'source_hash_key', default='')\n values += self.format_cli_field(self.params, 'staticnatport', fvalue=self.fvalue_bool, default=False)\n values += self.format_cli_field(self.params, 'nosync', fvalue=self.fvalue_bool, default=False)\n values += self.format_cli_field(self.params, 'after')\n values += self.format_cli_field(self.params, 'before')\n else:\n fbefore = self._obj_to_log_fields(before)\n fafter['before'] = self.before\n fafter['after'] = self.after\n\n values += self.format_updated_cli_field(self.obj, before, 'disabled', fvalue=self.fvalue_bool, default=False, add_comma=(values))\n values += self.format_updated_cli_field(self.obj, before, 'nonat', fvalue=self.fvalue_bool, default=False, add_comma=(values))\n values += self.format_updated_cli_field(fafter, fbefore, 'interface', add_comma=(values))\n values += self.format_updated_cli_field(self.obj, before, 'ipprotocol', fvalue=self.fvalue_ipprotocol, add_comma=(values))\n values += self.format_updated_cli_field(self.obj, before, 'protocol', fvalue=self.fvalue_protocol, add_comma=(values))\n values += self.format_updated_cli_field(fafter, fbefore, 'source', add_comma=(values))\n values += self.format_updated_cli_field(fafter, fbefore, 'destination', add_comma=(values))\n values += self.format_updated_cli_field(self.obj, before, 'invert', fvalue=self.fvalue_bool, default=False, add_comma=(values))\n values += self.format_updated_cli_field(fafter, fbefore, 'address', default='', add_comma=(values))\n values += self.format_updated_cli_field(self.obj, before, 'poolopts', default='', add_comma=(values))\n values += self.format_updated_cli_field(self.obj, before, 'source_hash_key', default='', add_comma=(values))\n values += self.format_updated_cli_field(self.obj, before, 'staticnatport', fvalue=self.fvalue_bool, default=False, add_comma=(values))\n values += self.format_updated_cli_field(self.obj, before, 'nosync', fvalue=self.fvalue_bool, default=False, add_comma=(values))\n if self.position_changed:\n values += self.format_updated_cli_field(fafter, {}, 'after', log_none=False, add_comma=(values))\n values += self.format_updated_cli_field(fafter, {}, 'before', log_none=False, add_comma=(values))\n\n return values\n\n def _obj_address_to_log_field(self, rule, addr, target, port):\n \"\"\" return formated address from dict \"\"\"\n field = ''\n if addr in rule:\n # pfSense XML may use 'address' instead of 'network' as the key\n actual_target = target\n if target not in rule[addr] and target == 'network' and 'address' in rule[addr]:\n actual_target = 'address'\n if actual_target in rule[addr]:\n if self.pfsense.interfaces.find(rule[addr][actual_target]):\n field = 'NET:'\n field += rule[addr][actual_target]\n elif addr == 'destination' and 'any' in rule[addr]:\n field = 'any'\n\n if port in rule and rule[port] is not None and rule[port] != '':\n field += ':'\n field += rule[port].replace(':', '-')\n\n return field\n\n def _obj_to_log_fields(self, rule):\n \"\"\" return formated source and destination from dict \"\"\"\n res = {}\n res['source'] = self._obj_address_to_log_field(rule, 'source', 'network', 'sourceport')\n res['destination'] = self._obj_address_to_log_field(rule, 'destination', 'network', 'dstport')\n res['interface'] = self.pfsense.get_interface_display_name(rule['interface'])\n\n if rule.get('target', '') != '':\n if re.match(r'[a-zA-Z]', rule['target']) or rule.get('target_subnet') is None:\n res['address'] = rule['target']\n else:\n res['address'] = rule['target'] + '/' + rule['target_subnet']\n if rule.get('natport', '') != '':\n res['address'] += ':'\n res['address'] += rule['natport'].replace(':', '-')\n return res\n"
},
{
"path": "plugins/module_utils/nat_port_forward.py",
"content": "# -*- coding: utf-8 -*-\n\n# Copyright: (c) 2019, Frederic Bor \n# Copyright: (c) 2023, Orion Poplwski \n# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)\n\nfrom __future__ import absolute_import, division, print_function\n__metaclass__ = type\n\nfrom ansible_collections.pfsensible.core.plugins.module_utils.module_base import PFSenseModuleBase\nfrom ansible_collections.pfsensible.core.plugins.module_utils.rule import PFSenseRuleModule\n\nNAT_PORT_FORWARD_ARGUMENT_SPEC = dict(\n descr=dict(required=True, type='str'),\n state=dict(default='present', choices=['present', 'absent']),\n disabled=dict(default=False, required=False, type='bool'),\n nordr=dict(default=False, required=False, type='bool'),\n interface=dict(required=False, type='str'),\n ipprotocol=dict(default='inet', choices=['inet', 'inet6']),\n protocol=dict(default='tcp', required=False, choices=[\"tcp\", \"udp\", \"tcp/udp\", \"icmp\", \"esp\", \"ah\", \"gre\", \"ipv6\", \"igmp\", \"pim\", \"ospf\"]),\n source=dict(required=False, type='str'),\n destination=dict(required=False, type='str'),\n target=dict(required=False, type='str'),\n natreflection=dict(default='system-default', choices=[\"system-default\", \"enable\", \"purenat\", \"disable\"]),\n associated_rule=dict(default='associated', required=False, choices=[\"associated\", \"unassociated\", \"pass\", \"none\"]),\n nosync=dict(default=False, required=False, type='bool'),\n after=dict(required=False, type='str'),\n before=dict(required=False, type='str'),\n)\n\nNAT_PORT_FORWARD_REQUIRED_IF = [\n [\"state\", \"present\", [\"interface\", \"source\", \"destination\", \"target\"]]\n]\n\n\nclass PFSenseNatPortForwardModule(PFSenseModuleBase):\n \"\"\" module managing pfsense NAT rules \"\"\"\n\n @staticmethod\n def get_argument_spec():\n \"\"\" return argument spec \"\"\"\n return NAT_PORT_FORWARD_ARGUMENT_SPEC\n\n ##############################\n # init\n #\n def __init__(self, module, pfsense=None):\n super(PFSenseNatPortForwardModule, self).__init__(module, pfsense)\n self.name = \"pfsense_nat_port_forward\"\n # Override for use with aggregate\n self.argument_spec = NAT_PORT_FORWARD_ARGUMENT_SPEC\n self.obj = dict()\n\n self.after = None\n self.before = None\n self.position_changed = False\n\n self.root_elt = self.pfsense.get_element('nat')\n if self.root_elt is None:\n self.root_elt = self.pfsense.new_element('nat')\n self.pfsense.root.append(self.root_elt)\n\n self.pfsense_rule_module = None\n\n ##############################\n # params processing\n #\n def _params_to_obj(self):\n \"\"\" return a dict from module params \"\"\"\n\n obj = dict()\n self.obj = obj\n obj['descr'] = self.params['descr']\n if self.params['state'] == 'present':\n obj['interface'] = self.pfsense.parse_interface(self.params['interface'])\n if self.pfsense.is_at_least_2_5_0():\n self._get_ansible_param(obj, 'ipprotocol')\n self._get_ansible_param(obj, 'protocol')\n self._get_ansible_param(obj, 'poolopts')\n self._get_ansible_param(obj, 'source_hash_key')\n self._get_ansible_param(obj, 'natport')\n\n self._get_ansible_param(obj, 'natreflection')\n if obj['natreflection'] == 'system-default':\n del obj['natreflection']\n\n if self.params['associated_rule'] == 'pass':\n obj['associated-rule-id'] = 'pass'\n elif self.params['associated_rule'] == 'unassociated' and self._find_target() is not None:\n self.module.fail_json(msg='You cannot set an unassociated filter rule if the NAT rule already exists.')\n else:\n obj['associated-rule-id'] = ''\n\n self._get_ansible_param_bool(obj, 'disabled')\n self._get_ansible_param_bool(obj, 'nordr')\n self._get_ansible_param_bool(obj, 'nosync')\n\n if 'after' in self.params and self.params['after'] is not None:\n self.after = self.params['after']\n\n if 'before' in self.params and self.params['before'] is not None:\n self.before = self.params['before']\n\n obj['source'] = self.pfsense.parse_address(self.params['source'], allow_self=False)\n obj['destination'] = self.pfsense.parse_address(self.params['destination'])\n self._parse_target_address(obj)\n\n return obj\n\n def _parse_target_address(self, obj):\n \"\"\" validate param address field and returns it as a dict \"\"\"\n\n if self.params.get('target') is None or self.params['target'] == '':\n self.module.fail_json(msg='The field Redirect target IP is required.')\n\n param = self.params['target']\n addr = param.split(':')\n if len(addr) > 2:\n self.module.fail_json(msg='Cannot parse address %s' % (param))\n\n address = addr[0]\n\n ports = addr[1] if len(addr) > 1 else None\n if self.pfsense.find_alias(address, 'host') is not None or self.pfsense.is_ipv4_address(address):\n obj['target'] = address\n else:\n self.module.fail_json(msg='\"%s\" is not a valid redirect target IP address or host alias.' % (param))\n\n if ports is None:\n if self.params['protocol'] in [\"tcp\", \"udp\", \"tcp/udp\"]:\n self.module.fail_json(msg='Must specify a target port with protocol \"{0}\".'.format(self.params['protocol']))\n else:\n # pfSense seems to always add an empty local-port element\n obj['local-port'] = ''\n\n if ports is not None:\n if self.params['protocol'] not in [\"tcp\", \"udp\", \"tcp/udp\"]:\n self.module.fail_json(msg='Cannot specify a target port with protocol \"{0}\".'.format(self.params['protocol']))\n elif self.pfsense.is_port_or_alias(ports):\n obj['local-port'] = ports\n else:\n self.module.fail_json(msg='\"{0}\" is not a valid redirect target port. It must be a port alias or integer between 1 and 65535.'.format(ports))\n\n def _validate_params(self):\n \"\"\" do some extra checks on input parameters \"\"\"\n\n if self.params.get('after') and self.params.get('before'):\n self.module.fail_json(msg='Cannot specify both after and before')\n elif self.params.get('after'):\n if self.params['after'] == self.params['descr']:\n self.module.fail_json(msg='Cannot specify the current rule in after')\n elif self.params.get('before'):\n if self.params['before'] == self.params['descr']:\n self.module.fail_json(msg='Cannot specify the current rule in before')\n\n ##############################\n # XML processing\n #\n def _copy_and_add_target(self):\n \"\"\" create the XML target_elt \"\"\"\n self._set_associated_rule()\n self.pfsense.copy_dict_to_element(self.obj, self.target_elt)\n self.diff['after'] = self.pfsense.element_to_dict(self.target_elt)\n self._insert(self.target_elt)\n\n def _copy_and_update_target(self):\n \"\"\" update the XML target_elt \"\"\"\n before = self.pfsense.element_to_dict(self.target_elt)\n self.diff['before'] = before\n changed = self._set_associated_rule(before)\n\n if self.pfsense.copy_dict_to_element(self.obj, self.target_elt):\n changed = True\n\n if self._remove_deleted_params():\n changed = True\n\n if self._update_rule_position(self.target_elt):\n changed = True\n\n self.diff['after'] = self.pfsense.element_to_dict(self.target_elt)\n return (before, changed)\n\n def _create_associated_rule(self):\n if self.pfsense_rule_module is None:\n self.pfsense_rule_module = PFSenseRuleModule(self.module, self.pfsense)\n params = dict()\n params['name'] = 'NAT ' + self.params['descr']\n params['state'] = 'present'\n params['action'] = 'pass'\n if self.pfsense.is_at_least_2_5_0():\n params['ipprotocol'] = 'inet'\n params['statetype'] = 'keep state'\n params['interface'] = self.params['interface']\n params['source'] = self.params['source']\n params['destination'] = self.params['target']\n params['disabled'] = self.params['disabled']\n params['protocol'] = self.params['protocol']\n if self.params['associated_rule'] == 'associated':\n params['associated-rule-id'] = self.pfsense.uniqid('nat_', True)\n self.obj['associated-rule-id'] = params['associated-rule-id']\n self.result['commands'] = list()\n self.pfsense_rule_module.run(params)\n self.result['commands'] += self.pfsense_rule_module.result['commands']\n\n def _create_target(self):\n \"\"\" create the XML target_elt \"\"\"\n target_elt = self.pfsense.new_element('rule')\n return target_elt\n\n def _delete_associated_rule(self, ruleid, interface=None):\n if ruleid is None or ruleid == '' or ruleid == 'pass':\n return\n\n if interface is None:\n interface = self.params['interface']\n self.pfsense_rule_module = PFSenseRuleModule(self.module, self.pfsense)\n params = dict()\n if self.params['descr'] is None:\n params['name'] = 'NAT '\n else:\n params['name'] = 'NAT ' + self.params['descr']\n params['interface'] = interface\n params['state'] = 'absent'\n params['associated-rule-id'] = ruleid\n self.pfsense_rule_module.run(params)\n self.result['commands'] += self.pfsense_rule_module.result['commands']\n\n def _find_rule_by_descr(self, descr):\n \"\"\" find the XML target_elt \"\"\"\n for idx, rule_elt in enumerate(self.root_elt):\n if rule_elt.tag != 'rule':\n continue\n\n if rule_elt.find('descr').text == descr:\n return (rule_elt, idx)\n return (None, None)\n\n def _find_target(self):\n \"\"\" find the XML target_elt \"\"\"\n for rule_elt in self.root_elt:\n if rule_elt.tag != 'rule':\n continue\n\n if rule_elt.find('descr').text == self.obj['descr']:\n return rule_elt\n return None\n\n def _get_expected_rule_position(self):\n \"\"\" get expected rule position in interface/floating \"\"\"\n if self.before == 'bottom':\n return len(self.root_elt)\n elif self.after == 'top':\n return 0\n elif self.after is not None:\n return self._get_rule_position(self.after) + 1\n elif self.before is not None:\n position = self._get_rule_position(self.before) - 1\n if position < 0:\n return 0\n return position\n else:\n position = self._get_rule_position(self.after, fail=False)\n if position is not None:\n return position\n return len(self.root_elt)\n return -1\n\n def _get_expected_rule_xml_index(self):\n \"\"\" get expected rule index in xml \"\"\"\n if self.before == 'bottom':\n return len(self.root_elt)\n elif self.after == 'top':\n return 0\n elif self.after is not None:\n found, i = self._find_rule_by_descr(self.after)\n if found is not None:\n return i + 1\n else:\n self.module.fail_json(msg='Failed to insert after rule=%s' % (self.after))\n elif self.before is not None:\n found, i = self._find_rule_by_descr(self.before)\n if found is not None:\n return i\n else:\n self.module.fail_json(msg='Failed to insert before rule=%s' % (self.before))\n else:\n found, i = self._find_rule_by_descr(self.obj['descr'])\n if found is not None:\n return i\n return len(self.root_elt)\n return -1\n\n @staticmethod\n def _get_params_to_remove():\n \"\"\" returns the list of params to remove if they are not set \"\"\"\n return ['disabled', 'nordr', 'nosync', 'natreflection']\n\n def _get_rule_position(self, descr=None, fail=True):\n \"\"\" get rule position in interface/floating \"\"\"\n if descr is None:\n descr = self.obj['descr']\n\n (res, idx) = self._find_rule_by_descr(descr)\n if fail and res is None:\n self.module.fail_json(msg='Failed to find rule=%s' % (descr))\n return idx\n\n def _insert(self, rule_elt):\n \"\"\" insert rule into xml \"\"\"\n rule_xml_idx = self._get_expected_rule_xml_index()\n self.root_elt.insert(rule_xml_idx, rule_elt)\n\n def _pre_remove_target_elt(self):\n \"\"\" processing before removing elt \"\"\"\n ruleid_elt = self.target_elt.find('associated-rule-id')\n if ruleid_elt is not None:\n self._delete_associated_rule(ruleid_elt.text)\n\n def _set_associated_rule(self, before=None):\n \"\"\" manage changes to the associated rule \"\"\"\n if before is None:\n if self.params['associated_rule'] == 'associated' or self.params['associated_rule'] == 'unassociated':\n self._create_associated_rule()\n else:\n if self.params['associated_rule'] == 'associated':\n if before['associated-rule-id'].startswith('nat_'):\n if self.obj['interface'] != before['interface']:\n self._delete_associated_rule(before['associated-rule-id'], before['interface'])\n else:\n self.obj['associated-rule-id'] = before['associated-rule-id']\n return\n self._create_associated_rule()\n elif before['associated-rule-id'].startswith('nat_'):\n self._delete_associated_rule(before['associated-rule-id'])\n\n def _update_rule_position(self, rule_elt):\n \"\"\" move rule in xml if required \"\"\"\n current_position = self._get_rule_position()\n expected_position = self._get_expected_rule_position()\n if current_position == expected_position:\n self.position_changed = False\n return False\n\n self.diff['before']['position'] = current_position\n self.diff['after']['position'] = expected_position\n self.root_elt.remove(rule_elt)\n self._insert(rule_elt)\n self.position_changed = True\n return True\n\n ##############################\n # run\n #\n def _update(self):\n \"\"\" make the target pfsense reload \"\"\"\n return self.pfsense.phpshell('''require_once(\"filter.inc\");\nif (filter_configure() == 0) { clear_subsystem_dirty('natconf'); clear_subsystem_dirty('filter'); }''')\n\n ##############################\n # Logging\n #\n def _get_obj_name(self):\n \"\"\" return obj's name \"\"\"\n return \"'{0}'\".format(self.obj['descr'])\n\n @staticmethod\n def fassociate(value):\n \"\"\" associated-rule-id value formatting function \"\"\"\n if value is None or value == '':\n return 'none'\n\n if value == 'pass':\n return 'pass'\n\n return 'associated'\n\n @staticmethod\n def fnatreflection(value):\n \"\"\" natreflection value formatting function \"\"\"\n if value is None or value == 'none':\n return \"'system-default'\"\n\n return value\n\n @staticmethod\n def fprotocol(value):\n \"\"\" protocol value formatting function \"\"\"\n if value is None or value == 'none':\n return 'any'\n\n return value\n\n def _log_fields(self, before=None):\n \"\"\" generate pseudo-CLI command fields parameters to create an obj \"\"\"\n values = ''\n fafter = self._obj_to_log_fields(self.obj)\n if before is None:\n values += self.format_cli_field(self.params, 'disabled', fvalue=self.fvalue_bool, default=False)\n values += self.format_cli_field(self.params, 'nordr', fvalue=self.fvalue_bool, default=False)\n values += self.format_cli_field(self.params, 'interface')\n if self.pfsense.is_at_least_2_5_0():\n values += self.format_cli_field(self.params, 'ipprotocol', default='inet')\n values += self.format_cli_field(self.params, 'protocol', default='tcp')\n values += self.format_cli_field(self.params, 'source')\n values += self.format_cli_field(self.params, 'destination')\n values += self.format_cli_field(self.params, 'target')\n values += self.format_cli_field(self.params, 'natreflection', default='system-default')\n values += self.format_cli_field(self.params, 'associated_rule', default='associated')\n values += self.format_cli_field(self.params, 'nosync', fvalue=self.fvalue_bool, default=False)\n values += self.format_cli_field(self.params, 'after')\n values += self.format_cli_field(self.params, 'before')\n else:\n fbefore = self._obj_to_log_fields(before)\n fafter['before'] = self.before\n fafter['after'] = self.after\n\n values += self.format_updated_cli_field(self.obj, before, 'disabled', fvalue=self.fvalue_bool, default=False, add_comma=(values))\n values += self.format_updated_cli_field(self.obj, before, 'nordr', fvalue=self.fvalue_bool, default=False, add_comma=(values))\n values += self.format_updated_cli_field(fafter, fbefore, 'interface', add_comma=(values))\n if self.pfsense.is_at_least_2_5_0():\n values += self.format_updated_cli_field(self.obj, before, 'ipprotocol', add_comma=(values))\n values += self.format_updated_cli_field(self.obj, before, 'protocol', fvalue=self.fprotocol, add_comma=(values))\n values += self.format_updated_cli_field(fafter, fbefore, 'source', add_comma=(values))\n values += self.format_updated_cli_field(fafter, fbefore, 'destination', add_comma=(values))\n values += self.format_updated_cli_field(fafter, fbefore, 'target', add_comma=(values))\n values += self.format_updated_cli_field(\n self.obj, before, 'natreflection', fvalue=self.fnatreflection, default='system-default', add_comma=(values)\n )\n values += self.format_updated_cli_field(self.obj, before, 'associated-rule-id', fvalue=self.fassociate, fname='associated_rule', add_comma=(values))\n values += self.format_updated_cli_field(self.obj, before, 'nosync', fvalue=self.fvalue_bool, default=False, add_comma=(values))\n if self.position_changed:\n values += self.format_updated_cli_field(fafter, {}, 'after', log_none=False, add_comma=(values))\n values += self.format_updated_cli_field(fafter, {}, 'before', log_none=False, add_comma=(values))\n\n return values\n\n @staticmethod\n def _obj_address_to_log_field(rule, addr):\n \"\"\" return formated address from dict \"\"\"\n field = ''\n if isinstance(rule[addr], dict):\n if 'any' in rule[addr]:\n field = 'any'\n if 'address' in rule[addr]:\n field = rule[addr]['address']\n if 'port' in rule[addr]:\n if field:\n field += ':'\n field += rule[addr]['port']\n else:\n field = rule[addr]\n return field\n\n def _obj_to_log_fields(self, rule):\n \"\"\" return formated source and destination from dict \"\"\"\n res = {}\n res['source'] = self._obj_address_to_log_field(rule, 'source')\n res['destination'] = self._obj_address_to_log_field(rule, 'destination')\n res['target'] = rule['target']\n if 'local-port' in rule:\n res['target'] += ':' + rule['local-port']\n res['interface'] = self.pfsense.get_interface_display_name(rule['interface'])\n\n return res\n"
},
{
"path": "plugins/module_utils/openvpn_client.py",
"content": "# -*- coding: utf-8 -*-\n\n# Copyright: (c) 2020-2021, Orion Poplawski \n# Copyright: (c) 2020, Frederic Bor \n# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)\n\nfrom __future__ import absolute_import, division, print_function\n__metaclass__ = type\n\nimport base64\nimport re\n\nfrom ansible_collections.pfsensible.core.plugins.module_utils.module_base import PFSenseModuleBase\n\nOPENVPN_CLIENT_ARGUMENT_SPEC = dict(\n name=dict(required=True, type='str'),\n mode=dict(default='p2p_tls', required=False, choices=['p2p_tls', 'p2p_shared_key']),\n authmode=dict(default=list(), required=False, type='list', elements='str'),\n state=dict(default='present', choices=['present', 'absent']),\n custom_options=dict(default=None, required=False, type='str'),\n disable=dict(default=False, required=False, type='bool'),\n interface=dict(default='wan', required=False, type='str'),\n server_addr=dict(required=True, type='str'),\n server_port=dict(default=1194, required=False, type='int'),\n protocol=dict(default='UDP4', required=False, choices=['UDP4', 'TCP4']),\n dev_mode=dict(default='tun', required=False, choices=['tun', 'tap']),\n tls=dict(required=False, type='str'),\n tls_type=dict(default='auth', required=False, choices=['auth', 'crypt']),\n ca=dict(required=False, type='str'),\n crl=dict(required=False, type='str'),\n cert=dict(required=False, type='str'),\n cert_depth=dict(default=1, required=False, type='int'),\n strictusercn=dict(default=False, required=False, type='bool'),\n shared_key=dict(required=False, type='str', no_log=True),\n dh_length=dict(default=2048, required=False, type='int'),\n ecdh_curve=dict(default='none', required=False, choices=['none', 'prime256v1', 'secp384r1', 'secp521r1']),\n ncp_enable=dict(default=False, required=False, type='bool'),\n # ncp_ciphers=dict(default=list('AES-256-GCM', 'AES-128-GCM', 'CHACHA20-POLY1305'), required=False,\n # choices=['AES-256-GCM', 'AES-128-GCM', 'CHACHA20-POLY1305'], type='list', elements='str'),\n data_ciphers=dict(default=None, required=False, choices=['AES-256-CBC', 'AES-256-GCM', 'AES-128-GCM', 'CHACHA20-POLY1305'], type='list', elements='str'),\n data_ciphers_fallback=dict(default='AES-256-CBC', required=False, choices=['AES-256-CBC', 'AES-256-GCM', 'AES-128-GCM', 'CHACHA20-POLY1305']),\n digest=dict(default='SHA256', required=False, type='str'),\n tunnel_network=dict(default='', required=False, type='str'),\n tunnel_networkv6=dict(default='', required=False, type='str'),\n remote_network=dict(default='', required=False, type='str'),\n remote_networkv6=dict(default='', required=False, type='str'),\n gwredir=dict(default=False, required=False, type='bool'),\n gwredir6=dict(default=False, required=False, type='bool'),\n maxclients=dict(default=None, required=False, type='int'),\n compression=dict(default='adaptive', required=False, choices=['adaptive', '']),\n compression_push=dict(default=False, required=False, type='bool'),\n passtos=dict(default=False, required=False, type='bool'),\n client2client=dict(default=False, required=False, type='bool'),\n dynamic_ip=dict(default=False, required=False, type='bool'),\n topology=dict(default='subnet', required=False, choices=['net30', 'subnet']),\n dns_domain=dict(default='', required=False, type='str'),\n dns_client1=dict(default='', required=False, type='str'),\n dns_client2=dict(default='', required=False, type='str'),\n dns_client3=dict(default='', required=False, type='str'),\n dns_client4=dict(default='', required=False, type='str'),\n push_register_dns=dict(default=False, required=False, type='bool'),\n create_gw=dict(default='both', required=False, choices=['both', 'v4only', 'v6only']),\n verbosity_level=dict(default=3, required=False, type='int'),\n)\n\nOPENVPN_CLIENT_REQUIRED_IF = [\n ['mode', 'p2p_tls', ['ca']],\n ['mode', 'p2p_shared_key', ['shared_key']],\n]\n\nOPENVPN_CLIENT_PHP_COMMAND_PREFIX = \"\"\"\nrequire_once('openvpn.inc');\n$ovpn = config_get_path('openvpn/openvpn-client', [])[{idx}];\n\"\"\"\n\nOPENVPN_CLIENT_PHP_COMMAND_SET = OPENVPN_CLIENT_PHP_COMMAND_PREFIX + \"\"\"\nopenvpn_resync('client',$ovpn);\n\"\"\"\n\nOPENVPN_CLIENT_PHP_COMMAND_DEL = OPENVPN_CLIENT_PHP_COMMAND_PREFIX + \"\"\"\nopenvpn_delete($ovpn);\nunset($ovpn);\nopenvpn_resync('client',$ovpn);\n\"\"\"\n\n\nclass PFSenseOpenVPNClientModule(PFSenseModuleBase):\n \"\"\" module managing pfSense OpenVPN configuration \"\"\"\n\n ##############################\n # init\n #\n def __init__(self, module, pfsense=None):\n super(PFSenseOpenVPNClientModule, self).__init__(module, pfsense)\n self.name = \"pfsense_openvpn\"\n self.root_elt = self.pfsense.get_element('openvpn', create_node=True)\n self.obj = dict()\n\n cmd = ('require_once(\"openvpn.inc\");;'\n '$digestlist = openvpn_get_digestlist();'\n 'echo json_encode($digestlist);')\n self.digestlist = self.pfsense.php(cmd)\n\n ##############################\n # params processing\n #\n def _get_digest_name(self, digest: str):\n for dname, ddescr in self.digestlist.items():\n if digest == dname or digest == ddescr:\n return dname\n self.module.fail_json(msg=f\"Invalid digest '{digest}'\")\n\n def _params_to_obj(self):\n \"\"\" return dict from module params \"\"\"\n obj = dict()\n obj['description'] = self.params['name']\n if self.params['state'] == 'present':\n obj['custom_options'] = self.params['custom_options']\n self._get_ansible_param_bool(obj, 'disable')\n self._get_ansible_param_bool(obj, 'strictusercn')\n obj['mode'] = self.params['mode']\n obj['dev_mode'] = self.params['dev_mode']\n obj['interface'] = self.params['interface']\n obj['protocol'] = self.params['protocol']\n obj['server_addr'] = self.params['server_addr']\n obj['server_port'] = str(self.params['server_port'])\n self._get_ansible_param(obj, 'maxclients')\n obj['verbosity_level'] = str(self.params['verbosity_level'])\n obj['data_ciphers_fallback'] = self.params['data_ciphers_fallback']\n obj['data_ciphers'] = \",\".join(self.params['data_ciphers'])\n self._get_ansible_param_bool(obj, 'ncp_enable', 'enabled')\n self._get_ansible_param_bool(obj, 'gwredir')\n self._get_ansible_param_bool(obj, 'gwredirr6')\n self._get_ansible_param_bool(obj, 'compression_push')\n self._get_ansible_param_bool(obj, 'passtos')\n self._get_ansible_param_bool(obj, 'client2client')\n self._get_ansible_param_bool(obj, 'dynamic_ip')\n self._get_ansible_param_bool(obj, 'push_register_dns')\n obj['digest'] = self._get_digest_name(self.params['digest'])\n obj['tunnel_network'] = self.params['tunnel_network']\n obj['tunnel_networkv6'] = self.params['tunnel_networkv6']\n obj['remote_network'] = self.params['remote_network']\n obj['remote_networkv6'] = self.params['remote_networkv6']\n obj['compression'] = self.params['compression']\n obj['topology'] = self.params['topology']\n obj['create_gw'] = self.params['create_gw']\n\n if 'user' in self.params['mode']:\n obj['authmode'] = \",\".join(self.params['authmode'])\n\n if 'tls' in self.params['mode']:\n # Find the caref id for the named CA\n if self.params is not None:\n ca_elt = self.pfsense.find_ca_elt(self.params['ca'])\n if ca_elt is None:\n self.module.fail_json(msg='%s is not a valid certificate authority' % (self.params['ca']))\n obj['caref'] = ca_elt.find('refid').text\n # Find the crlref id for the named CRL if any\n if self.params['crl'] is not None:\n crl_elt = self.pfsense.find_crl_elt(self.params['crl'])\n if crl_elt is None:\n self.module.fail_json(msg='%s is not a valid certificate revocation list' % (self.params['crl']))\n obj['crlref'] = crl_elt.find('refid').text\n else:\n obj['crlref'] = ''\n # Find the certref id for the named certificate if any\n if self.params['cert'] is not None:\n cert_elt = self.pfsense.find_cert_elt(self.params['cert'])\n if cert_elt is None:\n self.module.fail_json(msg='%s is not a valid certificate' % (self.params['cert']))\n obj['certref'] = cert_elt.find('refid').text\n\n if self.params['tls'] is not None:\n obj['tls'] = self.params['tls']\n obj['tls_type'] = self.params['tls_type']\n\n if self.params['mode'] == 'p2p_shared_key':\n obj['shared_key'] = self.params['shared_key']\n\n return obj\n\n def _validate_params(self):\n \"\"\" do some extra checks on input parameters \"\"\"\n params = self.params\n\n # check name\n self.pfsense.validate_string(params['name'], 'openvpn')\n\n if params['state'] == 'absent':\n return True\n\n # tls is not valid for p2p_shared_key\n if params['mode'] == 'p2p_shared_key' and params['tls'] is not None:\n self.module.fail_json(msg='tls parameter is not valied with p2p_shared_key mode.')\n\n # check tunnel_networks - can be network alias or non-strict IP CIDR network\n self.pfsense.validate_openvpn_tunnel_network(params.get('tunnel_network'), 'ipv4')\n self.pfsense.validate_openvpn_tunnel_network(params.get('tunnel_network6'), 'ipv6')\n\n # Check auth clients\n if len(params['authmode']) > 0:\n system = self.pfsense.get_element('system')\n for authsrv in params['authmode']:\n if len(system.findall(\"authclient[name='{0}']\".format(authsrv))) == 0:\n self.module.fail_json(msg='Cannot find authentication client {0}.'.format(authsrv))\n\n # validate key\n for param in ['shared_key', 'tls']:\n if params[param] is not None:\n key = params[param]\n if key == 'generate':\n # generate during params_to_obj\n pass\n elif re.search('^-----BEGIN OpenVPN Static key V1-----.*-----END OpenVPN Static key V1-----$', key, flags=re.MULTILINE | re.DOTALL):\n params[param] = base64.b64encode(key.encode()).decode()\n else:\n key_decoded = base64.b64decode(key.encode()).decode()\n if not re.search('^-----BEGIN OpenVPN Static key V1-----.*-----END OpenVPN Static key V1-----$',\n key_decoded, flags=re.MULTILINE | re.DOTALL):\n self.module.fail_json(msg='Could not recognize {0} key format: {1}'.format(param, key_decoded))\n\n def _nextvpnid(self):\n \"\"\" find next available vpnid \"\"\"\n vpnid = 1\n while len(self.root_elt.findall(\"*[vpnid='{0}']\".format(vpnid))) != 0:\n vpnid += 1\n return str(vpnid)\n\n ##############################\n # XML processing\n #\n def _find_openvpn_client(self, value, field='description'):\n \"\"\" return openvpn-client element \"\"\"\n i = 0\n for elt in self.root_elt.findall('openvpn-client'):\n field_elt = elt.find(field)\n if field_elt is not None and field_elt.text == value:\n return (elt, i)\n i += 1\n return (None, -1)\n\n def _find_last_openvpn_idx(self):\n i = 0\n for elt in self.root_elt.findall('openvpn-client'):\n i += 1\n return i\n\n def _copy_and_update_target(self):\n \"\"\" update the XML target_elt \"\"\"\n (before, changed) = super(PFSenseOpenVPNClientModule, self)._copy_and_update_target()\n\n if not changed:\n self.diff['after'] = self.obj\n\n self.result['vpnid'] = int(before['vpnid'])\n return (before, changed)\n\n def _create_target(self):\n \"\"\" create the XML target_elt \"\"\"\n target_elt = self.pfsense.new_element('openvpn-client')\n self.obj['vpnid'] = self._nextvpnid()\n self.result['vpnid'] = int(self.obj['vpnid'])\n self.diff['before'] = ''\n self.diff['after'] = self.obj\n self.result['changed'] = True\n self.idx = self._find_last_openvpn_idx()\n self.result['idx'] = self.idx\n return target_elt\n\n def _find_target(self):\n \"\"\" find the XML target_elt \"\"\"\n (target_elt, self.idx) = self._find_openvpn_client(self.obj['description'])\n for param in ['shared_key', 'tls']:\n current_elt = self.pfsense.get_element(param, target_elt)\n if self.params[param] == 'generate':\n if current_elt is None:\n (dummy, key, stderr) = self.module.run_command('/usr/local/sbin/openvpn --genkey secret /dev/stdout')\n if stderr != \"\":\n self.module.fail_json(msg='generate for \"{0}\" secret key: {1}'.format(param, stderr))\n self.obj[param] = base64.b64encode(key.encode()).decode()\n self.result[param] = self.obj[param]\n else:\n self.obj[param] = current_elt.text\n return target_elt\n\n def _remove_target_elt(self):\n \"\"\" delete target_elt from xml \"\"\"\n super(PFSenseOpenVPNClientModule, self)._remove_target_elt()\n self.diff['before'] = self.pfsense.element_to_dict(self.target_elt)\n\n ##############################\n # run\n #\n def _remove(self):\n \"\"\" delete obj \"\"\"\n self.diff['after'] = ''\n self.diff['before'] = ''\n super(PFSenseOpenVPNClientModule, self)._remove()\n return self.pfsense.phpshell(OPENVPN_CLIENT_PHP_COMMAND_DEL.format(idx=self.idx))\n\n def _update(self):\n \"\"\" make the target pfsense reload \"\"\"\n return self.pfsense.phpshell(OPENVPN_CLIENT_PHP_COMMAND_SET.format(idx=self.idx))\n\n ##############################\n # Logging\n #\n def _get_obj_name(self):\n \"\"\" return obj's name \"\"\"\n return \"'\" + self.obj['description'] + \"'\"\n\n def _log_fields(self, before=None):\n \"\"\" generate pseudo-CLI command fields parameters to create an obj \"\"\"\n values = ''\n if before is None:\n values += self.format_cli_field(self.obj, 'description')\n else:\n values += self.format_updated_cli_field(self.obj, before, 'description', add_comma=(values))\n return values\n"
},
{
"path": "plugins/module_utils/openvpn_override.py",
"content": "# -*- coding: utf-8 -*-\n\n# Copyright: (c) 2020-2022, Orion Poplawski \n# Copyright: (c) 2020, Frederic Bor \n# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)\n\nfrom __future__ import absolute_import, division, print_function\n__metaclass__ = type\nfrom ansible_collections.pfsensible.core.plugins.module_utils.module_base import PFSenseModuleBase\n\n\nOPENVPN_OVERRIDE_ARGUMENT_SPEC = dict(\n name=dict(required=True, type='str'),\n state=dict(default='present', choices=['present', 'absent']),\n server_list=dict(default=None, type='list', elements='str'),\n disable=dict(default=False, required=False, type='bool'),\n descr=dict(default=None, required=False, type='str'),\n block=dict(default=False, required=False, type='bool'),\n tunnel_network=dict(default=None, required=False, type='str'),\n tunnel_networkv6=dict(default=None, required=False, type='str'),\n local_network=dict(default=None, required=False, type='str'),\n local_networkv6=dict(default=None, required=False, type='str'),\n remote_network=dict(default=None, required=False, type='str'),\n remote_networkv6=dict(default=None, required=False, type='str'),\n gwredir=dict(default=False, required=False, type='bool'),\n push_reset=dict(default=False, required=False, type='bool'),\n netbios_enable=dict(default=False, required=False, type='bool'),\n netbios_ntype=dict(required=False, choices=['none', 'b-node', 'p-node', 'm-node', 'h-node']),\n netbios_scope=dict(required=False, type='str'),\n wins_server_enable=dict(default=False, required=False, type='bool'),\n custom_options=dict(default=None, required=False, type='str'),\n)\n\nOPENVPN_OVERRIDE_REQUIRED_IF = [\n]\n\nOPENVPN_OVERRIDE_PHP_COMMAND_PREFIX = \"\"\"\nrequire_once('openvpn.inc');\n$csc = config_get_path('openvpn/openvpn-csc')[{idx}];\n\"\"\"\n\nOPENVPN_OVERRIDE_PHP_COMMAND_SET = OPENVPN_OVERRIDE_PHP_COMMAND_PREFIX + \"\"\"\nopenvpn_resync_csc($csc);\n\"\"\"\n\nOPENVPN_OVERRIDE_PHP_COMMAND_DEL = OPENVPN_OVERRIDE_PHP_COMMAND_PREFIX + \"\"\"\nopenvpn_delete_csc($csc);\nunset($csc);\n\"\"\"\n\n\nclass PFSenseOpenVPNOverrideModule(PFSenseModuleBase):\n \"\"\" module managing pfSense OpenVPN Client Specific Overrides \"\"\"\n\n @staticmethod\n def get_argument_spec():\n \"\"\" return argument spec \"\"\"\n return OPENVPN_OVERRIDE_ARGUMENT_SPEC\n\n ##############################\n # init\n #\n def __init__(self, module, pfsense=None):\n super(PFSenseOpenVPNOverrideModule, self).__init__(module, pfsense)\n self.name = \"pfsense_openvpn_override\"\n self.root_elt = self.pfsense.get_element('openvpn')\n self.openvpn_csc_elt = self.root_elt.findall('openvpn-csc')\n self.obj = dict()\n\n ##############################\n # params processing\n #\n def _params_to_obj(self):\n \"\"\" return dict from module params \"\"\"\n obj = dict()\n obj['common_name'] = self.params['name']\n if self.params['state'] == 'present':\n # Find the ids for server names\n server_list = list()\n if self.params['server_list'] is not None:\n for server in self.params['server_list']:\n vpnid = ''\n if isinstance(server, int) or (isinstance(server, str) and server.isdigit()):\n openvpn_server_elt = self.pfsense.find_elt('openvpn-server', str(server), 'vpnid', root_elt=self.root_elt)\n else:\n openvpn_server_elt = self.pfsense.find_elt('openvpn-server', server, 'description', root_elt=self.root_elt)\n if openvpn_server_elt is None:\n self.module.fail_json(msg=\"Could not find openvpn server '%s'\" % (server))\n vpnid = openvpn_server_elt.find('vpnid').text\n server_list.append(vpnid)\n obj['server_list'] = ','.join(server_list)\n self.result['vpnids'] = server_list\n\n obj['custom_options'] = self.params['custom_options']\n obj['description'] = self.params['descr']\n self._get_ansible_param_bool(obj, 'disable')\n self._get_ansible_param_bool(obj, 'block', force=True, value='yes')\n self._get_ansible_param_bool(obj, 'gwredir', force=True, value='yes')\n if self.pfsense.config_version >= 23.4:\n self._get_ansible_param_bool(obj, 'push_reset')\n else:\n self._get_ansible_param_bool(obj, 'push_reset', force=True, value='yes')\n obj['tunnel_network'] = self.params['tunnel_network']\n obj['tunnel_networkv6'] = self.params['tunnel_networkv6']\n obj['local_network'] = self.params['local_network']\n obj['local_networkv6'] = self.params['local_networkv6']\n obj['remote_network'] = self.params['remote_network']\n obj['remote_networkv6'] = self.params['remote_networkv6']\n self._get_ansible_param_bool(obj, 'netbios_enable')\n if self.params['netbios_enable']:\n obj['netbios_ntype'] = self.params['netbios_ntype']\n obj['netbios_scope'] = str(self.params['netbios_scope'])\n self._get_ansible_param(obj, 'netbios_scope')\n self._get_ansible_param_bool(obj, 'wins_server_enable')\n\n return obj\n\n def _validate_params(self):\n \"\"\" do some extra checks on input parameters \"\"\"\n params = self.params\n\n # check name\n self.pfsense.validate_string(params['name'], 'openvpn_override')\n\n if params['state'] == 'absent':\n return True\n\n # check tunnel_networks - can be network alias or non-strict IP CIDR network\n self.pfsense.validate_openvpn_tunnel_network(params.get('tunnel_network'), 'ipv4')\n self.pfsense.validate_openvpn_tunnel_network(params.get('tunnel_network6'), 'ipv6')\n\n if params.get('local_network') and not self.pfsense.is_ipv4_network(params['local_network']):\n self.module.fail_json(msg='A valid IPv4 network must be specified for local_network.')\n if params.get('local_network6') and not self.pfsense.is_ipv6_network(params['local_networkv6']):\n self.module.fail_json(msg='A valid IPv6 network must be specified for local_network6.')\n if params.get('remote_network') and not self.pfsense.is_ipv4_network(params['remote_network']):\n self.module.fail_json(msg='A valid IPv4 network must be specified for remote_network.')\n if params.get('remote_network6') and not self.pfsense.is_ipv6_network(params['remote_networkv6']):\n self.module.fail_json(msg='A valid IPv6 network must be specified for remote_network6.')\n\n ##############################\n # XML processing\n #\n def _find_openvpn_csc(self, value, field='common_name'):\n \"\"\" return openvpn-csc element \"\"\"\n i = 0\n for csc_elt in self.openvpn_csc_elt:\n field_elt = csc_elt.find(field)\n if field_elt is not None and field_elt.text == value:\n return (csc_elt, i)\n i += 1\n return (None, -1)\n\n def _find_last_openvpn_idx(self):\n i = 0\n for elt in self.openvpn_csc_elt:\n i += 1\n return i\n\n def _copy_and_update_target(self):\n \"\"\" update the XML target_elt \"\"\"\n before = self.pfsense.element_to_dict(self.target_elt)\n changed = self.pfsense.copy_dict_to_element(self.obj, self.target_elt)\n if self._remove_deleted_params():\n changed = True\n\n self.diff['before'] = before\n if changed:\n self.diff['after'] = self.pfsense.element_to_dict(self.target_elt)\n self.result['changed'] = True\n else:\n self.diff['after'] = self.obj\n\n return (before, changed)\n\n def _create_target(self):\n \"\"\" create the XML target_elt \"\"\"\n target_elt = self.pfsense.new_element('openvpn-csc')\n self.diff['before'] = ''\n self.diff['after'] = self.obj\n self.result['changed'] = True\n self.idx = self._find_last_openvpn_idx()\n return target_elt\n\n def _find_target(self):\n \"\"\" find the XML target_elt \"\"\"\n (target_elt, self.idx) = self._find_openvpn_csc(self.obj['common_name'])\n return target_elt\n\n def _get_params_to_remove(self):\n \"\"\" returns the list of params to remove if they are not set \"\"\"\n params_to_remove = []\n if self.pfsense.config_version >= 23.4:\n params_to_remove.append('push_reset')\n return params_to_remove\n\n def _remove_target_elt(self):\n \"\"\" delete target_elt from xml \"\"\"\n super(PFSenseOpenVPNOverrideModule, self)._remove_target_elt()\n self.diff['before'] = self.pfsense.element_to_dict(self.target_elt)\n\n ##############################\n # run\n #\n def _remove(self):\n \"\"\" delete obj \"\"\"\n self.diff['after'] = ''\n self.diff['before'] = ''\n super(PFSenseOpenVPNOverrideModule, self)._remove()\n return self.pfsense.phpshell(OPENVPN_OVERRIDE_PHP_COMMAND_DEL.format(idx=self.idx))\n\n def _update(self):\n \"\"\" make the target pfsense reload \"\"\"\n return self.pfsense.phpshell(OPENVPN_OVERRIDE_PHP_COMMAND_SET.format(idx=self.idx))\n\n ##############################\n # Logging\n #\n def _get_obj_name(self):\n \"\"\" return obj's name \"\"\"\n return \"'\" + self.obj['common_name'] + \"'\"\n\n def _log_fields(self, before=None):\n \"\"\" generate pseudo-CLI command fields parameters to create an obj \"\"\"\n values = ''\n if before is None:\n values += self.format_cli_field(self.obj, 'common_name')\n values += self.format_cli_field(self.obj, 'descr')\n else:\n values += self.format_updated_cli_field(self.obj, before, 'descr', add_comma=(values))\n return values\n"
},
{
"path": "plugins/module_utils/openvpn_server.py",
"content": "# -*- coding: utf-8 -*-\n\n# Copyright: (c) 2020-2022, Orion Poplawski \n# Copyright: (c) 2020, Frederic Bor \n# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)\n\nfrom __future__ import absolute_import, division, print_function\n__metaclass__ = type\n\nimport base64\nimport re\n\nfrom ansible_collections.pfsensible.core.plugins.module_utils.module_base import PFSenseModuleBase\n\nOPENVPN_SERVER_ARGUMENT_SPEC = dict(\n name=dict(required=True, type='str'),\n mode=dict(type='str', choices=['p2p_tls', 'p2p_shared_key', 'server_tls', 'server_tls_user', 'server_user']),\n dco=dict(default=False, required=False, type='bool'),\n authmode=dict(default=list(), required=False, type='list', elements='str'),\n state=dict(default='present', choices=['present', 'absent']),\n custom_options=dict(default=None, required=False, type='str'),\n disable=dict(default=False, required=False, type='bool'),\n interface=dict(default='wan', required=False, type='str'),\n local_port=dict(default=1194, required=False, type='int'),\n protocol=dict(default='UDP4', required=False, choices=['UDP4', 'TCP4']),\n dev_mode=dict(default='tun', required=False, choices=['tun', 'tap']),\n tls=dict(required=False, type='str'),\n tls_type=dict(default='auth', required=False, choices=['auth', 'crypt']),\n ca=dict(required=False, type='str'),\n crl=dict(required=False, type='str'),\n cert=dict(required=False, type='str'),\n cert_depth=dict(default=1, required=False, type='int'),\n strictusercn=dict(default=False, required=False, type='bool'),\n remote_cert_tls=dict(default=False, required=False, type='bool'),\n shared_key=dict(required=False, type='str', no_log=True),\n dh_length=dict(default=2048, required=False, type='int'),\n ecdh_curve=dict(default='none', required=False, choices=['none', 'prime256v1', 'secp384r1', 'secp521r1']),\n data_ciphers=dict(default=['AES-256-GCM', 'AES-128-GCM', 'CHACHA20-POLY1305'], required=False,\n choices=['AES-256-CBC', 'AES-256-GCM', 'AES-128-GCM', 'CHACHA20-POLY1305'], type='list', elements='str'),\n data_ciphers_fallback=dict(default='AES-256-CBC', required=False, choices=['AES-256-CBC', 'AES-256-GCM', 'AES-128-GCM', 'CHACHA20-POLY1305']),\n digest=dict(default='SHA256', required=False, type='str'),\n tunnel_network=dict(default='', required=False, type='str'),\n tunnel_networkv6=dict(default='', required=False, type='str'),\n local_network=dict(default='', required=False, type='str'),\n local_networkv6=dict(default='', required=False, type='str'),\n remote_network=dict(default='', required=False, type='str'),\n remote_networkv6=dict(default='', required=False, type='str'),\n gwredir=dict(default=False, required=False, type='bool'),\n gwredir6=dict(default=False, required=False, type='bool'),\n maxclients=dict(default=None, required=False, type='int'),\n allow_compression=dict(default='no', required=False, choices=['no', 'asym', 'yes']),\n compression=dict(default='', required=False, choices=['', 'none', 'stub', 'stub-v2', 'lz4', 'lz4-v2', 'lzo', 'noadapt', 'adaptive', 'yes', 'no']),\n compression_push=dict(default=False, required=False, type='bool'),\n passtos=dict(default=False, required=False, type='bool'),\n client2client=dict(default=False, required=False, type='bool'),\n dynamic_ip=dict(default=False, required=False, type='bool'),\n topology=dict(default='subnet', required=False, choices=['net30', 'subnet']),\n inactive_seconds=dict(default=0, required=False, type='int'),\n keepalive_interval=dict(default=10, required=False, type='int'),\n keepalive_timeout=dict(default=60, required=False, type='int'),\n exit_notify=dict(default='none', required=False, choices=['none', '1', '2']),\n dns_domain=dict(default='', required=False, type='str'),\n dns_server1=dict(default='', required=False, type='str'),\n dns_server2=dict(default='', required=False, type='str'),\n dns_server3=dict(default='', required=False, type='str'),\n dns_server4=dict(default='', required=False, type='str'),\n push_register_dns=dict(default=False, required=False, type='bool'),\n username_as_common_name=dict(default=False, required=False, type='bool'),\n create_gw=dict(default='both', required=False, type='str', choices=['both', 'v4only', 'v6only']),\n verbosity_level=dict(default=1, required=False, type='int'),\n)\n\nOPENVPN_SERVER_REQUIRED_IF = [\n ['state', 'present', ['mode']],\n ['mode', 'p2p_tls', ['ca']],\n ['mode', 'server_tls', ['ca']],\n ['mode', 'server_tls_user', ['ca']],\n ['mode', 'p2p_shared_key', ['shared_key']],\n]\n\nOPENVPN_SERVER_PHP_COMMAND_PREFIX = \"\"\"\nrequire_once('openvpn.inc');\nalias_make_table();\n$ovpn = config_get_path('openvpn/openvpn-server')[{idx}];\n\"\"\"\n\nOPENVPN_SERVER_PHP_COMMAND_SET = OPENVPN_SERVER_PHP_COMMAND_PREFIX + \"\"\"\nopenvpn_resync('server',$ovpn);\nopenvpn_resync_csc_all();\n\"\"\"\n\nOPENVPN_SERVER_PHP_COMMAND_DEL = OPENVPN_SERVER_PHP_COMMAND_PREFIX + \"\"\"\nopenvpn_delete('server',$ovpn);\n\"\"\"\n\n# Define the line endings in bytes for binary mode\nUNIX_LINE_ENDING = b'\\n'\nWINDOWS_LINE_ENDING = b'\\r\\n'\n\n\nclass PFSenseOpenVPNServerModule(PFSenseModuleBase):\n \"\"\" module managing pfSense OpenVPN configuration \"\"\"\n\n @staticmethod\n def get_argument_spec():\n \"\"\" return argument spec \"\"\"\n return OPENVPN_SERVER_ARGUMENT_SPEC\n\n ##############################\n # init\n #\n def __init__(self, module, pfsense=None):\n super(PFSenseOpenVPNServerModule, self).__init__(module, pfsense)\n self.name = \"pfsense_openvpn_server\"\n self.root_elt = self.pfsense.get_element('openvpn', create_node=True)\n self.obj = dict()\n\n cmd = ('require_once(\"openvpn.inc\");;'\n '$digestlist = openvpn_get_digestlist();'\n 'echo json_encode($digestlist);')\n self.digestlist = self.pfsense.php(cmd)\n\n ##############################\n # params processing\n #\n def _get_digest_name(self, digest: str):\n for dname, ddescr in self.digestlist.items():\n if digest == dname or digest == ddescr:\n return dname\n self.module.fail_json(msg=f\"Invalid digest '{digest}'\")\n\n def _params_to_obj(self):\n \"\"\" return dict from module params \"\"\"\n obj = dict()\n obj['description'] = self.params['name']\n if self.params['state'] == 'present':\n obj['custom_options'] = self.params['custom_options']\n self._get_ansible_param_bool(obj, 'disable')\n self._get_ansible_param_bool(obj, 'strictusercn')\n self._get_ansible_param_bool(obj, 'remote_cert_tls')\n obj['mode'] = self.params['mode']\n obj['dev_mode'] = self.params['dev_mode']\n obj['interface'] = self.params['interface']\n obj['protocol'] = self.params['protocol']\n obj['local_port'] = str(self.params['local_port'])\n self._get_ansible_param(obj, 'maxclients')\n obj['verbosity_level'] = str(self.params['verbosity_level'])\n obj['data_ciphers_fallback'] = self.params['data_ciphers_fallback']\n obj['data_ciphers'] = \",\".join(self.params['data_ciphers'])\n self._get_ansible_param_bool(obj, 'gwredir', force=True, value='yes')\n self._get_ansible_param_bool(obj, 'gwredir6', force=True, value='yes')\n self._get_ansible_param_bool(obj, 'compression_push', force=True, value='yes', value_false='')\n self._get_ansible_param_bool(obj, 'passtos', force=True, value='yes', value_false='')\n self._get_ansible_param_bool(obj, 'client2client', force=True, value='yes', value_false='')\n self._get_ansible_param_bool(obj, 'dynamic_ip', force=True, value='yes', value_false='')\n self._get_ansible_param_bool(obj, 'push_register_dns')\n self._get_ansible_param_bool(obj, 'username_as_common_name', force=True, value='enabled', value_false='disabled')\n obj['digest'] = self._get_digest_name(self.params['digest'])\n obj['tunnel_network'] = self.params['tunnel_network']\n obj['tunnel_networkv6'] = self.params['tunnel_networkv6']\n obj['local_network'] = self.params['local_network']\n obj['local_networkv6'] = self.params['local_networkv6']\n obj['remote_network'] = self.params['remote_network']\n obj['remote_networkv6'] = self.params['remote_networkv6']\n obj['allow_compression'] = self.params['allow_compression']\n obj['compression'] = self.params['compression']\n obj['topology'] = self.params['topology']\n self._get_ansible_param(obj, 'inactive_seconds')\n self._get_ansible_param(obj, 'keepalive_interval')\n self._get_ansible_param(obj, 'keepalive_timeout')\n obj['exit_notify'] = self.params['exit_notify']\n obj['create_gw'] = self.params['create_gw']\n\n if 'user' in self.params['mode']:\n obj['authmode'] = \",\".join(self.params['authmode'])\n\n if 'tls' in self.params['mode']:\n # Find the caref id for the named CA\n if self.params is not None:\n ca_elt = self.pfsense.find_ca_elt(self.params['ca'])\n if ca_elt is None:\n self.module.fail_json(msg='{0} is not a valid certificate authority'.format(self.params['ca']))\n obj['caref'] = ca_elt.find('refid').text\n # Find the crlref id for the named CRL if any\n if self.params['crl'] is not None:\n crl_elt = self.pfsense.find_crl_elt(self.params['crl'])\n if crl_elt is None:\n self.module.fail_json(msg='{0} is not a valid certificate revocation list'.format(self.params['crl']))\n obj['crlref'] = crl_elt.find('refid').text\n else:\n obj['crlref'] = ''\n # Find the certref id for the named certificate if any\n if self.params['cert'] is not None:\n cert_elt = self.pfsense.find_cert_elt(self.params['cert'])\n if cert_elt is None:\n self.module.fail_json(msg='{0} is not a valid certificate'.format(self.params['cert']))\n obj['certref'] = cert_elt.find('refid').text\n\n obj['cert_depth'] = str(self.params['cert_depth'])\n obj['dh_length'] = str(self.params['dh_length'])\n obj['ecdh_curve'] = self.params['ecdh_curve']\n self._get_ansible_param(obj, 'tls')\n\n if self.params['tls'] is not None:\n obj['tls'] = self.params['tls']\n obj['tls_type'] = self.params['tls_type']\n\n if 'server' in self.params['mode']:\n obj['dns_domain'] = self.params['dns_domain']\n obj['dns_server1'] = self.params['dns_server1']\n obj['dns_server2'] = self.params['dns_server2']\n obj['dns_server3'] = self.params['dns_server3']\n obj['dns_server4'] = self.params['dns_server4']\n\n if self.params['mode'] == 'p2p_shared_key':\n obj['shared_key'] = self.params['shared_key']\n\n if self.params['dco']:\n if not self.pfsense.is_ce_version():\n self._get_ansible_param_bool(obj, 'dco', force=True, value='enabled', value_false='disabled')\n # these are requirements for DCO\n obj['allow_compression'] = 'no'\n obj['data_ciphers_fallback'] = 'AES-256-GCM'\n obj.pop('compression')\n obj.pop('compression_push')\n else:\n self.module.warn(\"DCO option specified but not supported on CE versions, ignoring...\")\n\n return obj\n\n def _validate_params(self):\n \"\"\" do some extra checks on input parameters \"\"\"\n params = self.params\n\n # check name\n self.pfsense.validate_string(params['name'], 'openvpn')\n\n if params['state'] == 'absent':\n return True\n\n # tls is not valid for p2p_shared_key\n if params['mode'] == 'p2p_shared_key' and params['tls'] is not None:\n self.module.fail_json(msg='tls parameter is not valied with p2p_shared_key mode.')\n\n # check tunnel_networks - can be network alias or non-strict IP CIDR network\n self.pfsense.validate_openvpn_tunnel_network(params.get('tunnel_network'), 'ipv4')\n self.pfsense.validate_openvpn_tunnel_network(params.get('tunnel_network6'), 'ipv6')\n\n # Check auth servers\n if len(params['authmode']) > 0:\n system = self.pfsense.get_element('system')\n for authsrv in params['authmode']:\n if authsrv != 'Local Database' and len(system.findall(\"authserver[name='{0}']\".format(authsrv))) == 0:\n self.module.fail_json(msg='Cannot find authentication server {0}.'.format(authsrv))\n\n # validate key\n for param in ['shared_key', 'tls']:\n if params[param] is not None:\n key = params[param]\n if key == 'generate':\n # generate during _find_target (after _params_to_obj) - for just generate if not exists\n pass\n elif re.search('^-----BEGIN OpenVPN Static key V1-----.*-----END OpenVPN Static key V1-----$', key, flags=re.MULTILINE | re.DOTALL):\n key = key.encode().replace(WINDOWS_LINE_ENDING, UNIX_LINE_ENDING) # Normalize existing CRLF to LF\n key = key.replace(UNIX_LINE_ENDING, WINDOWS_LINE_ENDING) # Convert all LF to CRLF\n params[param] = base64.b64encode(key).decode()\n else:\n key_decoded = base64.b64decode(key.encode()).decode()\n if not re.search('^-----BEGIN OpenVPN Static key V1-----.*-----END OpenVPN Static key V1-----$',\n key_decoded, flags=re.MULTILINE | re.DOTALL):\n self.module.fail_json(msg='Could not recognize {0} key format: {1}'.format(param, key_decoded))\n\n def _openvpn_port_used(self, protocol, interface, port, vpnid=0):\n for elt in self.root_elt.findall('*[local_port]'):\n if (elt.find('disable')):\n continue\n\n this_vpnid = int(elt.find('vpnid').text)\n if (this_vpnid == int(vpnid)):\n continue\n\n this_interface = elt.find('interface').text\n this_protocol = elt.find('protocol').text\n # (TCP|UDP)(4|6) does not conflict unless interface is any\n if ((this_interface != \"any\" and interface != \"any\") and (len(protocol) == 4) and\n (len(this_protocol) == 4) and (this_protocol[0:3] == protocol[0:3]) and (this_protocol[3] != protocol[3])):\n continue\n\n this_port_text = elt.find('local_port').text\n if this_port_text is None:\n continue\n\n this_port = int(this_port_text)\n if (this_port == port and (this_protocol[0:3] == protocol[0:3]) and\n (this_interface == interface or this_interface == \"any\" or interface == \"any\")):\n self.module.fail_json(msg='The specified local_port ({0}) is in use by vpn ID {1}'.format(port, this_vpnid))\n\n def _nextvpnid(self):\n \"\"\" find next available vpnid \"\"\"\n vpnid = 1\n while len(self.root_elt.findall(\"*[vpnid='{0}']\".format(vpnid))) != 0:\n vpnid += 1\n return str(vpnid)\n\n ##############################\n # XML processing\n #\n def _find_openvpn_server(self, value, field='description'):\n \"\"\" return openvpn-server element \"\"\"\n i = 0\n for elt in self.root_elt.findall('openvpn-server'):\n field_elt = elt.find(field)\n if field_elt is not None and field_elt.text == value:\n return (elt, i)\n i += 1\n return (None, -1)\n\n def _find_last_openvpn_idx(self):\n i = 0\n for elt in self.root_elt.findall('openvpn-server'):\n i += 1\n return i\n\n def _get_params_to_remove(self):\n \"\"\" returns the list of params to remove if they are not set \"\"\"\n params_to_remove = []\n for param in ['disable', 'push_register_dns', 'remote_cert_tls']:\n if not self.params[param]:\n params_to_remove.append(param)\n\n return params_to_remove\n\n def _copy_and_update_target(self):\n \"\"\" update the XML target_elt \"\"\"\n (before, changed) = super(PFSenseOpenVPNServerModule, self)._copy_and_update_target()\n\n # Check if local port is used\n self._openvpn_port_used(self.params['protocol'], self.params['interface'], self.params['local_port'], before['vpnid'])\n\n if not changed:\n self.diff['after'] = self.obj\n\n self.result['vpnid'] = int(before['vpnid'])\n return (before, changed)\n\n def _create_target(self):\n \"\"\" create the XML target_elt \"\"\"\n # Check if local port is used\n self._openvpn_port_used(self.params['protocol'], self.params['interface'], self.params['local_port'])\n target_elt = self.pfsense.new_element('openvpn-server')\n self.obj['vpnid'] = self._nextvpnid()\n self.result['vpnid'] = int(self.obj['vpnid'])\n self.diff['before'] = ''\n self.diff['after'] = self.obj\n self.result['changed'] = True\n self.idx = self._find_last_openvpn_idx()\n return target_elt\n\n def _find_target(self):\n \"\"\" find the XML target_elt \"\"\"\n (target_elt, self.idx) = self._find_openvpn_server(self.obj['description'])\n for param in ['shared_key', 'tls']:\n current_elt = self.pfsense.get_element(param, target_elt)\n if self.params[param] == 'generate':\n if current_elt is None:\n (dummy, key, stderr) = self.module.run_command('/usr/local/sbin/openvpn --genkey secret /dev/stdout')\n if stderr != \"\":\n self.module.fail_json(msg='generate for \"{0}\" secret key: {1}'.format(param, stderr))\n self.obj[param] = base64.b64encode(key.encode()).decode()\n self.result[param] = self.obj[param]\n else:\n self.obj[param] = current_elt.text\n return target_elt\n\n ##############################\n # run\n #\n def _pre_remove_target_elt(self):\n \"\"\" processing before removing elt \"\"\"\n self.diff['before'] = self.pfsense.element_to_dict(self.target_elt)\n\n if len(self.pfsense.interfaces.findall(\"*[if='ovpns{0}']\".format(self.diff['before']['vpnid']))) > 0:\n self.module.fail_json(msg='Cannot delete the OpenVPN instance while the interface ovpns{0} is assigned. Remove the interface assignment first.'\n .format(self.diff['before']['vpnid']))\n\n self.result['vpnid'] = int(self.diff['before']['vpnid'])\n self.command_output = self.pfsense.phpshell(OPENVPN_SERVER_PHP_COMMAND_DEL.format(idx=self.idx))\n\n def _update(self):\n \"\"\" make the target pfsense reload \"\"\"\n if self.params['state'] == 'present':\n return self.pfsense.phpshell(OPENVPN_SERVER_PHP_COMMAND_SET.format(idx=self.idx))\n else:\n return self.command_output\n\n ##############################\n # Logging\n #\n def _get_obj_name(self):\n \"\"\" return obj's name \"\"\"\n return \"'\" + self.obj['description'] + \"'\"\n\n def _log_fields(self, before=None):\n \"\"\" generate pseudo-CLI command fields parameters to create an obj \"\"\"\n values = ''\n if before is None:\n values += self.format_cli_field(self.obj, 'description')\n else:\n values += self.format_updated_cli_field(self.obj, before, 'description', add_comma=(values))\n return values\n"
},
{
"path": "plugins/module_utils/pfsense.py",
"content": "# -*- coding: utf-8 -*-\n\n# Copyright: (c) 2018, Orion Poplawski \n# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)\n\nfrom __future__ import (absolute_import, division, print_function)\n__metaclass__ = type\n\nimport sys\nif sys.version_info >= (3, 4):\n import html\ntry:\n from ipaddress import ip_address, ip_network, IPv4Address, IPv6Address, IPv4Network, IPv6Network\nexcept ImportError:\n from ansible_collections.community.general.plugins.module_utils.compat.ipaddress import (\n ip_address, IPv4Address, IPv6Address,\n ip_network, IPv4Network, IPv6Network\n )\nimport json\nimport shutil\nimport os\nimport pwd\nimport random\nimport re\nimport socket\nimport time\nimport xml.etree.ElementTree as ET\nfrom tempfile import mkstemp\n\n\n# Return an element in node, but return an empty element instead of None if not found\ndef xml_find(node, elt):\n res = node.find(elt)\n if res is None:\n res = ET.Element('')\n res.text = ''\n return res\n\n\nclass PFSenseModule(object):\n \"\"\" class managing pfsense base configuration \"\"\"\n\n def __init__(self, module, config='/cf/conf/config.xml'):\n self.module = module\n self.config = config\n self.tree = ET.parse(config)\n self.root = self.tree.getroot()\n self.config_version = float(self.get_element('version').text)\n self.aliases = self.get_element('aliases', create_node=True)\n self.interfaces = self.get_element('interfaces')\n self.ifgroups = self.get_element('ifgroups')\n self.rules = self.get_element('filter')\n self.shapers = self.get_element('shaper')\n self.dnshapers = self.get_element('dnshaper')\n self.vlans = self.get_element('vlans')\n self.gateways = self.get_element('gateways')\n self.ipsec = self.get_element('ipsec')\n self.openvpn = self.get_element('openvpn')\n self.virtualip = self.get_element('virtualip')\n self.debug = open('/tmp/pfsense.debug', 'w')\n if sys.version_info >= (3, 4):\n self._scrub()\n\n self.pfsense_version = None\n\n # Work around pfSense CDATA xml formatting issue\n # https://github.com/opoplawski/ansible-pfsense/issues/61\n def _scrub(self):\n for elt in self.root.iter():\n if elt.text is not None:\n elt.text = html.unescape(elt.text)\n\n def get_interface_by_display_name(self, name):\n \"\"\" return interface_id by name \"\"\"\n for interface in self.interfaces:\n descr_elt = interface.find('descr')\n if descr_elt is not None and descr_elt.text.strip().lower() == name.lower():\n return interface.tag\n return None\n\n def get_interface_by_port(self, name):\n \"\"\" return interface_id by port (os name) \"\"\"\n for interface in self.interfaces:\n if interface.find('if').text.strip() == name:\n return interface.tag\n return None\n\n def get_interface_display_name(self, interface_id, return_none=False):\n \"\"\" return interface display name if found, otherwhise return the interface_id \"\"\"\n if interface_id == 'enc0':\n if return_none and not self.is_ipsec_enabled():\n return None\n return 'IPsec'\n if interface_id == 'openvpn':\n if return_none and not self.is_openvpn_enabled():\n return None\n return 'OpenVPN'\n\n for interface in self.interfaces:\n if interface.tag == interface_id:\n descr_elt = interface.find('descr')\n if descr_elt is not None:\n return descr_elt.text.strip()\n break\n\n if return_none:\n return None\n return interface_id\n\n def get_interface_elt(self, interface_id):\n \"\"\" return interface \"\"\"\n for interface in self.interfaces:\n if interface.tag == interface_id:\n return interface\n return None\n\n def get_interface_port(self, interface_id):\n \"\"\" return interface port \"\"\"\n for interface in self.interfaces:\n if interface.tag == interface_id:\n return interface.find('if').text.strip()\n return None\n\n def get_interface_port_by_display_name(self, name):\n \"\"\" return interface port \"\"\"\n for interface in self.interfaces:\n descr_elt = interface.find('descr')\n if descr_elt is not None and descr_elt.text.strip().lower() == name.lower():\n return interface.find('if').text.strip()\n return None\n\n def get_interfaces_networks(self):\n \"\"\" return interface local networks \"\"\"\n ret = []\n for interface in self.interfaces:\n if interface.find('enable') is None:\n continue\n\n ipaddr_elt = interface.find('ipaddr')\n subnet_elt = interface.find('subnet')\n if ipaddr_elt is not None and subnet_elt is not None and ipaddr_elt.text is not None and subnet_elt.text is not None:\n ret.append('{0}/{1}'.format(ipaddr_elt.text, subnet_elt.text))\n\n ipaddr_elt = interface.find('ipaddrv6')\n subnet_elt = interface.find('subnetv6')\n if ipaddr_elt is not None and subnet_elt is not None and ipaddr_elt.text is not None and subnet_elt.text is not None:\n ret.append('{0}/{1}'.format(ipaddr_elt.text, subnet_elt.text))\n\n # TODO: add vip networks\n return ret\n\n def is_interface_port(self, interface_port):\n \"\"\" determines if arg is a pfsense interface port or not \"\"\"\n for interface in self.interfaces:\n interface_elt = interface.tag.strip()\n if interface_elt == interface_port:\n return True\n return False\n\n def is_interface_display_name(self, name):\n \"\"\" determines if arg is an interface name or not \"\"\"\n for interface in self.interfaces:\n descr_elt = interface.find('descr')\n if descr_elt is not None:\n if descr_elt.text.strip().lower() == name.lower():\n return True\n return False\n\n def is_interface_group(self, name):\n \"\"\" determines if arg is an interface group name or not \"\"\"\n if self.ifgroups is not None:\n for interface in self.ifgroups:\n ifname_elt = interface.find('ifname')\n if ifname_elt is not None:\n # ifgroup names appear to be case sensitive\n if ifname_elt.text.strip() == name:\n return True\n return False\n\n def parse_interface(self, interface, fail=True, with_virtual=True, with_gwgroup=False):\n \"\"\" validate param interface field \"\"\"\n if with_virtual and (interface == 'enc0' or interface.lower() == 'ipsec') and self.is_ipsec_enabled():\n return 'enc0'\n if with_virtual and (interface == 'openvpn' or interface.lower() == 'openvpn') and self.is_openvpn_enabled():\n return 'openvpn'\n if with_gwgroup and self.is_gateway_group(interface):\n return interface\n\n if self.is_interface_display_name(interface):\n return self.get_interface_by_display_name(interface)\n elif self.is_interface_port(interface):\n return interface\n elif self.is_interface_group(interface):\n return interface\n\n if fail:\n self.module.fail_json(msg='%s is not a valid interface' % (interface))\n return None\n\n @staticmethod\n def is_ipv4_address(address):\n \"\"\" test if address is a valid ipv4 address \"\"\"\n try:\n addr = ip_address(u'{0}'.format(address))\n return isinstance(addr, IPv4Address)\n except ValueError:\n pass\n return False\n\n @staticmethod\n def is_ipv6_address(address):\n \"\"\" test if address is a valid ipv6 address \"\"\"\n try:\n addr = ip_address(u'{0}'.format(address))\n return isinstance(addr, IPv6Address)\n except ValueError:\n pass\n return False\n\n @staticmethod\n def is_ipv4_network(address, strict=True):\n \"\"\" test if address is a valid ipv4 network \"\"\"\n try:\n addr = ip_network(u'{0}'.format(address), strict=strict)\n return isinstance(addr, IPv4Network)\n except ValueError:\n pass\n return False\n\n @staticmethod\n def is_ipv6_network(address, strict=True):\n \"\"\" test if address is a valid ipv6 network \"\"\"\n try:\n addr = ip_network(u'{0}'.format(address), strict=strict)\n return isinstance(addr, IPv6Network)\n except ValueError:\n pass\n return False\n\n def is_ip_network(self, address, strict=True):\n \"\"\" test if address is a valid ip network \"\"\"\n return self.is_ipv4_network(address, strict) or self.is_ipv6_network(address, strict)\n\n def is_within_local_networks(self, address):\n \"\"\" test if address is contained in our local networks \"\"\"\n networks = self.get_interfaces_networks()\n try:\n addr = ip_address(u'{0}'.format(address))\n except ValueError:\n return False\n\n for network in networks:\n try:\n net = ip_network(u'{0}'.format(network), strict=False)\n if addr in net:\n return True\n except ValueError:\n # ignore invalid networks, keep trying\n pass\n return False\n\n @staticmethod\n def parse_ip_network(address, strict=True, returns_ip=True):\n \"\"\" return cidr parts of address \"\"\"\n try:\n addr = ip_network(u'{0}'.format(address), strict=strict)\n if strict or not returns_ip:\n return (str(addr.network_address), addr.prefixlen)\n else:\n # we parse the address with ipaddr just for type checking\n # but we use a regex to return the result as it dont kept the address bits\n group = re.match(r'(.*)/(.*)', address)\n if group:\n return (group.group(1), group.group(2))\n except ValueError:\n return None\n return None\n\n def parse_address(self, param, allow_self=True):\n \"\"\" validate param address field and returns it as a dict \"\"\"\n if self.is_ipv6_address(param) or self.is_ipv6_network(param):\n addr = [param]\n else:\n addr = param.split(':', maxsplit=3)\n if len(addr) > 3:\n self.module.fail_json(msg='Cannot parse address %s' % (param))\n\n address = addr[0]\n\n ret = dict()\n # Check if the first character is \"!\"\n if address[0] == '!':\n # Invert the rule\n ret['not'] = None\n address = address[1:]\n\n if address == 'NET' or address == 'IP':\n interface = addr[1] if len(addr) > 1 else None\n ports = addr[2] if len(addr) > 2 else None\n if interface is None or interface == '':\n self.module.fail_json(msg='Cannot parse address %s' % (param))\n\n ret['network'] = self.parse_interface(interface)\n if address == 'IP':\n ret['network'] += 'ip'\n else:\n ports = addr[1] if len(addr) > 1 else None\n if address == 'any':\n ret['any'] = None\n # rule with this firewall\n elif allow_self and address == '(self)':\n ret['network'] = '(self)'\n # rule with interface name (LAN, WAN...)\n elif self.is_interface_display_name(address):\n ret['network'] = self.get_interface_by_display_name(address)\n else:\n if not self.is_ip_or_alias(address):\n self.module.fail_json(msg='Cannot parse address %s, not IP or alias' % (address))\n ret['address'] = address\n\n if ports is not None:\n self.parse_port(ports, ret)\n msg = \"the :ports syntax at end of addresses is deprecated and support will be removed soon. Please use source_port and destination_port options.\"\n self.module.warn(msg)\n\n return ret\n\n def parse_port(self, src_ports, ret):\n \"\"\" validate and parse port address field and set it in ret \"\"\"\n ports = src_ports.split('-')\n if len(ports) > 2 or ports[0] is None or ports[0] == '' or len(ports) == 2 and (ports[1] is None or ports[1] == ''):\n self.module.fail_json(msg='Cannot parse port %s' % (src_ports))\n\n if not self.is_port_or_alias(ports[0]):\n self.module.fail_json(msg='Cannot parse port %s, not port number or alias' % (ports[0]))\n ret['port'] = ports[0]\n\n if len(ports) > 1:\n if not self.is_port_or_alias(ports[1]):\n self.module.fail_json(msg='Cannot parse port %s, not port number or alias' % (ports[1]))\n ret['port'] += '-' + ports[1]\n\n def check_name(self, name, objtype):\n \"\"\" check name validity \"\"\"\n\n msg = None\n if len(name) >= 32 or len(re.findall(r'(^_*$|^\\d*$|[^a-zA-Z0-9_])', name)) > 0:\n msg = f\"The {objtype} name '{name}' must be less than 32 characters long, may not consist of only numbers, may not consist of only underscores, \"\n msg += \"and may only contain the following characters: a-z, A-Z, 0-9, _\"\n elif name in [\"port\", \"pass\"]:\n msg = f\"The {objtype} name must not be either of the reserved words 'port' or 'pass'\"\n else:\n try:\n socket.getprotobyname(name)\n msg = f\"The {objtype} name must not be an IP protocol name such as TCP, UDP, ICMP etc.\"\n except socket.error:\n # If the protocol name lookup fails, the name is not a reserved protocol and is therefore allowed.\n pass\n\n try:\n socket.getservbyname(name)\n msg = f\"The {objtype} name must not be a well-known or registered TCP or UDP port name such as ssh, smtp, pop3, tftp, http, openvpn etc.\"\n except socket.error:\n # If the service name lookup fails, the name is not a reserved TCP/UDP service and is therefore allowed.\n pass\n\n if msg is not None:\n self.module.fail_json(msg=msg)\n\n def check_ip_address(self, address, ipprotocol, objtype, allow_networks=False, fail_ifnotip=False):\n \"\"\" check address according to ipprotocol \"\"\"\n if address is None:\n return\n if allow_networks:\n ipv4 = self.is_ipv4_network(address, False)\n ipv6 = self.is_ipv6_network(address, False)\n else:\n ipv4 = self.is_ipv4_address(address)\n ipv6 = self.is_ipv6_address(address)\n\n if ipprotocol == 'inet':\n if ipv6 or not ipv4 and fail_ifnotip:\n self.module.fail_json(msg='{0} must use an IPv4 address'.format(objtype))\n elif ipprotocol == 'inet6':\n if ipv4 or not ipv6 and fail_ifnotip:\n self.module.fail_json(msg='{0} must use an IPv6 address'.format(objtype))\n elif ipprotocol == 'inet46':\n if ipv4 or ipv6:\n self.module.fail_json(msg='IPv4 and IPv6 addresses can not be used in objects that apply to both IPv4 and IPv6 (except within an alias).')\n\n def validate_openvpn_tunnel_network(self, network, ipproto):\n \"\"\" check openvpn tunnel network validity - based on pfSense's openvpn_validate_tunnel_network() \"\"\"\n if network is not None and network != '':\n alias_elt = self.find_alias(network, aliastype='network')\n if alias_elt is not None:\n networks = alias_elt.find('address').text.split()\n if len(networks) > 1:\n self.module.fail_json(\"The alias {0} contains more than one network\".format(network))\n network = networks[0]\n\n if not self.is_ipv4_network(network, strict=False) and ipproto == 'ipv4':\n self.module.fail_json(\"{0} is not a valid IPv4 network\".format(network))\n if not self.is_ipv6_network(network, strict=False) and ipproto == 'ipv6':\n self.module.fail_json(\"{0} is not a valid IPv6 network\".format(network))\n return True\n\n return True\n\n def validate_string(self, name, objtype):\n \"\"\" check string validity - similar to pfSense's do_input_validate() \"\"\"\n\n if len(re.findall(r'[\\000-\\010\\013\\014\\016-\\037]', name)) > 0:\n self.module.fail_json(\"The {0} name contains invalid characters.\".format(objtype))\n\n @staticmethod\n def addr_normalize(addr):\n \"\"\" return address element formatted like module argument \"\"\"\n address = ''\n ports = ''\n if 'address' in addr:\n address = addr['address']\n if 'any' in addr:\n address = 'any'\n if 'network' in addr:\n address = 'NET:%s' % addr['network']\n if address == '':\n raise ValueError('UNKNOWN addr %s' % addr)\n if 'port' in addr:\n ports = addr['port']\n if 'not' in addr:\n address = '!' + address\n return address, ports\n\n @staticmethod\n def new_element(tag, text='\\n\\t\\t\\t'):\n \"\"\" Create and return new XML configuration element \"\"\"\n elt = ET.Element(tag)\n # Attempt to preserve some of the formatting of pfSense's config.xml\n elt.text = text\n elt.tail = '\\n\\t\\t'\n return elt\n\n def get_element(self, node, root_elt=None, create_node=False):\n \"\"\" return configuration element \"\"\"\n if root_elt is None:\n root_elt = self.root\n top_elt = root_elt\n for item in node.split('/'):\n elt = top_elt.find(item)\n if elt is None and create_node:\n elt = self.new_element(item)\n top_elt.append(elt)\n top_elt = elt\n return elt\n\n def get_elements(self, node, root_elt=None):\n \"\"\" return all configuration elements \"\"\"\n if root_elt is None:\n root_elt = self.root\n return root_elt.findall(node)\n\n def get_index(self, elt, root_elt=None):\n \"\"\" Get elt index \"\"\"\n if root_elt is None:\n root_elt = self.root\n return list(root_elt).index(elt)\n\n def find_elt(self, node, search_text, search_field='descr', root_elt=None, multiple_ok=False):\n \"\"\" return object elt if found \"\"\"\n search_xpath = \"{0}[{1}='{2}']\".format(node, search_field, search_text)\n return self.find_elt_xpath(search_xpath, root_elt, multiple_ok)\n\n def find_elt_xpath(self, search_xpath, root_elt=None, multiple_ok=False):\n \"\"\" return object elt if found \"\"\"\n if root_elt is None:\n root_elt = self.root\n result = root_elt.findall(search_xpath)\n # Always return an iterable if multiple_ok\n if multiple_ok:\n return result\n else:\n if len(result) == 1:\n return result[0]\n elif len(result) > 1:\n self.module.fail_json(msg='Found multiple elements for name {0}.'.format(self.obj['name']))\n return None\n\n @staticmethod\n def remove_deleted_param_from_elt(elt, param, params):\n \"\"\" Remove from a deleted param from an xml elt \"\"\"\n changed = False\n if param not in params:\n param_elt = elt.find(param)\n if param_elt is not None:\n changed = True\n elt.remove(param_elt)\n return changed\n\n def is_ipsec_enabled(self):\n \"\"\" return True if ipsec is enabled \"\"\"\n if self.ipsec is None:\n return False\n\n for elt in self.ipsec:\n if elt.tag == 'phase1' and elt.find('disabled') is None:\n return True\n return False\n\n def is_openvpn_enabled(self):\n \"\"\" return True if openvpn is enabled \"\"\"\n if self.openvpn is None:\n return False\n\n for elt in self.openvpn:\n if elt.tag == 'openvpn-server' or elt.tag == 'openvpn-client':\n return True\n return False\n\n def find_ipsec_phase1(self, field_value, field='descr'):\n \"\"\" return ipsec phase1 elt if found \"\"\"\n for ipsec_elt in self.ipsec:\n if ipsec_elt.tag != 'phase1':\n continue\n\n field_elt = ipsec_elt.find(field)\n if field_elt is not None and field_elt.text == field_value:\n return ipsec_elt\n\n return None\n\n @staticmethod\n def rule_match_interface(rule_elt, interface, floating):\n \"\"\" check if a rule elt match the targeted interface\n floating rules must match the floating mode instead of the interface name\n \"\"\"\n interface_elt = rule_elt.find('interface')\n floating_elt = rule_elt.find('floating')\n if floating_elt is not None:\n return floating\n elif floating:\n return False\n return interface_elt is not None and interface_elt.text.lower() == interface.lower()\n\n def get_interface_rules_count(self, interface, floating):\n \"\"\" get rules count in interface/floating \"\"\"\n count = 0\n for rule_elt in self.rules:\n if not self.rule_match_interface(rule_elt, interface, floating):\n continue\n count += 1\n\n return count\n\n def get_rule_position(self, descr, interface, floating, first=True):\n \"\"\" get rule position in interface/floating \"\"\"\n i = 0\n found = None\n for rule_elt in self.rules:\n if not self.rule_match_interface(rule_elt, interface, floating):\n continue\n descr_elt = rule_elt.find('descr')\n if descr_elt is not None and descr_elt.text == descr:\n if first:\n return i\n else:\n found = i\n i += 1\n\n return found\n\n def copy_dict_to_element(self, src, top_elt, sub=0, prev_elt=None):\n \"\"\" Copy/update top_elt from src \"\"\"\n changed = False\n for (key, value) in src.items():\n this_elt = top_elt.find(key)\n self.debug.write('changed=%s key=%s value=%s this_elt=%s, sub=%d\\n' % (changed, key, value, this_elt, sub))\n if this_elt is None:\n if isinstance(value, dict):\n changed = True\n self.debug.write('calling copy_dict_to_element()\\n')\n # Create a new element\n new_elt = ET.Element(key)\n new_elt.text = '\\n%s' % ('\\t' * (sub + 4))\n new_elt.tail = '\\n%s' % ('\\t' * (sub + 2))\n if prev_elt is not None:\n prev_elt.tail = '\\n%s' % ('\\t' * (sub + 2))\n prev_elt = new_elt\n self.copy_dict_to_element(value, new_elt, sub=sub + 1, prev_elt=prev_elt)\n top_elt.append(new_elt)\n elif isinstance(value, list):\n if value:\n changed = True\n if prev_elt is not None:\n prev_elt.tail = '\\n%s' % ('\\t' * (sub + 2))\n for item in value:\n new_elt = self.new_element(key)\n prev_elt = new_elt\n if isinstance(item, dict):\n self.copy_dict_to_element(item, new_elt, sub=sub + 1, prev_elt=prev_elt)\n else:\n new_elt.text = item\n top_elt.append(new_elt)\n else:\n changed = True\n # Create a new element\n new_elt = ET.Element(key)\n new_elt.text = value\n new_elt.tail = '\\n%s' % ('\\t' * (sub + 2))\n if prev_elt is not None:\n prev_elt.tail = '\\n%s' % ('\\t' * (sub + 2))\n prev_elt = new_elt\n top_elt.append(new_elt)\n self.debug.write('changed=%s added key=%s value=%s tag=%s\\n' % (changed, key, value, top_elt.tag))\n else:\n if isinstance(value, dict):\n self.debug.write('calling copy_dict_to_element()\\n')\n if self.copy_dict_to_element(value, this_elt, sub=sub + 1, prev_elt=this_elt):\n changed = True\n elif isinstance(value, list):\n all_sub_elts = top_elt.findall(key)\n\n # remove extra elts\n while len(all_sub_elts) > len(value):\n top_elt.remove(all_sub_elts.pop())\n changed = True\n\n # add new elts\n while len(all_sub_elts) < len(value):\n new_elt = self.new_element(key)\n top_elt.append(new_elt)\n all_sub_elts.append(new_elt)\n changed = True\n prev_elt = new_elt\n\n # set all elts\n for idx, item in enumerate(value):\n if isinstance(item, str):\n if all_sub_elts[idx].text is None and item == '':\n pass\n elif all_sub_elts[idx].text != item:\n all_sub_elts[idx].text = item\n changed = True\n elif self.copy_dict_to_element(item, all_sub_elts[idx], sub=sub + 1, prev_elt=prev_elt):\n changed = True\n elif this_elt.text is None and value == '':\n pass\n elif this_elt.text != value:\n changed = True\n self.debug.write('changed=%s this_elt.text=%s != value=%s\\n' % (changed, repr(this_elt.text), repr(value)))\n this_elt.text = value\n prev_elt = this_elt\n\n # Sub-elements must be completely described, so remove any missing elements\n if sub:\n for child_elt in list(top_elt):\n if child_elt.tag not in src:\n changed = True\n self.debug.write('changed=%s removed tag=%s\\n' % (changed, child_elt.tag))\n top_elt.remove(child_elt)\n\n if prev_elt is not None:\n prev_elt.tail = '\\n%s' % ('\\t' * (sub + 1))\n\n self.debug.flush()\n return changed\n\n @staticmethod\n def array_to_php(src, php_name):\n \"\"\" Generate PHP commands to initialiaze a variable with contents of an array \"\"\"\n array_values = \"'\" + \"','\".join(src) + \"'\"\n cmd = f\"${php_name} = array({array_values});\\n\"\n return cmd\n\n @staticmethod\n def dict_to_php(src, php_name):\n \"\"\" Generate PHP commands to initialiaze a variable with contents of a dict \"\"\"\n cmd = \"${0} = array();\\n\".format(php_name)\n for key, value in src.items():\n if value is not None:\n cmd += \"${0}['{1}'] = '{2}';\\n\".format(php_name, key, value)\n else:\n cmd += \"${0}['{1}'] = '';\\n\".format(php_name, key)\n return cmd\n\n @staticmethod\n def element_to_dict(src_elt):\n \"\"\" Create dict from XML src_elt \"\"\"\n res = {}\n for elt in src_elt:\n if len(elt) > 0:\n value = PFSenseModule.element_to_dict(elt)\n else:\n value = elt.text if elt.text is not None else ''\n\n if elt.tag in res:\n if not isinstance(res[elt.tag], list):\n res[elt.tag] = [res[elt.tag]]\n res[elt.tag].append(value)\n else:\n res[elt.tag] = value\n return res\n\n def config_get_path(self, name, default=None):\n \"\"\" get value of a specific configuration path \"\"\"\n elt = self.find_elt_xpath(name)\n if elt is not None:\n return elt.text\n else:\n return default\n\n def get_refid(self, node, name):\n \"\"\" get refid of name in specific nodes \"\"\"\n elt = self.find_elt(node, name)\n if elt is not None:\n return xml_find(elt, 'refid').text\n else:\n return None\n\n def get_caref(self, name):\n \"\"\" get CA refid for name \"\"\"\n # global is a special case\n if name == 'global':\n return 'global'\n # Otherwise search the ca elements\n return self.get_refid('ca', name)\n\n def get_certref(self, name):\n \"\"\" get Cert refid for name \"\"\"\n return self.get_refid('cert', name)\n\n def get_crlref(self, name):\n \"\"\" get CRL refid for name \"\"\"\n return self.get_refid('crl', name)\n\n @staticmethod\n def get_username():\n \"\"\" get username logged \"\"\"\n username = pwd.getpwuid(os.getuid()).pw_name\n if os.environ.get('SUDO_USER'):\n username = os.environ.get('SUDO_USER')\n # sudo masks this\n sshclient = os.environ.get('SSH_CLIENT')\n if sshclient:\n username = username + '@' + sshclient\n return username\n\n def find_alias(self, name, aliastype=None):\n \"\"\" return alias named name, having type aliastype if specified \"\"\"\n for alias in self.aliases:\n if xml_find(alias, 'name').text == name and (aliastype is None or xml_find(alias, 'type').text == aliastype):\n return alias\n return None\n\n def is_ip_or_alias(self, address):\n \"\"\" return True if address is an ip or an alias \"\"\"\n # Is it an alias?\n if (self.find_alias(address, 'host') is not None\n or self.find_alias(address, 'network') is not None\n or self.find_alias(address, 'urltable') is not None):\n return True\n\n # Is it an IP address or network?\n if self.is_ipv4_address(address) or self.is_ipv4_network(address) or self.is_ipv6_address(address) or self.is_ipv6_network(address):\n return True\n\n # None of the above\n return False\n\n def is_gateway_group(self, gwgroup):\n \"\"\" return True if gwgroup is a gateway group \"\"\"\n return self.find_elt_xpath(f\"./gateways/gateway_group[name='{gwgroup}']\") is not None\n\n def is_port_or_alias(self, port):\n \"\"\" return True if port is a valid port number or an alias \"\"\"\n if (self.find_alias(port, 'port') is not None\n or self.find_alias(port, 'urltable_ports') is not None):\n return True\n try:\n if int(port) > 0 and int(port) < 65536:\n return True\n except ValueError:\n pass\n return False\n\n def is_virtual_ip(self, addr):\n \"\"\" return True if addr is a virtual ip \"\"\"\n if self.virtualip is None:\n return False\n\n if self.find_elt('vip', addr, 'subnet', root_elt=self.virtualip) is None:\n return False\n\n return True\n\n def get_virtual_ip_interface(self, vip):\n \"\"\" return interface name for virtual IP name or network \"\"\"\n if self.virtualip is None:\n return None\n\n vip_elt = self.find_elt('vip', vip, 'descr', root_elt=self.virtualip)\n if vip_elt is None:\n vip_elt = self.find_elt('vip', vip, 'subnet', root_elt=self.virtualip)\n\n if vip_elt is None:\n return None\n\n uniqid_elt = vip_elt.find('uniqid')\n if uniqid_elt is None:\n return None\n\n return \"_vip\" + xml_find(vip_elt, 'uniqid').text\n\n def find_queue(self, name, interface=None, enabled=False):\n \"\"\" return QOS queue if found \"\"\"\n\n # iterate each interface\n for shaper_elt in self.shapers:\n if interface is not None:\n interface_elt = shaper_elt.find('interface')\n if interface_elt is None or interface_elt.text != interface:\n continue\n\n if enabled:\n enabled_elt = shaper_elt.find('enabled')\n if enabled_elt is None or enabled_elt.text != 'on':\n continue\n\n # iterate each queue\n for queue_elt in shaper_elt.findall('.//queue'):\n name_elt = queue_elt.find('name')\n if name_elt is None or name_elt.text != name:\n continue\n\n if enabled:\n enabled_elt = queue_elt.find('enabled')\n if enabled_elt is None or enabled_elt.text != 'on':\n continue\n\n # found it\n return queue_elt\n\n return None\n\n def find_limiter(self, name, enabled=False):\n \"\"\" return QOS limiter if found \"\"\"\n\n # iterate each queue\n for queue_elt in self.dnshapers:\n if enabled:\n enabled_elt = queue_elt.find('enabled')\n if enabled_elt is None or enabled_elt.text != 'on':\n continue\n\n name_elt = queue_elt.find('name')\n if name_elt is None or name_elt.text != name:\n continue\n\n return queue_elt\n\n return None\n\n def find_vlan(self, interface, tag):\n \"\"\" return vlan elt if found \"\"\"\n if self.vlans is None:\n self.vlans = self.get_element('vlans')\n\n if self.vlans is not None:\n for vlan in self.vlans:\n if xml_find(vlan, 'if').text == interface and xml_find(vlan, 'tag').text == tag:\n return vlan\n\n return None\n\n def _create_gw_elt(self, name, interface_id, protocol):\n gw_elt = ET.Element('gateway_item')\n gw_elt.append(self.new_element('interface', interface_id))\n gw_elt.append(self.new_element('gateway', 'dynamic'))\n gw_elt.append(self.new_element('name', name))\n gw_elt.append(self.new_element('weight', '1'))\n gw_elt.append(self.new_element('ipprotocol', protocol))\n gw_elt.append(self.new_element('descr', 'Interface ' + name + ' Gateway'))\n return gw_elt\n\n def find_gateway_elt(self, name, interface=None, protocol=None, dhcp=False, vti=False):\n \"\"\" return gateway elt if found \"\"\"\n for gw_elt in self.gateways:\n if gw_elt.tag != 'gateway_item':\n continue\n\n if protocol is not None and xml_find(gw_elt, 'ipprotocol').text != protocol:\n continue\n\n if interface is not None and xml_find(gw_elt, 'interface').text != interface:\n continue\n\n if xml_find(gw_elt, 'name').text == name:\n return gw_elt\n\n for interface_elt in self.interfaces:\n descr_elt = interface_elt.find('descr')\n if descr_elt is None or descr_elt.text is None:\n continue\n\n if_elt = interface_elt.find('if')\n if if_elt is None or if_elt.text is None:\n continue\n\n descr_text = descr_elt.text.strip().upper()\n\n # todo: implement interface match with ipsec tunnels threw vtimaps\n if vti and (protocol is None or protocol == 'inet') and if_elt.text.startswith('ipsec') and descr_text + '_VTIV4' == name:\n return self._create_gw_elt(name, interface_elt.tag, 'inet')\n\n if vti and (protocol is None or protocol == 'inet6') and if_elt.text.startswith('ipsec') and descr_text + '_VTIV6' == name:\n return self._create_gw_elt(name, interface_elt.tag, 'inet6')\n\n if dhcp:\n ipaddr_elt = interface_elt.find('ipaddr')\n if (protocol is None or protocol == 'inet') and ipaddr_elt is not None and ipaddr_elt.text == 'dhcp' and descr_text + \"_DHCP\" == name:\n return self._create_gw_elt(name, interface_elt.tag, 'inet')\n\n ipaddr_elt = interface_elt.find('ipaddrv6')\n if (protocol is None or protocol == 'inet6') and ipaddr_elt is not None and ipaddr_elt.text == 'dhcp6' and descr_text + \"_DHCP6\" == name:\n return self._create_gw_elt(name, interface_elt.tag, 'inet6')\n\n return None\n\n def find_gateway_group_elt(self, name, protocol='inet'):\n \"\"\" return gateway_group elt if found \"\"\"\n for gw_grp_elt in self.gateways:\n if gw_grp_elt.tag != 'gateway_group':\n continue\n if xml_find(gw_grp_elt, 'name').text != name:\n continue\n\n # check if protocol match\n match_protocol = True\n for gw_elt in gw_grp_elt:\n if gw_elt.tag != 'item' or gw_elt.text is None:\n continue\n\n items = gw_elt.text.split('|')\n if not items or self.find_gateway_elt(items[0], None, protocol) is None:\n match_protocol = False\n break\n\n if not match_protocol:\n continue\n\n return gw_grp_elt\n\n return None\n\n def find_active_gateways(self):\n \"\"\" returns list of active gateways \"\"\"\n (retcode, raw_output, error) = self.phpshell(\"playback gatewaystatus\")\n\n write = False\n output = []\n lines = raw_output.split(\"\\n\")\n for line in lines:\n if write and line != \"\" and \"shell:\" not in line:\n output.append(line)\n if \"started\" in line:\n write = True\n\n head = output[0].split()\n data = []\n\n for line in output[1:]:\n c = 0\n dline = {}\n for item in line.split():\n dline[head[c]] = item\n c += 1\n if dline is not {}:\n data.append(dline)\n return data\n\n def find_ca_elt(self, ca, search_field='descr'):\n \"\"\" return certificate authority elt if found \"\"\"\n return self.find_elt('ca', ca, search_field)\n\n def find_cert_elt(self, cert, search_field='descr'):\n \"\"\" return certificate elt if found \"\"\"\n return self.find_elt('cert', cert, search_field)\n\n def find_crl_elt(self, crl, search_field='descr'):\n \"\"\" return certificate revocation list elt if found \"\"\"\n return self.find_elt('crl', crl, search_field)\n\n def find_schedule_elt(self, name):\n \"\"\" return schedule elt if found \"\"\"\n return self.find_elt_xpath(\"./schedules/schedule[name='{0}']\".format(name))\n\n @staticmethod\n def uniqid(prefix='', more_entropy=False):\n \"\"\" return an identifier based on time \"\"\"\n if more_entropy:\n return prefix + '{0:x}{1:05x}{2:.8F}'.format(int(time.time()), int(time.time() * 1000000) % 0x100000, random.random() * 10)\n\n return prefix + '{0:x}{1:05x}'.format(int(time.time()), int(time.time() * 1000000) % 0x100000)\n\n def phpshell(self, command, debug=True):\n \"\"\" Run a command in the php developer shell \"\"\"\n phpshell = \"global $config;\\n\"\n if debug:\n phpshell = \"global $debug;\\n$debug = 1;\\n\"\n phpshell += command + \"\\nexec\\nexit\"\n # Dummy argument suppresses displaying help message\n return self.module.run_command('/usr/local/sbin/pfSsh.php dummy', data=phpshell)\n\n def php(self, command):\n \"\"\" Run a command in php and return the output \"\"\"\n cmd = '\\n'\n (dummy, stdout, stderr) = self.module.run_command('/usr/local/bin/php', data=cmd)\n # If /var/run/booting is in place, various requires will emit a \".\"\n (stdout, nsubs) = re.subn(r'^\\.+', '', stdout)\n if nsubs > 0:\n self.module.warn('/var/run/booting appears to be present, confirm successful boot and remove if appropriate.')\n # TODO: check stderr for errors\n try:\n result = json.loads(stdout)\n except json.JSONDecodeError as e:\n self.module.fail_json(msg=f\"{e}\", cmd=cmd, stdout=stdout, stderr=stderr)\n return result\n\n def write_config(self, descr='Updated by ansible pfsense module'):\n \"\"\" Generate config file \"\"\"\n revision = self.get_element('revision')\n xml_find(revision, 'time').text = '%d' % time.time()\n revdescr = revision.find('description')\n if revdescr is None:\n revdescr = ET.Element('description')\n revision.append(revdescr)\n revdescr.text = descr\n username = self.get_username()\n xml_find(revision, 'username').text = username\n (tmp_handle, tmp_name) = mkstemp()\n os.close(tmp_handle)\n if sys.version_info >= (3, 4):\n self.tree.write(tmp_name, xml_declaration=True, method='xml', short_empty_elements=False)\n else:\n self.tree.write(tmp_name, xml_declaration=True, method='xml')\n shutil.move(tmp_name, self.config)\n os.chmod(self.config, 0o644)\n try:\n os.remove('/tmp/config.cache')\n except OSError as exception:\n if exception.errno == 2:\n # suppress \"No such file or directory error\n pass\n else:\n raise\n\n @staticmethod\n def get_version():\n \"\"\" get pfSense version \"\"\"\n # TODO: use subprocess when we'll drop support for python 2.7\n os.system(\"pkg-static info | grep pfSense-base > /tmp/pfVersion\")\n vfile = open(\"/tmp/pfVersion\", \"r\")\n version = vfile.read().replace(\"pfSense-base-\", \"\").split()[0]\n vfile.close()\n return version\n\n @staticmethod\n def is_ce_version(version=None):\n \"\"\" return True if version is a CE version (for now, we only have 2.x patterns) \"\"\"\n if isinstance(version, list):\n return version[0] == 2\n if version is None:\n version = PFSenseModule.get_version()\n return len(version.split('.')[0]) == 1\n\n def is_version(self, version, or_more=True):\n \"\"\" check target pfSense version \"\"\"\n if self.pfsense_version is None:\n pfsense_version = self.get_version()\n self.pfsense_version = []\n match = re.match(r'(\\d+)\\.(\\d+)\\.?(\\d+)?', pfsense_version)\n if match is None:\n self.module.fail_json(msg=\"Unable to get version from pfSense (got '{0}')\".format(pfsense_version))\n for idx in range(0, match.lastindex):\n self.pfsense_version.append(int(match.group(idx + 1)))\n\n # we must compare a CE with a CE or pfSense+ with pfSense+\n is_ce_in = self.is_ce_version(version)\n is_ce = self.is_ce_version(self.pfsense_version)\n if is_ce != is_ce_in:\n return False\n\n for idx, ver in enumerate(version):\n if idx == len(self.pfsense_version):\n return True\n if self.pfsense_version[idx] > ver and or_more:\n return True\n\n if ver < self.pfsense_version[idx] and not or_more or ver > self.pfsense_version[idx]:\n return False\n\n return True\n\n def is_at_least_2_5_2(self):\n \"\"\" check target pfSense version \"\"\"\n return self.is_version([2, 5, 2]) or self.is_version([21, 5])\n\n def is_at_least_2_5_0(self):\n \"\"\" check target pfSense version \"\"\"\n return self.is_version([2, 5, 0]) or self.is_version([21, 2])\n\n def apply_ipsec_changes(self):\n \"\"\" execute pfSense code to appy ipsec changes \"\"\"\n if self.is_at_least_2_5_0():\n return self.phpshell(\n \"require_once('vpn.inc');\"\n \"$ipsec_dynamic_hosts = ipsec_configure();\"\n \"ipsec_reload_package_hook();\"\n \"$retval = 0;\"\n \"$retval |= filter_configure();\"\n \"if ($ipsec_dynamic_hosts >= 0 && is_subsystem_dirty('ipsec'))\"\n \" clear_subsystem_dirty('ipsec');\"\n )\n return self.phpshell(\n \"require_once('vpn.inc');\"\n \"$ipsec_dynamic_hosts = vpn_ipsec_configure();\"\n \"$retval = 0;\"\n \"$retval |= filter_configure();\"\n \"if ($ipsec_dynamic_hosts >= 0 && is_subsystem_dirty('ipsec'))\"\n \" clear_subsystem_dirty('ipsec');\"\n )\n"
},
{
"path": "plugins/module_utils/route.py",
"content": "# -*- coding: utf-8 -*-\n\n# Copyright: (c) 2018, Frederic Bor \n# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)\n\nfrom __future__ import absolute_import, division, print_function\n__metaclass__ = type\nfrom ansible_collections.pfsensible.core.plugins.module_utils.module_base import PFSenseModuleBase\n\nROUTE_ARGUMENT_SPEC = dict(\n state=dict(default='present', choices=['present', 'absent']),\n descr=dict(required=True, type='str'),\n gateway=dict(required=False, type='str'),\n network=dict(required=False, type='str'),\n disabled=dict(default=False, type='bool'),\n)\n\nROUTE_REQUIRED_IF = [\n [\"state\", \"present\", [\"gateway\", \"network\"]],\n]\n\n\nclass PFSenseRouteModule(PFSenseModuleBase):\n \"\"\" module managing pfsense routes \"\"\"\n\n @staticmethod\n def get_argument_spec():\n \"\"\" return argument spec \"\"\"\n return ROUTE_ARGUMENT_SPEC\n\n ##############################\n # init\n #\n def __init__(self, module, pfsense=None):\n super(PFSenseRouteModule, self).__init__(module, pfsense)\n self.name = \"pfsense_route\"\n self.root_elt = self.pfsense.get_element('staticroutes')\n self.obj = dict()\n self.route_cmd = list()\n\n if self.root_elt is None:\n self.root_elt = self.pfsense.new_element('staticroutes')\n self.pfsense.root.append(self.root_elt)\n\n ##############################\n # params processing\n #\n def _expand_alias(self, networks):\n \"\"\" return real addresses of alias \"\"\"\n ret = list()\n\n while len(networks) > 0:\n alias = networks.pop()\n if self.pfsense.is_ipv4_network(alias, strict=False):\n ret.append(alias)\n else:\n alias_elt = self.pfsense.find_alias(alias, aliastype='host')\n if alias_elt is None:\n alias_elt = self.pfsense.find_alias(alias, aliastype='network')\n networks += alias_elt.find('address').text.split(' ')\n\n return ret\n\n def _params_to_obj(self):\n \"\"\" return a dict from module params \"\"\"\n params = self.params\n\n obj = dict()\n self.obj = obj\n\n obj['descr'] = params['descr']\n target_elt = self._find_target()\n if params['state'] == 'present':\n self._get_ansible_param(obj, 'gateway')\n self._get_ansible_param(obj, 'descr')\n self._get_ansible_param(obj, 'network')\n\n self._get_ansible_param_bool(obj, 'disabled')\n\n if target_elt is not None:\n old_network = target_elt.find('network').text\n if params['state'] == 'absent' or old_network != params['network']:\n networks = self._expand_alias([old_network])\n for network in networks:\n if self.pfsense.is_ipv4_address(network):\n network = network + '/32'\n elif self.pfsense.is_ipv6_address(old_network):\n network = network + '/128'\n\n if self.pfsense.is_ipv4_network(network, False):\n family = '-inet'\n else:\n family = '-inet6'\n\n self.route_cmd.append('/sbin/route delete {0} {1}'.format(family, network))\n\n return obj\n\n def _validate_params(self):\n \"\"\" do some extra checks on input parameters \"\"\"\n params = self.params\n\n if params['state'] == 'present':\n gw_elt = self.pfsense.find_gateway_elt(params['gateway'], dhcp=True, vti=True)\n if gw_elt is None:\n self.module.fail_json(msg='The gateway {0} does not exist'.format(params['gateway']))\n\n if (self.pfsense.is_ipv4_address(params['network']) and gw_elt.find('ipprotocol').text == 'inet6' or\n self.pfsense.is_ipv6_address(params['network']) and gw_elt.find('ipprotocol').text == 'inet'):\n msg = 'The gateway \"{0}\" is a different Address Family than network \"{1}\".'.format(gw_elt.find('gateway').text, params['network'])\n self.module.fail_json(msg=msg)\n\n if (not self.pfsense.is_ip_network(params['network'], False) and self.pfsense.find_alias(params['network'], aliastype='host') is None and\n self.pfsense.find_alias(params['network'], aliastype='network') is None):\n self.module.fail_json(msg='A valid IPv4 or IPv6 destination network or alias must be specified.')\n\n ##############################\n # XML processing\n #\n def _create_target(self):\n \"\"\" create the XML target_elt \"\"\"\n return self.pfsense.new_element('route')\n\n def _find_target(self):\n \"\"\" find the XML target_elt \"\"\"\n for route_elt in self.root_elt:\n if route_elt.find('descr').text == self.obj['descr']:\n return route_elt\n return None\n\n @staticmethod\n def _get_params_to_remove():\n \"\"\" returns the list of params to remove if they are not set \"\"\"\n return ['disabled']\n\n ##############################\n # run\n #\n def _update(self):\n \"\"\" make the target pfsense reload \"\"\"\n for cmd in self.route_cmd:\n self.module.run_command(cmd)\n\n return self.pfsense.phpshell('''\nrequire_once(\"filter.inc\");\n$retval = 0;\nif (file_exists(\"{$g['tmp_path']}/.system_routes.apply\")) {\n $toapplylist = unserialize(file_get_contents(\"{$g['tmp_path']}/.system_routes.apply\"));\n foreach ($toapplylist as $toapply)\n mwexec(\"{$toapply}\");\n @unlink(\"{$g['tmp_path']}/.system_routes.apply\");\n}\n\n$retval |= system_routing_configure();\n$retval |= filter_configure();\n/* reconfigure our gateway monitor */\nsetup_gateways_monitor();\n\nif ($retval == 0) clear_subsystem_dirty('staticroutes');\n''')\n\n ##############################\n # Logging\n #\n def _get_obj_name(self):\n \"\"\" return obj's name \"\"\"\n return \"'{0}'\".format(self.obj['descr'])\n\n def _log_fields(self, before=None):\n \"\"\" generate pseudo-CLI command fields parameters to create an obj \"\"\"\n values = ''\n if before is None:\n values += self.format_cli_field(self.obj, 'network')\n values += self.format_cli_field(self.obj, 'gateway')\n values += self.format_cli_field(self.params, 'disabled', fvalue=self.fvalue_bool, default=False)\n else:\n values += self.format_updated_cli_field(self.obj, before, 'network', add_comma=(values))\n values += self.format_updated_cli_field(self.obj, before, 'gateway', add_comma=(values))\n values += self.format_updated_cli_field(self.obj, before, 'disabled', fvalue=self.fvalue_bool, default=False, add_comma=(values))\n\n return values\n"
},
{
"path": "plugins/module_utils/rule.py",
"content": "# -*- coding: utf-8 -*-\n\n# Copyright: (c) 2018, Orion Poplawski \n# Copyright: (c) 2018, Frederic Bor \n# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)\n\nfrom __future__ import (absolute_import, division, print_function)\n__metaclass__ = type\n\nimport time\nimport re\nfrom ansible_collections.pfsensible.core.plugins.module_utils.module_base import PFSenseModuleBase\n\nRULE_ARGUMENT_SPEC = dict(\n name=dict(required=True, type='str'),\n action=dict(default='pass', choices=['pass', 'block', 'match', 'reject']),\n state=dict(default='present', choices=['present', 'absent']),\n disabled=dict(default=False, required=False, type='bool'),\n interface=dict(required=True, type='str'),\n floating=dict(required=False, type='bool'),\n direction=dict(required=False, choices=[\"any\", \"in\", \"out\"]),\n ipprotocol=dict(default='inet', choices=['inet', 'inet46', 'inet6']),\n protocol=dict(default='any', choices=[\"any\", \"tcp\", \"udp\", \"tcp/udp\", \"icmp\", \"igmp\", \"ospf\", \"esp\", \"ah\", \"gre\", \"pim\", \"sctp\", \"pfsync\", \"carp\"]),\n source=dict(required=False, type='str'),\n source_port=dict(required=False, type='str'),\n destination=dict(required=False, type='str'),\n destination_port=dict(required=False, type='str'),\n log=dict(required=False, type='bool'),\n after=dict(required=False, type='str'),\n before=dict(required=False, type='str'),\n tcpflags_any=dict(required=False, type='bool'),\n statetype=dict(default='keep state', choices=['keep state', 'sloppy state', 'synproxy state', 'none']),\n queue=dict(required=False, type='str'),\n ackqueue=dict(required=False, type='str'),\n in_queue=dict(required=False, type='str'),\n out_queue=dict(required=False, type='str'),\n queue_error=dict(default=True, type='bool'),\n gateway=dict(default='default', type='str'),\n tracker=dict(required=False, type='str'),\n icmptype=dict(default='any', required=False, type='str'),\n sched=dict(required=False, type='str'),\n quick=dict(default=False, type='bool'),\n)\n\nRULE_REQUIRED_IF = [\n [\"floating\", True, [\"direction\"]],\n [\"state\", \"present\", [\"source\", \"destination\"]],\n [\"protocol\", \"icmp\", [\"icmptype\"]],\n]\n\n# These are rule elements that are (currently) unmanaged by this module\nRULE_UNMANAGED_ELEMENTS = [\n 'created', 'id', 'max', 'max-src-conn', 'max-src-nodes', 'max-src-states', 'os',\n 'statetimeout', 'statetype', 'tag', 'tagged', 'updated'\n]\n\n\nclass PFSenseRuleModule(PFSenseModuleBase):\n \"\"\" module managing pfsense rules \"\"\"\n\n @staticmethod\n def get_argument_spec():\n \"\"\" return argument spec \"\"\"\n return RULE_ARGUMENT_SPEC\n\n ##############################\n # init\n #\n def __init__(self, module, pfsense=None):\n super(PFSenseRuleModule, self).__init__(module, pfsense)\n self.name = \"pfsense_rule\"\n # Override for use with aggregate\n self.argument_spec = RULE_ARGUMENT_SPEC\n self.root_elt = self.pfsense.get_element('filter')\n self.obj = dict()\n\n self.result['added'] = []\n self.result['deleted'] = []\n self.result['modified'] = []\n\n self.obj = None\n self._floating = None # are we on floating rule\n self._floating_interfaces = None # rule's interfaces before change\n self._after = None # insert/move after\n self._before = None # insert/move before\n\n self._position_changed = False\n self.trackers = set()\n\n ##############################\n # params processing\n #\n def _params_to_obj(self):\n \"\"\" return a dict from module params \"\"\"\n params = self.params\n\n obj = dict()\n self.obj = obj\n\n obj['descr'] = params['name']\n\n if params.get('floating'):\n obj['floating'] = 'yes'\n obj['interface'] = self._parse_floating_interfaces(params['interface'])\n else:\n obj['interface'] = self.pfsense.parse_interface(params['interface'])\n\n if params['state'] == 'present':\n obj['type'] = params['action']\n obj['ipprotocol'] = params['ipprotocol']\n obj['statetype'] = params['statetype']\n\n obj['source'] = self.pfsense.parse_address(params['source'])\n if params.get('source_port'):\n self.pfsense.parse_port(params['source_port'], obj['source'])\n\n obj['destination'] = self.pfsense.parse_address(params['destination'])\n if params.get('destination_port'):\n self.pfsense.parse_port(params['destination_port'], obj['destination'])\n\n if params['protocol'] not in ['tcp', 'udp', 'tcp/udp', 'any'] and ('port' in obj['source'] or 'port' in obj['destination']):\n self.module.fail_json(msg=\"{0}: you can't use ports on protocols other than tcp, udp, tcp/udp or any\".format(self._get_obj_name()))\n\n for param in ['destination', 'source']:\n if 'address' in obj[param]:\n self.pfsense.check_ip_address(obj[param]['address'], obj['ipprotocol'], 'rule')\n if 'network' in obj[param]:\n self.pfsense.check_ip_address(obj[param]['network'], obj['ipprotocol'], 'rule', allow_networks=True)\n\n self._get_ansible_param(obj, 'protocol', exclude='any')\n if params['protocol'] == 'icmp':\n self._get_ansible_param(obj, 'icmptype')\n self._get_ansible_param(obj, 'direction')\n self._get_ansible_param(obj, 'queue', fname='defaultqueue')\n if params.get('ackqueue'):\n self._get_ansible_param(obj, 'ackqueue')\n self._get_ansible_param(obj, 'in_queue', fname='dnpipe')\n self._get_ansible_param(obj, 'out_queue', fname='pdnpipe')\n self._get_ansible_param(obj, 'associated-rule-id')\n self._get_ansible_param(obj, 'tracker', exclude='')\n self._get_ansible_param(obj, 'gateway', exclude='default')\n self._get_ansible_param(obj, 'sched')\n\n self._get_ansible_param_bool(obj, 'disabled', value='')\n self._get_ansible_param_bool(obj, 'log', value='')\n self._get_ansible_param_bool(obj, 'quick')\n self._get_ansible_param_bool(obj, 'tcpflags_any', value='')\n\n self._floating = 'floating' in self.obj and self.obj['floating'] == 'yes'\n self._after = params.get('after')\n self._before = params.get('before')\n\n return obj\n\n def _parse_floating_interfaces(self, interfaces):\n \"\"\" validate param interface field when floating is true \"\"\"\n res = []\n for interface in interfaces.split(','):\n if interface == 'any':\n res.append(interface)\n else:\n res.append(self.pfsense.parse_interface(interface))\n self._floating_interfaces = interfaces\n return ','.join(res)\n\n def _validate_params(self):\n \"\"\" do some extra checks on input parameters \"\"\"\n params = self.params\n\n if params.get('ackqueue') and params['queue'] is None:\n self.module.fail_json(msg='A default queue must be selected when an acknowledge queue is also selected')\n\n if params.get('ackqueue') and params['ackqueue'] == params['queue']:\n self.module.fail_json(msg='Acknowledge queue and default queue cannot be the same')\n\n # as in pfSense 2.4, the GUI accepts any queue defined on any interface without checking, we do the same\n if params.get('ackqueue') and self.pfsense.find_queue(params['ackqueue'], enabled=True) is None and params['queue_error']:\n self.module.fail_json(msg='Failed to find enabled ackqueue=%s' % params['ackqueue'])\n\n if params.get('queue') is not None and self.pfsense.find_queue(params['queue'], enabled=True) is None and params['queue_error']:\n self.module.fail_json(msg='Failed to find enabled queue=%s' % params['queue'])\n\n if params.get('out_queue') is not None and params['in_queue'] is None:\n self.module.fail_json(msg='A queue must be selected for the In direction before selecting one for Out too')\n\n if params.get('out_queue') is not None and params['out_queue'] == params['in_queue']:\n self.module.fail_json(msg='In and Out Queue cannot be the same')\n\n if params.get('out_queue') is not None and self.pfsense.find_limiter(params['out_queue'], enabled=True) is None:\n self.module.fail_json(msg='Failed to find enabled out_queue=%s' % params['out_queue'])\n\n if params.get('in_queue') is not None and self.pfsense.find_limiter(params['in_queue'], enabled=True) is None:\n self.module.fail_json(msg='Failed to find enabled in_queue=%s' % params['in_queue'])\n\n if params.get('floating') and params.get('direction') == 'any' and (params['in_queue'] is not None or params['out_queue'] is not None):\n self.module.fail_json(msg='Limiters can not be used in Floating rules without choosing a direction')\n\n if params.get('after') and params.get('before'):\n self.module.fail_json(msg='Cannot specify both after and before')\n elif params.get('after'):\n if params['after'] == params['name']:\n self.module.fail_json(msg='Cannot specify the current rule in after')\n elif params.get('before'):\n if params['before'] == params['name']:\n self.module.fail_json(msg='Cannot specify the current rule in before')\n\n # gateway\n if params.get('gateway') is not None and params['gateway'] != 'default':\n if params['ipprotocol'] == 'inet46':\n self.module.fail_json(msg='Gateway selection is not valid for \"IPV4+IPV6\" address family.')\n elif (self.pfsense.find_gateway_group_elt(params['gateway'], params['ipprotocol']) is None\n and self.pfsense.find_gateway_elt(params['gateway'], None, params['ipprotocol']) is None):\n self.module.fail_json(msg='Gateway \"%s\" does not exist or does not match target rule ip protocol.' % params['gateway'])\n\n if params.get('floating') and params.get('direction') == 'any':\n self.module.fail_json(msg='Gateways can not be used in Floating rules without choosing a direction')\n\n # tracker\n if params.get('tracker') is not None and int(params['tracker']) < 0:\n self.module.fail_json(msg='tracker {0} must be a positive integer'.format(params['tracker']))\n\n # sched\n if params.get('sched') is not None and self.pfsense.find_schedule_elt(params['sched']) is None:\n self.module.fail_json(msg='Schedule {0} does not exist'.format(params['sched']))\n\n # quick\n if params.get('quick') and not params.get('floating'):\n self.module.fail_json(msg='quick can only be used on floating rules')\n\n # ICMP\n if params.get('protocol') == 'icmp' and params.get('icmptype') is not None:\n both_types = ['any', 'echorep', 'echoreq', 'paramprob', 'redir', 'routeradv', 'routersol', 'timex', 'unreach']\n v4_types = ['althost', 'dataconv', 'inforep', 'inforeq', 'ipv6-here', 'ipv6-where', 'maskrep', 'maskreq', 'mobredir', 'mobregrep', 'mobregreq']\n v4_types += ['photuris', 'skip', 'squench', 'timerep', 'timereq', 'trace']\n v6_types = ['fqdnrep', 'fqdnreq', 'groupqry', 'grouprep', 'groupterm', 'listendone', 'listenrep', 'listqry', 'mtrace', 'mtraceresp', 'neighbradv']\n v6_types += ['neighbrsol', 'niqry', 'nirep', 'routrrenum', 'toobig', 'wrurep', 'wrureq']\n\n icmptypes = list(set(map(str.strip, params['icmptype'].split(','))))\n icmptypes.sort()\n if '' in icmptypes:\n icmptypes.remove('')\n if len(icmptypes) == 0:\n self.module.fail_json(msg='You must specify at least one icmptype or any for all of them')\n\n invalids = set(icmptypes) - set(v4_types) - set(v6_types) - set(both_types)\n if len(invalids) > 0:\n self.module.fail_json(msg='ICMP types {0} does not exist'.format(','.join(invalids)))\n\n if params['ipprotocol'] == 'inet':\n left = set(icmptypes) - set(v4_types) - set(both_types)\n elif params['ipprotocol'] == 'inet6':\n left = set(icmptypes) - set(v6_types) - set(both_types)\n else: # inet46 only allow\n left = set(icmptypes) - set(both_types)\n if len(left) > 0:\n self.module.fail_json(msg='ICMP types {0} are invalid with IP type {1}'.format(','.join(left), params['ipprotocol']))\n params['icmptype'] = ','.join(icmptypes)\n\n ##############################\n # XML processing\n #\n def _adjust_separators(self, start_idx, add=True, before=False):\n \"\"\" update separators position \"\"\"\n separators_elt = self.root_elt.find('separator')\n if separators_elt is None:\n return\n\n separators_elt = separators_elt.find(self.obj['interface'])\n if separators_elt is None:\n return\n\n for separator_elt in separators_elt:\n row_elt = separator_elt.find('row')\n if row_elt is None or row_elt.text is None:\n continue\n\n if_elt = separator_elt.find('if')\n if if_elt is None or if_elt.text != self.obj['interface']:\n continue\n\n match = re.match(r'fr(\\d+)', row_elt.text)\n if match:\n idx = int(match.group(1))\n if add:\n if before:\n if idx > start_idx:\n row_elt.text = 'fr' + str(idx + 1)\n else:\n if idx >= start_idx:\n row_elt.text = 'fr' + str(idx + 1)\n elif idx > start_idx:\n row_elt.text = 'fr' + str(idx - 1)\n\n def _check_tracker(self):\n \"\"\" check the tracking used is unique and change it if required \"\"\"\n if not self.trackers:\n trackers = self.root_elt.findall('tracker')\n for tracker in trackers:\n self.trackers.add(tracker.text)\n\n start = int(time.time())\n while self.obj['tracker'] in self.trackers:\n start = start + 1\n self.obj['tracker'] = str(start)\n\n # keep the tracker for future calls if module is used with aggregate\n self.trackers.add(self.obj['tracker'])\n\n def _copy_and_add_target(self):\n \"\"\" create the XML target_elt \"\"\"\n timestamp = '%d' % int(time.time())\n self.obj['id'] = ''\n if 'tracker' not in self.obj:\n self.obj['tracker'] = timestamp\n self._check_tracker()\n\n self.obj['created'] = self.obj['updated'] = dict()\n self.obj['created']['time'] = self.obj['updated']['time'] = timestamp\n self.obj['created']['username'] = self.obj['updated']['username'] = self.pfsense.get_username()\n self.pfsense.copy_dict_to_element(self.obj, self.target_elt)\n self.diff['after'] = self._rule_element_to_dict()\n self._insert(self.target_elt)\n self.result['added'].append(self.obj)\n\n def _copy_and_update_target(self):\n \"\"\" update the XML target_elt \"\"\"\n timestamp = '%d' % int(time.time())\n before = self._rule_element_to_dict()\n if 'tracker' not in self.obj:\n self.obj['tracker'] = before['tracker']\n\n if 'associated-rule-id' not in self.obj and 'associated-rule-id' in before and before['associated-rule-id'] != '':\n self.module.fail_json(msg='Target filter rule is associated with a NAT rule.')\n\n self.diff['before'] = before\n changed = self.pfsense.copy_dict_to_element(self.obj, self.target_elt)\n if self._remove_deleted_params():\n changed = True\n\n if self._update_rule_position(self.target_elt):\n changed = True\n\n if changed:\n updated_elt = self.target_elt.find('updated')\n if updated_elt is None:\n updated_elt = self.pfsense.new_element('updated')\n updated_elt.append(self.pfsense.new_element('time', timestamp))\n updated_elt.append(self.pfsense.new_element('username', self.pfsense.get_username()))\n self.target_elt.append(updated_elt)\n else:\n updated_elt.find('time').text = timestamp\n updated_elt.find('username').text = self.pfsense.get_username()\n self.diff['after'].update(self._rule_element_to_dict())\n self.result['modified'].append(self._rule_element_to_dict())\n\n return (before, changed)\n\n def _create_target(self):\n \"\"\" create the XML target_elt \"\"\"\n return self.pfsense.new_element('rule')\n\n def _find_matching_rule(self):\n \"\"\" return rule element and index that matches by description or action \"\"\"\n # Prioritize matching my name\n if 'associated-rule-id' in self.obj:\n found, i = self._find_rule(self.obj['associated-rule-id'], 'associated-rule-id')\n if found is not None:\n return (found, i)\n\n found, i = self._find_rule(self.obj['descr'])\n if found is not None:\n return (found, i)\n\n # Match action without name/descr\n match_rule = self.obj.copy()\n del match_rule['descr']\n for rule_elt in self.root_elt:\n this_rule = self.pfsense.element_to_dict(rule_elt)\n this_rule.pop('descr', None)\n # Remove unmanaged elements\n for unwanted in RULE_UNMANAGED_ELEMENTS:\n this_rule.pop(unwanted, None)\n if this_rule == match_rule:\n return (rule_elt, i)\n i += 1\n\n return (None, -1)\n\n def _find_rule(self, value, field='descr'):\n \"\"\" return rule element and index on interface/floating that matches criteria \"\"\"\n i = 0\n for rule_elt in self.root_elt:\n field_elt = rule_elt.find(field)\n if self._match_interface(rule_elt) and field_elt is not None and field_elt.text == value:\n return (rule_elt, i)\n i += 1\n return (None, -1)\n\n def _find_target(self):\n \"\"\" find the XML target_elt \"\"\"\n rule_elt, dummy = self._find_matching_rule()\n if rule_elt is not None and self._floating:\n ifs_elt = rule_elt.find('interface')\n self._floating_interfaces = ','.join([self.pfsense.get_interface_display_name(interface) for interface in ifs_elt.text.split(',')])\n\n return rule_elt\n\n def _get_expected_rule_position(self):\n \"\"\" get expected rule position in interface/floating \"\"\"\n if self._before == 'bottom':\n return self.pfsense.get_interface_rules_count(self.obj['interface'], self._floating) - 1\n elif self._after == 'top':\n return 0\n elif self._after is not None:\n return self._get_rule_position(self._after, first=False) + 1\n elif self._before is not None:\n position = self._get_rule_position(self._before) - 1\n if position < 0:\n return 0\n return position\n else:\n position = self._get_rule_position(self._after, fail=False)\n if position is not None:\n return position\n return self.pfsense.get_interface_rules_count(self.obj['interface'], self._floating)\n return -1\n\n def _get_expected_rule_xml_index(self):\n \"\"\" get expected rule index in xml \"\"\"\n if self._before == 'bottom':\n return self._get_last_rule_xml_index() + 1\n elif self._after == 'top':\n return self._get_first_rule_xml_index()\n elif self._after is not None:\n found, i = self._find_rule(self._after)\n if found is not None:\n return i + 1\n else:\n self.module.fail_json(msg='Failed to insert after rule=%s interface=%s' % (self._after, self._interface_name()))\n elif self._before is not None:\n found, i = self._find_rule(self._before)\n if found is not None:\n return i\n else:\n self.module.fail_json(msg='Failed to insert before rule=%s interface=%s' % (self._before, self._interface_name()))\n else:\n found, i = self._find_rule(self.obj['descr'])\n if found is not None:\n return i\n # For pass/match rules, insert before the first block/reject rule\n # on the same interface to maintain correct allow-before-deny ordering.\n if self.obj.get('type', 'pass') not in ('block', 'reject'):\n idx = self._get_first_deny_rule_xml_index()\n if idx is not None:\n return idx\n return self._get_last_rule_xml_index() + 1\n return -1\n\n def _get_first_rule_xml_index(self):\n \"\"\" Find the first rule for the interface/floating and return its xml index \"\"\"\n i = 0\n for rule_elt in self.root_elt:\n if self._match_interface(rule_elt):\n break\n i += 1\n return i\n\n def _get_last_rule_xml_index(self):\n \"\"\" Find the last rule for the interface/floating and return its xml index \"\"\"\n last_found = -1\n i = 0\n for rule_elt in self.root_elt:\n if self._match_interface(rule_elt):\n last_found = i\n i += 1\n return last_found\n\n def _get_first_deny_rule_xml_index(self):\n \"\"\" Find the first block/reject rule for the interface/floating and return its xml index.\n Returns None if no block/reject rules exist for this interface. \"\"\"\n i = 0\n for rule_elt in self.root_elt:\n if self._match_interface(rule_elt):\n type_elt = rule_elt.find('type')\n if type_elt is not None and type_elt.text in ('block', 'reject'):\n return i\n i += 1\n return None\n\n @staticmethod\n def _get_params_to_remove():\n \"\"\" returns the list of params to remove if they are not set \"\"\"\n return ['log', 'protocol', 'disabled', 'defaultqueue', 'ackqueue', 'dnpipe', 'pdnpipe', 'gateway', 'icmptype', 'sched', 'quick', 'tcpflags_any']\n\n def _get_rule_position(self, descr=None, fail=True, first=True):\n \"\"\" get rule position in interface/floating \"\"\"\n if descr is None:\n descr = self.obj['descr']\n\n res = self.pfsense.get_rule_position(descr, self.obj['interface'], self._floating, first=first)\n if fail and res is None:\n self.module.fail_json(msg='Failed to find rule=%s interface=%s' % (descr, self._interface_name()))\n return res\n\n def _insert(self, rule_elt):\n \"\"\" insert rule into xml \"\"\"\n rule_xml_idx = self._get_expected_rule_xml_index()\n self.root_elt.insert(rule_xml_idx, rule_elt)\n\n rule_position = self._get_rule_position()\n self._adjust_separators(rule_position, before=(self._after is None and self._before is not None))\n\n def _match_interface(self, rule_elt):\n \"\"\" check if a rule elt match the targeted interface \"\"\"\n return self.pfsense.rule_match_interface(rule_elt, self.obj['interface'], self._floating)\n\n def _update_rule_position(self, rule_elt):\n \"\"\" move rule in xml if required \"\"\"\n current_position = self._get_rule_position()\n expected_position = self._get_expected_rule_position()\n if current_position == expected_position:\n self._position_changed = False\n return False\n\n self.diff['before']['position'] = current_position\n self.diff['after']['position'] = expected_position\n self._adjust_separators(current_position, add=False)\n self.root_elt.remove(rule_elt)\n self._insert(rule_elt)\n self._position_changed = True\n return True\n\n ##############################\n # run\n #\n def _pre_remove_target_elt(self):\n \"\"\" processing before removing elt \"\"\"\n self._adjust_separators(self._get_rule_position(), add=False)\n self.diff['before'] = self._rule_element_to_dict()\n self.result['deleted'].append(self._rule_element_to_dict())\n\n def _rule_element_to_dict(self):\n \"\"\" convert rule_elt to dictionary like module arguments \"\"\"\n rule = self.pfsense.element_to_dict(self.target_elt)\n\n # We use 'name' for 'descr'\n rule['name'] = rule.pop('descr', 'UNKNOWN')\n # We use 'action' for 'type'\n rule['action'] = rule.pop('type', 'UNKNOWN')\n\n # Convert addresses to argument format\n for addr_item in ['source', 'destination']:\n rule[addr_item], rule[addr_item + '_port'] = self.pfsense.addr_normalize(rule[addr_item])\n\n return rule\n\n def _update(self):\n \"\"\" make the target pfsense reload rules \"\"\"\n return self.pfsense.phpshell('''require_once(\"filter.inc\");\nif (filter_configure() == 0) { clear_subsystem_dirty('filter'); }''')\n\n ##############################\n # Logging\n #\n def _get_obj_name(self):\n \"\"\" return obj's name \"\"\"\n return \"'{0}' on '{1}'\".format(self.obj['descr'], self._interface_name())\n\n def _interface_name(self):\n \"\"\" return formated interface name for logging \"\"\"\n if self._floating:\n if self._floating_interfaces is not None:\n return 'floating(' + self._floating_interfaces + ')'\n return 'floating(' + self.params['interface'] + ')'\n return self.params['interface']\n\n def _log_fields(self, before=None):\n \"\"\" generate pseudo-CLI command fields parameters to create an obj \"\"\"\n values = ''\n if before is None:\n values += self.format_cli_field(self.params, 'source')\n values += self.format_cli_field(self.params, 'source_port')\n values += self.format_cli_field(self.params, 'destination')\n values += self.format_cli_field(self.params, 'destination_port')\n values += self.format_cli_field(self.params, 'protocol', default='any')\n values += self.format_cli_field(self.params, 'direction')\n values += self.format_cli_field(self.params, 'ipprotocol', default='inet')\n values += self.format_cli_field(self.params, 'icmptype', default='any')\n values += self.format_cli_field(self.params, 'tcpflags_any', fvalue=self.fvalue_bool)\n values += self.format_cli_field(self.params, 'statetype', default='keep state')\n values += self.format_cli_field(self.params, 'action', default='pass')\n values += self.format_cli_field(self.params, 'disabled', fvalue=self.fvalue_bool, default=False)\n values += self.format_cli_field(self.params, 'log', fvalue=self.fvalue_bool, default=False)\n values += self.format_cli_field(self.params, 'after')\n values += self.format_cli_field(self.params, 'before')\n values += self.format_cli_field(self.params, 'queue')\n values += self.format_cli_field(self.params, 'ackqueue')\n values += self.format_cli_field(self.params, 'in_queue')\n values += self.format_cli_field(self.params, 'out_queue')\n values += self.format_cli_field(self.params, 'gateway', default='default')\n values += self.format_cli_field(self.params, 'tracker')\n values += self.format_cli_field(self.params, 'sched')\n values += self.format_cli_field(self.params, 'quick', fvalue=self.fvalue_bool, default=False)\n else:\n fbefore = self._obj_to_log_fields(before)\n fafter = self._obj_to_log_fields(self.obj)\n fafter['before'] = self._before\n fafter['after'] = self._after\n\n values += self.format_updated_cli_field(fafter, fbefore, 'source', add_comma=(values))\n values += self.format_updated_cli_field(fafter, fbefore, 'source_port', add_comma=(values))\n values += self.format_updated_cli_field(fafter, fbefore, 'destination', add_comma=(values))\n values += self.format_updated_cli_field(fafter, fbefore, 'destination_port', add_comma=(values))\n values += self.format_updated_cli_field(self.obj, before, 'protocol', none_value=\"'any'\", add_comma=(values))\n values += self.format_updated_cli_field(self.obj, before, 'icmptype', add_comma=(values))\n values += self.format_updated_cli_field(fafter, fbefore, 'interface', add_comma=(values))\n values += self.format_updated_cli_field(self.obj, before, 'floating', add_comma=(values))\n values += self.format_updated_cli_field(self.obj, before, 'direction', add_comma=(values))\n values += self.format_updated_cli_field(self.obj, before, 'ipprotocol', add_comma=(values))\n values += self.format_updated_cli_field(self.obj, before, 'tcpflags_any', fvalue=self.fvalue_bool, add_comma=(values))\n values += self.format_updated_cli_field(self.obj, before, 'statetype', add_comma=(values))\n values += self.format_updated_cli_field(self.params, before, 'action', add_comma=(values))\n values += self.format_updated_cli_field(self.obj, before, 'disabled', fvalue=self.fvalue_bool, add_comma=(values))\n values += self.format_updated_cli_field(self.obj, before, 'log', fvalue=self.fvalue_bool, add_comma=(values))\n if self._position_changed:\n values += self.format_updated_cli_field(fafter, {}, 'after', log_none=False, add_comma=(values))\n values += self.format_updated_cli_field(fafter, {}, 'before', log_none=False, add_comma=(values))\n values += self.format_updated_cli_field(self.obj, before, 'defaultqueue', fname='queue', add_comma=(values))\n values += self.format_updated_cli_field(self.obj, before, 'ackqueue', add_comma=(values))\n values += self.format_updated_cli_field(self.obj, before, 'dnpipe', fname='in_queue', add_comma=(values))\n values += self.format_updated_cli_field(self.obj, before, 'pdnpipe', fname='out_queue', add_comma=(values))\n values += self.format_updated_cli_field(self.obj, before, 'gateway', add_comma=(values))\n values += self.format_updated_cli_field(self.obj, before, 'tracker', add_comma=(values))\n values += self.format_updated_cli_field(self.obj, before, 'sched', add_comma=(values))\n values += self.format_updated_cli_field(self.obj, before, 'quick', fvalue=self.fvalue_bool, add_comma=(values))\n return values\n\n def _obj_address_to_log_field(self, rule, addr):\n \"\"\" return formated address from dict \"\"\"\n field = ''\n field_port = ''\n if isinstance(rule[addr], dict):\n if 'not' in rule[addr]:\n field += '!'\n if 'any' in rule[addr]:\n field += 'any'\n if 'address' in rule[addr]:\n field += rule[addr]['address']\n elif 'network' in rule[addr]:\n interface = None\n if rule[addr]['network'].endswith('ip'):\n interface = self.pfsense.get_interface_display_name(rule[addr]['network'][:-2], return_none=True)\n\n if interface is None:\n field += 'NET:' + self.pfsense.get_interface_display_name(rule[addr]['network'])\n else:\n field += 'IP:' + interface\n\n if 'port' in rule[addr]:\n field_port += rule[addr]['port']\n else:\n if rule[addr].startswith('NET:'):\n field = 'NET:' + self.pfsense.get_interface_display_name(rule[addr][4:])\n elif rule[addr].startswith('IP:'):\n field = 'IP:' + self.pfsense.get_interface_display_name(rule[addr][3:])\n else:\n field = rule[addr]\n field_port = rule[addr + '_port']\n return field, field_port\n\n def _obj_to_log_fields(self, rule):\n \"\"\" return formated source and destination from dict \"\"\"\n res = {}\n res['source'], res['source_port'] = self._obj_address_to_log_field(rule, 'source')\n res['destination'], res['destination_port'] = self._obj_address_to_log_field(rule, 'destination')\n res['interface'] = ','.join([self.pfsense.get_interface_display_name(interface) for interface in rule['interface'].split(',')])\n return res\n"
},
{
"path": "plugins/module_utils/rule_separator.py",
"content": "# -*- coding: utf-8 -*-\n\n# Copyright: (c) 2018, Orion Poplawski \n# Copyright: (c) 2018, Frederic Bor \n# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)\n\nfrom __future__ import absolute_import, division, print_function\n__metaclass__ = type\nfrom ansible_collections.pfsensible.core.plugins.module_utils.module_base import PFSenseModuleBase\n\nRULE_SEPARATOR_ARGUMENT_SPEC = dict(\n name=dict(required=True, type='str'),\n state=dict(default='present', choices=['present', 'absent']),\n interface=dict(required=False, type='str'),\n floating=dict(required=False, type='bool'),\n color=dict(default='info', required=False, choices=['info', 'warning', 'danger', 'success']),\n after=dict(default=None, required=False, type='str'),\n before=dict(default=None, required=False, type='str'),\n)\n\nRULE_SEPARATOR_REQUIRED_ONE_OF = [['interface', 'floating']]\nRULE_SEPARATOR_MUTUALLY_EXCLUSIVE = [['interface', 'floating']]\n\n\nclass PFSenseRuleSeparatorModule(PFSenseModuleBase):\n \"\"\" module managing pfsense rule separators \"\"\"\n\n @staticmethod\n def get_argument_spec():\n \"\"\" return argument spec \"\"\"\n return RULE_SEPARATOR_ARGUMENT_SPEC\n\n ##############################\n # init\n #\n def __init__(self, module, pfsense=None):\n super(PFSenseRuleSeparatorModule, self).__init__(module, pfsense)\n self.name = \"pfsense_rule_separator\"\n # Override for use with aggregate\n self.argument_spec = RULE_SEPARATOR_ARGUMENT_SPEC\n self.root_elt = None\n self.obj = dict()\n\n self.separators = self.pfsense.rules.find('separator')\n if self.separators is None:\n self.separators = self.pfsense.new_element('separator')\n self.pfsense.rules.append(self.separators)\n\n self._interface_name = None\n self._floating = None\n self._after = None\n self._before = None\n\n ##############################\n # params processing\n #\n def _params_to_obj(self):\n \"\"\" return an separator dict from module params \"\"\"\n params = self.params\n\n self._floating = (params.get('floating'))\n self._after = params.get('after')\n self._before = params.get('before')\n\n obj = dict()\n self.obj = obj\n obj['text'] = params['name']\n if params.get('floating'):\n self._interface_name = 'floating'\n obj['if'] = 'floatingrules'\n else:\n self._interface_name = params['interface'].lower()\n obj['if'] = self.pfsense.parse_interface(params['interface']).lower()\n\n if params['state'] == 'present':\n obj['color'] = 'bg-' + params['color']\n obj['row'] = 'fr' + str(self._get_expected_separator_position())\n\n self.root_elt = self.separators.find(obj['if'])\n if self.root_elt is None:\n self.root_elt = self.pfsense.new_element(obj['if'])\n self.separators.append(self.root_elt)\n\n return obj\n\n ##############################\n # XML processing\n #\n def _create_target(self):\n \"\"\" create the XML target_elt \"\"\"\n return self.pfsense.new_element('sep')\n\n def _copy_and_add_target(self):\n \"\"\" create the XML target_elt \"\"\"\n self.pfsense.copy_dict_to_element(self.obj, self.target_elt)\n self.root_elt.append(self.target_elt)\n self._recompute_separators_tag()\n\n def _find_target(self):\n \"\"\" find the XML target_elt \"\"\"\n if_elt = self.separators.find(self.obj['if'])\n if if_elt is not None:\n for separator_elt in if_elt:\n if separator_elt.find('text').text == self.obj['text']:\n return separator_elt\n return None\n\n def _get_expected_separator_position(self):\n \"\"\" get expected separator position in interface/floating \"\"\"\n if self._before == 'bottom':\n return self.pfsense.get_interface_rules_count(self.obj['if'], self._floating)\n elif self._after == 'top':\n return 0\n elif self._after is not None:\n return self._get_rule_position(self._after) + 1\n elif self._before is not None:\n return self._get_rule_position(self._before)\n else:\n position = self._get_separator_position()\n if position is not None:\n return position\n return self.pfsense.get_interface_rules_count(self.obj['if'], self._floating)\n return -1\n\n def _get_rule_position(self, descr):\n \"\"\" get rule position in interface/floating \"\"\"\n res = self.pfsense.get_rule_position(descr, self.obj['if'], self._floating)\n if res is None:\n self.module.fail_json(msg='Failed to find rule=%s interface=%s' % (descr, self._interface_name))\n return res\n\n def _get_separator_position(self):\n \"\"\" get separator position in interface/floating \"\"\"\n separator_elt = self._find_target()\n if separator_elt is not None:\n return int(separator_elt.find('row').text.replace('fr', ''))\n return None\n\n def _post_remove_target_elt(self):\n \"\"\" processing after removing elt \"\"\"\n self._recompute_separators_tag()\n\n def _recompute_separators_tag(self):\n \"\"\" recompute separators tag name \"\"\"\n if_elt = self.separators.find(self.obj['if'])\n if if_elt is not None:\n i = 0\n for separator_elt in if_elt:\n name = 'sep' + str(i)\n if separator_elt.tag != name:\n separator_elt.tag = name\n i += 1\n\n ##############################\n # run\n #\n def _update(self):\n \"\"\" make the target pfsense reload separators \"\"\"\n return self.pfsense.phpshell('''require_once(\"filter.inc\");\nif (filter_configure() == 0) { clear_subsystem_dirty('filter'); }''')\n\n ##############################\n # Logging\n #\n def _get_obj_name(self):\n \"\"\" return obj's name \"\"\"\n return \"'{0}' on '{1}'\".format(self.obj['text'], self._interface_name)\n\n def _log_fields(self, before=None):\n \"\"\" generate pseudo-CLI command fields parameters to create an obj \"\"\"\n values = ''\n if before is None:\n values += self.format_cli_field(self.params, 'color')\n values += self.format_cli_field(self.params, 'after')\n values += self.format_cli_field(self.params, 'before')\n else:\n values += self.format_cli_field(self.params, 'color', add_comma=(values))\n values += self.format_cli_field(self.params, 'after', add_comma=(values))\n values += self.format_cli_field(self.params, 'before', add_comma=(values))\n return values\n"
},
{
"path": "plugins/module_utils/vlan.py",
"content": "# -*- coding: utf-8 -*-\n\n# Copyright: (c) 2018, Frederic Bor \n# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)\n\nfrom __future__ import absolute_import, division, print_function\n__metaclass__ = type\nfrom ansible_collections.pfsensible.core.plugins.module_utils.module_base import PFSenseModuleBase\n\nVLAN_ARGUMENT_SPEC = dict(\n state=dict(default='present', choices=['present', 'absent']),\n interface=dict(required=True, type='str'),\n vlan_id=dict(required=True, type='int'),\n priority=dict(default=None, required=False, type='int'),\n descr=dict(default='', type='str'),\n)\n\n\nclass PFSenseVlanModule(PFSenseModuleBase):\n \"\"\" module managing pfsense vlans \"\"\"\n\n @staticmethod\n def get_argument_spec():\n \"\"\" return argument spec \"\"\"\n return VLAN_ARGUMENT_SPEC\n\n ##############################\n # init\n #\n def __init__(self, module, pfsense=None):\n super(PFSenseVlanModule, self).__init__(module, pfsense)\n self.name = \"pfsense_vlan\"\n # Override for use with aggregate\n self.argument_spec = VLAN_ARGUMENT_SPEC\n self.root_elt = self.pfsense.get_element('vlans')\n self.obj = dict()\n\n if self.root_elt is None:\n self.root_elt = self.pfsense.new_element('vlans')\n self.pfsense.root.append(self.root_elt)\n\n self.setup_vlan_cmds = \"\"\n\n # get physical interfaces on which vlans can be set\n get_interface_cmd = (\n 'require_once(\"/etc/inc/interfaces.inc\");'\n '$portlist = get_interface_list();'\n '$lagglist = get_lagg_interface_list();'\n '$portlist = array_merge($portlist, $lagglist);'\n 'foreach ($lagglist as $laggif => $lagg) {'\n \" $laggmembers = explode(',', $lagg['members']);\"\n ' foreach ($laggmembers as $lagm)'\n ' if (isset($portlist[$lagm]))'\n ' unset($portlist[$lagm]);'\n '}')\n\n if self.pfsense.is_at_least_2_5_0():\n get_interface_cmd += (\n '$list = array();'\n 'foreach ($portlist as $ifn => $ifinfo) {'\n ' $list[$ifn] = $ifn . \" (\" . $ifinfo[\"mac\"] . \")\";'\n ' $iface = convert_real_interface_to_friendly_interface_name($ifn);'\n ' if (isset($iface) && strlen($iface) > 0)'\n ' $list[$ifn] .= \" - $iface\";'\n '}'\n 'echo json_encode($list);')\n else:\n get_interface_cmd += (\n '$list = array();'\n 'foreach ($portlist as $ifn => $ifinfo)'\n ' if (is_jumbo_capable($ifn))'\n ' array_push($list, $ifn);'\n 'echo json_encode($list);')\n\n self.interfaces = self.pfsense.php(get_interface_cmd)\n\n ##############################\n # params processing\n #\n def _params_to_obj(self):\n \"\"\" return a dict from module params \"\"\"\n params = self.params\n\n obj = dict()\n\n obj['tag'] = str(params['vlan_id'])\n if params['interface'] not in self.interfaces:\n obj['if'] = self.pfsense.get_interface_port_by_display_name(params['interface'])\n if obj['if'] is None:\n obj['if'] = self.pfsense.get_interface_port(params['interface'])\n else:\n obj['if'] = params['interface']\n\n if params['state'] == 'present':\n if params['priority'] is not None:\n obj['pcp'] = str(params['priority'])\n else:\n obj['pcp'] = ''\n\n obj['descr'] = params['descr']\n obj['vlanif'] = '{0}.{1}'.format(obj['if'], obj['tag'])\n\n return obj\n\n def _validate_params(self):\n \"\"\" do some extra checks on input parameters \"\"\"\n params = self.params\n\n # check interface\n if params['interface'] not in self.interfaces:\n # check with assign or friendly name\n interface = self.pfsense.get_interface_port_by_display_name(params['interface'])\n if interface is None:\n interface = self.pfsense.get_interface_port(params['interface'])\n\n if interface is None or interface not in self.interfaces:\n self.module.fail_json(msg='Vlans can\\'t be set on interface {0}'.format(params['interface']))\n\n # check vlan\n if params['vlan_id'] < 1 or params['vlan_id'] > 4094:\n self.module.fail_json(msg='vlan_id must be between 1 and 4094 on interface {0}'.format(params['interface']))\n\n # check priority\n if params.get('priority') is not None and (params['priority'] < 0 or params['priority'] > 7):\n self.module.fail_json(msg='priority must be between 0 and 7 on interface {0}'.format(params['interface']))\n\n ##############################\n # XML processing\n #\n def _cmd_create(self):\n \"\"\" return the php shell to create the vlan's interface \"\"\"\n cmd = \"$vlan = array();\\n\"\n cmd += \"$vlan['if'] = '{0}';\\n\".format(self.obj['if'])\n cmd += \"$vlan['tag'] = '{0}';\\n\".format(self.obj['tag'])\n cmd += \"$vlan['pcp'] = '{0}';\\n\".format(self.obj['pcp'])\n cmd += \"$vlan['descr'] = '{0}';\\n\".format(self.obj['descr'])\n cmd += \"$vlan['vlanif'] = '{0}';\\n\".format(self.obj['vlanif'])\n cmd += \"$vlanif = interface_vlan_configure($vlan);\\n\"\n\n cmd += \"if ($vlanif == NULL || $vlanif != $vlan['vlanif']) {pfSense_interface_destroy('%s');} else {\\n\" % (self.obj['vlanif'])\n\n # if vlan is assigned to an interface, configuration needs to be applied again\n interface = self.pfsense.get_interface_by_port('{0}.{1}'.format(self.obj['if'], self.obj['tag']))\n if interface is not None:\n cmd += \"interface_configure('{0}', true);\\n\".format(interface)\n\n cmd += '}\\n'\n\n return cmd\n\n def _copy_and_add_target(self):\n \"\"\" create the XML target_elt \"\"\"\n super(PFSenseVlanModule, self)._copy_and_add_target()\n self.setup_vlan_cmds += self._cmd_create()\n\n def _copy_and_update_target(self):\n \"\"\" update the XML target_elt \"\"\"\n old_vlanif = self.target_elt.find('vlanif').text\n (before, changed) = super(PFSenseVlanModule, self)._copy_and_update_target()\n if changed:\n self.setup_vlan_cmds += \"pfSense_interface_destroy('{0}');\\n\".format(old_vlanif)\n self.setup_vlan_cmds += self._cmd_create()\n\n return (before, changed)\n\n def _create_target(self):\n \"\"\" create the XML target_elt \"\"\"\n return self.pfsense.new_element('vlan')\n\n def _find_target(self):\n \"\"\" find the XML target_elt \"\"\"\n return self.pfsense.find_vlan(self.obj['if'], self.obj['tag'])\n\n def _pre_remove_target_elt(self):\n \"\"\" processing before removing elt \"\"\"\n if self.pfsense.get_interface_by_port('{0}.{1}'.format(self.obj['if'], self.obj['tag'])) is not None:\n self.module.fail_json(\n msg='vlan {0} on {1} cannot be deleted because it is still being used as an interface'.format(self.obj['tag'], self.obj['if'])\n )\n self.setup_vlan_cmds += \"pfSense_interface_destroy('{0}');\\n\".format(self.target_elt.find('vlanif').text)\n\n ##############################\n # run\n #\n def get_update_cmds(self):\n \"\"\" build and return php commands to setup interfaces \"\"\"\n cmd = 'require_once(\"filter.inc\");\\n'\n if self.setup_vlan_cmds != \"\":\n cmd += 'require_once(\"interfaces.inc\");\\n'\n cmd += self.setup_vlan_cmds\n cmd += \"if (filter_configure() == 0) { clear_subsystem_dirty('filter'); }\"\n return cmd\n\n def _update(self):\n \"\"\" make the target pfsense reload \"\"\"\n return self.pfsense.phpshell(self.get_update_cmds())\n\n ##############################\n # Logging\n #\n def _get_obj_name(self):\n \"\"\" return obj's name \"\"\"\n return \"'{0}.{1}'\".format(self.obj['if'], self.obj['tag'])\n\n def _log_fields(self, before=None):\n \"\"\" generate pseudo-CLI command fields parameters to create an obj \"\"\"\n values = ''\n if before is None:\n values += self.format_cli_field(self.obj, 'descr')\n values += self.format_cli_field(self.obj, 'pcp', fname='priority')\n else:\n values += self.format_updated_cli_field(self.obj, before, 'pcp', add_comma=(values), fname='priority')\n values += self.format_updated_cli_field(self.obj, before, 'descr', add_comma=(values))\n return values\n"
},
{
"path": "plugins/modules/pfsense_aggregate.py",
"content": "#!/usr/bin/python\n# -*- coding: utf-8 -*-\n\n# Copyright: (c) 2018, Frederic Bor \n# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)\n\nfrom __future__ import absolute_import, division, print_function\n__metaclass__ = type\n\nANSIBLE_METADATA = {'metadata_version': '1.1',\n 'status': ['preview'],\n 'supported_by': 'community'}\n\nDOCUMENTATION = \"\"\"\n---\nmodule: pfsense_aggregate\nversion_added: 0.1.0\nauthor: Frederic Bor (@f-bor)\nshort_description: Manage multiple pfSense firewall aliases, rules, and rule separators, plus interfaces and VLANs\ndescription:\n - Manage multiple pfSense firewall aliases, rules, and rule separators, plus interfaces and VLANs\nnotes:\n - aggregated_* use the same options definitions than pfsense corresponding module\noptions:\n aggregated_aliases:\n description: Dict of aliases to apply on the target\n required: False\n type: list\n elements: dict\n suboptions:\n name:\n description: The name of the alias\n required: true\n type: str\n state:\n description: State in which to leave the alias\n choices: [ \"present\", \"absent\" ]\n default: present\n type: str\n type:\n description: The type of the alias\n choices: [ \"host\", \"network\", \"port\", \"urltable\", \"urltable_ports\" ]\n type: str\n address:\n description: The address of the alias for `host`, `network` or `port` types. Use a space separator for multiple values\n default: null\n type: str\n url:\n description: The URL of the alias for `urltable` or `urltable_ports` types. Use a space separator for multiple values\n default: null\n type: str\n descr:\n description: The description of the alias\n default: null\n type: str\n detail:\n description: The descriptions of the items. Use || separator between items\n default: null\n type: str\n updatefreq:\n description: Update frequency in days for urltable\n default: null\n type: int\n aggregated_interfaces:\n description: Dict of interfaces to apply on the target\n required: False\n type: list\n elements: dict\n suboptions:\n state:\n description: State in which to leave the interface.\n choices: [ \"present\", \"absent\" ]\n default: present\n type: str\n descr:\n description: Description (name) for the interface.\n required: true\n type: str\n interface:\n description: Network port to which assign the interface.\n type: str\n interface_descr:\n description: Network port descr to which assign the interface.\n type: str\n enable:\n description: Enable interface.\n default: no\n type: bool\n ipv4_type:\n description: IPv4 Configuration Type.\n choices: [ \"none\", \"static\", \"dhcp\" ]\n default: 'none'\n type: str\n ipv6_type:\n description: IPv4 Configuration Type.\n choices: [ \"none\", \"static\", \"slaac\" ]\n default: 'none'\n type: str\n mac:\n description: Used to modify (\"spoof\") the MAC address of this interface.\n required: false\n type: str\n mtu:\n description: Maximum transmission unit\n required: false\n type: int\n mss:\n description: MSS clamping for TCP connections.\n required: false\n type: int\n speed_duplex:\n description: Set speed and duplex mode for this interface.\n required: false\n default: autoselect\n type: str\n ipv4_address:\n description: IPv4 Address.\n required: false\n type: str\n ipv4_prefixlen:\n description: IPv4 subnet prefix length.\n required: false\n default: 24\n type: int\n ipv4_gateway:\n description: IPv4 gateway for this interface.\n required: false\n type: str\n ipv6_address:\n description: IPv6 Address.\n required: false\n type: str\n ipv6_prefixlen:\n description: IPv6 subnet prefix length.\n required: false\n default: 128\n type: int\n ipv6_gateway:\n description: IPv6 gateway for this interface.\n required: false\n type: str\n blockpriv:\n description: Blocks traffic from IP addresses that are reserved for private networks.\n required: false\n type: bool\n blockbogons:\n description: Blocks traffic from reserved IP addresses (but not RFC 1918) or not yet assigned by IANA.\n required: false\n type: bool\n slaacusev4iface:\n description: IPv6 will use the IPv4 connectivity link (PPPoE). Only used when ipv6_type is slaac.\n required: false\n type: bool\n version_added: 0.6.2\n aggregated_nat_outbounds:\n description: Dict of nat_outbound rules to apply on the target\n required: False\n type: list\n elements: dict\n suboptions:\n descr:\n description: The name of the nat rule\n required: true\n default: null\n type: str\n disabled:\n description: Is the rule disabled\n default: false\n type: bool\n nonat:\n description: This option will disable NAT for traffic matching this rule and stop processing Outbound NAT rules\n default: false\n type: bool\n interface:\n description: The interface for the rule\n required: false\n type: str\n ipprotocol:\n description: The Internet Protocol version this rule applies to.\n default: inet46\n choices: [ \"inet\", \"inet46\", \"inet6\" ]\n type: str\n protocol:\n description: Which protocol this rule should match.\n default: any\n choices: [ \"any\", \"tcp\", \"udp\", \"tcp/udp\", \"icmp\", \"esp\", \"ah\", \"gre\", \"ipv6\", \"igmp\", \"carp\", \"pfsync\" ]\n type: str\n source:\n description: The matching source address, in {any,(self),ALIAS,NETWORK}[:port] format.\n required: false\n default: null\n type: str\n destination:\n description: The matching destination address, in {any,ALIAS,NETWORK}[:port] format.\n required: false\n default: null\n type: str\n invert:\n description: Invert the sense of the destination match.\n default: false\n type: bool\n address:\n description: The translated to address, in {ALIAS,NETWORK}[:port] format. Leave address part empty to use interface address.\n required: false\n default: null\n type: str\n poolopts:\n description: When an address pool is used, there are several options available that control how NAT translations happen on the pool.\n default: \"\"\n choices: [ \"\", \"round-robin\", \"round-robin sticky-address\", \"random\", \"random sticky-address\", \"source-hash\", \"bitmask\" ]\n type: str\n source_hash_key:\n description: >\n The key that is fed to the hashing algorithm in hex format, preceeded by \"0x\", or any string.\n A non-hex string is hashed using md5 to a hexadecimal key. Defaults to a randomly generated value.\n required: false\n default: ''\n type: str\n staticnatport:\n description: Do not randomize source port\n default: false\n type: bool\n nosync:\n description: >\n Prevents the rule on Master from automatically syncing to other CARP members.\n This does NOT prevent the rule from being overwritten on Slave.\n default: false\n type: bool\n state:\n description: State in which to leave the rule\n default: present\n choices: [ \"present\", \"absent\" ]\n type: str\n after:\n description: Rule to go after, or \"top\"\n type: str\n before:\n description: Rule to go before, or \"bottom\"\n type: str\n aggregated_nat_port_forwards:\n description: Dict of nat_port_forward rules to apply on the target\n required: False\n type: list\n elements: dict\n suboptions:\n descr:\n description: The name of the nat rule\n required: true\n default: null\n type: str\n disabled:\n description: Is the rule disabled\n default: false\n type: bool\n nordr:\n description: Disable redirection for traffic matching this rule\n default: false\n type: bool\n interface:\n description: The interface for the rule\n required: false\n type: str\n ipprotocol:\n description: The IP protocol\n default: inet\n choices: [ \"inet\", \"inet6\" ]\n type: str\n protocol:\n description: Which protocol this rule should match.\n default: tcp\n choices: [ \"tcp\", \"udp\", \"tcp/udp\", \"icmp\", \"esp\", \"ah\", \"gre\", \"ipv6\", \"igmp\", \"pim\", \"ospf\" ]\n type: str\n source:\n description: The source address, in [!]{IP,HOST,ALIAS,any,IP:INTERFACE,NET:INTERFACE}[:port] format.\n default: null\n type: str\n destination:\n description: The destination address, in [!]{IP,HOST,ALIAS,any,IP:INTERFACE,NET:INTERFACE}[:port] format.\n default: null\n type: str\n target:\n description: The translated to address, in {ALIAS,IP}[:port] format.\n required: false\n default: null\n type: str\n natreflection:\n description: Allows NAT reflection to be enabled or disabled on a per-port forward basis.\n default: system-default\n choices: [ \"system-default\", \"enable\", \"purenat\", \"disable\" ]\n type: str\n associated_rule:\n description: >\n Choose one of Add an associated filter rule gets updated when the port forward is updated,\n or Add an unassociated filter rule, or pass which passes all traffic that matches the entry without having a firewall rule at all.\n default: associated\n choices: [ \"associated\", \"unassociated\", \"pass\", \"none\" ]\n type: str\n nosync:\n description: >\n Prevents the rule on Master from automatically syncing to other CARP members.\n This does NOT prevent the rule from being overwritten on Slave.\n default: false\n type: bool\n state:\n description: State in which to leave the rule\n default: present\n choices: [ \"present\", \"absent\" ]\n type: str\n after:\n description: Rule to go after, or \"top\"\n type: str\n before:\n description: Rule to go before, or \"bottom\"\n type: str\n aggregated_rules:\n description: Dict of rules to apply on the target\n required: False\n type: list\n elements: dict\n suboptions:\n name:\n description: The name the rule\n required: true\n default: null\n type: str\n action:\n description: The action of the rule\n default: pass\n choices: [ 'pass', 'block', 'match', 'reject' ]\n type: str\n state:\n description: State in which to leave the rule\n default: present\n choices: [ \"present\", \"absent\" ]\n type: str\n disabled:\n description: Is the rule disabled\n default: false\n type: bool\n interface:\n description: The interface for the rule\n required: true\n type: str\n floating:\n description: Is the rule floating\n type: bool\n direction:\n description: Direction floating rule applies to\n choices: [ \"any\", \"in\", \"out\" ]\n type: str\n ipprotocol:\n description: The IP protocol\n default: inet\n choices: [ \"inet\", \"inet46\", \"inet6\" ]\n type: str\n protocol:\n description: The protocol\n default: any\n choices: [ 'any', 'tcp', 'udp', 'tcp/udp', 'icmp', 'igmp', 'ospf', 'esp', 'ah', 'gre', 'pim', 'sctp', 'pfsync', 'carp' ]\n type: str\n source:\n description: The source address, in [!]{IP,HOST,ALIAS,any,(self),IP:INTERFACE,NET:INTERFACE} format.\n default: null\n type: str\n source_port:\n description:\n - Source port or port range specification.\n - This can either be a alias or a port number.\n - An inclusive range can also be specified, using the format C(first-last)..\n default: null\n type: str\n destination:\n description: The destination address, in [!]{IP,HOST,ALIAS,any,(self),IP:INTERFACE,NET:INTERFACE} format.\n default: null\n type: str\n destination_port:\n description:\n - Destination port or port range specification.\n - This can either be a alias or a port number.\n - An inclusive range can also be specified, using the format C(first-last)..\n default: null\n type: str\n log:\n description: Log packets matched by rule\n type: bool\n after:\n description: Rule to go after, or C(top)\n type: str\n before:\n description: Rule to go before, or C(bottom)\n type: str\n tcpflags_any:\n description: Allow TCP packets with any flags set.\n type: bool\n statetype:\n description: State type\n default: keep state\n choices: [\"keep state\", \"sloppy state\", \"synproxy state\", \"none\"]\n type: str\n queue:\n description: QOS default queue\n type: str\n ackqueue:\n description: QOS acknowledge queue\n type: str\n in_queue:\n description: Limiter queue for traffic coming into the chosen interface\n type: str\n out_queue:\n description: Limiter queue for traffic leaving the chosen interface\n type: str\n queue_error:\n description: Raise an error if a specified queue is missing\n type: bool\n default: True\n gateway:\n description: Leave as C(default) to use the system routing table or choose a gateway to utilize policy based routing.\n type: str\n default: default\n tracker:\n description: Rule tracking ID. Defaults to timestamp of rule creation.\n type: str\n icmptype:\n description:\n - One or more of these ICMP subtypes may be specified, separated by comma, or C(any) for all of them.\n - The types must match ip protocol.\n - althost, dataconv, echorep, echoreq, fqdnrep, fqdnreq, groupqry, grouprep, groupterm, inforep, inforeq, ipv6-here,\n - ipv6-where, listendone, listenrep, listqry, maskrep, maskreq, mobredir, mobregrep, mobregreq, mtrace, mtraceresp,\n - neighbradv, neighbrsol, niqry, nirep, paramprob, photuris, redir, routeradv, routersol, routrrenum, skip, squench,\n - timerep, timereq, timex, toobig, trace, unreach, wrurep, wrureq\n default: any\n type: str\n sched:\n description: Schedule day/time when the rule must be active\n required: False\n type: str\n quick:\n description: Set this option to apply this action to traffic that matches this rule immediately\n type: bool\n default: False\n aggregated_rule_separators:\n description: Dict of rule separators to apply on the target\n required: False\n type: list\n elements: dict\n suboptions:\n name:\n description: The name of the separator\n required: true\n type: str\n state:\n description: State in which to leave the separator\n choices: [ \"present\", \"absent\" ]\n default: present\n type: str\n interface:\n description: The interface for the separator\n type: str\n floating:\n description: Is the rule on floating tab\n type: bool\n after:\n description: Rule to go after, or \"top\"\n type: str\n before:\n description: Rule to go before, or \"bottom\"\n type: str\n color:\n description: The separator's color\n default: info\n choices: [ 'info', 'warning', 'danger', 'success' ]\n type: str\n aggregated_vlans:\n description: Dict of VLANs to apply on the target\n required: False\n type: list\n elements: dict\n suboptions:\n vlan_id:\n description: The VLAN tag. Must be between 1 and 4094.\n required: true\n type: int\n interface:\n description: The interface on which to declare the VLAN. Friendly name (assignments) can be used.\n required: true\n type: str\n priority:\n description: 802.1Q VLAN Priority code point. Must be between 0 and 7.\n required: false\n type: int\n descr:\n description: The description of the VLAN\n default: ''\n type: str\n state:\n description: State in which to leave the VLAN\n choices: [ \"present\", \"absent\" ]\n default: present\n type: str\n order_rules:\n description: rules will be generated following the playbook order\n required: False\n default: False\n type: bool\n purge_aliases:\n description: delete all the aliases that are not defined into aggregated_aliases\n required: False\n default: False\n type: bool\n purge_interfaces:\n description: delete all the interfaces that are not defined into aggregated_interfaces\n required: False\n default: False\n type: bool\n purge_nat_outbounds:\n description: delete all the nat_outbound rules that are not defined into aggregated_nat_outbounds\n required: False\n default: False\n type: bool\n purge_nat_port_forwards:\n description: delete all the nat_port_forward rules that are not defined into aggregated_nat_port_forwards\n required: False\n default: False\n type: bool\n purge_rules:\n description: delete all the rules that are not defined into aggregated_rules\n required: False\n default: False\n type: bool\n purge_rule_separators:\n description: delete all the rule separators that are not defined into aggregated_rule_separators\n required: False\n default: False\n type: bool\n purge_vlans:\n description: delete all the VLANs that are not defined into aggregated_vlans\n required: False\n default: False\n type: bool\n interface_filter:\n description: only apply rules and rules separators on those interfaces (separated by space)\n required: False\n type: str\n ignored_aliases:\n description: aliases that will be ignored (won't be auto deleted)\n required: False\n default: []\n type: list\n elements: str\n ignored_rules:\n description: rules that will be ignored (won't be auto deleted)\n required: False\n default: []\n type: list\n elements: str\n\"\"\"\n\nEXAMPLES = \"\"\"\n- name: \"Setup two VLANs, three aliases, six rules, four separators, and delete everything else\"\n pfsense_aggregate:\n purge_aliases: true\n purge_rules: true\n purge_rule_separators: true\n purge_vlans: true\n aggregated_aliases:\n - { name: port_ssh, type: port, address: 22, state: present }\n - { name: port_http, type: port, address: 80, state: present }\n - { name: port_https, type: port, address: 443, state: present }\n aggregated_rules:\n - { name: \"allow_all_ssh\", source: any, destination: \"any:port_ssh\", protocol: tcp, interface: lan, state: present }\n - { name: \"allow_all_http\", source: any, destination: \"any:port_http\", protocol: tcp, interface: lan, state: present }\n - { name: \"allow_all_https\", source: any, destination: \"any:port_https\", protocol: tcp, interface: lan, state: present }\n - { name: \"allow_all_ssh\", source: any, destination: \"any:port_ssh\", protocol: tcp, interface: wan, state: present }\n - { name: \"allow_all_http\", source: any, destination: \"any:port_http\", protocol: tcp, interface: wan, state: present }\n - { name: \"allow_all_https\", source: any, destination: \"any:port_https\", protocol: tcp, interface: wan, state: present }\n aggregated_rule_separators:\n - { name: \"SSH\", interface: lan, state: present, before: allow_all_ssh }\n - { name: \"HTTP\", interface: lan, state: present, before: allow_all_http }\n - { name: \"SSH\", interface: wan, state: present, before: allow_all_ssh }\n - { name: \"HTTP\", interface: wan, state: present, before: allow_all_http }\n aggregated_vlans:\n - { descr: voice, vlan_id: 100, interface: mvneta0, state: present }\n - { descr: video, vlan_id: 200, interface: mvneta0, state: present }\n\"\"\"\n\nRETURN = \"\"\"\nresult_aliases:\n description: the set of aliases commands that would be pushed to the remote device (if pfSense had a CLI)\n returned: success\n type: list\n sample: [\"create alias 'adservers', type='host', address='10.0.0.1 10.0.0.2'\", \"update alias 'one_host' set address='10.9.8.7'\", \"delete alias 'one_alias'\"]\nresult_interfaces:\n description: the set of interfaces commands that would be pushed to the remote device (if pfSense had a CLI)\n returned: success\n type: list\n sample: [\"create interface 'VOICE', port='mvneta1.100'\", \"create interface 'VIDEO', port='mvneta1.200'\"]\nresult_nat_oubounds:\n description: the set of nat outbounds commands that would be pushed to the remote device (if pfSense had a CLI)\n returned: success\n type: list\n sample: [\"create nat_outbound 'NAT outbound traffic', interface='wan', source='any', destination='any'\", \"delete nat_outbound 'NAT outbound traffic'\"]\nresult_nat_port_forwards:\n description: the set of nat port forwards commands that would be pushed to the remote device (if pfSense had a CLI)\n returned: success\n type: list\n sample: [\"create nat_port_forward 'ssh', interface='wan', source='any', destination='any:22', target='1.2.3.4:22', associated_rule='pass'\"]\nresult_rules:\n description: the set of rules commands that would be pushed to the remote device (if pfSense had a CLI)\n returned: success\n type: list\n sample:\n - \"create rule 'allow_all_ssh', source='any', destination='any:port_ssh', protocol='tcp', interface='lan'\"\n - \"update rule 'allow_all_http' set destination='any:port_http'\"\n - \"delete rule 'allow_all'\"\nresult_separators:\n description: the set of separators commands that would be pushed to the remote device (if pfSense had a CLI)\n returned: success\n type: list\n sample: [\"create rule_separator 'SSH', interface='lan', color='info'\", \"update rule_separator 'SSH' set color='warning'\", \"delete rule_separator 'SSH'\"]\nresult_vlans:\n description: the set of commands that would be pushed to the remote device (if pfSense had a CLI)\n returned: success\n type: list\n sample: [\"create vlan 'mvneta.100', descr='voice', priority='5'\", \"update vlan 'mvneta.100', set priority='6'\", \"delete vlan 'mvneta.100'\"]\n\"\"\"\n\nfrom ansible_collections.pfsensible.core.plugins.module_utils.pfsense import PFSenseModule\nfrom ansible_collections.pfsensible.core.plugins.module_utils.alias import PFSenseAliasModule, ALIAS_ARGUMENT_SPEC, ALIAS_MUTUALLY_EXCLUSIVE, ALIAS_REQUIRED_IF\nfrom ansible_collections.pfsensible.core.plugins.module_utils.interface import (\n PFSenseInterfaceModule,\n INTERFACE_ARGUMENT_SPEC,\n INTERFACE_REQUIRED_IF,\n INTERFACE_MUTUALLY_EXCLUSIVE,\n)\nfrom ansible_collections.pfsensible.core.plugins.module_utils.nat_outbound import PFSenseNatOutboundModule, NAT_OUTBOUND_ARGUMENT_SPEC, NAT_OUTBOUND_REQUIRED_IF\nfrom ansible_collections.pfsensible.core.plugins.module_utils.nat_port_forward import (\n PFSenseNatPortForwardModule,\n NAT_PORT_FORWARD_ARGUMENT_SPEC,\n NAT_PORT_FORWARD_REQUIRED_IF\n)\nfrom ansible_collections.pfsensible.core.plugins.module_utils.rule import PFSenseRuleModule, RULE_ARGUMENT_SPEC, RULE_REQUIRED_IF\nfrom ansible_collections.pfsensible.core.plugins.module_utils.rule_separator import (\n PFSenseRuleSeparatorModule,\n RULE_SEPARATOR_ARGUMENT_SPEC,\n RULE_SEPARATOR_REQUIRED_ONE_OF,\n RULE_SEPARATOR_MUTUALLY_EXCLUSIVE,\n)\nfrom ansible_collections.pfsensible.core.plugins.module_utils.vlan import PFSenseVlanModule, VLAN_ARGUMENT_SPEC\n\nfrom ansible.module_utils.basic import AnsibleModule\n\n\nclass PFSenseModuleAggregate(object):\n \"\"\" module managing pfsense aggregated aliases, rules, rule separators, interfaces and VLANs \"\"\"\n\n def __init__(self, module):\n self.module = module\n self.pfsense = PFSenseModule(module)\n self.pfsense_aliases = PFSenseAliasModule(module, self.pfsense)\n self.pfsense_interfaces = PFSenseInterfaceModule(module, self.pfsense)\n self.pfsense_nat_outbounds = PFSenseNatOutboundModule(module, self.pfsense)\n self.pfsense_nat_port_forwards = PFSenseNatPortForwardModule(module, self.pfsense)\n self.pfsense_rules = PFSenseRuleModule(module, self.pfsense)\n self.pfsense_rule_separators = PFSenseRuleSeparatorModule(module, self.pfsense)\n self.pfsense_vlans = PFSenseVlanModule(module, self.pfsense)\n self.defined_rules = dict()\n\n def _update(self):\n run = False\n cmd = 'require_once(\"filter.inc\");\\n'\n # TODO: manage one global list of commands as ordering can be important between modules\n if self.pfsense_vlans.result['changed']:\n run = True\n cmd += self.pfsense_vlans.get_update_cmds()\n\n if self.pfsense_interfaces.result['changed']:\n run = True\n cmd += self.pfsense_interfaces.get_update_cmds()\n\n cmd += 'if (filter_configure() == 0) { \\n'\n if self.pfsense_aliases.result['changed']:\n run = True\n cmd += 'clear_subsystem_dirty(\\'aliases\\');\\n'\n\n if self.pfsense_nat_port_forwards.result['changed'] or self.pfsense_nat_outbounds.result['changed']:\n run = True\n cmd += 'clear_subsystem_dirty(\\'natconf\\');\\n'\n\n if (self.pfsense_rules.result['changed'] or self.pfsense_rule_separators.result['changed'] or\n self.pfsense_nat_port_forwards.result['changed'] or self.pfsense_nat_outbounds.result['changed']):\n run = True\n cmd += 'clear_subsystem_dirty(\\'filter\\');\\n'\n cmd += '}'\n if run:\n return self.pfsense.phpshell(cmd)\n\n return ('', '', '')\n\n def _parse_floating_interfaces(self, interfaces):\n \"\"\" parse interfaces \"\"\"\n res = set()\n for interface in interfaces.split(','):\n parsed = self.pfsense.parse_interface(interface, fail=False)\n if parsed is not None:\n res.add(parsed)\n return res\n\n def want_rule(self, rule_elt, rules, name_field='name'):\n \"\"\" return True if we want to keep rule_elt \"\"\"\n descr = rule_elt.find('descr')\n interface = rule_elt.find('interface')\n floating = rule_elt.find('floating') is not None\n\n # probably not a rule\n if descr is None or interface is None:\n return True\n\n if descr.text in self.module.params['ignored_rules']:\n return True\n\n key = '{0}_{1}'.format(interface.text, floating)\n if key not in self.defined_rules:\n defined_rules = set()\n self.defined_rules[key] = defined_rules\n else:\n defined_rules = self.defined_rules[key]\n # a rule can only exists once on an interface\n if descr.text in defined_rules:\n return False\n\n for rule in rules:\n if rule['state'] == 'absent':\n continue\n if rule[name_field] != descr.text:\n continue\n\n rule_floating = (rule.get('floating') is not None and\n (isinstance(rule['floating'], bool) and\n rule['floating'] or rule['floating'].lower() in ['yes', 'true']))\n if floating != rule_floating:\n continue\n\n if floating:\n defined_rules.add(descr.text)\n return True\n parsed = self.pfsense.parse_interface(rule['interface'], fail=False)\n if parsed is not None and parsed == interface.text:\n defined_rules.add(descr.text)\n return True\n return False\n\n def want_rule_separator(self, separator_elt, rule_separators):\n \"\"\" return True if we want to keep separator_elt \"\"\"\n name = separator_elt.find('text').text\n interface = separator_elt.find('if').text\n\n for separator in rule_separators:\n if separator['state'] == 'absent':\n continue\n if separator['name'] != name:\n continue\n if separator.get('floating'):\n if interface == 'floatingrules':\n return True\n else:\n parsed = self.pfsense.parse_interface(separator['interface'], fail=False)\n if parsed is not None and parsed == interface:\n return True\n return False\n\n def want_alias(self, alias_elt, aliases):\n \"\"\" return True if we want to keep alias_elt \"\"\"\n name = alias_elt.find('name')\n alias_type = alias_elt.find('type')\n\n # probably not an alias\n if name is None or type is None:\n return True\n\n if name.text in self.module.params['ignored_aliases']:\n return True\n\n for alias in aliases:\n if alias['state'] == 'absent':\n continue\n if alias['name'] == name.text and alias['type'] == alias_type.text:\n return True\n return False\n\n @staticmethod\n def want_interface(interface_elt, interfaces):\n \"\"\" return True if we want to keep interface_elt \"\"\"\n descr_elt = interface_elt.find('descr')\n if descr_elt is not None and descr_elt.text:\n name = descr_elt.text\n else:\n name = interface_elt.tag\n\n for interface in interfaces:\n if interface['state'] == 'absent':\n continue\n if interface['descr'] == name:\n return True\n return False\n\n @staticmethod\n def want_vlan(vlan_elt, vlans):\n \"\"\" return True if we want to keep vlan_elt \"\"\"\n tag = int(vlan_elt.find('tag').text)\n interface = vlan_elt.find('if')\n\n for vlan in vlans:\n if vlan['state'] == 'absent':\n continue\n if vlan['vlan_id'] == tag and vlan['interface'] == interface.text:\n return True\n return False\n\n @staticmethod\n def is_filtered(interface_filter, params):\n if interface_filter is None:\n return False\n\n if 'floating' in params:\n if isinstance(params['floating'], str):\n floating = params['floating'].lower()\n else:\n floating = 'true' if params['floating'] else 'false'\n\n if floating != 'false' and floating != 'no':\n return 'floating' not in interface_filter\n\n return params['interface'].lower() not in interface_filter\n\n def run_rules(self):\n \"\"\" process input params to add/update/delete all rules \"\"\"\n\n want = self.module.params['aggregated_rules']\n interface_filter = self.module.params['interface_filter'].lower().split(' ') if self.module.params.get('interface_filter') is not None else None\n\n if want is None:\n return\n\n # delete every other rule if required\n if self.module.params['purge_rules']:\n todel = []\n for rule_elt in self.pfsense_rules.root_elt:\n if not self.want_rule(rule_elt, want):\n params = {}\n params['state'] = 'absent'\n params['name'] = rule_elt.find('descr').text\n\n if rule_elt.find('floating') is not None:\n params['floating'] = True\n interfaces = rule_elt.find('interface').text.split(',')\n params['interface'] = list()\n for interface in interfaces:\n target = self.pfsense.get_interface_display_name(interface, return_none=True)\n if target is not None:\n params['interface'].append(target)\n if not params['interface']:\n continue\n params['interface'] = ','.join(params['interface'])\n else:\n params['interface'] = self.pfsense.get_interface_display_name(rule_elt.find('interface').text, return_none=True)\n\n if params['interface'] is None:\n continue\n\n todel.append(params)\n\n for params in todel:\n if self.is_filtered(interface_filter, params):\n continue\n self.pfsense_rules.run(params)\n\n # generating order if required\n if self.module.params.get('order_rules'):\n last_rules = dict()\n for params in want:\n if params.get('before') is not None or params.get('after') is not None:\n self.module.fail_json(msg=\"You can't use after or before parameters on rules when using order_rules (see {0})\".format(params['name']))\n\n if params.get('state') == 'absent':\n continue\n\n if params.get('floating'):\n key = 'floating'\n else:\n key = params['interface']\n\n # first rule on interface\n if key not in last_rules:\n params['after'] = 'top'\n last_rules[key] = params['name']\n continue\n\n params['after'] = last_rules[key]\n last_rules[key] = params['name']\n\n # processing aggregated parameters\n for params in want:\n if self.is_filtered(interface_filter, params):\n continue\n # Skip rules whose interface doesn't exist on this firewall\n if params.get('state', 'present') != 'absent' and params.get('interface') is not None:\n if params.get('floating'):\n # For floating rules, filter out invalid interfaces from the list\n valid = [i for i in params['interface'].split(',')\n if i == 'any' or self.pfsense.parse_interface(i, fail=False) is not None]\n if not valid:\n continue\n params['interface'] = ','.join(valid)\n else:\n if self.pfsense.parse_interface(params['interface'], fail=False) is None:\n continue\n self.pfsense_rules.run(params)\n\n def run_nat_outbounds_rules(self):\n \"\"\" process input params to add/update/delete all nat_outbound rules \"\"\"\n\n want = self.module.params['aggregated_nat_outbounds']\n interface_filter = self.module.params['interface_filter'].lower().split(' ') if self.module.params.get('interface_filter') is not None else None\n\n if want is None:\n return\n\n # delete every other rule if required\n if self.module.params['purge_nat_outbounds']:\n todel = []\n for rule_elt in self.pfsense_nat_outbounds.root_elt:\n if not self.want_rule(rule_elt, want, name_field='descr'):\n params = {}\n params['state'] = 'absent'\n params['descr'] = rule_elt.find('descr').text\n params['interface'] = self.pfsense.get_interface_display_name(rule_elt.find('interface').text, return_none=True)\n\n if params['interface'] is None:\n continue\n\n todel.append(params)\n\n for params in todel:\n if self.is_filtered(interface_filter, params):\n continue\n self.pfsense_nat_outbounds.run(params)\n\n # processing aggregated parameters\n for params in want:\n if self.is_filtered(interface_filter, params):\n continue\n # Skip rules whose interface doesn't exist on this firewall\n if params.get('state', 'present') != 'absent' and params.get('interface') is not None:\n if self.pfsense.parse_interface(params['interface'], fail=False) is None:\n continue\n self.pfsense_nat_outbounds.run(params)\n\n def run_nat_port_forwards_rules(self):\n \"\"\" process input params to add/update/delete all nat_port_forwards_rule rules \"\"\"\n\n want = self.module.params['aggregated_nat_port_forwards']\n interface_filter = self.module.params['interface_filter'].lower().split(' ') if self.module.params.get('interface_filter') is not None else None\n\n if want is None:\n return\n\n # delete every other rule if required\n if self.module.params['purge_nat_port_forwards']:\n todel = []\n for rule_elt in self.pfsense_nat_port_forwards.root_elt:\n if not self.want_rule(rule_elt, want, name_field='descr'):\n params = {}\n params['state'] = 'absent'\n params['descr'] = rule_elt.find('descr').text\n params['interface'] = self.pfsense.get_interface_display_name(rule_elt.find('interface').text, return_none=True)\n\n if params['interface'] is None:\n continue\n\n todel.append(params)\n\n for params in todel:\n if self.is_filtered(interface_filter, params):\n continue\n self.pfsense_nat_port_forwards.run(params)\n\n # processing aggregated parameters\n for params in want:\n if self.is_filtered(interface_filter, params):\n continue\n # Skip rules whose interface doesn't exist on this firewall\n if params.get('state', 'present') != 'absent' and params.get('interface') is not None:\n if self.pfsense.parse_interface(params['interface'], fail=False) is None:\n continue\n self.pfsense_nat_port_forwards.run(params)\n\n def run_aliases(self):\n \"\"\" process input params to add/update/delete all aliases \"\"\"\n want = self.module.params['aggregated_aliases']\n\n if want is None:\n return\n\n # processing aggregated parameter\n for param in want:\n self.pfsense_aliases.run(param)\n\n # delete every other alias if required\n if self.module.params['purge_aliases']:\n todel = []\n for alias_elt in self.pfsense_aliases.root_elt:\n if not self.want_alias(alias_elt, want):\n params = {}\n params['state'] = 'absent'\n params['name'] = alias_elt.find('name').text\n todel.append(params)\n\n for params in todel:\n self.pfsense_aliases.run(params)\n\n def run_interfaces(self):\n \"\"\" process input params to add/update/delete all interfaces \"\"\"\n want = self.module.params['aggregated_interfaces']\n\n if want is None:\n return\n\n # processing aggregated parameter\n for param in want:\n self.pfsense_interfaces.run(param)\n\n # delete every other if required\n if self.module.params['purge_interfaces']:\n todel = []\n for interface_elt in self.pfsense_interfaces.root_elt:\n if not self.want_interface(interface_elt, want):\n params = {}\n params['state'] = 'absent'\n descr_elt = interface_elt.find('descr')\n if descr_elt is not None and descr_elt.text:\n params['descr'] = descr_elt.text\n todel.append(params)\n\n for params in todel:\n self.pfsense_interfaces.run(params)\n\n def run_rule_separators(self):\n \"\"\" process input params to add/update/delete all separators \"\"\"\n want = self.module.params['aggregated_rule_separators']\n interface_filter = self.module.params['interface_filter'].lower().split(' ') if self.module.params.get('interface_filter') is not None else None\n\n if want is None:\n return\n\n # processing aggregated parameter\n for params in want:\n if self.is_filtered(interface_filter, params):\n continue\n # Skip separators whose interface doesn't exist on this firewall\n if params.get('state', 'present') != 'absent' and params.get('interface') is not None and not params.get('floating'):\n if self.pfsense.parse_interface(params['interface'], fail=False) is None:\n continue\n self.pfsense_rule_separators.run(params)\n\n # delete every other if required\n if self.module.params['purge_rule_separators']:\n todel = []\n for interface_elt in self.pfsense_rule_separators.separators:\n for separator_elt in interface_elt:\n if not self.want_rule_separator(separator_elt, want):\n params = {}\n params['state'] = 'absent'\n params['name'] = separator_elt.find('text').text\n if interface_elt.tag == 'floatingrules':\n params['floating'] = True\n else:\n params['interface'] = self.pfsense.get_interface_display_name(interface_elt.tag, return_none=True)\n if params['interface'] is None:\n continue\n todel.append(params)\n\n for params in todel:\n if self.is_filtered(interface_filter, params):\n continue\n self.pfsense_rule_separators.run(params)\n\n def run_vlans(self):\n \"\"\" process input params to add/update/delete all VLANs \"\"\"\n want = self.module.params['aggregated_vlans']\n\n if want is None:\n return\n\n # processing aggregated parameter\n for param in want:\n self.pfsense_vlans.run(param)\n\n # delete every other if required\n if self.module.params['purge_vlans']:\n todel = []\n for vlan_elt in self.pfsense_vlans.root_elt:\n if not self.want_vlan(vlan_elt, want):\n params = {}\n params['state'] = 'absent'\n params['interface'] = vlan_elt.find('if').text\n params['vlan_id'] = int(vlan_elt.find('tag').text)\n todel.append(params)\n\n for params in todel:\n self.pfsense_vlans.run(params)\n\n def commit_changes(self):\n \"\"\" apply changes and exit module \"\"\"\n stdout = ''\n stderr = ''\n changed = (\n self.pfsense_aliases.result['changed'] or self.pfsense_interfaces.result['changed'] or self.pfsense_nat_outbounds.result['changed']\n or self.pfsense_nat_port_forwards.result['changed'] or self.pfsense_rules.result['changed']\n or self.pfsense_rule_separators.result['changed'] or self.pfsense_vlans.result['changed']\n )\n\n if changed and not self.module.check_mode:\n self.pfsense.write_config(descr='aggregated change')\n (dummy, stdout, stderr) = self._update()\n\n result = {}\n result['result_aliases'] = self.pfsense_aliases.result['commands']\n result['result_interfaces'] = self.pfsense_interfaces.result['commands']\n result['result_nat_outbounds'] = self.pfsense_nat_outbounds.result['commands']\n result['result_nat_port_forwards'] = self.pfsense_nat_port_forwards.result['commands']\n result['result_rules'] = self.pfsense_rules.result['commands']\n result['result_rule_separators'] = self.pfsense_rule_separators.result['commands']\n result['result_vlans'] = self.pfsense_vlans.result['commands']\n result['changed'] = changed\n result['stdout'] = stdout\n result['stderr'] = stderr\n self.module.exit_json(**result)\n\n\ndef main():\n argument_spec = dict(\n aggregated_aliases=dict(\n type='list', elements='dict', options=ALIAS_ARGUMENT_SPEC, mutually_exclusive=ALIAS_MUTUALLY_EXCLUSIVE, required_if=ALIAS_REQUIRED_IF),\n aggregated_interfaces=dict(\n type='list', elements='dict',\n options=INTERFACE_ARGUMENT_SPEC, required_if=INTERFACE_REQUIRED_IF, mutually_exclusive=INTERFACE_MUTUALLY_EXCLUSIVE),\n aggregated_rules=dict(type='list', elements='dict', options=RULE_ARGUMENT_SPEC, required_if=RULE_REQUIRED_IF),\n aggregated_nat_outbounds=dict(type='list', elements='dict', options=NAT_OUTBOUND_ARGUMENT_SPEC, required_if=NAT_OUTBOUND_REQUIRED_IF),\n aggregated_nat_port_forwards=dict(type='list', elements='dict', options=NAT_PORT_FORWARD_ARGUMENT_SPEC, required_if=NAT_PORT_FORWARD_REQUIRED_IF),\n aggregated_rule_separators=dict(\n type='list', elements='dict',\n options=RULE_SEPARATOR_ARGUMENT_SPEC, required_one_of=RULE_SEPARATOR_REQUIRED_ONE_OF, mutually_exclusive=RULE_SEPARATOR_MUTUALLY_EXCLUSIVE),\n aggregated_vlans=dict(type='list', elements='dict', options=VLAN_ARGUMENT_SPEC),\n order_rules=dict(default=False, type='bool'),\n purge_aliases=dict(default=False, type='bool'),\n purge_interfaces=dict(default=False, type='bool'),\n purge_nat_outbounds=dict(default=False, type='bool'),\n purge_nat_port_forwards=dict(default=False, type='bool'),\n purge_rules=dict(default=False, type='bool'),\n purge_rule_separators=dict(default=False, type='bool'),\n purge_vlans=dict(default=False, type='bool'),\n interface_filter=dict(required=False, type='str'),\n ignored_aliases=dict(type='list', elements='str', default=[]),\n ignored_rules=dict(type='list', elements='str', default=[]),\n )\n\n required_one_of = [[\n 'aggregated_aliases',\n 'aggregated_interfaces',\n 'aggregated_nat_outbounds',\n 'aggregated_nat_port_forwards',\n 'aggregated_rules',\n 'aggregated_rule_separators',\n 'aggregated_vlans'\n ]]\n\n module = AnsibleModule(\n argument_spec=argument_spec,\n required_one_of=required_one_of,\n supports_check_mode=True)\n\n pfmodule = PFSenseModuleAggregate(module)\n\n pfmodule.run_vlans()\n pfmodule.run_interfaces()\n\n pfmodule.run_aliases()\n pfmodule.run_nat_outbounds_rules()\n pfmodule.run_nat_port_forwards_rules()\n pfmodule.run_rules()\n pfmodule.run_rule_separators()\n\n pfmodule.commit_changes()\n\n\nif __name__ == '__main__':\n main()\n"
},
{
"path": "plugins/modules/pfsense_alias.py",
"content": "#!/usr/bin/python\n# -*- coding: utf-8 -*-\n\n# Copyright: (c) 2018, Orion Poplawski \n# Copyright: (c) 2018, Frederic Bor \n# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)\n\nfrom __future__ import absolute_import, division, print_function\n__metaclass__ = type\n\nANSIBLE_METADATA = {'metadata_version': '1.1',\n 'status': ['preview'],\n 'supported_by': 'community'}\n\nDOCUMENTATION = \"\"\"\n---\nmodule: pfsense_alias\nversion_added: 0.1.0\nauthor: Orion Poplawski (@opoplawski), Frederic Bor (@f-bor)\nshort_description: Manage pfSense aliases\ndescription:\n - Manage pfSense aliases\nnotes:\noptions:\n name:\n description: The name of the alias\n required: true\n type: str\n state:\n description: State in which to leave the alias\n choices: [ \"present\", \"absent\" ]\n default: present\n type: str\n type:\n description: The type of the alias\n choices: [ \"host\", \"network\", \"port\", \"urltable\", \"urltable_ports\" ]\n type: str\n address:\n description: The address of the alias for `host`, `network` or `port` types. Use a space separator for multiple values\n default: null\n type: str\n url:\n description: The URL of the alias for `urltable` or `urltable_ports` types. Use a space separator for multiple values\n default: null\n type: str\n descr:\n description: The description of the alias\n default: null\n type: str\n detail:\n description: The descriptions of the items. Use || separator between items\n default: null\n type: str\n updatefreq:\n description: Update frequency in days for urltable\n default: null\n type: int\n\"\"\"\n\nEXAMPLES = \"\"\"\n- name: Add adservers alias\n pfsense_alias:\n name: adservers\n address: 10.0.0.1 10.0.0.2\n state: present\n\n- name: Remove adservers alias\n pfsense_alias:\n name: adservers\n state: absent\n\"\"\"\n\nRETURN = \"\"\"\ncommands:\n description: the set of commands that would be pushed to the remote device (if pfSense had a CLI)\n returned: always\n type: list\n sample: [\"create alias 'adservers', type='host', address='10.0.0.1 10.0.0.2'\", \"update alias 'one_host' set address='10.9.8.7'\", \"delete alias 'one_alias'\"]\ndiff:\n description: a pair of dicts, before and after, with alias settings before and after task run\n returned: always\n type: dict\n sample: {}\n\"\"\"\n\nfrom ansible.module_utils.basic import AnsibleModule\nfrom ansible_collections.pfsensible.core.plugins.module_utils.alias import PFSenseAliasModule, ALIAS_ARGUMENT_SPEC, ALIAS_MUTUALLY_EXCLUSIVE, ALIAS_REQUIRED_IF\n\n\ndef main():\n module = AnsibleModule(\n argument_spec=ALIAS_ARGUMENT_SPEC,\n mutually_exclusive=ALIAS_MUTUALLY_EXCLUSIVE,\n required_if=ALIAS_REQUIRED_IF,\n supports_check_mode=True)\n\n pfmodule = PFSenseAliasModule(module)\n pfmodule.run(module.params)\n pfmodule.commit_changes()\n\n\nif __name__ == '__main__':\n main()\n"
},
{
"path": "plugins/modules/pfsense_authserver_ldap.py",
"content": "#!/usr/bin/python\n# -*- coding: utf-8 -*-\n\n# Copyright: (c) 2018-2024, Orion Poplawski \n# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)\n\nfrom __future__ import absolute_import, division, print_function\n__metaclass__ = type\n\nANSIBLE_METADATA = {'metadata_version': '1.1',\n 'status': ['preview'],\n 'supported_by': 'community'}\n\nDOCUMENTATION = \"\"\"\n---\nmodule: pfsense_authserver_ldap\nversion_added: 0.1.0\nshort_description: Manage pfSense LDAP authentication servers\ndescription:\n >\n Manage pfSense LDAP authentication servers\nauthor: Orion Poplawski (@opoplawski)\nnotes:\noptions:\n name:\n description: The name of the authentication server\n required: true\n type: str\n state:\n description: State in which to leave the authentication server\n default: 'present'\n choices: [ \"present\", \"absent\" ]\n type: str\n host:\n description: The hostname or IP address of the authentication server\n required: false\n type: str\n port:\n description: Port to connect to\n default: '389'\n type: str\n transport:\n description: Transport to use\n choices: [ \"tcp\", \"starttls\", \"ssl\" ]\n type: str\n ca:\n description: Certificate Authority\n default: global\n type: str\n protver:\n description: LDAP protocol version\n default: '3'\n choices: [ \"2\", \"3\" ]\n type: str\n timeout:\n description: Server timeout in seconds\n default: '25'\n type: str\n scope:\n description: Search scope\n choices: [ 'one', 'subtree' ]\n type: str\n basedn:\n description: Search base DN\n type: str\n authcn:\n description: Authentication containers added to basedn\n required: false\n type: str\n extended_enabled:\n description: Enable extended query\n default: False\n type: bool\n extended_query:\n description: Extended query\n default: ''\n type: str\n binddn:\n description: Search bind DN\n type: str\n bindpw:\n description: Search bind password\n type: str\n attr_user:\n description: LDAP User naming attribute\n default: cn\n type: str\n attr_group:\n description: LDAP Group naming attribute\n default: cn\n type: str\n attr_member:\n description: LDAP Group member naming attribute\n default: member\n type: str\n attr_groupobj:\n description: LDAP Group objectClass naming attribute\n default: posixGroup\n type: str\n ldap_rfc2307:\n description: LDAP Server uses RFC 2307 style group membership (RFC 2307bis when False)\n type: bool\n ldap_rfc2307_userdn:\n description: Use DN for username search (pfsense-CE >=2.5.0, pfsense-PLUS >=21.2)\n type: bool\n ldap_utf8:\n description: UTF8 encode LDAP parameters before sending them to the server.\n type: bool\n ldap_nostrip_at:\n description: Do not strip away parts of the username after the @ symbol\n type: bool\n ldap_pam_groupdn:\n description: Shell Authentication Group DN (pfsense-CE >=2.5.0, pfsense-PLUS >=21.2)\n type: str\n ldap_allow_unauthenticated:\n description: Allow unauthenticated bind (pfsense-CE >=2.5.0, pfsense-PLUS >=21.2). Defaults to true.\n type: bool\n\"\"\"\n\nEXAMPLES = \"\"\"\n- name: Add adservers authentication server\n pfsense_authserver_ldap:\n name: AD\n host: adserver.example.com\n port: 636\n transport: ssl\n scope: subtree\n authcn: cn=users\n basedn: dc=example,dc=com\n binddn: cn=bind,ou=Service Accounts,dc=example,dc=com\n bindpw: \"{{ vaulted_bindpw }}\"\n attr_user: samAccountName\n attr_member: memberOf\n attr_groupobj: group\n state: present\n\n- name: Remove LDAP authentication server\n pfsense_authserver_ldap:\n name: AD\n state: absent\n\"\"\"\n\nRETURN = \"\"\"\n\n\"\"\"\n\nfrom ansible.module_utils.basic import AnsibleModule\nfrom ansible_collections.pfsensible.core.plugins.module_utils.module_base import PFSenseModuleBase\n\nPFSENSE_AUTHSERVER_LDAP_SPEC = {\n 'name': {'required': True, 'type': 'str'},\n 'state': {\n 'default': 'present',\n 'choices': ['present', 'absent']\n },\n 'host': {'type': 'str'},\n 'port': {'default': '389', 'type': 'str'},\n 'transport': {\n 'choices': ['tcp', 'starttls', 'ssl']\n },\n 'ca': {'default': 'global', 'type': 'str'},\n 'protver': {\n 'default': '3',\n 'choices': ['2', '3']\n },\n 'timeout': {'default': '25', 'type': 'str'},\n 'scope': {\n 'choices': ['one', 'subtree']\n },\n 'basedn': {'required': False, 'type': 'str'},\n 'authcn': {'required': False, 'type': 'str'},\n 'extended_enabled': {'default': False, 'type': 'bool'},\n 'extended_query': {'default': '', 'type': 'str'},\n 'binddn': {'required': False, 'type': 'str'},\n 'bindpw': {'required': False, 'type': 'str'},\n 'attr_user': {'default': 'cn', 'type': 'str'},\n 'attr_group': {'default': 'cn', 'type': 'str'},\n 'attr_member': {'default': 'member', 'type': 'str'},\n 'attr_groupobj': {'default': 'posixGroup', 'type': 'str'},\n 'ldap_pam_groupdn': {'required': False, 'type': 'str'},\n 'ldap_utf8': {'required': False, 'type': 'bool'},\n 'ldap_nostrip_at': {'required': False, 'type': 'bool'},\n 'ldap_rfc2307': {'required': False, 'type': 'bool'},\n 'ldap_rfc2307_userdn': {'required': False, 'type': 'bool'},\n 'ldap_allow_unauthenticated': {'required': False, 'type': 'bool'},\n}\n\nAUTHSERVER_LDAP_CREATE_DEFAULT = dict(\n ldap_allow_unauthenticated=None\n)\n\nAUTHSERVER_LDAP_PHP_COMMAND = \"\"\"\nrequire_once('auth.inc');\nif (config_path_enabled('system/webgui', 'shellauth') &&\n (config_get_path('system/webgui/authmode') == '{name}')) {{\n set_pam_auth();\n}}\n\"\"\"\n\n\nclass PFSenseAuthserverLDAPModule(PFSenseModuleBase):\n \"\"\" module managing pfsense LDAP authentication \"\"\"\n\n ##############################\n # unit tests\n #\n # Must be class method for unit test usage\n @staticmethod\n def get_argument_spec():\n \"\"\" return argument spec \"\"\"\n return PFSENSE_AUTHSERVER_LDAP_SPEC\n\n def __init__(self, module, pfsense=None):\n super(PFSenseAuthserverLDAPModule, self).__init__(module, pfsense, name='pfsense_authserver_ldap', root='system', node='authserver', key='name',\n bool_style='absent/present', have_refid=True, create_default=AUTHSERVER_LDAP_CREATE_DEFAULT)\n\n ##############################\n # params processing\n #\n def _validate_params(self):\n \"\"\" do some extra checks on input parameters \"\"\"\n\n if int(self.params['timeout']) < 1:\n self.module.fail_json(msg='timeout {0} must be greater than 1'.format(self.params['timeout']))\n\n def _params_to_obj(self):\n \"\"\" return a dict from module params \"\"\"\n params = self.params\n\n obj = dict()\n\n obj['name'] = params['name']\n if params['state'] == 'present':\n obj['type'] = 'ldap'\n for option in ['host']:\n if option in params and params[option] is not None:\n obj[option] = params[option]\n\n obj['ldap_port'] = params['port']\n if self.pfsense.config_version >= 20.1:\n urltype = dict({'tcp': 'Standard TCP', 'starttls': 'STARTTLS Encrypted', 'ssl': 'SSL/TLS Encrypted'})\n else:\n urltype = dict({'tcp': 'TCP - Standard', 'starttls': 'TCP - STARTTLS', 'ssl': 'SSL - Encrypted'})\n obj['ldap_urltype'] = urltype[params['transport']]\n obj['ldap_protver'] = params['protver']\n obj['ldap_timeout'] = params['timeout']\n obj['ldap_scope'] = params['scope']\n obj['ldap_basedn'] = params['basedn']\n obj['ldap_authcn'] = params['authcn']\n if params['extended_enabled']:\n obj['ldap_extended_enabled'] = 'yes'\n else:\n obj['ldap_extended_enabled'] = ''\n obj['ldap_extended_query'] = params['extended_query']\n if params['binddn']:\n obj['ldap_binddn'] = params['binddn']\n if params['bindpw']:\n obj['ldap_bindpw'] = params['bindpw']\n obj['ldap_attr_user'] = params['attr_user']\n obj['ldap_attr_group'] = params['attr_group']\n obj['ldap_attr_member'] = params['attr_member']\n obj['ldap_attr_groupobj'] = params['attr_groupobj']\n if params['ldap_utf8']:\n obj['ldap_utf8'] = ''\n if params['ldap_nostrip_at']:\n obj['ldap_nostrip_at'] = ''\n if params['ldap_rfc2307']:\n obj['ldap_rfc2307'] = ''\n\n if self.pfsense.is_at_least_2_5_0():\n obj['ldap_pam_groupdn'] = params['ldap_pam_groupdn']\n if params['ldap_rfc2307_userdn']:\n obj['ldap_rfc2307_userdn'] = ''\n if params['ldap_allow_unauthenticated']:\n obj['ldap_allow_unauthenticated'] = ''\n\n # Find the caref id for the named CA\n obj['ldap_caref'] = self.pfsense.get_caref(params['ca'])\n # CA is required for SSL/TLS\n if self.pfsense.config_version >= 20.1:\n if obj['ldap_caref'] is None and obj['ldap_urltype'] != 'Standard TCP':\n self.module.fail_json(msg=\"Could not find CA '%s'\" % (params['ca']))\n else:\n if obj['ldap_caref'] is None and obj['ldap_urltype'] != 'TCP - Standard':\n self.module.fail_json(msg=\"Could not find CA '%s'\" % (params['ca']))\n\n return obj\n\n ##############################\n # XML processing\n #\n def _find_target(self):\n result = self.root_elt.findall(\"authserver[name='{0}'][type='ldap']\".format(self.obj['name']))\n if len(result) == 1:\n return result[0]\n elif len(result) > 1:\n self.module.fail_json(msg='Found multiple ldap authentication servers for name {0}.'.format(self.obj['name']))\n else:\n return None\n\n ##############################\n # run\n #\n def _update(self):\n \"\"\" update system configuration if needed \"\"\"\n return self.pfsense.phpshell(AUTHSERVER_LDAP_PHP_COMMAND.format(name=self.obj['name']))\n\n\ndef main():\n module = AnsibleModule(\n argument_spec=PFSENSE_AUTHSERVER_LDAP_SPEC,\n required_if=[\n [\"state\", \"present\", [\"host\", \"port\", \"transport\", \"scope\", \"authcn\"]],\n ],\n supports_check_mode=True)\n\n pfmodule = PFSenseAuthserverLDAPModule(module)\n pfmodule.run(module.params)\n pfmodule.commit_changes()\n\n\nif __name__ == '__main__':\n main()\n"
},
{
"path": "plugins/modules/pfsense_authserver_radius.py",
"content": "#!/usr/bin/python\n# -*- coding: utf-8 -*-\n\n# Copyright: (c) 2018-2022, Orion Poplawski \n# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)\n\nfrom __future__ import absolute_import, division, print_function\n__metaclass__ = type\n\nANSIBLE_METADATA = {'metadata_version': '1.1',\n 'status': ['preview'],\n 'supported_by': 'community'}\n\nDOCUMENTATION = \"\"\"\n---\nmodule: pfsense_authserver_radius\nversion_added: 0.5.0\nshort_description: Manage pfSense RADIUS authentication servers\ndescription:\n >\n Manage pfSense RADIUS authentication servers\nauthor: Orion Poplawski (@opoplawski)\nnotes:\noptions:\n name:\n description: The name of the authentication server\n required: true\n type: str\n state:\n description: State in which to leave the authentication server\n default: 'present'\n choices: [ \"present\", \"absent\" ]\n type: str\n host:\n description: The hostname or IP address of the authentication server\n required: false\n type: str\n auth_port:\n description: RADIUS authentication port\n default: 1812\n type: int\n acct_port:\n description: RADIUS accounting port\n default: 1813\n type: int\n protocol:\n description: RADIUS protocol\n default: MSCHAPv2\n choices: [ \"PAP\", \"CHAP_MD5\", \"MSCHAPv1\", \"MSCHAPv2\" ]\n type: str\n secret:\n description: RADIUS secret\n type: str\n timeout:\n description: Server timeout in seconds\n default: 5\n type: int\n nasip_attribute:\n description: IP to use for the \"NAS-IP-Address\" attribute during RADIUS Acccess-Requests, must be an interface name\n default: lan\n type: str\n\"\"\"\n\nEXAMPLES = \"\"\"\n- name: Add adservers authentication server\n pfsense_authserver_radius:\n name: RADIUS\n host: radius.example.com\n secret: password\n nasip_attribute: lan\n state: present\n\n- name: Remove RADIUS authentication server\n pfsense_authserver_radius:\n name: RADIUS\n state: absent\n\"\"\"\n\nRETURN = \"\"\"\n\n\"\"\"\n\nfrom ansible.module_utils.basic import AnsibleModule\nfrom ansible_collections.pfsensible.core.plugins.module_utils.module_base import PFSenseModuleBase\n\n\nAUTHSERVER_RADIUS_SPEC = {\n 'name': {'required': True, 'type': 'str'},\n 'state': {\n 'default': 'present',\n 'choices': ['present', 'absent'],\n },\n 'host': {'type': 'str'},\n 'auth_port': {'default': '1812', 'type': 'int'},\n 'acct_port': {'default': '1813', 'type': 'int'},\n 'protocol': {\n 'default': 'MSCHAPv2',\n 'choices': ['PAP', 'CHAP_MD5', 'MSCHAPv1', 'MSCHAPv2'],\n },\n 'secret': {'type': 'str', 'no_log': True},\n 'timeout': {'default': '5', 'type': 'int'},\n 'nasip_attribute': {'default': 'lan', 'type': 'str'},\n}\n\n\nclass PFSenseAuthserverRADIUSModule(PFSenseModuleBase):\n \"\"\" module managing pfsense RADIUS authentication \"\"\"\n\n @staticmethod\n def get_argument_spec():\n \"\"\" return argument spec \"\"\"\n return AUTHSERVER_RADIUS_SPEC\n\n def __init__(self, module, pfsense=None):\n super(PFSenseAuthserverRADIUSModule, self).__init__(module, pfsense)\n self.name = \"pfsense_authserver_radius\"\n self.root_elt = self.pfsense.get_element('system')\n self.authservers = self.root_elt.findall('authserver')\n\n ##############################\n # params processing\n #\n def _validate_params(self):\n \"\"\" do some extra checks on input parameters \"\"\"\n\n if int(self.params['timeout']) < 1:\n self.module.fail_json(msg='timeout {0} must be greater than 1'.format(self.params['timeout']))\n\n def _params_to_obj(self):\n \"\"\" return a dict from module params \"\"\"\n params = self.params\n\n obj = dict()\n self.obj = obj\n\n obj['name'] = params['name']\n if params['state'] == 'present':\n obj['type'] = 'radius'\n self._get_ansible_param(obj, 'host')\n self._get_ansible_param(obj, 'auth_port', fname='radius_auth_port')\n self._get_ansible_param(obj, 'acct_port', fname='radius_acct_port')\n self._get_ansible_param(obj, 'protocol', fname='radius_protocol')\n self._get_ansible_param(obj, 'secret', fname='radius_secret')\n self._get_ansible_param(obj, 'timeout', fname='radius_timeout')\n self._get_ansible_param(obj, 'nasip_attribute', fname='radius_nasip_attribute')\n\n return obj\n\n ##############################\n # XML processing\n #\n def _find_target(self):\n result = self.root_elt.findall(\"authserver[name='{0}'][type='radius']\".format(self.obj['name']))\n if len(result) == 1:\n return result[0]\n elif len(result) > 1:\n self.module.fail_json(msg='Found multiple radius authentication servers for name {0}.'.format(self.obj['name']))\n else:\n return None\n\n def _find_this_index(self):\n return self.authservers.index(self.target_elt)\n\n def _create_target(self):\n \"\"\" create the XML target_elt \"\"\"\n elt = self.pfsense.new_element('authserver')\n elt.append(self.pfsense.new_element('refid', text=self.pfsense.uniqid()))\n return elt\n\n def _copy_and_add_target(self):\n \"\"\" populate the XML target_elt \"\"\"\n self.pfsense.copy_dict_to_element(self.obj, self.target_elt)\n self.diff['after'] = self.obj\n if len(self.authservers) > 0:\n self.root_elt.insert(list(self.root_elt).index(self.authservers[len(self.authservers) - 1]), self.target_elt)\n else:\n self.root_elt.append(self.target_elt)\n\n ##############################\n # Logging\n #\n def _get_obj_name(self):\n \"\"\" return obj's name \"\"\"\n return \"'{0}'\".format(self.obj['name'])\n\n def _log_fields(self, before=None):\n \"\"\" generate pseudo-CLI command fields parameters to create an obj \"\"\"\n values = ''\n return values\n\n\ndef main():\n module = AnsibleModule(\n argument_spec=AUTHSERVER_RADIUS_SPEC,\n required_if=[\n [\"state\", \"present\", [\"host\", \"secret\"]],\n ],\n supports_check_mode=True)\n\n pfmodule = PFSenseAuthserverRADIUSModule(module)\n pfmodule.run(module.params)\n pfmodule.commit_changes()\n\n\nif __name__ == '__main__':\n main()\n"
},
{
"path": "plugins/modules/pfsense_ca.py",
"content": "#!/usr/bin/python\n# -*- coding: utf-8 -*-\n\n# Copyright: (c) 2018-2024, Orion Poplawski \n# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)\n\nfrom __future__ import absolute_import, division, print_function\n__metaclass__ = type\n\nANSIBLE_METADATA = {'metadata_version': '1.1',\n 'status': ['preview'],\n 'supported_by': 'community'}\n\nDOCUMENTATION = \"\"\"\n---\nmodule: pfsense_ca\nversion_added: 0.1.0\nshort_description: Manage pfSense Certificate Authorities\ndescription:\n >\n Manage pfSense Certificate Authorities\nauthor: Orion Poplawski (@opoplawski)\nnotes:\noptions:\n name:\n description: The name of the Certificate Authority\n required: true\n type: str\n method:\n description: The type of Certificate Authority to create\n default: existing\n choices: [ \"internal\", \"existing\", \"intermediate\" ]\n type: str\n state:\n description: State in which to leave the Certificate Authority\n default: present\n choices: [ \"present\", \"absent\" ]\n type: str\n trust:\n description: Add this Certificate Authority to the Operating System Trust Store. Defaults to false.\n type: bool\n version_added: 0.5.0\n randomserial:\n description: Use random serial numbers when signing certifices. Defaults to false.\n type: bool\n version_added: 0.5.0\n certificate:\n description:\n >\n The certificate for the Certificate Authority. This can be in PEM form or Base64\n encoded PEM as a single string (which is how pfSense stores it).\n type: str\n crl:\n description:\n >\n The Certificate Revocation List for the Certificate Authority. This can be in PEM\n form or Base64 encoded PEM as a single string (which is how pfSense stores it).\n required: false\n type: str\n crlname:\n description:\n >\n The name of the CRL. This will default to name + ' CRL'. If multiple CRLs exist\n with this name, you must specify crlrefid.\n required: false\n type: str\n version_added: 0.5.0\n crlrefid:\n description: The refrence ID of the CRL. This will default to a unique id based on time.\n required: false\n type: str\n version_added: 0.5.0\n key:\n description:\n >\n The private key for the Certificate Authority. This can be in PEM form or Base64\n encoded PEM as a single string (which is how pfSense stores it).\n type: str\n version_added: 0.6.2\n keytype:\n description: The key type for the internal Certificate Authority.\n default: RSA\n choices: [ \"RSA\", \"ECDSA\" ]\n type: str\n ecname:\n description: The Elliptic Curve Name to use when generating a new ECDSA key.\n default: 'prime256v1'\n choices: ['secp112r1', 'secp112r2', 'secp128r1', 'secp128r2', 'secp160k1', 'secp160r1', 'secp160r2', 'secp192k1', 'secp224k1', 'secp224r1',\n 'secp256k1', 'secp384r1', 'secp521r1', 'prime192v1', 'prime192v2', 'prime192v3', 'prime239v1', 'prime239v2', 'prime239v3', 'prime256v1',\n 'sect113r1', 'sect113r2', 'sect131r1', 'sect131r2', 'sect163k1', 'sect163r1', 'sect163r2', 'sect193r1', 'sect193r2', 'sect233k1', 'sect233r1',\n 'sect239k1', 'sect283k1', 'sect283r1', 'sect409k1', 'sect409r1', 'sect571k1', 'sect571r1', 'c2pnb163v1', 'c2pnb163v2', 'c2pnb163v3', 'c2pnb176v1',\n 'c2tnb191v1', 'c2tnb191v2', 'c2tnb191v3', 'c2pnb208w1', 'c2tnb239v1', 'c2tnb239v2', 'c2tnb239v3', 'c2pnb272w1', 'c2pnb304w1', 'c2tnb359v1',\n 'c2pnb368w1', 'c2tnb431r1', 'wap-wsg-idm-ecid-wtls1', 'wap-wsg-idm-ecid-wtls3', 'wap-wsg-idm-ecid-wtls4', 'wap-wsg-idm-ecid-wtls5',\n 'wap-wsg-idm-ecid-wtls6', 'wap-wsg-idm-ecid-wtls7', 'wap-wsg-idm-ecid-wtls8', 'wap-wsg-idm-ecid-wtls9', 'wap-wsg-idm-ecid-wtls10',\n 'wap-wsg-idm-ecid-wtls11', 'wap-wsg-idm-ecid-wtls12', 'Oakley-EC2N-3', 'Oakley-EC2N-4', 'brainpoolP160r1', 'brainpoolP160t1', 'brainpoolP192r1',\n 'brainpoolP192t1', 'brainpoolP224r1', 'brainpoolP224t1', 'brainpoolP256r1', 'brainpoolP256t1', 'brainpoolP320r1', 'brainpoolP320t1',\n 'brainpoolP384r1', 'brainpoolP384t1', 'brainpoolP512r1', 'brainpoolP512t1', 'SM2']\n type: str\n keylen:\n description: The length to use when generating a new RSA key, in bits\n default: '2048'\n choices: [ \"1024\", \"2048\", \"3072\", \"4096\", \"6144\", \"7680\", \"8192\", \"15360\", \"16384\" ]\n type: str\n digest_alg:\n description: The digest algorithm for the internal Certificate Authority.\n default: sha256\n choices: [ \"sha1\", \"sha224\", \"sha256\", \"sha384\", \"sha512\" ]\n type: str\n lifetime:\n description: The lifetime in days for the internal Certificate Authority certificate. Between 1 and 12000.\n default: 3650\n type: int\n dn_commonname:\n description: The Common Name of the internal Certificate Authority certificate.\n default: internal-ca\n type: str\n dn_country:\n description: The 2-letter country code of the internal Certificate Authority certificate.\n default: ''\n type: str\n dn_state:\n description: The State or Province of the internal Certificate Authority certificate.\n default: ''\n type: str\n dn_city:\n description: The City of the internal Certificate Authority certificate.\n default: ''\n type: str\n dn_organization:\n description: The Organization of the internal Certificate Authority certificate.\n default: ''\n type: str\n dn_organizationalunit:\n description: The Organizational Unit of the internal Certificate Authority certificate.\n default: ''\n type: str\n serial:\n description: Number to be used as a sequential serial number for the next certificate to be signed by this CA.\n type: int\n version_added: 0.5.0\n\"\"\"\n\nEXAMPLES = \"\"\"\n- name: Add AD Certificate Authority\n pfsense_ca:\n name: AD CA\n certificate: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tDQpNSUlGcXpDQ0E1T2dB...\n crl: |\n -----BEGIN X509 CRL-----\n MIICazCCAVMCAQEwDQYJKoZIhvcNAQELBQAwGjEYMBYGA1UEAxMPTldSQSBPcGVu\n ...\n r0hUUy3w1trKtymlyhmd5XmYzINYp8p/Ws+boST+Fcw3chWTep/J8nKMeKESO0w=\n -----END X509 CRL-----\n state: present\n\n- name: Remove AD Certificate Authority\n pfsense_ca:\n name: AD CA\n state: absent\n\"\"\"\n\nRETURN = \"\"\"\n\n\"\"\"\n\nimport base64\nimport re\n\nfrom ansible.module_utils.basic import AnsibleModule\nfrom ansible_collections.pfsensible.core.plugins.module_utils.module_base import PFSenseModuleBase\n\nPFSENSE_CA_ARGUMENT_SPEC = dict(\n name=dict(required=True, type='str'),\n method=dict(type='str', default='existing', choices=['internal', 'existing', 'intermediate']),\n state=dict(type='str', default='present', choices=['present', 'absent']),\n trust=dict(type='bool'),\n randomserial=dict(type='bool'),\n certificate=dict(type='str'),\n crl=dict(default=None, type='str'),\n crlname=dict(default=None, type='str'),\n crlrefid=dict(default=None, type='str'),\n key=dict(type='str', no_log=True),\n keytype=dict(type='str', default='RSA', choices=['RSA', 'ECDSA']),\n ecname=dict(\n type='str',\n default='prime256v1',\n choices=[\n 'secp112r1', 'secp112r2', 'secp128r1', 'secp128r2', 'secp160k1', 'secp160r1', 'secp160r2',\n 'secp192k1', 'secp224k1', 'secp224r1', 'secp256k1', 'secp384r1', 'secp521r1', 'prime192v1', 'prime192v2', 'prime192v3', 'prime239v1',\n 'prime239v2', 'prime239v3', 'prime256v1', 'sect113r1', 'sect113r2', 'sect131r1', 'sect131r2', 'sect163k1', 'sect163r1', 'sect163r2',\n 'sect193r1', 'sect193r2', 'sect233k1', 'sect233r1', 'sect239k1', 'sect283k1', 'sect283r1', 'sect409k1', 'sect409r1', 'sect571k1', 'sect571r1',\n 'c2pnb163v1', 'c2pnb163v2', 'c2pnb163v3', 'c2pnb176v1', 'c2tnb191v1', 'c2tnb191v2', 'c2tnb191v3', 'c2pnb208w1', 'c2tnb239v1', 'c2tnb239v2',\n 'c2tnb239v3', 'c2pnb272w1', 'c2pnb304w1', 'c2tnb359v1', 'c2pnb368w1', 'c2tnb431r1', 'wap-wsg-idm-ecid-wtls1', 'wap-wsg-idm-ecid-wtls3',\n 'wap-wsg-idm-ecid-wtls4', 'wap-wsg-idm-ecid-wtls5', 'wap-wsg-idm-ecid-wtls6', 'wap-wsg-idm-ecid-wtls7', 'wap-wsg-idm-ecid-wtls8',\n 'wap-wsg-idm-ecid-wtls9', 'wap-wsg-idm-ecid-wtls10', 'wap-wsg-idm-ecid-wtls11', 'wap-wsg-idm-ecid-wtls12', 'Oakley-EC2N-3', 'Oakley-EC2N-4',\n 'brainpoolP160r1', 'brainpoolP160t1', 'brainpoolP192r1', 'brainpoolP192t1', 'brainpoolP224r1', 'brainpoolP224t1', 'brainpoolP256r1',\n 'brainpoolP256t1', 'brainpoolP320r1', 'brainpoolP320t1', 'brainpoolP384r1', 'brainpoolP384t1', 'brainpoolP512r1', 'brainpoolP512t1', 'SM2']),\n keylen=dict(type='str', default='2048', choices=[\"1024\", \"2048\", \"3072\", \"4096\", \"6144\", \"7680\", \"8192\", \"15360\", \"16384\"]),\n digest_alg=dict(type='str', default='sha256', choices=['sha1', 'sha224', 'sha256', 'sha384', 'sha512']),\n lifetime=dict(default=3650, type='int'),\n dn_commonname=dict(default='internal-ca', type='str'),\n dn_country=dict(default='', type='str'),\n dn_state=dict(default='', type='str'),\n dn_city=dict(default='', type='str'),\n dn_organization=dict(default='', type='str'),\n dn_organizationalunit=dict(default='', type='str'),\n serial=dict(type='int'),\n)\n\n# These are default but not enforced values\nCA_CREATE_DEFAULT = dict(\n randomserial='disabled',\n serial='0',\n trust='disabled',\n)\n\n# Booleans that map to different values\nCA_BOOL_VALUES = dict(\n randomserial=('disabled', 'enabled'),\n trust=('disabled', 'enabled'),\n)\n\n\nclass PFSenseCAModule(PFSenseModuleBase):\n \"\"\" module managing pfsense certificate authorities \"\"\"\n\n @staticmethod\n def get_argument_spec():\n \"\"\" return argument spec \"\"\"\n return PFSENSE_CA_ARGUMENT_SPEC\n\n def __init__(self, module, pfsense=None):\n super(PFSenseCAModule, self).__init__(module, pfsense, root='pfsense', node='ca', have_refid=True, create_default=CA_CREATE_DEFAULT,\n bool_values=CA_BOOL_VALUES)\n self.name = \"pfsense_ca\"\n self.refresh_crls = False\n self.crl = None\n\n cmd = ('require_once(\"certs.inc\");'\n '$max_lifetime = cert_get_max_lifetime();'\n 'echo json_encode($max_lifetime);')\n self.max_lifetime = int(self.pfsense.php(cmd))\n\n ##############################\n # params processing\n #\n def _validate_params(self):\n \"\"\" do some extra checks on input parameters \"\"\"\n params = self.params\n\n if params['state'] == 'absent':\n return\n\n if re.search(r\"[\\?\\>\\<\\&\\/\\\\\\\"\\']\", params['name']):\n self.module.fail_json(msg='name contains invalid characters')\n pattern = re.compile(r\"[^a-zA-Z0-9 '/~`!@#$%\\^&*()_\\-+={}[\\]|;:\\\"<>,.?\\\\]\")\n for param in ['dn_commonname', 'dn_state', 'dn_city', 'dn_organization', 'dn_organizationalunit']:\n if re.search(pattern, self.params[param]):\n self.module.fail_json(msg=f'{param} contains invalid characters')\n\n if params['lifetime'] > self.max_lifetime:\n self.module.fail_json(msg=f'Lifetime is longer than the maximum allowed value ({self.max_lifetime})')\n\n if params['method'] == 'existing':\n if params['certificate'] is None:\n self.module.fail_json(msg='Missing required argument \"certificate\"')\n\n # TODO - Make sure certificate purpose includes CA\n cert = params['certificate']\n if re.match('LS0', cert):\n cert = base64.b64decode(cert.encode()).decode()\n lines = cert.splitlines()\n if lines[0] == '-----BEGIN CERTIFICATE-----' and lines[-1] == '-----END CERTIFICATE-----':\n params['certificate'] = base64.b64encode(cert.encode()).decode()\n else:\n self.module.fail_json(msg='Could not recognize certificate format: %s' % (cert))\n\n if params['crl'] is not None:\n crl = params['crl']\n if re.match('LS0', crl):\n crl = base64.b64decode(crl.encode()).decode()\n lines = crl.splitlines()\n if lines[0] == '-----BEGIN X509 CRL-----' and lines[-1] == '-----END X509 CRL-----':\n params['crl'] = base64.b64encode(crl.encode()).decode()\n else:\n self.module.fail_json(msg='Could not recognize CRL format: %s' % (crl))\n\n if params['key'] is not None:\n ca_key = params['key']\n if re.match('LS0', ca_key):\n ca_key = base64.b64decode(ca_key.encode()).decode()\n lines = ca_key.splitlines()\n if lines[0] == '-----BEGIN PRIVATE KEY-----' and lines[-1] == '-----END PRIVATE KEY-----':\n params['key'] = base64.b64encode(ca_key.encode()).decode()\n else:\n self.module.fail_json(msg='Could not recognize CA key format: %s' % (ca_key))\n\n if params['serial'] is not None:\n if int(params['serial']) < 1:\n self.module.fail_json(msg='serial must be greater than 0')\n\n def _params_to_obj(self):\n \"\"\" return a dict from module params \"\"\"\n params = self.params\n\n obj = dict()\n obj['descr'] = params['name']\n if params['state'] == 'present':\n\n if params['method'] == 'existing':\n if 'certificate' in params and params['certificate'] is not None:\n obj['crt'] = params['certificate']\n if params['crl'] is not None:\n self.crl = {}\n self.crl['method'] = 'existing'\n self.crl['text'] = params['crl']\n self._get_ansible_param(self.crl, 'crlname', fname='descr', force=True, force_value=obj['descr'] + ' CRL')\n self._get_ansible_param(self.crl, 'crlrefid', fname='refid')\n if params['key'] is not None:\n obj['prv'] = params['key']\n\n for arg in CA_BOOL_VALUES:\n self._get_ansible_param_bool(obj, arg, value=CA_BOOL_VALUES[arg][1], value_false=CA_BOOL_VALUES[arg][0])\n\n self._get_ansible_param(obj, 'serial')\n\n return obj\n\n ##############################\n # XML processing\n #\n def _find_crl_for_ca(self, caref):\n result = self.root_elt.findall(\"crl[caref='{0}']\".format(caref))\n if len(result) == 1:\n return result[0]\n elif len(result) > 1:\n self.module.fail_json(msg='Found multiple CRLs for caref {0}, you must specify crlname or crlrefid.'.format(caref))\n else:\n return None\n\n def _find_crl_by_name(self, crlname):\n result = self.root_elt.findall(\"crl[descr='{0}']\".format(crlname))\n if len(result) == 1:\n return result[0]\n elif len(result) > 1:\n self.module.fail_json(msg='Found multiple CRLs for name {0}, you must specify crlrefid.'.format(crlname))\n else:\n return None\n\n def _find_crl_by_refid(self, crlrefid):\n result = self.root_elt.findall(\"crl[refid='{0}']\".format(crlrefid))\n if len(result) == 1:\n return result[0]\n elif len(result) > 1:\n self.module.fail_json(msg='Found multiple CRLs for refid {0}. This is an unsupported condition'.format(crlrefid))\n else:\n return None\n\n def _copy_and_add_target(self):\n \"\"\" populate the XML target_elt \"\"\"\n self.pfsense.copy_dict_to_element(self.obj, self.target_elt)\n self.diff['after'] = self.pfsense.element_to_dict(self.target_elt)\n self.root_elt.insert(self._find_last_element_index(), self.target_elt)\n if self.crl is not None:\n crl_elt = self.pfsense.new_element('crl')\n self.crl['caref'] = self.obj['refid']\n if 'refid' not in self.crl:\n self.crl['refid'] = self.pfsense.uniqid()\n self.pfsense.copy_dict_to_element(self.crl, crl_elt)\n self.diff['after']['crl'] = self.crl['text']\n self.pfsense.root.append(crl_elt)\n self.refresh_crls = True\n\n def _copy_and_update_target(self):\n \"\"\" update the XML target_elt \"\"\"\n (before, changed) = super(PFSenseCAModule, self)._copy_and_update_target()\n\n if self.crl is not None:\n crl_elt = None\n\n # If a crlrefid is specified, update it or create a new one with that refid\n if self.params['crlrefid'] is not None:\n crl_elt = self._find_crl_by_refid(self.params['crlrefid'])\n self.crl['refid'] = self.params['crlrefid']\n else:\n if self.params['crlname'] is not None:\n crl_elt = self._find_crl_by_name(self.params['crlname'])\n if crl_elt is None:\n crl_elt = self._find_crl_for_ca(self.target_elt.find('refid').text)\n\n if crl_elt is None:\n changed = True\n crl_elt = self.pfsense.new_element('crl')\n self.crl['caref'] = self.target_elt.find('refid').text\n if 'refid' not in self.crl:\n self.crl['refid'] = self.pfsense.uniqid()\n self.pfsense.copy_dict_to_element(self.crl, crl_elt)\n # Add after the existing ca entry\n self.pfsense.root.insert(self._find_this_element_index() + 1, crl_elt)\n self.refresh_crls = True\n else:\n before['crl'] = crl_elt.find('text').text\n before['crlname'] = crl_elt.find('descr').text\n if 'crlname' not in self.crl:\n self.crl['descr'] = before['crlname']\n before['crlrefid'] = crl_elt.find('refid').text\n if 'refid' not in self.crl:\n self.crl['refid'] = before['crlrefid']\n if self.pfsense.copy_dict_to_element(self.crl, crl_elt):\n changed = True\n self.refresh_crls = True\n self.diff['after']['crl'] = self.crl['text']\n self.diff['after']['crlname'] = self.crl['descr']\n self.diff['after']['crlrefid'] = self.crl['refid']\n\n return (before, changed)\n\n ##############################\n # run\n #\n def _update(self):\n (dummy, stdout, stderr) = ('', '', '')\n if self.params['state'] == 'present':\n if self.params['method'] == 'existing':\n # ca_import will base64 encode the cert + key and will fix 'caref' for CAs that reference each other\n # $ca needs to be an existing reference (particularly 'refid' must be set) before calling ca_import\n # key and serial are optional arguments. TODO - handle key and serial\n (dummy, stdout, stderr) = self.pfsense.phpshell(\"\"\"\n $ca =& lookup_ca('{refid}')['item'];\n ca_import($ca, '{cert}');\n write_config('Update CA reference');\n ca_setup_trust_store();\n cert_restart_services(ca_get_all_services('{refid}'));\"\"\".format(refid=self.target_elt.find('refid').text,\n cert=base64.b64decode(self.target_elt.find('crt').text.encode()).decode()))\n\n if self.refresh_crls:\n (dummy, crl_stdout, crl_stderr) = self.pfsense.phpshell(\"\"\"\n require_once(\"openvpn.inc\");\n openvpn_refresh_crls();\n require_once(\"vpn.inc\");\n ipsec_configure();\"\"\")\n stdout += crl_stdout\n stderr += crl_stderr\n\n if self.params['method'] == 'internal':\n # Create an internal CA\n (dummy, stdout, stderr) = self.pfsense.phpshell(\"\"\"\n $caent =& lookup_ca('{refid}');\n $ca =& $caent['item'];\n\n $dn = array('commonName' => '{dn_commonname}');\n $pconfig = array( 'dn_country' => '{dn_country}',\n 'dn_state' => '{dn_state}',\n 'dn_city' => '{dn_city}',\n 'dn_organization' => '{dn_organization}',\n 'dn_organizationalunit' => '{dn_organizationalunit}' );\n if (!empty($pconfig['dn_country'])) {{\n $dn['countryName'] = $pconfig['dn_country'];\n }}\n if (!empty($pconfig['dn_state'])) {{\n $dn['stateOrProvinceName'] = $pconfig['dn_state'];\n }}\n if (!empty($pconfig['dn_city'])) {{\n $dn['localityName'] = $pconfig['dn_city'];\n }}\n if (!empty($pconfig['dn_organization'])) {{\n $dn['organizationName'] = $pconfig['dn_organization'];\n }}\n if (!empty($pconfig['dn_organizationalunit'])) {{\n $dn['organizationalUnitName'] = $pconfig['dn_organizationalunit'];\n }}\n print_r($dn);\n if (!ca_create($ca, '{keylen}', '{lifetime}', $dn, '{digest_alg}', '{keytype}', '{ecname}')) {{\n print(\"ca_create failed\");\n $input_errors = array();\n while ($ssl_err = openssl_error_string()) {{\n if (strpos($ssl_err, 'NCONF_get_string:no value') === false) {{\n array_push($input_errors, \"openssl library returns: \" . $ssl_err);\n }}\n }}\n print_r($input_errors);\n }}\n $savemsg = sprintf(gettext(\"Created internal Certificate Authority %s\"), $ca['descr']);\n config_set_path(\"ca/{{$caent['idx']}}\", $ca);\n write_config($savemsg);\n ca_setup_trust_store();\"\"\".format(refid=self.target_elt.find('refid').text,\n dn_commonname=self.params['dn_commonname'],\n dn_country=self.params['dn_country'],\n dn_state=self.params['dn_state'],\n dn_city=self.params['dn_city'],\n dn_organization=self.params['dn_organization'],\n dn_organizationalunit=self.params['dn_organizationalunit'],\n keylen=self.params['keylen'],\n lifetime=self.params['lifetime'],\n keytype=self.params['keytype'],\n digest_alg=self.params['digest_alg'],\n ecname=self.params['ecname']))\n\n return (dummy, stdout, stderr)\n\n def _pre_remove_target_elt(self):\n self.diff['after'] = {}\n if self.target_elt is not None:\n self.diff['before'] = self.pfsense.element_to_dict(self.target_elt)\n crl_elt = self._find_crl_for_ca(self.target_elt.find('refid').text)\n self.elements.remove(self.target_elt)\n if crl_elt is not None:\n self.diff['before']['crl'] = crl_elt.find('text').text\n self.root_elt.remove(crl_elt)\n else:\n self.diff['before'] = {}\n\n\ndef main():\n module = AnsibleModule(\n argument_spec=PFSENSE_CA_ARGUMENT_SPEC,\n supports_check_mode=True)\n\n pfmodule = PFSenseCAModule(module)\n pfmodule.run(module.params)\n pfmodule.commit_changes()\n\n\nif __name__ == '__main__':\n main()\n"
},
{
"path": "plugins/modules/pfsense_cert.py",
"content": "#!/usr/bin/python\n# -*- coding: utf-8 -*-\n\n# Copyright: (c) 2021, Carlos Rodrigues \n# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)\n\nfrom __future__ import absolute_import, division, print_function\n__metaclass__ = type\n\n\nANSIBLE_METADATA = {'metadata_version': '1.1',\n 'status': ['preview'],\n 'supported_by': 'community'}\n\nDOCUMENTATION = \"\"\"\n---\nmodule: pfsense_cert\nversion_added: 0.5.0\nauthor: Carlos Rodrigues (@cmarodrigues)\nshort_description: Manage pfSense certificates\ndescription:\n - Manage pfSense certificates\nnotes:\noptions:\n name:\n description: The name of the certificate\n required: true\n type: str\n ca:\n description: The Certificate Authority\n type: str\n keytype:\n description: The type of key to generate\n default: 'RSA'\n choices: [ 'RSA', 'ECDSA' ]\n type: str\n digestalg:\n description: The digest method used when the certificate is signed\n default: 'sha256'\n choices: ['sha1', 'sha224', 'sha256', 'sha384', 'sha512']\n type: str\n ecname:\n description: The Elliptic Curve Name to use when generating a new ECDSA key\n default: 'prime256v1'\n choices: ['secp112r1', 'secp112r2', 'secp128r1', 'secp128r2', 'secp160k1', 'secp160r1', 'secp160r2', 'secp192k1', 'secp224k1', 'secp224r1',\n 'secp256k1', 'secp384r1', 'secp521r1', 'prime192v1', 'prime192v2', 'prime192v3', 'prime239v1', 'prime239v2', 'prime239v3', 'prime256v1',\n 'sect113r1', 'sect113r2', 'sect131r1', 'sect131r2', 'sect163k1', 'sect163r1', 'sect163r2', 'sect193r1', 'sect193r2', 'sect233k1', 'sect233r1',\n 'sect239k1', 'sect283k1', 'sect283r1', 'sect409k1', 'sect409r1', 'sect571k1', 'sect571r1', 'c2pnb163v1', 'c2pnb163v2', 'c2pnb163v3', 'c2pnb176v1',\n 'c2tnb191v1', 'c2tnb191v2', 'c2tnb191v3', 'c2pnb208w1', 'c2tnb239v1', 'c2tnb239v2', 'c2tnb239v3', 'c2pnb272w1', 'c2pnb304w1', 'c2tnb359v1',\n 'c2pnb368w1', 'c2tnb431r1', 'wap-wsg-idm-ecid-wtls1', 'wap-wsg-idm-ecid-wtls3', 'wap-wsg-idm-ecid-wtls4', 'wap-wsg-idm-ecid-wtls5',\n 'wap-wsg-idm-ecid-wtls6', 'wap-wsg-idm-ecid-wtls7', 'wap-wsg-idm-ecid-wtls8', 'wap-wsg-idm-ecid-wtls9', 'wap-wsg-idm-ecid-wtls10',\n 'wap-wsg-idm-ecid-wtls11', 'wap-wsg-idm-ecid-wtls12', 'Oakley-EC2N-3', 'Oakley-EC2N-4', 'brainpoolP160r1', 'brainpoolP160t1', 'brainpoolP192r1',\n 'brainpoolP192t1', 'brainpoolP224r1', 'brainpoolP224t1', 'brainpoolP256r1', 'brainpoolP256t1', 'brainpoolP320r1', 'brainpoolP320t1',\n 'brainpoolP384r1', 'brainpoolP384t1', 'brainpoolP512r1', 'brainpoolP512t1', 'SM2']\n type: str\n keylen:\n description: The length to use when generating a new RSA key, in bits\n default: '2048'\n type: str\n lifetime:\n description: The length of time the signed certificate will be valid, in days\n default: '3650'\n type: str\n dn_country:\n description: The Country Code\n type: str\n dn_state:\n description: The State or Province\n type: str\n dn_city:\n description: The City\n type: str\n dn_organization:\n description: The Organization\n type: str\n dn_organizationalunit:\n description: The Organizational Unit\n type: str\n altnames:\n description:\n >\n The Alternative Names. A list of aditional identifiers for the certificate.\n A comma separed values with format: DNS:hostname,IP:X.X.X.X,email:user@mail,URI:url\n type: str\n certificate:\n description:\n >\n The certificate to import. This can be in PEM form or Base64\n encoded PEM as a single string (which is how pfSense stores it).\n type: str\n key:\n description:\n >\n The key to import. This can be in PEM form or Base64\n encoded PEM as a single string (which is how pfSense stores it).\n type: str\n state:\n description: State in which to leave the certificate\n default: 'present'\n choices: [ 'present', 'absent' ]\n type: str\n method:\n description: Method of the certificate created\n default: 'internal'\n choices: [ 'internal', 'import' ]\n type: str\n certtype:\n description: Type of the certificate ('user' is a certificate for the user)\n default: 'user'\n choices: [ 'user', 'server' ]\n type: str\n\"\"\"\n\nEXAMPLES = \"\"\"\n- name: Generate new internal certificate\n pfsense_cert:\n method: \"internal\"\n name: \"test\"\n ca: \"internal-ca\"\n keytype: \"RSA\"\n keylen: 2048\n lifetime: 3650\n dn_country: \"PT\"\n dn_organization: \"Dummy\"\n certtype: \"user\"\n state: present\n\n- name: Import certificate\n pfsense_cert:\n method: \"import\"\n name: \"test\"\n certificate: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUUxVENDQXIyZ0F3...\n key: |\n -----BEGIN PRIVATE KEY-----\n MIIEvwIBADANBgkqhkiG9w0BAQEFAASCBKkwggSlAgEAAoIBAQC4yY0SI8lWNN2B\n ...\n i0LiJ+QOek6Qy+51kMK3rXNsQQ==\n -----END PRIVATE KEY-----\n certtype: \"user\"\n state: present\n\n- name: Remove certificate\n pfsense_cert:\n name: \"test\"\n state: absent\n\"\"\"\n\nRETURN = \"\"\"\n\n\"\"\"\n\nimport base64\nimport re\n\nfrom ansible.module_utils.basic import AnsibleModule\nfrom ansible_collections.pfsensible.core.plugins.module_utils.module_base import PFSenseModuleBase\n\nCERT_ARGUMENT_SPEC = dict(\n name=dict(required=True, type='str'),\n ca=dict(type='str'),\n keytype=dict(type='str', default='RSA', choices=['RSA', 'ECDSA']),\n digestalg=dict(type='str', default='sha256', choices=['sha1', 'sha224', 'sha256', 'sha384', 'sha512']),\n ecname=dict(\n type='str',\n default='prime256v1',\n choices=[\n 'secp112r1', 'secp112r2', 'secp128r1', 'secp128r2', 'secp160k1', 'secp160r1', 'secp160r2',\n 'secp192k1', 'secp224k1', 'secp224r1', 'secp256k1', 'secp384r1', 'secp521r1', 'prime192v1', 'prime192v2', 'prime192v3', 'prime239v1',\n 'prime239v2', 'prime239v3', 'prime256v1', 'sect113r1', 'sect113r2', 'sect131r1', 'sect131r2', 'sect163k1', 'sect163r1', 'sect163r2',\n 'sect193r1', 'sect193r2', 'sect233k1', 'sect233r1', 'sect239k1', 'sect283k1', 'sect283r1', 'sect409k1', 'sect409r1', 'sect571k1', 'sect571r1',\n 'c2pnb163v1', 'c2pnb163v2', 'c2pnb163v3', 'c2pnb176v1', 'c2tnb191v1', 'c2tnb191v2', 'c2tnb191v3', 'c2pnb208w1', 'c2tnb239v1', 'c2tnb239v2',\n 'c2tnb239v3', 'c2pnb272w1', 'c2pnb304w1', 'c2tnb359v1', 'c2pnb368w1', 'c2tnb431r1', 'wap-wsg-idm-ecid-wtls1', 'wap-wsg-idm-ecid-wtls3',\n 'wap-wsg-idm-ecid-wtls4', 'wap-wsg-idm-ecid-wtls5', 'wap-wsg-idm-ecid-wtls6', 'wap-wsg-idm-ecid-wtls7', 'wap-wsg-idm-ecid-wtls8',\n 'wap-wsg-idm-ecid-wtls9', 'wap-wsg-idm-ecid-wtls10', 'wap-wsg-idm-ecid-wtls11', 'wap-wsg-idm-ecid-wtls12', 'Oakley-EC2N-3', 'Oakley-EC2N-4',\n 'brainpoolP160r1', 'brainpoolP160t1', 'brainpoolP192r1', 'brainpoolP192t1', 'brainpoolP224r1', 'brainpoolP224t1', 'brainpoolP256r1',\n 'brainpoolP256t1', 'brainpoolP320r1', 'brainpoolP320t1', 'brainpoolP384r1', 'brainpoolP384t1', 'brainpoolP512r1', 'brainpoolP512t1', 'SM2']),\n keylen=dict(type='str', default='2048'),\n lifetime=dict(type='str', default='3650'),\n dn_country=dict(type='str'),\n dn_state=dict(type='str'),\n dn_city=dict(type='str'),\n dn_organization=dict(type='str'),\n dn_organizationalunit=dict(type='str'),\n altnames=dict(type='str'),\n certificate=dict(type='str'),\n key=dict(type='str', no_log=True),\n state=dict(type='str', default='present', choices=['present', 'absent']),\n method=dict(type='str', default='internal', choices=['internal', 'import']),\n certtype=dict(type='str', default='user', choices=['user', 'server']),\n)\n\nCERT_PHP_COMMAND_PREFIX = \"\"\"\nrequire_once('certs.inc');\n\"\"\"\n\n\nclass PFSenseCertModule(PFSenseModuleBase):\n \"\"\" module managing pfsense certificates \"\"\"\n\n @staticmethod\n def get_argument_spec():\n \"\"\" return argument spec \"\"\"\n return CERT_ARGUMENT_SPEC\n\n ##############################\n # init\n #\n def __init__(self, module, pfsense=None):\n super(PFSenseCertModule, self).__init__(module, pfsense, root='pfsense', node='cert')\n self.name = \"pfsense_cert\"\n\n ##############################\n # params processing\n #\n def _validate_params(self):\n \"\"\" do some extra checks on input parameters \"\"\"\n params = self.params\n\n if params['state'] == 'absent':\n return\n\n if params['method'] == 'internal':\n # An internal CA is required for internal certificate\n if params['ca'] is None:\n self.module.fail_json(msg='CA is required.')\n else:\n ca = self._find_ca(params['ca'])\n if ca is not None:\n if ca.find('prv') is None:\n self.module.fail_json(msg='CA (%s) is not an internal CA' % params['ca'])\n else:\n self.module.fail_json(msg='CA (%s) not found' % params['ca'])\n\n # validate Certificate\n if params['certificate'] is not None:\n cert = params['certificate']\n if re.match('LS0', cert):\n cert = base64.b64decode(cert.encode()).decode()\n lines = cert.splitlines()\n if lines[0] == '-----BEGIN CERTIFICATE-----' and lines[-1] == '-----END CERTIFICATE-----':\n params['certificate'] = base64.b64encode(cert.encode()).decode()\n else:\n self.module.fail_json(msg='Could not recognize certificate format: %s' % (cert))\n\n # validate key\n if params['key'] is not None:\n key = params['key']\n if re.match('LS0', key):\n key = base64.b64decode(key.encode()).decode()\n lines = key.splitlines()\n if re.match('^-----BEGIN ((EC|RSA) )?PRIVATE KEY-----$', lines[0]) and re.match('^-----END ((EC|RSA) )?PRIVATE KEY-----$', lines[-1]):\n params['key'] = base64.b64encode(key.encode()).decode()\n else:\n self.module.fail_json(msg='Could not recognize key format: %s' % (key))\n\n def _params_to_obj(self):\n \"\"\" return a dict from module params \"\"\"\n params = self.params\n\n obj = dict()\n self.obj = obj\n\n # certificate description\n obj['descr'] = params['name']\n if params['state'] == 'present':\n\n if params['ca'] is not None:\n # found CA\n ca = self._find_ca(params['ca'])\n if ca is not None:\n # get CA refid\n obj['caref'] = ca.find('refid').text\n else:\n self.module.fail_json(msg='CA (%s) not found' % params['ca'])\n\n if 'certificate' in params and params['certificate'] is not None:\n obj['crt'] = params['certificate']\n if 'key' in params and params['key'] is not None:\n obj['prv'] = params['key']\n\n return obj\n\n ##############################\n # XML processing\n #\n def _find_ca(self, caref):\n result = self.root_elt.findall(\"ca[descr='{0}']\".format(caref))\n if len(result) == 1:\n return result[0]\n elif len(result) > 1:\n self.module.fail_json(msg='Found multiple CAs for caref {0}.'.format(caref))\n else:\n result = self.root_elt.findall(\"ca[refid='{0}']\".format(caref))\n if len(result) == 1:\n return result[0]\n elif len(result) > 1:\n self.module.fail_json(msg='Found multiple CAs for caref {0}.'.format(caref))\n else:\n return None\n\n def _copy_and_add_target(self):\n \"\"\" populate the XML target_elt \"\"\"\n obj = self.obj\n\n obj['refid'] = self.pfsense.uniqid()\n self.diff['after'] = obj\n self.pfsense.copy_dict_to_element(self.obj, self.target_elt)\n self.root_elt.insert(self._find_last_element_index(), self.target_elt)\n\n def _copy_and_update_target(self):\n \"\"\" update the XML target_elt \"\"\"\n\n before = self.pfsense.element_to_dict(self.target_elt)\n self.diff['before'] = before\n\n changed = self.pfsense.copy_dict_to_element(self.obj, self.target_elt)\n self.diff['after'] = self.pfsense.element_to_dict(self.target_elt)\n\n return (before, changed)\n\n ##############################\n # Logging\n #\n def _get_obj_name(self):\n \"\"\" return obj's name \"\"\"\n return \"'\" + self.obj['descr'] + \"'\"\n\n def _log_fields(self, before=None):\n \"\"\" generate pseudo-CLI command fields parameters to create an obj \"\"\"\n values = ''\n if before is None:\n values += self.format_cli_field(self.params, 'descr')\n else:\n values += self.format_updated_cli_field(self.obj, before, 'descr', add_comma=(values))\n return values\n\n ##############################\n # run\n #\n def _update(self):\n if self.params['state'] == 'present':\n if self.params['method'] == 'import':\n # import certificate\n return self.pfsense.phpshell(\"\"\"\n require_once('certs.inc');\n $cert =& lookup_cert('{refid}');\n cert_import($cert, '{cert}', '{key}');\n $savemsg = sprintf(gettext(\"Imported certificate %s\"), $cert['descr']);\n write_config($savemsg);\n cert_restart_services(cert_get_all_services('{refid}'));\n \"\"\".format(refid=self.target_elt.find('refid').text,\n cert=base64.b64decode(self.target_elt.find('crt').text.encode()).decode(),\n key=base64.b64decode(self.target_elt.find('prv').text.encode()).decode()))\n else:\n # generate internal certificate\n return self.pfsense.phpshell(\"\"\"\n require_once('certs.inc');\n $certent =& lookup_cert('{refid}');\n $cert =& $certent['item'];\n\n $pconfig = array( 'dn_commonname' => '{dn_commonname}',\n 'dn_country' => '{dn_country}',\n 'dn_state' => '{dn_state}',\n 'dn_city' => '{dn_city}',\n 'dn_organization' => '{dn_organization}',\n 'dn_organizationalunit' => '{dn_organizationalunit}',\n 'dn_altnames' => '{altnames}' );\n\n /* Create an internal certificate */\n $dn = array('commonName' => $pconfig['dn_commonname']);\n if (!empty($pconfig['dn_country']) && ($pconfig['dn_country']!=='None')) {{\n $dn['countryName'] = $pconfig['dn_country'];\n }}\n if (!empty($pconfig['dn_state']) && ($pconfig['dn_state']!=='None')) {{\n $dn['stateOrProvinceName'] = $pconfig['dn_state'];\n }}\n if (!empty($pconfig['dn_city']) && ($pconfig['dn_city']!=='None')) {{\n $dn['localityName'] = $pconfig['dn_city'];\n }}\n if (!empty($pconfig['dn_organization']) && ($pconfig['dn_organization']!=='None')) {{\n $dn['organizationName'] = $pconfig['dn_organization'];\n }}\n if (!empty($pconfig['dn_organizationalunit']) && ($pconfig['dn_organizationalunit']!=='None')) {{\n $dn['organizationalUnitName'] = $pconfig['dn_organizationalunit'];\n }}\n $altnames_tmp = array();\n $cn_altname = cert_add_altname_type($pconfig['dn_commonname']);\n if (!empty($cn_altname)) {{\n $altnames_tmp[] = $cn_altname;\n }}\n if (!empty($pconfig['dn_altnames']) && ($pconfig['dn_altnames']!=='None')) {{\n $altnames_tmp[] = $pconfig['dn_altnames'];\n }}\n if (!empty($altnames_tmp)) {{\n $dn['subjectAltName'] = implode(\",\", $altnames_tmp);\n }}\n\n if (!cert_create($cert, '{caref}', '{keylen}', '{lifetime}', $dn, '{certtype}', '{digest_alg}', '{keytype}', '{ecname}')) {{\n $input_errors = array();\n while ($ssl_err = openssl_error_string()) {{\n if (strpos($ssl_err, 'NCONF_get_string:no value') === false) {{\n $input_errors[] = sprintf(gettext(\"OpenSSL Library Error: %s\"), $ssl_err);\n }}\n }}\n print_r($input_errors);\n }}\n config_set_path(\"cert/${{certent['idx']}}\", $cert);\n $savemsg = sprintf(gettext(\"Created internal certificate %s\"), $cert['descr']);\n write_config($savemsg);\n cert_restart_services(cert_get_all_services('{refid}'));\n \"\"\".format(refid=self.target_elt.find('refid').text,\n dn_commonname=self.params['name'],\n dn_country=self.params['dn_country'],\n dn_state=self.params['dn_state'],\n dn_city=self.params['dn_city'],\n dn_organization=self.params['dn_organization'],\n dn_organizationalunit=self.params['dn_organizationalunit'],\n altnames=self.params['altnames'],\n caref=self.target_elt.find('caref').text,\n keylen=self.params['keylen'],\n lifetime=self.params['lifetime'],\n certtype=self.params['certtype'],\n keytype=self.params['keytype'],\n digest_alg=self.params['digestalg'],\n ecname=self.params['ecname']))\n else:\n return (None, '', '')\n\n def _pre_remove_target_elt(self):\n self.diff['after'] = {}\n if self.target_elt is not None:\n self.diff['before'] = self.pfsense.element_to_dict(self.target_elt)\n self.elements.remove(self.target_elt)\n else:\n self.diff['before'] = {}\n\n\ndef main():\n module = AnsibleModule(\n argument_spec=CERT_ARGUMENT_SPEC,\n supports_check_mode=True)\n\n pfmodule = PFSenseCertModule(module)\n pfmodule.run(module.params)\n pfmodule.commit_changes()\n\n\nif __name__ == '__main__':\n main()\n"
},
{
"path": "plugins/modules/pfsense_default_gateway.py",
"content": "#!/usr/bin/python\n# -*- coding: utf-8 -*-\n\n# Copyright: (c) 2018, Orion Poplawski \n# Copyright: (c) 2018, Frederic Bor \n# Copyright: (c) 2023, Nicolas Zagulajew \n\n# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)\n\nfrom __future__ import absolute_import, division, print_function\n__metaclass__ = type\n\nANSIBLE_METADATA = {'metadata_version': '1.1',\n 'status': ['preview'],\n 'supported_by': 'community'}\n\nDOCUMENTATION = \"\"\"\n---\nmodule: pfsense_default_gateway\nversion_added: 0.6.0\nauthor: \"Nicolas Zagulajew (@freeeflyer)\"\nshort_description: Manage pfSense default gateway\ndescription: Check and update pfSense default gateway\nnotes:\noptions:\n gateway:\n description: Default gateway name\n required: false\n type: str\n ipprotocol:\n description: Choose the Internet Protocol Version for this gateway.\n required: false\n choices: [ \"inet\", \"inet6\" ]\n default: inet\n type: str\n\"\"\"\n\nEXAMPLES = \"\"\"\n- name: Sets default gateway to automatic\n pfsense_default_gateway:\n gateway: automatic\n ipprotocol: inet\n\n- name: Remove gateway (ie setting it to None)\n pfsense_default_gateway:\n gateway: none\n ipprotocol: inet\n\n- name: return gateways\n pfsense_default_gateway:\n\n\"\"\"\n\nRETURN = \"\"\"\ndefaultgw4:\n description: default gateway for ipv4\n returned: always\n type: str\n sample: INTERNET_GW4\ndefaultgw6:\n description: default gateway for ipv6\n returned: always\n type: str\n sample: INTERNET_GW4\ncommands:\n description: the set of commands that would be pushed to the remote device (if pfSense had a CLI). If state=read, also returns defaultgw4 and defaultgw6.\n returned: always\n type: list\n sample: [update default_gateway name='my_gw', protocol='inet6' ]\n\"\"\"\n\nfrom ansible.module_utils.basic import AnsibleModule\nfrom ansible_collections.pfsensible.core.plugins.module_utils.default_gateway import PFSenseDefaultGatewayModule, \\\n DEFAULT_GATEWAY_ARGUMENT_SPEC\n\n\ndef main():\n module = AnsibleModule(\n argument_spec=DEFAULT_GATEWAY_ARGUMENT_SPEC,\n supports_check_mode=True)\n\n pfmodule = PFSenseDefaultGatewayModule(module)\n pfmodule.run(module.params)\n pfmodule.commit_changes()\n\n\nif __name__ == '__main__':\n main()\n"
},
{
"path": "plugins/modules/pfsense_dhcp_server.py",
"content": "#!/usr/bin/python\n# -*- coding: utf-8 -*-\n\n# Copyright: (c) 2024, David Rosado \n# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)\n\nfrom __future__ import absolute_import, division, print_function\n__metaclass__ = type\n\nANSIBLE_METADATA = {'metadata_version': '6.1',\n 'status': ['preview'],\n 'supported_by': 'community'}\n\nDOCUMENTATION = \"\"\"\n---\nmodule: pfsense_dhcp_server\nversion_added: \"0.7.0\"\nauthor: \"David Rosado (@davrosza)\"\nshort_description: Manage pfSense DHCP servers\ndescription:\n - Manage DHCP servers on pfSense\nnotes:\noptions:\n state:\n description: State in which to leave the DHCP server\n choices: [ 'present', 'absent' ]\n default: 'present'\n type: str\n interface:\n description: Interface on which to configure the DHCP server\n required: true\n type: str\n enable:\n description: Enable DHCP server on the interface\n type: bool\n default: true\n range_from:\n description: Start of IP address range\n type: str\n range_to:\n description: End of IP address range\n type: str\n failover_peerip:\n description: Failover peer IP address\n type: str\n defaultleasetime:\n description: Default lease time in seconds\n type: int\n maxleasetime:\n description: Maximum lease time in seconds\n type: int\n netmask:\n description: Subnet mask\n type: str\n gateway:\n description: Gateway IP address\n type: str\n domain:\n description: Domain name\n type: str\n domainsearchlist:\n description: Domain search list\n type: str\n ddnsdomain:\n description: DDNS domain\n type: str\n ddnsdomainprimary:\n description: DDNS domain primary server\n type: str\n ddnsdomainkeyname:\n description: DDNS domain key name\n type: str\n ddnsdomainkeyalgorithm:\n description: DDNS domain key algorithm\n type: str\n choices: [ 'hmac-md5', 'hmac-sha1', 'hmac-sha224', 'hmac-sha256', 'hmac-sha384', 'hmac-sha512' ]\n default: hmac-md5\n ddnsdomainkey:\n description: DDNS domain key\n type: str\n mac_allow:\n description: Allowed MAC addresses\n type: list\n elements: str\n mac_deny:\n description: Denied MAC addresses\n type: list\n elements: str\n ddnsclientupdates:\n description: DDNS client updates\n type: str\n default: 'allow'\n choices: [ 'allow', 'deny', 'ignore' ]\n tftp:\n description: TFTP server\n type: str\n ldap:\n description: LDAP server\n type: str\n nextserver:\n description: Next server\n type: str\n filename:\n description: Filename\n type: str\n filename32:\n description: 32-bit filename\n type: str\n filename64:\n description: 64-bit filename\n type: str\n rootpath:\n description: Root path\n type: str\n numberoptions:\n description: DHCP options currently non applicable\n type: str\n ignorebootp:\n description: Disable BOOTP\n type: bool\n denyunknown:\n description: >\n Enable DHCP to ignore unknown clients. Choices are `disabled` - \"Allow all clients\", `enabled` - \"Allow known clients from any\n interface\", and `class` - \"Allow known clients from only this interface\". Default is `disabled`.\n type: str\n choices: ['disabled', 'enabled', 'class']\n nonak:\n description: Ignore denied clients\n type: bool\n ignoreclientuids:\n description: Ignore client identifiers\n type: bool\n staticarp:\n description: Enable Static ARP entries\n type: bool\n dhcpinlocaltime:\n description: Change DHCP display lease time from UTC to local time\n type: bool\n statsgraph:\n description: Enable monitoring graphs for lease DHCP statistics\n type: bool\n disablepingcheck:\n description: Enable DHCP ping check\n type: bool\n winsserver:\n description: The WINS server\n type: list\n elements: str\n dnsserver:\n description: The dns server\n type: list\n elements: str\n ntpserver:\n description: The ntpserver\n type: list\n elements: str\n\"\"\"\n\nEXAMPLES = \"\"\"\n- name: Configure DHCP server on IOT interface\n pfsense_dhcp_server:\n interface: IOT\n enable: true\n range_from: 192.168.1.100\n range_to: 192.168.1.200\n netmask: 255.255.255.0\n gateway: 192.168.1.1\n domain: example.com\n defaultleasetime: 86400\n maxleasetime: 172800\n\n- name: Remove DHCP server from opt1 interface\n pfsense_dhcp_server:\n interface: opt1\n state: absent\n\"\"\"\n\nRETURN = \"\"\"\ncommands:\n description: The set of commands that would be pushed to the remote device.\n returned: always\n type: list\n sample: [\n \"create dhcp_server 'IOT', range_from='192.168.1.100', range_to='192.168.1.200', enable='True'\",\n \"update dhcp_server 'IOT' set domain='example.com'\",\n \"delete dhcp_server 'opt1'\"\n ]\n\"\"\"\n\nfrom ansible.module_utils.basic import AnsibleModule\nfrom ansible_collections.pfsensible.core.plugins.module_utils.dhcp_server import PFSenseDHCPServerModule, DHCPSERVER_ARGUMENT_SPEC\n\n\ndef main():\n module = AnsibleModule(\n argument_spec=DHCPSERVER_ARGUMENT_SPEC,\n supports_check_mode=True)\n pfmodule = PFSenseDHCPServerModule(module)\n pfmodule.run(module.params)\n pfmodule.commit_changes()\n\n\nif __name__ == '__main__':\n main()\n"
},
{
"path": "plugins/modules/pfsense_dhcp_static.py",
"content": "#!/usr/bin/python\n# -*- coding: utf-8 -*-\n\n# Copyright: (c) 2023, Carlos Rodrigues \n# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)\n\nfrom __future__ import absolute_import, division, print_function\n__metaclass__ = type\n\nANSIBLE_METADATA = {'metadata_version': '1.1',\n 'status': ['preview'],\n 'supported_by': 'community'}\n\nDOCUMENTATION = \"\"\"\n---\nmodule: pfsense_dhcp_static\nversion_added: \"0.5.0\"\nauthor: Carlos Rodrigues (@cmarodrigues)\nshort_description: Manage pfSense DHCP static mapping\ndescription:\n - Manage pfSense DHCP static mapping\nnotes:\noptions:\n name:\n description: The client name identifier. At least one of I(name) or I(macaddr) is required.\n type: str\n aliases:\n - cid\n netif:\n description: >\n The network interface. This defaults to the only enabled DHCP interface if there is only one.\n type: str\n macaddr:\n description: The mac address. At least one of I(name) or I(macaddr) is required.\n type: str\n ipaddr:\n description: The IP address\n type: str\n hostname:\n description: The hostname\n type: str\n descr:\n description: The description\n type: str\n filename:\n description: The filename\n type: str\n rootpath:\n description: The roothpath\n type: str\n defaultleasetime:\n description: the default lease time\n type: str\n maxleasetime:\n description: The max lease time\n type: str\n gateway:\n description: The gateway\n type: str\n domain:\n description: The domain\n type: str\n winsserver:\n description: The WINS server\n type: list\n elements: str\n dnsserver:\n description: The dns server\n type: list\n elements: str\n ntpserver:\n description: The ntpserver\n type: list\n elements: str\n domainsearchlist:\n description: The domain search list servers\n type: str\n ddnsdomain:\n description: The ddns domain\n type: str\n ddnsdomainprimary:\n description: The ddns primary domain\n type: str\n ddnsdomainsecondary:\n description: The ddns secondary domain\n type: str\n ddnsdomainkeyname:\n description: The ddns domain key name\n type: str\n ddnsdomainkeyalgorithm:\n description: The ddns key algorithm\n type: str\n choices: [ 'hmac-md5', 'hmac-sha1', 'hmac-sha224', 'hmac-sha256', 'hmac-sha384', 'hmac-sha512' ]\n ddnsdomainkey:\n description: The ddns domain key\n type: str\n tftp:\n description: The TFTP server\n type: str\n ldap:\n description: The ldap server\n type: str\n nextserver:\n description: The next server\n type: str\n filename32:\n description: The filename for 32bits\n type: str\n filename64:\n description: The filename for 64bits\n type: str\n filename32arm:\n description: The filename for 32arm\n type: str\n filename64arm:\n description: The filename for 64arm\n type: str\n uefihttpboot:\n description: UEFI HTTPBoot URL\n type: str\n version_added: \"0.5.2\"\n numberoptions:\n description: The number options\n type: str\n arp_table_static_entry:\n description: Create an ARP Table Static Entry for this MAC & IP Address pair\n type: bool\n required: false\n default: false\n state:\n description: State in which to leave the configuration\n default: present\n choices: [ \"present\", \"absent\" ]\n type: str\n\"\"\"\n\nEXAMPLES = \"\"\"\n- name: Create DHCP static mapping\n pfsense_dhcp_static:\n name: \"test\"\n macaddr: \"aa:aa:aa:aa:aa:aa\"\n ipaddr: \"192.168.1.10\"\n state: present\n\n- name: Remove DHCP static mapping\n pfsense_dhcp_static:\n name: \"test\"\n state: absent\n\"\"\"\n\nRETURN = \"\"\"\nnetif:\n description: The selected interface\n returned: success\n type: str\n sample: 'lan'\n\"\"\"\n\nfrom ipaddress import ip_address, ip_network\nimport re\n\nfrom ansible.module_utils.basic import AnsibleModule\nfrom ansible_collections.pfsensible.core.plugins.module_utils.module_base import PFSenseModuleBase\n\nDHCP_STATIC_ARGUMENT_SPEC = dict(\n name=dict(type='str', aliases=['cid']),\n macaddr=dict(type='str'),\n netif=dict(type='str'),\n ipaddr=dict(type='str'),\n hostname=dict(type='str'),\n descr=dict(type='str'),\n filename=dict(type='str'),\n rootpath=dict(type='str'),\n defaultleasetime=dict(type='str'),\n maxleasetime=dict(type='str'),\n gateway=dict(type='str'),\n domain=dict(type='str'),\n domainsearchlist=dict(type='str'),\n winsserver=dict(type='list', elements='str'),\n dnsserver=dict(type='list', elements='str'),\n ntpserver=dict(type='list', elements='str'),\n ddnsdomain=dict(type='str'),\n ddnsdomainprimary=dict(type='str'),\n ddnsdomainsecondary=dict(type='str'),\n ddnsdomainkeyname=dict(type='str'),\n ddnsdomainkeyalgorithm=dict(type='str', choices=['hmac-md5', 'hmac-sha1', 'hmac-sha224', 'hmac-sha256', 'hmac-sha384', 'hmac-sha512']),\n ddnsdomainkey=dict(type='str', no_log=True),\n tftp=dict(type='str'),\n ldap=dict(type='str'),\n nextserver=dict(type='str'),\n filename32=dict(type='str'),\n filename64=dict(type='str'),\n filename32arm=dict(type='str'),\n filename64arm=dict(type='str'),\n uefihttpboot=dict(type='str'),\n numberoptions=dict(type='str'),\n arp_table_static_entry=dict(default=False, type='bool'),\n state=dict(type='str', default='present', choices=['present', 'absent']),\n)\n\nDHCP_STATIC_REQUIRED_IF = [\n ['arp_table_static_entry', True, ['ipaddr']],\n]\n\nDHCP_STATIC_REQUIRED_ONE_OF = [\n ('name', 'macaddr'),\n]\n\n\nclass PFSenseDHCPStaticModule(PFSenseModuleBase):\n \"\"\" module managing pfsense dhcp static configuration \"\"\"\n\n @staticmethod\n def get_argument_spec():\n \"\"\" return argument spec \"\"\"\n return DHCP_STATIC_ARGUMENT_SPEC\n\n ##############################\n # init\n #\n def __init__(self, module, pfsense=None):\n super(PFSenseDHCPStaticModule, self).__init__(module, pfsense)\n self.name = \"pfsense_dhcp_static\"\n self.dhcpd = self.pfsense.get_element('dhcpd')\n self.root_elt = None\n self.staticmaps = None\n\n ##############################\n # params processing\n #\n def _validate_params(self):\n \"\"\" do some extra checks on input parameters \"\"\"\n\n params = self.params\n\n if params['macaddr'] is not None and re.fullmatch(r'(?:[0-9a-fA-F]{2}:){5}[0-9a-fA-F]{2}', params['macaddr']) is None:\n self.module.fail_json(msg='A valid MAC address must be specified.')\n\n if params['netif'] is not None:\n if self.pfsense.is_interface_group(params['netif']):\n self.module.fail_json(msg='DHCP cannot be configured for interface groups')\n else:\n netif = self.pfsense.parse_interface(params['netif'])\n else:\n netif = None\n\n # find staticmaps and determine interface\n self._find_staticmaps(netif)\n\n if params['ipaddr'] is not None:\n addr = ip_address(u'{0}'.format(params['ipaddr']))\n if addr not in self.network:\n self.module.fail_json(msg='The IP address must lie in the {0} subnet.'.format(self.netif))\n\n def _params_to_obj(self):\n \"\"\" return a dict from module params \"\"\"\n params = self.params\n\n obj = dict()\n self.obj = obj\n # client identifier\n self._get_ansible_param(obj, 'name', fname='cid', force=True)\n\n if params['state'] == 'present':\n\n self._get_ansible_param(obj, 'macaddr', fname='mac', force=True)\n # Forced options\n for option in ['ipaddr', 'hostname', 'descr', 'filename',\n 'rootpath', 'defaultleasetime', 'maxleasetime',\n 'gateway', 'domain', 'domainsearchlist',\n 'ddnsdomain', 'ddnsdomainprimary', 'ddnsdomainsecondary',\n 'ddnsdomainkeyname', 'ddnsdomainkeyalgorithm', 'ddnsdomainkey',\n 'tftp', 'ldap', 'nextserver', 'filename32', 'filename64',\n 'filename32arm', 'filename64arm', 'uefihttpboot', 'numberoptions']:\n self._get_ansible_param(obj, option, force=True)\n # Non-forced options\n for option in ['winsserver', 'dnsserver', 'ntpserver']:\n self._get_ansible_param(obj, option)\n # Defaulted options\n self._get_ansible_param(obj, 'ddnsdomainkeyalgorithm', force_value='hmac-md5', force=True)\n self._get_ansible_param_bool(obj, \"arp_table_static_entry\", value=\"\")\n\n return obj\n\n ##############################\n # XML processing\n #\n def _is_valid_netif(self, netif):\n for nic in self.pfsense.interfaces:\n if nic.tag == netif:\n if nic.find('ipaddr') is not None:\n ipaddr = nic.find('ipaddr').text\n if ipaddr is not None:\n if nic.find('subnet') is not None:\n subnet = int(nic.find('subnet').text)\n if subnet < 31:\n self.network = ip_network(u'{0}/{1}'.format(ipaddr, subnet), strict=False)\n return True\n return False\n\n def _find_staticmaps(self, netif=None):\n for e in self.dhcpd:\n if netif is None or e.tag == netif:\n if e.find('enable') is not None:\n if self._is_valid_netif(e.tag):\n if self.root_elt is not None:\n self.module.fail_json(msg='Multiple DHCP servers enabled and no netif specified')\n self.root_elt = e\n self.netif = e.tag\n self.staticmaps = self.root_elt.findall('staticmap')\n if netif is not None:\n break\n\n if self.root_elt is None:\n if netif is None:\n self.module.fail_json(msg=\"No DHCP configuration\")\n else:\n self.module.fail_json(msg=\"No DHCP configuration found for netif='{0}'\".format(netif))\n\n self.result['netif'] = netif\n\n def _find_target(self):\n if self.params['name'] is not None and self.params['macaddr'] is not None:\n result = self.root_elt.findall(\"staticmap[cid='{0}'][mac='{1}']\".format(self.params['name'], self.params['macaddr']))\n elif self.params['name'] is not None:\n result = self.root_elt.findall(\"staticmap[cid='{0}']\".format(self.params['name']))\n else:\n result = self.root_elt.findall(\"staticmap[mac='{0}']\".format(self.params['macaddr']))\n\n if len(result) == 1:\n return result[0]\n elif len(result) > 1:\n self.module.fail_json(msg='Found multiple static maps for cid {0}.'.format(self.obj['cid']))\n else:\n return None\n\n def _create_target(self):\n \"\"\" create the XML target_elt \"\"\"\n return self.pfsense.new_element('staticmap')\n\n def _copy_and_add_target(self):\n \"\"\" populate the XML target_elt \"\"\"\n super(PFSenseDHCPStaticModule, self)._copy_and_add_target()\n # Reset static map list\n self.staticmaps = self.root_elt.findall('staticmap')\n\n @staticmethod\n def _get_params_to_remove():\n \"\"\" returns the list of params to remove if they are not set \"\"\"\n return ['arp_table_static_entry']\n\n ##############################\n # Logging\n #\n def _get_obj_name(self):\n \"\"\" return obj's name \"\"\"\n return \"'\" + self.obj['cid'] + \"'\"\n\n def _log_fields(self, before=None):\n \"\"\" generate pseudo-CLI command fields parameters to create an obj \"\"\"\n values = ''\n if before is None:\n values += self.format_cli_field(self.params, 'macaddr')\n values += self.format_cli_field(self.params, 'ipaddr')\n values += self.format_cli_field(self.params, 'arp_table_static_entry', fvalue=self.fvalue_bool, default=False)\n else:\n values += self.format_updated_cli_field(self.obj, before, 'macaddr', add_comma=(values))\n values += self.format_updated_cli_field(self.obj, before, 'ipaddr', add_comma=(values))\n values += self.format_updated_cli_field(self.obj, before, 'arp_table_static_entry', fvalue=self.fvalue_bool, add_comma=(values))\n return values\n\n ##############################\n # run\n #\n def _update(self):\n \"\"\" make the target pfsense reload \"\"\"\n return self.pfsense.phpshell(\"\"\"\n require_once(\"util.inc\");\n require_once(\"services.inc\");\n $retvaldhcp = services_dhcpd_configure();\n if ($retvaldhcp == 0) {\n clear_subsystem_dirty('dhcpd');\n }\"\"\")\n\n def _pre_remove_target_elt(self):\n self.diff['after'] = {}\n if self.target_elt is not None:\n self.diff['before'] = self.pfsense.element_to_dict(self.target_elt)\n\n self.staticmaps.remove(self.target_elt)\n else:\n self.diff['before'] = {}\n\n\ndef main():\n module = AnsibleModule(\n argument_spec=DHCP_STATIC_ARGUMENT_SPEC,\n required_if=DHCP_STATIC_REQUIRED_IF,\n required_one_of=DHCP_STATIC_REQUIRED_ONE_OF,\n supports_check_mode=True)\n\n pfmodule = PFSenseDHCPStaticModule(module)\n pfmodule.run(module.params)\n pfmodule.commit_changes()\n\n\nif __name__ == '__main__':\n main()\n"
},
{
"path": "plugins/modules/pfsense_dns_resolver.py",
"content": "#!/usr/bin/python\n# -*- coding: utf-8 -*-\n\n# Copyright: (c) 2021, Chris Liu \n# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)\n\nfrom __future__ import absolute_import, division, print_function\n__metaclass__ = type\n\n\nANSIBLE_METADATA = {'metadata_version': '1.1',\n 'status': ['preview'],\n 'supported_by': 'community'}\n\nDOCUMENTATION = \"\"\"\n---\nmodule: pfsense_dns_resolver\nversion_added: 0.6.0\nauthor: Chris liu (@chris-cyliu), Daniel Huss (@danhuss)\nshort_description: Manage pfSense DNS resolver (unbound) settings\ndescription:\n - Manage pfSense DNS resolver (unbound) settings\nnotes:\noptions:\n state:\n description: Enable/Disable DNS Resolver\n default: present\n choices: [ \"present\", \"absent\" ]\n type: str\n port:\n description: Listen Port\n required: false\n default: null\n type: int\n enablessl:\n description: Enable SSL/TLS Service\n required: false\n default: false\n type: bool\n sslcert:\n description: Description of the server certificate to use for SSL/TLS service.\n required: false\n default: \"\"\n type: str\n tlsport:\n description: SSL/TLS Listen Port\n required: false\n default: null\n type: int\n active_interface:\n description:\n - Interface IPs used by the DNS Resolver for responding to queries from clients.\n - For Virtual IPs you can specify either the IP, Description, or \"IP (Description)\".\n required: false\n default: [ \"all\" ]\n type: list\n elements: str\n outgoing_interface:\n description:\n - Utilize different network interface(s) that the DNS Resolver will use to send queries to authoritative servers and receive their replies.\n - For Virtual IPs you can specify either the IP, Description, or \"IP (Description)\".\n required: false\n default: [ \"all\" ]\n type: list\n elements: str\n system_domain_local_zone_type:\n description: The local-zone type used for the pfSense system domain.\n required: false\n default: \"transparent\"\n type: str\n choices: [ \"deny\", \"refuse\", \"static\", \"transparent\", \"typetransparent\", \"redirect\", \"inform\", \"inform_deny\", \"nodefault\" ]\n dnssec:\n description: Enable DNSSEC Support\n required: false\n default: true\n type: bool\n forwarding:\n description: DNS Query Forwarding.\n required: false\n default: false\n type: bool\n forward_tls_upstream:\n description: Use SSL/TLS for DNS Query Forwarding.\n required: false\n default: false\n type: bool\n regdhcp:\n description: Register DHCP leases in the DNS Resolver\n required: false\n default: false\n type: bool\n regdhcpstatic:\n description: Register DHCP static mappings in the DNS Resolver\n required: false\n default: false\n type: bool\n regovpnclients:\n description: Register OpenVPN clients in the DNS Resolver\n required: false\n default: false\n type: bool\n custom_options:\n description: additional configuration parameters\n required: false\n default: \"\"\n type: str\n hosts:\n description: Individual hosts for which the resolver's standard DNS lookup should be overridden.\n required: false\n default: []\n type: list\n elements: dict\n suboptions:\n host:\n description: Name of the host, without the domain part.\n required: true\n type: str\n domain:\n description: Parent domain of the host.\n required: true\n type: str\n ip:\n description: IPv4 or IPv6 comma-separated addresses to be returned for the host\n required: true\n type: str\n descr:\n description: A description may be entered here for administrative reference.\n required: false\n default: \"\"\n type: str\n aliases:\n description: Additional names for this host.\n required: false\n default: []\n type: list\n elements: dict\n suboptions:\n host:\n description: Name of the host, without the domain part.\n required: true\n type: str\n domain:\n description: Parent domain of the host.\n required: true\n type: str\n description:\n description: A description may be entered here for administrative reference.\n required: true\n type: str\n domainoverrides:\n description: Domains for which the resolver's standard DNS lookup should be overridden.\n required: false\n type: list\n elements: dict\n suboptions:\n domain:\n description: Domain whose lookups will be directed to a user-specified DNS lookup server.\n required: true\n type: str\n ip:\n description: IPv4 or IPv6 address of the authoritative DNS server for this domain.\n required: true\n type: str\n forward_tls_upstream:\n description: Use SSL/TLS for DNS Queries forwarded to this server\n required: false\n default: false\n type: bool\n tls_hostname:\n description: An optional TLS hostname used to verify the server certificate when performing TLS Queries.\n required: false\n default: ''\n type: str\n descr:\n description: A description may be entered here for administrative reference.\n required: false\n type: str\n hideidentity:\n description: id.server and hostname.bind queries are refused.\n required: false\n default: true\n type: bool\n hideversion:\n description: version.server and version.bind queries are refused.\n required: false\n default: true\n type: bool\n prefetch:\n description: Message cache elements are prefetched before they expire to help keep the cache up to date.\n required: false\n default: false\n type: bool\n prefetchkey:\n description: DNSKEYs are fetched earlier in the validation process when a Delegation signer is encountered.\n required: false\n default: false\n type: bool\n dnssecstripped:\n description: If enabled, DNSSEC data is required for trust-anchored zones.\n required: false\n default: true\n type: bool\n msgcachesize:\n description: Message cache size in MB\n required: false\n default: 4\n choices: [ 4, 10, 20, 50, 100, 250, 512 ]\n type: int\n outgoing_num_tcp:\n description: Number of outgoing TCP buffers to allocate per thread.\n required: false\n default: 10\n choices: [ 0, 10, 20, 30, 50 ]\n type: int\n incoming_num_tcp:\n description: Number of incoming TCP buffers to allocate per thread.\n required: false\n default: 10\n choices: [ 0, 10, 20, 30, 50 ]\n type: int\n edns_buffer_size:\n description: Number of bytes to advertise as the EDNS reassembly buffer size.\n required: false\n default: \"auto\"\n choices: [ \"auto\", \"512\", \"1220\", \"1232\", \"1432\", \"1480\", \"4096\" ]\n type: str\n num_queries_per_thread:\n description: Number of queries that every thread will service simultaneously.\n required: false\n default: 512\n choices: [ 512, 1024, 2048 ]\n type: int\n jostle_timeout:\n description: This timeout (in milliseconds) is used for when the server is very busy.\n required: false\n default: 200\n choices: [ 100, 200, 500, 1000 ]\n type: int\n cache_max_ttl:\n description: The Maximum Time to Live (in seconds) for RRsets and messages in the cache.\n required: false\n default: 86400\n type: int\n cache_min_ttl:\n description: The Minimum Time to Live (in seconds) for RRsets and messages in the cache.\n required: false\n default: 0\n type: int\n infra_host_ttl:\n description: Time to Live, in seconds, for entries in the infrastructure host cache.\n required: false\n default: 900\n choices: [ 60, 120, 300, 600, 900 ]\n type: int\n infra_cache_numhosts:\n description: Number of infrastructure hosts for which information is cached.\n required: false\n default: 10000\n choices: [ 1000, 5000, 10000, 20000, 50000, 100000, 200000 ]\n type: int\n unwanted_reply_threshold:\n description: If enabled, a total number of unwanted replies is kept track of in every thread.\n required: false\n default: \"disabled\"\n choices: [ \"disabled\", \"5000000\", \"10000000\", \"20000000\", \"40000000\", \"50000000\" ]\n type: str\n log_verbosity:\n description: The level of detail to be logged.\n required: false\n default: 1\n choices: [ 0, 1, 2, 3, 4, 5 ]\n type: int\n\"\"\"\n\nEXAMPLES = \"\"\"\n- name: Enable DNS Resolver\n pfsense_dns_resolver:\n state: present\n\n- name: Enable DNS Resolver with some options\n pfsense_dns_resolver:\n state: present\n enablessl: true\n sslcert: \"webConfigurator default\"\n dnssec: true\n regdhcp: true\n regdhcpstatic: true\n hosts:\n - { host: test, domain: home.local, ip: 192.168.1.100, descr: \"Example host override\",\n aliases: [{ host: test-admin, domain: home.local, description: \"Example aliases\" }] }\n\n- name: Disable DNS Resolver\n pfsense_dns_resolver:\n state: absent\n\"\"\"\n\nRETURN = \"\"\"\n\n\"\"\"\n\nfrom ansible_collections.pfsensible.core.plugins.module_utils.module_base import PFSenseModuleBase\nfrom ansible.module_utils.basic import AnsibleModule\nimport base64\nimport re\n\n# TODO: access control is not done here\n# TODO: alias for DNS record\n\nDNS_RESOLVER_DOMAIN_OVERRIDE_SPEC = dict(\n domain=dict(required=True, type='str'),\n ip=dict(required=True, type='str'),\n descr=dict(type='str'),\n tls_hostname=dict(default='', type='str'),\n forward_tls_upstream=dict(default=False, type='bool'),\n)\n\nDNS_RESOLVER_HOST_ALIAS_SPEC = dict(\n host=dict(required=True, type='str'),\n domain=dict(required=True, type='str'),\n description=dict(required=True, type='str'),\n)\n\nDNS_RESOLVER_HOST_SPEC = dict(\n host=dict(required=True, type='str'),\n domain=dict(required=True, type='str'),\n ip=dict(required=True, type='str'),\n descr=dict(default=\"\", type='str'),\n aliases=dict(default=[], type='list', elements='dict', options=DNS_RESOLVER_HOST_ALIAS_SPEC),\n)\n\nDNS_RESOLVER_ARGUMENT_SPEC = dict(\n state=dict(default='present', choices=['present', 'absent']),\n\n # General Settings\n port=dict(default=None, type='int'),\n enablessl=dict(default=False, type='bool'),\n sslcert=dict(default=\"\", type='str'), # need transform\n tlsport=dict(default=None, type='int'),\n active_interface=dict(default=[\"all\"], type='list', elements='str'),\n outgoing_interface=dict(default=[\"all\"], type='list', elements='str'),\n # TODO: Strict Outgoing Network interface Binding: check box option\n system_domain_local_zone_type=dict(default='transparent', choices=['deny', 'refuse', 'static', 'transparent', 'typetransparent', 'redirect', 'inform',\n 'inform_deny', 'nodefault']),\n dnssec=dict(default=True, type='bool'),\n # TODO: Python Module: Enable the Python Module. These 3 options omited when disabled\n # python=dict(default=False, type='bool'),\n # python_order=dict(default=\"pre_validator\", type='str', choices=[\"pre_validator\", \"post_validator\"]),\n # python_script=dict(default=\"\", type='str'), #Not sure what this is or how to handle it.\n forwarding=dict(default=False, type='bool'),\n forward_tls_upstream=dict(default=False, type='bool'),\n regdhcp=dict(default=False, type='bool'),\n regdhcpstatic=dict(default=False, type='bool'),\n regovpnclients=dict(default=False, type='bool'),\n custom_options=dict(default=\"\", type='str'),\n hosts=dict(default=[], type='list', elements='dict', options=DNS_RESOLVER_HOST_SPEC),\n domainoverrides=dict(type='list', elements='dict', options=DNS_RESOLVER_DOMAIN_OVERRIDE_SPEC),\n # Advanced Settings\n hideidentity=dict(default=True, type='bool'),\n hideversion=dict(default=True, type='bool'),\n # TODO: Query Name Minimization\n # TODO: Strict Query Name Minimization\n prefetch=dict(default=False, type='bool'),\n prefetchkey=dict(default=False, type='bool'),\n dnssecstripped=dict(default=True, type='bool'),\n # TODO: Serve Expired\n # TODO: Aggressive NSEC\n msgcachesize=dict(default=4, type='int', choices=[4, 10, 20, 50, 100, 250, 512]),\n outgoing_num_tcp=dict(default=10, type='int', choices=[0, 10, 20, 30, 50]),\n incoming_num_tcp=dict(default=10, type='int', choices=[0, 10, 20, 30, 50]),\n edns_buffer_size=dict(default=\"auto\", type='str', choices=[\"auto\", \"512\", \"1220\", \"1232\", \"1432\", \"1480\", \"4096\"]),\n num_queries_per_thread=dict(default=512, type='int', choices=[512, 1024, 2048]),\n jostle_timeout=dict(default=200, type='int', choices=[100, 200, 500, 1000]),\n cache_max_ttl=dict(default=86400, type='int'),\n cache_min_ttl=dict(default=0, type='int'),\n infra_host_ttl=dict(default=900, type='int', choices=[60, 120, 300, 600, 900]),\n infra_cache_numhosts=dict(default=10000, type='int', choices=[1000, 5000, 10000, 20000, 50000, 100000, 200000]),\n unwanted_reply_threshold=dict(default=\"disabled\", type='str', choices=[\"disabled\", \"5000000\", \"10000000\", \"20000000\", \"40000000\", \"50000000\"]),\n log_verbosity=dict(default=1, type='int', choices=[0, 1, 2, 3, 4, 5])\n # TODO: Disable Auto-added Access Control\n # TODO: Disable Auto-added Host Entries\n # TODO: Experimental Bit 0x20 Support\n # TODO: DNS64 Support\n)\n\nDNS_RESOLVER_REQUIRED_IF = []\n\n\nclass PFSenseDNSResolverModule(PFSenseModuleBase):\n \"\"\" module managing pfsense dns resolver (unbound) \"\"\"\n\n @staticmethod\n def get_argument_spec():\n \"\"\" return argument spec \"\"\"\n return DNS_RESOLVER_ARGUMENT_SPEC\n\n ##############################\n # init\n #\n def __init__(self, module, pfsense=None):\n super(PFSenseDNSResolverModule, self).__init__(module, pfsense)\n self.name = \"pfsense_dns_resolver\"\n self.root_elt = self.pfsense.get_element('unbound')\n self.obj = dict()\n self.interface_elt = None\n self.dynamic = False\n\n if self.root_elt is None:\n self.root_elt = self.pfsense.new_element('unbound')\n self.pfsense.root.append(self.root_elt)\n\n cmd = ('require_once(\"interfaces.inc\");;'\n '$iflist = get_possible_listen_ips(true);'\n 'echo json_encode($iflist);')\n self.iflist = self.pfsense.php(cmd)\n\n def _get_interface_name(self, iface: str):\n ifacelow = iface.lower()\n if ifacelow == \"all\":\n return \"all\"\n else:\n for iname, idescr in self.iflist.items():\n if ifacelow == iname.lower() or ifacelow == idescr.lower():\n return iname\n # Virtual IPs are listed in the format \"IP\" or \"IP (Description)\" - allow specifying either IP or Description\n if re.match(f\"{re.escape(ifacelow)}(?: \\\\(|$)\", idescr.lower()) or re.search(f\" \\\\({re.escape(ifacelow)}\\\\)$\", idescr.lower()):\n return iname\n self.module.fail_json(msg=f\"Invalid interface '{iface}'\")\n\n def _params_to_obj(self):\n \"\"\" return a dict from module params \"\"\"\n params = self.params\n\n obj = dict()\n\n if params[\"state\"] == \"present\":\n\n obj[\"enable\"] = \"\"\n obj[\"active_interface\"] = \",\".join(self._get_interface_name(x) for x in params[\"active_interface\"])\n obj[\"outgoing_interface\"] = \",\".join(self._get_interface_name(x) for x in params[\"outgoing_interface\"])\n obj[\"custom_options\"] = base64.b64encode(bytes(params['custom_options'], 'utf-8')).decode()\n self._get_ansible_param_bool(obj, \"hideidentity\", value=\"\")\n self._get_ansible_param_bool(obj, \"hideversion\", value=\"\")\n self._get_ansible_param_bool(obj, \"dnssecstripped\", value=\"\")\n self._get_ansible_param(obj, \"port\")\n self._get_ansible_param(obj, \"tlsport\")\n if params[\"sslcert\"]:\n obj[\"sslcertref\"] = self.pfsense.find_cert_elt(params[\"sslcert\"]).find(\"refid\").text\n self._get_ansible_param_bool(obj, \"forwarding\", value=\"\")\n self._get_ansible_param(obj, \"system_domain_local_zone_type\")\n self._get_ansible_param_bool(obj, \"regdhcp\", value=\"\")\n self._get_ansible_param_bool(obj, \"regdhcpstatic\", value=\"\")\n self._get_ansible_param_bool(obj, \"regovpnclients\", value=\"\")\n self._get_ansible_param_bool(obj, \"enablessl\", value=\"\")\n self._get_ansible_param_bool(obj, \"dnssec\", value=\"\")\n self._get_ansible_param_bool(obj, \"forward_tls_upstream\", value=\"\")\n self._get_ansible_param_bool(obj, \"prefetch\", value=\"\")\n self._get_ansible_param_bool(obj, \"prefetchkey\", value=\"\")\n self._get_ansible_param(obj, \"msgcachesize\")\n self._get_ansible_param(obj, \"outgoing_num_tcp\")\n self._get_ansible_param(obj, \"incoming_num_tcp\")\n self._get_ansible_param(obj, \"edns_buffer_size\")\n self._get_ansible_param(obj, \"num_queries_per_thread\")\n self._get_ansible_param(obj, \"jostle_timeout\")\n self._get_ansible_param(obj, \"cache_max_ttl\")\n self._get_ansible_param(obj, \"cache_min_ttl\")\n self._get_ansible_param(obj, \"infra_host_ttl\")\n self._get_ansible_param(obj, \"infra_cache_numhosts\")\n self._get_ansible_param(obj, \"unwanted_reply_threshold\")\n self._get_ansible_param(obj, \"log_verbosity\")\n self._get_ansible_param(obj, \"hosts\")\n self._get_ansible_param(obj, \"domainoverrides\")\n for domainoverride in obj.get(\"domainoverrides\", []):\n self._get_ansible_param_bool(domainoverride, \"forward_tls_upstream\", value=\"\", params=domainoverride)\n\n if ((self.pfsense.config_get_path('system/dnslocalhost') != 'remote') and (\"lo0\" not in obj['active_interface']) and\n (\"all\" not in obj['active_interface'])):\n self.module.fail_json(msg=\"This system is configured to use the DNS Resolver as its DNS server, so Localhost or All must be selected in\"\n \" active_interface.\")\n\n # wrap - to all hosts.alias\n for host in obj[\"hosts\"]:\n if host[\"aliases\"]:\n tmp_aliases = host[\"aliases\"]\n host[\"aliases\"] = {\n \"item\": tmp_aliases\n }\n else:\n # Default is an empty element\n host[\"aliases\"] = \"\"\n\n return obj\n\n def _validate_params(self):\n \"\"\" do some extra checks on input parameters \"\"\"\n params = self.params\n\n if params[\"sslcert\"] and not self.pfsense.find_cert_elt(params[\"sslcert\"]):\n self.module.fail_json(msg=f'sslcert, {params[\"sslcert\"]} is not a valid description of cert')\n\n for host in params[\"hosts\"]:\n for ipaddr in host[\"ip\"].split(\",\"):\n if not self.pfsense.is_ipv4_address(ipaddr) and not self.pfsense.is_ipv6_address(ipaddr):\n self.module.fail_json(msg=f'ip, {ipaddr} is not a ipv4/ipv6 address')\n\n if params[\"domainoverrides\"] is not None:\n for domain in params[\"domainoverrides\"]:\n if not self.pfsense.is_ipv4_address(domain[\"ip\"]) and not self.pfsense.is_ipv6_address(domain[\"ip\"]):\n self.module.fail_json(msg=f'ip, {domain[\"ip\"]} is not a ipv4/ipv6 address')\n\n ##############################\n # XML processing\n #\n def _create_target(self):\n \"\"\" create the XML target_elt \"\"\"\n return self.root_elt\n\n def _find_target(self):\n \"\"\" find the XML target_elt \"\"\"\n return self.root_elt\n\n def _get_params_to_remove(self):\n \"\"\" returns the list of params to remove if they are not set \"\"\"\n if self.params[\"state\"] == \"absent\":\n return [\"enable\"]\n else:\n return [\"hideidentity\", \"hideversion\", \"dnssecstripped\", \"forwarding\", \"regdhcp\", \"regdhcpstatic\", \"regovpnclients\", \"enablessl\", \"dnssec\",\n \"forward_tls_upstream\", \"prefetch\", \"prefetchkey\"]\n\n ##############################\n # run\n #\n def _update(self):\n \"\"\" make the target pfsense reload \"\"\"\n return self.pfsense.phpshell('''\nrequire_once(\"unbound.inc\");\nrequire_once(\"pfsense-utils.inc\");\nrequire_once(\"system.inc\");\n\nservices_unbound_configure();\nsystem_resolvconf_generate();\nsystem_dhcpleases_configure();\nclear_subsystem_dirty(\"unbound\");\n''')\n\n ##############################\n # Logging\n #\n def _get_obj_name(self):\n \"\"\" return obj's name \"\"\"\n return self.name\n\n def _log_fields(self, before=None):\n \"\"\" generate pseudo-CLI command fields parameters to create an obj \"\"\"\n values = ''\n\n values += self.format_updated_cli_field(self.obj, before, 'enable', fvalue=self.fvalue_bool, add_comma=(values), log_none=False)\n values += self.format_updated_cli_field(self.obj, before, 'active_interface', add_comma=(values), log_none=False)\n values += self.format_updated_cli_field(self.obj, before, 'outgoing_interface', add_comma=(values), log_none=False)\n values += self.format_updated_cli_field(self.obj, before, 'custom_options', fvalue=self.fvalue_bool, add_comma=(values), log_none=False)\n values += self.format_updated_cli_field(self.obj, before, 'hideidentity', fvalue=self.fvalue_bool, add_comma=(values), log_none=False)\n values += self.format_updated_cli_field(self.obj, before, 'hideversion', fvalue=self.fvalue_bool, add_comma=(values), log_none=False)\n values += self.format_updated_cli_field(self.obj, before, 'dnssecstripped', fvalue=self.fvalue_bool, add_comma=(values), log_none=False)\n values += self.format_updated_cli_field(self.obj, before, 'port', fvalue=self.fvalue_bool, add_comma=(values), log_none=False)\n values += self.format_updated_cli_field(self.obj, before, 'tlsport', fvalue=self.fvalue_bool, add_comma=(values), log_none=False)\n values += self.format_updated_cli_field(self.obj, before, 'sslcertref', fvalue=self.fvalue_bool, add_comma=(values), log_none=False)\n values += self.format_updated_cli_field(self.obj, before, 'forwarding', fvalue=self.fvalue_bool, add_comma=(values), log_none=False)\n values += self.format_updated_cli_field(self.obj, before, 'system_domain_local_zone_type', add_comma=(values), log_none=False)\n values += self.format_updated_cli_field(self.obj, before, 'regdhcp', fvalue=self.fvalue_bool, add_comma=(values), log_none=False)\n values += self.format_updated_cli_field(self.obj, before, 'regdhcpstatic', fvalue=self.fvalue_bool, add_comma=(values), log_none=False)\n values += self.format_updated_cli_field(self.obj, before, 'prefetch', fvalue=self.fvalue_bool, add_comma=(values), log_none=False)\n values += self.format_updated_cli_field(self.obj, before, 'prefetchkey', fvalue=self.fvalue_bool, add_comma=(values), log_none=False)\n values += self.format_updated_cli_field(self.obj, before, 'msgcachesize', add_comma=(values), log_none=False)\n values += self.format_updated_cli_field(self.obj, before, 'outgoing_num_tcp', add_comma=(values), log_none=False)\n values += self.format_updated_cli_field(self.obj, before, 'incoming_num_tcp', add_comma=(values), log_none=False)\n values += self.format_updated_cli_field(self.obj, before, 'edns_buffer_size', add_comma=(values), log_none=False)\n values += self.format_updated_cli_field(self.obj, before, 'num_queries_per_thread', add_comma=(values), log_none=False)\n values += self.format_updated_cli_field(self.obj, before, 'jostle_timeout', add_comma=(values), log_none=False)\n values += self.format_updated_cli_field(self.obj, before, 'cache_max_ttl', add_comma=(values), log_none=False)\n values += self.format_updated_cli_field(self.obj, before, 'cache_min_ttl', add_comma=(values), log_none=False)\n values += self.format_updated_cli_field(self.obj, before, 'infra_host_ttl', add_comma=(values), log_none=False)\n values += self.format_updated_cli_field(self.obj, before, 'infra_cache_numhosts', add_comma=(values), log_none=False)\n values += self.format_updated_cli_field(self.obj, before, 'unwanted_reply_threshold', add_comma=(values), log_none=False)\n values += self.format_updated_cli_field(self.obj, before, 'log_verbosity', add_comma=(values), log_none=False)\n\n # todo: hosts and domainoverrides is not logged\n return values\n\n\ndef main():\n module = AnsibleModule(\n argument_spec=DNS_RESOLVER_ARGUMENT_SPEC,\n required_if=DNS_RESOLVER_REQUIRED_IF,\n supports_check_mode=True)\n\n pfmodule = PFSenseDNSResolverModule(module)\n pfmodule.run(module.params)\n pfmodule.commit_changes()\n\n\nif __name__ == '__main__':\n main()\n"
},
{
"path": "plugins/modules/pfsense_gateway.py",
"content": "#!/usr/bin/python\n# -*- coding: utf-8 -*-\n\n# Copyright: (c) 2018, Orion Poplawski
\n# Copyright: (c) 2018, Frederic Bor \n# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)\n\nfrom __future__ import absolute_import, division, print_function\n__metaclass__ = type\n\nANSIBLE_METADATA = {'metadata_version': '1.1',\n 'status': ['preview'],\n 'supported_by': 'community'}\n\nDOCUMENTATION = \"\"\"\n---\nmodule: pfsense_gateway\nversion_added: 0.1.0\nauthor: Frederic Bor (@f-bor)\nshort_description: Manage pfSense gateways\ndescription:\n - Manage pfSense gateways\nnotes:\noptions:\n name:\n description: Gateway name\n required: true\n type: str\n interface:\n description: Choose which interface this gateway applies to.\n required: false\n type: str\n ipprotocol:\n description: Choose the Internet Protocol this gateway uses.\n required: false\n choices: [ \"inet\", \"inet6\" ]\n default: inet\n type: str\n gateway:\n description: Gateway IP address\n required: false\n type: str\n descr:\n description: The description of the gateway\n required: false\n default: ''\n type: str\n disabled:\n description: Set this option to disable this gateway without removing it from the list.\n default: false\n type: bool\n monitor:\n description: Enter an alternative address here to be used to monitor the link.\n required: false\n type: str\n monitor_disable:\n description: This will consider this gateway as always being up.\n default: false\n type: bool\n action_disable:\n description: No action will be taken on gateway events. The gateway is always considered up.\n default: false\n type: bool\n force_down:\n description: This will force this gateway to be considered down.\n default: false\n type: bool\n weight:\n description: Weight for this gateway when used in a Gateway Group. Must be between 1 and 30.\n default: 1\n type: int\n version_added: 0.7.2\n losslow:\n description: Low threshold for packet loss in %. Default is 10.\n type: int\n version_added: 0.7.2\n losshigh:\n description: High threshold for packet loss in %. Default is 20.\n type: int\n nonlocalgateway:\n description:\n - This will allow use of a gateway outside of this interface's subnet.\n - This is usually indicative of a configuration error, but is required for some scenarios.\n default: false\n type: bool\n state:\n description: State in which to leave the gateway\n choices: [ \"present\", \"absent\" ]\n default: present\n type: str\n\"\"\"\n\nEXAMPLES = \"\"\"\n- name: Add gateway\n pfsense_gateway:\n name: default_gw\n interface: wan\n gateway: 1.2.3.4\n state: present\n\n- name: Remove gateway\n pfsense_gateway:\n name: vpn_gw\n state: absent\n\"\"\"\n\nRETURN = \"\"\"\ncommands:\n description: the set of commands that would be pushed to the remote device (if pfSense had a CLI)\n returned: always\n type: list\n sample: [\"create gateway 'default_gw', interface='wan', address='1.2.3.4'\", \"delete gateway 'vpn_gw'\"]\n\"\"\"\n\nfrom ansible.module_utils.basic import AnsibleModule\nfrom ansible_collections.pfsensible.core.plugins.module_utils.gateway import PFSenseGatewayModule, GATEWAY_ARGUMENT_SPEC, GATEWAY_REQUIRED_IF\n\n\ndef main():\n module = AnsibleModule(\n argument_spec=GATEWAY_ARGUMENT_SPEC,\n required_if=GATEWAY_REQUIRED_IF,\n supports_check_mode=True)\n\n pfmodule = PFSenseGatewayModule(module)\n pfmodule.run(module.params)\n pfmodule.commit_changes()\n\n\nif __name__ == '__main__':\n main()\n"
},
{
"path": "plugins/modules/pfsense_gateway_group.py",
"content": "#!/usr/bin/python\n# -*- coding: utf-8 -*-\n\n# Copyright: (c) 2026, Orion Poplawski \n# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)\n\nfrom __future__ import (absolute_import, division, print_function)\n__metaclass__ = type\n\nDOCUMENTATION = r'''\n---\nmodule: pfsense_gateway_group\n\nshort_description: Manage pfSense gateway groups\n\nversion_added: \"0.7.2\"\n\ndescription:\n - Manage pfSense gateway groups.\n\noptions:\n name:\n description: The name of the gateway group.\n required: true\n type: str\n state:\n description: State in which to leave the gateway group.\n default: present\n choices: ['present', 'absent']\n type: str\n keep_failover_states:\n description: Keep Failover States of the gateway group. Defaults to unset.\n choices: ['', 'keep', 'kill']\n type: str\n trigger:\n description: Trigger Level of the gateway group. When to trigger exclusion of a member. Defaults to down.\n default: down\n choices: ['down', 'downloss', 'downlatency', 'downlosslatency']\n type: str\n descr:\n description: Description of the gateway group. Used to identify the gateway group.\n type: str\n members:\n description: The members of the gateway group.\n type: list\n elements: dict\n suboptions:\n gateway:\n type: str\n required: true\n description: The name of the gateway.\n tier:\n type: int\n required: true\n description: The tier of the gateway. This should be a number between 1 and the number of members.\n virtualip:\n type: str\n required: true\n description: The virtual IP of the gateway. This should either be `address` or the name of a virtual IP.\n\n\nauthor: Orion Poplawski (@opoplawski)\n'''\n\nEXAMPLES = r'''\n- name: Add WANGW_FAILOVER gateway group\n pfsensible.core.pfsense_gateway group:\n name: WANGW_FAILOVER\n keep_failover_states: keep\n trigger: downlosslatency\n descr: Item full\n members:\n - gateway: WANGW\n tier: 1\n virtualip: address\n - gateway: WAN1GW\n tier: 2\n virtualip: WAN1 CARP\n state: present\n\n- name: Remove WANGW_FAILOVER gateway group\n pfsensible.core.pfsense_gateway group:\n name: WANGW_FAILOVER\n state: absent\n'''\nRETURN = r'''\ncommands:\n description: the set of commands that would be pushed to the remote device (if pfSense had a CLI).\n returned: always\n type: list\n sample: [\"create gateway_group 'WANGW_FAILOVER'\", \"update gateway_group 'WANGW_FAILOVER' set ...\", \"delete gateway_group 'WANGW_FAILOVER'\"]\n'''\n\nfrom ansible.module_utils.basic import AnsibleModule\nfrom ansible_collections.pfsensible.core.plugins.module_utils.module_base import PFSenseModuleBase\n\nGATEWAY_GROUP_ARGUMENT_SPEC = dict(\n # Only name should be required here - othewise you cannot remove an item with just 'name'\n # Required arguments for creation should be noted in GATEWAY_GROUP_REQUIRED_IF = ['state', 'present', ...] below\n name=dict(required=True, type='str'),\n state=dict(type='str', default='present', choices=['present', 'absent']),\n keep_failover_states=dict(type='str', choices=['', 'keep', 'kill']),\n trigger=dict(type='str', choices=['down', 'downloss', 'downlatency', 'downlosslatency'], default='down'),\n descr=dict(type='str'),\n members=dict(type='list', elements='dict'),\n)\n\nGATEWAY_GROUP_REQUIRED_IF = [\n ['state', 'present', ['members']],\n]\n\n\ndef p2o_members(self, name, params, obj):\n \"\"\" parse the list of members into format required for the XML element \"\"\"\n obj['item'] = []\n for member in params[name]:\n if member[\"virtualip\"] != \"address\":\n if (vip := self.pfsense.get_virtual_ip_interface(member[\"virtualip\"])) is None:\n self.module.fail_json(msg=f\"Cannot find virtual IP '{member['virtualip']}'\")\n else:\n vip = 'address'\n obj['item'].append(f\"{member['gateway']}|{member['tier']}|{vip}\")\n\n\nGATEWAY_GROUP_ARG_ROUTE = dict(\n members=dict(parse=p2o_members),\n)\n\nGATEWAY_GROUP_CREATE_DEFAULT = dict(\n trigger='down',\n)\n\n\nclass PFSenseGatewayGroupModule(PFSenseModuleBase):\n \"\"\" module managing pfsense gateway groups \"\"\"\n\n ##############################\n # unit tests\n #\n # Must be class method for unit test usage\n @staticmethod\n def get_argument_spec():\n \"\"\" return argument spec \"\"\"\n return GATEWAY_GROUP_ARGUMENT_SPEC\n\n def __init__(self, module, pfsense=None):\n super(PFSenseGatewayGroupModule, self).__init__(module, pfsense, root='gateways', node='gateway_group', key='name',\n arg_route=GATEWAY_GROUP_ARG_ROUTE, create_default=GATEWAY_GROUP_CREATE_DEFAULT)\n\n\ndef main():\n module = AnsibleModule(\n argument_spec=GATEWAY_GROUP_ARGUMENT_SPEC,\n required_if=GATEWAY_GROUP_REQUIRED_IF,\n supports_check_mode=True)\n\n pfmodule = PFSenseGatewayGroupModule(module)\n # Pass params for testing framework\n pfmodule.run(module.params)\n pfmodule.commit_changes()\n\n\nif __name__ == '__main__':\n main()\n"
},
{
"path": "plugins/modules/pfsense_group.py",
"content": "#!/usr/bin/python\n# -*- coding: utf-8 -*-\n\n# Copyright: (c) 2018-2020, Orion Poplawski \n# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)\n\nfrom __future__ import absolute_import, division, print_function\n__metaclass__ = type\n\nANSIBLE_METADATA = {'metadata_version': '1.1',\n 'status': ['preview'],\n 'supported_by': 'community'}\n\nDOCUMENTATION = \"\"\"\n---\nmodule: pfsense_group\nversion_added: 0.1.0\nshort_description: Manage pfSense user groups\ndescription:\n >\n Manage pfSense groups\nauthor: Orion Poplawski (@opoplawski)\nnotes:\noptions:\n name:\n description: The name of the group\n required: true\n type: str\n state:\n description: State in which to leave the group\n required: true\n choices: [ \"present\", \"absent\" ]\n type: str\n descr:\n description: Description of the group\n type: str\n scope:\n description: Scope of the group\n default: local\n choices: [\"local\", \"remote\", \"system\" ]\n type: str\n gid:\n description:\n - GID of the group.\n - Will use next available GID if not specified.\n type: str\n priv:\n description:\n - A list of privileges to assign.\n - Allowed values include page-all, user-shell-access.\n type: list\n elements: str\n\"\"\"\n\nEXAMPLES = \"\"\"\n- name: Add adservers group\n pfsense_group:\n name: Domain Admins\n descr: Remote Admins\n scope: remote\n priv: [ 'page-all', 'user-shell-access' ]\n state: present\n\n- name: Remove group\n pfsense_group:\n name: Domain Admins\n state: absent\n\"\"\"\n\nRETURN = \"\"\"\n\n\"\"\"\n\nfrom ansible.module_utils.basic import AnsibleModule\nfrom ansible_collections.pfsensible.core.plugins.module_utils.module_base import PFSenseModuleBase\n\nGROUP_PHP_COMMAND_PREFIX = \"\"\"\nrequire_once('auth.inc');\n\"\"\"\n\nGROUP_PHP_COMMAND_SET = GROUP_PHP_COMMAND_PREFIX + \"\"\"\n$group = config_get_path('system/group')[{idx}];\nlocal_group_set($group);\n\"\"\"\n\n# This runs after we remove the group from the config so we can't use it\nGROUP_PHP_COMMAND_DEL = GROUP_PHP_COMMAND_PREFIX + \"\"\"\n$group['name'] = '{name}';\nlocal_group_del($group);\n\"\"\"\n\n\nclass PFSenseGroupModule(PFSenseModuleBase):\n \"\"\" module managing pfsense user groups \"\"\"\n\n def __init__(self, module, pfsense=None):\n super(PFSenseGroupModule, self).__init__(module, pfsense)\n self.name = \"pfsense_group\"\n self.root_elt = self.pfsense.get_element('system')\n self.groups = self.root_elt.findall('group')\n\n ##############################\n # params processing\n #\n def _params_to_obj(self):\n \"\"\" return a dict from module params \"\"\"\n params = self.params\n\n obj = dict()\n self.obj = obj\n\n obj['name'] = params['name']\n state = params['state']\n\n if state == 'present':\n obj['description'] = params['descr']\n for option in ['scope', 'gid', 'priv']:\n if option in params and params[option] is not None:\n obj[option] = params[option]\n\n return obj\n\n def _validate_params(self):\n \"\"\" do some extra checks on input parameters \"\"\"\n\n def _nextgid(self):\n \"\"\" return and update netgid counter \"\"\"\n nextgid_elt = self.root_elt.find('nextgid')\n nextgid = nextgid_elt.text\n nextgid_elt.text = str(int(nextgid) + 1)\n return nextgid\n\n ##############################\n # XML processing\n #\n def _copy_and_add_target(self):\n \"\"\" create the XML target_elt \"\"\"\n if 'gid' not in self.obj:\n # Search for an open gid\n while True:\n self.obj['gid'] = self._nextgid()\n if self._find_group_by_gid(self.obj['gid']) is None:\n break\n else:\n if self._find_group_by_gid(self.obj['gid']) is not None:\n self.module.fail_json(msg='A different group already exists with gid {0}.'.format(self.obj['gid']))\n self.pfsense.copy_dict_to_element(self.obj, self.target_elt)\n self.diff['after'] = self.pfsense.element_to_dict(self.target_elt)\n self.root_elt.insert(self._find_last_group_index(), self.target_elt)\n # Reset groups list\n self.groups = self.root_elt.findall('group')\n\n def _copy_and_update_target(self):\n \"\"\" update the XML target_elt \"\"\"\n before = self.pfsense.element_to_dict(self.target_elt)\n self.diff['before'] = before\n changed = self.pfsense.copy_dict_to_element(self.obj, self.target_elt)\n self.diff['after'].update(self.pfsense.element_to_dict(self.target_elt))\n\n return (before, changed)\n\n def _create_target(self):\n \"\"\" create the XML target_elt \"\"\"\n return self.pfsense.new_element('group')\n\n def _find_target(self):\n return self.pfsense.find_elt('group', self.obj['name'], search_field='name', root_elt=self.root_elt)\n\n def _find_group_by_gid(self, gid):\n return self.pfsense.find_elt('group', gid, search_field='gid', root_elt=self.root_elt)\n\n def _find_this_group_index(self):\n return self.groups.index(self.target_elt)\n\n def _find_last_group_index(self):\n return list(self.root_elt).index(self.groups[len(self.groups) - 1])\n\n ##############################\n # run\n #\n def _update(self):\n if self.params['state'] == 'present':\n return self.pfsense.phpshell(GROUP_PHP_COMMAND_SET.format(idx=self._find_this_group_index()))\n else:\n return self.pfsense.phpshell(GROUP_PHP_COMMAND_DEL.format(name=self.obj['name']))\n\n ##############################\n # Logging\n #\n def _get_obj_name(self):\n \"\"\" return obj's name \"\"\"\n return self.obj['name']\n\n def _log_fields(self, before=None):\n \"\"\" generate pseudo-CLI command fields parameters to create an obj \"\"\"\n values = ''\n return values\n\n\ndef main():\n module = AnsibleModule(\n argument_spec={\n 'name': {'required': True, 'type': 'str'},\n 'state': {\n 'required': True,\n 'choices': ['present', 'absent']\n },\n 'descr': {'required': False, 'type': 'str'},\n 'scope': {\n 'default': 'local',\n 'choices': ['local', 'remote', 'system']\n },\n 'gid': {'required': False, 'type': 'str'},\n 'priv': {'required': False, 'type': 'list', 'elements': 'str'},\n },\n supports_check_mode=True)\n\n pfmodule = PFSenseGroupModule(module)\n pfmodule.run(module.params)\n pfmodule.commit_changes()\n\n\nif __name__ == '__main__':\n main()\n"
},
{
"path": "plugins/modules/pfsense_haproxy_backend.py",
"content": "#!/usr/bin/python\n# -*- coding: utf-8 -*-\n\n# Copyright: (c) 2019, Frederic Bor \n# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)\n\nfrom __future__ import absolute_import, division, print_function\n__metaclass__ = type\n\nANSIBLE_METADATA = {'metadata_version': '1.1',\n 'status': ['preview'],\n 'supported_by': 'community'}\n\nDOCUMENTATION = \"\"\"\n---\nmodule: pfsense_haproxy_backend\nversion_added: 0.1.0\nauthor: Frederic Bor (@f-bor)\nshort_description: Manage pfSense HAProxy backends\ndescription:\n - Manage pfSense HAProxy backends\nnotes:\ndeprecated:\n removed_in: 0.8.0\n why: Moved to `pfsensible.haproxy`\n alternative: Use M(pfsensible.haproxy.pfsense_haproxy_backend) instead.\noptions:\n name:\n description: The backend name.\n required: true\n type: str\n balance:\n description: The load balancing option.\n required: false\n type: str\n choices: ['none', 'roundrobin', 'static-rr', 'leastconn', 'source', 'uri']\n default: 'none'\n balance_urilen:\n description: Indicates that the algorithm should only consider that many characters at the beginning of the URI to compute the hash.\n required: false\n type: int\n balance_uridepth:\n description: Indicates the maximum directory depth to be used to compute the hash. One level is counted for each slash in the request.\n required: false\n type: int\n balance_uriwhole:\n description: Allow using whole URI including url parameters behind a question mark.\n required: false\n type: bool\n connection_timeout:\n description: The time (in milliseconds) we give up if the connection does not complete within (default 30000).\n required: false\n type: int\n server_timeout:\n description: The time (in milliseconds) we accept to wait for data from the server, or for the server to accept data (default 30000).\n required: false\n type: int\n retries:\n description: After a connection failure to a server, it is possible to retry, potentially on another server.\n required: false\n type: int\n check_type:\n description: Health check method.\n type: str\n choices: ['none', 'Basic', 'HTTP', 'Agent', 'LDAP', 'MySQL', 'PostgreSQL', 'Redis', 'SMTP', 'ESMTP', 'SSL']\n default: 'none'\n check_frequency:\n description: The check interval (in milliseconds). For HTTP/HTTPS defaults to 1000 if left blank. For TCP no check will be performed if left empty.\n required: false\n type: int\n log_checks:\n description: When this option is enabled, any change of the health check status or to the server's health will be logged.\n required: false\n type: bool\n httpcheck_method:\n description: HTTP check method.\n required: false\n type: str\n choices: ['OPTIONS', 'HEAD', 'GET', 'POST', 'PUT', 'DELETE', 'TRACE']\n monitor_uri:\n description: Url used by http check requests.\n required: false\n type: str\n monitor_httpversion:\n description: Defaults to \"HTTP/1.0\" if left blank.\n required: false\n type: str\n monitor_username:\n description: Username used in checks (MySQL and PostgreSQL)\n required: false\n type: str\n monitor_domain:\n description: Domain used in checks (SMTP and ESMTP)\n required: false\n type: str\n state:\n description: State in which to leave the backend\n choices: [ \"present\", \"absent\" ]\n default: present\n type: str\n\"\"\"\n\nEXAMPLES = \"\"\"\n- name: Add backend\n pfsense_haproxy_backend:\n name: exchange\n balance: leastconn\n httpcheck_method: HTTP\n state: present\n\n- name: Remove backend\n pfsense_haproxy_backend:\n name: exchange\n state: absent\n\"\"\"\n\nRETURN = \"\"\"\ncommands:\n description: the set of commands that would be pushed to the remote device (if pfSense had a CLI)\n returned: always\n type: list\n sample: [\"create haproxy_backend 'exchange', balance='leastconn', httpcheck_method='HTTP'\", \"delete haproxy_backend 'exchange'\"]\n\"\"\"\n\nfrom ansible.module_utils.basic import AnsibleModule\nfrom ansible_collections.pfsensible.core.plugins.module_utils.haproxy_backend import PFSenseHaproxyBackendModule, HAPROXY_BACKEND_ARGUMENT_SPEC\n\n\ndef main():\n module = AnsibleModule(\n argument_spec=HAPROXY_BACKEND_ARGUMENT_SPEC,\n supports_check_mode=True)\n\n pfmodule = PFSenseHaproxyBackendModule(module)\n pfmodule.run(module.params)\n pfmodule.commit_changes()\n\n\nif __name__ == '__main__':\n main()\n"
},
{
"path": "plugins/modules/pfsense_haproxy_backend_server.py",
"content": "#!/usr/bin/python\n# -*- coding: utf-8 -*-\n\n# Copyright: (c) 2019, Frederic Bor \n# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)\n\nfrom __future__ import absolute_import, division, print_function\n__metaclass__ = type\n\nANSIBLE_METADATA = {'metadata_version': '1.1',\n 'status': ['preview'],\n 'supported_by': 'community'}\n\nDOCUMENTATION = \"\"\"\n---\nmodule: pfsense_haproxy_backend_server\nversion_added: 0.1.0\nauthor: Frederic Bor (@f-bor)\nshort_description: Manage pfSense haproxy backend servers\ndescription:\n - Manage pfSense haproxy servers\nnotes:\ndeprecated:\n removed_in: 0.8.0\n why: Moved to `pfsensible.haproxy`\n alternative: Use M(pfsensible.haproxy.pfsense_haproxy_backend) instead.\noptions:\n backend:\n description: The backend name.\n required: true\n type: str\n name:\n description: The server name.\n required: true\n type: str\n mode:\n description: How to use the server.\n required: false\n type: str\n choices: ['active', 'backup', 'disabled', 'inactive']\n default: 'active'\n forwardto:\n description: The name of the frontend to forward. When None, forwards to address and port\n required: false\n type: str\n address:\n description: IP or hostname of the backend (only resolved on start-up.)\n required: false\n type: str\n port:\n description: The port of the backend.\n required: false\n type: int\n ssl:\n description: Should haproxy encrypt the traffic to the backend with SSL (commonly used with mode http on frontend and a port 443 on backend).\n required: false\n type: bool\n checkssl:\n description: This can be used with for example a LDAPS health-checks where LDAPS is passed along with mode TCP\n required: false\n type: bool\n weight:\n description: >\n A weight between 0 and 256, this setting can be used when multiple servers on different hardware need to be balanced with a different part the traffic.\n A server with weight 0 wont get new traffic. Default if empty: 1\n required: false\n type: int\n sslserververify:\n description: SSL servers only, The server certificate will be verified against the CA and CRL certificate configured below.\n required: false\n type: bool\n verifyhost:\n description: SSL servers only, when set, must match the hostnames in the subject and subjectAlternateNames of the certificate provided by the server.\n required: false\n type: str\n ca:\n description: SSL servers only, set the CA authority to check the server certificate against.\n required: false\n type: str\n crl:\n description: SSL servers only, set the CRL to check revoked certificates.\n required: false\n type: str\n clientcert:\n description: SSL servers only, This certificate will be sent if the server send a client certificate request.\n required: false\n type: str\n cookie:\n description: Persistence only, Used to identify server when cookie persistence is configured for the backend.\n required: false\n type: str\n maxconn:\n description: Tuning, If the number of incoming concurrent requests goes higher than this value, they will be queued\n required: false\n type: int\n advanced:\n description: Allows for adding custom HAProxy settings to the server. These are passed as written, use escaping where needed.\n required: false\n type: str\n istemplate:\n description: If set, configures this server item as a template to provision servers from dns/srv responses.\n required: false\n type: str\n state:\n description: State in which to leave the backend server\n choices: [ \"present\", \"absent\" ]\n default: present\n type: str\n\"\"\"\n\nEXAMPLES = \"\"\"\n- name: Add backend server\n pfsense_haproxy_backend_server:\n backend: exchange\n name: exchange.acme.org\n address: exchange.acme.org\n port: 443\n state: present\n\n- name: Remove backend server\n pfsense_haproxy_backend_server:\n backend: exchange\n name: exchange.acme.org\n state: absent\n\"\"\"\n\nRETURN = \"\"\"\ncommands:\n description: the set of commands that would be pushed to the remote device (if pfSense had a CLI)\n returned: always\n type: list\n sample: [\n \"create haproxy_backend_server 'exchange.acme.org' on 'exchange', status='active', address='exchange.acme.org', port=443\",\n \"delete haproxy_backend_server 'exchange.acme.org' on 'exchange'\"\n ]\n\"\"\"\n\nfrom ansible.module_utils.basic import AnsibleModule\nfrom ansible_collections.pfsensible.core.plugins.module_utils.haproxy_backend_server import (\n PFSenseHaproxyBackendServerModule,\n HAPROXY_BACKEND_SERVER_ARGUMENT_SPEC,\n HAPROXY_BACKEND_SERVER_MUTUALLY_EXCLUSIVE,\n)\n\n\ndef main():\n module = AnsibleModule(\n argument_spec=HAPROXY_BACKEND_SERVER_ARGUMENT_SPEC,\n mutually_exclusive=HAPROXY_BACKEND_SERVER_MUTUALLY_EXCLUSIVE,\n supports_check_mode=True)\n\n pfmodule = PFSenseHaproxyBackendServerModule(module)\n pfmodule.run(module.params)\n pfmodule.commit_changes()\n\n\nif __name__ == '__main__':\n main()\n"
},
{
"path": "plugins/modules/pfsense_interface.py",
"content": "#!/usr/bin/python\n# -*- coding: utf-8 -*-\n\n# Copyright: (c) 2018, Frederic Bor \n# Copyright: (c) 2021-2022, Orion Poplawski \n# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)\n\nfrom __future__ import absolute_import, division, print_function\n__metaclass__ = type\n\nANSIBLE_METADATA = {'metadata_version': '1.1',\n 'status': ['preview'],\n 'supported_by': 'community'}\n\nDOCUMENTATION = \"\"\"\n---\nmodule: pfsense_interface\nversion_added: 0.1.0\nauthor: Frederic Bor (@f-bor)\nshort_description: Manage pfSense interfaces\ndescription:\n - Manage pfSense interfaces.\nnotes:\noptions:\n state:\n description: State in which to leave the interface.\n choices: [ \"present\", \"absent\" ]\n default: present\n type: str\n descr:\n description: Description (name) for the interface.\n required: true\n type: str\n interface:\n description: Network port to which assign the interface.\n type: str\n interface_descr:\n description: Network port descr to which assign the interface.\n type: str\n enable:\n description: Enable interface.\n default: no\n type: bool\n ipv4_type:\n description: IPv4 Configuration Type.\n choices: [ \"none\", \"static\", \"dhcp\" ]\n default: 'none'\n type: str\n ipv6_type:\n description: IPv4 Configuration Type.\n choices: [ \"none\", \"static\", \"slaac\" ]\n default: 'none'\n type: str\n mac:\n description: Used to modify (\"spoof\") the MAC address of this interface.\n required: false\n type: str\n mtu:\n description: Maximum transmission unit\n required: false\n type: int\n mss:\n description: MSS clamping for TCP connections.\n required: false\n type: int\n speed_duplex:\n description: Set speed and duplex mode for this interface.\n required: false\n default: autoselect\n type: str\n ipv4_address:\n description: IPv4 Address.\n required: false\n type: str\n ipv4_prefixlen:\n description: IPv4 subnet prefix length.\n required: false\n default: 24\n type: int\n ipv4_gateway:\n description: IPv4 gateway for this interface.\n required: false\n type: str\n ipv6_address:\n description: IPv6 Address.\n required: false\n type: str\n ipv6_prefixlen:\n description: IPv6 subnet prefix length.\n required: false\n default: 128\n type: int\n ipv6_gateway:\n description: IPv6 gateway for this interface.\n required: false\n type: str\n blockpriv:\n description: Blocks traffic from IP addresses that are reserved for private networks.\n required: false\n type: bool\n blockbogons:\n description: Blocks traffic from reserved IP addresses (but not RFC 1918) or not yet assigned by IANA.\n required: false\n type: bool\n slaacusev4iface:\n description: IPv6 will use the IPv4 connectivity link (PPPoE). Only used when ipv6_type is slaac.\n required: false\n type: bool\n version_added: 0.6.2\n\"\"\"\n\nEXAMPLES = \"\"\"\n- name: Add interface\n pfsense_interface:\n descr: voice\n interface: mvneta0.100\n enable: True\n\n- name: Remove interface\n pfsense_interface:\n state: absent\n descr: voice\n interface: mvneta0.100\n\"\"\"\n\nRETURN = \"\"\"\ncommands:\n description: The set of commands that would be pushed to the remote device (if pfSense had a CLI).\n returned: always\n type: list\n sample: [\n \"create interface 'voice', port='mvneta0.100', speed_duplex='autoselect', enable='True'\",\n \"delete interface 'voice'\"\n ]\nifname:\n description: The pseudo-device name of the interface.\n returned: always\n type: str\n sample: opt1\n\"\"\"\n\nfrom ansible.module_utils.basic import AnsibleModule\nfrom ansible_collections.pfsensible.core.plugins.module_utils.interface import (\n PFSenseInterfaceModule,\n INTERFACE_ARGUMENT_SPEC,\n INTERFACE_REQUIRED_IF,\n INTERFACE_MUTUALLY_EXCLUSIVE\n)\n\n\ndef main():\n module = AnsibleModule(\n argument_spec=INTERFACE_ARGUMENT_SPEC,\n required_if=INTERFACE_REQUIRED_IF,\n mutually_exclusive=INTERFACE_MUTUALLY_EXCLUSIVE,\n supports_check_mode=True)\n\n pfmodule = PFSenseInterfaceModule(module)\n pfmodule.run(module.params)\n pfmodule.commit_changes()\n\n\nif __name__ == '__main__':\n main()\n"
},
{
"path": "plugins/modules/pfsense_interface_group.py",
"content": "#!/usr/bin/python\n# -*- coding: utf-8 -*-\n\n# Copyright: (c) 2022, Orion Poplawski \n# Copyright: (c) 2018, Frederic Bor \n# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)\n\nfrom __future__ import absolute_import, division, print_function\n__metaclass__ = type\n\nANSIBLE_METADATA = {'metadata_version': '1.1',\n 'status': ['preview'],\n 'supported_by': 'community'}\n\nDOCUMENTATION = \"\"\"\n---\nmodule: pfsense_interface_group\nversion_added: 0.5.0\nauthor: Orion Poplawski (@opoplawski)\nshort_description: Manage pfSense interface groups\ndescription:\n - Manage pfSense interface groups.\nnotes:\noptions:\n state:\n description: State in which to leave the interface group.\n choices: [ \"present\", \"absent\" ]\n default: present\n type: str\n name:\n description: The name of the interface group.\n type: str\n required: yes\n descr:\n description: Description of the interface group.\n type: str\n members:\n description: The members of the interface group.\n type: list\n elements: str\n\"\"\"\n\nEXAMPLES = \"\"\"\n- name: Add interface group\n pfsense_interface_group:\n name: VPN\n members:\n - VPN1\n - VPN2\n descr: All VPN interfaces\n\n- name: Remove interface group\n pfsense_interface_group:\n state: absent\n name: VPN\n\"\"\"\n\nRETURN = \"\"\"\ncommands:\n description: The set of commands that would be pushed to the remote device (if pfSense had a CLI).\n returned: always\n type: list\n sample: [\n \"create interface-group 'VPN'\",\n \"delete interface-group 'VPN'\"\n ]\nmember_ifnames:\n description: The pseudo-device interface names of all of the members.\n returned: always\n type: list\n sample: [\n \"opt1\",\n \"opt2\"\n ]\n\"\"\"\n\nfrom ansible.module_utils.basic import AnsibleModule\nfrom ansible_collections.pfsensible.core.plugins.module_utils.interface_group import (\n PFSenseInterfaceGroupModule,\n INTERFACE_GROUP_ARGUMENT_SPEC,\n INTERFACE_GROUP_REQUIRED_IF\n)\n\n\ndef main():\n module = AnsibleModule(\n argument_spec=INTERFACE_GROUP_ARGUMENT_SPEC,\n required_if=INTERFACE_GROUP_REQUIRED_IF,\n supports_check_mode=True)\n\n pfmodule = PFSenseInterfaceGroupModule(module)\n pfmodule.run(module.params)\n pfmodule.commit_changes()\n\n\nif __name__ == '__main__':\n main()\n"
},
{
"path": "plugins/modules/pfsense_ipsec.py",
"content": "#!/usr/bin/python\n# -*- coding: utf-8 -*-\n\n# Copyright: (c) 2019, Frederic Bor \n# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)\n\nfrom __future__ import absolute_import, division, print_function\n__metaclass__ = type\n\nANSIBLE_METADATA = {'metadata_version': '1.1',\n 'status': ['preview'],\n 'supported_by': 'community'}\n\nDOCUMENTATION = \"\"\"\n---\nmodule: pfsense_ipsec\nversion_added: 0.1.0\nauthor: Frederic Bor (@f-bor)\nshort_description: Manage pfSense IPsec tunnels and phase 1 options\ndescription:\n - Manage pfSense IPsec tunnels and phase 1 options\nnotes:\noptions:\n iketype:\n description: Internet Key Exchange protocol version to be used. Auto uses IKEv2 when initiator, and accepts either IKEv1 or IKEv2 as responder.\n required: false\n choices: [ 'ikev1', 'ikev2', 'auto' ]\n type: str\n protocol:\n description: IP family\n default: 'inet'\n choices: [ 'inet', 'inet6', 'both' ]\n type: str\n interface:\n description: Interface for the local endpoint of this phase1 entry. Can be a virtual IP name or address prefixed with \"vip:\".\n required: false\n type: str\n remote_gateway:\n description: Public IP address or host name of the remote gateway.\n required: false\n type: str\n nattport:\n description: UDP port for NAT-T on the remote gateway.\n required: false\n type: int\n disabled:\n description: Set this option to disable this phase1 without removing it from the list.\n required: false\n type: bool\n authentication_method:\n description: Authenticatin method. Must match the setting chosen on the remote side.\n choices: [ 'pre_shared_key', 'rsasig' ]\n type: str\n mode:\n description: Negotiation mode. Aggressive is more flexible, but less secure. Only for IkeV1 or Auto.\n choices: [ 'main', 'aggressive' ]\n type: str\n myid_type:\n description: Local identifier type.\n default: 'myaddress'\n choices: [ 'myaddress', 'address', 'fqdn', 'user_fqdn', 'asn1dn', 'keyid tag', 'dyn_dns', 'auto' ]\n type: str\n myid_data:\n description: Local identifier value.\n required: false\n type: str\n peerid_type:\n description: Remote identifier type.\n default: 'peeraddress'\n choices: [ 'any', 'peeraddress', 'address', 'fqdn', 'user_fqdn', 'asn1dn', 'keyid tag', 'auto' ]\n type: str\n peerid_data:\n description: Remote identifier value.\n required: false\n type: str\n certificate:\n description: a certificate previously configured\n required: false\n type: str\n certificate_authority:\n description: a certificate authority previously configured\n required: false\n type: str\n preshared_key:\n description: This key must match on both peers.\n required: false\n type: str\n lifetime:\n description: The lifetime defines how often the connection will be rekeyed, in seconds.\n default: 28800\n type: int\n rekey_time:\n description: Time, in seconds, before an IKE SA establishes new keys.\n required: False\n type: int\n reauth_time:\n description: Time, in seconds, before an IKE SA is torn down and recreated from scratch, including authentication.\n required: False\n type: int\n rand_time:\n description: A random value up to this amount will be subtracted from Rekey Time/Reauth Time to avoid simultaneous renegotiation.\n required: False\n type: int\n disable_rekey:\n description: Disables renegotiation when a connection is about to expire (deprecated with pfSense 2.5.0)\n required: false\n type: bool\n margintime:\n description: How long before connection expiry or keying-channel expiry should attempt to negotiate a replacement begin (deprecated with pfSense 2.5.0)\n required: false\n type: int\n startaction:\n description: Set this option to force specific initiation/responder behavior for child SA (P2) entries. New in pfSense 2.5.2.\n default: ''\n choices: [ '', 'none', 'start', 'trap' ]\n type: str\n version_added: 0.5.2\n closeaction:\n description: Set this option to control the behavior when the remote peer unexpectedly closes a child SA (P2). New in pfSense 2.5.2.\n default: ''\n choices: [ '', 'none', 'start', 'trap' ]\n type: str\n version_added: 0.5.2\n responderonly:\n description: Enable this option to never initiate this connection from this side, only respond to incoming requests. Removed in pfSense 2.5.2.\n required: false\n type: bool\n disable_reauth:\n description: (IKEv2 only) Whether rekeying of an IKE_SA should also reauthenticate the peer. In IKEv1, reauthentication is always done.\n default: false\n type: bool\n mobike:\n description: (IKEv2 only) Set this option to control the use of MOBIKE\n default: 'off'\n choices: [ 'on', 'off' ]\n type: str\n gw_duplicates:\n description: Allow multiple phase 1 configurations with the same endpoint\n required: false\n type: bool\n splitconn:\n description: (IKEv2 only) Enable this to split connection entries with multiple phase 2 configurations\n default: false\n type: bool\n nat_traversal:\n description:\n Set this option to enable the use of NAT-T (i.e. the encapsulation of ESP in UDP packets) if needed,\n which can help with clients that are behind restrictive firewalls.\n default: 'on'\n choices: [ 'on', 'force' ]\n type: str\n enable_dpd:\n description: Enable dead peer detection\n default: True\n type: bool\n dpd_delay:\n description: Delay between requesting peer acknowledgement.\n default: 10\n type: int\n dpd_maxfail:\n description: Number of consecutive failures allowed before disconnect.\n default: 5\n type: int\n descr:\n description: The description of the IPsec tunnel\n required: true\n default: null\n type: str\n state:\n description: State in which to leave the IPsec tunnel\n choices: [ \"present\", \"absent\" ]\n default: present\n type: str\n apply:\n description: Apply VPN configuration on target pfSense\n default: True\n type: bool\n\"\"\"\n\n\nEXAMPLES = \"\"\"\n- name: Add simple tunnel\n pfsense_ipsec:\n state: present\n descr: test_tunnel\n interface: wan\n remote_gateway: 1.2.3.4\n iketype: ikev2\n authentication_method: pre_shared_key\n preshared_key: azerty123\n\n- name: Remove tunnel\n pfsense_ipsec:\n state: absent\n descr: test_tunnel\n\"\"\"\n\nRETURN = \"\"\"\ncommands:\n description: the set of commands that would be pushed to the remote device (if pfSense had a CLI)\n returned: always\n type: list\n sample: [\"create ipsec 'test_tunnel', iketype='ikev2', protocol='inet', interface='wan', remote_gateway='1.2.3.4', ...\", \"delete ipsec 'test_tunnel'\"]\n\"\"\"\n\nfrom ansible.module_utils.basic import AnsibleModule\nfrom ansible_collections.pfsensible.core.plugins.module_utils.ipsec import PFSenseIpsecModule, IPSEC_ARGUMENT_SPEC, IPSEC_REQUIRED_IF\n\n\ndef main():\n module = AnsibleModule(\n argument_spec=IPSEC_ARGUMENT_SPEC,\n required_if=IPSEC_REQUIRED_IF,\n supports_check_mode=True)\n\n pfmodule = PFSenseIpsecModule(module)\n pfmodule.run(module.params)\n pfmodule.commit_changes()\n\n\nif __name__ == '__main__':\n main()\n"
},
{
"path": "plugins/modules/pfsense_ipsec_aggregate.py",
"content": "#!/usr/bin/python\n# -*- coding: utf-8 -*-\n\n# Copyright: (c) 2018, Frederic Bor \n# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)\n\nfrom __future__ import absolute_import, division, print_function\n__metaclass__ = type\n\nANSIBLE_METADATA = {'metadata_version': '1.1',\n 'status': ['preview'],\n 'supported_by': 'community'}\n\nDOCUMENTATION = \"\"\"\n---\nmodule: pfsense_ipsec_aggregate\nversion_added: 0.1.0\nauthor: Frederic Bor (@f-bor)\nshort_description: Manage multiple pfSense IPsec tunnels, phases 1, phases 2 and proposals\ndescription:\n - Manage multiple pfSense IPsec tunnels, phases 1, phases 2 and proposals\nnotes:\n - aggregated_* use the same options definitions than pfsense corresponding module\noptions:\n aggregated_ipsecs:\n description: Dict of IPsec tunnels and phase 1 options to apply on the target\n required: False\n type: list\n elements: dict\n suboptions:\n iketype:\n description: Internet Key Exchange protocol version to be used. Auto uses IKEv2 when initiator, and accepts either IKEv1 or IKEv2 as responder.\n required: false\n choices: [ 'ikev1', 'ikev2', 'auto' ]\n type: str\n protocol:\n description: IP family\n default: 'inet'\n choices: [ 'inet', 'inet6', 'both' ]\n type: str\n interface:\n description: Interface for the local endpoint of this phase1 entry.\n required: false\n type: str\n remote_gateway:\n description: Public IP address or host name of the remote gateway.\n required: false\n type: str\n nattport:\n description: UDP port for NAT-T on the remote gateway.\n required: false\n type: int\n disabled:\n description: Set this option to disable this phase1 without removing it from the list.\n required: false\n type: bool\n authentication_method:\n description: Authenticatin method. Must match the setting chosen on the remote side.\n choices: [ 'pre_shared_key', 'rsasig' ]\n type: str\n mode:\n description: Negotiation mode. Aggressive is more flexible, but less secure. Only for IkeV1 or Auto.\n choices: [ 'main', 'aggressive' ]\n type: str\n myid_type:\n description: Local identifier type.\n default: 'myaddress'\n choices: [ 'myaddress', 'address', 'fqdn', 'user_fqdn', 'asn1dn', 'keyid tag', 'dyn_dns', 'auto' ]\n type: str\n myid_data:\n description: Local identifier value.\n required: false\n type: str\n peerid_type:\n description: Remote identifier type.\n default: 'peeraddress'\n choices: [ 'any', 'peeraddress', 'address', 'fqdn', 'user_fqdn', 'asn1dn', 'keyid tag', 'auto' ]\n type: str\n peerid_data:\n description: Remote identifier value.\n required: false\n type: str\n certificate:\n description: a certificate previously configured\n required: false\n type: str\n certificate_authority:\n description: a certificate authority previously configured\n required: false\n type: str\n preshared_key:\n description: This key must match on both peers.\n required: false\n type: str\n lifetime:\n description: The lifetime defines how often the connection will be rekeyed, in seconds.\n default: 28800\n type: int\n rekey_time:\n description: Time, in seconds, before an IKE SA establishes new keys.\n required: False\n type: int\n reauth_time:\n description: Time, in seconds, before an IKE SA is torn down and recreated from scratch, including authentication.\n required: False\n type: int\n rand_time:\n description: A random value up to this amount will be subtracted from Rekey Time/Reauth Time to avoid simultaneous renegotiation.\n required: False\n type: int\n disable_rekey:\n description: Disables renegotiation when a connection is about to expire (deprecated with pfSense 2.5.0)\n required: false\n type: bool\n margintime:\n description: How long before connection expiry or keying-channel expiry should attempt to negotiate a replacement begin (deprecated with pfSense 2.5.0)\n required: false\n type: int\n startaction:\n description: Set this option to force specific initiation/responder behavior for child SA (P2) entries. New in pfSense 2.5.2.\n default: ''\n choices: [ '', 'none', 'start', 'trap' ]\n type: str\n closeaction:\n description: Set this option to control the behavior when the remote peer unexpectedly closes a child SA (P2). New in pfSense 2.5.2.\n default: ''\n choices: [ '', 'none', 'start', 'trap' ]\n type: str\n version_added: 0.5.2\n responderonly:\n description: Enable this option to never initiate this connection from this side, only respond to incoming requests. Removed in pfSense 2.5.2.\n required: false\n type: bool\n disable_reauth:\n description: (IKEv2 only) Whether rekeying of an IKE_SA should also reauthenticate the peer. In IKEv1, reauthentication is always done.\n default: false\n type: bool\n mobike:\n description: (IKEv2 only) Set this option to control the use of MOBIKE\n default: 'off'\n choices: [ 'on', 'off' ]\n type: str\n gw_duplicates:\n description: Allow multiple phase 1 configurations with the same endpoint\n required: false\n type: bool\n splitconn:\n description: (IKEv2 only) Enable this to split connection entries with multiple phase 2 configurations\n default: false\n type: bool\n nat_traversal:\n description:\n Set this option to enable the use of NAT-T (i.e. the encapsulation of ESP in UDP packets) if needed,\n which can help with clients that are behind restrictive firewalls.\n default: 'on'\n choices: [ 'on', 'force' ]\n type: str\n enable_dpd:\n description: Enable dead peer detection\n default: True\n type: bool\n dpd_delay:\n description: Delay between requesting peer acknowledgement.\n default: 10\n type: int\n dpd_maxfail:\n description: Number of consecutive failures allowed before disconnect.\n default: 5\n type: int\n descr:\n description: The description of the IPsec tunnel\n default: null\n required: True\n type: str\n state:\n description: State in which to leave the IPsec tunnel\n choices: [ \"present\", \"absent\" ]\n default: present\n type: str\n apply:\n description: Apply VPN configuration on target pfSense\n default: True\n type: bool\n aggregated_ipsec_proposals:\n description: Dict of IPsec proposals to apply on the target\n required: False\n type: list\n elements: dict\n suboptions:\n encryption:\n description:\n Encryption algorithm. aes128gcm, aes192gcm and aes256gcm can only be used with IKEv2 tunnels.\n Blowfish, 3DES and CAST128 provide weak security and should be avoided.\n required: True\n choices: [ 'aes', 'aes128gcm', 'aes192gcm', 'aes256gcm', 'blowfish', '3des', 'cast128' ]\n type: str\n key_length:\n description: Encryption key length\n required: False\n choices: [ 64, 96, 128, 192, 256 ]\n type: int\n hash:\n description: Hash algorithm. MD5 and SHA1 provide weak security and should be avoided.\n required: True\n choices: [ 'md5', 'sha1', 'sha256', 'sha384', 'sha512', 'aesxcbc' ]\n type: str\n prf:\n description: PRF algorithm. Manual PRF selection is not required, but can be useful in combination with AEAD Encryption Algorithms such as AES-GCM\n required: False\n choices: [ 'md5', 'sha1', 'sha256', 'sha384', 'sha512', 'aesxcbc' ]\n type: str\n dhgroup:\n description: DH group. DH groups 1, 2, 22, 23, and 24 provide weak security and should be avoided.\n required: True\n choices: [ 1, 2, 5, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 28, 29, 30, 31, 32 ]\n type: int\n descr:\n description: The description of the IPsec tunnel on which to create/delete the proposal.\n default: null\n type: str\n state:\n description: State in which to leave the IPsec proposal.\n choices: [ \"present\", \"absent\" ]\n default: present\n type: str\n apply:\n description: Apply VPN configuration on target pfSense\n default: True\n type: bool\n aggregated_ipsec_p2s:\n description: Dict of IPsec tunnels phase 2 options to apply on the target\n required: False\n type: list\n elements: dict\n suboptions:\n disabled:\n description: Set this option to disable this phase2 without removing it from the list.\n required: false\n type: bool\n default: false\n mode:\n description: Method for managing IPsec traffic\n required: False\n choices: [ 'tunnel', 'tunnel6', 'transport', 'vti' ]\n type: str\n local:\n description: Local network component of this IPsec security association.\n required: False\n type: str\n nat:\n description: If NAT/BINAT is required on the local network specify the address to be translated\n required: False\n type: str\n remote:\n description: Remote network component of this IPsec security association.\n required: False\n type: str\n protocol:\n description: Encapsulating Security Payload (ESP) is encryption, Authentication Header (AH) is authentication only.\n default: 'esp'\n choices: [ 'esp', 'ah' ]\n type: str\n aes:\n description: Set this option to enable AES encryption.\n required: false\n type: bool\n aes_len:\n description: AES encryption key length\n required: False\n choices: [ 'auto', '128', '192', '256' ]\n type: str\n aes128gcm:\n description: Set this option to enable AES128-GCM encryption.\n required: false\n type: bool\n aes128gcm_len:\n description: AES128-GCM encryption key length\n required: False\n choices: [ 'auto', '64', '96', '128' ]\n type: str\n aes192gcm:\n description: Set this option to enable AES192-GCM encryption.\n required: false\n type: bool\n aes192gcm_len:\n description: AES192-GCM encryption key length\n required: False\n choices: [ 'auto', '64', '96', '128' ]\n type: str\n aes256gcm:\n description: Set this option to enable AES256-GCM encryption.\n required: false\n type: bool\n aes256gcm_len:\n description: AES256-GCM encryption key length\n required: False\n choices: [ 'auto', '64', '96', '128' ]\n type: str\n blowfish:\n description: Set this option to enable Blowfish encryption.\n required: false\n type: bool\n blowfish_len:\n description: AES encryption key length\n required: False\n choices: [ 'auto', '128', '192', '256' ]\n type: str\n des:\n description: Set this option to enable 3DES encryption.\n required: false\n type: bool\n cast128:\n description: Set this option to enable CAST128 encryption.\n required: false\n type: bool\n sha1:\n description: Set this option to enable SHA1 hashing.\n required: false\n type: bool\n sha256:\n description: Set this option to enable SHA256 hashing.\n required: false\n type: bool\n sha384:\n description: Set this option to enable SHA384 hashing.\n required: false\n type: bool\n sha512:\n description: Set this option to enable SHA512 hashing.\n required: false\n type: bool\n aesxcbc:\n description: Set this option to enable AES-XCBC hashing.\n required: false\n type: bool\n pfsgroup:\n description: PFS key group, 0 for off. DH groups 1, 2, 22, 23, and 24 provide weak security and should be avoided.\n default: '14'\n choices: [ '0', '1', '2', '5', '14', '15', '16', '17', '18', '19', '20', '21', '22', '23', '24', '28', '29', '30', '31', '32' ]\n type: str\n lifetime:\n description: Specifies how often the connection must be rekeyed, in seconds\n default: 3600\n type: int\n pinghost:\n description: Automatically ping host\n required: False\n type: str\n descr:\n description: The description of the IPsec tunnel phase2\n required: True\n type: str\n p1_descr:\n description: The description of the IPsec tunnel\n required: true\n type: str\n state:\n description: State in which to leave the IPsec tunnel phase2\n choices: [ \"present\", \"absent\" ]\n default: present\n type: str\n apply:\n description: Apply VPN configuration on target pfSense\n default: True\n type: bool\n purge_ipsecs:\n description: delete all the IPsec tunnels that are not defined into aggregated_ipsecs\n required: False\n default: False\n type: bool\n purge_ipsec_proposals:\n description: delete all the phase1 proposals that are not defined into aggregated_ipsec_proposals\n required: False\n default: False\n type: bool\n purge_ipsec_p2s:\n description: delete all the phase2 that are not defined into aggregated_ipsec_p2s\n required: False\n default: False\n type: bool\n apply:\n description: Apply VPN configuration on target pfSense\n default: True\n type: bool\n\"\"\"\n\nEXAMPLES = \"\"\"\n- name: \"Setup two tunnels with two proposals and and two phase 2 each, and delete everything else\"\n pfsense_ipsec_aggregate:\n purge_ipsecs: true\n purge_ipsec_proposals: true\n purge_ipsec_p2s: true\n aggregated_ipsecs:\n - { descr: t1, interface: wan, remote_gateway: 1.3.3.1, iketype: ikev2, authentication_method: pre_shared_key, preshared_key: azerty123 }\n - { descr: t2, interface: wan, remote_gateway: 1.3.4.1, iketype: ikev2, authentication_method: pre_shared_key, preshared_key: qwerty123 }\n aggregated_ipsec_proposals:\n - { descr: t1, encryption: aes, key_length: 128, hash: md5, dhgroup: 14}\n - { descr: t2, encryption: 3des, hash: sha512, dhgroup: 14}\n aggregated_ipsec_p2s:\n - { descr: t1_p2_1, p1_descr: t1, mode: tunnel, local: 1.2.3.4/24, remote: 10.20.30.40/24, aes: True, aes_len: auto, sha256: True }\n - { descr: t1_p2_2, p1_descr: t1, mode: tunnel, local: 1.2.3.4/24, remote: 10.20.30.50/24, aes: True, aes_len: auto, sha256: True }\n - { descr: t2_p2_1, p1_descr: t2, mode: tunnel, local: 1.2.3.4/24, remote: 10.20.40.40/24, aes: True, aes_len: auto, sha256: True }\n - { descr: t2_p2_2, p1_descr: t2, mode: tunnel, local: 1.2.3.4/24, remote: 10.20.40.50/24, aes: True, aes_len: auto, sha256: True }\n\"\"\"\n\nRETURN = \"\"\"\nresult_ipsecs:\n description: the set of separators commands that would be pushed to the remote device (if pfSense had a CLI)\n returned: success\n type: list\n sample: [\"create ipsec 'test_tunnel', iketype='ikev2', protocol='inet', interface='wan', remote_gateway='1.2.3.4', ...\", \"delete ipsec 'test_tunnel'\"]\nresult_ipsec_proposals:\n description: the set of commands that would be pushed to the remote device (if pfSense had a CLI)\n returned: success\n type: list\n sample: [\n \"create ipsec_proposal on 'test_tunnel', encryption='aes128gcm', key_length=128, hash='sha256', dhgroup='14'\",\n \"delete ipsec_proposal on 'test_tunnel', encryption='aes128gcm', key_length=128, hash='sha256', dhgroup='14'\",\n ]\nresult_ipsec_p2s:\n description: the set of commands that would be pushed to the remote device (if pfSense had a CLI)\n returned: success\n type: list\n sample: [\"create ipsec_p2 'test_p2' on 'test_tunnel', disabled='False', mode='vti', local='1.2.3.1', ...\", \"delete ipsec_p2 'test_p2' on 'test_tunnel'\"]\n\"\"\"\n\nfrom ansible_collections.pfsensible.core.plugins.module_utils.pfsense import PFSenseModule\nfrom ansible_collections.pfsensible.core.plugins.module_utils.ipsec import PFSenseIpsecModule, IPSEC_ARGUMENT_SPEC, IPSEC_REQUIRED_IF\nfrom ansible_collections.pfsensible.core.plugins.module_utils.ipsec_proposal import PFSenseIpsecProposalModule\nfrom ansible_collections.pfsensible.core.plugins.module_utils.ipsec_proposal import IPSEC_PROPOSAL_ARGUMENT_SPEC\nfrom ansible_collections.pfsensible.core.plugins.module_utils.ipsec_proposal import IPSEC_PROPOSAL_REQUIRED_IF\nfrom ansible_collections.pfsensible.core.plugins.module_utils.ipsec_p2 import PFSenseIpsecP2Module\nfrom ansible_collections.pfsensible.core.plugins.module_utils.ipsec_p2 import IPSEC_P2_ARGUMENT_SPEC\nfrom ansible_collections.pfsensible.core.plugins.module_utils.ipsec_p2 import IPSEC_P2_REQUIRED_IF\n\nfrom ansible.module_utils.basic import AnsibleModule\nfrom copy import deepcopy\n\n\nclass PFSenseModuleIpsecAggregate(object):\n \"\"\" module managing pfsense aggregated IPsec tunnels, phases 1, phases 2 and proposals \"\"\"\n\n def __init__(self, module):\n self.module = module\n self.pfsense = PFSenseModule(module)\n self.pfsense_ipsec = PFSenseIpsecModule(module, self.pfsense)\n self.pfsense_ipsec_proposal = PFSenseIpsecProposalModule(module, self.pfsense)\n self.pfsense_ipsec_p2 = PFSenseIpsecP2Module(module, self.pfsense)\n\n def _update(self):\n if self.pfsense_ipsec.result['changed'] or self.pfsense_ipsec_proposal.result['changed'] or self.pfsense_ipsec_p2.result['changed']:\n return self.pfsense.apply_ipsec_changes()\n\n return ('', '', '')\n\n @staticmethod\n def want_ipsec(ipsec_elt, ipsecs):\n \"\"\" return True if we want to keep ipsec_elt \"\"\"\n descr = ipsec_elt.find('descr')\n\n if descr is None:\n return True\n\n for ipsec in ipsecs:\n if ipsec['state'] == 'absent':\n continue\n if ipsec['descr'] == descr.text:\n return True\n return False\n\n def proposal_elt_to_params(self, ipsec_elt, proposal_elt):\n \"\"\" return the pfsense_ipsec_proposal params corresponding the proposal_elt \"\"\"\n params = {}\n proposal = self.pfsense.element_to_dict(proposal_elt)\n params['encryption'] = proposal['encryption-algorithm']['name']\n params['key_length'] = proposal['encryption-algorithm'].get('keylen')\n if params['key_length'] is not None:\n if params['key_length'] == '':\n params['key_length'] = None\n else:\n params['key_length'] = int(params['key_length'])\n params['hash'] = proposal['hash-algorithm']\n params['dhgroup'] = int(proposal['dhgroup'])\n descr_elt = ipsec_elt.find('descr')\n if descr_elt is None:\n params['descr'] = ''\n else:\n params['descr'] = descr_elt.text\n\n if self.pfsense.is_at_least_2_5_0():\n params['prf'] = proposal['prf-algorithm']\n\n return params\n\n def want_ipsec_proposal(self, ipsec_elt, proposal_elt, proposals):\n \"\"\" return True if we want to keep proposal_elt \"\"\"\n params_from_elt = self.proposal_elt_to_params(ipsec_elt, proposal_elt)\n params_from_elt['state'] = 'present'\n\n if proposals is not None:\n for proposal in proposals:\n _proposal = deepcopy(proposal)\n _proposal.pop('apply', None)\n if not self.pfsense.is_at_least_2_5_0():\n _proposal.pop('prf', None)\n elif _proposal.get('prf') is None:\n _proposal.pop('prf', None)\n params_from_elt.pop('prf', None)\n\n if params_from_elt == _proposal:\n return True\n\n return False\n\n def want_ipsec_phase2(self, phase2_elt, phases2):\n \"\"\" return True if we want to keep proposal_elt \"\"\"\n ikeid_elt = phase2_elt.find('ikeid')\n descr = phase2_elt.find('descr')\n\n if descr is None or ikeid_elt is None:\n return True\n\n phase1_elt = self.pfsense.find_ipsec_phase1(ikeid_elt.text, 'ikeid')\n if phase1_elt is None:\n return True\n phase1_descr_elt = phase1_elt.find('descr')\n if phase1_descr_elt is None:\n return True\n p1_descr = phase1_descr_elt.text\n\n if phases2 is not None:\n for phase2 in phases2:\n if phase2['state'] == 'absent':\n continue\n if phase2['descr'] == descr.text and phase2['p1_descr'] == p1_descr:\n return True\n return False\n\n def run_ipsecs(self):\n \"\"\" process input params to add/update/delete all IPsec tunnels \"\"\"\n want = self.module.params['aggregated_ipsecs']\n\n # processing aggregated parameter\n if want is not None:\n for param in want:\n self.pfsense_ipsec.run(param)\n\n # delete every other if required\n if self.module.params['purge_ipsecs']:\n todel = []\n for ipsec_elt in self.pfsense_ipsec.root_elt:\n if ipsec_elt.tag != 'phase1':\n continue\n if not self.want_ipsec(ipsec_elt, want):\n params = {}\n params['state'] = 'absent'\n params['apply'] = False\n params['descr'] = ipsec_elt.find('descr').text\n params['ikeid'] = ipsec_elt.find('ikeid').text\n todel.append(params)\n\n for params in todel:\n self.pfsense_ipsec.run(params)\n\n def run_ipsec_proposals(self):\n \"\"\" process input params to add/update/delete all IPsec tunnels \"\"\"\n want = self.module.params['aggregated_ipsec_proposals']\n\n # processing aggregated parameter\n if want is not None:\n for param in want:\n self.pfsense_ipsec_proposal.run(param)\n\n # delete every other if required\n if self.module.params['purge_ipsec_proposals']:\n todel = []\n for ipsec_elt in self.pfsense_ipsec_proposal.ipsec:\n if ipsec_elt.tag != 'phase1':\n continue\n\n encryption_elt = ipsec_elt.find('encryption')\n if encryption_elt is None:\n continue\n\n items_elt = encryption_elt.findall('item')\n for proposal_elt in items_elt:\n if not self.want_ipsec_proposal(ipsec_elt, proposal_elt, want):\n params = self.proposal_elt_to_params(ipsec_elt, proposal_elt)\n params['state'] = 'absent'\n params['apply'] = False\n params['descr'] = ipsec_elt.find('descr').text\n params['ikeid'] = ipsec_elt.find('ikeid').text\n todel.append(params)\n\n for params in todel:\n self.pfsense_ipsec_proposal.run(params)\n\n def run_ipsec_p2s(self):\n \"\"\" process input params to add/update/delete all IPsec tunnels \"\"\"\n want = self.module.params['aggregated_ipsec_p2s']\n\n # processing aggregated parameter\n if want is not None:\n for param in want:\n self.pfsense_ipsec_p2.run(param)\n\n # delete every other if required\n if self.module.params['purge_ipsec_p2s']:\n todel = []\n for phase2_elt in self.pfsense_ipsec_p2.root_elt:\n if phase2_elt.tag != 'phase2':\n continue\n if not self.want_ipsec_phase2(phase2_elt, want):\n params = {}\n params['state'] = 'absent'\n params['apply'] = False\n params['descr'] = phase2_elt.find('descr').text\n params['p1_descr'] = self.pfsense.find_ipsec_phase1(phase2_elt.find('ikeid').text, 'ikeid').find('descr').text\n params['ikeid'] = phase2_elt.find('ikeid').text\n todel.append(params)\n\n for params in todel:\n self.pfsense_ipsec_p2.run(params)\n\n def commit_changes(self):\n \"\"\" apply changes and exit module \"\"\"\n stdout = ''\n stderr = ''\n changed = self.pfsense_ipsec.result['changed'] or self.pfsense_ipsec_proposal.result['changed'] or self.pfsense_ipsec_p2.result['changed']\n\n if changed and not self.module.check_mode:\n self.pfsense.write_config(descr='aggregated change')\n if self.module.params['apply']:\n (dummy, stdout, stderr) = self._update()\n\n result = {}\n result['result_ipsecs'] = self.pfsense_ipsec.result['commands']\n result['result_ipsec_proposals'] = self.pfsense_ipsec_proposal.result['commands']\n result['result_ipsec_p2s'] = self.pfsense_ipsec_p2.result['commands']\n result['changed'] = changed\n result['stdout'] = stdout\n result['stderr'] = stderr\n self.module.exit_json(**result)\n\n\ndef main():\n argument_spec = dict(\n aggregated_ipsecs=dict(type='list', elements='dict', options=IPSEC_ARGUMENT_SPEC, required_if=IPSEC_REQUIRED_IF),\n aggregated_ipsec_proposals=dict(type='list', elements='dict', options=IPSEC_PROPOSAL_ARGUMENT_SPEC, required_if=IPSEC_PROPOSAL_REQUIRED_IF),\n aggregated_ipsec_p2s=dict(type='list', elements='dict', options=IPSEC_P2_ARGUMENT_SPEC, required_if=IPSEC_P2_REQUIRED_IF),\n purge_ipsecs=dict(default=False, type='bool'),\n purge_ipsec_proposals=dict(default=False, type='bool'),\n purge_ipsec_p2s=dict(default=False, type='bool'),\n apply=dict(default=True, type='bool'),\n )\n\n required_one_of = [['aggregated_ipsecs', 'aggregated_ipsec_proposals', 'aggregated_ipsec_p2s']]\n\n module = AnsibleModule(\n argument_spec=argument_spec,\n required_one_of=required_one_of,\n supports_check_mode=True)\n\n pfmodule = PFSenseModuleIpsecAggregate(module)\n\n pfmodule.run_ipsecs()\n pfmodule.run_ipsec_proposals()\n pfmodule.run_ipsec_p2s()\n\n pfmodule.commit_changes()\n\n\nif __name__ == '__main__':\n main()\n"
},
{
"path": "plugins/modules/pfsense_ipsec_p2.py",
"content": "#!/usr/bin/python\n# -*- coding: utf-8 -*-\n\n# Copyright: (c) 2019, Frederic Bor \n# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)\n\nfrom __future__ import absolute_import, division, print_function\n__metaclass__ = type\n\nANSIBLE_METADATA = {'metadata_version': '1.1',\n 'status': ['preview'],\n 'supported_by': 'community'}\n\nDOCUMENTATION = \"\"\"\n---\nmodule: pfsense_ipsec_p2\nversion_added: 0.1.0\nauthor: Frederic Bor (@f-bor)\nshort_description: Manage pfSense IPsec tunnels phase 2 options\ndescription:\n - Manage pfSense IPsec tunnels phase 2 options\nnotes:\noptions:\n disabled:\n description: Set this option to disable this phase2 without removing it from the list.\n required: false\n type: bool\n default: false\n mode:\n description: Method for managing IPsec traffic\n required: False\n choices: [ 'tunnel', 'tunnel6', 'transport', 'vti' ]\n type: str\n local:\n description: Local network component of this IPsec security association.\n required: False\n type: str\n nat:\n description: If NAT/BINAT is required on the local network specify the address to be translated\n required: False\n type: str\n remote:\n description: Remote network component of this IPsec security association.\n required: False\n type: str\n protocol:\n description: Encapsulating Security Payload (ESP) is encryption, Authentication Header (AH) is authentication only.\n default: 'esp'\n choices: [ 'esp', 'ah' ]\n type: str\n aes:\n description: Set this option to enable AES encryption.\n required: false\n type: bool\n aes_len:\n description: AES encryption key length\n required: False\n choices: [ 'auto', '128', '192', '256' ]\n type: str\n aes128gcm:\n description: Set this option to enable AES128-GCM encryption.\n required: false\n type: bool\n aes128gcm_len:\n description: AES128-GCM encryption key length\n required: False\n choices: [ 'auto', '64', '96', '128' ]\n type: str\n aes192gcm:\n description: Set this option to enable AES192-GCM encryption.\n required: false\n type: bool\n aes192gcm_len:\n description: AES192-GCM encryption key length\n required: False\n choices: [ 'auto', '64', '96', '128' ]\n type: str\n aes256gcm:\n description: Set this option to enable AES256-GCM encryption.\n required: false\n type: bool\n aes256gcm_len:\n description: AES256-GCM encryption key length\n required: False\n choices: [ 'auto', '64', '96', '128' ]\n type: str\n blowfish:\n description: Set this option to enable Blowfish encryption.\n required: false\n type: bool\n blowfish_len:\n description: AES encryption key length\n required: False\n choices: [ 'auto', '128', '192', '256' ]\n type: str\n des:\n description: Set this option to enable 3DES encryption.\n required: false\n type: bool\n cast128:\n description: Set this option to enable CAST128 encryption.\n required: false\n type: bool\n sha1:\n description: Set this option to enable SHA1 hashing.\n required: false\n type: bool\n sha256:\n description: Set this option to enable SHA256 hashing.\n required: false\n type: bool\n sha384:\n description: Set this option to enable SHA384 hashing.\n required: false\n type: bool\n sha512:\n description: Set this option to enable SHA512 hashing.\n required: false\n type: bool\n aesxcbc:\n description: Set this option to enable AES-XCBC hashing.\n required: false\n type: bool\n pfsgroup:\n description: PFS key group, 0 for off. DH groups 1, 2, 22, 23, and 24 provide weak security and should be avoided.\n default: '14'\n choices: [ '0', '1', '2', '5', '14', '15', '16', '17', '18', '19', '20', '21', '22', '23', '24', '28', '29', '30', '31', '32' ]\n type: str\n lifetime:\n description: Specifies how often the connection must be rekeyed, in seconds\n default: 3600\n type: int\n pinghost:\n description: Automatically ping host\n required: False\n type: str\n descr:\n description: The description of the IPsec tunnel phase2\n required: true\n type: str\n p1_descr:\n description: The description of the IPsec tunnel\n required: true\n type: str\n state:\n description: State in which to leave the IPsec tunnel phase2\n choices: [ \"present\", \"absent\" ]\n default: present\n type: str\n apply:\n description: Apply VPN configuration on target pfSense\n default: True\n type: bool\n\"\"\"\n\n\nEXAMPLES = \"\"\"\n- name: Add simple phase2\n pfsense_ipsec_p2:\n p1_descr: test_tunnel\n descr: test_p2\n state: present\n apply: False\n mode: vti\n local: 1.2.3.1\n remote: 1.2.3.2\n aes: True\n aes_len: auto\n sha256: True\n\n- name: Remove phase2\n pfsense_ipsec_p2:\n state: absent\n p1_descr: test_tunnel\n descr: test_p2\n apply: False\n\"\"\"\n\nRETURN = \"\"\"\ncommands:\n description: the set of commands that would be pushed to the remote device (if pfSense had a CLI)\n returned: always\n type: list\n sample: [\"create ipsec_p2 'test_p2' on 'test_tunnel', disabled='False', mode='vti', local='1.2.3.1', ...\", \"delete ipsec_p2 'test_p2' on 'test_tunnel'\"]\n\"\"\"\n\nfrom ansible.module_utils.basic import AnsibleModule\nfrom ansible_collections.pfsensible.core.plugins.module_utils.ipsec_p2 import PFSenseIpsecP2Module, IPSEC_P2_ARGUMENT_SPEC, IPSEC_P2_REQUIRED_IF\n\n\ndef main():\n module = AnsibleModule(\n argument_spec=IPSEC_P2_ARGUMENT_SPEC,\n required_if=IPSEC_P2_REQUIRED_IF,\n supports_check_mode=True)\n\n pfmodule = PFSenseIpsecP2Module(module)\n pfmodule.run(module.params)\n pfmodule.commit_changes()\n\n\nif __name__ == '__main__':\n main()\n"
},
{
"path": "plugins/modules/pfsense_ipsec_proposal.py",
"content": "#!/usr/bin/python\n# -*- coding: utf-8 -*-\n\n# Copyright: (c) 2019, Frederic Bor \n# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)\n\nfrom __future__ import absolute_import, division, print_function\n__metaclass__ = type\n\nANSIBLE_METADATA = {'metadata_version': '1.1',\n 'status': ['preview'],\n 'supported_by': 'community'}\n\nDOCUMENTATION = \"\"\"\n---\nmodule: pfsense_ipsec_proposal\nversion_added: 0.1.0\nauthor: Frederic Bor (@f-bor)\nshort_description: Manage pfSense IPsec proposals\ndescription:\n - Manage pfSense IPsec proposals\nnotes:\noptions:\n encryption:\n description:\n Encryption algorithm. aes128gcm, aes192gcm and aes256gcm can only be used with IKEv2 tunnels.\n Blowfish, 3DES and CAST128 provide weak security and should be avoided.\n required: True\n choices: [ 'aes', 'aes128gcm', 'aes192gcm', 'aes256gcm', 'blowfish', '3des', 'cast128' ]\n type: str\n key_length:\n description: Encryption key length\n required: False\n choices: [ 64, 96, 128, 192, 256 ]\n type: int\n hash:\n description: Hash algorithm. MD5 and SHA1 provide weak security and should be avoided.\n required: True\n choices: [ 'md5', 'sha1', 'sha256', 'sha384', 'sha512', 'aesxcbc' ]\n type: str\n prf:\n description: PRF algorithm. Manual PRF selection is typically not required, but can be useful in combination with AEAD Encryption Algorithms such as AES-GCM\n required: False\n choices: [ 'md5', 'sha1', 'sha256', 'sha384', 'sha512', 'aesxcbc' ]\n type: str\n dhgroup:\n description: DH group. DH groups 1, 2, 22, 23, and 24 provide weak security and should be avoided.\n required: True\n choices: [ 1, 2, 5, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 28, 29, 30, 31, 32 ]\n type: int\n descr:\n description: The description of the IPsec tunnel on which to create/delete the proposal.\n default: null\n type: str\n state:\n description: State in which to leave the IPsec proposal.\n choices: [ \"present\", \"absent\" ]\n default: present\n type: str\n apply:\n description: Apply VPN configuration on target pfSense\n default: True\n type: bool\n\"\"\"\n\n\nEXAMPLES = \"\"\"\n- name: Add proposal\n pfsense_ipsec_proposal:\n descr: test_tunnel\n state: present\n encryption: aes128gcm\n key_length: 128\n hash: sha256\n dhgroup: 14\n apply: False\n\n- name: Remove proposal\n pfsense_ipsec_proposal:\n descr: test_tunnel\n state: absent\n encryption: aes128gcm\n key_length: 128\n hash: sha256\n dhgroup: 14\n apply: False\n\"\"\"\n\nRETURN = \"\"\"\ncommands:\n description: the set of commands that would be pushed to the remote device (if pfSense had a CLI)\n returned: always\n type: list\n sample: [\n \"create ipsec_proposal on 'test_tunnel', encryption='aes128gcm', key_length=128, hash='sha256', dhgroup='14'\",\n \"delete ipsec_proposal on 'test_tunnel', encryption='aes128gcm', key_length=128, hash='sha256', dhgroup='14'\",\n ]\n\"\"\"\n\nfrom ansible.module_utils.basic import AnsibleModule\nfrom ansible_collections.pfsensible.core.plugins.module_utils.ipsec_proposal import (\n PFSenseIpsecProposalModule,\n IPSEC_PROPOSAL_ARGUMENT_SPEC,\n IPSEC_PROPOSAL_REQUIRED_IF\n)\n\n\ndef main():\n module = AnsibleModule(\n argument_spec=IPSEC_PROPOSAL_ARGUMENT_SPEC,\n required_if=IPSEC_PROPOSAL_REQUIRED_IF,\n supports_check_mode=True)\n\n pfmodule = PFSenseIpsecProposalModule(module)\n pfmodule.run(module.params)\n pfmodule.commit_changes()\n\n\nif __name__ == '__main__':\n main()\n"
},
{
"path": "plugins/modules/pfsense_log_settings.py",
"content": "#!/usr/bin/python\n# -*- coding: utf-8 -*-\n\n# Copyright: (c) 2018, Frederic Bor \n# Copyright: (c) 2021, Jan Wenzel \n# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)\n\nfrom __future__ import absolute_import, division, print_function\n__metaclass__ = type\n\n\nANSIBLE_METADATA = {'metadata_version': '1.1',\n 'status': ['preview'],\n 'supported_by': 'community'}\n\nDOCUMENTATION = \"\"\"\n---\nmodule: pfsense_log_settings\nversion_added: \"0.4.2\"\nauthor: Jan Wenzel (@coffeelover)\nshort_description: Manage pfSense syslog settings\ndescription:\n - Manage pfSense syslog settings\nnotes:\noptions:\n logformat:\n description: Log Message Format\n required: false\n type: str\n choices: ['rfc3164', 'rfc5424']\n reverse:\n description: Show log entries in reverse order (newest entries on top)\n required: false\n type: bool\n nentries:\n description: GUI Log Entries\n required: false\n type: int\n nologdefaultblock:\n description: Don't log packets that are blocked by the implicit default block rule.\n required: false\n type: bool\n nologdefaultpass:\n description: Don't log packets that are allowed by the implicit default pass rule.\n required: false\n type: bool\n nologbogons:\n description: Don't log packets blocked by 'Block Bogon Networks' rules.\n required: false\n type: bool\n nologprivatenets:\n description: Don't log packets blocked by 'Block Private Networks' rules.\n required: false\n type: bool\n nologlinklocal4:\n description: Don't log packets blocked by the default 'Block IPv4 link-local' rules.\n required: false\n type: bool\n version_added: \"0.7.1\"\n nologsnort2c:\n description: Don't log packets that are blocked by IDS.\n required: false\n type: bool\n version_added: \"0.7.1\"\n nolognginx:\n description: Don't log errors from the web server process.\n required: false\n type: bool\n logconfigchanges:\n description: Log changes to the configuration.\n required: false\n type: bool\n version_added: \"0.7.1\"\n rawfilter:\n description: Show raw filter logs.\n required: false\n type: bool\n filterdescriptions:\n description: Where to show rule descriptions.\n required: false\n type: int\n choices: [0,1,2]\n disablelocallogging:\n description: Disable writing log files to the local disk\n required: false\n type: bool\n logfilesize:\n description: Log Rotation Size (Bytes)\n required: false\n type: int\n logcompressiontype:\n description: The type of compression to use when rotating log files\n required: false\n type: str\n choices: ['bzip2', 'gzip', 'xz', 'zstd', 'none']\n rotatecount:\n description: The number of log files to keep before the oldest copy is removed on rotation\n required: false\n type: int\n enable:\n description: Enable Remote logging\n required: false\n type: bool\n sourceip:\n description: Source Address\n required: false\n type: str\n ipproto:\n description: IP Protocol\n required: false\n type: str\n choices: ['ipv4', 'ipv6']\n remoteserver:\n description: First Remote log server (IP Address or Hostname/FQDN)\n required: false\n type: str\n remoteserver2:\n description: Second Remote log server (IP Address or Hostname/FQDN)\n required: false\n type: str\n remoteserver3:\n description: Third Remote log server (IP Address or Hostname/FQDN)\n required: false\n type: str\n logall:\n description: Log Everything\n required: false\n type: bool\n system:\n description: Include System Events\n required: false\n type: bool\n logfilter:\n description: Include Firewall Events\n required: false\n type: bool\n resolver:\n description: Include DNS Events (Resolver/unbound, Forwarder/dnsmasq, filterdns)\n required: false\n type: bool\n dhcp:\n description: Include DHCP Events (DHCP Daemon, DHCP Relay, DHCP Client)\n required: false\n type: bool\n ppp:\n description: Include PPP Events (PPPoE WAN Client, L2TP WAN Client, PPTP WAN Client)\n required: false\n type: bool\n auth:\n description: Include General Authentication Events\n required: false\n type: bool\n portalauth:\n description: Include Captive Portal Events\n required: false\n type: bool\n vpn:\n description: Include VPN Events (IPsec, OpenVPN, L2TP, PPPoE Server)\n required: false\n type: bool\n dpinger:\n description: Include Gateway Monitor Events\n required: false\n type: bool\n routing:\n description: Include Routing Daemon Events (RADVD, UPnP, RIP, OSPF, BGP)\n required: false\n type: bool\n ntpd:\n description: Include Network Time Protocol Events (NTP Daemon, NTP Client)\n required: false\n type: bool\n hostapd:\n description: Wireless Events (hostapd)\n required: false\n type: bool\n\"\"\"\n\nEXAMPLES = \"\"\"\n- name: setup remote syslog\n pfsense_log_settings:\n enable: true\n remoteserver: syslog.example.com\n disablelocallogging: true\n logall: true\n\n- name: always log default pass traffic\n pfsense_log_settings:\n nologdefaultpass: false\n\"\"\"\n\nRETURN = \"\"\"\ncommands:\n description: the set of commands that would be pushed to the remote device (if pfSense had a CLI)\n returned: always\n type: list\n sample: [\"update log_settings syslog set logformat='rfc5424', rotatecount='8'\"]\n\"\"\"\n\nimport re\nfrom copy import deepcopy\nfrom ansible.module_utils.basic import AnsibleModule\nfrom ansible_collections.pfsensible.core.plugins.module_utils.module_base import PFSenseModuleBase\n\nLOG_SETTINGS_ARGUMENT_SPEC = dict(\n logformat=dict(required=False, type='str',\n choices=['rfc3164', 'rfc5424']),\n reverse=dict(required=False, type='bool'),\n nentries=dict(required=False, type='int'),\n nologdefaultblock=dict(required=False, type='bool'),\n nologdefaultpass=dict(required=False, type='bool'),\n nologbogons=dict(required=False, type='bool'),\n nologprivatenets=dict(required=False, type='bool'),\n nologlinklocal4=dict(required=False, type='bool'),\n nologsnort2c=dict(required=False, type='bool'),\n nolognginx=dict(required=False, type='bool'),\n logconfigchanges=dict(required=False, type='bool'),\n rawfilter=dict(required=False, type='bool'),\n filterdescriptions=dict(required=False, type='int',\n choices=[0, 1, 2]),\n disablelocallogging=dict(required=False, type='bool'),\n logfilesize=dict(required=False, type='int'),\n logcompressiontype=dict(required=False, type='str',\n choices=['bzip2', 'gzip', 'xz', 'zstd', 'none']),\n rotatecount=dict(required=False, type='int'),\n enable=dict(required=False, type='bool'),\n sourceip=dict(required=False, type='str'),\n ipproto=dict(required=False, type='str',\n choices=['ipv4', 'ipv6']),\n remoteserver=dict(required=False, type='str'),\n remoteserver2=dict(required=False, type='str'),\n remoteserver3=dict(required=False, type='str'),\n logall=dict(required=False, type='bool'),\n system=dict(required=False, type='bool'),\n logfilter=dict(required=False, type='bool'),\n resolver=dict(required=False, type='bool'),\n dhcp=dict(required=False, type='bool'),\n ppp=dict(required=False, type='bool'),\n auth=dict(required=False, type='bool'),\n portalauth=dict(required=False, type='bool'),\n vpn=dict(required=False, type='bool'),\n dpinger=dict(required=False, type='bool'),\n routing=dict(required=False, type='bool'),\n ntpd=dict(required=False, type='bool'),\n hostapd=dict(required=False, type='bool'),\n)\n\n# rename the reserved words with log prefix\nparams_map = {\n 'logformat': 'format',\n 'logfilter': 'filter',\n}\n\n# fields with inverted logic\ninverted_list = ['nologdefaultpass']\n\n\nclass PFSenseLogSettingsModule(PFSenseModuleBase):\n \"\"\" module managing pfsense log settings \"\"\"\n\n @staticmethod\n def get_argument_spec():\n \"\"\" return argument spec \"\"\"\n return LOG_SETTINGS_ARGUMENT_SPEC\n\n ##############################\n # init\n #\n def __init__(self, module, pfsense=None):\n super(PFSenseLogSettingsModule, self).__init__(module, pfsense)\n self.name = \"log_settings\"\n self.root_elt = self.pfsense.get_element('syslog')\n self.target_elt = self.root_elt\n self.params = dict()\n self.obj = dict()\n self.before = None\n self.before_elt = None\n self.route_cmds = list()\n self.params_to_delete = list()\n\n ##############################\n # params processing\n #\n def _params_to_obj(self):\n \"\"\" return a dict from module params \"\"\"\n params = self.params\n\n obj = self.pfsense.element_to_dict(self.root_elt)\n self.before = deepcopy(obj)\n self.before_elt = deepcopy(self.root_elt)\n\n def _set_param(target, param):\n # get possibly mapped settings name\n _param = params_map.get(param, param)\n if params.get(param) is not None:\n if param == 'sourceip':\n target[param] = self._get_source_ip_interface(params[param])\n else:\n if isinstance(params[param], str):\n target[_param] = params[param]\n else:\n target[_param] = str(params[param])\n\n def _set_param_bool(target, param):\n # get possibly mapped settings name\n _param = params_map.get(param, param)\n if params.get(param) is not None:\n value = not params.get(param) if param in inverted_list else params.get(param)\n if value is True and _param not in target:\n target[_param] = ''\n elif value is False and _param in target:\n del target[_param]\n\n for param in LOG_SETTINGS_ARGUMENT_SPEC:\n if LOG_SETTINGS_ARGUMENT_SPEC[param]['type'] == 'bool':\n _set_param_bool(obj, param)\n else:\n _set_param(obj, param)\n\n return obj\n\n def _is_interface_ip_or_descr(self, address):\n result = False\n\n if address in ['127.0.0.1', 'Localhost']:\n return True\n\n for interface_elt in self.pfsense.interfaces:\n descr = interface_elt.find('descr')\n ipaddr = interface_elt.find('ipaddr')\n\n if descr is not None and descr.text == address:\n return True\n elif ipaddr is not None and ipaddr.text == address:\n return True\n\n return result\n\n def _get_interface_by_ip_or_display_name(self, address):\n \"\"\" return interface_id by ip address or name \"\"\"\n\n if address in ['127.0.0.1', 'Localhost']:\n return 'lo0'\n\n for interface_elt in self.pfsense.interfaces:\n descr = interface_elt.find('descr')\n ipaddr = interface_elt.find('ipaddr')\n\n if descr is not None and descr.text == address:\n return interface_elt.tag\n elif ipaddr is not None and ipaddr.text == address:\n return interface_elt.tag\n\n return None\n\n def _get_source_ip_interface(self, address):\n result = None\n\n if self._is_interface_ip_or_descr(address):\n result = self._get_interface_by_ip_or_display_name(address)\n\n elif self.pfsense.is_virtual_ip(address):\n result = self.pfsense.get_virtual_ip_interface(address)\n\n return result\n\n def _validate_syslog_server(self, hostname, name):\n \"\"\" check hostname / ip address combinations with optional port \"\"\"\n if not hostname:\n return\n\n host = hostname.lower()\n contains_port = re.match(r'^(\\[.+\\]|[^:]+):[0-9]+$', host)\n if contains_port is not None:\n host, port = host.rsplit(':', 1)\n\n # check if we got a ipv6 address with port - need to remove '[' and ']'\n host = host.strip('[]')\n\n if port is not None and (int(port) <= 0 or int(port) >= 65536):\n self.module.fail_json(msg=\"Invalid port {0}\".format(port))\n\n if self.pfsense.is_ipv4_address(host):\n return\n\n if self.pfsense.is_ipv6_address(host):\n return\n\n groups = re.match(r'^(?:(?:[a-z_0-9]|[a-z_0-9][a-z_0-9\\-]*[a-z_0-9])\\.)*(?:[a-z_0-9]|[a-z_0-9][a-z_0-9\\-]*[a-z_0-9\\.])$', host)\n if groups is None:\n self.module.fail_json(msg=\"The {0} can only contain the characters A-Z, 0-9 and '-'. It may not start or end with '-'\".format(name))\n\n def _validate_params(self):\n \"\"\" do some extra checks on input parameters \"\"\"\n params = self.params\n\n if params.get('sourceip') is not None:\n address = params.get('sourceip')\n if address == '':\n return\n\n if not self.pfsense.is_virtual_ip(address) and not self._is_interface_ip_or_descr(address):\n self.module.fail_json(msg=\"sourceip: Invalid address {address}!\".format(address=params.get('sourceip')))\n\n if params.get('logall') is True:\n for log_param in ['system', 'logfilter', 'resolver',\n 'dhcp', 'ppp', 'auth', 'portalauth',\n 'vpn', 'dpinger', 'routing', 'ntpd', 'hostapd']:\n if params.get(log_param) is True:\n self.module.fail_json(msg=\"{log_param} = True is invalid when logall is True\".format(log_param=log_param))\n\n if params.get('enable') is True:\n remote_params = ['remoteserver', 'remoteserver2', 'remoteserver3']\n if params.get('remoteserver') is None and params.get('remoteserver2') is None and params.get('remoteserver3') is None:\n self.module.fail_json(msg=\"Need at least one remote syslog server when remote logging is enabled\")\n else:\n for param in remote_params:\n self._validate_syslog_server(params.get(param), param)\n\n if params.get('nentries') is not None:\n nentries = int(params.get('nentries'))\n if nentries < 5 or nentries > 200000:\n self.module.fail_json(msg=\"nentries must be an integer from 5 to 200000\")\n\n if params.get('logfilesize') is not None:\n logfilesize = int(params.get('logfilesize'))\n if logfilesize < 100000:\n self.module.fail_json(msg=\"logfilesize must be an integer greater or equal than 100000\")\n elif logfilesize >= (2 ** 32) / 2:\n self.module.fail_json(msg=\"logfilesize is too large: {logfilesize}\".format(logfilesize=logfilesize))\n\n if params.get('rotatecount') is not None:\n rotatecount = int(params.get('rotatecount'))\n if rotatecount < 0 or rotatecount > 99:\n self.module.fail_json(msg=\"rotatecount must be an integer from 0 to 99\")\n\n ##############################\n # XML processing\n #\n def _remove_deleted_params(self):\n \"\"\" Remove from target_elt a few deleted params \"\"\"\n changed = False\n for param in LOG_SETTINGS_ARGUMENT_SPEC:\n if LOG_SETTINGS_ARGUMENT_SPEC[param]['type'] == 'bool':\n _param = params_map.get(param, param)\n if self.pfsense.remove_deleted_param_from_elt(self.target_elt, _param, self.obj):\n changed = True\n\n return changed\n\n ##############################\n # run\n #\n def run(self, params):\n \"\"\" process input params to add/update/delete \"\"\"\n self.params = params\n self.target_elt = self.root_elt\n self._validate_params()\n self.obj = self._params_to_obj()\n self._add()\n\n def _update(self):\n \"\"\" make the target pfsense reload \"\"\"\n for cmd in self.route_cmds:\n self.module.run_command(cmd)\n\n cmd = '''\nrequire_once(\"filter.inc\");\n$retval = 0;\n$retval |= system_syslogd_start();'''\n\n for param in ['nologdefaultblock', 'nologdefaultpass', 'nologbogons', 'nologprivatenets', 'nologlinklocal4', 'nologsnort2c']:\n if self.params.get(param) is not None:\n if (self.params[param] and param not in self.before or not self.params[param] and param in self.before):\n cmd += '$retval |= filter_configure();\\n'\n break\n\n if self.params.get('nolognginx') is not None:\n if (self.params['nolognginx'] and 'nolognginx' not in self.before or not self.params['nolognginx'] and 'nolognginx' in self.before):\n cmd += 'ob_flush();\\n'\n cmd += 'flush();\\n'\n cmd += 'send_event(\"service restart webgui\");\\n'\n\n cmd += '$retval |= filter_pflog_start(true);\\n'\n\n return self.pfsense.phpshell(cmd)\n\n ##############################\n # Logging\n #\n @staticmethod\n def _get_obj_name():\n \"\"\" return obj's name \"\"\"\n return \"syslog\"\n\n def _log_fields(self, before=None):\n \"\"\" generate pseudo-CLI command fields parameters to create an obj \"\"\"\n values = ''\n\n for param in LOG_SETTINGS_ARGUMENT_SPEC:\n _param = params_map.get(param, param)\n if LOG_SETTINGS_ARGUMENT_SPEC[param]['type'] == 'bool':\n values += self.format_updated_cli_field(self.obj, self.before, _param, fvalue=self.fvalue_bool, add_comma=(values), log_none=False)\n else:\n values += self.format_updated_cli_field(self.obj, self.before, _param, add_comma=(values), log_none=False)\n\n return values\n\n\ndef main():\n module = AnsibleModule(\n argument_spec=LOG_SETTINGS_ARGUMENT_SPEC,\n supports_check_mode=True)\n\n pfmodule = PFSenseLogSettingsModule(module)\n pfmodule.run(module.params)\n pfmodule.commit_changes()\n\n\nif __name__ == '__main__':\n main()\n"
},
{
"path": "plugins/modules/pfsense_nat_outbound.py",
"content": "#!/usr/bin/python\n# -*- coding: utf-8 -*-\n\n# Copyright: (c) 2019, Frederic Bor \n# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)\n\nfrom __future__ import absolute_import, division, print_function\n__metaclass__ = type\n\nANSIBLE_METADATA = {'metadata_version': '1.1',\n 'status': ['preview'],\n 'supported_by': 'community'}\n\nDOCUMENTATION = \"\"\"\n---\nmodule: pfsense_nat_outbound\nversion_added: 0.1.0\nauthor: Frederic Bor (@f-bor)\nshort_description: Manage pfSense Outbound NAT (SNAT) rules\ndescription:\n - Manage pfSense Outbound NAT Entries\nnotes:\noptions:\n descr:\n description: The name of the nat rule\n required: true\n default: null\n type: str\n disabled:\n description: Is the rule disabled\n default: false\n type: bool\n nonat:\n description: This option will disable NAT for traffic matching this rule and stop processing Outbound NAT rules\n default: false\n type: bool\n interface:\n description: The interface for the rule\n required: false\n type: str\n ipprotocol:\n description: The Internet Protocol version this rule applies to.\n default: inet46\n choices: [ \"inet\", \"inet46\", \"inet6\" ]\n type: str\n protocol:\n description: Which protocol this rule should match.\n default: any\n choices: [ \"any\", \"tcp\", \"udp\", \"tcp/udp\", \"icmp\", \"esp\", \"ah\", \"gre\", \"ipv6\", \"igmp\", \"carp\", \"pfsync\" ]\n type: str\n source:\n description: The matching source address, in {any,(self),ALIAS,NETWORK,NET:INTERFACE}[:port] format.\n required: false\n default: null\n type: str\n destination:\n description: The matching destination address, in {any,ALIAS,NETWORK,NET:INTERFACE}[:port] format.\n required: false\n default: null\n type: str\n invert:\n description: Invert the sense of the destination match.\n default: false\n type: bool\n address:\n description: The translated to address, in {ALIAS,NETWORK}[:port] format. Leave address part empty to use interface address.\n required: false\n default: null\n type: str\n poolopts:\n description: When an address pool is used, there are several options available that control how NAT translations happen on the pool.\n default: \"\"\n choices: [ \"\", \"round-robin\", \"round-robin sticky-address\", \"random\", \"random sticky-address\", \"source-hash\", \"bitmask\" ]\n type: str\n source_hash_key:\n description: >\n The key that is fed to the hashing algorithm in hex format, preceeded by \"0x\", or any string.\n A non-hex string is hashed using md5 to a hexadecimal key. Defaults to a randomly generated value.\n required: false\n default: ''\n type: str\n staticnatport:\n description: Do not randomize source port\n default: false\n type: bool\n nosync:\n description: Prevents the rule on Master from automatically syncing to other CARP members. This does NOT prevent the rule from being overwritten on Slave.\n default: false\n type: bool\n state:\n description: State in which to leave the rule\n default: present\n choices: [ \"present\", \"absent\" ]\n type: str\n after:\n description: Rule to go after, or \"top\"\n type: str\n before:\n description: Rule to go before, or \"bottom\"\n type: str\n\"\"\"\n\nEXAMPLES = \"\"\"\n- name: \"Add NAT outbound traffic rule\"\n pfsense_nat_outbound:\n descr: 'NAT outbound traffic'\n interface: wan\n source: any\n destination: any\n state: present\n- name: \"Delete NAT outbound traffic rule\"\n pfsense_nat_outbound:\n descr: 'NAT outbound traffic'\n state: absent\n\"\"\"\n\nRETURN = \"\"\"\ncommands:\n description: the set of commands that would be pushed to the remote device (if pfSense had a CLI)\n returned: always\n type: list\n sample: [\"create nat_outbound 'NAT outbound traffic', interface='wan', source='any', destination='any'\", \"delete nat_outbound 'NAT outbound traffic'\"]\n\"\"\"\n\nfrom ansible.module_utils.basic import AnsibleModule\nfrom ansible_collections.pfsensible.core.plugins.module_utils.nat_outbound import (\n PFSenseNatOutboundModule,\n NAT_OUTBOUND_ARGUMENT_SPEC,\n NAT_OUTBOUND_MUTUALLY_EXCLUSIVE,\n NAT_OUTBOUND_REQUIRED_IF,\n)\n\n\ndef main():\n module = AnsibleModule(\n argument_spec=NAT_OUTBOUND_ARGUMENT_SPEC,\n mutually_exclusive=NAT_OUTBOUND_MUTUALLY_EXCLUSIVE,\n required_if=NAT_OUTBOUND_REQUIRED_IF,\n supports_check_mode=True)\n\n pfmodule = PFSenseNatOutboundModule(module)\n pfmodule.run(module.params)\n pfmodule.commit_changes()\n\n\nif __name__ == '__main__':\n main()\n"
},
{
"path": "plugins/modules/pfsense_nat_port_forward.py",
"content": "#!/usr/bin/python\n# -*- coding: utf-8 -*-\n\n# Copyright: (c) 2019, Frederic Bor \n# Copyright: (c) 2023, Orion Poplawski \n# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)\n\nfrom __future__ import absolute_import, division, print_function\n__metaclass__ = type\n\nANSIBLE_METADATA = {'metadata_version': '1.1',\n 'status': ['preview'],\n 'supported_by': 'community'}\n\nDOCUMENTATION = \"\"\"\n---\nmodule: pfsense_nat_port_forward\nversion_added: 0.1.0\nauthor: Frederic Bor (@f-bor)\nshort_description: Manage pfSense port forwarding NAT (DNAT) rules\ndescription:\n - Manage pfSense port forwarding NAT (DNAT) rules.\nnotes:\noptions:\n descr:\n description: The name of the NAT rule\n required: true\n default: null\n type: str\n disabled:\n description: Is the rule disabled\n default: false\n type: bool\n nordr:\n description: Disable redirection for traffic matching this rule\n default: false\n type: bool\n interface:\n description: The interface for the rule\n required: false\n type: str\n ipprotocol:\n description: The IP protocol\n default: inet\n choices: [ \"inet\", \"inet6\" ]\n type: str\n protocol:\n description: Which protocol this rule should match.\n default: tcp\n choices: [ \"tcp\", \"udp\", \"tcp/udp\", \"icmp\", \"esp\", \"ah\", \"gre\", \"ipv6\", \"igmp\", \"pim\", \"ospf\" ]\n type: str\n source:\n description: The source address, in [!]{IP,HOST,ALIAS,any,IP:INTERFACE,NET:INTERFACE}[:port] format.\n default: null\n type: str\n destination:\n description: The destination address, in [!]{IP,HOST,ALIAS,any,IP:INTERFACE,NET:INTERFACE}[:port] format.\n default: null\n type: str\n target:\n description: The translated to address, in {ALIAS,IP}[:port] format.\n required: false\n default: null\n type: str\n natreflection:\n description: Allows NAT reflection to be enabled or disabled on a per-port forward basis.\n default: system-default\n choices: [ \"system-default\", \"enable\", \"purenat\", \"disable\" ]\n type: str\n associated_rule:\n description: >\n Choose one of Add an associated filter rule gets updated when the port forward is updated,\n or Add an unassociated filter rule, or pass which passes all traffic that matches the entry without having a firewall rule at all.\n default: associated\n choices: [ \"associated\", \"unassociated\", \"pass\", \"none\" ]\n type: str\n nosync:\n description: Prevents the rule on Master from automatically syncing to other CARP members. This does NOT prevent the rule from being overwritten on Slave.\n default: false\n type: bool\n state:\n description: State in which to leave the rule\n default: present\n choices: [ \"present\", \"absent\" ]\n type: str\n after:\n description: Rule to go after, or \"top\"\n type: str\n before:\n description: Rule to go before, or \"bottom\"\n type: str\n\"\"\"\n\nEXAMPLES = \"\"\"\n- name: \"Add NAT port forward traffic rule\"\n pfsense_nat_port_forward:\n descr: 'ssh'\n interface: wan\n source: any\n destination: any:22\n target: 1.2.3.4:22\n associated_rule: pass\n state: present\n- name: \"Delete NAT port forward traffic rule\"\n pfsense_nat_port_forward:\n descr: 'ssh'\n state: absent\n\"\"\"\n\nRETURN = \"\"\"\ncommands:\n description: the set of commands that would be pushed to the remote device (if pfSense had a CLI)\n returned: always\n type: list\n sample: [\n \"create nat_port_forward 'ssh', interface='wan', source='any', destination='any:22', target='1.2.3.4:22', associated_rule='pass'\",\n \"delete nat_port_forward 'ssh'\"\n ]\n\"\"\"\n\nfrom ansible.module_utils.basic import AnsibleModule\nfrom ansible_collections.pfsensible.core.plugins.module_utils.nat_port_forward import (\n PFSenseNatPortForwardModule,\n NAT_PORT_FORWARD_ARGUMENT_SPEC,\n NAT_PORT_FORWARD_REQUIRED_IF\n)\n\n\ndef main():\n module = AnsibleModule(\n argument_spec=NAT_PORT_FORWARD_ARGUMENT_SPEC,\n required_if=NAT_PORT_FORWARD_REQUIRED_IF,\n supports_check_mode=True)\n\n pfmodule = PFSenseNatPortForwardModule(module)\n pfmodule.run(module.params)\n pfmodule.commit_changes()\n\n\nif __name__ == '__main__':\n main()\n"
},
{
"path": "plugins/modules/pfsense_openvpn_client.py",
"content": "#!/usr/bin/python\n# -*- coding: utf-8 -*-\n\n# Copyright: (c) 2019-2021, Orion Poplawski \n# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)\n\nfrom __future__ import absolute_import, division, print_function\n__metaclass__ = type\n\nDOCUMENTATION = r'''\n---\nmodule: pfsense_openvpn_client\nshort_description: Manage pfSense OpenVPN configuration\ndescription:\n - Manage pfSense OpenVPN configuration\nversion_added: 0.5.0\nauthor: Orion Poplawski (@opoplawski)\nnotes:\noptions:\n name:\n description: The name of the OpenVPN configuration.\n required: true\n type: str\n mode:\n description: The client mode.\n required: false\n default: p2p_tls\n choices: [ \"p2p_tls\", \"p2p_shared_key\" ]\n type: str\n authmode:\n description: Authentication clients. Required if mode == client_tls_user.\n default: []\n type: list\n elements: str\n state:\n description: State in which to leave the OpenVPN config.\n default: present\n choices: [ \"present\", \"absent\" ]\n type: str\n disable:\n description: Is the OpenVPN config disabled.\n default: false\n type: bool\n interface:\n description: The interface for OpenVPN to listen on.\n required: false\n default: wan\n type: str\n server_addr:\n description: The address for OpenVPN to connect to.\n required: true\n type: str\n server_port:\n description: The port for OpenVPN to connect to.\n required: false\n default: 1194\n type: int\n protocol:\n description: The protocol.\n default: UDP4\n choices: [ 'UDP4', 'TCP4' ]\n type: str\n dev_mode:\n description: Device mode.\n default: tun\n choices: [ 'tun', 'tap' ]\n type: str\n tls:\n description: TLS Key. If set to 'generate' it will create a key if one does not already exist. Not valid with p2p_shared_key mode.\n type: str\n tls_type:\n description: Use TLS for authentication ('auth') or encyprtion and authentication ('crypt'). Only used when tls is set.\n default: 'auth'\n required: false\n choices: [\"auth\", \"crypt\"]\n type: str\n version_added: 0.6.2\n ca:\n description: Certificate Authority name.\n type: str\n crl:\n description: Certificate Revocation List name.\n type: str\n cert:\n description: Client certificate name.\n type: str\n cert_depth:\n description: Depth of certificates to check.\n required: false\n default: 1\n type: int\n strictusercn:\n description: Enforce a match between the common name of the client certificate and the username given at login.\n default: false\n type: bool\n shared_key:\n description: Pre-shared key for shared key modes. If set to 'generate' it will create a key if one does not already exist.\n type: str\n dh_length:\n description: DH parameter length.\n required: false\n default: 2048\n type: int\n ecdh_curve:\n description: Elliptic Curve to use for key exchange.\n required: false\n default: none\n choices: [ \"none\", \"prime256v1\", \"secp384r1\", \"secp521r1\" ]\n type: str\n data_ciphers_fallback:\n description: Fallback cryptographic algorithm.\n default: AES-256-CBC\n choices: [ 'AES-256-CBC', 'AES-256-GCM', 'AES-128-GCM', 'CHACHA20-POLY1305' ]\n type: str\n data_ciphers:\n description: Allowed cryptographic algorithms.\n choices: [ 'AES-256-CBC', 'AES-256-GCM', 'AES-128-GCM', 'CHACHA20-POLY1305' ]\n type: list\n elements: str\n ncp_enable:\n description: Enable data encryption negotiation.\n default: no\n type: bool\n digest:\n description:\n - 'Auth digest algorithm. The list of valid digest algorithms is determined from the output of C(openvpn --show-digests), but curently includes:'\n - BLAKE2b512, BLAKE2s256, KECCAK-KMAC-128, KECCAK-KMAC-256, MD5, MD5-SHA1, NULL, RIPEMD160, SHA1, SHA224, SHA256, SHA3-224, SHA3-256, SHA3-384, SHA3-512,\n - SHA384, SHA512, SHA512-224, SHA512-256, SHAKE128, SHAKE256\n default: SHA256\n type: str\n tunnel_network:\n description: IPv4 virtual network used for private communications between this client and client hosts expressed using CIDR notation.\n default: ''\n type: str\n tunnel_networkv6:\n description: IPv6 virtual network used for private communications between this client and client hosts expressed using CIDR notation.\n default: ''\n type: str\n remote_network:\n description: IPv4 networks that will be routed through the tunnel.\n default: ''\n type: str\n remote_networkv6:\n description: IPv6 networks that will be routed through the tunnel.\n default: ''\n type: str\n gwredir:\n description: Redirect IPv4 gateway.\n default: no\n type: bool\n gwredir6:\n description: Redirect IPv6 gateway.\n default: no\n type: bool\n maxclients:\n description: The maximum number of clients allowed to concurrently connect to this client.\n default: null\n type: int\n compression:\n description: Allowed compression to be used with this VPN instance.\n default: adaptive\n choices: ['adaptive', '']\n type: str\n compression_push:\n description: Push the selected Compression setting to connecting clients.\n default: no\n type: bool\n passtos:\n description: Set the TOS IP header value of tunnel packets to match the encapsulated packet value.\n default: no\n type: bool\n client2client:\n description: Allow communication between clients connected to this client.\n default: no\n type: bool\n dynamic_ip:\n description: Allow connected clients to retain their connections if their IP address changes.\n default: no\n type: bool\n topology:\n description: The method used to supply a virtual adapter IP address to clients when using TUN mode on IPv4.\n default: subnet\n choices: ['net30','subnet']\n type: str\n dns_domain:\n description: DNS default domain.\n default: ''\n type: str\n dns_client1:\n description: DNS client 1.\n default: ''\n type: str\n dns_client2:\n description: DNS client 2.\n default: ''\n type: str\n dns_client3:\n description: DNS client 3.\n default: ''\n type: str\n dns_client4:\n description: DNS client 4.\n default: ''\n type: str\n push_register_dns:\n description: Push DNS to client.\n default: no\n type: bool\n create_gw:\n description: Which gateway types to create.\n default: both\n choices: ['both','v4only','v6only']\n type: str\n verbosity_level:\n description: Verbosity level.\n default: 3\n type: int\n custom_options:\n description: Custom openvpn options.\n required: false\n default: null\n type: str\n'''\n\nEXAMPLES = r'''\n- name: \"Add OpenVPN client\"\n pfsense_openvpn_client:\n name: 'OpenVPN Client'\n'''\n\nRETURN = r'''\nshared_key:\n description: The generated shared key, base64 encoded\n returned: when `generate` is passed as the shared_key argument and a key is generated.\n type: str\n sample: |-\n IwojIDIwNDggYml0IE9wZW5WUE4gc3RhdGljIGtleQojCi0tLS0tQkVHSU4gT3BlblZQTiBTdGF0aWMga2V5IFYxLS0tLS0KNjFiY2E4MDk0ZmM4YjA3ZTZlMjE3NzRmNTI0YTIyOWYKNGMzZGZhMDVjZ\n Tc2ODVlN2NkNDc1N2I0OGM3ZmMzZDcKYzQzMjhjYzBmMWQ4Yjc2OTk2MjVjNzAwYmVkNzNhNWYKY2RjMjYzMTY2YThlMzVmYTk4NGU0OWVkZDg5MDNkZmMKMDc1ZTQyY2ZlOTM5NzUwYzhmMjc1YTY3MT\n kzMGRmMzEKMDY2Mzk1MjM2ZWRkYWQ3NDc3YmVjZjJmNDgyNzBlMjUKODM1N2JlMGE1MGUzY2Y0ZjllZTEyZTdkMmM4YTY2YzEKODUwNjBlODM5ZWUyMzdjNTZkZmUzNjA4NjU0NDhhYzgKNjhmM2JhYWQ\n 4ODNjNDU3NTdlZTVjMWQ4ZDk5ZjM4ZjcKZGNiZDAwZmI3Nzc2ZWFlYjQ1ZmQwOTBjNGNlYTNmMGMKMzgzNDE0ZTJlYmU4MWNiZGIxZmNlN2M2YmFhMDlkMWYKMTU4OGUzNGRkYzUxY2NjOTE5NDNjNTFh\n OTI2OTE3NWQKNzZiZjdhOWI1ZmM3NDAyNmE3MTVkNGVmODVkYzY2Y2UKMWE5MWQwNjNhODIwZDY4MTc0ODlmYjJkZjNmYzY2MmMKMmU2OWZiMzNiMzM5MjdjYjUyNThkZDQ4M2NkNDE0Y2QKMDJhZWE3Z\n jA3MmNhZmEwOTY5Yjg5NWVjYzNiYmExNGQKLS0tLS1FTkQgT3BlblZQTiBTdGF0aWMga2V5IFYxLS0tLS0K\ntls:\n description: The generated tls key, base64 encoded\n returned: when `generate` is passed as the tls argument and a key is generated.\n type: str\n sample: |-\n IwojIDIwNDggYml0IE9wZW5WUE4gc3RhdGljIGtleQojCi0tLS0tQkVHSU4gT3BlblZQTiBTdGF0aWMga2V5IFYxLS0tLS0KNjFiY2E4MDk0ZmM4YjA3ZTZlMjE3NzRmNTI0YTIyOWYKNGMzZGZhMDVjZ\n Tc2ODVlN2NkNDc1N2I0OGM3ZmMzZDcKYzQzMjhjYzBmMWQ4Yjc2OTk2MjVjNzAwYmVkNzNhNWYKY2RjMjYzMTY2YThlMzVmYTk4NGU0OWVkZDg5MDNkZmMKMDc1ZTQyY2ZlOTM5NzUwYzhmMjc1YTY3MT\n kzMGRmMzEKMDY2Mzk1MjM2ZWRkYWQ3NDc3YmVjZjJmNDgyNzBlMjUKODM1N2JlMGE1MGUzY2Y0ZjllZTEyZTdkMmM4YTY2YzEKODUwNjBlODM5ZWUyMzdjNTZkZmUzNjA4NjU0NDhhYzgKNjhmM2JhYWQ\n 4ODNjNDU3NTdlZTVjMWQ4ZDk5ZjM4ZjcKZGNiZDAwZmI3Nzc2ZWFlYjQ1ZmQwOTBjNGNlYTNmMGMKMzgzNDE0ZTJlYmU4MWNiZGIxZmNlN2M2YmFhMDlkMWYKMTU4OGUzNGRkYzUxY2NjOTE5NDNjNTFh\n OTI2OTE3NWQKNzZiZjdhOWI1ZmM3NDAyNmE3MTVkNGVmODVkYzY2Y2UKMWE5MWQwNjNhODIwZDY4MTc0ODlmYjJkZjNmYzY2MmMKMmU2OWZiMzNiMzM5MjdjYjUyNThkZDQ4M2NkNDE0Y2QKMDJhZWE3Z\n jA3MmNhZmEwOTY5Yjg5NWVjYzNiYmExNGQKLS0tLS1FTkQgT3BlblZQTiBTdGF0aWMga2V5IFYxLS0tLS0K\n'''\n\nfrom ansible.module_utils.basic import AnsibleModule\nfrom ansible_collections.pfsensible.core.plugins.module_utils.openvpn_client import (\n PFSenseOpenVPNClientModule,\n OPENVPN_CLIENT_ARGUMENT_SPEC,\n OPENVPN_CLIENT_REQUIRED_IF\n)\n\n\ndef main():\n module = AnsibleModule(\n argument_spec=OPENVPN_CLIENT_ARGUMENT_SPEC,\n required_if=OPENVPN_CLIENT_REQUIRED_IF,\n supports_check_mode=True)\n\n pfopenvpn = PFSenseOpenVPNClientModule(module)\n pfopenvpn.run(module.params)\n pfopenvpn.commit_changes()\n\n\nif __name__ == '__main__':\n main()\n"
},
{
"path": "plugins/modules/pfsense_openvpn_override.py",
"content": "#!/usr/bin/python\n# -*- coding: utf-8 -*-\n\n# Copyright: (c) 2020-2022, Orion Poplawski \n# Copyright: (c) 2020, Frederic Bor \n# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)\n\nfrom __future__ import absolute_import, division, print_function\n__metaclass__ = type\n\nANSIBLE_METADATA = {'metadata_version': '1.1',\n 'status': ['preview'],\n 'supported_by': 'community'}\n\nDOCUMENTATION = \"\"\"\n---\nmodule: pfsense_openvpn_override\nversion_added: 0.5.0\nauthor: Orion Poplawski (@opoplawski)\nshort_description: Manage pfSense OpenVPN Client Specific Overrides\ndescription:\n - Manage pfSense OpenVPN Client Specific Overrides\nnotes:\noptions:\n name:\n description:\n - The name of the override. The X.509 common name for the client certificate, or the username for VPNs utilizing password authentication.\n - This match is case sensitive.\n required: true\n type: str\n state:\n description: State in which to leave the override\n choices: [\"present\", \"absent\"]\n default: present\n type: str\n disable:\n description: Disable this override.\n default: false\n type: bool\n descr:\n description: The description of the override.\n default: null\n type: str\n server_list:\n description: A list of OpenVPN servers this applies to.\n type: list\n elements: str\n block:\n description: Block this client connection based on its common name.\n default: false\n type: bool\n tunnel_network:\n description: IPv4 virtual network used for private communications between this server and client hosts expressed using CIDR notation.\n default: null\n type: str\n tunnel_networkv6:\n description: IPv6 virtual network used for private communications between this server and client hosts expressed using CIDR notation.\n default: null\n type: str\n local_network:\n description: IPv4 networks that will be accessible from the remote endpoint.\n default: null\n type: str\n local_networkv6:\n description: IPv6 networks that will be accessible from the remote endpoint.\n default: null\n type: str\n remote_network:\n description: IPv4 networks that will be routed through the tunnel.\n default: null\n type: str\n remote_networkv6:\n description: IPv6 networks that will be routed through the tunnel.\n default: null\n type: str\n gwredir:\n description: Redirect IPv4 gateway.\n default: no\n type: bool\n push_reset:\n description: Prevent this client from receiving any server-defined client settings.\n default: no\n type: bool\n netbios_enable:\n description: Enable NetBIOS over TCP/IP.\n default: no\n type: bool\n netbios_ntype:\n description:\n - 'NetBIOS Node Type. Possible options: b-node (broadcasts), p-node (point-to-point name queries to a WINS server),'\n - m-node (broadcast then query name server), and h-node (query name server, then broadcast). Default is 'none'.\n type: str\n choices: ['none', 'b-node', 'p-node', 'm-node', 'h-node']\n netbios_scope:\n description:\n - A NetBIOS Scope ID provides an extended naming service for NetBIOS over TCP/IP. The NetBIOS scope ID isolates NetBIOS traffic on a single network to\n - only those nodes with the same NetBIOS scope ID.\n type: str\n wins_server_enable:\n description: Provide a WINS server list to clients,\n type: bool\n default: no\n custom_options:\n description: Additional options to add for this client specific override, separated by a semicolon.\n type: str\n\"\"\"\n\nEXAMPLES = \"\"\"\n- name: Set IP address for user\n pfsense_openvpn_override:\n name: username\n custom_options: ifconfig-push 10.8.0.2 255.255.255.0\n state: present\n\n- name: Remove override for user\n pfsense_opevpn_override:\n name: username\n state: absent\n\"\"\"\n\nRETURN = \"\"\"\ncommands:\n description: The set of commands that would be pushed to the remote device (if pfSense had a CLI).\n returned: always\n type: list\n sample: [\"create OpenVPN override 'username'\"]\nvpnids:\n description: A list of VPN IDs that the override applies to.\n returned: always\n type: list\n sample: [1,2]\n\"\"\"\n\nfrom ansible.module_utils.basic import AnsibleModule\nfrom ansible_collections.pfsensible.core.plugins.module_utils.openvpn_override import (\n PFSenseOpenVPNOverrideModule,\n OPENVPN_OVERRIDE_ARGUMENT_SPEC,\n OPENVPN_OVERRIDE_REQUIRED_IF\n)\n\n\ndef main():\n module = AnsibleModule(\n argument_spec=OPENVPN_OVERRIDE_ARGUMENT_SPEC,\n required_if=OPENVPN_OVERRIDE_REQUIRED_IF,\n supports_check_mode=True)\n\n pfmodule = PFSenseOpenVPNOverrideModule(module)\n pfmodule.run(module.params)\n pfmodule.commit_changes()\n\n\nif __name__ == '__main__':\n main()\n"
},
{
"path": "plugins/modules/pfsense_openvpn_server.py",
"content": "#!/usr/bin/python\n# -*- coding: utf-8 -*-\n\n# Copyright: (c) 2019-2022, Orion Poplawski \n# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)\n\nfrom __future__ import absolute_import, division, print_function\n__metaclass__ = type\n\nANSIBLE_METADATA = {'metadata_version': '1.1',\n 'status': ['preview'],\n 'supported_by': 'community'}\n\nDOCUMENTATION = \"\"\"\n---\nmodule: pfsense_openvpn_server\nversion_added: 0.5.0\nauthor: Orion Poplawski (@opoplawski)\nshort_description: Manage pfSense OpenVPN server configuration\ndescription:\n - Manage pfSense OpenVPN server configuration\nnotes:\noptions:\n name:\n description: The name of the OpenVPN server.\n required: true\n type: str\n mode:\n description: The server mode.\n choices: [\"p2p_tls\", \"p2p_shared_key\", \"server_tls\", \"server_tls_user\", \"server_user\"]\n type: str\n dco:\n description: Enable Data Channel Offload (Supported on Plus versions only)\n default: false\n required: false\n type: bool\n version_added: 0.7.2\n authmode:\n description:\n - Authentication servers. Required if mode == server_tls_user.\n - Use 'Local Database' for authentication against the local pfSense user database.\n default: []\n type: list\n elements: str\n state:\n description: State in which to leave the OpenVPN config.\n default: present\n choices: [\"present\", \"absent\"]\n type: str\n disable:\n description: Is the OpenVPN config disabled?\n default: false\n type: bool\n interface:\n description: The interface for OpenVPN to listen on.\n required: false\n default: wan\n type: str\n local_port:\n description: The port for OpenVPN to listen on.\n required: false\n default: 1194\n type: int\n protocol:\n description: The protocol used for the connection.\n default: 'UDP4'\n choices: ['UDP4', 'TCP4']\n type: str\n dev_mode:\n description: Device mode.\n default: tun\n choices: ['tun', 'tap']\n type: str\n tls:\n description: TLS Key. If set to 'generate' it will create a key if one does not already exist. Not valid with p2p_shared_key mode.\n type: str\n tls_type:\n description: Use TLS for authentication ('auth') or encyprtion and authentication ('crypt'). Only used when tls is set.\n default: 'auth'\n required: false\n choices: [\"auth\", \"crypt\"]\n type: str\n ca:\n description: Certificate Authority name.\n type: str\n crl:\n description: Certificate Revocation List name.\n type: str\n cert:\n description: Server certificate name.\n type: str\n cert_depth:\n description: Depth of certificates to check.\n required: false\n default: 1\n type: int\n strictusercn:\n description: Enforce a match between the common name of the client certificate and the username given at login.\n default: false\n type: bool\n remote_cert_tls:\n description: 'Enforce that only hosts with a client certificate can connect (EKU: TLS Web Client Authentication).'\n default: false\n type: bool\n version_added: 0.7.0\n shared_key:\n description: Pre-shared key for shared key modes. If set to 'generate' it will create a key if one does not already exist.\n type: str\n dh_length:\n description: DH parameter length.\n required: false\n default: 2048\n type: int\n ecdh_curve:\n description: Elliptic Curve to use for key exchange.\n required: false\n default: none\n choices: [\"none\", \"prime256v1\", \"secp384r1\", \"secp521r1\"]\n type: str\n data_ciphers_fallback:\n description: Fallback cryptographic algorithm.\n default: AES-256-CBC\n choices: ['AES-256-CBC', 'AES-256-GCM', 'AES-128-GCM', 'CHACHA20-POLY1305']\n type: str\n data_ciphers:\n description: Allowed cryptographic algorithms.\n default: ['AES-256-GCM', 'AES-128-GCM', 'CHACHA20-POLY1305']\n choices: ['AES-256-CBC', 'AES-256-GCM', 'AES-128-GCM', 'CHACHA20-POLY1305']\n type: list\n elements: str\n digest:\n description:\n - 'Auth digest algorithm. The list of valid digest algorithms is determined from the output of C(openvpn --show-digests), but curently includes:'\n - BLAKE2b512, BLAKE2s256, KECCAK-KMAC-128, KECCAK-KMAC-256, MD5, MD5-SHA1, NULL, RIPEMD160, SHA1, SHA224, SHA256, SHA3-224, SHA3-256, SHA3-384, SHA3-512,\n - SHA384, SHA512, SHA512-224, SHA512-256, SHAKE128, SHAKE256\n default: SHA256\n type: str\n tunnel_network:\n description: IPv4 virtual network used for private communications between this server and client hosts expressed using CIDR notation.\n default: ''\n type: str\n tunnel_networkv6:\n description: IPv6 virtual network used for private communications between this server and client hosts expressed using CIDR notation.\n default: ''\n type: str\n local_network:\n description: IPv4 networks that will be accessible from the remote endpoint.\n default: ''\n type: str\n local_networkv6:\n description: IPv6 networks that will be accessible from the remote endpoint.\n default: ''\n type: str\n remote_network:\n description: IPv4 networks that will be routed through the tunnel.\n default: ''\n type: str\n remote_networkv6:\n description: IPv6 networks that will be routed through the tunnel.\n default: ''\n type: str\n gwredir:\n description: Redirect IPv4 gateway.\n default: no\n type: bool\n gwredir6:\n description: Redirect IPv6 gateway.\n default: no\n type: bool\n maxclients:\n description: The maximum number of clients allowed to concurrently connect to this server.\n default: null\n type: int\n allow_compression:\n description:\n - Allow compression to be used with this VPN instance.\n - Compression can potentially increase throughput but may allow an attacker to extract secrets if they can control compressed plaintext traversing the\n - VPN (e.g. HTTP). Before enabling compression, consult information about the VORACLE, CRIME, TIME, and BREACH attacks against TLS to decide if the use\n - case for this specific VPN is vulnerable to attack.\n - Asymmetric compression allows an easier transition when connecting with older peers.\n default: 'no'\n choices: ['no', 'asym', 'yes']\n type: str\n compression:\n description:\n - Allowed compression to be used with this VPN instance.\n - \"'' => Disable Compression [Omit Preference]\"\n - \"'none' => Disable Compression, retain compression packet framing [compress]\"\n - \"'stub' => Enable Compression (stub) [compress stub]\"\n - \"'stub-v2' => Enable Compression (stub v2) [compress stub-v2]\"\n - \"'lz4' => LZ4 Compression [compress lz4]\"\n - \"'lz4-v2' => LZ4 Compression v2 [compress lz4-v2]\"\n - \"'lzo' => LZO Compression [compress lzo, equivalent to comp-lzo yes for compatibility]\"\n - \"'noadapt' => Omit Preference, + Disable Adaptive LZO Compression [Legacy style, comp-noadapt]\"\n - \"'adaptive' => Adaptive LZO Compression [Legacy style, comp-lzo adaptive]\"\n - \"'yes' => LZO Compression [Legacy style, comp-lzo yes]\"\n - \"'no' => No LZO Compression [Legacy style, comp-lzo no]\"\n default: ''\n choices: ['', 'none', 'stub', 'stub-v2', 'lz4', 'lz4-v2', 'lzo', 'noadapt', 'adaptive', 'yes', 'no']\n type: str\n compression_push:\n description: Push the selected Compression setting to connecting clients.\n default: no\n type: bool\n passtos:\n description: Set the TOS IP header value of tunnel packets to match the encapsulated packet value.\n default: no\n type: bool\n client2client:\n description: Allow communication between clients connected to this server.\n default: no\n type: bool\n dynamic_ip:\n description: Allow connected clients to retain their connections if their IP address changes.\n default: no\n type: bool\n topology:\n description: The method used to supply a virtual adapter IP address to clients when using TUN mode on IPv4.\n default: subnet\n choices: ['net30', 'subnet']\n type: str\n inactive_seconds:\n description: Causes OpenVPN to close a client connection after n seconds of inactivity on the TUN/TAP device.\n default: 0\n type: int\n version_added: 0.7.0\n keepalive_interval:\n description:\n - 'keepalive helper uses interval and timeout parameters to define ping and ping-restart values as follows:'\n - ping = interval\n - ping-restart = timeout*2\n - push ping = interval\n - push ping-restart = timeout\n default: 10\n type: int\n version_added: 0.7.0\n keepalive_timeout:\n description:\n - 'keepalive helper uses interval and timeout parameters to define ping and ping-restart values as follows:'\n - ping = interval\n - ping-restart = timeout*2\n - push ping = interval\n - push ping-restart = timeout\n default: 60\n type: int\n version_added: 0.7.0\n exit_notify:\n description:\n - Send an explicit exit notification to connected clients/peers when restarting or shutting down, so they may immediately disconnect rather than waiting\n - for a timeout. In SSL/TLS Server modes, clients may be directed to reconnect or use the next server. This option is ignored in Peer-to-Peer Shared Key\n - mode and in SSL/TLS mode with a blank or /30 tunnel network as it will cause the server to exit and not restart. This feature is not currently\n - compatible with DCO mode.\n - \"'none' => Disabled\"\n - \"'1' => Reconnect to this server / Retry once\"\n - \"'2' => Reconnect to next server / Retry twice\"\n default: 'none'\n choices: ['none', '1', '2']\n type: str\n version_added: 0.7.0\n dns_domain:\n description: DNS default domain.\n default: ''\n type: str\n dns_server1:\n description: DNS server 1.\n default: ''\n type: str\n dns_server2:\n description: DNS server 2.\n default: ''\n type: str\n dns_server3:\n description: DNS server 3.\n default: ''\n type: str\n dns_server4:\n description: DNS server 4.\n default: ''\n type: str\n push_register_dns:\n description: Push DNS.\n type: bool\n default: no\n create_gw:\n description: Which gateway types to create.\n default: both\n choices: ['both', 'v4only', 'v6only']\n type: str\n verbosity_level:\n description: Verbosity level.\n default: 1\n type: int\n custom_options:\n description: Custom openvpn options.\n required: false\n default: null\n type: str\n username_as_common_name:\n description: Use the authenticated client username instead of the certificate common name (CN).\n default: false\n type: bool\n\"\"\"\n\nEXAMPLES = \"\"\"\n- name: \"Add OpenVPN server\"\n pfsense_openvpn_server:\n name: 'OpenVPN Server'\n mode: server_user\n\n- name: \"Add OpenVPN server with basic configuration\"\n pfsense_openvpn_server:\n name: 'OpenVPN Server Ansible'\n ca: name-your-ca-authority\n cert: name-your-server-certificate\n tunnel_network: 10.21.40.0/24\n local_network: 172.16.3.0/24\n mode: server_tls_user\n\n- name: \"Add OpenVPN server with verbose mode and Cloudflare DNS\"\n pfsense_openvpn_server:\n name: 'OpenVPN Server Ansible Cloudflare'\n ca: name-your-ca-authority\n cert: name-your-server-certificate\n tunnel_network: 10.10.10.0/24\n local_network: 10.72.40.0/24\n dns_server1: 1.1.1.1\n verbosity_level: 4\n mode: server_user\n\"\"\"\n\nRETURN = r'''\nshared_key:\n description: The generated shared key, base64 encoded\n returned: when `generate` is passed as the shared_key argument and a key is generated.\n type: str\n sample: |-\n IwojIDIwNDggYml0IE9wZW5WUE4gc3RhdGljIGtleQojCi0tLS0tQkVHSU4gT3BlblZQTiBTdGF0aWMga2V5IFYxLS0tLS0KNjFiY2E4MDk0ZmM4YjA3ZTZlMjE3NzRmNTI0YTIyOWYKNGMzZGZhMDVjZ\n Tc2ODVlN2NkNDc1N2I0OGM3ZmMzZDcKYzQzMjhjYzBmMWQ4Yjc2OTk2MjVjNzAwYmVkNzNhNWYKY2RjMjYzMTY2YThlMzVmYTk4NGU0OWVkZDg5MDNkZmMKMDc1ZTQyY2ZlOTM5NzUwYzhmMjc1YTY3MT\n kzMGRmMzEKMDY2Mzk1MjM2ZWRkYWQ3NDc3YmVjZjJmNDgyNzBlMjUKODM1N2JlMGE1MGUzY2Y0ZjllZTEyZTdkMmM4YTY2YzEKODUwNjBlODM5ZWUyMzdjNTZkZmUzNjA4NjU0NDhhYzgKNjhmM2JhYWQ\n 4ODNjNDU3NTdlZTVjMWQ4ZDk5ZjM4ZjcKZGNiZDAwZmI3Nzc2ZWFlYjQ1ZmQwOTBjNGNlYTNmMGMKMzgzNDE0ZTJlYmU4MWNiZGIxZmNlN2M2YmFhMDlkMWYKMTU4OGUzNGRkYzUxY2NjOTE5NDNjNTFh\n OTI2OTE3NWQKNzZiZjdhOWI1ZmM3NDAyNmE3MTVkNGVmODVkYzY2Y2UKMWE5MWQwNjNhODIwZDY4MTc0ODlmYjJkZjNmYzY2MmMKMmU2OWZiMzNiMzM5MjdjYjUyNThkZDQ4M2NkNDE0Y2QKMDJhZWE3Z\n jA3MmNhZmEwOTY5Yjg5NWVjYzNiYmExNGQKLS0tLS1FTkQgT3BlblZQTiBTdGF0aWMga2V5IFYxLS0tLS0K\ntls:\n description: The generated tls key, base64 encoded\n returned: when `generate` is passed as the tls argument and a key is generated.\n type: str\n sample: |-\n IwojIDIwNDggYml0IE9wZW5WUE4gc3RhdGljIGtleQojCi0tLS0tQkVHSU4gT3BlblZQTiBTdGF0aWMga2V5IFYxLS0tLS0KNjFiY2E4MDk0ZmM4YjA3ZTZlMjE3NzRmNTI0YTIyOWYKNGMzZGZhMDVjZ\n Tc2ODVlN2NkNDc1N2I0OGM3ZmMzZDcKYzQzMjhjYzBmMWQ4Yjc2OTk2MjVjNzAwYmVkNzNhNWYKY2RjMjYzMTY2YThlMzVmYTk4NGU0OWVkZDg5MDNkZmMKMDc1ZTQyY2ZlOTM5NzUwYzhmMjc1YTY3MT\n kzMGRmMzEKMDY2Mzk1MjM2ZWRkYWQ3NDc3YmVjZjJmNDgyNzBlMjUKODM1N2JlMGE1MGUzY2Y0ZjllZTEyZTdkMmM4YTY2YzEKODUwNjBlODM5ZWUyMzdjNTZkZmUzNjA4NjU0NDhhYzgKNjhmM2JhYWQ\n 4ODNjNDU3NTdlZTVjMWQ4ZDk5ZjM4ZjcKZGNiZDAwZmI3Nzc2ZWFlYjQ1ZmQwOTBjNGNlYTNmMGMKMzgzNDE0ZTJlYmU4MWNiZGIxZmNlN2M2YmFhMDlkMWYKMTU4OGUzNGRkYzUxY2NjOTE5NDNjNTFh\n OTI2OTE3NWQKNzZiZjdhOWI1ZmM3NDAyNmE3MTVkNGVmODVkYzY2Y2UKMWE5MWQwNjNhODIwZDY4MTc0ODlmYjJkZjNmYzY2MmMKMmU2OWZiMzNiMzM5MjdjYjUyNThkZDQ4M2NkNDE0Y2QKMDJhZWE3Z\n jA3MmNhZmEwOTY5Yjg5NWVjYzNiYmExNGQKLS0tLS1FTkQgT3BlblZQTiBTdGF0aWMga2V5IFYxLS0tLS0K\nvpnid:\n description: The vpnid number of the OpenVPN server instance.\n returned: always\n type: int\n sample: 1\n'''\n\nfrom ansible.module_utils.basic import AnsibleModule\nfrom ansible_collections.pfsensible.core.plugins.module_utils.openvpn_server import (\n PFSenseOpenVPNServerModule,\n OPENVPN_SERVER_ARGUMENT_SPEC,\n OPENVPN_SERVER_REQUIRED_IF\n)\n\n\ndef main():\n module = AnsibleModule(\n argument_spec=OPENVPN_SERVER_ARGUMENT_SPEC,\n required_if=OPENVPN_SERVER_REQUIRED_IF,\n supports_check_mode=True)\n\n pfopenvpn = PFSenseOpenVPNServerModule(module)\n pfopenvpn.run(module.params)\n pfopenvpn.commit_changes()\n\n\nif __name__ == '__main__':\n main()\n"
},
{
"path": "plugins/modules/pfsense_phpshell.py",
"content": "#!/usr/bin/python\n# -*- coding: utf-8 -*-\n\n# Copyright: (c) 2023, genofire \n# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)\n\nfrom __future__ import absolute_import, division, print_function\n__metaclass__ = type\n\n\nANSIBLE_METADATA = {'metadata_version': '1.1',\n 'status': ['preview'],\n 'supported_by': 'community'}\n\nDOCUMENTATION = \"\"\"\n---\nmodule: pfsense_phpshell\nversion_added: 0.7.0\nauthor: Geno (@genofire)\nshort_description: PHP Shell\ndescription:\n - Run a php shell\noptions:\n cmd:\n description: PHP Code to run\n required: true\n type: str\n\"\"\"\n\nEXAMPLES = \"\"\"\n- name: run phpshell with code pfSense config.xml\n pfsense_phpshell:\n cmd: |\n require_once(\"filter.inc\");\n require_once(\"squid.inc\");\n squid_resync(\"yes\");\n\"\"\"\n\nRETURN = \"\"\"\nrc:\n description: Status code after run php-shell (could be changed using `exit(x)`)\n returned: always\n type: int\n sample:\n - 0\nstdout:\n description: Output of the php-shell (include your code)\n returned: always\n type: str\n sample: |\n pfSense shell: global $debug;\n pfSense shell: $debug = 1;\n pfSense shell: require_once(\"filter.inc\");\n pfSense shell: require_once(\"squid.inc\");\n pfSense shell: squid_resync(\"yes\");\n pfSense shell:\n pfSense shell: exec\n pfSense shell: exit\nstderr:\n description: Output on error of the php-shell\n returned: always\n type: str\n sample: \"\"\nchanged:\n description: It returns always true (you could overwrite with changed_when)\n returned: always\n type: bool\nfailed:\n description: rc is not 0 or stderr contains output (you still could overwrite with failed_when)\n returned: failure\n type: bool\n\"\"\"\n\nfrom ansible.module_utils.basic import AnsibleModule\nfrom ansible_collections.pfsensible.core.plugins.module_utils.module_base import PFSenseModuleBase\n\n\nPHP_SHELL_ARGUMENT_SPEC = dict(\n cmd=dict(required=True, type='str')\n)\n\n\nclass PFSensePHPShellModule(PFSenseModuleBase):\n \"\"\" module run php code on pfsense \"\"\"\n\n @staticmethod\n def get_argument_spec():\n \"\"\" return argument spec \"\"\"\n return PHP_SHELL_ARGUMENT_SPEC\n\n ##############################\n # init\n #\n def __init__(self, module, pfsense=None):\n super(PFSensePHPShellModule, self).__init__(module, pfsense)\n self.name = \"pfsense_phpshell\"\n self.result['changed'] = True\n\n ##############################\n # run\n #\n def run(self, params):\n (rc, stdout, stderr) = self.pfsense.phpshell(params['cmd'])\n self.result.update({\n 'rc': rc,\n 'stdout': stdout,\n 'stderr': stderr,\n })\n\n if int(rc) != 0 or len(stderr) > 0:\n self.module.fail_json(msg='rc is not 0 or stderr contains output (you still could overwrite with failed_when)')\n else:\n self.module.exit_json(**self.result)\n\n\ndef main():\n module = AnsibleModule(\n argument_spec=PHP_SHELL_ARGUMENT_SPEC,\n supports_check_mode=True)\n\n pfmodule = PFSensePHPShellModule(module)\n pfmodule.run(module.params)\n\n\nif __name__ == '__main__':\n main()\n"
},
{
"path": "plugins/modules/pfsense_rewrite_config.py",
"content": "#!/usr/bin/python\n# -*- coding: utf-8 -*-\n\n# Copyright: (c) 2023, Orion Poplawski \n# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)\n\nfrom __future__ import absolute_import, division, print_function\n__metaclass__ = type\n\n\nANSIBLE_METADATA = {'metadata_version': '1.1',\n 'status': ['preview'],\n 'supported_by': 'community'}\n\nDOCUMENTATION = \"\"\"\n---\nmodule: pfsense_rewrite_config\nversion_added: 0.5.3\nauthor: Orion Poplawski (@opoplawski)\nshort_description: Rewrite pfSense config.xml\ndescription:\n - Rewrites pfSense's config.xml using native tools to reproduce formatting.\n - This also triggers an XMLRPC configuration sync to a high availability secondary system.\nnotes:\n\"\"\"\n\nEXAMPLES = \"\"\"\n- name: Rewrite pfSense config.xml\n pfsense_rewrite_config:\n\"\"\"\n\nRETURN = \"\"\"\n\"\"\"\n\nfrom ansible.module_utils.basic import AnsibleModule\nfrom ansible_collections.pfsensible.core.plugins.module_utils.module_base import PFSenseModuleBase\n\n\nREWRITE_CONFIG_ARGUMENT_SPEC = dict()\n\n\nclass PFSenseRewriteConfigModule(PFSenseModuleBase):\n \"\"\" module managing pfsense routes \"\"\"\n\n @staticmethod\n def get_argument_spec():\n \"\"\" return argument spec \"\"\"\n return REWRITE_CONFIG_ARGUMENT_SPEC\n\n ##############################\n # init\n #\n def __init__(self, module, pfsense=None):\n super(PFSenseRewriteConfigModule, self).__init__(module, pfsense)\n self.name = \"pfsense_rewrite_config\"\n self.result['changed'] = True\n\n ##############################\n # run\n #\n def commit_changes(self):\n \"\"\" apply changes and exit module \"\"\"\n self.result['stdout'] = ''\n self.result['stderr'] = ''\n if self.result['changed'] and not self.module.check_mode:\n (dummy, self.result['stdout'], self.result['stderr']) = self._update()\n\n self.module.exit_json(**self.result)\n\n def _update(self):\n \"\"\" make the target pfsense rewrite the config.xml file \"\"\"\n cmd = '''write_config('pfsense_rewrite_config');'''\n return self.pfsense.phpshell(cmd)\n\n\ndef main():\n module = AnsibleModule(\n argument_spec=REWRITE_CONFIG_ARGUMENT_SPEC,\n supports_check_mode=True)\n\n pfmodule = PFSenseRewriteConfigModule(module)\n pfmodule.commit_changes()\n\n\nif __name__ == '__main__':\n main()\n"
},
{
"path": "plugins/modules/pfsense_route.py",
"content": "#!/usr/bin/python\n# -*- coding: utf-8 -*-\n\n# Copyright: (c) 2018, Orion Poplawski \n# Copyright: (c) 2018, Frederic Bor \n# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)\n\nfrom __future__ import absolute_import, division, print_function\n__metaclass__ = type\n\nANSIBLE_METADATA = {'metadata_version': '1.1',\n 'status': ['preview'],\n 'supported_by': 'community'}\n\nDOCUMENTATION = \"\"\"\n---\nmodule: pfsense_route\nversion_added: 0.1.0\nauthor: Frederic Bor (@f-bor)\nshort_description: Manage pfSense routes\ndescription:\n - Manage pfSense routes\nnotes:\noptions:\n descr:\n description: The description of the route\n required: true\n type: str\n network:\n description: Destination network for this static route\n required: false\n type: str\n gateway:\n description: Gateway this route applies to\n required: false\n type: str\n disabled:\n description: Set this option to disable this static route without removing it from the list.\n default: false\n type: bool\n state:\n description: State in which to leave the route\n choices: [ \"present\", \"absent\" ]\n default: present\n type: str\n\"\"\"\n\nEXAMPLES = \"\"\"\n- name: Add route\n pfsense_route:\n descr: vpn_route\n gateway: VPN_GW\n network: 10.100.0.0/16\n state: present\n\n- name: Remove route\n pfsense_route:\n name: vpn_route\n state: absent\n\"\"\"\n\nRETURN = \"\"\"\ncommands:\n description: the set of commands that would be pushed to the remote device (if pfSense had a CLI)\n returned: always\n type: list\n sample: [\"create route 'vpn_route', gateway='VPN_GW', network='10.100.0.0/16'\", \"delete route 'vpn_route'\"]\n\"\"\"\n\nfrom ansible.module_utils.basic import AnsibleModule\nfrom ansible_collections.pfsensible.core.plugins.module_utils.route import PFSenseRouteModule, ROUTE_ARGUMENT_SPEC, ROUTE_REQUIRED_IF\n\n\ndef main():\n module = AnsibleModule(\n argument_spec=ROUTE_ARGUMENT_SPEC,\n required_if=ROUTE_REQUIRED_IF,\n supports_check_mode=True)\n\n pfmodule = PFSenseRouteModule(module)\n pfmodule.run(module.params)\n pfmodule.commit_changes()\n\n\nif __name__ == '__main__':\n main()\n"
},
{
"path": "plugins/modules/pfsense_rule.py",
"content": "#!/usr/bin/python\n# -*- coding: utf-8 -*-\n\n# Copyright: (c) 2018, Orion Poplawski \n# Copyright: (c) 2018, Frederic Bor \n# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)\n\nfrom __future__ import absolute_import, division, print_function\n__metaclass__ = type\n\nANSIBLE_METADATA = {'metadata_version': '1.1',\n 'status': ['preview'],\n 'supported_by': 'community'}\n\nDOCUMENTATION = \"\"\"\n---\nmodule: pfsense_rule\nversion_added: 0.1.0\nauthor: Orion Poplawski (@opoplawski), Frederic Bor (@f-bor)\nshort_description: Manage pfSense firewall rules\ndescription:\n - Manage pfSense firewall rules\nnotes:\noptions:\n name:\n description: The name the rule\n required: true\n default: null\n type: str\n action:\n description: The action of the rule\n default: pass\n choices: [ \"pass\", \"block\", \"match\", \"reject\" ]\n type: str\n state:\n description: State in which to leave the rule\n default: present\n choices: [ \"present\", \"absent\" ]\n type: str\n disabled:\n description: Is the rule disabled\n default: false\n type: bool\n interface:\n description: The interface for the rule. Use 'any' to apply to all interface (for floating rules only).\n required: true\n type: str\n floating:\n description: Is the rule floating\n type: bool\n direction:\n description: Direction floating rule applies to\n choices: [ \"any\", \"in\", \"out\" ]\n type: str\n ipprotocol:\n description: The IP protocol\n default: inet\n choices: [ \"inet\", \"inet46\", \"inet6\" ]\n type: str\n protocol:\n description: The protocol\n default: any\n choices: [ \"any\", \"tcp\", \"udp\", \"tcp/udp\", \"icmp\", \"igmp\", \"ospf\", \"esp\", \"ah\", \"gre\", \"pim\", \"sctp\", \"pfsync\", \"carp\" ]\n type: str\n source:\n description: The source address, in [!]{IP,HOST,ALIAS,any,(self),IP:INTERFACE,NET:INTERFACE} format.\n default: null\n type: str\n source_port:\n description:\n - Source port or port range specification.\n - This can either be a alias or a port number.\n - An inclusive range can also be specified, using the format C(first-last)..\n default: null\n type: str\n destination:\n description: The destination address, in [!]{IP,HOST,ALIAS,any,(self),IP:INTERFACE,NET:INTERFACE} format.\n default: null\n type: str\n destination_port:\n description:\n - Destination port or port range specification.\n - This can either be a alias or a port number.\n - An inclusive range can also be specified, using the format C(first-last)..\n default: null\n type: str\n log:\n description: Log packets matched by rule\n type: bool\n after:\n description: Rule to go after, or C(top)\n type: str\n before:\n description: Rule to go before, or C(bottom)\n type: str\n tcpflags_any:\n description: Allow TCP packets with any flags set.\n type: bool\n statetype:\n description: State type\n default: keep state\n choices: [\"keep state\", \"sloppy state\", \"synproxy state\", \"none\"]\n type: str\n queue:\n description: QOS default queue\n type: str\n ackqueue:\n description: QOS acknowledge queue\n type: str\n in_queue:\n description: Limiter queue for traffic coming into the chosen interface\n type: str\n out_queue:\n description: Limiter queue for traffic leaving the chosen interface\n type: str\n queue_error:\n description: Raise an error if a specified queue is missing\n type: bool\n default: True\n gateway:\n description: Leave as C(default) to use the system routing table or choose a gateway to utilize policy based routing.\n type: str\n default: default\n tracker:\n description: Rule tracking ID. Defaults to timestamp of rule creation and not modified if not set or set to 0.\n type: str\n icmptype:\n description:\n - One or more of these ICMP subtypes may be specified, separated by comma, or C(any) for all of them.\n - The types must match ip protocol.\n - althost, dataconv, echorep, echoreq, fqdnrep, fqdnreq, groupqry, grouprep, groupterm, inforep, inforeq, ipv6-here,\n - ipv6-where, listendone, listenrep, listqry, maskrep, maskreq, mobredir, mobregrep, mobregreq, mtrace, mtraceresp,\n - neighbradv, neighbrsol, niqry, nirep, paramprob, photuris, redir, routeradv, routersol, routrrenum, skip, squench,\n - timerep, timereq, timex, toobig, trace, unreach, wrurep, wrureq\n default: any\n type: str\n sched:\n description: Schedule day/time when the rule must be active\n required: False\n type: str\n quick:\n description: Set this option to apply this action to traffic that matches this rule immediately\n type: bool\n default: False\n\"\"\"\n\nEXAMPLES = \"\"\"\n- name: \"Add Internal DNS out rule\"\n pfsense_rule:\n name: 'Allow Internal DNS traffic out'\n action: pass\n interface: lan\n ipprotocol: inet\n protocol: udp\n source: dns_int\n destination: any\n destination_port: 53\n after: 'Allow proxies out'\n state: present\n- name: \"Allow inbound port range\"\n pfsense_rule:\n name: 'Allow inbound port range'\n action: pass\n interface: wan\n ipprotocol: inet\n protocol: tcp\n source: any\n destination: NET:lan\n destination_port: 4000-5000\n after: 'Allow Internal DNS traffic out'\n state: present\n\"\"\"\n\nRETURN = \"\"\"\n\n\"\"\"\n\nfrom ansible.module_utils.basic import AnsibleModule\nfrom ansible_collections.pfsensible.core.plugins.module_utils.rule import PFSenseRuleModule, RULE_ARGUMENT_SPEC, RULE_REQUIRED_IF\n\n\ndef main():\n module = AnsibleModule(\n argument_spec=RULE_ARGUMENT_SPEC,\n required_if=RULE_REQUIRED_IF,\n supports_check_mode=True)\n\n pfmodule = PFSenseRuleModule(module)\n pfmodule.run(module.params)\n pfmodule.commit_changes()\n\n\nif __name__ == '__main__':\n main()\n"
},
{
"path": "plugins/modules/pfsense_rule_separator.py",
"content": "#!/usr/bin/python\n# -*- coding: utf-8 -*-\n\n# Copyright: (c) 2018, Frederic Bor \n# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)\n\nfrom __future__ import absolute_import, division, print_function\n__metaclass__ = type\n\nANSIBLE_METADATA = {'metadata_version': '1.1',\n 'status': ['preview'],\n 'supported_by': 'community'}\n\nDOCUMENTATION = \"\"\"\n---\nmodule: pfsense_rule_separator\nversion_added: 0.1.0\nauthor: Frederic Bor (@f-bor)\nshort_description: Manage pfSense firewall rule separators\ndescription:\n - Manage pfSense firewall rule separators\nnotes:\noptions:\n name:\n description: The name of the separator\n required: true\n type: str\n state:\n description: State in which to leave the separator\n choices: [ \"present\", \"absent\" ]\n default: present\n type: str\n interface:\n description: The interface for the separator\n type: str\n floating:\n description: Is the rule on floating tab\n type: bool\n after:\n description: Rule to go after, or \"top\"\n type: str\n before:\n description: Rule to go before, or \"bottom\"\n type: str\n color:\n description: The separator's color\n default: info\n choices: [ 'info', 'warning', 'danger', 'success' ]\n type: str\n\"\"\"\n\nEXAMPLES = \"\"\"\n- name: Add rule separator voip\n pfsense_rule_separator:\n name: voip\n state: present\n interface: lan_100\n\n- name: Remove rule separator voip\n pfsense_rule_separator:\n name: voip\n state: absent\n interface: lan_100\n\"\"\"\n\nRETURN = \"\"\"\ncommands:\n description: the set of separators commands that would be pushed to the remote device (if pfSense had a CLI)\n returned: success\n type: list\n sample: [\"create rule_separator 'SSH', interface='lan', color='info'\", \"update rule_separator 'SSH' set color='warning'\", \"delete rule_separator 'SSH'\"]\n\"\"\"\n\nfrom ansible.module_utils.basic import AnsibleModule\nfrom ansible_collections.pfsensible.core.plugins.module_utils.rule_separator import PFSenseRuleSeparatorModule\nfrom ansible_collections.pfsensible.core.plugins.module_utils.rule_separator import RULE_SEPARATOR_ARGUMENT_SPEC\nfrom ansible_collections.pfsensible.core.plugins.module_utils.rule_separator import RULE_SEPARATOR_REQUIRED_ONE_OF\nfrom ansible_collections.pfsensible.core.plugins.module_utils.rule_separator import RULE_SEPARATOR_MUTUALLY_EXCLUSIVE\n\n\ndef main():\n module = AnsibleModule(\n argument_spec=RULE_SEPARATOR_ARGUMENT_SPEC,\n required_one_of=RULE_SEPARATOR_REQUIRED_ONE_OF,\n mutually_exclusive=RULE_SEPARATOR_MUTUALLY_EXCLUSIVE,\n supports_check_mode=True)\n\n pfmodule = PFSenseRuleSeparatorModule(module)\n pfmodule.run(module.params)\n pfmodule.commit_changes()\n\n\nif __name__ == '__main__':\n main()\n"
},
{
"path": "plugins/modules/pfsense_setup.py",
"content": "#!/usr/bin/python\n# -*- coding: utf-8 -*-\n\n# Copyright: (c) 2018, Frederic Bor \n# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)\n\nfrom __future__ import absolute_import, division, print_function\n__metaclass__ = type\n\n\nANSIBLE_METADATA = {'metadata_version': '1.1',\n 'status': ['preview'],\n 'supported_by': 'community'}\n\nDOCUMENTATION = \"\"\"\n---\nmodule: pfsense_setup\nversion_added: 0.1.0\nauthor: Frederic Bor (@f-bor)\nshort_description: Manage pfSense general setup\ndescription:\n - Manage pfSense general setup\nnotes:\noptions:\n hostname:\n description: Hostname of the firewall host, without domain part\n required: false\n type: str\n domain:\n description: Domain name of the firewall host\n required: false\n type: str\n dns_addresses:\n description: DNS IP addresses, separated by space\n required: false\n type: str\n dns_hostnames:\n description: DNS hostnames, separated by space. You can use none for empty values.\n required: false\n type: str\n dns_gateways:\n description: DNS gateways, separated by space. You can use none for empty values.\n required: false\n type: str\n dnsallowoverride:\n description: Allow DNS server list to be overridden by DHCP/PPP on WAN\n required: false\n type: bool\n dnslocalhost:\n required: false\n description: >\n Do not use the DNS Forwarder/DNS Resolver as a DNS server for the firewall.\n \"\" Use local DNS (127.0.0.1), fall back to remote DNS servers (Default)\n \"local\" Use local DNS (127.0.0), ignore remote DNS servers\n \"remote\" Use remote DNS server, ignore local DNS\n true will be mapped to \"remote\"\n false will be mapped to \"\"\n type: str\n choices: [\"\", \"local\", \"remote\", \"true\", \"false\"]\n timezone:\n description: Select a geographic region name (Continent/Location) to determine the timezone for the firewall.\n required: false\n type: str\n timeservers:\n description: Time servers, separated by space\n required: false\n type: str\n language:\n description: Language for the webConfigurator.\n required: false\n type: str\n choices: ['bs', 'de_DE', 'en_US', 'es_AR', 'es_ES', 'fr_FR', 'it_IT', 'ko_FR', 'nb_NO', 'nl_NL', 'pl_PL', 'pt_BR', 'pt_PT', 'ru_RU', 'zh_CN', 'zh_Hans_CN',\n 'zh_Hans_HK', 'zh_Hant_TW']\n webguicert:\n description: SSL/TLS certificate for the web GUI.\n required: false\n type: str\n version_added: 0.7.2\n webguicss:\n description: >\n Choose an alternative CSS file (if installed) to change the appearance of the webConfigurator. Custom themes are also supported.\n If you want to use a custom pfsense CSS theme you need to upload it to the appliance first.\n Standard choices are 'pfsense', 'pfsense-dark','pfsense-dark-BETA','pfsense-BETA', and 'Compact-RED'.\n required: false\n type: str\n webguifixedmenu:\n description: When enabled, menu remains visible at top of page\n required: false\n type: bool\n webguihostnamemenu:\n description: Replaces the Help menu title in the Navbar with the system hostname or FQDN.\n required: false\n choices: ['nohost', 'hostonly', 'fqdn']\n type: str\n session_timeout:\n description: >\n Time in minutes to expire idle management sessions. The default is 4 hours (240 minutes).\n Use 0 to never expire sessions. NOTE: This is a security risk!\n required: false\n type: int\n authmode:\n description: Authentication Server ('Local Database' means local (Default)), use name of configured ldap or radius server\n required: false\n type: str\n shellauth:\n description: Use Authentication Server for Shell Authentication. Default is false.\n type: bool\n dashboardcolumns:\n description: Dashboard columns\n required: false\n type: int\n interfacessort:\n description: If selected, lists of interfaces will be sorted by description, otherwise they are listed wan,lan,optn...\n required: false\n type: bool\n dashboardavailablewidgetspanel:\n description: Show the Available Widgets panel on the Dashboard.\n required: false\n type: bool\n systemlogsfilterpanel:\n description: Show the Log Filter panel in System Logs.\n required: false\n type: bool\n systemlogsmanagelogpanel:\n description: Show the Manage Log panel in System Logs.\n required: false\n type: bool\n statusmonitoringsettingspanel:\n description: Show the Settings panel in Status Monitoring.\n required: false\n type: bool\n requirestatefilter:\n description: This option requires a filter to be entered before the states are displayed.\n required: false\n type: bool\n webguileftcolumnhyper:\n description: If selected, clicking a label in the left column will select/toggle the first item of the group.\n required: false\n type: bool\n disablealiaspopupdetail:\n description: If selected, the details in alias popups will not be shown, just the alias description (e.g. in Firewall Rules).\n required: false\n type: bool\n roworderdragging:\n description: Disables dragging rows to allow selecting and copying row contents and avoid accidental changes.\n required: false\n type: bool\n logincss:\n description: Color for the login page as six digit hexadecimal string e.g. V(33ffb2)\n required: false\n type: str\n loginshowhost:\n description: Show hostname on login banner\n required: false\n type: bool\n sshguard_whitelist:\n description: Addresses (in CIDR notation) listed will bypass login protection.\n required: false\n type: list\n elements: str\n version_added: 0.7.2\n crypto_hardware:\n description: >\n A cryptographic accelerator module will use hardware support to speed up some cryptographic functions on systems which have the chip. Loading the BSD\n Crypto Device module will allow access to acceleration devices using drivers built into the kernel, such as Hifn or ubsec chipsets. If the firewall does\n not contain a crypto chip, this option will have no effect. To unload the selected module, set this option to \"\" and then reboot.\n required: false\n type: str\n choices: ['', 'aesni', 'aesni_cryptodev', 'qat']\n version_added: 0.7.2\n thermal_hardware:\n description: >\n With a supported CPU, selecting a thermal sensor will load the appropriate driver to read its temperature. Setting this to \"None\" will attempt to read\n the temperature from an ACPI-compliant motherboard sensor instead, if one is present. If there is not a supported thermal sensor chip in the system, this\n option will have no effect. To unload the selected module, set this option to \"\" and then reboot.\n required: false\n type: str\n choices: ['', 'coretemp', 'amdtemp']\n version_added: 0.7.2\n\"\"\"\n\nEXAMPLES = \"\"\"\n- name: setup hostname and domain\n pfsense_setup:\n hostname: acme\n domain: corp.com\n\n- name: setup theme\n pfsense_setup:\n webguicss: pfSense-dark\n\n- name: timezone and language\n pfsense_setup:\n timezone: Europe/Paris\n language: fr\n\"\"\"\n\nRETURN = \"\"\"\ncommands:\n description: the set of commands that would be pushed to the remote device (if pfSense had a CLI)\n returned: always\n type: list\n sample: [\"update setup general set hostname='acme', domain='corp.com'\"]\n\"\"\"\n\nimport re\nfrom os import listdir\nfrom os.path import isfile, join\nfrom ansible.module_utils.basic import AnsibleModule\nfrom ansible_collections.pfsensible.core.plugins.module_utils.arg_route import p2o_cert\nfrom ansible_collections.pfsensible.core.plugins.module_utils.arg_validate import validate_cert\nfrom ansible_collections.pfsensible.core.plugins.module_utils.module_config_base import PFSenseModuleConfigBase\n\n\nSETUP_ARGUMENT_SPEC = dict(\n hostname=dict(required=False, type='str'),\n domain=dict(required=False, type='str'),\n dns_addresses=dict(required=False, type='str'),\n dns_hostnames=dict(required=False, type='str'),\n dns_gateways=dict(required=False, type='str'),\n dnsallowoverride=dict(required=False, type='bool'),\n dnslocalhost=dict(required=False, type='str', choices=[\n '',\n 'local',\n 'remote',\n 'true',\n 'false',\n ]),\n timezone=dict(required=False, type='str'),\n timeservers=dict(required=False, type='str'),\n language=dict(\n required=False,\n type='str',\n choices=['bs', 'de_DE', 'en_US', 'es_AR', 'es_ES', 'fr_FR', 'it_IT', 'ko_FR', 'nb_NO', 'nl_NL', 'pl_PL', 'pt_BR', 'pt_PT', 'ru_RU', 'zh_CN',\n 'zh_Hans_CN', 'zh_Hans_HK', 'zh_Hant_TW'],\n ),\n session_timeout=dict(required=False, type='int'),\n authmode=dict(required=False, type='str'),\n shellauth=dict(required=False, type='bool'),\n webguicert=dict(required=False, type='str'),\n webguicss=dict(required=False, type='str'),\n webguifixedmenu=dict(required=False, type='bool'),\n webguihostnamemenu=dict(required=False, type='str', choices=['nohost', 'hostonly', 'fqdn']),\n dashboardcolumns=dict(required=False, type='int'),\n interfacessort=dict(required=False, type='bool'),\n dashboardavailablewidgetspanel=dict(required=False, type='bool'),\n systemlogsfilterpanel=dict(required=False, type='bool'),\n systemlogsmanagelogpanel=dict(required=False, type='bool'),\n statusmonitoringsettingspanel=dict(required=False, type='bool'),\n requirestatefilter=dict(required=False, type='bool'),\n webguileftcolumnhyper=dict(required=False, type='bool'),\n disablealiaspopupdetail=dict(required=False, type='bool'),\n roworderdragging=dict(required=False, type='bool'),\n logincss=dict(required=False, type='str'),\n loginshowhost=dict(required=False, type='bool'),\n sshguard_whitelist=dict(required=False, type='list', elements='str'),\n crypto_hardware=dict(required=False, type='str', choices=['', 'aesni', 'aesni_cryptodev', 'qat']),\n thermal_hardware=dict(required=False, type='str', choices=['', 'coretemp', 'amdtemp']),\n)\n\n\ndef p2o_dnslocalhost(self, name, params, obj):\n if params[name] is not None:\n if str(params.get(name)).lower() in ['', 'false']:\n obj[name] = ''\n elif str(params.get(name)).lower() in ['remote', 'true']:\n obj[name] = 'remote'\n elif params.get(name).lower() == 'local':\n obj[name] = 'local'\n\n\ndef p2o_network_list_to_space_separated(self, name, params, obj):\n if params[name] is not None:\n for net in params[name]:\n if not (self.pfsense.is_ipv4_network(net, strict=False) or self.pfsense.is_ipv6_network(net, strict=False)):\n self.module.fail_json(msg=f\"Address {net} is not a valid network\")\n obj[name] = ' '.join(params[name])\n\n\ndef p2o_webguicss(self, name, params, obj):\n if params[name] is not None:\n # Add .css suffix if not present\n if params[name][-4:] != '.css':\n obj[name] = params[name] + '.css'\n else:\n obj[name] = params[name]\n\n\ndef validate_webguicss(self, webguicss):\n \"\"\" check css style \"\"\"\n path = '/usr/local/www/css/'\n themes = [f for f in listdir(path) if isfile(join(path, f)) and f.endswith('.css') and f.find('login') == -1 and f.find('logo') == -1]\n themes = map(lambda x: x.replace('.css', ''), themes)\n if webguicss.rstrip('.css') not in themes:\n raise ValueError(\"The submitted theme '%s' could not be found. Pick a different theme.\" % webguicss)\n\n\n# TODO - validate crypto_hardware against $crypto_modules = getSystemAdvancedMiscCryptoModules();\nSETUP_ARG_ROUTE = dict(\n dnslocalhost=dict(parse=p2o_dnslocalhost),\n sshguard_whitelist=dict(parse=p2o_network_list_to_space_separated),\n webguicert=dict(parse=p2o_cert, validate=validate_cert),\n webguicss=dict(parse=p2o_webguicss, validate=validate_webguicss),\n)\n\n# Booleans that map to different values\nSETUP_BOOL_VALUES = dict(\n webguifixedmenu=(None, 'fixed'),\n)\n\nSETUP_MAP_PARAM = [\n ('authmode', 'webgui/authmode'),\n ('dashboardavailablewidgetspanel', 'webgui/dashboardavailablewidgetspanel'),\n ('dashboardcolumns', 'webgui/dashboardcolumns'),\n ('disablealiaspopupdetail', 'webgui/disablealiaspopupdetail'),\n ('interfacessort', 'webgui/interfacessort'),\n ('logincss', 'webgui/logincss'),\n ('loginshowhost', 'webgui/loginshowhost'),\n ('requirestatefilter', 'webgui/requirestatefilter'),\n ('roworderdragging', 'webgui/roworderdragging'),\n ('session_timeout', 'webgui/session_timeout'),\n ('shellauth', 'webgui/shellauth'),\n ('statusmonitoringsettingspanel', 'webgui/statusmonitoringsettingspanel'),\n ('systemlogsfilterpanel', 'webgui/systemlogsfilterpanel'),\n ('systemlogsmanagelogpanel', 'webgui/systemlogsmanagelogpanel'),\n ('webguicert', 'webgui/ssl-certref'),\n ('webguicss', 'webgui/webguicss'),\n ('webguifixedmenu', 'webgui/webguifixedmenu'),\n ('webguihostnamemenu', 'webgui/webguihostnamemenu'),\n ('webguileftcolumnhyper', 'webgui/webguileftcolumnhyper'),\n]\n\n\nclass PFSenseSetupModule(PFSenseModuleConfigBase):\n \"\"\" module managing pfsense routes \"\"\"\n\n @staticmethod\n def get_argument_spec():\n \"\"\" return argument spec \"\"\"\n return SETUP_ARGUMENT_SPEC\n\n ##############################\n # init\n #\n def __init__(self, module, pfsense=None):\n super(PFSenseSetupModule, self).__init__(module, pfsense, name='pfsense_setup', root='pfsense', node='system', arg_route=SETUP_ARG_ROUTE,\n bool_style='absent/present', bool_values=SETUP_BOOL_VALUES, map_param=SETUP_MAP_PARAM)\n self.route_cmds = list()\n self.params_to_delete = list()\n\n ##############################\n # params processing\n #\n def _dns_params_to_obj(self, params, obj):\n \"\"\" set the dns servers from params to obj \"\"\"\n dns_addresses = None\n dns_hostnames = []\n dns_gateways = []\n idx = 0\n if params.get('dns_addresses') is not None:\n dns_addresses = params['dns_addresses'].split()\n del obj['dns_addresses']\n if params.get('dns_hostnames') is not None:\n dns_hostnames = params['dns_hostnames'].split()\n del obj['dns_hostnames']\n if params.get('dns_gateways') is not None:\n dns_gateways = params['dns_gateways'].split()\n del obj['dns_gateways']\n\n if dns_addresses is not None:\n # set the servers\n obj['dnsserver'] = dns_addresses\n\n # set the names & gateways\n for address in dns_addresses:\n gateway = 'none'\n if idx < len(dns_hostnames) and dns_hostnames[idx] != 'none':\n obj['dns{0}host'.format(idx + 1)] = dns_hostnames[idx]\n if idx < len(dns_gateways) and dns_gateways[idx] != 'none':\n gateway = dns_gateways[idx]\n\n gw_key = 'dns{0}gw'.format(idx + 1)\n if gw_key not in obj or gateway != obj[gw_key]:\n obj[gw_key] = gateway\n if self.pfsense.is_ipv4_address(address):\n self.route_cmds.append('/sbin/route delete {0}'.format(address))\n elif self.pfsense.is_ipv6_address(address):\n self.route_cmds.append('/sbin/route delete -inet6 {0}'.format(address))\n\n idx += 1\n\n elif 'dnsserver' in obj:\n # no servers\n del obj['dnsserver']\n\n idx += 1\n # delete everything required\n while True:\n host = 'dns{0}host'.format(idx)\n gateway = 'dns{0}gw'.format(idx)\n if host not in obj and gateway not in obj:\n break\n if host in obj:\n del obj[host]\n self.params_to_delete.append(host)\n if gateway in obj:\n del obj[gateway]\n self.params_to_delete.append(gateway)\n idx += 1\n\n def _params_to_obj(self):\n \"\"\" return a dict from module params \"\"\"\n obj = super(PFSenseSetupModule, self)._params_to_obj()\n self._dns_params_to_obj(self.params, obj)\n return obj\n\n def _validate_hostname(self, hostname, name, strict=False):\n \"\"\" check hostname, if strict is true, check if domain is omitted \"\"\"\n host = hostname.lower()\n groups = re.match(r'^(?:(?:[a-z_0-9]|[a-z_0-9][a-z_0-9\\-]*[a-z_0-9])\\.)*(?:[a-z_0-9]|[a-z_0-9][a-z_0-9\\-]*[a-z_0-9\\.])$', host)\n if groups is None:\n self.module.fail_json(msg=\"The {0} can only contain the characters A-Z, 0-9 and '-'. It may not start or end with '-'\".format(name))\n\n if strict:\n groups = re.match(r'^(?:[a-z0-9_]|[a-z0-9_][a-z0-9_\\-]*[a-z0-9_])$', host)\n if groups is None:\n self.module.fail_json(msg='A valid {0} is specified, but the domain name part should be omitted'.format(name))\n\n def _validate_params(self):\n \"\"\" do some extra checks on input parameters \"\"\"\n super(PFSenseSetupModule, self)._validate_params()\n params = self.params\n\n if params.get('dashboardcolumns') is not None and (params['dashboardcolumns'] < 1 or params['dashboardcolumns'] > 6):\n self.module.fail_json(msg='The submitted Dashboard Columns value is invalid.')\n\n if params.get('domain') is not None:\n domain = params['domain'].lower()\n groups = re.match(r'^(?:(?:[a-z_0-9]|[a-z_0-9][a-z_0-9\\-]*[a-z_0-9])\\.)*(?:[a-z_0-9]|[a-z_0-9][a-z_0-9\\-]*[a-z_0-9\\.])$', domain)\n if groups is None:\n self.module.fail_json(msg=\"The domain may only contain the characters a-z, 0-9, '-' and '.'\")\n\n if params.get('hostname') is not None:\n self._validate_hostname(params['hostname'], 'hostname', True)\n\n if params.get('logincss') is not None:\n error = False\n try:\n int(params['logincss'], 16)\n except ValueError:\n error = True\n if error or len(params['logincss']) != 6:\n self.module.fail_json(msg=\"logincss must be a six digits hexadecimal string.\")\n\n if params.get('timezone') is not None:\n self._validate_timezone(params['timezone'])\n\n if params.get('timeservers') is not None:\n for timeserver in params['timeservers'].split(' '):\n self._validate_hostname(timeserver, 'timeserver')\n\n if params.get('authmode') is not None:\n value = params.get('authmode')\n if value != 'Local Database':\n authserver_elt = self.pfsense.find_elt('authserver', value, search_field='name', root_elt=self.root_elt.find(self.node))\n if authserver_elt is None:\n self.module.fail_json(msg=\"Given authserver '{0}' could not be found.\".format(value))\n\n if params.get('shellauth') is not None and params.get('shellauth') is True:\n if authserver_elt.find('type').text == 'ldap':\n # check if ldap_pam_groupdn is set\n if authserver_elt.find('ldap_pam_groupdn') is None or \\\n authserver_elt.find('ldap_pam_groupdn').text is None or \\\n authserver_elt.find('ldap_pam_groupdn').text == '':\n self.module.fail_json(msg=\"ldap_pam_groupdn not set for authserver '{0}'.\".format(value))\n\n # DNS\n ip_types = []\n dns_addresses = []\n if params.get('dns_addresses') is not None:\n dns_addresses = params['dns_addresses'].split()\n for address in dns_addresses:\n if dns_addresses.count(address) > 1:\n self.module.fail_json(msg='Each configured DNS server must have a unique IP address. Remove the duplicated IP.')\n\n if self.pfsense.is_ipv4_address(address):\n ip_types.append(4)\n elif self.pfsense.is_ipv6_address(address):\n ip_types.append(6)\n else:\n self.module.fail_json(msg='A valid IP address must be specified for DNS server {0}.'.format(address))\n\n if params.get('dns_hostnames') is not None:\n for hostname in params['dns_hostnames'].split(' '):\n if hostname != 'none':\n self._validate_hostname(hostname, 'DNS hostname')\n\n if params.get('dns_gateways') is not None:\n for idx, address in enumerate(params['dns_gateways'].split(' ')):\n if idx >= len(dns_addresses) or address == 'none':\n continue\n\n if self.pfsense.find_gateway_elt(address, protocol='inet') is not None:\n if ip_types[idx] == 6:\n self.module.fail_json(msg='The IPv4 gateway \"{0}\" can not be specified for IPv6 DNS server \"{1}\".'.format(address, dns_addresses[idx]))\n elif self.pfsense.find_gateway_elt(address, protocol='inet6') is not None:\n if ip_types[idx] == 4:\n self.module.fail_json(msg='The IPv6 gateway \"{0}\" can not be specified for IPv4 DNS server \"{1}\".'.format(address, dns_addresses[idx]))\n else:\n self.module.fail_json(msg='The gateway \"{0}\" does not exist.'.format(address))\n\n if self.pfsense.is_within_local_networks(dns_addresses[idx]):\n self.module.fail_json(\n msg=\"A gateway can not be assigned to DNS '{0}' server which is on a directly connected network.\".format(dns_addresses[idx])\n )\n\n def _validate_timezone(self, timezone):\n \"\"\" check timezone \"\"\"\n path = '/usr/share/zoneinfo/'\n if not isfile(path + timezone) or timezone[:1] < 'A' or timezone[:1] > 'Z':\n self.module.fail_json(msg='The submitted timezone is invalid')\n\n ##############################\n # XML processing\n #\n def _get_params_to_remove(self):\n \"\"\" returns the list of params to remove if they are not set \"\"\"\n to_remove = super(PFSenseSetupModule, self)._get_params_to_remove()\n to_remove.extend(self.params_to_delete)\n return to_remove\n\n ##############################\n # run\n #\n def _update(self):\n \"\"\" make the target pfsense reload \"\"\"\n for cmd in self.route_cmds:\n self.module.run_command(cmd)\n\n cmd = '''\nrequire_once(\"auth.inc\");\nrequire_once(\"filter.inc\");\nrequire_once(\"pfsense-utils.inc\");\nrequire_once(\"system_advanced_admin.inc\");\n$retval = 0;\n$retval |= system_hostname_configure();\n$retval |= system_hosts_generate();\n$retval |= system_resolvconf_generate();\nif (config_path_enabled('dnsmasq')) {\n $retval |= services_dnsmasq_configure();\n} elseif (config_path_enabled('unbound')) {\n $retval |= services_unbound_configure();\n}\n$retval |= system_timezone_configure();\n$retval |= system_ntp_configure();\nload_crypto();\nload_thermal_hardware();'''\n\n if self.params.get('dnsallowoverride') is not None:\n if (self.params['dnsallowoverride'] and 'dnsallowoverride' not in self.diff['before'] or\n not self.params['dnsallowoverride'] and 'dnsallowoverride' in self.diff['before']):\n cmd += '$retval |= send_event(\"service reload dns\");\\n'\n\n if self.params.get('shellauth') is not None:\n cmd += '$retval |= set_pam_auth();'\n\n cmd += '$retval |= filter_configure();\\n'\n\n restart_sshguard = False\n for param in ['sshguard_whitelist']:\n if self.obj.get(param) != self.diff['before'].get(param):\n restart_sshguard = True\n if restart_sshguard:\n cmd += 'system_sshguard_stop();$retval |= system_syslogd_start(true);\\n'\n\n restart_webgui = False\n for param in ['ssl-certref']:\n if self.obj['webgui'].get(param) != self.diff['before']['webgui'].get(param):\n restart_webgui = True\n if restart_webgui:\n cmd += 'restart_GUI();\\n'\n\n self.result['cmd'] = cmd\n return self.pfsense.phpshell(cmd)\n\n ##############################\n # Logging\n #\n @staticmethod\n def _get_obj_name():\n \"\"\" return obj's name \"\"\"\n return \"general\"\n\n def _log_fields(self, before=None):\n \"\"\" generate pseudo-CLI command fields parameters to create an obj \"\"\"\n bwebgui = self.diff['before']['webgui']\n webgui = self.obj['webgui']\n\n obj_before = self._prepare_dns_log(self.diff['before'])\n obj_after = self._prepare_dns_log(self.obj)\n\n values = ''\n values += self.format_updated_cli_field(self.obj, self.diff['before'], 'hostname', add_comma=(values), log_none=False)\n values += self.format_updated_cli_field(self.obj, self.diff['before'], 'domain', add_comma=(values), log_none=False)\n\n values += self.format_updated_cli_field(obj_after, obj_before, 'dns_addresses', add_comma=(values), log_none=True)\n values += self.format_updated_cli_field(obj_after, obj_before, 'dns_hostnames', add_comma=(values), log_none=True)\n values += self.format_updated_cli_field(obj_after, obj_before, 'dns_gateways', add_comma=(values), log_none=True)\n\n values += self.format_updated_cli_field(self.obj, self.diff['before'], 'timezone', add_comma=(values), log_none=False)\n values += self.format_updated_cli_field(self.obj, self.diff['before'], 'timeservers', add_comma=(values), log_none=False)\n values += self.format_updated_cli_field(self.obj, self.diff['before'], 'language', add_comma=(values), log_none=False)\n\n values += self.format_updated_cli_field(self.obj, self.diff['before'], 'dnsallowoverride', fvalue=self.fvalue_bool, add_comma=(values), log_none=False)\n values += self.format_updated_cli_field(self.obj, self.diff['before'], 'dnslocalhost', add_comma=(values), log_none=False)\n\n values += self.format_updated_cli_field(obj_after, obj_before, 'webguicert', add_comma=(values), log_none=False)\n values += self.format_updated_cli_field(obj_after, obj_before, 'webguicss', add_comma=(values), log_none=False)\n values += self.format_updated_cli_field(webgui, bwebgui, 'webguifixedmenu', fvalue=self.fvalue_bool, add_comma=(values), log_none=False)\n values += self.format_updated_cli_field(webgui, bwebgui, 'webguihostnamemenu', add_comma=(values), log_none=False)\n values += self.format_updated_cli_field(webgui, bwebgui, 'dashboardcolumns', add_comma=(values), log_none=False)\n\n values += self.format_updated_cli_field(webgui, bwebgui, 'interfacessort', fvalue=self.fvalue_bool, add_comma=(values), log_none=False)\n values += self.format_updated_cli_field(webgui, bwebgui, 'dashboardavailablewidgetspanel', fvalue=self.fvalue_bool, add_comma=(values), log_none=False)\n values += self.format_updated_cli_field(webgui, bwebgui, 'systemlogsfilterpanel', fvalue=self.fvalue_bool, add_comma=(values), log_none=False)\n values += self.format_updated_cli_field(webgui, bwebgui, 'systemlogsmanagelogpanel', fvalue=self.fvalue_bool, add_comma=(values), log_none=False)\n values += self.format_updated_cli_field(webgui, bwebgui, 'statusmonitoringsettingspanel', fvalue=self.fvalue_bool, add_comma=(values), log_none=False)\n values += self.format_updated_cli_field(webgui, bwebgui, 'requirestatefilter', fvalue=self.fvalue_bool, add_comma=(values), log_none=False)\n values += self.format_updated_cli_field(webgui, bwebgui, 'webguileftcolumnhyper', fvalue=self.fvalue_bool, add_comma=(values), log_none=False)\n values += self.format_updated_cli_field(webgui, bwebgui, 'disablealiaspopupdetail', fvalue=self.fvalue_bool, add_comma=(values), log_none=False)\n values += self.format_updated_cli_field(webgui, bwebgui, 'roworderdragging', fvalue=self.fvalue_bool, add_comma=(values), log_none=False)\n values += self.format_updated_cli_field(webgui, bwebgui, 'logincss', add_comma=(values), log_none=False)\n values += self.format_updated_cli_field(webgui, bwebgui, 'loginshowhost', fvalue=self.fvalue_bool, add_comma=(values), log_none=False)\n\n return values\n\n @staticmethod\n def _prepare_dns_log(obj):\n \"\"\" construct dict for logging \"\"\"\n ret = dict()\n webgui = obj['webgui']\n\n ret['webguicss'] = webgui['webguicss'].replace('.css', '') if 'webguicss' in webgui else None\n\n if 'dnsserver' in obj:\n ret['dns_addresses'] = ' '.join(obj['dnsserver'])\n else:\n ret['dns_addresses'] = None\n\n ret['dns_hostnames'] = None\n ret['dns_gateways'] = None\n idx = 1\n hosts = list()\n gateways = list()\n while True:\n host = 'dns{0}host'.format(idx)\n gateway = 'dns{0}gw'.format(idx)\n if host not in obj or gateway not in obj:\n break\n\n hosts.append(obj[host] if obj[host] != '' else 'none')\n gateways.append(obj[gateway] if obj[gateway] != '' else 'none')\n\n idx += 1\n\n # we have multiple string that can give the same configuration\n # we remove the ending nones (assuming the user won't specify them for nothing)\n while True:\n if len(hosts) and hosts[-1] == 'none':\n hosts.pop()\n continue\n if len(gateways) and gateways[-1] == 'none':\n gateways.pop()\n continue\n break\n if len(hosts):\n ret['dns_hostnames'] = ' '.join(hosts)\n if len(gateways):\n ret['dns_gateways'] = ' '.join(gateways)\n return ret\n\n\ndef main():\n module = AnsibleModule(\n argument_spec=SETUP_ARGUMENT_SPEC,\n supports_check_mode=True)\n\n pfmodule = PFSenseSetupModule(module)\n pfmodule.run(module.params)\n pfmodule.commit_changes()\n\n\nif __name__ == '__main__':\n main()\n"
},
{
"path": "plugins/modules/pfsense_shellcmd.py",
"content": "#!/usr/bin/python\n# -*- coding: utf-8 -*-\n\n# Copyright: (c) 2024, Orion Poplawski \n# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)\n\nfrom __future__ import (absolute_import, division, print_function)\n__metaclass__ = type\n\nDOCUMENTATION = r'''\n---\nmodule: pfsense_shellcmd\n\nshort_description: Manage pfSense shellcmds\n\nversion_added: \"0.7.0\"\n\ndescription:\n - Manage pfSense shellcmds. This requires the pfSense shellcmd package to be installed.\n\noptions:\n description:\n description: The description of the shellcmd.\n required: true\n type: str\n state:\n description: State in which to leave the shellcmd.\n default: present\n choices: ['present', 'absent']\n type: str\n cmd:\n description: The command to run.\n type: str\n cmdtype:\n description: Type of the shell command, defaults to `shellcmd`. There can only be one `afterfilterchangeshellcmd` command. If there is an existing one, it\n will be replaced.\n choices: ['shellcmd', 'earlyshellcmd', 'afterfilterchangeshellcmd', 'disabled']\n type: str\n\nauthor: Orion Poplawski (@opoplawski)\n'''\n\nEXAMPLES = r'''\n- name: Add myitem shellcmd\n pfsensible.core.pfsense_shellcmd:\n description: myitem\n cmd: echo hi\n cmdtype: shellcmd\n state: present\n\n- name: Remove myitem shellcmd\n pfsensible.core.pfsense_shellcmd:\n description: myitem\n state: absent\n'''\nRETURN = r'''\ncommands:\n description: the set of commands that would be pushed to the remote device (if pfSense had a CLI)\n returned: always\n type: list\n sample: [\"create shellcmd 'myitem'\", \"update shellcmd 'myitem' set ...\", \"delete shellcmd 'myitem'\"]\n'''\n\nfrom ansible.module_utils.basic import AnsibleModule\nfrom ansible_collections.pfsensible.core.plugins.module_utils.module_base import PFSenseModuleBase\n\n# Compact style\nSHELLCMD_ARGUMENT_SPEC = dict(\n # Only description should be required here - othewise you cannot remove an item with just 'description'\n # Required arguments for creation should be noted in SHELLCMD_REQUIRED_IF = ['state', 'present', ...] below\n description=dict(required=True, type='str'),\n state=dict(type='str', default='present', choices=['present', 'absent']),\n cmd=dict(type='str'),\n cmdtype=dict(type='str', choices=['shellcmd', 'earlyshellcmd', 'afterfilterchangeshellcmd', 'disabled'],),\n)\n\nSHELLCMD_REQUIRED_IF = [\n ['state', 'present', ['cmd']],\n]\n\n# default values when creating a new shellcmd\nSHELLCMD_CREATE_DEFAULT = dict(\n cmdtype='shellcmd',\n)\n\nSHELLCMD_PHP_COMMAND_SET = r'''\nrequire_once(\"shellcmd.inc\");\nshellcmd_sync_package();\n'''\n\n\nclass PFSenseShellcmdModule(PFSenseModuleBase):\n \"\"\" module managing pfsense shellcmds \"\"\"\n\n ##############################\n # unit tests\n #\n # Must be class method for unit test usage\n @staticmethod\n def get_argument_spec():\n \"\"\" return argument spec \"\"\"\n return SHELLCMD_ARGUMENT_SPEC\n\n def __init__(self, module, pfsense=None):\n super(PFSenseShellcmdModule, self).__init__(module, pfsense, package='Shellcmd', root='shellcmdsettings', node='config', key='description',\n update_php=SHELLCMD_PHP_COMMAND_SET, create_default=SHELLCMD_CREATE_DEFAULT)\n\n ##############################\n # XML processing\n #\n def _find_target(self):\n \"\"\" find the XML target_elt \"\"\"\n # There can be only one 'afterfilterchangeshellcmd' shellcmd\n if self.params['cmdtype'] == 'afterfilterchangeshellcmd':\n result = self.root_elt.findall(\"{node}[{key}='{value}']\".format(node=self.node, key='cmdtype', value='afterfilterchangeshellcmd'))\n else:\n result = self.root_elt.findall(\"{node}[{key}='{value}']\".format(node=self.node, key=self.key, value=self.obj[self.key]))\n if len(result) == 1:\n return result[0]\n elif len(result) > 1:\n self.module.fail_json(msg='Found multiple {node}s for {key} {value}.'.format(node=self.node, key=self.key, value=self.obj[self.key]))\n else:\n return None\n\n\ndef main():\n module = AnsibleModule(\n argument_spec=SHELLCMD_ARGUMENT_SPEC,\n required_if=SHELLCMD_REQUIRED_IF,\n supports_check_mode=True)\n\n pfmodule = PFSenseShellcmdModule(module)\n # Pass params for testing framework\n pfmodule.run(module.params)\n pfmodule.commit_changes()\n\n\nif __name__ == '__main__':\n main()\n"
},
{
"path": "plugins/modules/pfsense_user.py",
"content": "#!/usr/bin/python\n# -*- coding: utf-8 -*-\n\n# Copyright: (c) 2019-2024, Orion Poplawski \n# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)\n\nfrom __future__ import (absolute_import, division, print_function)\n__metaclass__ = type\n\nDOCUMENTATION = r'''\n---\nmodule: pfsense_user\nversion_added: 0.1.0\nshort_description: Manage pfSense users\ndescription:\n >\n Manage pfSense users\nauthor: Orion Poplawski (@opoplawski)\nnotes:\noptions:\n name:\n description: The name of the user.\n required: true\n type: str\n state:\n description: State in which to leave the user.\n default: present\n choices: [ \"present\", \"absent\" ]\n type: str\n descr:\n description: Description of the user.\n type: str\n scope:\n description: Scope of the user ('user' is a normal user, use 'system' for 'admin' user). Defaults to `user`.\n choices: [ \"user\", \"system\" ]\n type: str\n uid:\n description:\n - UID of the user.\n - Will use next available UID if not specified.\n type: str\n groups:\n description: Groups of the user.\n type: list\n elements: str\n password:\n description: bcrypt encrypted password of the user.\n type: str\n priv:\n description:\n - A list of privileges to assign.\n - Allowed values include page-all, user-shell-access.\n type: list\n elements: str\n authorizedkeys:\n description: Authorized SSH Keys of the user. Can be base64 encoded.\n type: str\n disabled:\n description: Disables the user, so that they cannot login.\n default: false\n type: bool\n version_added: 0.7.1\n'''\n\nEXAMPLES = r'''\n- name: Add operator user\n pfsense_user:\n name: operator\n descr: Operator\n scope: user\n groups: [ 'Operators' ]\n priv: [ 'page-all', 'user-shell-access' ]\n\n- name: Remove user\n pfsense_user:\n name: operator\n state: absent\n'''\n\nRETURN = r'''\n\n'''\n\nimport base64\nimport re\n\nfrom ansible.module_utils.basic import AnsibleModule\nfrom ansible_collections.pfsensible.core.plugins.module_utils.module_base import PFSenseModuleBase\n\nUSER_ARGUMENT_SPEC = dict(\n name=dict(required=True, type='str'),\n state=dict(type='str', default='present', choices=['present', 'absent']),\n descr=dict(type='str'),\n scope=dict(type='str', choices=['user', 'system']),\n uid=dict(type='str'),\n password=dict(type='str', no_log=True),\n groups=dict(type='list', elements='str'),\n priv=dict(type='list', elements='str'),\n authorizedkeys=dict(type='str'),\n disabled=dict(type='bool', default=False),\n)\n\nUSER_CREATE_DEFAULT = dict(\n scope='user',\n)\n\nUSER_MAP_PARAM = [\n ('password', 'bcrypt-hash'),\n]\n\n\ndef parse_groups(self, name, params, obj):\n # Groups are not stored in the user object\n if params[name] is not None:\n self.user_groups = params[name]\n\n\ndef p2o_ssh_pub_key(self, name, params, obj):\n # Allow ssh keys to be clear or base64 encoded\n if params[name] is not None and 'ssh-' in params[name]:\n obj[name] = base64.b64encode(params[name].encode()).decode()\n\n\ndef validate_password(self, password):\n if not re.match(r'\\$2[aby]\\$', str(password)):\n raise ValueError('Password (%s) does not appear to be a bcrypt hash' % (password))\n\n\nUSER_ARG_ROUTE = dict(\n authorizedkeys=dict(parse=p2o_ssh_pub_key),\n groups=dict(parse=parse_groups),\n password=dict(validate=validate_password),\n)\n\nUSER_PHP_COMMAND_PREFIX = \"\"\"\nrequire_once('auth.inc');\n$groupindex = index_groups();\n$group_config = config_get_path('system/group');\n\"\"\"\n\nUSER_PHP_COMMAND_SET = USER_PHP_COMMAND_PREFIX + \"\"\"\n$userent = config_get_path('system/user')[{idx}];\nlocal_user_set($userent);\nforeach ({mod_groups} as $groupname) {{\n $group = $group_config[$groupindex[$groupname]];\n local_group_set($group);\n}}\nif (is_dir(\"/etc/inc/privhooks\")) {{\n run_plugins(\"/etc/inc/privhooks\");\n}}\n\"\"\"\n\n# This runs after we remove the group from the config so we can't use $config\nUSER_PHP_COMMAND_DEL = USER_PHP_COMMAND_PREFIX + \"\"\"\n$userent['name'] = '{name}';\n$userent['uid'] = {uid};\nforeach ({mod_groups} as $groupname) {{\n $group = $group_config[$groupindex[$groupname]];\n local_group_set($group);\n}}\nlocal_user_del($userent);\n\"\"\"\n\n\nclass PFSenseUserModule(PFSenseModuleBase):\n \"\"\" module managing pfsense users \"\"\"\n\n ##############################\n # unit tests\n #\n # Must be class method for unit test usage\n @staticmethod\n def get_argument_spec():\n \"\"\" return argument spec \"\"\"\n return USER_ARGUMENT_SPEC\n\n def __init__(self, module, pfsense=None):\n super(PFSenseUserModule, self).__init__(module, pfsense, root='system', node='user', key='name',\n arg_route=USER_ARG_ROUTE, map_param=USER_MAP_PARAM, create_default=USER_CREATE_DEFAULT)\n self.groups = self.root_elt.findall('group')\n self.user_groups = None\n self.mod_groups = []\n\n ##############################\n # XML processing\n #\n def _find_group_elt(self, name):\n return self.pfsense.find_elt('group', name, search_field='name', root_elt=self.root_elt)\n\n def _find_group_names_for_uid(self, uid):\n groups = []\n for group_elt in self.pfsense.find_elt(\"group\", uid, search_field=\"member\", root_elt=self.root_elt, multiple_ok=True):\n groups.append(group_elt.find('name').text)\n return groups\n\n def _nextuid(self):\n nextuid_elt = self.root_elt.find('nextuid')\n nextuid = nextuid_elt.text\n nextuid_elt.text = str(int(nextuid) + 1)\n return nextuid\n\n def _format_diff_priv(self, priv):\n if isinstance(priv, str):\n return [priv]\n else:\n return priv\n\n def _copy_and_add_target(self):\n \"\"\" populate the XML target_elt \"\"\"\n obj = self.obj\n if 'bcrypt-hash' not in obj:\n self.module.fail_json(msg='Password is required when adding a user')\n if 'uid' not in obj:\n obj['uid'] = self._nextuid()\n\n self.diff['after'] = obj\n self.pfsense.copy_dict_to_element(self.obj, self.target_elt)\n self._update_groups()\n self.root_elt.insert(self._find_last_element_index(), self.target_elt)\n # Reset users list\n self.elements = self.root_elt.findall(self.node)\n\n def _copy_and_update_target(self):\n \"\"\" update the XML target_elt \"\"\"\n before = self.pfsense.element_to_dict(self.target_elt)\n self.diff['before'] = before\n if 'priv' in before:\n before['priv'] = self._format_diff_priv(before['priv'])\n changed = self.pfsense.copy_dict_to_element(self.obj, self.target_elt)\n self.diff['after'] = self.pfsense.element_to_dict(self.target_elt)\n if 'priv' in self.diff['after']:\n self.diff['after']['priv'] = self._format_diff_priv(self.diff['after']['priv'])\n if self._remove_deleted_disabled_param():\n changed = True\n if self._update_groups():\n changed = True\n\n return (before, changed)\n\n def _update_groups(self):\n user = self.obj\n changed = False\n\n # Only modify group membership is groups was specified\n if self.user_groups is not None:\n # Handle group member element - need uid set or retrieved above\n uid = self.target_elt.find('uid').text\n # Get current group membership\n self.diff['before']['groups'] = self._find_group_names_for_uid(uid)\n\n # Add user to groups if needed\n for group in self.user_groups:\n group_elt = self._find_group_elt(group)\n if group_elt is None:\n self.module.fail_json(msg='Group (%s) does not exist' % group)\n if len(group_elt.findall(\"[member='{0}']\".format(uid))) == 0:\n changed = True\n self.mod_groups.append(group)\n group_elt.append(self.pfsense.new_element('member', uid))\n\n # Remove user from groups if needed\n for group in self.diff['before']['groups']:\n if group not in self.user_groups:\n group_elt = self._find_group_elt(group)\n if group_elt is None:\n self.module.fail_json(msg='Group (%s) does not exist' % group)\n for member_elt in group_elt.findall('member'):\n if member_elt.text == uid:\n changed = True\n self.mod_groups.append(group)\n group_elt.remove(member_elt)\n break\n\n # Groups are not stored in the user element\n self.diff['after']['groups'] = self.user_groups\n\n # Decode keys for diff\n for k in self.diff:\n if 'authorizedkeys' in self.diff[k]:\n self.diff[k]['authorizedkeys'] = base64.b64decode(self.diff[k]['authorizedkeys'])\n\n return changed\n\n def _remove_deleted_disabled_param(self):\n \"\"\" Remove disabled param if user is re-enabled \"\"\"\n changed = False\n\n if self.pfsense.remove_deleted_param_from_elt(self.target_elt, 'disabled', self.obj):\n changed = True\n\n return changed\n\n ##############################\n # run\n #\n def _update(self):\n if self.params['state'] == 'present':\n return self.pfsense.phpshell(USER_PHP_COMMAND_SET.format(idx=self._find_this_element_index(), mod_groups=self.mod_groups))\n else:\n return self.pfsense.phpshell(USER_PHP_COMMAND_DEL.format(name=self.obj['name'], uid=self.obj['uid'], mod_groups=self.mod_groups))\n\n def _pre_remove_target_elt(self):\n self.diff['after'] = {}\n if self.target_elt is not None:\n self.diff['before'] = self.pfsense.element_to_dict(self.target_elt)\n # Store uid for _update()\n self.obj['uid'] = self.target_elt.find('uid').text\n\n # Get current group membership\n self.diff['before']['groups'] = self._find_group_names_for_uid(self.obj['uid'])\n\n # Remove user from groups if needed\n for group in self.diff['before']['groups']:\n group_elt = self._find_group_elt(group)\n if group_elt is None:\n self.module.fail_json(msg='Group (%s) does not exist' % group)\n for member_elt in group_elt.findall('member'):\n if member_elt.text == self.obj['uid']:\n self.mod_groups.append(group)\n group_elt.remove(member_elt)\n break\n\n\ndef main():\n module = AnsibleModule(\n argument_spec=USER_ARGUMENT_SPEC,\n supports_check_mode=True)\n\n pfmodule = PFSenseUserModule(module)\n # Pass params for testing framework\n pfmodule.run(module.params)\n pfmodule.commit_changes()\n\n\nif __name__ == '__main__':\n main()\n"
},
{
"path": "plugins/modules/pfsense_vlan.py",
"content": "#!/usr/bin/python\n# -*- coding: utf-8 -*-\n\n# Copyright: (c) 2018, Orion Poplawski \n# Copyright: (c) 2018, Frederic Bor \n# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)\n\nfrom __future__ import absolute_import, division, print_function\n__metaclass__ = type\n\nANSIBLE_METADATA = {'metadata_version': '1.1',\n 'status': ['preview'],\n 'supported_by': 'community'}\n\nDOCUMENTATION = \"\"\"\n---\nmodule: pfsense_vlan\nversion_added: 0.1.0\nauthor: Frederic Bor (@f-bor)\nshort_description: Manage pfSense VLANs\ndescription:\n - Manage pfSense VLANs\nnotes:\noptions:\n vlan_id:\n description: The VLAN tag. Must be between 1 and 4094.\n required: true\n type: int\n interface:\n description: The interface on which to declare the VLAN. Friendly name (assignments) can be used.\n required: true\n type: str\n priority:\n description: 802.1Q VLAN Priority code point. Must be between 0 and 7.\n required: false\n type: int\n descr:\n description: The description of the VLAN\n default: ''\n type: str\n state:\n description: State in which to leave the VLAN\n choices: [ \"present\", \"absent\" ]\n default: present\n type: str\n\"\"\"\n\nEXAMPLES = \"\"\"\n- name: Add voice VLAN\n pfsense_vlan:\n interface: mvneta0\n vlan_id: 100\n descr: voice\n priority: 5\n state: present\n\n- name: Remove voice VLAN\n pfsense_vlan:\n interface: mvneta0\n vlan_id: 100\n state: absent\n\"\"\"\n\nRETURN = \"\"\"\ncommands:\n description: the set of commands that would be pushed to the remote device (if pfSense had a CLI)\n returned: always\n type: list\n sample: [\"create vlan 'mvneta.100', descr='voice', priority='5'\", \"update vlan 'mvneta.100', set priority='6'\", \"delete vlan 'mvneta.100'\"]\n\"\"\"\n\nfrom ansible.module_utils.basic import AnsibleModule\nfrom ansible_collections.pfsensible.core.plugins.module_utils.vlan import PFSenseVlanModule, VLAN_ARGUMENT_SPEC\n\n\ndef main():\n module = AnsibleModule(\n argument_spec=VLAN_ARGUMENT_SPEC,\n supports_check_mode=True)\n\n pfmodule = PFSenseVlanModule(module)\n pfmodule.run(module.params)\n pfmodule.commit_changes()\n\n\nif __name__ == '__main__':\n main()\n"
},
{
"path": "setup.cfg",
"content": "[pycodestyle]\nignore = E402,W503,W504,E741\nmax-line-length = 160\n"
},
{
"path": "tests/plays/README.md",
"content": "# Testing pfsensible/core with plays\n\nYou must checkout this repository into a path of the form ../ansible_collections/pfsensible/core/.\n\nThe following collection dependencies are needed:\n * ansible.utils\n\nYou will need a fresh pfSense install available as `pfsense-test` or adjust the `hosts` file as needed.\nYou need to be able to ssh to it as `root` without a password or use `--ask-pass`, which you can use\nthe configure.yml play to do.\n\nUpdate `host_vars/pfsense-test.yml` with IP addresses of your test pfSense install.\n"
},
{
"path": "tests/plays/ansible.cfg",
"content": "# config file for ansible -- https://ansible.com/\n# ===============================================\n\n[defaults]\ninventory = hosts\ncollections_path = ../../../..\nremote_user = root\n"
},
{
"path": "tests/plays/host_vars/pfsense-test.yml",
"content": "---\n# IP address of the interfaces\n# TODO - get this from ansible facts\n# \"ansible_vtnet0\": {\n# \"device\": \"vtnet0\",\n# \"ipv4\": [ { \"address\": \"192.168.122.128\",\ninterface_ips:\n wan: 192.168.122.228\n"
},
{
"path": "tests/plays/hosts",
"content": "[pfsense]\npfsense-test\n"
},
{
"path": "tests/plays/openvpn.yml",
"content": "---\n- hosts: pfsense\n vars:\n openvpn_aliases:\n TUNNEL_NET: 10.100.0.0/24\n LOCAL_NETS: 10.10.0.0/24 10.11.0.0/24\n tasks:\n - name: OpenVPN CA\n pfsensible.core.pfsense_ca:\n name: OpenVPN CA\n method: internal\n state: present\n register: openvpn\n tags:\n - openvpn\n - openvpn_ca\n\n - name: Generate new internal certificate\n pfsensible.core.pfsense_cert:\n method: internal\n name: pfsense-test\n ca: OpenVPN CA\n keytype: RSA\n keylen: 2048\n lifetime: 3650\n dn_country: US\n certtype: server\n state: present\n tags: openvpn_cert\n\n - name: Setup RADIUS\n pfsensible.core.pfsense_authserver_radius:\n name: RADIUS\n protocol: MSCHAPv2\n host: radius.example.com\n secret: item_secret\n\n - name: Setup LDAP\n pfsensible.core.pfsense_authserver_ldap:\n name: ASLDAP\n host: ldap.example.com\n transport: tcp\n authcn: CN=Users\n scope: one\n\n - set_fact:\n openvpn_psk: |-\n #\n # 2048 bit OpenVPN static key\n #\n -----BEGIN OpenVPN Static key V1-----\n f896b014f220bcf9a3023b5b68a5cd88\n 62421f044956dad4f94264211b121bcf\n 7e2f5f82e11964575a3f39af8c196931\n dd63f3ff13615363257bcaa4e46b60cd\n 93a2a73027575d0cc2ed83927af11b9f\n 1122b6acdab05bb7c9de36851470ee2b\n 3d160a0ee03e3f31d32ac018a602916b\n c8db1791029a5ab1ffd7d93ff5a91b0a\n 46050a804ff7207d46f4f61d33d09e79\n 56cd4c6748e5e5f1236f7a6770954303\n 1ef9b2154f2f3b22a5eb34079f4c1872\n 4dee88ca57ff95da93642f8e59c1bc40\n d9793cdff43848960625f3d335264f72\n 1e6c2fdd02f16e2b95b1cde182f7099b\n c32e314105631627e15e113885240ab1\n 199fbbf0ed739df6ad3617691531de43\n -----END OpenVPN Static key V1-----\n tags: always\n\n - name: Define tunnel network alias\n pfsensible.core.pfsense_alias:\n name: TUNNEL_NET\n address: \"{{ openvpn_aliases['TUNNEL_NET'] }}\"\n type: network\n tags: openvpn\n\n - name: Define local network alias\n pfsensible.core.pfsense_alias:\n name: LOCAL_NETS\n address: \"{{ openvpn_aliases['LOCAL_NETS'] }}\"\n type: network\n tags: openvpn\n\n - name: Create OpenVPN Server 1\n import_tasks: tasks/test_openvpn_server_create.yml\n vars:\n openvpn_server_args:\n name: OpenVPN Server 1\n mode: server_tls_user\n authmode:\n - RADIUS\n interface: wan\n local_port: 1194\n tls: \"{{ openvpn_psk }}\"\n tls_type: auth\n ca: OpenVPN CA\n cert: pfsense-test\n data_ciphers:\n - AES-256-GCM\n - AES-128-GCM\n - AES-256-CBC\n tunnel_network: TUNNEL_NET\n local_network: LOCAL_NETS\n compression: \"\"\n gwredir: yes\n passtos: yes\n dns_domain: example.com\n dns_server1: 10.10.10.10\n dns_server2: 10.10.10.11\n custom_options: |-\n tls-version-min 1.2;\n username_as_common_name: no\n openvpn_server_vpnid: 1\n tags: openvpn\n\n - name: Create OpenVPN Server 2\n import_tasks: tasks/test_openvpn_server_create.yml\n vars:\n openvpn_server_args:\n name: OpenVPN Server 2\n mode: server_tls_user\n authmode:\n - RADIUS\n interface: any\n local_port: 1195\n ca: OpenVPN CA\n cert: pfsense-test\n crl: OpenVPN CA CRL\n data_ciphers:\n - AES-256-GCM\n - AES-128-GCM\n - AES-256-CBC\n digest: SHA256 (256-bit)\n tunnel_network: 10.100.0.0/24\n compression: \"\"\n gwredir: no\n passtos: no\n dns_domain: example.com\n dns_server1: 10.10.10.10\n dns_server2: 10.10.10.11\n custom_options: |-\n server 10.100.1.0 255.255.255.0 'nopool';\n ifconfig-pool 10.110.1.2 10.110.1.62;\n tls-export-cert /tmp;\n tls-version-min 1.2;\n # Use manual vs redirect gateway above to add block-local\n push \"redirect-gateway def1 block-local\";\n push \"block-outside-dns\";\n push \"dhcp-option DOMAIN example.com\";\n username_as_common_name: no\n openvpn_server_vpnid: 2\n tags: openvpn\n\n - name: Create OpenVPN Server 3\n import_tasks: tasks/test_openvpn_server_create.yml\n vars:\n openvpn_server_args:\n name: OpenVPN Server 3\n mode: p2p_shared_key\n interface: wan\n local_port: 1196\n shared_key: \"{{ openvpn_psk }}\"\n tunnel_network: 10.1.0.1/28\n remote_network: 10.20.0.0/24\n compression: \"\"\n digest: RIPEMD160\n passtos: yes\n custom_options: ping-restart 0\n verbosity_level: 3\n openvpn_server_vpnid: 3\n tags:\n - openvpn\n - openvpn_psk\n\n - name: Create OpenVPN Server generate\n import_tasks: tasks/test_openvpn_server_create.yml\n vars:\n openvpn_server_args:\n name: OpenVPN Server generate\n mode: server_tls_user\n authmode:\n - RADIUS\n interface: wan\n local_port: 1197\n tls: generate\n tls_type: auth\n ca: OpenVPN CA\n cert: pfsense-test\n data_ciphers:\n - AES-256-GCM\n - AES-128-GCM\n - AES-256-CBC\n tunnel_network: 10.100.1.0/24\n compression: \"\"\n gwredir: yes\n passtos: yes\n dns_domain: example.com\n dns_server1: 10.10.10.10\n dns_server2: 10.10.10.11\n custom_options: |-\n tls-version-min 1.2;\n username_as_common_name: no\n openvpn_server_vpnid: 4\n tags:\n - openvpn\n - openvpn_generate\n\n - name: Create OpenVPN override vpnuser\n import_tasks: tasks/test_openvpn_override_create.yml\n vars:\n openvpn_override_args:\n name: vpnuser\n server_list:\n - OpenVPN Server 1\n custom_options: ifconfig-push 10.100.0.100 255.255.255.0\n state: present\n openvpn_override_vpnids:\n - 1\n tags:\n - openvpn\n - openvpn_override\n\n - name: Create VPN1 interface\n import_tasks: tasks/test_interface_create.yml\n vars:\n interface_args:\n interface: ovpns1\n descr: VPN1\n enable: yes\n interface_ifname: opt1\n tags:\n - openvpn\n - openvpn_interface\n\n - name: Create VPN2 interface\n import_tasks: tasks/test_interface_create.yml\n vars:\n interface_args:\n interface: ovpns2\n descr: VPN2\n enable: yes\n interface_ifname: opt2\n tags:\n - openvpn\n - openvpn_interface\n\n - name: Create VPN3 interface\n import_tasks: tasks/test_interface_create.yml\n vars:\n interface_args:\n interface: ovpns3\n descr: VPN3\n enable: yes\n interface_ifname: opt3\n tags:\n - openvpn\n - openvpn_interface\n\n - set_fact:\n ifname_map:\n opt1: ovpns1\n opt2: ovpns2\n opt3: ovpns3\n tags:\n - openvpn\n - openvpn_interface\n - openvpn_interface_group\n\n - name: Create VPN interface group\n import_tasks: tasks/test_interface_group_create.yml\n vars:\n interface_group_args:\n name: VPN\n members:\n - VPN1\n - VPN2\n - VPN3\n interface_group_member_ifnames:\n - opt1\n - opt2\n - opt3\n tags:\n - openvpn\n - openvpn_interface\n\n - name: Delete OpenVPN override vpnuser\n import_tasks: tasks/test_openvpn_override_delete.yml\n vars:\n openvpn_override_args:\n name: vpnuser\n tags:\n - openvpn\n - openvpn_override\n\n - name: Delete VPN1 interfce (fails)\n pfsensible.core.pfsense_interface:\n descr: VPN1\n state: absent\n register: interface\n failed_when: interface.msg != \"The interface is part of the group VPN. Please remove it from the group first.\"\n tags:\n - openvpn\n - openvpn_interface_delete\n\n - name: Delete OpenVPN Server 1 (fails)\n pfsensible.core.pfsense_openvpn_server:\n name: OpenVPN Server 1\n state: absent\n tags:\n - openvpn\n - openvpn_delete\n register: openvpn_server\n failed_when: openvpn_server.msg != \"Cannot delete the OpenVPN instance while the interface ovpns1 is assigned. Remove the interface assignment first.\"\n\n - name: Delete VPN interface_group\n pfsensible.core.pfsense_interface_group:\n name: VPN\n state: absent\n tags:\n - openvpn\n - openvpn_interface_delete\n\n - name: Delete VPN1 interfce\n pfsensible.core.pfsense_interface:\n descr: VPN1\n state: absent\n register: interface\n tags:\n - openvpn\n - openvpn_interface_delete\n\n - name: Delete OpenVPN Server 1\n import_tasks: tasks/test_openvpn_server_delete.yml\n vars:\n openvpn_server_args:\n name: OpenVPN Server 1\n openvpn_server_vpnid: 1\n tags:\n - openvpn\n - openvpn_delete\n\n - name: Delete VPN2 interfce\n pfsensible.core.pfsense_interface:\n descr: VPN2\n state: absent\n register: interface\n tags:\n - openvpn\n - openvpn_interface_delete\n\n - name: Delete OpenVPN Server 2\n import_tasks: tasks/test_openvpn_server_delete.yml\n vars:\n openvpn_server_args:\n name: OpenVPN Server 2\n openvpn_server_vpnid: 2\n tags:\n - openvpn\n - openvpn_delete\n\n - name: Delete VPN3 interfce\n pfsensible.core.pfsense_interface:\n descr: VPN3\n state: absent\n register: interface\n tags:\n - openvpn\n - openvpn_interface_delete\n\n - name: Delete OpenVPN Server 3\n import_tasks: tasks/test_openvpn_server_delete.yml\n vars:\n openvpn_server_args:\n name: OpenVPN Server 3\n openvpn_server_vpnid: 3\n tags:\n - openvpn\n - openvpn_delete\n\n - name: Delete OpenVPN Server generate\n import_tasks: tasks/test_openvpn_server_delete.yml\n vars:\n openvpn_server_args:\n name: OpenVPN Server generate\n openvpn_server_vpnid: 4\n tags:\n - openvpn\n - openvpn_delete\n"
},
{
"path": "tests/plays/tasks/test_interface_create.yml",
"content": "---\n - name: \"Define interface {{ interface_args.descr }}\"\n pfsensible.core.pfsense_interface: \"{{ interface_args }}\"\n register: interface\n\n - fail:\n msg: Interface ifname {{ interface.ifname }} does not match expected value {{ interface_ifname }}\n when: interface.ifname != interface_ifname\n\n - name: Get interface configuration for {{ interface_args.interface }}\n command: /sbin/ifconfig {{ interface_args.interface }}\n changed_when: no\n register: ifconfig\n\n - name: Get interface description\n set_fact:\n if_description: \"{{ ifconfig.stdout_lines | select('search', 'description:') | map('regex_replace', '^\\\\s*description:\\\\s*', '') | first }}\"\n\n - fail:\n msg: \"Unexpected interface description found: {{ if_description }} != {{ interface_args.descr }}\"\n when: if_description != interface_args.descr\n"
},
{
"path": "tests/plays/tasks/test_interface_group_create.yml",
"content": "---\n - name: \"Define interface group {{ interface_group_args.name }}\"\n pfsensible.core.pfsense_interface_group: \"{{ interface_group_args }}\"\n register: interface_group\n\n - fail:\n msg: Interface group member ifnames {{ interface_group.member_ifnames|join(',') }} does not match expected value {{ interface_groug_member_ifnames|join(',') }}\n when: interface_group.member_ifnames | difference(interface_group_member_ifnames) | length > 1\n\n - include_tasks: tasks/test_interface_group_ifconfig_groups.yml\n vars:\n name: \"{{ interface_group_args.name }}\"\n loop_control:\n loop_var: ifname\n loop: \"{{ interface_group.member_ifnames }}\"\n"
},
{
"path": "tests/plays/tasks/test_interface_group_ifconfig_groups.yml",
"content": "---\n - command: /sbin/ifconfig {{ ifname_map[ifname] }}\n changed_when: no\n register: ifconfig\n\n - set_fact:\n if_groups_line: \"{{ ifconfig.stdout_lines | select('search', 'groups:') | map('regex_replace', '^\\\\s*groups:\\\\s*', '') | first }}\"\n\n - set_fact:\n if_groups: \"{{ if_groups_line.split(' ') }}\"\n\n - fail:\n msg: \"Group name {{ name }} not found in {{ ifname_map[ifname] }} groups: {{ if_groups | join(' ') }}\"\n when: name is not in if_groups\n"
},
{
"path": "tests/plays/tasks/test_openvpn_override_create.yml",
"content": "---\n - name: \"Define openvpn override {{ openvpn_override_args.name }}\"\n pfsensible.core.pfsense_openvpn_override: \"{{ openvpn_override_args }}\"\n register: openvpn_override\n tags: openvpn\n\n - fail:\n msg: OpenVPN override vpnids {{ openvpn_override.vpnids|join(',') }} does not match expected value {{ openvpn_override_vpnids|join(',') }}\n when: openvpn_override.vpnids | difference(openvpn_override_vpnids) | length > 1\n\n - include_tasks: tasks/test_openvpn_override_file_exists.yml\n loop_control:\n loop_var: vpnid\n loop: \"{{ openvpn_override.vpnids }}\"\n\n - set_fact:\n expected_csc_files: \"{{ openvpn_override.vpnids | map('regex_replace', '(.+)', '/var/etc/openvpn/server\\\\1/csc/' + openvpn_override_args.name) | list }}\"\n\n - find:\n paths: /var/etc/openvpn\n patterns: csc\n recurse: yes\n depth: 2\n file_type: directory\n register: csc_dirs\n\n - find:\n paths: \"{{ csc_dirs.files | map(attribute='path') | list }}\"\n patterns: \"{{ openvpn_override_args.name }}\"\n file_type: file\n register: csc_files\n\n - fail:\n msg: \"Unexpected override files found: {{ csc_files.files | map(attribute='path') | difference(expected_csc_files) | join(',') }}\"\n when: \"csc_files.files | map(attribute='path') | difference(expected_csc_files) | length > 0\"\n"
},
{
"path": "tests/plays/tasks/test_openvpn_override_delete.yml",
"content": "---\n - name: \"Remove openvpn override {{ openvpn_override_args.name }}\"\n pfsensible.core.pfsense_openvpn_override:\n name: \"{{ openvpn_override_args.name }}\"\n state: absent\n register: openvpn_override\n tags: openvpn\n\n - find:\n paths: /var/etc/openvpn\n patterns: csc\n recurse: yes\n depth: 2\n file_type: directory\n register: csc_dirs\n\n - find:\n paths: \"{{ csc_dirs.files | map(attribute='path') | list }}\"\n patterns: \"{{ openvpn_override_args.name }}\"\n file_type: file\n register: csc_files\n\n - fail:\n msg: \"Unexpected override files found: {{ csc_files.files | map(attribute='path') | join(',') }}\"\n when: \"(csc_files.files | map(attribute='path') | list | length) > 0\"\n"
},
{
"path": "tests/plays/tasks/test_openvpn_override_file_exists.yml",
"content": "---\n - wait_for:\n path: \"/var/etc/openvpn/server{{ vpnid }}/csc/{{ openvpn_override_args.name }}\"\n\n - slurp:\n src: \"/var/etc/openvpn/server{{ vpnid }}/csc/{{ openvpn_override_args.name }}\"\n register: openvpn_config_file\n\n - debug: msg=\"{{ openvpn_config_file['content'] | b64decode }}\"\n\n - template:\n src: openvpn-override.j2\n dest: /var/etc/openvpn/server{{ vpnid }}/csc/{{ openvpn_override_args.name }}\n owner: nobody\n group: nobody\n mode: 0644\n check_mode: yes\n register: config\n\n - fail:\n msg: OpenVPN config files differ\n when: config.changed\n"
},
{
"path": "tests/plays/tasks/test_openvpn_server_create.yml",
"content": "---\n - name: \"Define openvpn server {{ openvpn_server_args.name }}\"\n pfsensible.core.pfsense_openvpn_server: \"{{ openvpn_server_args }}\"\n register: openvpn_server\n tags: openvpn\n\n - fail:\n msg: OpenVPN server vpnid {{ openvpn_server.vpnid }} does not match expected value {{ openvpn_server_vpnid }}\n when: openvpn_server.vpnid != openvpn_server_vpnid\n\n - wait_for:\n path: \"/var/etc/openvpn/server{{ openvpn_server.vpnid }}/config.ovpn\"\n\n - name: Retrieve config.ovpn\n slurp:\n src: \"/var/etc/openvpn/server{{ openvpn_server.vpnid }}/config.ovpn\"\n register: openvpn_config_file\n\n - name: Contents of config.ovpn\n debug: msg=\"{{ openvpn_config_file['content'] | b64decode }}\"\n\n - name: Check if config.ovpn matches expected content\n template:\n src: openvpn-server-config.ovpn.j2\n dest: /var/etc/openvpn/server{{ openvpn_server.vpnid }}/config.ovpn\n owner: root\n group: wheel\n mode: 0600\n check_mode: true\n diff: true\n register: config\n\n - fail:\n msg: OpenVPN config files differ\n when: config.changed\n\n # TODO - Use community.general.pids with pattern (need version 3.0.0)\n - name: Check if openvpn server is running\n shell: \"ps xo command | grep '/openvpn --config /var/etc/openvpn/server{{ openvpn_server.vpnid }}/config.ovpn' | grep -v grep\"\n register: openvpn_server_process\n ignore_errors: true\n changed_when: false\n\n - fail:\n msg: OpenVPN server process is not running\n when:\n - openvpn_server_args.disable is not defined or not openvpn_server_args.disable\n - openvpn_server_process.stdout_lines | length != 1\n\n - fail:\n msg: OpenVPN server process is running\n when:\n - openvpn_server_args.disable is defined and openvpn_server_args.disable\n - openvpn_server_process.stdout_lines | length != 0\n"
},
{
"path": "tests/plays/tasks/test_openvpn_server_delete.yml",
"content": "---\n - name: \"Remove openvpn server {{ openvpn_server_args.name }}\"\n pfsensible.core.pfsense_openvpn_server:\n name: \"{{ openvpn_server_args.name }}\"\n state: absent\n register: openvpn_server\n\n - fail:\n msg: OpenVPN server vpnid {{ openvpn_server.vpnid }} does not match expected value {{ openvpn_server_vpnid }}\n when: openvpn_server.vpnid != openvpn_server_vpnid\n\n - name: Wait for config.ovpn to be removed\n wait_for:\n path: \"/var/etc/openvpn/server{{ openvpn_server.vpnid }}/config.ovpn\"\n state: absent\n\n # TODO - Use community.general.pids with pattern (need version 3.0.0)\n - name: Check for running openvpn server\n shell: \"ps xo command | grep '/openvpn --config /var/etc/openvpn/server{{ openvpn_server.vpnid }}/config.ovpn' | grep -v grep\"\n ignore_errors: yes\n register: openvpn_server_process\n changed_when: no\n\n - fail:\n msg: OpenVPN server process is still running\n when: openvpn_server_process.stdout_lines | length != 0\n"
},
{
"path": "tests/plays/templates/openvpn-override.j2",
"content": "{% if openvpn_override_args.tunnel_network is defined %}\nifconfig {{ openvpn_override_args.tunnel_network | ansible.utils.nthhost(1) }} {{ openvpn_override_args.tunnel_network | ansible.utils.nthhost(2) }}\n{% endif %}\n{% if openvpn_override_args.remote_network is defined %}\nroute {{ openvpn_override_args.remote_network | ansible.utils.ipaddr('network') }} {{ openvpn_override_args.remote_network | ansible.utils.ipaddr('netmask') }}\n{% endif %}\n{% if openvpn_override_args.gwredir is defined and openvpn_override_args.gwredir %}\npush \"redirect-gateway def1\"\n{% endif %}\n{% if openvpn_override_args.custom_options is defined %}\n{{ openvpn_override_args.custom_options | replace(';','\\n') }}\n{% endif %}\n"
},
{
"path": "tests/plays/templates/openvpn-server-config.ovpn.j2",
"content": "dev ovpns{{ openvpn_server.vpnid }}\nverb {{ openvpn_server_args.verbosity_level if openvpn_server_args.verbosity_level is defined else '1' }}\ndev-type tun\ndev-node /dev/tun{{ openvpn_server.vpnid }}\nwritepid /var/run/openvpn_server{{ openvpn_server.vpnid }}.pid\n#user nobody\n#group nobody\nscript-security 3\ndaemon\nkeepalive 10 60\nping-timer-rem\npersist-tun\npersist-key\nproto udp4\nauth {{ openvpn_server_args.digest | default('SHA256') | regex_replace(' \\(.*\\)', '') }}\nup /usr/local/sbin/ovpn-linkup\ndown /usr/local/sbin/ovpn-linkdown\n{% if 'user' in openvpn_server_args.mode %}\nclient-connect /usr/local/sbin/openvpn.attributes.sh\nclient-disconnect /usr/local/sbin/openvpn.attributes.sh\n{% endif %}\n{% if openvpn_server_args.interface == 'any' %}\nmultihome\n{% else %}\nlocal {{ interface_ips[openvpn_server_args.interface] }}\n{% endif %}\n{% if 'tls' in openvpn_server_args.mode %}\ntls-server\n{% endif %}\n{% if openvpn_server_args.tunnel_network in openvpn_aliases %}\n{% set tunnel_network = openvpn_aliases[openvpn_server_args.tunnel_network] %}\n{% else %}\n{% set tunnel_network = openvpn_server_args.tunnel_network %}\n{% endif %}\n{% if 'p2p' in openvpn_server_args.mode %}\nifconfig {{ tunnel_network | ansible.utils.nthhost(1) }} {{ tunnel_network | ansible.utils.nthhost(2) }}\n{% else %}\nserver {{ tunnel_network | ansible.utils.ipaddr('network') }} {{ tunnel_network | ansible.utils.ipaddr('netmask') }}\n{% endif %}\n{% if 'user' in openvpn_server_args.mode %}\nclient-config-dir /var/etc/openvpn/server{{ openvpn_server.vpnid }}/csc\n{% endif %}\n{% if openvpn_server_args.username_as_common_name is defined and openvpn_server_args.username_as_common_name %}\nusername-as-common-name\n{% endif %}\n{% if 'user' in openvpn_server_args.mode %}\nplugin /usr/local/lib/openvpn/plugins/openvpn-plugin-auth-script.so /usr/local/sbin/ovpn_auth_verify_async user {{ openvpn_server_args.authmode | join(',') | b64encode }} false server{{ openvpn_server.vpnid }} {{ openvpn_server_args.local_port }}\n{% endif %}\n{% if 'tls' in openvpn_server_args.mode %}\ntls-verify \"/usr/local/sbin/ovpn_auth_verify tls 'pfsense-test' 1\"\n{% endif %}\nlport {{ openvpn_server_args.local_port }}\nmanagement /var/etc/openvpn/server{{ openvpn_server.vpnid }}/sock unix\n{% if 'user' in openvpn_server_args.mode %}\npush \"dhcp-option DOMAIN {{ openvpn_server_args.dns_domain }}\"\npush \"dhcp-option DNS {{ openvpn_server_args.dns_server1 }}\"\npush \"dhcp-option DNS {{ openvpn_server_args.dns_server2 }}\"\n{% endif %}\n{% if openvpn_server_args.remote_network is defined %}\nroute {{ openvpn_server_args.remote_network | ansible.utils.ipaddr('network') }} {{ openvpn_server_args.remote_network | ansible.utils.ipaddr('netmask') }}\n{% endif %}\n{% if 'shared_key' in openvpn_server_args.mode %}\nsecret /var/etc/openvpn/server{{ openvpn_server.vpnid }}/secret \n{% endif %}\n{% if openvpn_server_args.gwredir is defined and openvpn_server_args.gwredir %}\npush \"redirect-gateway def1\"\n{% endif %}\n{% if 'tls' in openvpn_server_args.mode %}\ncapath /var/etc/openvpn/server{{ openvpn_server.vpnid }}/ca\ncert /var/etc/openvpn/server{{ openvpn_server.vpnid }}/cert \nkey /var/etc/openvpn/server{{ openvpn_server.vpnid }}/key \ndh /etc/dh-parameters.2048\n{% if openvpn_server_args.tls is defined %}\ntls-auth /var/etc/openvpn/server{{ openvpn_server.vpnid }}/tls-auth 0\n{% endif %}\n{% endif %}\n{% if 'p2p' in openvpn_server_args.mode %}\ncipher {{ openvpn_server_args.data_ciphers_fallback if openvpn_server_args.data_ciphers_fallback is defined else 'AES-256-CBC' }}\n{% else %}\ndata-ciphers {{ openvpn_server_args.data_ciphers | join(':') if openvpn_server_args.data_ciphers is defined else 'AES-256-GCM:AES-128-GCM:CHACHA20-POLY1305:AES-256-CBC' }}\ndata-ciphers-fallback {{ openvpn_server_args.data_ciphers_fallback if openvpn_server_args.data_ciphers_fallback is defined else 'AES-256-CBC' }}\n{% endif %}\nallow-compression no\n{% if openvpn_server_args.passtos %}\npasstos\n{% endif %}\n{% if 'user' in openvpn_server_args.mode %}\ntopology subnet\n{% endif %}\n{% if openvpn_server_args.custom_options is defined %}\n{{ openvpn_server_args.custom_options | replace(';','\\n') }}\n{% endif %}\n"
},
{
"path": "tests/sanity/ignore-2.14.txt",
"content": "misc/pfsensible-generate-module shebang # This is not a module\nmisc/pfsense_module.py.j2 shebang # This is not a module\nplugins/modules/pfsense_cert.py validate-modules:no-log-needed # Argument 'keylen' is not sensitive\nplugins/modules/pfsense_dhcp_static.py validate-modules:no-log-needed # Arguments 'ddnsdomainkeyname' and 'ddnsdomainkeyalgorithm' are not sensitive\nplugins/modules/pfsense_ipsec.py validate-modules:no-log-needed # Argument 'rekey_time' is not sensitive\nplugins/modules/pfsense_ipsec_aggregate.py validate-modules:no-log-needed # Argument 'rekey_time' is not sensitive\nplugins/modules/pfsense_user.py validate-modules:no-log-needed # Argument 'authorizedkeys' is not sensitive\ntests/unit/plugins/modules/test_pfsense_dns_resolver.py pep8:E101 # inline noqa is not working\ntests/unit/plugins/modules/test_pfsense_dns_resolver.py pep8:W191 # inline noqa is not working\n"
},
{
"path": "tests/sanity/ignore-2.15.txt",
"content": "misc/pfsensible-generate-module shebang # This is not a module\nmisc/pfsense_module.py.j2 shebang # This is not a module\nplugins/modules/pfsense_cert.py validate-modules:no-log-needed # Argument 'keylen' is not sensitive\nplugins/modules/pfsense_dhcp_static.py validate-modules:no-log-needed # Arguments 'ddnsdomainkeyname' and 'ddnsdomainkeyalgorithm' are not sensitive\nplugins/modules/pfsense_ipsec.py validate-modules:no-log-needed # Argument 'rekey_time' is not sensitive\nplugins/modules/pfsense_ipsec_aggregate.py validate-modules:no-log-needed # Argument 'rekey_time' is not sensitive\nplugins/modules/pfsense_user.py validate-modules:no-log-needed # Argument 'authorizedkeys' is not sensitive\ntests/unit/plugins/modules/test_pfsense_dns_resolver.py pep8:E101 # inline noqa is not working\ntests/unit/plugins/modules/test_pfsense_dns_resolver.py pep8:W191 # inline noqa is not working\n"
},
{
"path": "tests/sanity/ignore-2.16.txt",
"content": "misc/pfsensible-generate-module shebang # This is not a module\nmisc/pfsense_module.py.j2 shebang # This is not a module\nplugins/modules/pfsense_cert.py validate-modules:no-log-needed # Argument 'keylen' is not sensitive\nplugins/modules/pfsense_dhcp_static.py validate-modules:no-log-needed # Arguments 'ddnsdomainkeyname' and 'ddnsdomainkeyalgorithm' are not sensitive\nplugins/modules/pfsense_ipsec.py validate-modules:no-log-needed # Argument 'rekey_time' is not sensitive\nplugins/modules/pfsense_ipsec_aggregate.py validate-modules:no-log-needed # Argument 'rekey_time' is not sensitive\nplugins/modules/pfsense_user.py validate-modules:no-log-needed # Argument 'authorizedkeys' is not sensitive\ntests/unit/plugins/modules/test_pfsense_dns_resolver.py pep8:E101 # inline noqa is not working\ntests/unit/plugins/modules/test_pfsense_dns_resolver.py pep8:W191 # inline noqa is not working\n"
},
{
"path": "tests/sanity/ignore-2.17.txt",
"content": "misc/pfsensible-generate-module shebang # This is not a module\nmisc/pfsense_module.py.j2 shebang # This is not a module\nplugins/modules/pfsense_cert.py validate-modules:no-log-needed # Argument 'keylen' is not sensitive\nplugins/modules/pfsense_dhcp_static.py validate-modules:no-log-needed # Arguments 'ddnsdomainkeyname' and 'ddnsdomainkeyalgorithm' are not sensitive\nplugins/modules/pfsense_ipsec.py validate-modules:no-log-needed # Argument 'rekey_time' is not sensitive\nplugins/modules/pfsense_ipsec_aggregate.py validate-modules:no-log-needed # Argument 'rekey_time' is not sensitive\nplugins/modules/pfsense_user.py validate-modules:no-log-needed # Argument 'authorizedkeys' is not sensitive\ntests/unit/plugins/modules/test_pfsense_dns_resolver.py pep8:E101 # inline noqa is not working\ntests/unit/plugins/modules/test_pfsense_dns_resolver.py pep8:W191 # inline noqa is not working\n"
},
{
"path": "tests/unit/plugins/lookup/test_pfsense.py",
"content": "# Copyright: (c) 2020, Frederic Bor \n# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)\n\nfrom __future__ import (absolute_import, division, print_function)\n__metaclass__ = type\n\nfrom collections import OrderedDict\nimport yaml\nfrom ansible_collections.community.internal_test_tools.tests.unit.compat.mock import patch\nfrom ansible.plugins.loader import lookup_loader\nfrom ansible_collections.community.internal_test_tools.tests.unit.plugins.modules.utils import ModuleTestCase\n\n\ndef ordered_dump(data, dumper_cls=yaml.Dumper):\n \"\"\" dump and return yaml string from data using ordered dicts \"\"\"\n\n class OrderedDumper(dumper_cls):\n pass\n\n def dict_representer(dumper, data):\n return dumper.represent_dict(data.items())\n\n OrderedDumper.add_representer(OrderedDict, dict_representer)\n return yaml.dump(data, Dumper=OrderedDumper)\n\n\nclass TestPFSenseLookup(ModuleTestCase):\n ##############################\n # init\n #\n def __init__(self, *args, **kwargs):\n super(TestPFSenseLookup, self).__init__(*args, **kwargs)\n self.rules = None\n\n self.definitions = None\n\n self.interfaces = None\n\n def setUp(self):\n \"\"\" mocking up \"\"\"\n super(TestPFSenseLookup, self).setUp()\n\n self.build_definitions()\n\n self.mock_get_hostname = patch('ansible_collections.pfsensible.core.plugins.lookup.pfsense.LookupModule.get_hostname')\n get_hostname = self.mock_get_hostname.start()\n get_hostname.return_value = ('pf_test1')\n\n self.mock_get_definitions = patch('ansible_collections.pfsensible.core.plugins.lookup.pfsense.LookupModule.get_definitions')\n self.get_definitions = self.mock_get_definitions.start()\n self.get_definitions.return_value = self.definitions\n\n def tearDown(self):\n \"\"\" mocking down \"\"\"\n super(TestPFSenseLookup, self).tearDown()\n self.mock_get_hostname.stop()\n self.mock_get_definitions.stop()\n\n def build_definitions(self):\n \"\"\" build definitions base for tests \"\"\"\n self.definitions = OrderedDict()\n self.definitions['hosts_aliases'] = OrderedDict()\n self.definitions['ports_aliases'] = OrderedDict()\n self.definitions['rules'] = OrderedDict()\n self.definitions['pfsenses'] = OrderedDict()\n self.definitions['pfsenses']['pf_test1'] = OrderedDict()\n self.definitions['pfsenses']['pf_test1'] = OrderedDict()\n self.definitions['pfsenses']['pf_test1']['interfaces'] = OrderedDict()\n\n self.interfaces = dict(\n WAN=dict(remote_networks='0.0.0.0/0'),\n LANA=dict(base='10.20.30.x', remote_base='10.120.x', adjacent_base='10.220.x'),\n LANB=dict(base='10.20.40.x', remote_base='10.130.x', adjacent_base='10.230.x'),\n )\n\n for name, defs in self.interfaces.items():\n self.definitions['pfsenses']['pf_test1']['interfaces'][name] = OrderedDict()\n if 'base' in defs:\n self.definitions['pfsenses']['pf_test1']['interfaces'][name]['ip'] = defs['base'].replace('x', '1/24')\n for param in ['remote_networks', 'adjacent_networks']:\n if param in defs:\n self.definitions['pfsenses']['pf_test1']['interfaces'][name][param] = defs[param]\n if 'remote_base' in defs:\n self.definitions['pfsenses']['pf_test1']['interfaces'][name]['remote_networks'] = defs['remote_base'].replace('x', '0.0/16')\n if 'adjacent_base' in defs:\n self.definitions['pfsenses']['pf_test1']['interfaces'][name]['adjacent_networks'] = defs['adjacent_base'].replace('x', '0.0/16')\n\n def save_definitions(self, filename='test_definitions.yml'):\n \"\"\" save generated definitions to file for debbuging \"\"\"\n with open(filename, 'w') as outfile:\n outfile.write(ordered_dump(self.definitions))\n\n def run_rules(self):\n \"\"\" run the plugin for rules \"\"\"\n pfsense_lookup = lookup_loader.get('pfsensible.core.pfsense')\n self.rules = pfsense_lookup.run(['dummy.yml', 'rules'], {})[0]\n\n def assert_get_rule(self, rule_name, count=1):\n \"\"\" check that rule_name is defined \"\"\"\n rules = []\n for rule in self.rules:\n if rule['name'] == rule_name:\n rules.append(rule)\n\n if count == 1 and len(rules) == 0:\n self.fail('{0} not found'.format(rule_name))\n if count == 1 and len(rules) > 1:\n self.fail('Multiples {0} found: {1}'.format(rule_name, rules))\n self.assertEqual(len(rules), count)\n if count == 1:\n return rules[0]\n return rules\n\n def assert_rule_not_found(self, rule_name):\n \"\"\" check that rule_name is not defined \"\"\"\n for rule in self.rules:\n if rule['name'] == rule_name:\n self.fail('{0} found'.format(rule_name))\n\n @staticmethod\n def add_missing_fields(expected_rule, rule):\n \"\"\" add missing generated field with default values \"\"\"\n for param in ['ackqueue', 'gateway', 'icmptype', 'in_queue', 'out_queue', 'queue', 'log', 'sched']:\n if param not in expected_rule and param in rule:\n expected_rule[param] = None\n\n if 'action' not in expected_rule:\n expected_rule['action'] = 'pass'\n\n if 'state' not in expected_rule:\n expected_rule['state'] = 'present'\n\n @staticmethod\n def correct_aliases(expected_rule):\n \"\"\" we correct IP values with interface names \"\"\"\n translations = {\n '10.20.30.1': 'IP:LANA',\n # '10.20.30.3': 'IP:LANB',\n }\n for field in ['source', 'destination']:\n if expected_rule[field] in translations:\n expected_rule[field] = translations[expected_rule[field]]\n\n def compare_rules(self, expected_rule, rule):\n \"\"\" compare rule with the expected result \"\"\"\n if 'after' in rule:\n del rule['after']\n self.add_missing_fields(expected_rule, rule)\n self.correct_aliases(expected_rule)\n self.assertEqual(expected_rule, rule)\n\n def gen_rule(self, src, dst, interface, action):\n \"\"\" generate rule definition according parameters \"\"\"\n rule = OrderedDict()\n rule['protocol'] = 'any'\n rule['name'] = src + '_' + dst + '_' + interface + '_' + action\n if src == 'l':\n rule['src'] = self.interfaces['LANA']['base'].replace('x', '2')\n elif src == 's':\n rule['src'] = self.interfaces['LANA']['base'].replace('x', '1')\n elif src == 'r':\n rule['src'] = self.interfaces['LANA']['remote_base'].replace('x', '30.30')\n elif src == 'a':\n rule['src'] = self.interfaces['LANA']['adjacent_base'].replace('x', '30.30')\n\n if interface == 's':\n if dst == 'l':\n rule['dst'] = self.interfaces['LANA']['base'].replace('x', '3')\n elif dst == 's':\n rule['dst'] = self.interfaces['LANA']['base'].replace('x', '1')\n elif dst == 'r':\n rule['dst'] = self.interfaces['LANA']['remote_base'].replace('x', '30.40')\n elif dst == 'a':\n rule['dst'] = self.interfaces['LANA']['adjacent_base'].replace('x', '30.40')\n else:\n if dst == 'l':\n rule['dst'] = self.interfaces['LANB']['base'].replace('x', '3')\n elif dst == 's':\n rule['dst'] = self.interfaces['LANB']['base'].replace('x', '1')\n elif dst == 'r':\n rule['dst'] = self.interfaces['LANB']['remote_base'].replace('x', '30.40')\n elif dst == 'a':\n rule['dst'] = self.interfaces['LANB']['adjacent_base'].replace('x', '30.40')\n\n if action == 'p':\n rule['action'] = 'pass'\n elif action == 'dr':\n rule['action'] = 'drop'\n elif action == 'dn':\n rule['action'] = 'deny'\n return rule\n\n def test_basic_generation(self):\n \"\"\" test simple rules generatation for verifying that remote to remote rules are not generated and almost everything else is \"\"\"\n expected_rules = list()\n not_expected_rules = list()\n rules = self.definitions['rules']\n # we want to generate some rules to check\n # l => local, r => remote, a => adjacent, s => self\n # s => same interface, o => other interface\n # p => pass, dr => drop, dn => deny\n for src in ['l', 'r', 'a', 's']:\n for dst in ['l', 'r', 'a', 's']:\n for interface in ['s', 'o']:\n for action in ['p', 'dr', 'dn']:\n rule = self.gen_rule(src, dst, interface, action)\n rules[rule['name']] = rule\n\n generated_rule = dict(\n name=rule['name'],\n interface='LANA',\n source=rule['src'],\n destination=rule['dst'],\n protocol='any',\n action=rule['action']\n )\n\n # we won't generate remote to remote rules or local to local on the same interface if the traffic is allowed\n # when the traffic is denied or dropped, we consider for now that every rule should be generated, even if it's seems dumb\n if rule['name'] in ['r_r_s_p', 'r_r_o_p', 'l_l_s_p']:\n not_expected_rules.append(generated_rule)\n else:\n expected_rules.append(generated_rule)\n del rule['name']\n\n self.run_rules()\n for expected_rule in expected_rules:\n rule = self.assert_get_rule(expected_rule['name'])\n self.compare_rules(expected_rule, rule)\n\n for rule in not_expected_rules:\n self.assert_rule_not_found(rule['name'])\n"
},
{
"path": "tests/unit/plugins/module_utils/fixtures/pfsense_setup_config.xml",
"content": "\n\t18.9 \n\t\n\t\tnormal \n\t\tpfSense \n\t\tacme.com \n\t\t\n\t\t\tall \n\t\t\tAll Users \n\t\t\tsystem \n\t\t\t1998 \n\t\t \n\t\t\n\t\t\tadmins \n\t\t\tSystem Administrators \n\t\t\tsystem \n\t\t\t1999 \n\t\t\t0 \n\t\t\tpage-all \n\t\t \n\t\t\n\t\t\tsystem \n\t\t\ttest \n\t\t\t \n\t\t\n\t\t\tsystem \n\t\t\tgroupe1 \n\t\t\t \n\t\t\n\t\t\tsystem \n\t\t\tgroupe2 \n\t\t\t \n\t\t\n\t\t\tadmin \n\t\t\tSystem Administrator \n\t\t\tsystem \n\t\t\tadmins \n\t\t\t$2y$10$AMCpA.Z.RNaferLp1yzFq.BvaGgfqaJKtQug7OErbocyNagsEK6xW \n\t\t\t0 \n\t\t\tuser-shell-access \n\t\t\t2 \n\t\t\tpfSense.css \n\t\t \n\t\t2000 \n\t\t2000 \n\t\t0.pfsense.pool.ntp.org \n\t\t\n\t\t\thttp \n\t\t\t5c00e5f9029df \n\t\t\t2 \n\t\t \n\t\tyes \n\t\t400000 \n\t\thadp \n\t\thadp \n\t\thadp \n\t\t\n\t\t\tmonthly \n\t\t \n\t\t\n\t\t\tenabled \n\t\t \n\t\tEtc/UTC \n\t \n\t\n\t\t\n\t\t\tvmx0 \n\t\t\twan \n\t\t\t192.168.240.137 \n\t\t\t32 \n\t\t\tSavedCfg \n\t\t\t24 \n\t\t\t \n\t\t\n\t\t\tvmx1 \n\t\t\tlan \n\t\t\t192.168.1.242 \n\t\t\t24 \n\t\t\t2001::2001:22 \n\t\t\t64 \n\t\t\t \n\t\t\n\t\t\tvmx2 \n\t\t\tvpn \n\t\t\t10.0.0.1 \n\t\t\t24 \n\t\t \n\t\t\n\t\t\tvmx3 \n\t\t\tvt1 \n\t\t\t \n\t\t\n\t\t\tlan_1100 \n\t\t\tvmx1.1100 \n\t\t\t172.16.151.210 \n\t\t\t24 \n\t\t \n\t\t\n\t\t\tvmx4 \n\t\t\tvt2 \n\t\t\tdhcp \n\t\t\t \n\t \n\t\n\t\t\n\t\t\t\n\t\t\t\t192.168.1.100 \n\t\t\t\t192.168.1.199 \n\t\t\t \n\t\t \n\t \n\t\n\t\t\n\t\t\t\n\t\t\t\t::1000 \n\t\t\t\t::2000 \n\t\t\t \n\t\t\tassist \n\t\t\tmedium \n\t\t \n\t \n\t\n\t\tpublic \n\t \n\t\n\t\t\n\t\t\t \n\t \n\t\n\t\t1 \n\t\t50 \n\t\tipv4 \n\t \n\t\n\t\t\n\t\t\tadvanced \n\t\t\t\n\t\t\t\t\n\t\t\t\t\tany \n\t\t\t\t \n\t\t\t\twan \n\t\t\t\t\n\t\t\t\t\t \n\t\t\t\t\n\t\t\t\t\t1544027052 \n\t\t\t\t\t \n\t\t\t\t\n\t\t\t\t\t1544027052 \n\t\t\t\t\t \n\t\t\t \n\t\t \n\t\t\n\t\t\t\n\t\t\t\t \n\t\t\t\n\t\t\t\twanip \n\t\t\t\t22022 \n\t\t\t \n\t\t\ttcp \n\t\t\t10.255.1.20 \n\t\t\t22 \n\t\t\twan \n\t\t\t\n\t\t\t\t1544085353 \n\t\t\t\t \n\t\t\t\n\t\t\t\t1544085353 \n\t\t\t\t \n\t\t \n\t \n\t\n\t\t\n\t\t\t\n\t\t\t\t\n\t\t\t\t\tfr1
\n\t\t\t\t\ttest_separator \n\t\t\t\t\tbg-info \n\t\t\t\t\tlan \n\t\t\t\t \n\t\t\t \n\t\t\t \n\t\t\n\t\t\t\t\t\t1560930241 \n\t\t\t\t\t\tmatch \n\t\t\t\t\t\tlan \n\t\t\t\t\t\tinet \n\t\t\t\t\t\tin \n\t\t\t\t\t\tyes \n\t\t\t\t\t\tyes \n\t\t\t\t\t\ttcp \n\t\t\t\t\t\t\n\t\t\t\t\t\t\tport_ssh \n\t\t\t\t\t\t \n\t\t\t\t\t\t\n\t\t\t\t\t\t\t \n\t\t\t\t\t\tfloating_rule_1 \n\t\t \n\t\t\n\t\t\t\t\t\t1560930241 \n\t\t\t\t\t\tmatch \n\t\t\t\t\t\tlan,wan,opt3 \n\t\t\t\t\t\tinet \n\t\t\t\t\t\tin \n\t\t\t\t\t\tyes \n\t\t\t\t\t\tyes \n\t\t\t\t\t\ttcp \n\t\t\t\t\t\t\n\t\t\t\t\t\t\t \n\t\t\t\t\t\t\n\t\t\t\t\t\t\tport_ssh \n\t\t\t\t\t\t \n\t\t\t\t\t\tfloating_rule_2 \n\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545574416 \n\t\t\t \n\t\t\ttcp \n\t\t\tantilock_out_1 \n\t\t\t\n\t\t\t\t1545574416 \n\t\t\t \n\t\t\t\n\t\t\t\tport_ssh \n\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\t \n\t\t\t1545574416 \n\t\t\twan \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545574416 \n\t\t\t \n\t\t\ttcp \n\t\t\tantilock_out_2 \n\t\t\t\n\t\t\t\t1545574416 \n\t\t\t \n\t\t\t\n\t\t\t\tport_http \n\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\t \n\t\t\t1545574416 \n\t\t\twan \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545574416 \n\t\t\t \n\t\t\ttcp \n\t\t\tantilock_out_3 \n\t\t\t\n\t\t\t\t1545574416 \n\t\t\t \n\t\t\t\n\t\t\t\t443 \n\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\t \n\t\t\t1545574416 \n\t\t\twan \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545574416 \n\t\t\t \n\t\t\ttcp \n\t\t\tantilock_out_1 \n\t\t\t\n\t\t\t\t1545574416 \n\t\t\t \n\t\t\t\n\t\t\t\tport_ssh \n\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\t \n\t\t\t1545574416 \n\t\t\tlan \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545574416 \n\t\t\t \n\t\t\ttcp \n\t\t\tantilock_out_2 \n\t\t\t\n\t\t\t\t1545574416 \n\t\t\t \n\t\t\t\n\t\t\t\tport_http \n\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\t \n\t\t\t1545574416 \n\t\t\tlan \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545574416 \n\t\t\t \n\t\t\ttcp \n\t\t\tantilock_out_3 \n\t\t\t\n\t\t\t\t1545574416 \n\t\t\t \n\t\t\t\n\t\t\t\t443 \n\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\t \n\t\t\t1545574416 \n\t\t\tlan \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545574416 \n\t\t\t \n\t\t\ttcp \n\t\t\tantilock_out_1 \n\t\t\t\n\t\t\t\t1545574416 \n\t\t\t \n\t\t\t\n\t\t\t\tport_ssh \n\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\t \n\t\t\t1545574416 \n\t\t\topt3 \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545574416 \n\t\t\t \n\t\t\ttcp \n\t\t\tantilock_out_2 \n\t\t\t\n\t\t\t\t1545574416 \n\t\t\t \n\t\t\t\n\t\t\t\tport_http \n\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\t \n\t\t\t1545574416 \n\t\t\topt3 \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545574416 \n\t\t\t \n\t\t\ttcp \n\t\t\tantilock_out_3 \n\t\t\t\n\t\t\t\t1545574416 \n\t\t\t \n\t\t\t\n\t\t\t\t443 \n\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\t \n\t\t\t1545574416 \n\t\t\topt3 \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\tudp \n\t\t\tvoid_conf_tftp_1 \n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\t\n\t\t\t\t69 \n\t\t\t\tlan_voip_poc2 \n\t\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\tipbx_poc3 \n\t\t\t\t \n\t\t\t1545602758 \n\t\t\topt3 \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\ticmp \n\t\t\tping_from_poc3_2 \n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\t\n\t\t\t\tsrv_admin \n\t\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\tlan_voip_poc3 \n\t\t\t\t \n\t\t\t1545602758 \n\t\t\topt3 \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\tudp \n\t\t\tvoid_conf_tftp_2 \n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\t\n\t\t\t\t69 \n\t\t\t\tlan_voip_poc1 \n\t\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\tipbx_poc3 \n\t\t\t\t \n\t\t\t1545602758 \n\t\t\topt3 \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545574416 \n\t\t\t \n\t\t\ttcp \n\t\t\tantilock_out_1 \n\t\t\t\n\t\t\t\t1545574416 \n\t\t\t \n\t\t\t\n\t\t\t\tport_ssh \n\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\t \n\t\t\t1545574416 \n\t\t\topt1 \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545574416 \n\t\t\t \n\t\t\ttcp \n\t\t\tantilock_out_2 \n\t\t\t\n\t\t\t\t1545574416 \n\t\t\t \n\t\t\t\n\t\t\t\tport_http \n\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\t \n\t\t\t1545574416 \n\t\t\topt1 \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545574416 \n\t\t\t \n\t\t\ttcp \n\t\t\tantilock_out_3 \n\t\t\t\n\t\t\t\t1545574416 \n\t\t\t \n\t\t\t\n\t\t\t\t443 \n\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\t \n\t\t\t1545574416 \n\t\t\topt1 \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\tudp \n\t\t\tvoid_conf_tftp_3 \n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\t\n\t\t\t\t69 \n\t\t\t\tlan_voip_poc3 \n\t\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\tipbx_poc2 \n\t\t\t\t \n\t\t\t1545602758 \n\t\t\topt1 \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\tudp \n\t\t\tads_to_ads_udp_3_1 \n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\t\n\t\t\t\tport_dns \n\t\t\t\tad_poc3 \n\t\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\tad_poc2 \n\t\t\t\t \n\t\t\t1545602758 \n\t\t\topt1 \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\tudp \n\t\t\tads_to_ads_udp_3_2 \n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\t\n\t\t\t\tport_ldap \n\t\t\t\tad_poc3 \n\t\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\tad_poc2 \n\t\t\t\t \n\t\t\t1545602758 \n\t\t\topt1 \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\tudp \n\t\t\tads_to_ads_udp_4_1 \n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\t\n\t\t\t\tport_dns \n\t\t\t\tad_poc3 \n\t\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\tad_poc1 \n\t\t\t\t \n\t\t\t1545602758 \n\t\t\topt1 \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\tudp \n\t\t\tads_to_ads_udp_4_2 \n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\t\n\t\t\t\tport_ldap \n\t\t\t\tad_poc3 \n\t\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\tad_poc1 \n\t\t\t\t \n\t\t\t1545602758 \n\t\t\topt1 \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\tudp \n\t\t\tvoid_conf_tftp_4 \n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\t\n\t\t\t\t69 \n\t\t\t\tlan_voip_poc3 \n\t\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\tipbx_poc1 \n\t\t\t\t \n\t\t\t1545602758 \n\t\t\topt1 \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\ttcp \n\t\t\tads_to_ads_tcp_4_1 \n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\t\n\t\t\t\tport_dns \n\t\t\t\tad_poc3 \n\t\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\tad_poc1 \n\t\t\t\t \n\t\t\t1545602758 \n\t\t\topt1 \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\ttcp \n\t\t\tads_to_ads_tcp_4_2 \n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\t\n\t\t\t\tport_ldap \n\t\t\t\tad_poc3 \n\t\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\tad_poc1 \n\t\t\t\t \n\t\t\t1545602758 \n\t\t\topt1 \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\ttcp \n\t\t\tads_to_ads_tcp_4_3 \n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\t\n\t\t\t\tport_ldap_ssl \n\t\t\t\tad_poc3 \n\t\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\tad_poc1 \n\t\t\t\t \n\t\t\t1545602758 \n\t\t\topt1 \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\tadmin_bypass \n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\t\n\t\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\tsrv_admin \n\t\t\t\t \n\t\t\t1545602758 \n\t\t\topt1 \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\ttcp \n\t\t\tads_to_ads_tcp_3_1 \n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\t\n\t\t\t\tport_dns \n\t\t\t\tad_poc3 \n\t\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\tad_poc2 \n\t\t\t\t \n\t\t\t1545602758 \n\t\t\topt1 \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\ttcp \n\t\t\tads_to_ads_tcp_3_2 \n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\t\n\t\t\t\tport_ldap \n\t\t\t\tad_poc3 \n\t\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\tad_poc2 \n\t\t\t\t \n\t\t\t1545602758 \n\t\t\topt1 \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\ttcp \n\t\t\tads_to_ads_tcp_3_3 \n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\t\n\t\t\t\tport_ldap_ssl \n\t\t\t\tad_poc3 \n\t\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\tad_poc2 \n\t\t\t\t \n\t\t\t1545602758 \n\t\t\topt1 \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t \n\t\n\t\t\n\t\t\tport \n\t\t\tport_ssh \n\t\t\t22 \n\t\t \n\t\t\n\t\t\tport \n\t\t\tport_http \n\t\t\t80 \n\t\t \n\t\t\n\t\t\thost \n\t\t\tsrv_admin \n\t\t\t192.168.1.165 \n\t\t \n\t\t\n\t\t\tport \n\t\t\tport_dns \n\t\t\t51 \n\t\t \n\t\t\n\t\t\tport \n\t\t\tport_ldap \n\t\t\t389 \n\t\t \n\t\t\n\t\t\tport \n\t\t\tport_ldap_ssl \n\t\t\t636 \n\t\t \n\t\n\t\t\tnetwork \n\t\t\tlan_voip_poc2 \n\t\t\t172.16.2.0/24 \n\t\t\t \n\t\t\n\t\t\tnetwork \n\t\t\tlan_voip_poc3 \n\t\t\t172.16.3.0/24 \n\t\t\t \n\t\t\n\t\t\tnetwork \n\t\t\tlan_voip_poc1 \n\t\t\t172.16.1.0/24 \n\t\t\t \n\t\t\n\t\t\thost \n\t\t\tad_poc3 \n\t\t\t192.168.3.3 \n\t\t\t \n\t\t\n\t\t\thost \n\t\t\tad_poc2 \n\t\t\t192.168.2.3 \n\t\t\t \n\t\t\n\t\t\thost \n\t\t\tad_poc1 \n\t\t\t192.168.1.3 \n\t\t\t \n\t\t\n\t\t\tnetwork \n\t\t\tlan_data_poc3 \n\t\t\t192.168.3.0/24 \n\t\t\t \n\t\t\n\t\t\thost \n\t\t\tipbx_poc3 \n\t\t\t172.16.3.3 \n\t\t\t \n\t\t\n\t\t\thost \n\t\t\tipbx_poc2 \n\t\t\t172.16.2.3 \n\t\t\t \n\t\t\n\t\t\thost \n\t\t\tipbx_poc1 \n\t\t\t172.16.1.3 \n\t\t\t \n\t\t\n\t\t\thttp://www.acme-corp.com \n\t\t\turltable \n\t\t\t10 \n\t\t\thttp://www.acme-corp.com \n\t\t\tacme_corp \n\t\t\t \n\t\t \n\t\n\t\t- \n\t\t\t
1,31 \n\t\t\t0-5 \n\t\t\t* \n\t\t\t* \n\t\t\t* \n\t\t\troot \n\t\t\t/usr/bin/nice -n20 adjkerntz -a \n\t\t \n\t\t- \n\t\t\t
1 \n\t\t\t3 \n\t\t\t1 \n\t\t\t* \n\t\t\t* \n\t\t\troot \n\t\t\t/usr/bin/nice -n20 /etc/rc.update_bogons.sh \n\t\t \n\t\t- \n\t\t\t
*/60 \n\t\t\t* \n\t\t\t* \n\t\t\t* \n\t\t\t* \n\t\t\troot \n\t\t\t/usr/bin/nice -n20 /usr/local/sbin/expiretable -v -t 3600 sshguard \n\t\t \n\t\t- \n\t\t\t
*/60 \n\t\t\t* \n\t\t\t* \n\t\t\t* \n\t\t\t* \n\t\t\troot \n\t\t\t/usr/bin/nice -n20 /usr/local/sbin/expiretable -v -t 3600 webConfiguratorlockout \n\t\t \n\t\t- \n\t\t\t
1 \n\t\t\t1 \n\t\t\t* \n\t\t\t* \n\t\t\t* \n\t\t\troot \n\t\t\t/usr/bin/nice -n20 /etc/rc.dyndns.update \n\t\t \n\t\t- \n\t\t\t
*/60 \n\t\t\t* \n\t\t\t* \n\t\t\t* \n\t\t\t* \n\t\t\troot \n\t\t\t/usr/bin/nice -n20 /usr/local/sbin/expiretable -v -t 3600 virusprot \n\t\t \n\t\t- \n\t\t\t
30 \n\t\t\t12 \n\t\t\t* \n\t\t\t* \n\t\t\t* \n\t\t\troot \n\t\t\t/usr/bin/nice -n20 /etc/rc.update_urltables \n\t\t \n\t\t- \n\t\t\t
1 \n\t\t\t0 \n\t\t\t* \n\t\t\t* \n\t\t\t* \n\t\t\troot \n\t\t\t/usr/bin/nice -n20 /etc/rc.update_pkg_metadata \n\t\t \n\t\t- \n\t\t\t
0 \n\t\t\t0 \n\t\t\t* \n\t\t\t* \n\t\t\t* \n\t\t\troot \n\t\t\t/usr/local/sbin/squid -k rotate -f /usr/local/etc/squid/squid.conf \n\t\t \n\t\t- \n\t\t\t
15 \n\t\t\t0 \n\t\t\t* \n\t\t\t* \n\t\t\t* \n\t\t\troot \n\t\t\t/usr/local/pkg/swapstate_check.php \n\t\t \n\t \n\t\n\t\t \n\t\n\t\t\n\t\t\tICMP \n\t\t\ticmp \n\t\t\tICMP \n\t\t\t \n\t\t\n\t\t\tTCP \n\t\t\ttcp \n\t\t\tGeneric TCP \n\t\t\t \n\t\t\n\t\t\tHTTP \n\t\t\thttp \n\t\t\tGeneric HTTP \n\t\t\t\n\t\t\t\t/ \n\t\t\t\t200\n\t\t\t \n\t\t \n\t\t\n\t\t\tHTTPS \n\t\t\thttps \n\t\t\tGeneric HTTPS \n\t\t\t\n\t\t\t\t/ \n\t\t\t\t200\n\t\t\t \n\t\t \n\t\t\n\t\t\tSMTP \n\t\t\tsend \n\t\t\tGeneric SMTP \n\t\t\t\n\t\t\t\t220 * \n\t\t\t \n\t\t \n\t \n\t\n\t\tsystem_information:col1:open:0,interfaces:col2:open:0 \n\t\t10 \n\t \n\t\n\t\t \n\t\n\t\t1545602758 \n\t\taggregated change \n\t\t \n\t\n\t\t5c00e5f9029df \n\t\twebConfigurator default (5c00e5f9029df) \n\t\tserver \n\t\tLS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUVlakNDQTJLZ0F3SUJBZ0lCQURBTkJna3Foa2lHOXcwQkFRc0ZBREJhTVRnd05nWURWUVFLRXk5d1psTmwKYm5ObElIZGxZa052Ym1acFozVnlZWFJ2Y2lCVFpXeG1MVk5wWjI1bFpDQkRaWEowYVdacFkyRjBaVEVlTUJ3RwpBMVVFQXhNVmNHWlRaVzV6WlMwMVl6QXdaVFZtT1RBeU9XUm1NQjRYRFRFNE1URXpNREEzTWpVME5Wb1hEVEkwCk1EVXlNakEzTWpVME5Wb3dXakU0TURZR0ExVUVDaE12Y0daVFpXNXpaU0IzWldKRGIyNW1hV2QxY21GMGIzSWcKVTJWc1ppMVRhV2R1WldRZ1EyVnlkR2xtYVdOaGRHVXhIakFjQmdOVkJBTVRGWEJtVTJWdWMyVXROV013TUdVMQpaamt3TWpsa1pqQ0NBU0l3RFFZSktvWklodmNOQVFFQkJRQURnZ0VQQURDQ0FRb0NnZ0VCQU9SRHNBV1hlMitrCmtuUFpBUGxBUG1QUUl6RVBDaXBQdXJ4dmE4c0psSCtiNitKRzl4bnpreXptaVR5SFc0M0tmZzVKNzhCdG1jTmQKWlgvZHlyckZ6dlNiQnZpa21lWk9MdGVaejVaaGFOdkxsbjBxRWZibEFwbWdkUS9Nck42eURoTWNZYWN6SEduTwpTaHdFRWZoMHhuOGo5VEFCMG9vT0JyU2dINnpkTjF2YVFIZzBJeDhIa0toUzY5eDRoV3g2WUUrRE9UQk00NUcwCkNVbitUVzNTSytQaU5QaFExT2tyRHlKL21ZLzdmVXpRZkg1bk5ZcEtNZUE2cVZxdUZTa1g0a0RVRlFwOHNoNG4KMXR5QmtJM2gvTFRpTW5uNjhBMXhKOFdrVW8yUWNxNmNuR0hqL0VGbkVKWWRraTVsYUtDWG5wS0Y0c2hrZHJaVgpRN21ybithUHg5OENBd0VBQWFPQ0FVa3dnZ0ZGTUFrR0ExVWRFd1FDTUFBd0VRWUpZSVpJQVliNFFnRUJCQVFECkFnWkFNQXNHQTFVZER3UUVBd0lGb0RBekJnbGdoa2dCaHZoQ0FRMEVKaFlrVDNCbGJsTlRUQ0JIWlc1bGNtRjAKWldRZ1UyVnlkbVZ5SUVObGNuUnBabWxqWVhSbE1CMEdBMVVkRGdRV0JCU3Qra3hud054UlFGT2pXVTljekRwegp4elRYd2pDQmdnWURWUjBqQkhzd2VZQVVyZnBNWjhEY1VVQlRvMWxQWE13NmM4YzAxOEtoWHFSY01Gb3hPREEyCkJnTlZCQW9UTDNCbVUyVnVjMlVnZDJWaVEyOXVabWxuZFhKaGRHOXlJRk5sYkdZdFUybG5ibVZrSUVObGNuUnAKWm1sallYUmxNUjR3SEFZRFZRUURFeFZ3WmxObGJuTmxMVFZqTURCbE5XWTVNREk1WkdhQ0FRQXdIUVlEVlIwbApCQll3RkFZSUt3WUJCUVVIQXdFR0NDc0dBUVVGQ0FJQ01DQUdBMVVkRVFRWk1CZUNGWEJtVTJWdWMyVXROV013Ck1HVTFaamt3TWpsa1pqQU5CZ2txaGtpRzl3MEJBUXNGQUFPQ0FRRUEzZHhIRWR5SkpWeC9od0t3WGlwcXYrY04KWFpSQ3Q1NUFHbnNGeXZIcG5Rb3pxYzV1ZFdKSTFUcGF1TGNaZjF6OFM1cXQyUDd3V1BndFhnZ3BIWmgydUlqagpha2ZpV0JIQnorS3Q2Qjl5K2hmVTVPRHUwSXMrcHJyWngyM0ZNNjVCOFNiMGlmUlMvZXFTTFpHTHcvLzdhRVJ2CnVpOUhKOXRuemhRYklMb1VwUUQ5MTRLNERldXdJYXZ4dldMTElwMGsreWNoSTczV2NGR1VZVlJpanFNekhlcUcKY2RLRDVtbXZQTk1OYXdESVhuU3pldVpQMTkvVmhuc0J0Y3hiYzNMQ2RSR1VJS0ZNN2syK0xoaEZrdks1NjhlNQozalpNZjNSVWhQaTlFeEF2Vmw3blVyd1l4UU45TXhHMUJzZmNrYldNd1dUL3lFMHFnRHcrT2M4b21SSW9tZz09Ci0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K \n\t\tLS0tLS1CRUdJTiBQUklWQVRFIEtFWS0tLS0tCk1JSUV2UUlCQURBTkJna3Foa2lHOXcwQkFRRUZBQVNDQktjd2dnU2pBZ0VBQW9JQkFRRGtRN0FGbDN0dnBKSnoKMlFENVFENWowQ014RHdvcVQ3cThiMnZMQ1pSL20rdmlSdmNaODVNczVvazhoMXVOeW40T1NlL0FiWm5EWFdWLwozY3E2eGM3MG13YjRwSm5tVGk3WG1jK1dZV2pieTVaOUtoSDI1UUtab0hVUHpLemVzZzRUSEdHbk14eHB6a29jCkJCSDRkTVovSS9Vd0FkS0tEZ2Ewb0IrczNUZGIya0I0TkNNZkI1Q29VdXZjZUlWc2VtQlBnemt3VE9PUnRBbEoKL2sxdDBpdmo0alQ0VU5UcEt3OGlmNW1QKzMxTTBIeCtaeldLU2pIZ09xbGFyaFVwRitKQTFCVUtmTEllSjliYwpnWkNONGZ5MDRqSjUrdkFOY1NmRnBGS05rSEt1bkp4aDQveEJaeENXSFpJdVpXaWdsNTZTaGVMSVpIYTJWVU81CnE1L21qOGZmQWdNQkFBRUNnZ0VCQUpmblI1TmhESjd1T1J2cEZKSEtvL3BPZjZ6ZElsbW45MUFCSWczYkVUeWUKcWFwS3FaUldtT0d2aFRLSHJYQzlpWWUrd2xNZlhNMDdNUm1Yb3BzS21rQURqdThXc3VnbHJWeURHamNzR2RqegpNZkdYZHA4RUplZlFkVGFQY1pjOWpNcEEvK2VCeHUzT2Yxa0hpR0g4YkVBZDBNUWk0bFpISVVWQXJmT2V2NEZhCmlaTEJGdTEzY0pCMEJNbzJUZU9JZDQ1R0p3OXVTQWd3Q1VuZWQ5WG42SlkremI3cVRKUE1qQkdlYWY0L0E5UnMKV29nWW85ZUtYaTF3YmFRcGthdUZINWx2U29jckRsQWRiaERiam00c0lIdzJtQUwwSUk0d1YzVTJLbUhFMEg3Nwp2b1M0dUdHNW1BZFZ0elRDTnZOa09YMC9WVWdNMTJ1eHllZVZ4c3FaTkxFQ2dZRUEvcFhJR2hDNlhkVkNNNDk1CkVsR1RENW4zUXdUOTZXZkNRQ0w2cXlaK1UwUHNla0dDV2pXTWt3R2tHbWl1ZkVKdFN2VFl2d1NzcUZpaTZsdlkKNXRKSkR3dEd4ZW0weEF0SWc3RlNuUVcvdDNWcExXOE9QVmFXQ0lOSXJKSHc3L2tOZ2RpVmNBWXpiN05DUGtjVgptTEs5aSt6bXpKMmkrbE9vaFVKRlE5aVZEQWNDZ1lFQTVZaDFHYWlGMUl6UzRVdE9pZklLcjZ3bW40MEQ3ZEVmClF5SXF5d3JSTVcya1BxVkViaVBCVkM3dUxUeUlKMWdwVDhPakl3WFlrOUlRdW01ZW42TTc2aXlxYmUrY3JhdE8KbEliK3pLL2RBNzZuUjBHOGJ2eVBmMS9FbU5vL0J1ZUZldWQyaWNacWhMd25HUkxUL0FPQktkMTZ4ZGtoSjdkVwo5WWRsbmliL0gya0NnWUJqaC8rQllVVGJab0xKVWJCTjN5S1ZtT1k0aDMwVmdZRktQZUt1Z3hBa1VZdmtpRFFFClBLZEcyZjlrYThTN3crU2l4M0x0eTFBTlNRbjRnZ3djd2QzYVNkaFRpL2ttSkJzbmtXM3hBY3hnVjBEVmlIT1MKdTRWUXNyTDQ5TjJ6bERVWnJLbFA4THl2VU8vM0ZTZDJXWHNOZDRNTVFCejFyVHRYVGY5eWRQeGdoUUtCZ0FzRgptWEhvK0x3ekl2RTBsNG5pT0ljbEFobkpRTFlMdzYrS2xYbDRoSUVXSGJ2d1hhL1lRYkZVSzVXNmdXTTZSWW1TCkFHUnZKRzQ4dVJicXM5cUFrU0Qya2h5RFZBZTI0U2dhcjJPTzBsTWF0WmVqWFhRSzVxMGNJU21oMlVMd25TVkEKdGgxNWpLWGhEeE9TSnVIRUhWQ3dWUFBwTUVGaStXY0M0R3RPdmhONUFvR0FKbXdFSkR2QkZtL0t0SXlZMDhuQgpJSExkc1dSWmRXOXpNbHBsMVk2OTV1b21qS1hVMEwva3VDZ1QwRFVVVG1VK0Q3aGFZL2FQajB6MWpqR0JGcEQ0ClJ3cVA2dVJQTVhRMExLSG5IbmFQclJzanM2Q2xicVQ4ZU93dTRkeVpmYUtTS3VvbVpDZ1pkV2ZxWThVL21tbWIKT21vckhNeWJzWG0wWnJNaTZOemlzam89Ci0tLS0tRU5EIFBSSVZBVEUgS0VZLS0tLS0K \n\t \n\t\n\t\t\n\t\t\twan \n\t\t\t192.168.1.220 \n\t\t\tGW_WAN \n\t\t\t1 \n\t\t\tinet \n\t\t\tInterface wan Gateway \n\t\t \n\t\t\n\t\t\tlan \n\t\t\t192.168.1.220 \n\t\t\tGW_LAN \n\t\t\t1 \n\t\t\tinet \n\t\t\tInterface lan Gateway \n\t\t \n\t\t\n\t\t\tlan \n\t\t\t2001::1 \n\t\t\tGW_LAN6 \n\t\t\t1 \n\t\t\tinet6 \n\t\t\tInterface lan Gateway \n\t\t \n\t\tGW_WAN \n\t \n\t\n\t\t\n\t\t\tnmap \n\t\t\tNMap is a utility for network exploration or security auditing.&amp;amp;amp;amp;amp;amp;amp;amp;amp;amp;lt;br/&amp;amp;amp;amp;amp;amp;amp;amp;amp;amp;gt;\n\t\t\tIt supports ping scanning (determine which hosts are up), many port scanning techniques (determine what services the hosts are offering), version detection (determine what application/service is running on a port), and TCP/IP fingerprinting (remote host OS or device identification).\n\t\t\tIt also offers flexible target and port specification, decoy/stealth scanning, SunRPC scanning, and more. \n\t\t\t1.4.4_1 \n\t\t\thttps://doc.pfsense.org/index.php/Nmap_package \n\t\t\tnmap.xml \n\t\t\t/usr/local/pkg/nmap.inc \n\t\t \n\t\t\n\t\t\tiftop \n\t\t\thttps://forum.pfsense.org/ \n\t\t\tRealtime interface monitor (console/shell only). \n\t\t\thttp://www.ex-parrot.com/~pdw/iftop/ \n\t\t\t0.17_2 \n\t\t\tiftop.xml \n\t\t \n\t\t\n\t\t\tOpen-VM-Tools \n\t\t\tVMware Tools is a suite of utilities that enhances the performance of the virtual machine's guest operating system and improves management of the virtual machine. \n\t\t\thttp://open-vm-tools.sourceforge.net/ \n\t\t\t10.1.0,1 \n\t\t\thttps://doc.pfsense.org/index.php/Open_VM_Tools_package \n\t\t\topen-vm-tools.xml \n\t\t\t/usr/local/pkg/open-vm-tools.inc \n\t\t \n\t\t\n\t\t\tsquid3 \n\t\t\tsquid \n\t\t\tHigh performance web proxy cache (3.4 branch). It combines Squid as a proxy server with its capabilities of acting as a HTTP / HTTPS reverse proxy.&amp;amp;amp;amp;amp;amp;amp;amp;amp;amp;lt;br /&amp;amp;amp;amp;amp;amp;amp;amp;amp;amp;gt;\n\t\t\tIt includes an Exchange-Web-Access (OWA) Assistant, SSL filtering and antivirus integration via C-ICAP. \n\t\t\thttps://forum.pfsense.org/index.php?board=60.0 \n\t\t\thttp://www.squid-cache.org/ \n\t\t\t0.4.44_7 \n\t\t\tsquid.xml \n\t\t\tsquid_generate_rules \n\t\t\t\n\t\t\t\t\n\t\t\t\t\tGeneral \n\t\t\t\t\t/pkg_edit.php?xml=squid.xml&id=0 \n\t\t\t\t\t \n\t\t\t\t\n\t\t\t\t\tRemote Cache \n\t\t\t\t\t/pkg.php?xml=squid_upstream.xml \n\t\t\t\t \n\t\t\t\t\n\t\t\t\t\tLocal Cache \n\t\t\t\t\t/pkg_edit.php?xml=squid_cache.xml&id=0 \n\t\t\t\t \n\t\t\t\t\n\t\t\t\t\tAntivirus \n\t\t\t\t\t/pkg_edit.php?xml=squid_antivirus.xml&id=0 \n\t\t\t\t \n\t\t\t\t\n\t\t\t\t\tACLs \n\t\t\t\t\t/pkg_edit.php?xml=squid_nac.xml&id=0 \n\t\t\t\t \n\t\t\t\t\n\t\t\t\t\tTraffic Mgmt \n\t\t\t\t\t/pkg_edit.php?xml=squid_traffic.xml&id=0 \n\t\t\t\t \n\t\t\t\t\n\t\t\t\t\tAuthentication \n\t\t\t\t\t/pkg_edit.php?xml=squid_auth.xml&id=0 \n\t\t\t\t \n\t\t\t\t\n\t\t\t\t\tUsers \n\t\t\t\t\t/pkg.php?xml=squid_users.xml \n\t\t\t\t \n\t\t\t\t\n\t\t\t\t\tReal Time \n\t\t\t\t\t/squid_monitor.php \n\t\t\t\t \n\t\t\t\t\n\t\t\t\t\tSync \n\t\t\t\t\t/pkg_edit.php?xml=squid_sync.xml \n\t\t\t\t \n\t\t\t \n\t\t\t/usr/local/pkg/squid.inc \n\t\t \n\t\t\n\t\t\tNMap \n\t\t\t\n\t\t\tnmap.xml \n\t\t \n\t\t\n\t\t\tSquid Proxy Server \n\t\t\tModify the proxy server settings \n\t\t\t\n\t\t\t/pkg_edit.php?xml=squid.xml&id=0 \n\t\t \n\t\t\n\t\t\tSquid Reverse Proxy \n\t\t\tModify the reverse proxy server settings \n\t\t\t\n\t\t\t/pkg_edit.php?xml=squid_reverse_general.xml&id=0 \n\t\t \n\t\t\n\t\t\tvmware-guestd \n\t\t\tvmware-guestd.sh \n\t\t\tmwexec(\"/usr/local/etc/rc.d/vmware-guestd status\") == 0; \n\t\t\tVMware Guest Daemon \n\t\t \n\t\t\n\t\t\tvmware-kmod \n\t\t\tvmware-kmod.sh \n\t\t\tmwexec(\"/usr/local/etc/rc.d/vmware-kmod status\") == 0; \n\t\t\tVMware Kernel Modules \n\t\t \n\t\t\n\t\t\tsquid \n\t\t\tsquid.sh \n\t\t\tsquid \n\t\t\tSquid Proxy Server Service \n\t\t \n\t\t\n\t\t\tclamd \n\t\t\tclamd.sh \n\t\t\tclamd \n\t\t\tClamAV Antivirus \n\t\t \n\t\t\n\t\t\tc-icap \n\t\t\tc-icap.sh \n\t\t\tc-icap \n\t\t\tICAP Inteface for Squid and ClamAV integration \n\t\t \n\t\t\n\t\t\t\n\t\t\t\theap LFUDA \n\t\t\t\t90 \n\t\t\t\t95 \n\t\t\t\t100 \n\t\t\t\tufs \n\t\t\t\t16 \n\t\t\t\t/var/squid/cache \n\t\t\t\t0 \n\t\t\t\t4 \n\t\t\t\t64 \n\t\t\t\t256 \n\t\t\t\theap GDSF \n\t\t\t\t \n\t\t \n\t\t\n\t\t\t\n\t\t\t\tnone \n\t\t\t \n\t\t \n\t\t\n\t\t\t\n\t\t\t\ton \n\t\t\t\ton \n\t\t\t\tlan \n\t\t\t\t3128 \n\t\t\t\ton \n\t\t\t\tlan \n\t\t\t\tsplicewhitelist \n\t\t\t\tlan \n\t\t\t\tmodern \n\t\t\t\t2048 \n\t\t\t\tnone \n\t\t\t\t/var/squid/logs \n\t\t\t\tlocalhost \n\t\t\t\tadmin@localhost \n\t\t\t\ten \n\t\t\t\ton \n\t\t\t\tstrip \n\t\t\t\t \n\t\t \n\t\t\n\t\t\t\n\t\t\t\tLg== \n\t\t\t\t \n\t\t \n\t \n\t\n\t \n\t\n\t\t\n\t\t\tipalias \n\t\t\tlan \n\t\t\t5c0a4b6139b05 \n\t\t\tsingle \n\t\t\t24 \n\t\t\t10.255.2.254 \n\t\t \n\t\t\n\t\t\tipalias \n\t\t\tlan \n\t\t\t5c0a4bd391375 \n\t\t\tsingle \n\t\t\t24 \n\t\t\t10.255.3.254 \n\t\t \n\t \n\t\n\t\t\n\t\t\tpfSense \n\t\t\tacme.com \n\t\t \n\t \n\t\n\t\t\n\t\t\tvmx0 \n\t\t\t100 \n\t\t\tvmx0.100 \n\t\t \n\t\t\n\t\t\tvmx1 \n\t\t\t100 \n\t\t\tvmx1.100 \n\t\t \n\t\t\n\t\t\tvmx1 \n\t\t\t1100 \n\t\t\tvmx1.1100 \n\t\t \n\t\t\n\t\t\tvmx2 \n\t\t\t1100 \n\t\t\tvmx2.1100 \n\t\t \n\t \n \n"
},
{
"path": "tests/unit/plugins/module_utils/test_pfsense.py",
"content": "# Copyright: (c) 2022, Orion Poplawski \n# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)\n\nfrom __future__ import (absolute_import, division, print_function)\n__metaclass__ = type\n\nfrom ansible_collections.community.internal_test_tools.tests.unit.compat.mock import patch\nfrom ansible_collections.pfsensible.core.plugins.module_utils.pfsense import PFSenseModule\nfrom ansible_collections.pfsensible.core.tests.unit.plugins.modules.pfsense_module import TestPFSenseModule\n\n\nclass TestPFSense(TestPFSenseModule):\n\n def __init__(self, *args, **kwargs):\n super(TestPFSense, self).__init__(*args, **kwargs)\n\n def setUp(self):\n super(TestPFSense, self).setUp()\n self.pfsense = PFSenseModule(None)\n self.mock_get_version = patch('ansible_collections.pfsensible.core.plugins.module_utils.pfsense.PFSenseModule.get_version', wraps=self.my_get_version)\n self.get_version = self.mock_get_version.start()\n\n def tearDown(self):\n super(TestPFSense, self).tearDown()\n self.mock_get_version.stop()\n\n def my_get_version(self):\n return self.version\n\n def test_is_version(self):\n self.pfsense.pfsense_version = None\n self.version = '2.6.0'\n assert self.pfsense.is_version([2, 5, 0])\n assert self.pfsense.is_version([2, 6, 0])\n assert not self.pfsense.is_version([2, 7, 0])\n assert not self.pfsense.is_version([22, 2])\n assert not self.pfsense.is_version([2, 5, 0], or_more=False)\n assert not self.pfsense.is_version([21, 2])\n self.pfsense.pfsense_version = None\n self.version = '22.02'\n assert not self.pfsense.is_version([2, 6, 0])\n assert not self.pfsense.is_version([2, 7, 0])\n assert self.pfsense.is_version([21, 1])\n assert self.pfsense.is_version([21, 3])\n assert self.pfsense.is_version([22, 2])\n assert not self.pfsense.is_version([22, 7])\n assert not self.pfsense.is_version([23, 1])\n assert not self.pfsense.is_version([21, 2], or_more=False)\n\n def test_is_at_least_2_5_0(self):\n self.pfsense.pfsense_version = None\n self.version = '2.6.0'\n assert self.pfsense.is_at_least_2_5_0()\n self.pfsense.pfsense_version = None\n self.version = '22.01'\n assert self.pfsense.is_at_least_2_5_0()\n"
},
{
"path": "tests/unit/plugins/modules/__init__.py",
"content": ""
},
{
"path": "tests/unit/plugins/modules/fixtures/2.4/pfsense_ipsec_aggregate_config.xml",
"content": "\n\t18.9 \n\t\n\t\tnormal \n\t\tpfSense \n\t\tacme.com \n\t\ton \n\t\t\n\t\t\tall \n\t\t\tAll Users \n\t\t\tsystem \n\t\t\t1998 \n\t\t \n\t\t\n\t\t\tadmins \n\t\t\tSystem Administrators \n\t\t\tsystem \n\t\t\t1999 \n\t\t\t0 \n\t\t\tpage-all \n\t\t \n\t\t\n\t\t\tsystem \n\t\t\ttest \n\t\t\t \n\t\t\n\t\t\tsystem \n\t\t\tgroupe1 \n\t\t\t \n\t\t\n\t\t\tsystem \n\t\t\tgroupe2 \n\t\t\t \n\t\t\n\t\t\tadmin \n\t\t\tSystem Administrator \n\t\t\tsystem \n\t\t\tadmins \n\t\t\t$2y$10$AMCpA.Z.RNaferLp1yzFq.BvaGgfqaJKtQug7OErbocyNagsEK6xW \n\t\t\t0 \n\t\t\tuser-shell-access \n\t\t\t2 \n\t\t\tpfSense.css \n\t\t \n\t\t2000 \n\t\t2000 \n\t\t0.pfsense.pool.ntp.org \n\t\t\n\t\t\thttp \n\t\t\t5c00e5f9029df \n\t\t\t2 \n\t\t \n\t\tyes \n\t\t400000 \n\t\thadp \n\t\thadp \n\t\thadp \n\t\t\n\t\t\tmonthly \n\t\t \n\t\t\n\t\t\tenabled \n\t\t \n\t\tEtc/UTC \n\t \n\t\n\t\t\n\t\t\tvmx0 \n\t\t\twan \n\t\t\t192.168.240.137 \n\t\t\t32 \n\t\t\tSavedCfg \n\t\t\t24 \n\t\t\t \n\t\t\n\t\t\tvmx1 \n\t\t\tlan \n\t\t\t192.168.1.242 \n\t\t\t24 \n\t\t\t \n\t\t\n\t\t\tvmx2 \n\t\t\tvpn \n\t\t\t10.0.0.1 \n\t\t\t24 \n\t\t \n\t\t\n\t\t\tvmx3 \n\t\t\tvt1 \n\t\t\t \n\t\t\n\t\t\tlan_100 \n\t\t\tvmx1.1100 \n\t\t\t172.16.151.210 \n\t\t\t24 \n\t\t \n\t \n\t\n\t\t\n\t\t\t\n\t\t\t\t192.168.1.100 \n\t\t\t\t192.168.1.199 \n\t\t\t \n\t\t \n\t \n\t\n\t\t\n\t\t\t\n\t\t\t\t::1000 \n\t\t\t\t::2000 \n\t\t\t \n\t\t\tassist \n\t\t\tmedium \n\t\t \n\t \n\t\n\t\tpublic \n\t \n\t\n\t\t\n\t\t\t \n\t \n\t\n\t\t1 \n\t\t50 \n\t\tipv4 \n\t \n\t\n\t\t\n\t\t\tadvanced \n\t\t\t\n\t\t\t\t\n\t\t\t\t\tany \n\t\t\t\t \n\t\t\t\twan \n\t\t\t\t\n\t\t\t\t\t \n\t\t\t\t\n\t\t\t\t\t1544027052 \n\t\t\t\t\t \n\t\t\t\t\n\t\t\t\t\t1544027052 \n\t\t\t\t\t \n\t\t\t \n\t\t \n\t\t\n\t\t\t\n\t\t\t\t \n\t\t\t\n\t\t\t\twanip \n\t\t\t\t22022 \n\t\t\t \n\t\t\ttcp \n\t\t\t10.255.1.20 \n\t\t\t22 \n\t\t\twan \n\t\t\t\n\t\t\t\t1544085353 \n\t\t\t\t \n\t\t\t\n\t\t\t\t1544085353 \n\t\t\t\t \n\t\t \n\t \n\t\n\t\t\n\t\t\t\n\t\t\t\t\n\t\t\t\t\tfr1
\n\t\t\t\t\ttest_separator \n\t\t\t\t\tbg-info \n\t\t\t\t\tlan \n\t\t\t\t \n\t\t\t \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545574416 \n\t\t\t \n\t\t\ttcp \n\t\t\tantilock_out_1 \n\t\t\t\n\t\t\t\t1545574416 \n\t\t\t \n\t\t\t\n\t\t\t\tport_ssh \n\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\t \n\t\t\t1545574416 \n\t\t\twan \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545574416 \n\t\t\t \n\t\t\ttcp \n\t\t\tantilock_out_2 \n\t\t\t\n\t\t\t\t1545574416 \n\t\t\t \n\t\t\t\n\t\t\t\tport_http \n\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\t \n\t\t\t1545574416 \n\t\t\twan \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545574416 \n\t\t\t \n\t\t\ttcp \n\t\t\tantilock_out_3 \n\t\t\t\n\t\t\t\t1545574416 \n\t\t\t \n\t\t\t\n\t\t\t\t443 \n\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\t \n\t\t\t1545574416 \n\t\t\twan \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545574416 \n\t\t\t \n\t\t\ttcp \n\t\t\tantilock_out_1 \n\t\t\t\n\t\t\t\t1545574416 \n\t\t\t \n\t\t\t\n\t\t\t\tport_ssh \n\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\t \n\t\t\t1545574416 \n\t\t\tlan \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545574416 \n\t\t\t \n\t\t\ttcp \n\t\t\tantilock_out_2 \n\t\t\t\n\t\t\t\t1545574416 \n\t\t\t \n\t\t\t\n\t\t\t\tport_http \n\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\t \n\t\t\t1545574416 \n\t\t\tlan \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545574416 \n\t\t\t \n\t\t\ttcp \n\t\t\tantilock_out_3 \n\t\t\t\n\t\t\t\t1545574416 \n\t\t\t \n\t\t\t\n\t\t\t\t443 \n\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\t \n\t\t\t1545574416 \n\t\t\tlan \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\ticmp \n\t\t\tping_from_poc3_1 \n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\t\n\t\t\t\tsrv_admin \n\t\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\tlan_data_poc3 \n\t\t\t\t \n\t\t\t1545602758 \n\t\t\tlan \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\tudp \n\t\t\tads_to_ads_udp_1_1 \n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\t\n\t\t\t\tport_dns \n\t\t\t\tad_poc2 \n\t\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\tad_poc3 \n\t\t\t\t \n\t\t\t1545602758 \n\t\t\tlan \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\tudp \n\t\t\tads_to_ads_udp_1_2 \n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\t\n\t\t\t\tport_ldap \n\t\t\t\tad_poc2 \n\t\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\tad_poc3 \n\t\t\t\t \n\t\t\t1545602758 \n\t\t\tlan \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\tudp \n\t\t\tads_to_ads_udp_2_1 \n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\t\n\t\t\t\tport_dns \n\t\t\t\tad_poc1 \n\t\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\tad_poc3 \n\t\t\t\t \n\t\t\t1545602758 \n\t\t\tlan \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\tudp \n\t\t\tads_to_ads_udp_2_2 \n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\t\n\t\t\t\tport_ldap \n\t\t\t\tad_poc1 \n\t\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\tad_poc3 \n\t\t\t\t \n\t\t\t1545602758 \n\t\t\tlan \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\ttcp \n\t\t\tads_to_ads_tcp_1_1 \n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\t\n\t\t\t\tport_dns \n\t\t\t\tad_poc2 \n\t\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\tad_poc3 \n\t\t\t\t \n\t\t\t1545602758 \n\t\t\tlan \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\ttcp \n\t\t\tads_to_ads_tcp_1_2 \n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\t\n\t\t\t\tport_ldap \n\t\t\t\tad_poc2 \n\t\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\tad_poc3 \n\t\t\t\t \n\t\t\t1545602758 \n\t\t\tlan \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\ttcp \n\t\t\tads_to_ads_tcp_1_3 \n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\t\n\t\t\t\tport_ldap_ssl \n\t\t\t\tad_poc2 \n\t\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\tad_poc3 \n\t\t\t\t \n\t\t\t1545602758 \n\t\t\tlan \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\ttcp \n\t\t\tads_to_ads_tcp_2_1 \n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\t\n\t\t\t\tport_dns \n\t\t\t\tad_poc1 \n\t\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\tad_poc3 \n\t\t\t\t \n\t\t\t1545602758 \n\t\t\tlan \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\ttcp \n\t\t\tads_to_ads_tcp_2_2 \n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\t\n\t\t\t\tport_ldap \n\t\t\t\tad_poc1 \n\t\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\tad_poc3 \n\t\t\t\t \n\t\t\t1545602758 \n\t\t\tlan \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\ttcp \n\t\t\tads_to_ads_tcp_2_3 \n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\t\n\t\t\t\tport_ldap_ssl \n\t\t\t\tad_poc1 \n\t\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\tad_poc3 \n\t\t\t\t \n\t\t\t1545602758 \n\t\t\tlan \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545574416 \n\t\t\t \n\t\t\ttcp \n\t\t\tantilock_out_1 \n\t\t\t\n\t\t\t\t1545574416 \n\t\t\t \n\t\t\t\n\t\t\t\tport_ssh \n\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\t \n\t\t\t1545574416 \n\t\t\topt3 \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545574416 \n\t\t\t \n\t\t\ttcp \n\t\t\tantilock_out_2 \n\t\t\t\n\t\t\t\t1545574416 \n\t\t\t \n\t\t\t\n\t\t\t\tport_http \n\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\t \n\t\t\t1545574416 \n\t\t\topt3 \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545574416 \n\t\t\t \n\t\t\ttcp \n\t\t\tantilock_out_3 \n\t\t\t\n\t\t\t\t1545574416 \n\t\t\t \n\t\t\t\n\t\t\t\t443 \n\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\t \n\t\t\t1545574416 \n\t\t\topt3 \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\tudp \n\t\t\tvoid_conf_tftp_1 \n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\t\n\t\t\t\t69 \n\t\t\t\tlan_voip_poc2 \n\t\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\tipbx_poc3 \n\t\t\t\t \n\t\t\t1545602758 \n\t\t\topt3 \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\ticmp \n\t\t\tping_from_poc3_2 \n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\t\n\t\t\t\tsrv_admin \n\t\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\tlan_voip_poc3 \n\t\t\t\t \n\t\t\t1545602758 \n\t\t\topt3 \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\tudp \n\t\t\tvoid_conf_tftp_2 \n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\t\n\t\t\t\t69 \n\t\t\t\tlan_voip_poc1 \n\t\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\tipbx_poc3 \n\t\t\t\t \n\t\t\t1545602758 \n\t\t\topt3 \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545574416 \n\t\t\t \n\t\t\ttcp \n\t\t\tantilock_out_1 \n\t\t\t\n\t\t\t\t1545574416 \n\t\t\t \n\t\t\t\n\t\t\t\tport_ssh \n\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\t \n\t\t\t1545574416 \n\t\t\topt1 \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545574416 \n\t\t\t \n\t\t\ttcp \n\t\t\tantilock_out_2 \n\t\t\t\n\t\t\t\t1545574416 \n\t\t\t \n\t\t\t\n\t\t\t\tport_http \n\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\t \n\t\t\t1545574416 \n\t\t\topt1 \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545574416 \n\t\t\t \n\t\t\ttcp \n\t\t\tantilock_out_3 \n\t\t\t\n\t\t\t\t1545574416 \n\t\t\t \n\t\t\t\n\t\t\t\t443 \n\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\t \n\t\t\t1545574416 \n\t\t\topt1 \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\tudp \n\t\t\tvoid_conf_tftp_3 \n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\t\n\t\t\t\t69 \n\t\t\t\tlan_voip_poc3 \n\t\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\tipbx_poc2 \n\t\t\t\t \n\t\t\t1545602758 \n\t\t\topt1 \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\tudp \n\t\t\tads_to_ads_udp_3_1 \n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\t\n\t\t\t\tport_dns \n\t\t\t\tad_poc3 \n\t\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\tad_poc2 \n\t\t\t\t \n\t\t\t1545602758 \n\t\t\topt1 \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\tudp \n\t\t\tads_to_ads_udp_3_2 \n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\t\n\t\t\t\tport_ldap \n\t\t\t\tad_poc3 \n\t\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\tad_poc2 \n\t\t\t\t \n\t\t\t1545602758 \n\t\t\topt1 \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\tudp \n\t\t\tads_to_ads_udp_4_1 \n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\t\n\t\t\t\tport_dns \n\t\t\t\tad_poc3 \n\t\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\tad_poc1 \n\t\t\t\t \n\t\t\t1545602758 \n\t\t\topt1 \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\tudp \n\t\t\tads_to_ads_udp_4_2 \n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\t\n\t\t\t\tport_ldap \n\t\t\t\tad_poc3 \n\t\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\tad_poc1 \n\t\t\t\t \n\t\t\t1545602758 \n\t\t\topt1 \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\tudp \n\t\t\tvoid_conf_tftp_4 \n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\t\n\t\t\t\t69 \n\t\t\t\tlan_voip_poc3 \n\t\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\tipbx_poc1 \n\t\t\t\t \n\t\t\t1545602758 \n\t\t\topt1 \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\ttcp \n\t\t\tads_to_ads_tcp_4_1 \n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\t\n\t\t\t\tport_dns \n\t\t\t\tad_poc3 \n\t\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\tad_poc1 \n\t\t\t\t \n\t\t\t1545602758 \n\t\t\topt1 \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\ttcp \n\t\t\tads_to_ads_tcp_4_2 \n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\t\n\t\t\t\tport_ldap \n\t\t\t\tad_poc3 \n\t\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\tad_poc1 \n\t\t\t\t \n\t\t\t1545602758 \n\t\t\topt1 \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\ttcp \n\t\t\tads_to_ads_tcp_4_3 \n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\t\n\t\t\t\tport_ldap_ssl \n\t\t\t\tad_poc3 \n\t\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\tad_poc1 \n\t\t\t\t \n\t\t\t1545602758 \n\t\t\topt1 \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\tadmin_bypass \n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\t\n\t\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\tsrv_admin \n\t\t\t\t \n\t\t\t1545602758 \n\t\t\topt1 \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\ttcp \n\t\t\tads_to_ads_tcp_3_1 \n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\t\n\t\t\t\tport_dns \n\t\t\t\tad_poc3 \n\t\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\tad_poc2 \n\t\t\t\t \n\t\t\t1545602758 \n\t\t\topt1 \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\ttcp \n\t\t\tads_to_ads_tcp_3_2 \n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\t\n\t\t\t\tport_ldap \n\t\t\t\tad_poc3 \n\t\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\tad_poc2 \n\t\t\t\t \n\t\t\t1545602758 \n\t\t\topt1 \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\ttcp \n\t\t\tads_to_ads_tcp_3_3 \n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\t\n\t\t\t\tport_ldap_ssl \n\t\t\t\tad_poc3 \n\t\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\tad_poc2 \n\t\t\t\t \n\t\t\t1545602758 \n\t\t\topt1 \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t \n\t\n \n 1 \n ikev2 \n opt3 \n 1.2.4.8 \n inet \n myaddress \n peeraddress \n \n - \n
\n aes \n 128 \n \n sha256 \n 14 \n \n - \n
\n aes \n 256 \n \n sha256 \n 14 \n \n - \n
\n aes128gcm \n 128 \n \n sha256 \n 14 \n \n - \n
\n blowfish \n 256 \n \n aesxcbc \n 14 \n \n \n 28800 \n 1234 \n pre_shared_key \n test_tunnel \n on \n off \n 10 \n 5 \n \n \n 1 \n 5db7be207c845 \n tunnel \n 1 \n \n lan \n \n \n network \n 10.20.30.40 \n 24 \n \n esp \n \n aes \n 128 \n \n \n aes128gcm \n 128 \n \n hmac_sha256 \n 14 \n 3600 \n one_p2 \n \n \n 1 \n 5db7be3c0502e \n tunnel \n 2 \n \n lan \n \n \n network \n 10.20.30.50 \n 24 \n \n esp \n\t\t\t\t\t\t\n aes \n 128 \n \n \n aes128gcm \n 128 \n \n\t\t\t\t\t\t\n 3des \n \n hmac_sha256 \n 14 \n 3600 \n another_p2 \n \n\t\t\n 1 \n 5db7be3c0502f \n tunnel \n 3 \n \n\t\t\t\t\t\t\tnetwork \n\t\t\t\t\t\t\t1.2.3.4/24 \n\t\t\t\t\t\t\t24 \n \n \n network \n 10.20.30.50 \n 24 \n \n esp \n\t\t\t\t\t\t\n aes \n 128 \n \n \n aes128gcm \n 128 \n \n\t\t\t\t\t\t\n 3des \n \n hmac_sha256 \n 14 \n 3600 \n third_p2 \n \n\t\t\n 1 \n 5db7be207c846 \n tunnel \n 4 \n \n lan \n \n\t\t\t\t\t\t\n network \n 10.20.30.40 \n 24 \n \n\t\t\t\t\t\t\n network \n 1.2.3.4 \n 24 \n \n esp \n \n aes \n 128 \n \n \n aes128gcm \n 128 \n \n hmac_sha256 \n 14 \n 3600 \n nat_p2 \n \n \n 2 \n ikev2 \n opt3 \n 1.2.3.6 \n inet \n myaddress \n peeraddress \n \n - \n
\n aes \n 128 \n \n sha256 \n 14 \n \n - \n
\n aes \n 256 \n \n sha256 \n 14 \n \n - \n
\n aes128gcm \n 128 \n \n sha256 \n 14 \n \n - \n
\n blowfish \n 256 \n \n aesxcbc \n 14 \n \n \n 28800 \n 1234 \n 5c00e5f9029df \n 5db509cfed87d \n rsasig \n test_tunnel2 \n on \n off \n 10 \n 5 \n \n \n\t\n\t\t\n\t\t\tport \n\t\t\tport_ssh \n\t\t\t22 \n\t\t \n\t\t\n\t\t\tport \n\t\t\tport_http \n\t\t\t80 \n\t\t \n\t\t\n\t\t\thost \n\t\t\tsrv_admin \n\t\t\t192.168.1.165 \n\t\t \n\t\t\n\t\t\tport \n\t\t\tport_dns \n\t\t\t51 \n\t\t \n\t\t\n\t\t\tport \n\t\t\tport_ldap \n\t\t\t389 \n\t\t \n\t\t\n\t\t\tport \n\t\t\tport_ldap_ssl \n\t\t\t636 \n\t\t \n\t\n\t\t\tnetwork \n\t\t\tlan_voip_poc2 \n\t\t\t172.16.2.0/24 \n\t\t\t \n\t\t\n\t\t\tnetwork \n\t\t\tlan_voip_poc3 \n\t\t\t172.16.3.0/24 \n\t\t\t \n\t\t\n\t\t\tnetwork \n\t\t\tlan_voip_poc1 \n\t\t\t172.16.1.0/24 \n\t\t\t \n\t\t\n\t\t\thost \n\t\t\tad_poc3 \n\t\t\t192.168.3.3 \n\t\t\t \n\t\t\n\t\t\thost \n\t\t\tad_poc2 \n\t\t\t192.168.2.3 \n\t\t\t \n\t\t\n\t\t\thost \n\t\t\tad_poc1 \n\t\t\t192.168.1.3 \n\t\t\t \n\t\t\n\t\t\tnetwork \n\t\t\tlan_data_poc3 \n\t\t\t192.168.3.0/24 \n\t\t\t \n\t\t\n\t\t\thost \n\t\t\tipbx_poc3 \n\t\t\t172.16.3.3 \n\t\t\t \n\t\t\n\t\t\thost \n\t\t\tipbx_poc2 \n\t\t\t172.16.2.3 \n\t\t\t \n\t\t\n\t\t\thost \n\t\t\tipbx_poc1 \n\t\t\t172.16.1.3 \n\t\t\t \n\t\t\n\t\t\thttp://www.acme-corp.com \n\t\t\turltable \n\t\t\t10 \n\t\t\thttp://www.acme-corp.com \n\t\t\tacme_corp \n\t\t\t \n\t\t \n\t\n\t\t- \n\t\t\t
1,31 \n\t\t\t0-5 \n\t\t\t* \n\t\t\t* \n\t\t\t* \n\t\t\troot \n\t\t\t/usr/bin/nice -n20 adjkerntz -a \n\t\t \n\t\t- \n\t\t\t
1 \n\t\t\t3 \n\t\t\t1 \n\t\t\t* \n\t\t\t* \n\t\t\troot \n\t\t\t/usr/bin/nice -n20 /etc/rc.update_bogons.sh \n\t\t \n\t\t- \n\t\t\t
*/60 \n\t\t\t* \n\t\t\t* \n\t\t\t* \n\t\t\t* \n\t\t\troot \n\t\t\t/usr/bin/nice -n20 /usr/local/sbin/expiretable -v -t 3600 sshguard \n\t\t \n\t\t- \n\t\t\t
*/60 \n\t\t\t* \n\t\t\t* \n\t\t\t* \n\t\t\t* \n\t\t\troot \n\t\t\t/usr/bin/nice -n20 /usr/local/sbin/expiretable -v -t 3600 webConfiguratorlockout \n\t\t \n\t\t- \n\t\t\t
1 \n\t\t\t1 \n\t\t\t* \n\t\t\t* \n\t\t\t* \n\t\t\troot \n\t\t\t/usr/bin/nice -n20 /etc/rc.dyndns.update \n\t\t \n\t\t- \n\t\t\t
*/60 \n\t\t\t* \n\t\t\t* \n\t\t\t* \n\t\t\t* \n\t\t\troot \n\t\t\t/usr/bin/nice -n20 /usr/local/sbin/expiretable -v -t 3600 virusprot \n\t\t \n\t\t- \n\t\t\t
30 \n\t\t\t12 \n\t\t\t* \n\t\t\t* \n\t\t\t* \n\t\t\troot \n\t\t\t/usr/bin/nice -n20 /etc/rc.update_urltables \n\t\t \n\t\t- \n\t\t\t
1 \n\t\t\t0 \n\t\t\t* \n\t\t\t* \n\t\t\t* \n\t\t\troot \n\t\t\t/usr/bin/nice -n20 /etc/rc.update_pkg_metadata \n\t\t \n\t\t- \n\t\t\t
0 \n\t\t\t0 \n\t\t\t* \n\t\t\t* \n\t\t\t* \n\t\t\troot \n\t\t\t/usr/local/sbin/squid -k rotate -f /usr/local/etc/squid/squid.conf \n\t\t \n\t\t- \n\t\t\t
15 \n\t\t\t0 \n\t\t\t* \n\t\t\t* \n\t\t\t* \n\t\t\troot \n\t\t\t/usr/local/pkg/swapstate_check.php \n\t\t \n\t \n\t\n\t\t \n\t\n\t\t\n\t\t\tICMP \n\t\t\ticmp \n\t\t\tICMP \n\t\t\t \n\t\t\n\t\t\tTCP \n\t\t\ttcp \n\t\t\tGeneric TCP \n\t\t\t \n\t\t\n\t\t\tHTTP \n\t\t\thttp \n\t\t\tGeneric HTTP \n\t\t\t\n\t\t\t\t/ \n\t\t\t\t200\n\t\t\t \n\t\t \n\t\t\n\t\t\tHTTPS \n\t\t\thttps \n\t\t\tGeneric HTTPS \n\t\t\t\n\t\t\t\t/ \n\t\t\t\t200\n\t\t\t \n\t\t \n\t\t\n\t\t\tSMTP \n\t\t\tsend \n\t\t\tGeneric SMTP \n\t\t\t\n\t\t\t\t220 * \n\t\t\t \n\t\t \n\t \n\t\n\t\tsystem_information:col1:open:0,interfaces:col2:open:0 \n\t\t10 \n\t \n\t\n\t\t \n\t\n\t\t1545602758 \n\t\taggregated change \n\t\t \n \n\t\t5c00e5f9029df \n\t\twebConfigurator default (5c00e5f9029df) \n\t\tserver \n\t\tLS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUVlakNDQTJLZ0F3SUJBZ0lCQURBTkJna3Foa2lHOXcwQkFRc0ZBREJhTVRnd05nWURWUVFLRXk5d1psTmwKYm5ObElIZGxZa052Ym1acFozVnlZWFJ2Y2lCVFpXeG1MVk5wWjI1bFpDQkRaWEowYVdacFkyRjBaVEVlTUJ3RwpBMVVFQXhNVmNHWlRaVzV6WlMwMVl6QXdaVFZtT1RBeU9XUm1NQjRYRFRFNE1URXpNREEzTWpVME5Wb1hEVEkwCk1EVXlNakEzTWpVME5Wb3dXakU0TURZR0ExVUVDaE12Y0daVFpXNXpaU0IzWldKRGIyNW1hV2QxY21GMGIzSWcKVTJWc1ppMVRhV2R1WldRZ1EyVnlkR2xtYVdOaGRHVXhIakFjQmdOVkJBTVRGWEJtVTJWdWMyVXROV013TUdVMQpaamt3TWpsa1pqQ0NBU0l3RFFZSktvWklodmNOQVFFQkJRQURnZ0VQQURDQ0FRb0NnZ0VCQU9SRHNBV1hlMitrCmtuUFpBUGxBUG1QUUl6RVBDaXBQdXJ4dmE4c0psSCtiNitKRzl4bnpreXptaVR5SFc0M0tmZzVKNzhCdG1jTmQKWlgvZHlyckZ6dlNiQnZpa21lWk9MdGVaejVaaGFOdkxsbjBxRWZibEFwbWdkUS9Nck42eURoTWNZYWN6SEduTwpTaHdFRWZoMHhuOGo5VEFCMG9vT0JyU2dINnpkTjF2YVFIZzBJeDhIa0toUzY5eDRoV3g2WUUrRE9UQk00NUcwCkNVbitUVzNTSytQaU5QaFExT2tyRHlKL21ZLzdmVXpRZkg1bk5ZcEtNZUE2cVZxdUZTa1g0a0RVRlFwOHNoNG4KMXR5QmtJM2gvTFRpTW5uNjhBMXhKOFdrVW8yUWNxNmNuR0hqL0VGbkVKWWRraTVsYUtDWG5wS0Y0c2hrZHJaVgpRN21ybithUHg5OENBd0VBQWFPQ0FVa3dnZ0ZGTUFrR0ExVWRFd1FDTUFBd0VRWUpZSVpJQVliNFFnRUJCQVFECkFnWkFNQXNHQTFVZER3UUVBd0lGb0RBekJnbGdoa2dCaHZoQ0FRMEVKaFlrVDNCbGJsTlRUQ0JIWlc1bGNtRjAKWldRZ1UyVnlkbVZ5SUVObGNuUnBabWxqWVhSbE1CMEdBMVVkRGdRV0JCU3Qra3hud054UlFGT2pXVTljekRwegp4elRYd2pDQmdnWURWUjBqQkhzd2VZQVVyZnBNWjhEY1VVQlRvMWxQWE13NmM4YzAxOEtoWHFSY01Gb3hPREEyCkJnTlZCQW9UTDNCbVUyVnVjMlVnZDJWaVEyOXVabWxuZFhKaGRHOXlJRk5sYkdZdFUybG5ibVZrSUVObGNuUnAKWm1sallYUmxNUjR3SEFZRFZRUURFeFZ3WmxObGJuTmxMVFZqTURCbE5XWTVNREk1WkdhQ0FRQXdIUVlEVlIwbApCQll3RkFZSUt3WUJCUVVIQXdFR0NDc0dBUVVGQ0FJQ01DQUdBMVVkRVFRWk1CZUNGWEJtVTJWdWMyVXROV013Ck1HVTFaamt3TWpsa1pqQU5CZ2txaGtpRzl3MEJBUXNGQUFPQ0FRRUEzZHhIRWR5SkpWeC9od0t3WGlwcXYrY04KWFpSQ3Q1NUFHbnNGeXZIcG5Rb3pxYzV1ZFdKSTFUcGF1TGNaZjF6OFM1cXQyUDd3V1BndFhnZ3BIWmgydUlqagpha2ZpV0JIQnorS3Q2Qjl5K2hmVTVPRHUwSXMrcHJyWngyM0ZNNjVCOFNiMGlmUlMvZXFTTFpHTHcvLzdhRVJ2CnVpOUhKOXRuemhRYklMb1VwUUQ5MTRLNERldXdJYXZ4dldMTElwMGsreWNoSTczV2NGR1VZVlJpanFNekhlcUcKY2RLRDVtbXZQTk1OYXdESVhuU3pldVpQMTkvVmhuc0J0Y3hiYzNMQ2RSR1VJS0ZNN2syK0xoaEZrdks1NjhlNQozalpNZjNSVWhQaTlFeEF2Vmw3blVyd1l4UU45TXhHMUJzZmNrYldNd1dUL3lFMHFnRHcrT2M4b21SSW9tZz09Ci0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K \n\t\tLS0tLS1CRUdJTiBQUklWQVRFIEtFWS0tLS0tCk1JSUV2UUlCQURBTkJna3Foa2lHOXcwQkFRRUZBQVNDQktjd2dnU2pBZ0VBQW9JQkFRRGtRN0FGbDN0dnBKSnoKMlFENVFENWowQ014RHdvcVQ3cThiMnZMQ1pSL20rdmlSdmNaODVNczVvazhoMXVOeW40T1NlL0FiWm5EWFdWLwozY3E2eGM3MG13YjRwSm5tVGk3WG1jK1dZV2pieTVaOUtoSDI1UUtab0hVUHpLemVzZzRUSEdHbk14eHB6a29jCkJCSDRkTVovSS9Vd0FkS0tEZ2Ewb0IrczNUZGIya0I0TkNNZkI1Q29VdXZjZUlWc2VtQlBnemt3VE9PUnRBbEoKL2sxdDBpdmo0alQ0VU5UcEt3OGlmNW1QKzMxTTBIeCtaeldLU2pIZ09xbGFyaFVwRitKQTFCVUtmTEllSjliYwpnWkNONGZ5MDRqSjUrdkFOY1NmRnBGS05rSEt1bkp4aDQveEJaeENXSFpJdVpXaWdsNTZTaGVMSVpIYTJWVU81CnE1L21qOGZmQWdNQkFBRUNnZ0VCQUpmblI1TmhESjd1T1J2cEZKSEtvL3BPZjZ6ZElsbW45MUFCSWczYkVUeWUKcWFwS3FaUldtT0d2aFRLSHJYQzlpWWUrd2xNZlhNMDdNUm1Yb3BzS21rQURqdThXc3VnbHJWeURHamNzR2RqegpNZkdYZHA4RUplZlFkVGFQY1pjOWpNcEEvK2VCeHUzT2Yxa0hpR0g4YkVBZDBNUWk0bFpISVVWQXJmT2V2NEZhCmlaTEJGdTEzY0pCMEJNbzJUZU9JZDQ1R0p3OXVTQWd3Q1VuZWQ5WG42SlkremI3cVRKUE1qQkdlYWY0L0E5UnMKV29nWW85ZUtYaTF3YmFRcGthdUZINWx2U29jckRsQWRiaERiam00c0lIdzJtQUwwSUk0d1YzVTJLbUhFMEg3Nwp2b1M0dUdHNW1BZFZ0elRDTnZOa09YMC9WVWdNMTJ1eHllZVZ4c3FaTkxFQ2dZRUEvcFhJR2hDNlhkVkNNNDk1CkVsR1RENW4zUXdUOTZXZkNRQ0w2cXlaK1UwUHNla0dDV2pXTWt3R2tHbWl1ZkVKdFN2VFl2d1NzcUZpaTZsdlkKNXRKSkR3dEd4ZW0weEF0SWc3RlNuUVcvdDNWcExXOE9QVmFXQ0lOSXJKSHc3L2tOZ2RpVmNBWXpiN05DUGtjVgptTEs5aSt6bXpKMmkrbE9vaFVKRlE5aVZEQWNDZ1lFQTVZaDFHYWlGMUl6UzRVdE9pZklLcjZ3bW40MEQ3ZEVmClF5SXF5d3JSTVcya1BxVkViaVBCVkM3dUxUeUlKMWdwVDhPakl3WFlrOUlRdW01ZW42TTc2aXlxYmUrY3JhdE8KbEliK3pLL2RBNzZuUjBHOGJ2eVBmMS9FbU5vL0J1ZUZldWQyaWNacWhMd25HUkxUL0FPQktkMTZ4ZGtoSjdkVwo5WWRsbmliL0gya0NnWUJqaC8rQllVVGJab0xKVWJCTjN5S1ZtT1k0aDMwVmdZRktQZUt1Z3hBa1VZdmtpRFFFClBLZEcyZjlrYThTN3crU2l4M0x0eTFBTlNRbjRnZ3djd2QzYVNkaFRpL2ttSkJzbmtXM3hBY3hnVjBEVmlIT1MKdTRWUXNyTDQ5TjJ6bERVWnJLbFA4THl2VU8vM0ZTZDJXWHNOZDRNTVFCejFyVHRYVGY5eWRQeGdoUUtCZ0FzRgptWEhvK0x3ekl2RTBsNG5pT0ljbEFobkpRTFlMdzYrS2xYbDRoSUVXSGJ2d1hhL1lRYkZVSzVXNmdXTTZSWW1TCkFHUnZKRzQ4dVJicXM5cUFrU0Qya2h5RFZBZTI0U2dhcjJPTzBsTWF0WmVqWFhRSzVxMGNJU21oMlVMd25TVkEKdGgxNWpLWGhEeE9TSnVIRUhWQ3dWUFBwTUVGaStXY0M0R3RPdmhONUFvR0FKbXdFSkR2QkZtL0t0SXlZMDhuQgpJSExkc1dSWmRXOXpNbHBsMVk2OTV1b21qS1hVMEwva3VDZ1QwRFVVVG1VK0Q3aGFZL2FQajB6MWpqR0JGcEQ0ClJ3cVA2dVJQTVhRMExLSG5IbmFQclJzanM2Q2xicVQ4ZU93dTRkeVpmYUtTS3VvbVpDZ1pkV2ZxWThVL21tbWIKT21vckhNeWJzWG0wWnJNaTZOemlzam89Ci0tLS0tRU5EIFBSSVZBVEUgS0VZLS0tLS0K \n\t \n \n\t\t5c00e5f9029de \n\t\twebConfigurator default copy \n\t\tserver \n\t\tLS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUVlakNDQTJLZ0F3SUJBZ0lCQURBTkJna3Foa2lHOXcwQkFRc0ZBREJhTVRnd05nWURWUVFLRXk5d1psTmwKYm5ObElIZGxZa052Ym1acFozVnlZWFJ2Y2lCVFpXeG1MVk5wWjI1bFpDQkRaWEowYVdacFkyRjBaVEVlTUJ3RwpBMVVFQXhNVmNHWlRaVzV6WlMwMVl6QXdaVFZtT1RBeU9XUm1NQjRYRFRFNE1URXpNREEzTWpVME5Wb1hEVEkwCk1EVXlNakEzTWpVME5Wb3dXakU0TURZR0ExVUVDaE12Y0daVFpXNXpaU0IzWldKRGIyNW1hV2QxY21GMGIzSWcKVTJWc1ppMVRhV2R1WldRZ1EyVnlkR2xtYVdOaGRHVXhIakFjQmdOVkJBTVRGWEJtVTJWdWMyVXROV013TUdVMQpaamt3TWpsa1pqQ0NBU0l3RFFZSktvWklodmNOQVFFQkJRQURnZ0VQQURDQ0FRb0NnZ0VCQU9SRHNBV1hlMitrCmtuUFpBUGxBUG1QUUl6RVBDaXBQdXJ4dmE4c0psSCtiNitKRzl4bnpreXptaVR5SFc0M0tmZzVKNzhCdG1jTmQKWlgvZHlyckZ6dlNiQnZpa21lWk9MdGVaejVaaGFOdkxsbjBxRWZibEFwbWdkUS9Nck42eURoTWNZYWN6SEduTwpTaHdFRWZoMHhuOGo5VEFCMG9vT0JyU2dINnpkTjF2YVFIZzBJeDhIa0toUzY5eDRoV3g2WUUrRE9UQk00NUcwCkNVbitUVzNTSytQaU5QaFExT2tyRHlKL21ZLzdmVXpRZkg1bk5ZcEtNZUE2cVZxdUZTa1g0a0RVRlFwOHNoNG4KMXR5QmtJM2gvTFRpTW5uNjhBMXhKOFdrVW8yUWNxNmNuR0hqL0VGbkVKWWRraTVsYUtDWG5wS0Y0c2hrZHJaVgpRN21ybithUHg5OENBd0VBQWFPQ0FVa3dnZ0ZGTUFrR0ExVWRFd1FDTUFBd0VRWUpZSVpJQVliNFFnRUJCQVFECkFnWkFNQXNHQTFVZER3UUVBd0lGb0RBekJnbGdoa2dCaHZoQ0FRMEVKaFlrVDNCbGJsTlRUQ0JIWlc1bGNtRjAKWldRZ1UyVnlkbVZ5SUVObGNuUnBabWxqWVhSbE1CMEdBMVVkRGdRV0JCU3Qra3hud054UlFGT2pXVTljekRwegp4elRYd2pDQmdnWURWUjBqQkhzd2VZQVVyZnBNWjhEY1VVQlRvMWxQWE13NmM4YzAxOEtoWHFSY01Gb3hPREEyCkJnTlZCQW9UTDNCbVUyVnVjMlVnZDJWaVEyOXVabWxuZFhKaGRHOXlJRk5sYkdZdFUybG5ibVZrSUVObGNuUnAKWm1sallYUmxNUjR3SEFZRFZRUURFeFZ3WmxObGJuTmxMVFZqTURCbE5XWTVNREk1WkdhQ0FRQXdIUVlEVlIwbApCQll3RkFZSUt3WUJCUVVIQXdFR0NDc0dBUVVGQ0FJQ01DQUdBMVVkRVFRWk1CZUNGWEJtVTJWdWMyVXROV013Ck1HVTFaamt3TWpsa1pqQU5CZ2txaGtpRzl3MEJBUXNGQUFPQ0FRRUEzZHhIRWR5SkpWeC9od0t3WGlwcXYrY04KWFpSQ3Q1NUFHbnNGeXZIcG5Rb3pxYzV1ZFdKSTFUcGF1TGNaZjF6OFM1cXQyUDd3V1BndFhnZ3BIWmgydUlqagpha2ZpV0JIQnorS3Q2Qjl5K2hmVTVPRHUwSXMrcHJyWngyM0ZNNjVCOFNiMGlmUlMvZXFTTFpHTHcvLzdhRVJ2CnVpOUhKOXRuemhRYklMb1VwUUQ5MTRLNERldXdJYXZ4dldMTElwMGsreWNoSTczV2NGR1VZVlJpanFNekhlcUcKY2RLRDVtbXZQTk1OYXdESVhuU3pldVpQMTkvVmhuc0J0Y3hiYzNMQ2RSR1VJS0ZNN2syK0xoaEZrdks1NjhlNQozalpNZjNSVWhQaTlFeEF2Vmw3blVyd1l4UU45TXhHMUJzZmNrYldNd1dUL3lFMHFnRHcrT2M4b21SSW9tZz09Ci0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K \n\t\tLS0tLS1CRUdJTiBQUklWQVRFIEtFWS0tLS0tCk1JSUV2UUlCQURBTkJna3Foa2lHOXcwQkFRRUZBQVNDQktjd2dnU2pBZ0VBQW9JQkFRRGtRN0FGbDN0dnBKSnoKMlFENVFENWowQ014RHdvcVQ3cThiMnZMQ1pSL20rdmlSdmNaODVNczVvazhoMXVOeW40T1NlL0FiWm5EWFdWLwozY3E2eGM3MG13YjRwSm5tVGk3WG1jK1dZV2pieTVaOUtoSDI1UUtab0hVUHpLemVzZzRUSEdHbk14eHB6a29jCkJCSDRkTVovSS9Vd0FkS0tEZ2Ewb0IrczNUZGIya0I0TkNNZkI1Q29VdXZjZUlWc2VtQlBnemt3VE9PUnRBbEoKL2sxdDBpdmo0alQ0VU5UcEt3OGlmNW1QKzMxTTBIeCtaeldLU2pIZ09xbGFyaFVwRitKQTFCVUtmTEllSjliYwpnWkNONGZ5MDRqSjUrdkFOY1NmRnBGS05rSEt1bkp4aDQveEJaeENXSFpJdVpXaWdsNTZTaGVMSVpIYTJWVU81CnE1L21qOGZmQWdNQkFBRUNnZ0VCQUpmblI1TmhESjd1T1J2cEZKSEtvL3BPZjZ6ZElsbW45MUFCSWczYkVUeWUKcWFwS3FaUldtT0d2aFRLSHJYQzlpWWUrd2xNZlhNMDdNUm1Yb3BzS21rQURqdThXc3VnbHJWeURHamNzR2RqegpNZkdYZHA4RUplZlFkVGFQY1pjOWpNcEEvK2VCeHUzT2Yxa0hpR0g4YkVBZDBNUWk0bFpISVVWQXJmT2V2NEZhCmlaTEJGdTEzY0pCMEJNbzJUZU9JZDQ1R0p3OXVTQWd3Q1VuZWQ5WG42SlkremI3cVRKUE1qQkdlYWY0L0E5UnMKV29nWW85ZUtYaTF3YmFRcGthdUZINWx2U29jckRsQWRiaERiam00c0lIdzJtQUwwSUk0d1YzVTJLbUhFMEg3Nwp2b1M0dUdHNW1BZFZ0elRDTnZOa09YMC9WVWdNMTJ1eHllZVZ4c3FaTkxFQ2dZRUEvcFhJR2hDNlhkVkNNNDk1CkVsR1RENW4zUXdUOTZXZkNRQ0w2cXlaK1UwUHNla0dDV2pXTWt3R2tHbWl1ZkVKdFN2VFl2d1NzcUZpaTZsdlkKNXRKSkR3dEd4ZW0weEF0SWc3RlNuUVcvdDNWcExXOE9QVmFXQ0lOSXJKSHc3L2tOZ2RpVmNBWXpiN05DUGtjVgptTEs5aSt6bXpKMmkrbE9vaFVKRlE5aVZEQWNDZ1lFQTVZaDFHYWlGMUl6UzRVdE9pZklLcjZ3bW40MEQ3ZEVmClF5SXF5d3JSTVcya1BxVkViaVBCVkM3dUxUeUlKMWdwVDhPakl3WFlrOUlRdW01ZW42TTc2aXlxYmUrY3JhdE8KbEliK3pLL2RBNzZuUjBHOGJ2eVBmMS9FbU5vL0J1ZUZldWQyaWNacWhMd25HUkxUL0FPQktkMTZ4ZGtoSjdkVwo5WWRsbmliL0gya0NnWUJqaC8rQllVVGJab0xKVWJCTjN5S1ZtT1k0aDMwVmdZRktQZUt1Z3hBa1VZdmtpRFFFClBLZEcyZjlrYThTN3crU2l4M0x0eTFBTlNRbjRnZ3djd2QzYVNkaFRpL2ttSkJzbmtXM3hBY3hnVjBEVmlIT1MKdTRWUXNyTDQ5TjJ6bERVWnJLbFA4THl2VU8vM0ZTZDJXWHNOZDRNTVFCejFyVHRYVGY5eWRQeGdoUUtCZ0FzRgptWEhvK0x3ekl2RTBsNG5pT0ljbEFobkpRTFlMdzYrS2xYbDRoSUVXSGJ2d1hhL1lRYkZVSzVXNmdXTTZSWW1TCkFHUnZKRzQ4dVJicXM5cUFrU0Qya2h5RFZBZTI0U2dhcjJPTzBsTWF0WmVqWFhRSzVxMGNJU21oMlVMd25TVkEKdGgxNWpLWGhEeE9TSnVIRUhWQ3dWUFBwTUVGaStXY0M0R3RPdmhONUFvR0FKbXdFSkR2QkZtL0t0SXlZMDhuQgpJSExkc1dSWmRXOXpNbHBsMVk2OTV1b21qS1hVMEwva3VDZ1QwRFVVVG1VK0Q3aGFZL2FQajB6MWpqR0JGcEQ0ClJ3cVA2dVJQTVhRMExLSG5IbmFQclJzanM2Q2xicVQ4ZU93dTRkeVpmYUtTS3VvbVpDZ1pkV2ZxWThVL21tbWIKT21vckhNeWJzWG0wWnJNaTZOemlzam89Ci0tLS0tRU5EIFBSSVZBVEUgS0VZLS0tLS0K \n\t \n \n 5db509cfed87d \n LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUQyVENDQXNHZ0F3SUJBZ0lCQURBTkJna3Foa2lHOXcwQkFRc0ZBREJTTVJRd0VnWURWUVFERXd0cGJuUmwKY201aGJDMWpZVEVOTUFzR0ExVUVDQk1FZEdWemRERU5NQXNHQTFVRUJ4TUVkR1Z6ZERFTk1Bc0dBMVVFQ2hNRQpkR1Z6\nZERFTk1Bc0dBMVVFQ3hNRWRHVnpkREFlRncweE9URXdNamN3TXpBMk5UWmFGdzB5T1RFd01qUXdNekEyCk5UWmFNRkl4RkRBU0JnTlZCQU1UQzJsdWRHVnlibUZzTFdOaE1RMHdDd1lEVlFRSUV3UjBaWE4wTVEwd0N3WUQKVlFRSEV3UjBaWE4wTVEwd0N3WURWUVFLRXdSMFpYTjBNUTB3Q3dZRFZRUUxFd1IwWlhOM\nE1JSUJJakFOQmdrcQpoa2lHOXcwQkFRRUZBQU9DQVE4QU1JSUJDZ0tDQVFFQXdpbHJ0bjJMaVpSc0g3Tit4MjZKK3BOcEhFL0FncWoyCkNYeG5wQUZKdWVCSlhaSVdPZWtEOEVteHRZUkQ2Wi9jMEEya0ZsTXk3VmwwTVZpL3Q3QUx1NEJVUWI3ZVNKQXgKaWd0VXMwTHJRbHhNSDh5S3VqcEg1RWtlZHZoYmtRcW0zNG\n02T21oR2RwUDBsT3BxWUFJN3pwYzlwODl2M1FPcwptUHBibkNDNE9kRUR6WDNFWWZ5YVZNWXZCa3FTVTZPczZ4VXRRL3JCV2F2T3lzQXlGSzBJSmFYRHI3QjVzZVV3CkdZOG5laHVJTmpicjlXbkFXN0ozcHZ0ZHhRbS9JUENHRGJXYnBtQVpEalRkQ1p3ZTU0MTlnejBZNlJVUDV6bGgKZFNKY1F6cDZjalR4aytiM1Y\nwd3Z5VlRDKzlmMC9wbDRMS3FIZE9ycWt4dHNEaUFzNUZjenlRSURBUUFCbzRHNQpNSUcyTUIwR0ExVWREZ1FXQkJUUnNyckN4cVUvMWxvTTBnS1RFNmlaMmxJNnV6QjZCZ05WSFNNRWN6QnhnQlRSCnNyckN4cVUvMWxvTTBnS1RFNmlaMmxJNnU2RldwRlF3VWpFVU1CSUdBMVVFQXhNTGFXNTBaWEp1WVd3dFkyRXgK\nRFRBTEJnTlZCQWdUQkhSbGMzUXhEVEFMQmdOVkJBY1RCSFJsYzNReERUQUxCZ05WQkFvVEJIUmxjM1F4RFRBTApCZ05WQkFzVEJIUmxjM1NDQVFBd0RBWURWUjBUQkFVd0F3RUIvekFMQmdOVkhROEVCQU1DQVFZd0RRWUpLb1pJCmh2Y05BUUVMQlFBRGdnRUJBQWd4MThXZk1ZVEcvdkw5d045clZmRmJNRnE3N2g0W\nGhBYkJPK1ZGR1liMlBRRXQKcFdwWW9sUjl0aUwvSzhXMGFCcEt6SkRtam1zKzVkNEtlYkxFdnNzdGttSi8vSlFVODdmVU1MVGp3WTBremdHUgpSMkNaUlJJcEc1cEJ6M0ZWeGU4a211YVppWDNvbGlHM2FzV1ByYmpQUUdzU21aRTZ0Y3h1Unh2cW4zOVVoSzRyCnJ4VDZqKzdxRGVWbmFzcThkYWdqT3ZKVjh1MTk4eG\nVyQmZwaFkzdDJwMEJjTDF4NmhrWWwvNnI2VGxTVmEwT1EKVUJXWHNDR1NGK1QrY2Z0VE43OEhOYTJFZlNRelMwRkVRTTJrY1VzMGV4cE9YZlo4UU1BdU5lVEpvc013NVh3ego0bERDUFEwZ09yWUxvdWJVWDlwK0NBSi9qeUNxc3FwRW53bmRiUEE9Ci0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K \n LS0tLS1CRUdJTiBQUklWQVRFIEtFWS0tLS0tCk1JSUV2UUlCQURBTkJna3Foa2lHOXcwQkFRRUZBQVNDQktjd2dnU2pBZ0VBQW9JQkFRRENLV3UyZll1SmxHd2YKczM3SGJvbjZrMmtjVDhDQ3FQWUpmR2VrQVVtNTRFbGRraFk1NlFQd1NiRzFoRVBwbjl6UURhUVdVekx0V1hReApXTCsz\nc0F1N2dGUkJ2dDVJa0RHS0MxU3pRdXRDWEV3ZnpJcTZPa2ZrU1I1MitGdVJDcWJmaWJvNmFFWjJrL1NVCjZtcGdBanZPbHoybnoyL2RBNnlZK2x1Y0lMZzUwUVBOZmNSaC9KcFV4aThHU3BKVG82enJGUzFEK3NGWnE4N0sKd0RJVXJRZ2xwY092c0hteDVUQVpqeWQ2RzRnMk51djFhY0Jic25lbSsxM0ZDYjhnOElZT\nnRadW1ZQmtPTk4wSgpuQjdualgyRFBSanBGUS9uT1dGMUlseERPbnB5TlBHVDV2ZFhUQy9KVk1MNzEvVCttWGdzcW9kMDZ1cVRHMndPCklDemtWelBKQWdNQkFBRUNnZ0VBT3oyZ0c4SWFmUlBJR2JRT2pwTHZqb0REcFZ2QUJSM0FWQXlkSXJFeDZZREIKWWNkYytMWmIrVWpDNi9zN0xXRVZZbldIQnpqRFpSL1NEK3\nhnTW8rSVJPRlcwK2lFc2VjczlrMld2a3RBdExLcwpsMWMxVExUVGtwZXNyK2YvS0RYenpHaWRaWXpEVXhLNW9XWVVwczZIcVBVRVh0c3Y2bU5nbWh4cEx5M2NoK2J4CjlWZ0daMm40NWhTU2NnQnNWay8rM0tEc3l5KzhlUHBrUGN4SS9nV3hCZkx1bWhMeGZSeTM5cy9yZUxla1hvdkkKNXp1Q0FYMEVRWithSHdhU2F\nyOEMwRkRzZ01xZFdyR2xpcVVmMWhCZlpYNm5pWkhITWw1MkRKNExUN0liR1p1LwpDNFhTSXVxdXBGMkVyZmxabkQ1WnByV1BYdEJVU3R2TDNBQUg2Vkl4d1FLQmdRRG9HcFVRZXZJUXZkRG1peldqCjgyZmE5bGxEazd6bzdKMVYreS92bWYrdTFrVUh4YUl5M2prbXVtTHpQMDIwTUJEVmtkSnh1TEVwQkVSVEdlSVcK\nTjJYYjRGZStRNkhQdDdlU3ZETC9EZGpHNjd5YW9EZEp3V1o3RkNjQ2hNTjVMYTREKzkzQk5meW5LUUFLQnRwYwpYZXQwVUVuanNHaUZNTEVCSU4yRnBwbklMUUtCZ1FEV0p0TFcxY2RMWGxvYi8xSXpLdDVMa29QNUdlN0grblpwCndLZVRhYjVQeWlFZnRjMHhyU0kzVURpRU5rSDFpZWtuZ1g0WWk4U200MlUyQW8vY\nXEvZjZpT0g2Q3A4c3BMTkQKU0dpNzh4cUFJYVFTT21oK0pPNlphL0NMemlzVFdUc1R6bHZsRGd1T3lLR2dmQ2pmeWh2OWpHV3Uwd0YxeURoego4VUdVT1pDZmpRS0JnQng4SHEwdUdZVWFkb2ZFcittV0ZyblZuL0RlTWNINFAvcnNYOTZzN0tjZFhzMXNZTktUCldUbzZoNmhJclpXZWpJSlphaFZRMEZVelU5dExBdW\nN0RjFBYndVajFiZWRiS2FsVmRZQzl4MHZxWkhRcGszOTIKdjhmOUdpaUIrS2RuaHNLd1oyK3QyM3I4V2lmZzNXMldqUzN5S0k5TCtCZlllUENsZ3VwREh2NWxBb0dCQU1EZQpsbVVHaEVkTTRycjBhSVBNeUFnb0hOUHNsekZrVWVGTXNhQUNUSFJ3QndVWUo0WGwrRHI0OU8yZU1DbUQyNGpKCkIxZjBDVmlFMUZLZ1h\nBOEZjb0VoWnVSYlRLQllkVnJUakFBNklsUGorSEN5U2duU0dWSHo5T0QwL2JhZlZxV3YKNVBPV2dySkYzOHM2QjFZR0lNOXA4dXBRLzYra2M3TjRSU2ZKOEliQkFvR0FFMmRMdG1aazZMOHFpZ2tKT0Y4TQpjN1Z4K2FHaXBiMXNWVURhcmRxdy9WWmdZOW9LUE8zOFNRT2JnWjNHQVc3UXpEUDdRYU14c2hvUk15ZmZS\nemFSCndVNi9BdTJFQU1vNHhZU2hYR1Z0M0gzUDE1TjlUTXN5UEltRXRTMmpEeER0d1lOSTBJUjhESGJQaEZUTG1lN2MKUE40T3BrYjUvd1B2QXoxVUExVWI1c2c9Ci0tLS0tRU5EIFBSSVZBVEUgS0VZLS0tLS0K \n 0 \n \n \n 5db509cfed87e \n LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUQyVENDQXNHZ0F3SUJBZ0lCQURBTkJna3Foa2lHOXcwQkFRc0ZBREJTTVJRd0VnWURWUVFERXd0cGJuUmwKY201aGJDMWpZVEVOTUFzR0ExVUVDQk1FZEdWemRERU5NQXNHQTFVRUJ4TUVkR1Z6ZERFTk1Bc0dBMVVFQ2hNRQpkR1Z6\nZERFTk1Bc0dBMVVFQ3hNRWRHVnpkREFlRncweE9URXdNamN3TXpBMk5UWmFGdzB5T1RFd01qUXdNekEyCk5UWmFNRkl4RkRBU0JnTlZCQU1UQzJsdWRHVnlibUZzTFdOaE1RMHdDd1lEVlFRSUV3UjBaWE4wTVEwd0N3WUQKVlFRSEV3UjBaWE4wTVEwd0N3WURWUVFLRXdSMFpYTjBNUTB3Q3dZRFZRUUxFd1IwWlhOM\nE1JSUJJakFOQmdrcQpoa2lHOXcwQkFRRUZBQU9DQVE4QU1JSUJDZ0tDQVFFQXdpbHJ0bjJMaVpSc0g3Tit4MjZKK3BOcEhFL0FncWoyCkNYeG5wQUZKdWVCSlhaSVdPZWtEOEVteHRZUkQ2Wi9jMEEya0ZsTXk3VmwwTVZpL3Q3QUx1NEJVUWI3ZVNKQXgKaWd0VXMwTHJRbHhNSDh5S3VqcEg1RWtlZHZoYmtRcW0zNG\n02T21oR2RwUDBsT3BxWUFJN3pwYzlwODl2M1FPcwptUHBibkNDNE9kRUR6WDNFWWZ5YVZNWXZCa3FTVTZPczZ4VXRRL3JCV2F2T3lzQXlGSzBJSmFYRHI3QjVzZVV3CkdZOG5laHVJTmpicjlXbkFXN0ozcHZ0ZHhRbS9JUENHRGJXYnBtQVpEalRkQ1p3ZTU0MTlnejBZNlJVUDV6bGgKZFNKY1F6cDZjalR4aytiM1Y\nwd3Z5VlRDKzlmMC9wbDRMS3FIZE9ycWt4dHNEaUFzNUZjenlRSURBUUFCbzRHNQpNSUcyTUIwR0ExVWREZ1FXQkJUUnNyckN4cVUvMWxvTTBnS1RFNmlaMmxJNnV6QjZCZ05WSFNNRWN6QnhnQlRSCnNyckN4cVUvMWxvTTBnS1RFNmlaMmxJNnU2RldwRlF3VWpFVU1CSUdBMVVFQXhNTGFXNTBaWEp1WVd3dFkyRXgK\nRFRBTEJnTlZCQWdUQkhSbGMzUXhEVEFMQmdOVkJBY1RCSFJsYzNReERUQUxCZ05WQkFvVEJIUmxjM1F4RFRBTApCZ05WQkFzVEJIUmxjM1NDQVFBd0RBWURWUjBUQkFVd0F3RUIvekFMQmdOVkhROEVCQU1DQVFZd0RRWUpLb1pJCmh2Y05BUUVMQlFBRGdnRUJBQWd4MThXZk1ZVEcvdkw5d045clZmRmJNRnE3N2g0W\nGhBYkJPK1ZGR1liMlBRRXQKcFdwWW9sUjl0aUwvSzhXMGFCcEt6SkRtam1zKzVkNEtlYkxFdnNzdGttSi8vSlFVODdmVU1MVGp3WTBremdHUgpSMkNaUlJJcEc1cEJ6M0ZWeGU4a211YVppWDNvbGlHM2FzV1ByYmpQUUdzU21aRTZ0Y3h1Unh2cW4zOVVoSzRyCnJ4VDZqKzdxRGVWbmFzcThkYWdqT3ZKVjh1MTk4eG\nVyQmZwaFkzdDJwMEJjTDF4NmhrWWwvNnI2VGxTVmEwT1EKVUJXWHNDR1NGK1QrY2Z0VE43OEhOYTJFZlNRelMwRkVRTTJrY1VzMGV4cE9YZlo4UU1BdU5lVEpvc013NVh3ego0bERDUFEwZ09yWUxvdWJVWDlwK0NBSi9qeUNxc3FwRW53bmRiUEE9Ci0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K \n LS0tLS1CRUdJTiBQUklWQVRFIEtFWS0tLS0tCk1JSUV2UUlCQURBTkJna3Foa2lHOXcwQkFRRUZBQVNDQktjd2dnU2pBZ0VBQW9JQkFRRENLV3UyZll1SmxHd2YKczM3SGJvbjZrMmtjVDhDQ3FQWUpmR2VrQVVtNTRFbGRraFk1NlFQd1NiRzFoRVBwbjl6UURhUVdVekx0V1hReApXTCsz\nc0F1N2dGUkJ2dDVJa0RHS0MxU3pRdXRDWEV3ZnpJcTZPa2ZrU1I1MitGdVJDcWJmaWJvNmFFWjJrL1NVCjZtcGdBanZPbHoybnoyL2RBNnlZK2x1Y0lMZzUwUVBOZmNSaC9KcFV4aThHU3BKVG82enJGUzFEK3NGWnE4N0sKd0RJVXJRZ2xwY092c0hteDVUQVpqeWQ2RzRnMk51djFhY0Jic25lbSsxM0ZDYjhnOElZT\nnRadW1ZQmtPTk4wSgpuQjdualgyRFBSanBGUS9uT1dGMUlseERPbnB5TlBHVDV2ZFhUQy9KVk1MNzEvVCttWGdzcW9kMDZ1cVRHMndPCklDemtWelBKQWdNQkFBRUNnZ0VBT3oyZ0c4SWFmUlBJR2JRT2pwTHZqb0REcFZ2QUJSM0FWQXlkSXJFeDZZREIKWWNkYytMWmIrVWpDNi9zN0xXRVZZbldIQnpqRFpSL1NEK3\nhnTW8rSVJPRlcwK2lFc2VjczlrMld2a3RBdExLcwpsMWMxVExUVGtwZXNyK2YvS0RYenpHaWRaWXpEVXhLNW9XWVVwczZIcVBVRVh0c3Y2bU5nbWh4cEx5M2NoK2J4CjlWZ0daMm40NWhTU2NnQnNWay8rM0tEc3l5KzhlUHBrUGN4SS9nV3hCZkx1bWhMeGZSeTM5cy9yZUxla1hvdkkKNXp1Q0FYMEVRWithSHdhU2F\nyOEMwRkRzZ01xZFdyR2xpcVVmMWhCZlpYNm5pWkhITWw1MkRKNExUN0liR1p1LwpDNFhTSXVxdXBGMkVyZmxabkQ1WnByV1BYdEJVU3R2TDNBQUg2Vkl4d1FLQmdRRG9HcFVRZXZJUXZkRG1peldqCjgyZmE5bGxEazd6bzdKMVYreS92bWYrdTFrVUh4YUl5M2prbXVtTHpQMDIwTUJEVmtkSnh1TEVwQkVSVEdlSVcK\nTjJYYjRGZStRNkhQdDdlU3ZETC9EZGpHNjd5YW9EZEp3V1o3RkNjQ2hNTjVMYTREKzkzQk5meW5LUUFLQnRwYwpYZXQwVUVuanNHaUZNTEVCSU4yRnBwbklMUUtCZ1FEV0p0TFcxY2RMWGxvYi8xSXpLdDVMa29QNUdlN0grblpwCndLZVRhYjVQeWlFZnRjMHhyU0kzVURpRU5rSDFpZWtuZ1g0WWk4U200MlUyQW8vY\nXEvZjZpT0g2Q3A4c3BMTkQKU0dpNzh4cUFJYVFTT21oK0pPNlphL0NMemlzVFdUc1R6bHZsRGd1T3lLR2dmQ2pmeWh2OWpHV3Uwd0YxeURoego4VUdVT1pDZmpRS0JnQng4SHEwdUdZVWFkb2ZFcittV0ZyblZuL0RlTWNINFAvcnNYOTZzN0tjZFhzMXNZTktUCldUbzZoNmhJclpXZWpJSlphaFZRMEZVelU5dExBdW\nN0RjFBYndVajFiZWRiS2FsVmRZQzl4MHZxWkhRcGszOTIKdjhmOUdpaUIrS2RuaHNLd1oyK3QyM3I4V2lmZzNXMldqUzN5S0k5TCtCZlllUENsZ3VwREh2NWxBb0dCQU1EZQpsbVVHaEVkTTRycjBhSVBNeUFnb0hOUHNsekZrVWVGTXNhQUNUSFJ3QndVWUo0WGwrRHI0OU8yZU1DbUQyNGpKCkIxZjBDVmlFMUZLZ1h\nBOEZjb0VoWnVSYlRLQllkVnJUakFBNklsUGorSEN5U2duU0dWSHo5T0QwL2JhZlZxV3YKNVBPV2dySkYzOHM2QjFZR0lNOXA4dXBRLzYra2M3TjRSU2ZKOEliQkFvR0FFMmRMdG1aazZMOHFpZ2tKT0Y4TQpjN1Z4K2FHaXBiMXNWVURhcmRxdy9WWmdZOW9LUE8zOFNRT2JnWjNHQVc3UXpEUDdRYU14c2hvUk15ZmZS\nemFSCndVNi9BdTJFQU1vNHhZU2hYR1Z0M0gzUDE1TjlUTXN5UEltRXRTMmpEeER0d1lOSTBJUjhESGJQaEZUTG1lN2MKUE40T3BrYjUvd1B2QXoxVUExVWI1c2c9Ci0tLS0tRU5EIFBSSVZBVEUgS0VZLS0tLS0K \n 0 \n \n\t\n\t\t\n\t\t\twan \n\t\t\t192.168.1.220 \n\t\t\tGW_WAN \n\t\t\t1 \n\t\t\tinet \n\t\t\tInterface wan Gateway \n\t\t \n\t\t\n\t\t\tlan \n\t\t\t192.168.1.220 \n\t\t\tGW_LAN \n\t\t\t1 \n\t\t\tinet \n\t\t\tInterface lan Gateway \n\t\t \n\t\tGW_WAN \n\t \n\t\n\t\t\n\t\t\tnmap \n\t\t\tNMap is a utility for network exploration or security auditing.&amp;amp;amp;amp;amp;amp;amp;amp;amp;amp;lt;br/&amp;amp;amp;amp;amp;amp;amp;amp;amp;amp;gt;\n\t\t\tIt supports ping scanning (determine which hosts are up), many port scanning techniques (determine what services the hosts are offering), version detection (determine what application/service is running on a port), and TCP/IP fingerprinting (remote host OS or device identification).\n\t\t\tIt also offers flexible target and port specification, decoy/stealth scanning, SunRPC scanning, and more. \n\t\t\t1.4.4_1 \n\t\t\thttps://doc.pfsense.org/index.php/Nmap_package \n\t\t\tnmap.xml \n\t\t\t/usr/local/pkg/nmap.inc \n\t\t \n\t\t\n\t\t\tiftop \n\t\t\thttps://forum.pfsense.org/ \n\t\t\tRealtime interface monitor (console/shell only). \n\t\t\thttp://www.ex-parrot.com/~pdw/iftop/ \n\t\t\t0.17_2 \n\t\t\tiftop.xml \n\t\t \n\t\t\n\t\t\tOpen-VM-Tools \n\t\t\tVMware Tools is a suite of utilities that enhances the performance of the virtual machine's guest operating system and improves management of the virtual machine. \n\t\t\thttp://open-vm-tools.sourceforge.net/ \n\t\t\t10.1.0,1 \n\t\t\thttps://doc.pfsense.org/index.php/Open_VM_Tools_package \n\t\t\topen-vm-tools.xml \n\t\t\t/usr/local/pkg/open-vm-tools.inc \n\t\t \n\t\t\n\t\t\tsquid3 \n\t\t\tsquid \n\t\t\tHigh performance web proxy cache (3.4 branch). It combines Squid as a proxy server with its capabilities of acting as a HTTP / HTTPS reverse proxy.&amp;amp;amp;amp;amp;amp;amp;amp;amp;amp;lt;br /&amp;amp;amp;amp;amp;amp;amp;amp;amp;amp;gt;\n\t\t\tIt includes an Exchange-Web-Access (OWA) Assistant, SSL filtering and antivirus integration via C-ICAP. \n\t\t\thttps://forum.pfsense.org/index.php?board=60.0 \n\t\t\thttp://www.squid-cache.org/ \n\t\t\t0.4.44_7 \n\t\t\tsquid.xml \n\t\t\tsquid_generate_rules \n\t\t\t\n\t\t\t\t\n\t\t\t\t\tGeneral \n\t\t\t\t\t/pkg_edit.php?xml=squid.xml&id=0 \n\t\t\t\t\t \n\t\t\t\t\n\t\t\t\t\tRemote Cache \n\t\t\t\t\t/pkg.php?xml=squid_upstream.xml \n\t\t\t\t \n\t\t\t\t\n\t\t\t\t\tLocal Cache \n\t\t\t\t\t/pkg_edit.php?xml=squid_cache.xml&id=0 \n\t\t\t\t \n\t\t\t\t\n\t\t\t\t\tAntivirus \n\t\t\t\t\t/pkg_edit.php?xml=squid_antivirus.xml&id=0 \n\t\t\t\t \n\t\t\t\t\n\t\t\t\t\tACLs \n\t\t\t\t\t/pkg_edit.php?xml=squid_nac.xml&id=0 \n\t\t\t\t \n\t\t\t\t\n\t\t\t\t\tTraffic Mgmt \n\t\t\t\t\t/pkg_edit.php?xml=squid_traffic.xml&id=0 \n\t\t\t\t \n\t\t\t\t\n\t\t\t\t\tAuthentication \n\t\t\t\t\t/pkg_edit.php?xml=squid_auth.xml&id=0 \n\t\t\t\t \n\t\t\t\t\n\t\t\t\t\tUsers \n\t\t\t\t\t/pkg.php?xml=squid_users.xml \n\t\t\t\t \n\t\t\t\t\n\t\t\t\t\tReal Time \n\t\t\t\t\t/squid_monitor.php \n\t\t\t\t \n\t\t\t\t\n\t\t\t\t\tSync \n\t\t\t\t\t/pkg_edit.php?xml=squid_sync.xml \n\t\t\t\t \n\t\t\t \n\t\t\t/usr/local/pkg/squid.inc \n\t\t \n\t\t\n\t\t\tNMap \n\t\t\t\n\t\t\tnmap.xml \n\t\t \n\t\t\n\t\t\tSquid Proxy Server \n\t\t\tModify the proxy server settings \n\t\t\t\n\t\t\t/pkg_edit.php?xml=squid.xml&id=0 \n\t\t \n\t\t\n\t\t\tSquid Reverse Proxy \n\t\t\tModify the reverse proxy server settings \n\t\t\t\n\t\t\t/pkg_edit.php?xml=squid_reverse_general.xml&id=0 \n\t\t \n\t\t\n\t\t\tvmware-guestd \n\t\t\tvmware-guestd.sh \n\t\t\tmwexec(\"/usr/local/etc/rc.d/vmware-guestd status\") == 0; \n\t\t\tVMware Guest Daemon \n\t\t \n\t\t\n\t\t\tvmware-kmod \n\t\t\tvmware-kmod.sh \n\t\t\tmwexec(\"/usr/local/etc/rc.d/vmware-kmod status\") == 0; \n\t\t\tVMware Kernel Modules \n\t\t \n\t\t\n\t\t\tsquid \n\t\t\tsquid.sh \n\t\t\tsquid \n\t\t\tSquid Proxy Server Service \n\t\t \n\t\t\n\t\t\tclamd \n\t\t\tclamd.sh \n\t\t\tclamd \n\t\t\tClamAV Antivirus \n\t\t \n\t\t\n\t\t\tc-icap \n\t\t\tc-icap.sh \n\t\t\tc-icap \n\t\t\tICAP Inteface for Squid and ClamAV integration \n\t\t \n\t\t\n\t\t\t\n\t\t\t\theap LFUDA \n\t\t\t\t90 \n\t\t\t\t95 \n\t\t\t\t100 \n\t\t\t\tufs \n\t\t\t\t16 \n\t\t\t\t/var/squid/cache \n\t\t\t\t0 \n\t\t\t\t4 \n\t\t\t\t64 \n\t\t\t\t256 \n\t\t\t\theap GDSF \n\t\t\t\t \n\t\t \n\t\t\n\t\t\t\n\t\t\t\tnone \n\t\t\t \n\t\t \n\t\t\n\t\t\t\n\t\t\t\ton \n\t\t\t\ton \n\t\t\t\tlan \n\t\t\t\t3128 \n\t\t\t\ton \n\t\t\t\tlan \n\t\t\t\tsplicewhitelist \n\t\t\t\tlan \n\t\t\t\tmodern \n\t\t\t\t2048 \n\t\t\t\tnone \n\t\t\t\t/var/squid/logs \n\t\t\t\tlocalhost \n\t\t\t\tadmin@localhost \n\t\t\t\ten \n\t\t\t\ton \n\t\t\t\tstrip \n\t\t\t\t \n\t\t \n\t\t\n\t\t\t\n\t\t\t\tLg== \n\t\t\t\t \n\t\t \n\t \n\t\n\t \n\t\n\t\t\n\t\t\tipalias \n\t\t\tlan \n\t\t\t5c0a4b6139b05 \n\t\t\tsingle \n\t\t\t24 \n\t\t\t10.255.2.254 \n\t\t \n\t\t\n\t\t\tipalias \n\t\t\tlan \n\t\t\t5c0a4bd391375 \n\t\t\tsingle \n\t\t\t24 \n\t\t\t10.255.3.254 \n\t\t \n\t \n\t\n\t\t\n\t\t\tpfSense \n\t\t\tacme.com \n\t\t \n\t \n\t\n\t\t\n\t\t\tvmx1 \n\t\t\t100 \n\t\t\tvmx1.100 \n\t\t \n\t\t\n\t\t\tvmx1 \n\t\t\t1100 \n\t\t\tvmx1.1100 \n\t\t \n\t\t\n\t\t\tvmx2 \n\t\t\t1100 \n\t\t\tvmx2.1100 \n\t\t \n\t \n \n"
},
{
"path": "tests/unit/plugins/modules/fixtures/2.4/pfsense_ipsec_config.xml",
"content": "\n\t18.9 \n\t\n\t\tnormal \n\t\tpfSense \n\t\tacme.com \n\t\ton \n\t\t\n\t\t\tall \n\t\t\tAll Users \n\t\t\tsystem \n\t\t\t1998 \n\t\t \n\t\t\n\t\t\tadmins \n\t\t\tSystem Administrators \n\t\t\tsystem \n\t\t\t1999 \n\t\t\t0 \n\t\t\tpage-all \n\t\t \n\t\t\n\t\t\tsystem \n\t\t\ttest \n\t\t\t \n\t\t\n\t\t\tsystem \n\t\t\tgroupe1 \n\t\t\t \n\t\t\n\t\t\tsystem \n\t\t\tgroupe2 \n\t\t\t \n\t\t\n\t\t\tadmin \n\t\t\tSystem Administrator \n\t\t\tsystem \n\t\t\tadmins \n\t\t\t$2y$10$AMCpA.Z.RNaferLp1yzFq.BvaGgfqaJKtQug7OErbocyNagsEK6xW \n\t\t\t0 \n\t\t\tuser-shell-access \n\t\t\t2 \n\t\t\tpfSense.css \n\t\t \n\t\t2000 \n\t\t2000 \n\t\t0.pfsense.pool.ntp.org \n\t\t\n\t\t\thttp \n\t\t\t5c00e5f9029df \n\t\t\t2 \n\t\t \n\t\tyes \n\t\t400000 \n\t\thadp \n\t\thadp \n\t\thadp \n\t\t\n\t\t\tmonthly \n\t\t \n\t\t\n\t\t\tenabled \n\t\t \n\t\tEtc/UTC \n\t \n\t\n\t\t\n\t\t\tvmx0 \n\t\t\twan \n\t\t\t192.168.240.137 \n\t\t\t32 \n\t\t\tSavedCfg \n\t\t\t24 \n\t\t\t \n\t\t\n\t\t\tvmx1 \n\t\t\tlan \n\t\t\t192.168.1.242 \n\t\t\t24 \n\t\t\t \n\t\t\n\t\t\tvmx2 \n\t\t\tvpn \n\t\t\t10.0.0.1 \n\t\t\t24 \n\t\t \n\t\t\n\t\t\tvmx3 \n\t\t\tvt1 \n\t\t\t \n\t\t\n\t\t\tlan_100 \n\t\t\tvmx1.1100 \n\t\t\t172.16.151.210 \n\t\t\t24 \n\t\t \n\t \n\t\n\t\t\n\t\t\t\n\t\t\t\t192.168.1.100 \n\t\t\t\t192.168.1.199 \n\t\t\t \n\t\t \n\t \n\t\n\t\t\n\t\t\t\n\t\t\t\t::1000 \n\t\t\t\t::2000 \n\t\t\t \n\t\t\tassist \n\t\t\tmedium \n\t\t \n\t \n\t\n\t\tpublic \n\t \n\t\n\t\t\n\t\t\t \n\t \n\t\n\t\t1 \n\t\t50 \n\t\tipv4 \n\t \n\t\n\t\t\n\t\t\tadvanced \n\t\t\t\n\t\t\t\t\n\t\t\t\t\tany \n\t\t\t\t \n\t\t\t\twan \n\t\t\t\t\n\t\t\t\t\t \n\t\t\t\t\n\t\t\t\t\t1544027052 \n\t\t\t\t\t \n\t\t\t\t\n\t\t\t\t\t1544027052 \n\t\t\t\t\t \n\t\t\t \n\t\t \n\t\t\n\t\t\t\n\t\t\t\t \n\t\t\t\n\t\t\t\twanip \n\t\t\t\t22022 \n\t\t\t \n\t\t\ttcp \n\t\t\t10.255.1.20 \n\t\t\t22 \n\t\t\twan \n\t\t\t\n\t\t\t\t1544085353 \n\t\t\t\t \n\t\t\t\n\t\t\t\t1544085353 \n\t\t\t\t \n\t\t \n\t \n\t\n\t\t\n\t\t\t\n\t\t\t\t\n\t\t\t\t\tfr1
\n\t\t\t\t\ttest_separator \n\t\t\t\t\tbg-info \n\t\t\t\t\tlan \n\t\t\t\t \n\t\t\t \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545574416 \n\t\t\t \n\t\t\ttcp \n\t\t\tantilock_out_1 \n\t\t\t\n\t\t\t\t1545574416 \n\t\t\t \n\t\t\t\n\t\t\t\tport_ssh \n\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\t \n\t\t\t1545574416 \n\t\t\twan \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545574416 \n\t\t\t \n\t\t\ttcp \n\t\t\tantilock_out_2 \n\t\t\t\n\t\t\t\t1545574416 \n\t\t\t \n\t\t\t\n\t\t\t\tport_http \n\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\t \n\t\t\t1545574416 \n\t\t\twan \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545574416 \n\t\t\t \n\t\t\ttcp \n\t\t\tantilock_out_3 \n\t\t\t\n\t\t\t\t1545574416 \n\t\t\t \n\t\t\t\n\t\t\t\t443 \n\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\t \n\t\t\t1545574416 \n\t\t\twan \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545574416 \n\t\t\t \n\t\t\ttcp \n\t\t\tantilock_out_1 \n\t\t\t\n\t\t\t\t1545574416 \n\t\t\t \n\t\t\t\n\t\t\t\tport_ssh \n\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\t \n\t\t\t1545574416 \n\t\t\tlan \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545574416 \n\t\t\t \n\t\t\ttcp \n\t\t\tantilock_out_2 \n\t\t\t\n\t\t\t\t1545574416 \n\t\t\t \n\t\t\t\n\t\t\t\tport_http \n\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\t \n\t\t\t1545574416 \n\t\t\tlan \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545574416 \n\t\t\t \n\t\t\ttcp \n\t\t\tantilock_out_3 \n\t\t\t\n\t\t\t\t1545574416 \n\t\t\t \n\t\t\t\n\t\t\t\t443 \n\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\t \n\t\t\t1545574416 \n\t\t\tlan \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\ticmp \n\t\t\tping_from_poc3_1 \n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\t\n\t\t\t\tsrv_admin \n\t\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\tlan_data_poc3 \n\t\t\t\t \n\t\t\t1545602758 \n\t\t\tlan \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\tudp \n\t\t\tads_to_ads_udp_1_1 \n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\t\n\t\t\t\tport_dns \n\t\t\t\tad_poc2 \n\t\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\tad_poc3 \n\t\t\t\t \n\t\t\t1545602758 \n\t\t\tlan \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\tudp \n\t\t\tads_to_ads_udp_1_2 \n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\t\n\t\t\t\tport_ldap \n\t\t\t\tad_poc2 \n\t\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\tad_poc3 \n\t\t\t\t \n\t\t\t1545602758 \n\t\t\tlan \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\tudp \n\t\t\tads_to_ads_udp_2_1 \n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\t\n\t\t\t\tport_dns \n\t\t\t\tad_poc1 \n\t\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\tad_poc3 \n\t\t\t\t \n\t\t\t1545602758 \n\t\t\tlan \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\tudp \n\t\t\tads_to_ads_udp_2_2 \n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\t\n\t\t\t\tport_ldap \n\t\t\t\tad_poc1 \n\t\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\tad_poc3 \n\t\t\t\t \n\t\t\t1545602758 \n\t\t\tlan \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\ttcp \n\t\t\tads_to_ads_tcp_1_1 \n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\t\n\t\t\t\tport_dns \n\t\t\t\tad_poc2 \n\t\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\tad_poc3 \n\t\t\t\t \n\t\t\t1545602758 \n\t\t\tlan \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\ttcp \n\t\t\tads_to_ads_tcp_1_2 \n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\t\n\t\t\t\tport_ldap \n\t\t\t\tad_poc2 \n\t\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\tad_poc3 \n\t\t\t\t \n\t\t\t1545602758 \n\t\t\tlan \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\ttcp \n\t\t\tads_to_ads_tcp_1_3 \n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\t\n\t\t\t\tport_ldap_ssl \n\t\t\t\tad_poc2 \n\t\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\tad_poc3 \n\t\t\t\t \n\t\t\t1545602758 \n\t\t\tlan \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\ttcp \n\t\t\tads_to_ads_tcp_2_1 \n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\t\n\t\t\t\tport_dns \n\t\t\t\tad_poc1 \n\t\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\tad_poc3 \n\t\t\t\t \n\t\t\t1545602758 \n\t\t\tlan \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\ttcp \n\t\t\tads_to_ads_tcp_2_2 \n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\t\n\t\t\t\tport_ldap \n\t\t\t\tad_poc1 \n\t\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\tad_poc3 \n\t\t\t\t \n\t\t\t1545602758 \n\t\t\tlan \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\ttcp \n\t\t\tads_to_ads_tcp_2_3 \n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\t\n\t\t\t\tport_ldap_ssl \n\t\t\t\tad_poc1 \n\t\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\tad_poc3 \n\t\t\t\t \n\t\t\t1545602758 \n\t\t\tlan \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545574416 \n\t\t\t \n\t\t\ttcp \n\t\t\tantilock_out_1 \n\t\t\t\n\t\t\t\t1545574416 \n\t\t\t \n\t\t\t\n\t\t\t\tport_ssh \n\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\t \n\t\t\t1545574416 \n\t\t\topt3 \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545574416 \n\t\t\t \n\t\t\ttcp \n\t\t\tantilock_out_2 \n\t\t\t\n\t\t\t\t1545574416 \n\t\t\t \n\t\t\t\n\t\t\t\tport_http \n\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\t \n\t\t\t1545574416 \n\t\t\topt3 \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545574416 \n\t\t\t \n\t\t\ttcp \n\t\t\tantilock_out_3 \n\t\t\t\n\t\t\t\t1545574416 \n\t\t\t \n\t\t\t\n\t\t\t\t443 \n\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\t \n\t\t\t1545574416 \n\t\t\topt3 \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\tudp \n\t\t\tvoid_conf_tftp_1 \n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\t\n\t\t\t\t69 \n\t\t\t\tlan_voip_poc2 \n\t\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\tipbx_poc3 \n\t\t\t\t \n\t\t\t1545602758 \n\t\t\topt3 \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\ticmp \n\t\t\tping_from_poc3_2 \n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\t\n\t\t\t\tsrv_admin \n\t\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\tlan_voip_poc3 \n\t\t\t\t \n\t\t\t1545602758 \n\t\t\topt3 \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\tudp \n\t\t\tvoid_conf_tftp_2 \n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\t\n\t\t\t\t69 \n\t\t\t\tlan_voip_poc1 \n\t\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\tipbx_poc3 \n\t\t\t\t \n\t\t\t1545602758 \n\t\t\topt3 \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545574416 \n\t\t\t \n\t\t\ttcp \n\t\t\tantilock_out_1 \n\t\t\t\n\t\t\t\t1545574416 \n\t\t\t \n\t\t\t\n\t\t\t\tport_ssh \n\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\t \n\t\t\t1545574416 \n\t\t\topt1 \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545574416 \n\t\t\t \n\t\t\ttcp \n\t\t\tantilock_out_2 \n\t\t\t\n\t\t\t\t1545574416 \n\t\t\t \n\t\t\t\n\t\t\t\tport_http \n\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\t \n\t\t\t1545574416 \n\t\t\topt1 \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545574416 \n\t\t\t \n\t\t\ttcp \n\t\t\tantilock_out_3 \n\t\t\t\n\t\t\t\t1545574416 \n\t\t\t \n\t\t\t\n\t\t\t\t443 \n\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\t \n\t\t\t1545574416 \n\t\t\topt1 \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\tudp \n\t\t\tvoid_conf_tftp_3 \n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\t\n\t\t\t\t69 \n\t\t\t\tlan_voip_poc3 \n\t\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\tipbx_poc2 \n\t\t\t\t \n\t\t\t1545602758 \n\t\t\topt1 \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\tudp \n\t\t\tads_to_ads_udp_3_1 \n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\t\n\t\t\t\tport_dns \n\t\t\t\tad_poc3 \n\t\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\tad_poc2 \n\t\t\t\t \n\t\t\t1545602758 \n\t\t\topt1 \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\tudp \n\t\t\tads_to_ads_udp_3_2 \n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\t\n\t\t\t\tport_ldap \n\t\t\t\tad_poc3 \n\t\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\tad_poc2 \n\t\t\t\t \n\t\t\t1545602758 \n\t\t\topt1 \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\tudp \n\t\t\tads_to_ads_udp_4_1 \n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\t\n\t\t\t\tport_dns \n\t\t\t\tad_poc3 \n\t\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\tad_poc1 \n\t\t\t\t \n\t\t\t1545602758 \n\t\t\topt1 \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\tudp \n\t\t\tads_to_ads_udp_4_2 \n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\t\n\t\t\t\tport_ldap \n\t\t\t\tad_poc3 \n\t\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\tad_poc1 \n\t\t\t\t \n\t\t\t1545602758 \n\t\t\topt1 \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\tudp \n\t\t\tvoid_conf_tftp_4 \n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\t\n\t\t\t\t69 \n\t\t\t\tlan_voip_poc3 \n\t\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\tipbx_poc1 \n\t\t\t\t \n\t\t\t1545602758 \n\t\t\topt1 \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\ttcp \n\t\t\tads_to_ads_tcp_4_1 \n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\t\n\t\t\t\tport_dns \n\t\t\t\tad_poc3 \n\t\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\tad_poc1 \n\t\t\t\t \n\t\t\t1545602758 \n\t\t\topt1 \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\ttcp \n\t\t\tads_to_ads_tcp_4_2 \n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\t\n\t\t\t\tport_ldap \n\t\t\t\tad_poc3 \n\t\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\tad_poc1 \n\t\t\t\t \n\t\t\t1545602758 \n\t\t\topt1 \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\ttcp \n\t\t\tads_to_ads_tcp_4_3 \n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\t\n\t\t\t\tport_ldap_ssl \n\t\t\t\tad_poc3 \n\t\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\tad_poc1 \n\t\t\t\t \n\t\t\t1545602758 \n\t\t\topt1 \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\tadmin_bypass \n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\t\n\t\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\tsrv_admin \n\t\t\t\t \n\t\t\t1545602758 \n\t\t\topt1 \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\ttcp \n\t\t\tads_to_ads_tcp_3_1 \n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\t\n\t\t\t\tport_dns \n\t\t\t\tad_poc3 \n\t\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\tad_poc2 \n\t\t\t\t \n\t\t\t1545602758 \n\t\t\topt1 \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\ttcp \n\t\t\tads_to_ads_tcp_3_2 \n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\t\n\t\t\t\tport_ldap \n\t\t\t\tad_poc3 \n\t\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\tad_poc2 \n\t\t\t\t \n\t\t\t1545602758 \n\t\t\topt1 \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\ttcp \n\t\t\tads_to_ads_tcp_3_3 \n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\t\n\t\t\t\tport_ldap_ssl \n\t\t\t\tad_poc3 \n\t\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\tad_poc2 \n\t\t\t\t \n\t\t\t1545602758 \n\t\t\topt1 \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t \n\t\n \n 1 \n ikev2 \n opt3 \n 1.2.4.8 \n inet \n myaddress \n peeraddress \n \n - \n
\n aes \n 128 \n \n sha256 \n 14 \n \n - \n
\n aes \n 256 \n \n sha256 \n 14 \n \n - \n
\n aes128gcm \n 128 \n \n sha256 \n 14 \n \n - \n
\n blowfish \n 256 \n \n aesxcbc \n 14 \n \n \n 28800 \n 1234 \n pre_shared_key \n test_tunnel \n on \n off \n 10 \n 5 \n \n \n 1 \n 5db7be207c845 \n tunnel \n 1 \n \n lan \n \n \n network \n 10.20.30.40 \n 24 \n \n esp \n \n aes \n 128 \n \n \n aes128gcm \n 128 \n \n hmac_sha256 \n 14 \n 3600 \n \n \n 1 \n 5db7be3c0502e \n tunnel \n 2 \n \n lan \n \n \n network \n 10.20.30.50 \n 24 \n \n esp \n \n aes \n 128 \n \n \n aes128gcm \n 128 \n \n hmac_sha256 \n 14 \n 3600 \n \n \n 2 \n ikev2 \n opt3 \n 1.2.3.6 \n inet \n myaddress \n peeraddress \n \n - \n
\n aes \n 128 \n \n sha256 \n 14 \n \n - \n
\n aes \n 256 \n \n sha256 \n 14 \n \n - \n
\n aes128gcm \n 128 \n \n sha256 \n 14 \n \n - \n
\n blowfish \n 256 \n \n aesxcbc \n 14 \n \n \n 28800 \n 1234 \n 5c00e5f9029df \n 5db509cfed87d \n rsasig \n test_tunnel2 \n on \n off \n 10 \n 5 \n \n \n\t\n\t\t\n\t\t\tport \n\t\t\tport_ssh \n\t\t\t22 \n\t\t \n\t\t\n\t\t\tport \n\t\t\tport_http \n\t\t\t80 \n\t\t \n\t\t\n\t\t\thost \n\t\t\tsrv_admin \n\t\t\t192.168.1.165 \n\t\t \n\t\t\n\t\t\tport \n\t\t\tport_dns \n\t\t\t51 \n\t\t \n\t\t\n\t\t\tport \n\t\t\tport_ldap \n\t\t\t389 \n\t\t \n\t\t\n\t\t\tport \n\t\t\tport_ldap_ssl \n\t\t\t636 \n\t\t \n\t\n\t\t\tnetwork \n\t\t\tlan_voip_poc2 \n\t\t\t172.16.2.0/24 \n\t\t\t \n\t\t\n\t\t\tnetwork \n\t\t\tlan_voip_poc3 \n\t\t\t172.16.3.0/24 \n\t\t\t \n\t\t\n\t\t\tnetwork \n\t\t\tlan_voip_poc1 \n\t\t\t172.16.1.0/24 \n\t\t\t \n\t\t\n\t\t\thost \n\t\t\tad_poc3 \n\t\t\t192.168.3.3 \n\t\t\t \n\t\t\n\t\t\thost \n\t\t\tad_poc2 \n\t\t\t192.168.2.3 \n\t\t\t \n\t\t\n\t\t\thost \n\t\t\tad_poc1 \n\t\t\t192.168.1.3 \n\t\t\t \n\t\t\n\t\t\tnetwork \n\t\t\tlan_data_poc3 \n\t\t\t192.168.3.0/24 \n\t\t\t \n\t\t\n\t\t\thost \n\t\t\tipbx_poc3 \n\t\t\t172.16.3.3 \n\t\t\t \n\t\t\n\t\t\thost \n\t\t\tipbx_poc2 \n\t\t\t172.16.2.3 \n\t\t\t \n\t\t\n\t\t\thost \n\t\t\tipbx_poc1 \n\t\t\t172.16.1.3 \n\t\t\t \n\t\t\n\t\t\thttp://www.acme-corp.com \n\t\t\turltable \n\t\t\t10 \n\t\t\thttp://www.acme-corp.com \n\t\t\tacme_corp \n\t\t\t \n\t\t \n\t\n\t\t- \n\t\t\t
1,31 \n\t\t\t0-5 \n\t\t\t* \n\t\t\t* \n\t\t\t* \n\t\t\troot \n\t\t\t/usr/bin/nice -n20 adjkerntz -a \n\t\t \n\t\t- \n\t\t\t
1 \n\t\t\t3 \n\t\t\t1 \n\t\t\t* \n\t\t\t* \n\t\t\troot \n\t\t\t/usr/bin/nice -n20 /etc/rc.update_bogons.sh \n\t\t \n\t\t- \n\t\t\t
*/60 \n\t\t\t* \n\t\t\t* \n\t\t\t* \n\t\t\t* \n\t\t\troot \n\t\t\t/usr/bin/nice -n20 /usr/local/sbin/expiretable -v -t 3600 sshguard \n\t\t \n\t\t- \n\t\t\t
*/60 \n\t\t\t* \n\t\t\t* \n\t\t\t* \n\t\t\t* \n\t\t\troot \n\t\t\t/usr/bin/nice -n20 /usr/local/sbin/expiretable -v -t 3600 webConfiguratorlockout \n\t\t \n\t\t- \n\t\t\t
1 \n\t\t\t1 \n\t\t\t* \n\t\t\t* \n\t\t\t* \n\t\t\troot \n\t\t\t/usr/bin/nice -n20 /etc/rc.dyndns.update \n\t\t \n\t\t- \n\t\t\t
*/60 \n\t\t\t* \n\t\t\t* \n\t\t\t* \n\t\t\t* \n\t\t\troot \n\t\t\t/usr/bin/nice -n20 /usr/local/sbin/expiretable -v -t 3600 virusprot \n\t\t \n\t\t- \n\t\t\t
30 \n\t\t\t12 \n\t\t\t* \n\t\t\t* \n\t\t\t* \n\t\t\troot \n\t\t\t/usr/bin/nice -n20 /etc/rc.update_urltables \n\t\t \n\t\t- \n\t\t\t
1 \n\t\t\t0 \n\t\t\t* \n\t\t\t* \n\t\t\t* \n\t\t\troot \n\t\t\t/usr/bin/nice -n20 /etc/rc.update_pkg_metadata \n\t\t \n\t\t- \n\t\t\t
0 \n\t\t\t0 \n\t\t\t* \n\t\t\t* \n\t\t\t* \n\t\t\troot \n\t\t\t/usr/local/sbin/squid -k rotate -f /usr/local/etc/squid/squid.conf \n\t\t \n\t\t- \n\t\t\t
15 \n\t\t\t0 \n\t\t\t* \n\t\t\t* \n\t\t\t* \n\t\t\troot \n\t\t\t/usr/local/pkg/swapstate_check.php \n\t\t \n\t \n\t\n\t\t \n\t\n\t\t\n\t\t\tICMP \n\t\t\ticmp \n\t\t\tICMP \n\t\t\t \n\t\t\n\t\t\tTCP \n\t\t\ttcp \n\t\t\tGeneric TCP \n\t\t\t \n\t\t\n\t\t\tHTTP \n\t\t\thttp \n\t\t\tGeneric HTTP \n\t\t\t\n\t\t\t\t/ \n\t\t\t\t200\n\t\t\t \n\t\t \n\t\t\n\t\t\tHTTPS \n\t\t\thttps \n\t\t\tGeneric HTTPS \n\t\t\t\n\t\t\t\t/ \n\t\t\t\t200\n\t\t\t \n\t\t \n\t\t\n\t\t\tSMTP \n\t\t\tsend \n\t\t\tGeneric SMTP \n\t\t\t\n\t\t\t\t220 * \n\t\t\t \n\t\t \n\t \n\t\n\t\tsystem_information:col1:open:0,interfaces:col2:open:0 \n\t\t10 \n\t \n\t\n\t\t \n\t\n\t\t1545602758 \n\t\taggregated change \n\t\t \n \n\t\t5c00e5f9029df \n\t\twebConfigurator default (5c00e5f9029df) \n\t\tserver \n\t\tLS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUVlakNDQTJLZ0F3SUJBZ0lCQURBTkJna3Foa2lHOXcwQkFRc0ZBREJhTVRnd05nWURWUVFLRXk5d1psTmwKYm5ObElIZGxZa052Ym1acFozVnlZWFJ2Y2lCVFpXeG1MVk5wWjI1bFpDQkRaWEowYVdacFkyRjBaVEVlTUJ3RwpBMVVFQXhNVmNHWlRaVzV6WlMwMVl6QXdaVFZtT1RBeU9XUm1NQjRYRFRFNE1URXpNREEzTWpVME5Wb1hEVEkwCk1EVXlNakEzTWpVME5Wb3dXakU0TURZR0ExVUVDaE12Y0daVFpXNXpaU0IzWldKRGIyNW1hV2QxY21GMGIzSWcKVTJWc1ppMVRhV2R1WldRZ1EyVnlkR2xtYVdOaGRHVXhIakFjQmdOVkJBTVRGWEJtVTJWdWMyVXROV013TUdVMQpaamt3TWpsa1pqQ0NBU0l3RFFZSktvWklodmNOQVFFQkJRQURnZ0VQQURDQ0FRb0NnZ0VCQU9SRHNBV1hlMitrCmtuUFpBUGxBUG1QUUl6RVBDaXBQdXJ4dmE4c0psSCtiNitKRzl4bnpreXptaVR5SFc0M0tmZzVKNzhCdG1jTmQKWlgvZHlyckZ6dlNiQnZpa21lWk9MdGVaejVaaGFOdkxsbjBxRWZibEFwbWdkUS9Nck42eURoTWNZYWN6SEduTwpTaHdFRWZoMHhuOGo5VEFCMG9vT0JyU2dINnpkTjF2YVFIZzBJeDhIa0toUzY5eDRoV3g2WUUrRE9UQk00NUcwCkNVbitUVzNTSytQaU5QaFExT2tyRHlKL21ZLzdmVXpRZkg1bk5ZcEtNZUE2cVZxdUZTa1g0a0RVRlFwOHNoNG4KMXR5QmtJM2gvTFRpTW5uNjhBMXhKOFdrVW8yUWNxNmNuR0hqL0VGbkVKWWRraTVsYUtDWG5wS0Y0c2hrZHJaVgpRN21ybithUHg5OENBd0VBQWFPQ0FVa3dnZ0ZGTUFrR0ExVWRFd1FDTUFBd0VRWUpZSVpJQVliNFFnRUJCQVFECkFnWkFNQXNHQTFVZER3UUVBd0lGb0RBekJnbGdoa2dCaHZoQ0FRMEVKaFlrVDNCbGJsTlRUQ0JIWlc1bGNtRjAKWldRZ1UyVnlkbVZ5SUVObGNuUnBabWxqWVhSbE1CMEdBMVVkRGdRV0JCU3Qra3hud054UlFGT2pXVTljekRwegp4elRYd2pDQmdnWURWUjBqQkhzd2VZQVVyZnBNWjhEY1VVQlRvMWxQWE13NmM4YzAxOEtoWHFSY01Gb3hPREEyCkJnTlZCQW9UTDNCbVUyVnVjMlVnZDJWaVEyOXVabWxuZFhKaGRHOXlJRk5sYkdZdFUybG5ibVZrSUVObGNuUnAKWm1sallYUmxNUjR3SEFZRFZRUURFeFZ3WmxObGJuTmxMVFZqTURCbE5XWTVNREk1WkdhQ0FRQXdIUVlEVlIwbApCQll3RkFZSUt3WUJCUVVIQXdFR0NDc0dBUVVGQ0FJQ01DQUdBMVVkRVFRWk1CZUNGWEJtVTJWdWMyVXROV013Ck1HVTFaamt3TWpsa1pqQU5CZ2txaGtpRzl3MEJBUXNGQUFPQ0FRRUEzZHhIRWR5SkpWeC9od0t3WGlwcXYrY04KWFpSQ3Q1NUFHbnNGeXZIcG5Rb3pxYzV1ZFdKSTFUcGF1TGNaZjF6OFM1cXQyUDd3V1BndFhnZ3BIWmgydUlqagpha2ZpV0JIQnorS3Q2Qjl5K2hmVTVPRHUwSXMrcHJyWngyM0ZNNjVCOFNiMGlmUlMvZXFTTFpHTHcvLzdhRVJ2CnVpOUhKOXRuemhRYklMb1VwUUQ5MTRLNERldXdJYXZ4dldMTElwMGsreWNoSTczV2NGR1VZVlJpanFNekhlcUcKY2RLRDVtbXZQTk1OYXdESVhuU3pldVpQMTkvVmhuc0J0Y3hiYzNMQ2RSR1VJS0ZNN2syK0xoaEZrdks1NjhlNQozalpNZjNSVWhQaTlFeEF2Vmw3blVyd1l4UU45TXhHMUJzZmNrYldNd1dUL3lFMHFnRHcrT2M4b21SSW9tZz09Ci0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K \n\t\tLS0tLS1CRUdJTiBQUklWQVRFIEtFWS0tLS0tCk1JSUV2UUlCQURBTkJna3Foa2lHOXcwQkFRRUZBQVNDQktjd2dnU2pBZ0VBQW9JQkFRRGtRN0FGbDN0dnBKSnoKMlFENVFENWowQ014RHdvcVQ3cThiMnZMQ1pSL20rdmlSdmNaODVNczVvazhoMXVOeW40T1NlL0FiWm5EWFdWLwozY3E2eGM3MG13YjRwSm5tVGk3WG1jK1dZV2pieTVaOUtoSDI1UUtab0hVUHpLemVzZzRUSEdHbk14eHB6a29jCkJCSDRkTVovSS9Vd0FkS0tEZ2Ewb0IrczNUZGIya0I0TkNNZkI1Q29VdXZjZUlWc2VtQlBnemt3VE9PUnRBbEoKL2sxdDBpdmo0alQ0VU5UcEt3OGlmNW1QKzMxTTBIeCtaeldLU2pIZ09xbGFyaFVwRitKQTFCVUtmTEllSjliYwpnWkNONGZ5MDRqSjUrdkFOY1NmRnBGS05rSEt1bkp4aDQveEJaeENXSFpJdVpXaWdsNTZTaGVMSVpIYTJWVU81CnE1L21qOGZmQWdNQkFBRUNnZ0VCQUpmblI1TmhESjd1T1J2cEZKSEtvL3BPZjZ6ZElsbW45MUFCSWczYkVUeWUKcWFwS3FaUldtT0d2aFRLSHJYQzlpWWUrd2xNZlhNMDdNUm1Yb3BzS21rQURqdThXc3VnbHJWeURHamNzR2RqegpNZkdYZHA4RUplZlFkVGFQY1pjOWpNcEEvK2VCeHUzT2Yxa0hpR0g4YkVBZDBNUWk0bFpISVVWQXJmT2V2NEZhCmlaTEJGdTEzY0pCMEJNbzJUZU9JZDQ1R0p3OXVTQWd3Q1VuZWQ5WG42SlkremI3cVRKUE1qQkdlYWY0L0E5UnMKV29nWW85ZUtYaTF3YmFRcGthdUZINWx2U29jckRsQWRiaERiam00c0lIdzJtQUwwSUk0d1YzVTJLbUhFMEg3Nwp2b1M0dUdHNW1BZFZ0elRDTnZOa09YMC9WVWdNMTJ1eHllZVZ4c3FaTkxFQ2dZRUEvcFhJR2hDNlhkVkNNNDk1CkVsR1RENW4zUXdUOTZXZkNRQ0w2cXlaK1UwUHNla0dDV2pXTWt3R2tHbWl1ZkVKdFN2VFl2d1NzcUZpaTZsdlkKNXRKSkR3dEd4ZW0weEF0SWc3RlNuUVcvdDNWcExXOE9QVmFXQ0lOSXJKSHc3L2tOZ2RpVmNBWXpiN05DUGtjVgptTEs5aSt6bXpKMmkrbE9vaFVKRlE5aVZEQWNDZ1lFQTVZaDFHYWlGMUl6UzRVdE9pZklLcjZ3bW40MEQ3ZEVmClF5SXF5d3JSTVcya1BxVkViaVBCVkM3dUxUeUlKMWdwVDhPakl3WFlrOUlRdW01ZW42TTc2aXlxYmUrY3JhdE8KbEliK3pLL2RBNzZuUjBHOGJ2eVBmMS9FbU5vL0J1ZUZldWQyaWNacWhMd25HUkxUL0FPQktkMTZ4ZGtoSjdkVwo5WWRsbmliL0gya0NnWUJqaC8rQllVVGJab0xKVWJCTjN5S1ZtT1k0aDMwVmdZRktQZUt1Z3hBa1VZdmtpRFFFClBLZEcyZjlrYThTN3crU2l4M0x0eTFBTlNRbjRnZ3djd2QzYVNkaFRpL2ttSkJzbmtXM3hBY3hnVjBEVmlIT1MKdTRWUXNyTDQ5TjJ6bERVWnJLbFA4THl2VU8vM0ZTZDJXWHNOZDRNTVFCejFyVHRYVGY5eWRQeGdoUUtCZ0FzRgptWEhvK0x3ekl2RTBsNG5pT0ljbEFobkpRTFlMdzYrS2xYbDRoSUVXSGJ2d1hhL1lRYkZVSzVXNmdXTTZSWW1TCkFHUnZKRzQ4dVJicXM5cUFrU0Qya2h5RFZBZTI0U2dhcjJPTzBsTWF0WmVqWFhRSzVxMGNJU21oMlVMd25TVkEKdGgxNWpLWGhEeE9TSnVIRUhWQ3dWUFBwTUVGaStXY0M0R3RPdmhONUFvR0FKbXdFSkR2QkZtL0t0SXlZMDhuQgpJSExkc1dSWmRXOXpNbHBsMVk2OTV1b21qS1hVMEwva3VDZ1QwRFVVVG1VK0Q3aGFZL2FQajB6MWpqR0JGcEQ0ClJ3cVA2dVJQTVhRMExLSG5IbmFQclJzanM2Q2xicVQ4ZU93dTRkeVpmYUtTS3VvbVpDZ1pkV2ZxWThVL21tbWIKT21vckhNeWJzWG0wWnJNaTZOemlzam89Ci0tLS0tRU5EIFBSSVZBVEUgS0VZLS0tLS0K \n\t \n \n\t\t5c00e5f9029de \n\t\twebConfigurator default copy \n\t\tserver \n\t\tLS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUVlakNDQTJLZ0F3SUJBZ0lCQURBTkJna3Foa2lHOXcwQkFRc0ZBREJhTVRnd05nWURWUVFLRXk5d1psTmwKYm5ObElIZGxZa052Ym1acFozVnlZWFJ2Y2lCVFpXeG1MVk5wWjI1bFpDQkRaWEowYVdacFkyRjBaVEVlTUJ3RwpBMVVFQXhNVmNHWlRaVzV6WlMwMVl6QXdaVFZtT1RBeU9XUm1NQjRYRFRFNE1URXpNREEzTWpVME5Wb1hEVEkwCk1EVXlNakEzTWpVME5Wb3dXakU0TURZR0ExVUVDaE12Y0daVFpXNXpaU0IzWldKRGIyNW1hV2QxY21GMGIzSWcKVTJWc1ppMVRhV2R1WldRZ1EyVnlkR2xtYVdOaGRHVXhIakFjQmdOVkJBTVRGWEJtVTJWdWMyVXROV013TUdVMQpaamt3TWpsa1pqQ0NBU0l3RFFZSktvWklodmNOQVFFQkJRQURnZ0VQQURDQ0FRb0NnZ0VCQU9SRHNBV1hlMitrCmtuUFpBUGxBUG1QUUl6RVBDaXBQdXJ4dmE4c0psSCtiNitKRzl4bnpreXptaVR5SFc0M0tmZzVKNzhCdG1jTmQKWlgvZHlyckZ6dlNiQnZpa21lWk9MdGVaejVaaGFOdkxsbjBxRWZibEFwbWdkUS9Nck42eURoTWNZYWN6SEduTwpTaHdFRWZoMHhuOGo5VEFCMG9vT0JyU2dINnpkTjF2YVFIZzBJeDhIa0toUzY5eDRoV3g2WUUrRE9UQk00NUcwCkNVbitUVzNTSytQaU5QaFExT2tyRHlKL21ZLzdmVXpRZkg1bk5ZcEtNZUE2cVZxdUZTa1g0a0RVRlFwOHNoNG4KMXR5QmtJM2gvTFRpTW5uNjhBMXhKOFdrVW8yUWNxNmNuR0hqL0VGbkVKWWRraTVsYUtDWG5wS0Y0c2hrZHJaVgpRN21ybithUHg5OENBd0VBQWFPQ0FVa3dnZ0ZGTUFrR0ExVWRFd1FDTUFBd0VRWUpZSVpJQVliNFFnRUJCQVFECkFnWkFNQXNHQTFVZER3UUVBd0lGb0RBekJnbGdoa2dCaHZoQ0FRMEVKaFlrVDNCbGJsTlRUQ0JIWlc1bGNtRjAKWldRZ1UyVnlkbVZ5SUVObGNuUnBabWxqWVhSbE1CMEdBMVVkRGdRV0JCU3Qra3hud054UlFGT2pXVTljekRwegp4elRYd2pDQmdnWURWUjBqQkhzd2VZQVVyZnBNWjhEY1VVQlRvMWxQWE13NmM4YzAxOEtoWHFSY01Gb3hPREEyCkJnTlZCQW9UTDNCbVUyVnVjMlVnZDJWaVEyOXVabWxuZFhKaGRHOXlJRk5sYkdZdFUybG5ibVZrSUVObGNuUnAKWm1sallYUmxNUjR3SEFZRFZRUURFeFZ3WmxObGJuTmxMVFZqTURCbE5XWTVNREk1WkdhQ0FRQXdIUVlEVlIwbApCQll3RkFZSUt3WUJCUVVIQXdFR0NDc0dBUVVGQ0FJQ01DQUdBMVVkRVFRWk1CZUNGWEJtVTJWdWMyVXROV013Ck1HVTFaamt3TWpsa1pqQU5CZ2txaGtpRzl3MEJBUXNGQUFPQ0FRRUEzZHhIRWR5SkpWeC9od0t3WGlwcXYrY04KWFpSQ3Q1NUFHbnNGeXZIcG5Rb3pxYzV1ZFdKSTFUcGF1TGNaZjF6OFM1cXQyUDd3V1BndFhnZ3BIWmgydUlqagpha2ZpV0JIQnorS3Q2Qjl5K2hmVTVPRHUwSXMrcHJyWngyM0ZNNjVCOFNiMGlmUlMvZXFTTFpHTHcvLzdhRVJ2CnVpOUhKOXRuemhRYklMb1VwUUQ5MTRLNERldXdJYXZ4dldMTElwMGsreWNoSTczV2NGR1VZVlJpanFNekhlcUcKY2RLRDVtbXZQTk1OYXdESVhuU3pldVpQMTkvVmhuc0J0Y3hiYzNMQ2RSR1VJS0ZNN2syK0xoaEZrdks1NjhlNQozalpNZjNSVWhQaTlFeEF2Vmw3blVyd1l4UU45TXhHMUJzZmNrYldNd1dUL3lFMHFnRHcrT2M4b21SSW9tZz09Ci0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K \n\t\tLS0tLS1CRUdJTiBQUklWQVRFIEtFWS0tLS0tCk1JSUV2UUlCQURBTkJna3Foa2lHOXcwQkFRRUZBQVNDQktjd2dnU2pBZ0VBQW9JQkFRRGtRN0FGbDN0dnBKSnoKMlFENVFENWowQ014RHdvcVQ3cThiMnZMQ1pSL20rdmlSdmNaODVNczVvazhoMXVOeW40T1NlL0FiWm5EWFdWLwozY3E2eGM3MG13YjRwSm5tVGk3WG1jK1dZV2pieTVaOUtoSDI1UUtab0hVUHpLemVzZzRUSEdHbk14eHB6a29jCkJCSDRkTVovSS9Vd0FkS0tEZ2Ewb0IrczNUZGIya0I0TkNNZkI1Q29VdXZjZUlWc2VtQlBnemt3VE9PUnRBbEoKL2sxdDBpdmo0alQ0VU5UcEt3OGlmNW1QKzMxTTBIeCtaeldLU2pIZ09xbGFyaFVwRitKQTFCVUtmTEllSjliYwpnWkNONGZ5MDRqSjUrdkFOY1NmRnBGS05rSEt1bkp4aDQveEJaeENXSFpJdVpXaWdsNTZTaGVMSVpIYTJWVU81CnE1L21qOGZmQWdNQkFBRUNnZ0VCQUpmblI1TmhESjd1T1J2cEZKSEtvL3BPZjZ6ZElsbW45MUFCSWczYkVUeWUKcWFwS3FaUldtT0d2aFRLSHJYQzlpWWUrd2xNZlhNMDdNUm1Yb3BzS21rQURqdThXc3VnbHJWeURHamNzR2RqegpNZkdYZHA4RUplZlFkVGFQY1pjOWpNcEEvK2VCeHUzT2Yxa0hpR0g4YkVBZDBNUWk0bFpISVVWQXJmT2V2NEZhCmlaTEJGdTEzY0pCMEJNbzJUZU9JZDQ1R0p3OXVTQWd3Q1VuZWQ5WG42SlkremI3cVRKUE1qQkdlYWY0L0E5UnMKV29nWW85ZUtYaTF3YmFRcGthdUZINWx2U29jckRsQWRiaERiam00c0lIdzJtQUwwSUk0d1YzVTJLbUhFMEg3Nwp2b1M0dUdHNW1BZFZ0elRDTnZOa09YMC9WVWdNMTJ1eHllZVZ4c3FaTkxFQ2dZRUEvcFhJR2hDNlhkVkNNNDk1CkVsR1RENW4zUXdUOTZXZkNRQ0w2cXlaK1UwUHNla0dDV2pXTWt3R2tHbWl1ZkVKdFN2VFl2d1NzcUZpaTZsdlkKNXRKSkR3dEd4ZW0weEF0SWc3RlNuUVcvdDNWcExXOE9QVmFXQ0lOSXJKSHc3L2tOZ2RpVmNBWXpiN05DUGtjVgptTEs5aSt6bXpKMmkrbE9vaFVKRlE5aVZEQWNDZ1lFQTVZaDFHYWlGMUl6UzRVdE9pZklLcjZ3bW40MEQ3ZEVmClF5SXF5d3JSTVcya1BxVkViaVBCVkM3dUxUeUlKMWdwVDhPakl3WFlrOUlRdW01ZW42TTc2aXlxYmUrY3JhdE8KbEliK3pLL2RBNzZuUjBHOGJ2eVBmMS9FbU5vL0J1ZUZldWQyaWNacWhMd25HUkxUL0FPQktkMTZ4ZGtoSjdkVwo5WWRsbmliL0gya0NnWUJqaC8rQllVVGJab0xKVWJCTjN5S1ZtT1k0aDMwVmdZRktQZUt1Z3hBa1VZdmtpRFFFClBLZEcyZjlrYThTN3crU2l4M0x0eTFBTlNRbjRnZ3djd2QzYVNkaFRpL2ttSkJzbmtXM3hBY3hnVjBEVmlIT1MKdTRWUXNyTDQ5TjJ6bERVWnJLbFA4THl2VU8vM0ZTZDJXWHNOZDRNTVFCejFyVHRYVGY5eWRQeGdoUUtCZ0FzRgptWEhvK0x3ekl2RTBsNG5pT0ljbEFobkpRTFlMdzYrS2xYbDRoSUVXSGJ2d1hhL1lRYkZVSzVXNmdXTTZSWW1TCkFHUnZKRzQ4dVJicXM5cUFrU0Qya2h5RFZBZTI0U2dhcjJPTzBsTWF0WmVqWFhRSzVxMGNJU21oMlVMd25TVkEKdGgxNWpLWGhEeE9TSnVIRUhWQ3dWUFBwTUVGaStXY0M0R3RPdmhONUFvR0FKbXdFSkR2QkZtL0t0SXlZMDhuQgpJSExkc1dSWmRXOXpNbHBsMVk2OTV1b21qS1hVMEwva3VDZ1QwRFVVVG1VK0Q3aGFZL2FQajB6MWpqR0JGcEQ0ClJ3cVA2dVJQTVhRMExLSG5IbmFQclJzanM2Q2xicVQ4ZU93dTRkeVpmYUtTS3VvbVpDZ1pkV2ZxWThVL21tbWIKT21vckhNeWJzWG0wWnJNaTZOemlzam89Ci0tLS0tRU5EIFBSSVZBVEUgS0VZLS0tLS0K \n\t \n \n 5db509cfed87d \n LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUQyVENDQXNHZ0F3SUJBZ0lCQURBTkJna3Foa2lHOXcwQkFRc0ZBREJTTVJRd0VnWURWUVFERXd0cGJuUmwKY201aGJDMWpZVEVOTUFzR0ExVUVDQk1FZEdWemRERU5NQXNHQTFVRUJ4TUVkR1Z6ZERFTk1Bc0dBMVVFQ2hNRQpkR1Z6\nZERFTk1Bc0dBMVVFQ3hNRWRHVnpkREFlRncweE9URXdNamN3TXpBMk5UWmFGdzB5T1RFd01qUXdNekEyCk5UWmFNRkl4RkRBU0JnTlZCQU1UQzJsdWRHVnlibUZzTFdOaE1RMHdDd1lEVlFRSUV3UjBaWE4wTVEwd0N3WUQKVlFRSEV3UjBaWE4wTVEwd0N3WURWUVFLRXdSMFpYTjBNUTB3Q3dZRFZRUUxFd1IwWlhOM\nE1JSUJJakFOQmdrcQpoa2lHOXcwQkFRRUZBQU9DQVE4QU1JSUJDZ0tDQVFFQXdpbHJ0bjJMaVpSc0g3Tit4MjZKK3BOcEhFL0FncWoyCkNYeG5wQUZKdWVCSlhaSVdPZWtEOEVteHRZUkQ2Wi9jMEEya0ZsTXk3VmwwTVZpL3Q3QUx1NEJVUWI3ZVNKQXgKaWd0VXMwTHJRbHhNSDh5S3VqcEg1RWtlZHZoYmtRcW0zNG\n02T21oR2RwUDBsT3BxWUFJN3pwYzlwODl2M1FPcwptUHBibkNDNE9kRUR6WDNFWWZ5YVZNWXZCa3FTVTZPczZ4VXRRL3JCV2F2T3lzQXlGSzBJSmFYRHI3QjVzZVV3CkdZOG5laHVJTmpicjlXbkFXN0ozcHZ0ZHhRbS9JUENHRGJXYnBtQVpEalRkQ1p3ZTU0MTlnejBZNlJVUDV6bGgKZFNKY1F6cDZjalR4aytiM1Y\nwd3Z5VlRDKzlmMC9wbDRMS3FIZE9ycWt4dHNEaUFzNUZjenlRSURBUUFCbzRHNQpNSUcyTUIwR0ExVWREZ1FXQkJUUnNyckN4cVUvMWxvTTBnS1RFNmlaMmxJNnV6QjZCZ05WSFNNRWN6QnhnQlRSCnNyckN4cVUvMWxvTTBnS1RFNmlaMmxJNnU2RldwRlF3VWpFVU1CSUdBMVVFQXhNTGFXNTBaWEp1WVd3dFkyRXgK\nRFRBTEJnTlZCQWdUQkhSbGMzUXhEVEFMQmdOVkJBY1RCSFJsYzNReERUQUxCZ05WQkFvVEJIUmxjM1F4RFRBTApCZ05WQkFzVEJIUmxjM1NDQVFBd0RBWURWUjBUQkFVd0F3RUIvekFMQmdOVkhROEVCQU1DQVFZd0RRWUpLb1pJCmh2Y05BUUVMQlFBRGdnRUJBQWd4MThXZk1ZVEcvdkw5d045clZmRmJNRnE3N2g0W\nGhBYkJPK1ZGR1liMlBRRXQKcFdwWW9sUjl0aUwvSzhXMGFCcEt6SkRtam1zKzVkNEtlYkxFdnNzdGttSi8vSlFVODdmVU1MVGp3WTBremdHUgpSMkNaUlJJcEc1cEJ6M0ZWeGU4a211YVppWDNvbGlHM2FzV1ByYmpQUUdzU21aRTZ0Y3h1Unh2cW4zOVVoSzRyCnJ4VDZqKzdxRGVWbmFzcThkYWdqT3ZKVjh1MTk4eG\nVyQmZwaFkzdDJwMEJjTDF4NmhrWWwvNnI2VGxTVmEwT1EKVUJXWHNDR1NGK1QrY2Z0VE43OEhOYTJFZlNRelMwRkVRTTJrY1VzMGV4cE9YZlo4UU1BdU5lVEpvc013NVh3ego0bERDUFEwZ09yWUxvdWJVWDlwK0NBSi9qeUNxc3FwRW53bmRiUEE9Ci0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K \n LS0tLS1CRUdJTiBQUklWQVRFIEtFWS0tLS0tCk1JSUV2UUlCQURBTkJna3Foa2lHOXcwQkFRRUZBQVNDQktjd2dnU2pBZ0VBQW9JQkFRRENLV3UyZll1SmxHd2YKczM3SGJvbjZrMmtjVDhDQ3FQWUpmR2VrQVVtNTRFbGRraFk1NlFQd1NiRzFoRVBwbjl6UURhUVdVekx0V1hReApXTCsz\nc0F1N2dGUkJ2dDVJa0RHS0MxU3pRdXRDWEV3ZnpJcTZPa2ZrU1I1MitGdVJDcWJmaWJvNmFFWjJrL1NVCjZtcGdBanZPbHoybnoyL2RBNnlZK2x1Y0lMZzUwUVBOZmNSaC9KcFV4aThHU3BKVG82enJGUzFEK3NGWnE4N0sKd0RJVXJRZ2xwY092c0hteDVUQVpqeWQ2RzRnMk51djFhY0Jic25lbSsxM0ZDYjhnOElZT\nnRadW1ZQmtPTk4wSgpuQjdualgyRFBSanBGUS9uT1dGMUlseERPbnB5TlBHVDV2ZFhUQy9KVk1MNzEvVCttWGdzcW9kMDZ1cVRHMndPCklDemtWelBKQWdNQkFBRUNnZ0VBT3oyZ0c4SWFmUlBJR2JRT2pwTHZqb0REcFZ2QUJSM0FWQXlkSXJFeDZZREIKWWNkYytMWmIrVWpDNi9zN0xXRVZZbldIQnpqRFpSL1NEK3\nhnTW8rSVJPRlcwK2lFc2VjczlrMld2a3RBdExLcwpsMWMxVExUVGtwZXNyK2YvS0RYenpHaWRaWXpEVXhLNW9XWVVwczZIcVBVRVh0c3Y2bU5nbWh4cEx5M2NoK2J4CjlWZ0daMm40NWhTU2NnQnNWay8rM0tEc3l5KzhlUHBrUGN4SS9nV3hCZkx1bWhMeGZSeTM5cy9yZUxla1hvdkkKNXp1Q0FYMEVRWithSHdhU2F\nyOEMwRkRzZ01xZFdyR2xpcVVmMWhCZlpYNm5pWkhITWw1MkRKNExUN0liR1p1LwpDNFhTSXVxdXBGMkVyZmxabkQ1WnByV1BYdEJVU3R2TDNBQUg2Vkl4d1FLQmdRRG9HcFVRZXZJUXZkRG1peldqCjgyZmE5bGxEazd6bzdKMVYreS92bWYrdTFrVUh4YUl5M2prbXVtTHpQMDIwTUJEVmtkSnh1TEVwQkVSVEdlSVcK\nTjJYYjRGZStRNkhQdDdlU3ZETC9EZGpHNjd5YW9EZEp3V1o3RkNjQ2hNTjVMYTREKzkzQk5meW5LUUFLQnRwYwpYZXQwVUVuanNHaUZNTEVCSU4yRnBwbklMUUtCZ1FEV0p0TFcxY2RMWGxvYi8xSXpLdDVMa29QNUdlN0grblpwCndLZVRhYjVQeWlFZnRjMHhyU0kzVURpRU5rSDFpZWtuZ1g0WWk4U200MlUyQW8vY\nXEvZjZpT0g2Q3A4c3BMTkQKU0dpNzh4cUFJYVFTT21oK0pPNlphL0NMemlzVFdUc1R6bHZsRGd1T3lLR2dmQ2pmeWh2OWpHV3Uwd0YxeURoego4VUdVT1pDZmpRS0JnQng4SHEwdUdZVWFkb2ZFcittV0ZyblZuL0RlTWNINFAvcnNYOTZzN0tjZFhzMXNZTktUCldUbzZoNmhJclpXZWpJSlphaFZRMEZVelU5dExBdW\nN0RjFBYndVajFiZWRiS2FsVmRZQzl4MHZxWkhRcGszOTIKdjhmOUdpaUIrS2RuaHNLd1oyK3QyM3I4V2lmZzNXMldqUzN5S0k5TCtCZlllUENsZ3VwREh2NWxBb0dCQU1EZQpsbVVHaEVkTTRycjBhSVBNeUFnb0hOUHNsekZrVWVGTXNhQUNUSFJ3QndVWUo0WGwrRHI0OU8yZU1DbUQyNGpKCkIxZjBDVmlFMUZLZ1h\nBOEZjb0VoWnVSYlRLQllkVnJUakFBNklsUGorSEN5U2duU0dWSHo5T0QwL2JhZlZxV3YKNVBPV2dySkYzOHM2QjFZR0lNOXA4dXBRLzYra2M3TjRSU2ZKOEliQkFvR0FFMmRMdG1aazZMOHFpZ2tKT0Y4TQpjN1Z4K2FHaXBiMXNWVURhcmRxdy9WWmdZOW9LUE8zOFNRT2JnWjNHQVc3UXpEUDdRYU14c2hvUk15ZmZS\nemFSCndVNi9BdTJFQU1vNHhZU2hYR1Z0M0gzUDE1TjlUTXN5UEltRXRTMmpEeER0d1lOSTBJUjhESGJQaEZUTG1lN2MKUE40T3BrYjUvd1B2QXoxVUExVWI1c2c9Ci0tLS0tRU5EIFBSSVZBVEUgS0VZLS0tLS0K \n 0 \n \n \n 5db509cfed87e \n LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUQyVENDQXNHZ0F3SUJBZ0lCQURBTkJna3Foa2lHOXcwQkFRc0ZBREJTTVJRd0VnWURWUVFERXd0cGJuUmwKY201aGJDMWpZVEVOTUFzR0ExVUVDQk1FZEdWemRERU5NQXNHQTFVRUJ4TUVkR1Z6ZERFTk1Bc0dBMVVFQ2hNRQpkR1Z6\nZERFTk1Bc0dBMVVFQ3hNRWRHVnpkREFlRncweE9URXdNamN3TXpBMk5UWmFGdzB5T1RFd01qUXdNekEyCk5UWmFNRkl4RkRBU0JnTlZCQU1UQzJsdWRHVnlibUZzTFdOaE1RMHdDd1lEVlFRSUV3UjBaWE4wTVEwd0N3WUQKVlFRSEV3UjBaWE4wTVEwd0N3WURWUVFLRXdSMFpYTjBNUTB3Q3dZRFZRUUxFd1IwWlhOM\nE1JSUJJakFOQmdrcQpoa2lHOXcwQkFRRUZBQU9DQVE4QU1JSUJDZ0tDQVFFQXdpbHJ0bjJMaVpSc0g3Tit4MjZKK3BOcEhFL0FncWoyCkNYeG5wQUZKdWVCSlhaSVdPZWtEOEVteHRZUkQ2Wi9jMEEya0ZsTXk3VmwwTVZpL3Q3QUx1NEJVUWI3ZVNKQXgKaWd0VXMwTHJRbHhNSDh5S3VqcEg1RWtlZHZoYmtRcW0zNG\n02T21oR2RwUDBsT3BxWUFJN3pwYzlwODl2M1FPcwptUHBibkNDNE9kRUR6WDNFWWZ5YVZNWXZCa3FTVTZPczZ4VXRRL3JCV2F2T3lzQXlGSzBJSmFYRHI3QjVzZVV3CkdZOG5laHVJTmpicjlXbkFXN0ozcHZ0ZHhRbS9JUENHRGJXYnBtQVpEalRkQ1p3ZTU0MTlnejBZNlJVUDV6bGgKZFNKY1F6cDZjalR4aytiM1Y\nwd3Z5VlRDKzlmMC9wbDRMS3FIZE9ycWt4dHNEaUFzNUZjenlRSURBUUFCbzRHNQpNSUcyTUIwR0ExVWREZ1FXQkJUUnNyckN4cVUvMWxvTTBnS1RFNmlaMmxJNnV6QjZCZ05WSFNNRWN6QnhnQlRSCnNyckN4cVUvMWxvTTBnS1RFNmlaMmxJNnU2RldwRlF3VWpFVU1CSUdBMVVFQXhNTGFXNTBaWEp1WVd3dFkyRXgK\nRFRBTEJnTlZCQWdUQkhSbGMzUXhEVEFMQmdOVkJBY1RCSFJsYzNReERUQUxCZ05WQkFvVEJIUmxjM1F4RFRBTApCZ05WQkFzVEJIUmxjM1NDQVFBd0RBWURWUjBUQkFVd0F3RUIvekFMQmdOVkhROEVCQU1DQVFZd0RRWUpLb1pJCmh2Y05BUUVMQlFBRGdnRUJBQWd4MThXZk1ZVEcvdkw5d045clZmRmJNRnE3N2g0W\nGhBYkJPK1ZGR1liMlBRRXQKcFdwWW9sUjl0aUwvSzhXMGFCcEt6SkRtam1zKzVkNEtlYkxFdnNzdGttSi8vSlFVODdmVU1MVGp3WTBremdHUgpSMkNaUlJJcEc1cEJ6M0ZWeGU4a211YVppWDNvbGlHM2FzV1ByYmpQUUdzU21aRTZ0Y3h1Unh2cW4zOVVoSzRyCnJ4VDZqKzdxRGVWbmFzcThkYWdqT3ZKVjh1MTk4eG\nVyQmZwaFkzdDJwMEJjTDF4NmhrWWwvNnI2VGxTVmEwT1EKVUJXWHNDR1NGK1QrY2Z0VE43OEhOYTJFZlNRelMwRkVRTTJrY1VzMGV4cE9YZlo4UU1BdU5lVEpvc013NVh3ego0bERDUFEwZ09yWUxvdWJVWDlwK0NBSi9qeUNxc3FwRW53bmRiUEE9Ci0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K \n LS0tLS1CRUdJTiBQUklWQVRFIEtFWS0tLS0tCk1JSUV2UUlCQURBTkJna3Foa2lHOXcwQkFRRUZBQVNDQktjd2dnU2pBZ0VBQW9JQkFRRENLV3UyZll1SmxHd2YKczM3SGJvbjZrMmtjVDhDQ3FQWUpmR2VrQVVtNTRFbGRraFk1NlFQd1NiRzFoRVBwbjl6UURhUVdVekx0V1hReApXTCsz\nc0F1N2dGUkJ2dDVJa0RHS0MxU3pRdXRDWEV3ZnpJcTZPa2ZrU1I1MitGdVJDcWJmaWJvNmFFWjJrL1NVCjZtcGdBanZPbHoybnoyL2RBNnlZK2x1Y0lMZzUwUVBOZmNSaC9KcFV4aThHU3BKVG82enJGUzFEK3NGWnE4N0sKd0RJVXJRZ2xwY092c0hteDVUQVpqeWQ2RzRnMk51djFhY0Jic25lbSsxM0ZDYjhnOElZT\nnRadW1ZQmtPTk4wSgpuQjdualgyRFBSanBGUS9uT1dGMUlseERPbnB5TlBHVDV2ZFhUQy9KVk1MNzEvVCttWGdzcW9kMDZ1cVRHMndPCklDemtWelBKQWdNQkFBRUNnZ0VBT3oyZ0c4SWFmUlBJR2JRT2pwTHZqb0REcFZ2QUJSM0FWQXlkSXJFeDZZREIKWWNkYytMWmIrVWpDNi9zN0xXRVZZbldIQnpqRFpSL1NEK3\nhnTW8rSVJPRlcwK2lFc2VjczlrMld2a3RBdExLcwpsMWMxVExUVGtwZXNyK2YvS0RYenpHaWRaWXpEVXhLNW9XWVVwczZIcVBVRVh0c3Y2bU5nbWh4cEx5M2NoK2J4CjlWZ0daMm40NWhTU2NnQnNWay8rM0tEc3l5KzhlUHBrUGN4SS9nV3hCZkx1bWhMeGZSeTM5cy9yZUxla1hvdkkKNXp1Q0FYMEVRWithSHdhU2F\nyOEMwRkRzZ01xZFdyR2xpcVVmMWhCZlpYNm5pWkhITWw1MkRKNExUN0liR1p1LwpDNFhTSXVxdXBGMkVyZmxabkQ1WnByV1BYdEJVU3R2TDNBQUg2Vkl4d1FLQmdRRG9HcFVRZXZJUXZkRG1peldqCjgyZmE5bGxEazd6bzdKMVYreS92bWYrdTFrVUh4YUl5M2prbXVtTHpQMDIwTUJEVmtkSnh1TEVwQkVSVEdlSVcK\nTjJYYjRGZStRNkhQdDdlU3ZETC9EZGpHNjd5YW9EZEp3V1o3RkNjQ2hNTjVMYTREKzkzQk5meW5LUUFLQnRwYwpYZXQwVUVuanNHaUZNTEVCSU4yRnBwbklMUUtCZ1FEV0p0TFcxY2RMWGxvYi8xSXpLdDVMa29QNUdlN0grblpwCndLZVRhYjVQeWlFZnRjMHhyU0kzVURpRU5rSDFpZWtuZ1g0WWk4U200MlUyQW8vY\nXEvZjZpT0g2Q3A4c3BMTkQKU0dpNzh4cUFJYVFTT21oK0pPNlphL0NMemlzVFdUc1R6bHZsRGd1T3lLR2dmQ2pmeWh2OWpHV3Uwd0YxeURoego4VUdVT1pDZmpRS0JnQng4SHEwdUdZVWFkb2ZFcittV0ZyblZuL0RlTWNINFAvcnNYOTZzN0tjZFhzMXNZTktUCldUbzZoNmhJclpXZWpJSlphaFZRMEZVelU5dExBdW\nN0RjFBYndVajFiZWRiS2FsVmRZQzl4MHZxWkhRcGszOTIKdjhmOUdpaUIrS2RuaHNLd1oyK3QyM3I4V2lmZzNXMldqUzN5S0k5TCtCZlllUENsZ3VwREh2NWxBb0dCQU1EZQpsbVVHaEVkTTRycjBhSVBNeUFnb0hOUHNsekZrVWVGTXNhQUNUSFJ3QndVWUo0WGwrRHI0OU8yZU1DbUQyNGpKCkIxZjBDVmlFMUZLZ1h\nBOEZjb0VoWnVSYlRLQllkVnJUakFBNklsUGorSEN5U2duU0dWSHo5T0QwL2JhZlZxV3YKNVBPV2dySkYzOHM2QjFZR0lNOXA4dXBRLzYra2M3TjRSU2ZKOEliQkFvR0FFMmRMdG1aazZMOHFpZ2tKT0Y4TQpjN1Z4K2FHaXBiMXNWVURhcmRxdy9WWmdZOW9LUE8zOFNRT2JnWjNHQVc3UXpEUDdRYU14c2hvUk15ZmZS\nemFSCndVNi9BdTJFQU1vNHhZU2hYR1Z0M0gzUDE1TjlUTXN5UEltRXRTMmpEeER0d1lOSTBJUjhESGJQaEZUTG1lN2MKUE40T3BrYjUvd1B2QXoxVUExVWI1c2c9Ci0tLS0tRU5EIFBSSVZBVEUgS0VZLS0tLS0K \n 0 \n \n\t\n\t\t\n\t\t\twan \n\t\t\t192.168.1.220 \n\t\t\tGW_WAN \n\t\t\t1 \n\t\t\tinet \n\t\t\tInterface wan Gateway \n\t\t \n\t\t\n\t\t\tlan \n\t\t\t192.168.1.220 \n\t\t\tGW_LAN \n\t\t\t1 \n\t\t\tinet \n\t\t\tInterface lan Gateway \n\t\t \n\t\tGW_WAN \n\t \n\t\n\t\t\n\t\t\tnmap \n\t\t\tNMap is a utility for network exploration or security auditing.&amp;amp;amp;amp;amp;amp;amp;amp;amp;amp;lt;br/&amp;amp;amp;amp;amp;amp;amp;amp;amp;amp;gt;\n\t\t\tIt supports ping scanning (determine which hosts are up), many port scanning techniques (determine what services the hosts are offering), version detection (determine what application/service is running on a port), and TCP/IP fingerprinting (remote host OS or device identification).\n\t\t\tIt also offers flexible target and port specification, decoy/stealth scanning, SunRPC scanning, and more. \n\t\t\t1.4.4_1 \n\t\t\thttps://doc.pfsense.org/index.php/Nmap_package \n\t\t\tnmap.xml \n\t\t\t/usr/local/pkg/nmap.inc \n\t\t \n\t\t\n\t\t\tiftop \n\t\t\thttps://forum.pfsense.org/ \n\t\t\tRealtime interface monitor (console/shell only). \n\t\t\thttp://www.ex-parrot.com/~pdw/iftop/ \n\t\t\t0.17_2 \n\t\t\tiftop.xml \n\t\t \n\t\t\n\t\t\tOpen-VM-Tools \n\t\t\tVMware Tools is a suite of utilities that enhances the performance of the virtual machine's guest operating system and improves management of the virtual machine. \n\t\t\thttp://open-vm-tools.sourceforge.net/ \n\t\t\t10.1.0,1 \n\t\t\thttps://doc.pfsense.org/index.php/Open_VM_Tools_package \n\t\t\topen-vm-tools.xml \n\t\t\t/usr/local/pkg/open-vm-tools.inc \n\t\t \n\t\t\n\t\t\tsquid3 \n\t\t\tsquid \n\t\t\tHigh performance web proxy cache (3.4 branch). It combines Squid as a proxy server with its capabilities of acting as a HTTP / HTTPS reverse proxy.&amp;amp;amp;amp;amp;amp;amp;amp;amp;amp;lt;br /&amp;amp;amp;amp;amp;amp;amp;amp;amp;amp;gt;\n\t\t\tIt includes an Exchange-Web-Access (OWA) Assistant, SSL filtering and antivirus integration via C-ICAP. \n\t\t\thttps://forum.pfsense.org/index.php?board=60.0 \n\t\t\thttp://www.squid-cache.org/ \n\t\t\t0.4.44_7 \n\t\t\tsquid.xml \n\t\t\tsquid_generate_rules \n\t\t\t\n\t\t\t\t\n\t\t\t\t\tGeneral \n\t\t\t\t\t/pkg_edit.php?xml=squid.xml&id=0 \n\t\t\t\t\t \n\t\t\t\t\n\t\t\t\t\tRemote Cache \n\t\t\t\t\t/pkg.php?xml=squid_upstream.xml \n\t\t\t\t \n\t\t\t\t\n\t\t\t\t\tLocal Cache \n\t\t\t\t\t/pkg_edit.php?xml=squid_cache.xml&id=0 \n\t\t\t\t \n\t\t\t\t\n\t\t\t\t\tAntivirus \n\t\t\t\t\t/pkg_edit.php?xml=squid_antivirus.xml&id=0 \n\t\t\t\t \n\t\t\t\t\n\t\t\t\t\tACLs \n\t\t\t\t\t/pkg_edit.php?xml=squid_nac.xml&id=0 \n\t\t\t\t \n\t\t\t\t\n\t\t\t\t\tTraffic Mgmt \n\t\t\t\t\t/pkg_edit.php?xml=squid_traffic.xml&id=0 \n\t\t\t\t \n\t\t\t\t\n\t\t\t\t\tAuthentication \n\t\t\t\t\t/pkg_edit.php?xml=squid_auth.xml&id=0 \n\t\t\t\t \n\t\t\t\t\n\t\t\t\t\tUsers \n\t\t\t\t\t/pkg.php?xml=squid_users.xml \n\t\t\t\t \n\t\t\t\t\n\t\t\t\t\tReal Time \n\t\t\t\t\t/squid_monitor.php \n\t\t\t\t \n\t\t\t\t\n\t\t\t\t\tSync \n\t\t\t\t\t/pkg_edit.php?xml=squid_sync.xml \n\t\t\t\t \n\t\t\t \n\t\t\t/usr/local/pkg/squid.inc \n\t\t \n\t\t\n\t\t\tNMap \n\t\t\t\n\t\t\tnmap.xml \n\t\t \n\t\t\n\t\t\tSquid Proxy Server \n\t\t\tModify the proxy server settings \n\t\t\t\n\t\t\t/pkg_edit.php?xml=squid.xml&id=0 \n\t\t \n\t\t\n\t\t\tSquid Reverse Proxy \n\t\t\tModify the reverse proxy server settings \n\t\t\t\n\t\t\t/pkg_edit.php?xml=squid_reverse_general.xml&id=0 \n\t\t \n\t\t\n\t\t\tvmware-guestd \n\t\t\tvmware-guestd.sh \n\t\t\tmwexec(\"/usr/local/etc/rc.d/vmware-guestd status\") == 0; \n\t\t\tVMware Guest Daemon \n\t\t \n\t\t\n\t\t\tvmware-kmod \n\t\t\tvmware-kmod.sh \n\t\t\tmwexec(\"/usr/local/etc/rc.d/vmware-kmod status\") == 0; \n\t\t\tVMware Kernel Modules \n\t\t \n\t\t\n\t\t\tsquid \n\t\t\tsquid.sh \n\t\t\tsquid \n\t\t\tSquid Proxy Server Service \n\t\t \n\t\t\n\t\t\tclamd \n\t\t\tclamd.sh \n\t\t\tclamd \n\t\t\tClamAV Antivirus \n\t\t \n\t\t\n\t\t\tc-icap \n\t\t\tc-icap.sh \n\t\t\tc-icap \n\t\t\tICAP Inteface for Squid and ClamAV integration \n\t\t \n\t\t\n\t\t\t\n\t\t\t\theap LFUDA \n\t\t\t\t90 \n\t\t\t\t95 \n\t\t\t\t100 \n\t\t\t\tufs \n\t\t\t\t16 \n\t\t\t\t/var/squid/cache \n\t\t\t\t0 \n\t\t\t\t4 \n\t\t\t\t64 \n\t\t\t\t256 \n\t\t\t\theap GDSF \n\t\t\t\t \n\t\t \n\t\t\n\t\t\t\n\t\t\t\tnone \n\t\t\t \n\t\t \n\t\t\n\t\t\t\n\t\t\t\ton \n\t\t\t\ton \n\t\t\t\tlan \n\t\t\t\t3128 \n\t\t\t\ton \n\t\t\t\tlan \n\t\t\t\tsplicewhitelist \n\t\t\t\tlan \n\t\t\t\tmodern \n\t\t\t\t2048 \n\t\t\t\tnone \n\t\t\t\t/var/squid/logs \n\t\t\t\tlocalhost \n\t\t\t\tadmin@localhost \n\t\t\t\ten \n\t\t\t\ton \n\t\t\t\tstrip \n\t\t\t\t \n\t\t \n\t\t\n\t\t\t\n\t\t\t\tLg== \n\t\t\t\t \n\t\t \n\t \n\t\n\t \n\t\n\t\t\n\t\t\tipalias \n\t\t\tlan \n\t\t\t5c0a4b6139b05 \n\t\t\tsingle \n\t\t\t24 \n\t\t\t10.255.2.254 \n\t\t \n\t\t\n\t\t\tipalias \n\t\t\tlan \n\t\t\t5c0a4bd391375 \n\t\t\tsingle \n\t\t\t24 \n\t\t\t10.255.3.254 \n\t\t \n\t\t\n\t\t\tcarp \n\t\t\twan \n\t\t\t90 \n\t\t\t100 \n\t\t\t1 \n\t\t\t602874de0ff00 \n\t\t\tsingle \n\t\t\t29 \n\t\t\t151.25.19.11 \n\t\t \n\t \n\t\n\t\t\n\t\t\tpfSense \n\t\t\tacme.com \n\t\t \n\t \n\t\n\t\t\n\t\t\tvmx1 \n\t\t\t100 \n\t\t\tvmx1.100 \n\t\t \n\t\t\n\t\t\tvmx1 \n\t\t\t1100 \n\t\t\tvmx1.1100 \n\t\t \n\t\t\n\t\t\tvmx2 \n\t\t\t1100 \n\t\t\tvmx2.1100 \n\t\t \n\t \n \n"
},
{
"path": "tests/unit/plugins/modules/fixtures/2.4/pfsense_ipsec_proposal_config.xml",
"content": "\n\t18.9 \n\t\n\t\tnormal \n\t\tpfSense \n\t\tacme.com \n\t\ton \n\t\t\n\t\t\tall \n\t\t\tAll Users \n\t\t\tsystem \n\t\t\t1998 \n\t\t \n\t\t\n\t\t\tadmins \n\t\t\tSystem Administrators \n\t\t\tsystem \n\t\t\t1999 \n\t\t\t0 \n\t\t\tpage-all \n\t\t \n\t\t\n\t\t\tsystem \n\t\t\ttest \n\t\t\t \n\t\t\n\t\t\tsystem \n\t\t\tgroupe1 \n\t\t\t \n\t\t\n\t\t\tsystem \n\t\t\tgroupe2 \n\t\t\t \n\t\t\n\t\t\tadmin \n\t\t\tSystem Administrator \n\t\t\tsystem \n\t\t\tadmins \n\t\t\t$2y$10$AMCpA.Z.RNaferLp1yzFq.BvaGgfqaJKtQug7OErbocyNagsEK6xW \n\t\t\t0 \n\t\t\tuser-shell-access \n\t\t\t2 \n\t\t\tpfSense.css \n\t\t \n\t\t2000 \n\t\t2000 \n\t\t0.pfsense.pool.ntp.org \n\t\t\n\t\t\thttp \n\t\t\t5c00e5f9029df \n\t\t\t2 \n\t\t \n\t\tyes \n\t\t400000 \n\t\thadp \n\t\thadp \n\t\thadp \n\t\t\n\t\t\tmonthly \n\t\t \n\t\t\n\t\t\tenabled \n\t\t \n\t\tEtc/UTC \n\t \n\t\n\t\t\n\t\t\tvmx0 \n\t\t\twan \n\t\t\t192.168.240.137 \n\t\t\t32 \n\t\t\tSavedCfg \n\t\t\t24 \n\t\t\t \n\t\t\n\t\t\tvmx1 \n\t\t\tlan \n\t\t\t192.168.1.242 \n\t\t\t24 \n\t\t\t \n\t\t\n\t\t\tvmx2 \n\t\t\tvpn \n\t\t\t10.0.0.1 \n\t\t\t24 \n\t\t \n\t\t\n\t\t\tvmx3 \n\t\t\tvt1 \n\t\t\t \n\t\t\n\t\t\tlan_100 \n\t\t\tvmx1.1100 \n\t\t\t172.16.151.210 \n\t\t\t24 \n\t\t \n\t \n\t\n\t\t\n\t\t\t\n\t\t\t\t192.168.1.100 \n\t\t\t\t192.168.1.199 \n\t\t\t \n\t\t \n\t \n\t\n\t\t\n\t\t\t\n\t\t\t\t::1000 \n\t\t\t\t::2000 \n\t\t\t \n\t\t\tassist \n\t\t\tmedium \n\t\t \n\t \n\t\n\t\tpublic \n\t \n\t\n\t\t\n\t\t\t \n\t \n\t\n\t\t1 \n\t\t50 \n\t\tipv4 \n\t \n\t\n\t\t\n\t\t\tadvanced \n\t\t\t\n\t\t\t\t\n\t\t\t\t\tany \n\t\t\t\t \n\t\t\t\twan \n\t\t\t\t\n\t\t\t\t\t \n\t\t\t\t\n\t\t\t\t\t1544027052 \n\t\t\t\t\t \n\t\t\t\t\n\t\t\t\t\t1544027052 \n\t\t\t\t\t \n\t\t\t \n\t\t \n\t\t\n\t\t\t\n\t\t\t\t \n\t\t\t\n\t\t\t\twanip \n\t\t\t\t22022 \n\t\t\t \n\t\t\ttcp \n\t\t\t10.255.1.20 \n\t\t\t22 \n\t\t\twan \n\t\t\t\n\t\t\t\t1544085353 \n\t\t\t\t \n\t\t\t\n\t\t\t\t1544085353 \n\t\t\t\t \n\t\t \n\t \n\t\n\t\t\n\t\t\t\n\t\t\t\t\n\t\t\t\t\tfr1
\n\t\t\t\t\ttest_separator \n\t\t\t\t\tbg-info \n\t\t\t\t\tlan \n\t\t\t\t \n\t\t\t \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545574416 \n\t\t\t \n\t\t\ttcp \n\t\t\tantilock_out_1 \n\t\t\t\n\t\t\t\t1545574416 \n\t\t\t \n\t\t\t\n\t\t\t\tport_ssh \n\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\t \n\t\t\t1545574416 \n\t\t\twan \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545574416 \n\t\t\t \n\t\t\ttcp \n\t\t\tantilock_out_2 \n\t\t\t\n\t\t\t\t1545574416 \n\t\t\t \n\t\t\t\n\t\t\t\tport_http \n\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\t \n\t\t\t1545574416 \n\t\t\twan \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545574416 \n\t\t\t \n\t\t\ttcp \n\t\t\tantilock_out_3 \n\t\t\t\n\t\t\t\t1545574416 \n\t\t\t \n\t\t\t\n\t\t\t\t443 \n\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\t \n\t\t\t1545574416 \n\t\t\twan \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545574416 \n\t\t\t \n\t\t\ttcp \n\t\t\tantilock_out_1 \n\t\t\t\n\t\t\t\t1545574416 \n\t\t\t \n\t\t\t\n\t\t\t\tport_ssh \n\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\t \n\t\t\t1545574416 \n\t\t\tlan \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545574416 \n\t\t\t \n\t\t\ttcp \n\t\t\tantilock_out_2 \n\t\t\t\n\t\t\t\t1545574416 \n\t\t\t \n\t\t\t\n\t\t\t\tport_http \n\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\t \n\t\t\t1545574416 \n\t\t\tlan \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545574416 \n\t\t\t \n\t\t\ttcp \n\t\t\tantilock_out_3 \n\t\t\t\n\t\t\t\t1545574416 \n\t\t\t \n\t\t\t\n\t\t\t\t443 \n\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\t \n\t\t\t1545574416 \n\t\t\tlan \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\ticmp \n\t\t\tping_from_poc3_1 \n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\t\n\t\t\t\tsrv_admin \n\t\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\tlan_data_poc3 \n\t\t\t\t \n\t\t\t1545602758 \n\t\t\tlan \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\tudp \n\t\t\tads_to_ads_udp_1_1 \n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\t\n\t\t\t\tport_dns \n\t\t\t\tad_poc2 \n\t\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\tad_poc3 \n\t\t\t\t \n\t\t\t1545602758 \n\t\t\tlan \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\tudp \n\t\t\tads_to_ads_udp_1_2 \n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\t\n\t\t\t\tport_ldap \n\t\t\t\tad_poc2 \n\t\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\tad_poc3 \n\t\t\t\t \n\t\t\t1545602758 \n\t\t\tlan \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\tudp \n\t\t\tads_to_ads_udp_2_1 \n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\t\n\t\t\t\tport_dns \n\t\t\t\tad_poc1 \n\t\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\tad_poc3 \n\t\t\t\t \n\t\t\t1545602758 \n\t\t\tlan \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\tudp \n\t\t\tads_to_ads_udp_2_2 \n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\t\n\t\t\t\tport_ldap \n\t\t\t\tad_poc1 \n\t\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\tad_poc3 \n\t\t\t\t \n\t\t\t1545602758 \n\t\t\tlan \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\ttcp \n\t\t\tads_to_ads_tcp_1_1 \n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\t\n\t\t\t\tport_dns \n\t\t\t\tad_poc2 \n\t\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\tad_poc3 \n\t\t\t\t \n\t\t\t1545602758 \n\t\t\tlan \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\ttcp \n\t\t\tads_to_ads_tcp_1_2 \n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\t\n\t\t\t\tport_ldap \n\t\t\t\tad_poc2 \n\t\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\tad_poc3 \n\t\t\t\t \n\t\t\t1545602758 \n\t\t\tlan \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\ttcp \n\t\t\tads_to_ads_tcp_1_3 \n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\t\n\t\t\t\tport_ldap_ssl \n\t\t\t\tad_poc2 \n\t\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\tad_poc3 \n\t\t\t\t \n\t\t\t1545602758 \n\t\t\tlan \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\ttcp \n\t\t\tads_to_ads_tcp_2_1 \n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\t\n\t\t\t\tport_dns \n\t\t\t\tad_poc1 \n\t\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\tad_poc3 \n\t\t\t\t \n\t\t\t1545602758 \n\t\t\tlan \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\ttcp \n\t\t\tads_to_ads_tcp_2_2 \n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\t\n\t\t\t\tport_ldap \n\t\t\t\tad_poc1 \n\t\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\tad_poc3 \n\t\t\t\t \n\t\t\t1545602758 \n\t\t\tlan \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\ttcp \n\t\t\tads_to_ads_tcp_2_3 \n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\t\n\t\t\t\tport_ldap_ssl \n\t\t\t\tad_poc1 \n\t\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\tad_poc3 \n\t\t\t\t \n\t\t\t1545602758 \n\t\t\tlan \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545574416 \n\t\t\t \n\t\t\ttcp \n\t\t\tantilock_out_1 \n\t\t\t\n\t\t\t\t1545574416 \n\t\t\t \n\t\t\t\n\t\t\t\tport_ssh \n\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\t \n\t\t\t1545574416 \n\t\t\topt3 \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545574416 \n\t\t\t \n\t\t\ttcp \n\t\t\tantilock_out_2 \n\t\t\t\n\t\t\t\t1545574416 \n\t\t\t \n\t\t\t\n\t\t\t\tport_http \n\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\t \n\t\t\t1545574416 \n\t\t\topt3 \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545574416 \n\t\t\t \n\t\t\ttcp \n\t\t\tantilock_out_3 \n\t\t\t\n\t\t\t\t1545574416 \n\t\t\t \n\t\t\t\n\t\t\t\t443 \n\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\t \n\t\t\t1545574416 \n\t\t\topt3 \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\tudp \n\t\t\tvoid_conf_tftp_1 \n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\t\n\t\t\t\t69 \n\t\t\t\tlan_voip_poc2 \n\t\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\tipbx_poc3 \n\t\t\t\t \n\t\t\t1545602758 \n\t\t\topt3 \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\ticmp \n\t\t\tping_from_poc3_2 \n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\t\n\t\t\t\tsrv_admin \n\t\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\tlan_voip_poc3 \n\t\t\t\t \n\t\t\t1545602758 \n\t\t\topt3 \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\tudp \n\t\t\tvoid_conf_tftp_2 \n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\t\n\t\t\t\t69 \n\t\t\t\tlan_voip_poc1 \n\t\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\tipbx_poc3 \n\t\t\t\t \n\t\t\t1545602758 \n\t\t\topt3 \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545574416 \n\t\t\t \n\t\t\ttcp \n\t\t\tantilock_out_1 \n\t\t\t\n\t\t\t\t1545574416 \n\t\t\t \n\t\t\t\n\t\t\t\tport_ssh \n\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\t \n\t\t\t1545574416 \n\t\t\topt1 \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545574416 \n\t\t\t \n\t\t\ttcp \n\t\t\tantilock_out_2 \n\t\t\t\n\t\t\t\t1545574416 \n\t\t\t \n\t\t\t\n\t\t\t\tport_http \n\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\t \n\t\t\t1545574416 \n\t\t\topt1 \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545574416 \n\t\t\t \n\t\t\ttcp \n\t\t\tantilock_out_3 \n\t\t\t\n\t\t\t\t1545574416 \n\t\t\t \n\t\t\t\n\t\t\t\t443 \n\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\t \n\t\t\t1545574416 \n\t\t\topt1 \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\tudp \n\t\t\tvoid_conf_tftp_3 \n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\t\n\t\t\t\t69 \n\t\t\t\tlan_voip_poc3 \n\t\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\tipbx_poc2 \n\t\t\t\t \n\t\t\t1545602758 \n\t\t\topt1 \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\tudp \n\t\t\tads_to_ads_udp_3_1 \n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\t\n\t\t\t\tport_dns \n\t\t\t\tad_poc3 \n\t\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\tad_poc2 \n\t\t\t\t \n\t\t\t1545602758 \n\t\t\topt1 \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\tudp \n\t\t\tads_to_ads_udp_3_2 \n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\t\n\t\t\t\tport_ldap \n\t\t\t\tad_poc3 \n\t\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\tad_poc2 \n\t\t\t\t \n\t\t\t1545602758 \n\t\t\topt1 \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\tudp \n\t\t\tads_to_ads_udp_4_1 \n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\t\n\t\t\t\tport_dns \n\t\t\t\tad_poc3 \n\t\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\tad_poc1 \n\t\t\t\t \n\t\t\t1545602758 \n\t\t\topt1 \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\tudp \n\t\t\tads_to_ads_udp_4_2 \n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\t\n\t\t\t\tport_ldap \n\t\t\t\tad_poc3 \n\t\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\tad_poc1 \n\t\t\t\t \n\t\t\t1545602758 \n\t\t\topt1 \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\tudp \n\t\t\tvoid_conf_tftp_4 \n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\t\n\t\t\t\t69 \n\t\t\t\tlan_voip_poc3 \n\t\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\tipbx_poc1 \n\t\t\t\t \n\t\t\t1545602758 \n\t\t\topt1 \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\ttcp \n\t\t\tads_to_ads_tcp_4_1 \n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\t\n\t\t\t\tport_dns \n\t\t\t\tad_poc3 \n\t\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\tad_poc1 \n\t\t\t\t \n\t\t\t1545602758 \n\t\t\topt1 \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\ttcp \n\t\t\tads_to_ads_tcp_4_2 \n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\t\n\t\t\t\tport_ldap \n\t\t\t\tad_poc3 \n\t\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\tad_poc1 \n\t\t\t\t \n\t\t\t1545602758 \n\t\t\topt1 \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\ttcp \n\t\t\tads_to_ads_tcp_4_3 \n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\t\n\t\t\t\tport_ldap_ssl \n\t\t\t\tad_poc3 \n\t\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\tad_poc1 \n\t\t\t\t \n\t\t\t1545602758 \n\t\t\topt1 \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\tadmin_bypass \n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\t\n\t\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\tsrv_admin \n\t\t\t\t \n\t\t\t1545602758 \n\t\t\topt1 \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\ttcp \n\t\t\tads_to_ads_tcp_3_1 \n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\t\n\t\t\t\tport_dns \n\t\t\t\tad_poc3 \n\t\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\tad_poc2 \n\t\t\t\t \n\t\t\t1545602758 \n\t\t\topt1 \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\ttcp \n\t\t\tads_to_ads_tcp_3_2 \n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\t\n\t\t\t\tport_ldap \n\t\t\t\tad_poc3 \n\t\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\tad_poc2 \n\t\t\t\t \n\t\t\t1545602758 \n\t\t\topt1 \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\ttcp \n\t\t\tads_to_ads_tcp_3_3 \n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\t\n\t\t\t\tport_ldap_ssl \n\t\t\t\tad_poc3 \n\t\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\tad_poc2 \n\t\t\t\t \n\t\t\t1545602758 \n\t\t\topt1 \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t \n\t\n \n 1 \n ikev2 \n opt3 \n 1.2.4.8 \n inet \n myaddress \n peeraddress \n \n - \n
\n aes \n 128 \n \n sha256 \n 14 \n \n - \n
\n aes \n 256 \n \n sha256 \n 14 \n \n - \n
\n aes128gcm \n 128 \n \n sha256 \n 14 \n \n - \n
\n blowfish \n 256 \n \n aesxcbc \n 14 \n \n \n 28800 \n 1234 \n pre_shared_key \n test_tunnel \n on \n off \n 10 \n 5 \n \n \n 1 \n 5db7be207c845 \n tunnel \n 1 \n \n lan \n \n \n network \n 10.20.30.40 \n 24 \n \n esp \n \n aes \n 128 \n \n \n aes128gcm \n 128 \n \n hmac_sha256 \n 14 \n 3600 \n \n \n 1 \n 5db7be3c0502e \n tunnel \n 2 \n \n lan \n \n \n network \n 10.20.30.50 \n 24 \n \n esp \n \n aes \n 128 \n \n \n aes128gcm \n 128 \n \n hmac_sha256 \n 14 \n 3600 \n \n \n 2 \n ikev1 \n opt3 \n 1.2.3.6 \n inet \n myaddress \n peeraddress \n 28800 \n 1234 \n 5c00e5f9029df \n 5db509cfed87d \n rsasig \n test_tunnel2 \n on \n off \n 10 \n 5 \n \n \n\t\n\t\t\n\t\t\tport \n\t\t\tport_ssh \n\t\t\t22 \n\t\t \n\t\t\n\t\t\tport \n\t\t\tport_http \n\t\t\t80 \n\t\t \n\t\t\n\t\t\thost \n\t\t\tsrv_admin \n\t\t\t192.168.1.165 \n\t\t \n\t\t\n\t\t\tport \n\t\t\tport_dns \n\t\t\t51 \n\t\t \n\t\t\n\t\t\tport \n\t\t\tport_ldap \n\t\t\t389 \n\t\t \n\t\t\n\t\t\tport \n\t\t\tport_ldap_ssl \n\t\t\t636 \n\t\t \n\t\n\t\t\tnetwork \n\t\t\tlan_voip_poc2 \n\t\t\t172.16.2.0/24 \n\t\t\t \n\t\t\n\t\t\tnetwork \n\t\t\tlan_voip_poc3 \n\t\t\t172.16.3.0/24 \n\t\t\t \n\t\t\n\t\t\tnetwork \n\t\t\tlan_voip_poc1 \n\t\t\t172.16.1.0/24 \n\t\t\t \n\t\t\n\t\t\thost \n\t\t\tad_poc3 \n\t\t\t192.168.3.3 \n\t\t\t \n\t\t\n\t\t\thost \n\t\t\tad_poc2 \n\t\t\t192.168.2.3 \n\t\t\t \n\t\t\n\t\t\thost \n\t\t\tad_poc1 \n\t\t\t192.168.1.3 \n\t\t\t \n\t\t\n\t\t\tnetwork \n\t\t\tlan_data_poc3 \n\t\t\t192.168.3.0/24 \n\t\t\t \n\t\t\n\t\t\thost \n\t\t\tipbx_poc3 \n\t\t\t172.16.3.3 \n\t\t\t \n\t\t\n\t\t\thost \n\t\t\tipbx_poc2 \n\t\t\t172.16.2.3 \n\t\t\t \n\t\t\n\t\t\thost \n\t\t\tipbx_poc1 \n\t\t\t172.16.1.3 \n\t\t\t \n\t\t\n\t\t\thttp://www.acme-corp.com \n\t\t\turltable \n\t\t\t10 \n\t\t\thttp://www.acme-corp.com \n\t\t\tacme_corp \n\t\t\t \n\t\t \n\t\n\t\t- \n\t\t\t
1,31 \n\t\t\t0-5 \n\t\t\t* \n\t\t\t* \n\t\t\t* \n\t\t\troot \n\t\t\t/usr/bin/nice -n20 adjkerntz -a \n\t\t \n\t\t- \n\t\t\t
1 \n\t\t\t3 \n\t\t\t1 \n\t\t\t* \n\t\t\t* \n\t\t\troot \n\t\t\t/usr/bin/nice -n20 /etc/rc.update_bogons.sh \n\t\t \n\t\t- \n\t\t\t
*/60 \n\t\t\t* \n\t\t\t* \n\t\t\t* \n\t\t\t* \n\t\t\troot \n\t\t\t/usr/bin/nice -n20 /usr/local/sbin/expiretable -v -t 3600 sshguard \n\t\t \n\t\t- \n\t\t\t
*/60 \n\t\t\t* \n\t\t\t* \n\t\t\t* \n\t\t\t* \n\t\t\troot \n\t\t\t/usr/bin/nice -n20 /usr/local/sbin/expiretable -v -t 3600 webConfiguratorlockout \n\t\t \n\t\t- \n\t\t\t
1 \n\t\t\t1 \n\t\t\t* \n\t\t\t* \n\t\t\t* \n\t\t\troot \n\t\t\t/usr/bin/nice -n20 /etc/rc.dyndns.update \n\t\t \n\t\t- \n\t\t\t
*/60 \n\t\t\t* \n\t\t\t* \n\t\t\t* \n\t\t\t* \n\t\t\troot \n\t\t\t/usr/bin/nice -n20 /usr/local/sbin/expiretable -v -t 3600 virusprot \n\t\t \n\t\t- \n\t\t\t
30 \n\t\t\t12 \n\t\t\t* \n\t\t\t* \n\t\t\t* \n\t\t\troot \n\t\t\t/usr/bin/nice -n20 /etc/rc.update_urltables \n\t\t \n\t\t- \n\t\t\t
1 \n\t\t\t0 \n\t\t\t* \n\t\t\t* \n\t\t\t* \n\t\t\troot \n\t\t\t/usr/bin/nice -n20 /etc/rc.update_pkg_metadata \n\t\t \n\t\t- \n\t\t\t
0 \n\t\t\t0 \n\t\t\t* \n\t\t\t* \n\t\t\t* \n\t\t\troot \n\t\t\t/usr/local/sbin/squid -k rotate -f /usr/local/etc/squid/squid.conf \n\t\t \n\t\t- \n\t\t\t
15 \n\t\t\t0 \n\t\t\t* \n\t\t\t* \n\t\t\t* \n\t\t\troot \n\t\t\t/usr/local/pkg/swapstate_check.php \n\t\t \n\t \n\t\n\t\t \n\t\n\t\t\n\t\t\tICMP \n\t\t\ticmp \n\t\t\tICMP \n\t\t\t \n\t\t\n\t\t\tTCP \n\t\t\ttcp \n\t\t\tGeneric TCP \n\t\t\t \n\t\t\n\t\t\tHTTP \n\t\t\thttp \n\t\t\tGeneric HTTP \n\t\t\t\n\t\t\t\t/ \n\t\t\t\t200\n\t\t\t \n\t\t \n\t\t\n\t\t\tHTTPS \n\t\t\thttps \n\t\t\tGeneric HTTPS \n\t\t\t\n\t\t\t\t/ \n\t\t\t\t200\n\t\t\t \n\t\t \n\t\t\n\t\t\tSMTP \n\t\t\tsend \n\t\t\tGeneric SMTP \n\t\t\t\n\t\t\t\t220 * \n\t\t\t \n\t\t \n\t \n\t\n\t\tsystem_information:col1:open:0,interfaces:col2:open:0 \n\t\t10 \n\t \n\t\n\t\t \n\t\n\t\t1545602758 \n\t\taggregated change \n\t\t \n \n\t\t5c00e5f9029df \n\t\twebConfigurator default (5c00e5f9029df) \n\t\tserver \n\t\tLS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUVlakNDQTJLZ0F3SUJBZ0lCQURBTkJna3Foa2lHOXcwQkFRc0ZBREJhTVRnd05nWURWUVFLRXk5d1psTmwKYm5ObElIZGxZa052Ym1acFozVnlZWFJ2Y2lCVFpXeG1MVk5wWjI1bFpDQkRaWEowYVdacFkyRjBaVEVlTUJ3RwpBMVVFQXhNVmNHWlRaVzV6WlMwMVl6QXdaVFZtT1RBeU9XUm1NQjRYRFRFNE1URXpNREEzTWpVME5Wb1hEVEkwCk1EVXlNakEzTWpVME5Wb3dXakU0TURZR0ExVUVDaE12Y0daVFpXNXpaU0IzWldKRGIyNW1hV2QxY21GMGIzSWcKVTJWc1ppMVRhV2R1WldRZ1EyVnlkR2xtYVdOaGRHVXhIakFjQmdOVkJBTVRGWEJtVTJWdWMyVXROV013TUdVMQpaamt3TWpsa1pqQ0NBU0l3RFFZSktvWklodmNOQVFFQkJRQURnZ0VQQURDQ0FRb0NnZ0VCQU9SRHNBV1hlMitrCmtuUFpBUGxBUG1QUUl6RVBDaXBQdXJ4dmE4c0psSCtiNitKRzl4bnpreXptaVR5SFc0M0tmZzVKNzhCdG1jTmQKWlgvZHlyckZ6dlNiQnZpa21lWk9MdGVaejVaaGFOdkxsbjBxRWZibEFwbWdkUS9Nck42eURoTWNZYWN6SEduTwpTaHdFRWZoMHhuOGo5VEFCMG9vT0JyU2dINnpkTjF2YVFIZzBJeDhIa0toUzY5eDRoV3g2WUUrRE9UQk00NUcwCkNVbitUVzNTSytQaU5QaFExT2tyRHlKL21ZLzdmVXpRZkg1bk5ZcEtNZUE2cVZxdUZTa1g0a0RVRlFwOHNoNG4KMXR5QmtJM2gvTFRpTW5uNjhBMXhKOFdrVW8yUWNxNmNuR0hqL0VGbkVKWWRraTVsYUtDWG5wS0Y0c2hrZHJaVgpRN21ybithUHg5OENBd0VBQWFPQ0FVa3dnZ0ZGTUFrR0ExVWRFd1FDTUFBd0VRWUpZSVpJQVliNFFnRUJCQVFECkFnWkFNQXNHQTFVZER3UUVBd0lGb0RBekJnbGdoa2dCaHZoQ0FRMEVKaFlrVDNCbGJsTlRUQ0JIWlc1bGNtRjAKWldRZ1UyVnlkbVZ5SUVObGNuUnBabWxqWVhSbE1CMEdBMVVkRGdRV0JCU3Qra3hud054UlFGT2pXVTljekRwegp4elRYd2pDQmdnWURWUjBqQkhzd2VZQVVyZnBNWjhEY1VVQlRvMWxQWE13NmM4YzAxOEtoWHFSY01Gb3hPREEyCkJnTlZCQW9UTDNCbVUyVnVjMlVnZDJWaVEyOXVabWxuZFhKaGRHOXlJRk5sYkdZdFUybG5ibVZrSUVObGNuUnAKWm1sallYUmxNUjR3SEFZRFZRUURFeFZ3WmxObGJuTmxMVFZqTURCbE5XWTVNREk1WkdhQ0FRQXdIUVlEVlIwbApCQll3RkFZSUt3WUJCUVVIQXdFR0NDc0dBUVVGQ0FJQ01DQUdBMVVkRVFRWk1CZUNGWEJtVTJWdWMyVXROV013Ck1HVTFaamt3TWpsa1pqQU5CZ2txaGtpRzl3MEJBUXNGQUFPQ0FRRUEzZHhIRWR5SkpWeC9od0t3WGlwcXYrY04KWFpSQ3Q1NUFHbnNGeXZIcG5Rb3pxYzV1ZFdKSTFUcGF1TGNaZjF6OFM1cXQyUDd3V1BndFhnZ3BIWmgydUlqagpha2ZpV0JIQnorS3Q2Qjl5K2hmVTVPRHUwSXMrcHJyWngyM0ZNNjVCOFNiMGlmUlMvZXFTTFpHTHcvLzdhRVJ2CnVpOUhKOXRuemhRYklMb1VwUUQ5MTRLNERldXdJYXZ4dldMTElwMGsreWNoSTczV2NGR1VZVlJpanFNekhlcUcKY2RLRDVtbXZQTk1OYXdESVhuU3pldVpQMTkvVmhuc0J0Y3hiYzNMQ2RSR1VJS0ZNN2syK0xoaEZrdks1NjhlNQozalpNZjNSVWhQaTlFeEF2Vmw3blVyd1l4UU45TXhHMUJzZmNrYldNd1dUL3lFMHFnRHcrT2M4b21SSW9tZz09Ci0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K \n\t\tLS0tLS1CRUdJTiBQUklWQVRFIEtFWS0tLS0tCk1JSUV2UUlCQURBTkJna3Foa2lHOXcwQkFRRUZBQVNDQktjd2dnU2pBZ0VBQW9JQkFRRGtRN0FGbDN0dnBKSnoKMlFENVFENWowQ014RHdvcVQ3cThiMnZMQ1pSL20rdmlSdmNaODVNczVvazhoMXVOeW40T1NlL0FiWm5EWFdWLwozY3E2eGM3MG13YjRwSm5tVGk3WG1jK1dZV2pieTVaOUtoSDI1UUtab0hVUHpLemVzZzRUSEdHbk14eHB6a29jCkJCSDRkTVovSS9Vd0FkS0tEZ2Ewb0IrczNUZGIya0I0TkNNZkI1Q29VdXZjZUlWc2VtQlBnemt3VE9PUnRBbEoKL2sxdDBpdmo0alQ0VU5UcEt3OGlmNW1QKzMxTTBIeCtaeldLU2pIZ09xbGFyaFVwRitKQTFCVUtmTEllSjliYwpnWkNONGZ5MDRqSjUrdkFOY1NmRnBGS05rSEt1bkp4aDQveEJaeENXSFpJdVpXaWdsNTZTaGVMSVpIYTJWVU81CnE1L21qOGZmQWdNQkFBRUNnZ0VCQUpmblI1TmhESjd1T1J2cEZKSEtvL3BPZjZ6ZElsbW45MUFCSWczYkVUeWUKcWFwS3FaUldtT0d2aFRLSHJYQzlpWWUrd2xNZlhNMDdNUm1Yb3BzS21rQURqdThXc3VnbHJWeURHamNzR2RqegpNZkdYZHA4RUplZlFkVGFQY1pjOWpNcEEvK2VCeHUzT2Yxa0hpR0g4YkVBZDBNUWk0bFpISVVWQXJmT2V2NEZhCmlaTEJGdTEzY0pCMEJNbzJUZU9JZDQ1R0p3OXVTQWd3Q1VuZWQ5WG42SlkremI3cVRKUE1qQkdlYWY0L0E5UnMKV29nWW85ZUtYaTF3YmFRcGthdUZINWx2U29jckRsQWRiaERiam00c0lIdzJtQUwwSUk0d1YzVTJLbUhFMEg3Nwp2b1M0dUdHNW1BZFZ0elRDTnZOa09YMC9WVWdNMTJ1eHllZVZ4c3FaTkxFQ2dZRUEvcFhJR2hDNlhkVkNNNDk1CkVsR1RENW4zUXdUOTZXZkNRQ0w2cXlaK1UwUHNla0dDV2pXTWt3R2tHbWl1ZkVKdFN2VFl2d1NzcUZpaTZsdlkKNXRKSkR3dEd4ZW0weEF0SWc3RlNuUVcvdDNWcExXOE9QVmFXQ0lOSXJKSHc3L2tOZ2RpVmNBWXpiN05DUGtjVgptTEs5aSt6bXpKMmkrbE9vaFVKRlE5aVZEQWNDZ1lFQTVZaDFHYWlGMUl6UzRVdE9pZklLcjZ3bW40MEQ3ZEVmClF5SXF5d3JSTVcya1BxVkViaVBCVkM3dUxUeUlKMWdwVDhPakl3WFlrOUlRdW01ZW42TTc2aXlxYmUrY3JhdE8KbEliK3pLL2RBNzZuUjBHOGJ2eVBmMS9FbU5vL0J1ZUZldWQyaWNacWhMd25HUkxUL0FPQktkMTZ4ZGtoSjdkVwo5WWRsbmliL0gya0NnWUJqaC8rQllVVGJab0xKVWJCTjN5S1ZtT1k0aDMwVmdZRktQZUt1Z3hBa1VZdmtpRFFFClBLZEcyZjlrYThTN3crU2l4M0x0eTFBTlNRbjRnZ3djd2QzYVNkaFRpL2ttSkJzbmtXM3hBY3hnVjBEVmlIT1MKdTRWUXNyTDQ5TjJ6bERVWnJLbFA4THl2VU8vM0ZTZDJXWHNOZDRNTVFCejFyVHRYVGY5eWRQeGdoUUtCZ0FzRgptWEhvK0x3ekl2RTBsNG5pT0ljbEFobkpRTFlMdzYrS2xYbDRoSUVXSGJ2d1hhL1lRYkZVSzVXNmdXTTZSWW1TCkFHUnZKRzQ4dVJicXM5cUFrU0Qya2h5RFZBZTI0U2dhcjJPTzBsTWF0WmVqWFhRSzVxMGNJU21oMlVMd25TVkEKdGgxNWpLWGhEeE9TSnVIRUhWQ3dWUFBwTUVGaStXY0M0R3RPdmhONUFvR0FKbXdFSkR2QkZtL0t0SXlZMDhuQgpJSExkc1dSWmRXOXpNbHBsMVk2OTV1b21qS1hVMEwva3VDZ1QwRFVVVG1VK0Q3aGFZL2FQajB6MWpqR0JGcEQ0ClJ3cVA2dVJQTVhRMExLSG5IbmFQclJzanM2Q2xicVQ4ZU93dTRkeVpmYUtTS3VvbVpDZ1pkV2ZxWThVL21tbWIKT21vckhNeWJzWG0wWnJNaTZOemlzam89Ci0tLS0tRU5EIFBSSVZBVEUgS0VZLS0tLS0K \n\t \n \n\t\t5c00e5f9029de \n\t\twebConfigurator default copy \n\t\tserver \n\t\tLS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUVlakNDQTJLZ0F3SUJBZ0lCQURBTkJna3Foa2lHOXcwQkFRc0ZBREJhTVRnd05nWURWUVFLRXk5d1psTmwKYm5ObElIZGxZa052Ym1acFozVnlZWFJ2Y2lCVFpXeG1MVk5wWjI1bFpDQkRaWEowYVdacFkyRjBaVEVlTUJ3RwpBMVVFQXhNVmNHWlRaVzV6WlMwMVl6QXdaVFZtT1RBeU9XUm1NQjRYRFRFNE1URXpNREEzTWpVME5Wb1hEVEkwCk1EVXlNakEzTWpVME5Wb3dXakU0TURZR0ExVUVDaE12Y0daVFpXNXpaU0IzWldKRGIyNW1hV2QxY21GMGIzSWcKVTJWc1ppMVRhV2R1WldRZ1EyVnlkR2xtYVdOaGRHVXhIakFjQmdOVkJBTVRGWEJtVTJWdWMyVXROV013TUdVMQpaamt3TWpsa1pqQ0NBU0l3RFFZSktvWklodmNOQVFFQkJRQURnZ0VQQURDQ0FRb0NnZ0VCQU9SRHNBV1hlMitrCmtuUFpBUGxBUG1QUUl6RVBDaXBQdXJ4dmE4c0psSCtiNitKRzl4bnpreXptaVR5SFc0M0tmZzVKNzhCdG1jTmQKWlgvZHlyckZ6dlNiQnZpa21lWk9MdGVaejVaaGFOdkxsbjBxRWZibEFwbWdkUS9Nck42eURoTWNZYWN6SEduTwpTaHdFRWZoMHhuOGo5VEFCMG9vT0JyU2dINnpkTjF2YVFIZzBJeDhIa0toUzY5eDRoV3g2WUUrRE9UQk00NUcwCkNVbitUVzNTSytQaU5QaFExT2tyRHlKL21ZLzdmVXpRZkg1bk5ZcEtNZUE2cVZxdUZTa1g0a0RVRlFwOHNoNG4KMXR5QmtJM2gvTFRpTW5uNjhBMXhKOFdrVW8yUWNxNmNuR0hqL0VGbkVKWWRraTVsYUtDWG5wS0Y0c2hrZHJaVgpRN21ybithUHg5OENBd0VBQWFPQ0FVa3dnZ0ZGTUFrR0ExVWRFd1FDTUFBd0VRWUpZSVpJQVliNFFnRUJCQVFECkFnWkFNQXNHQTFVZER3UUVBd0lGb0RBekJnbGdoa2dCaHZoQ0FRMEVKaFlrVDNCbGJsTlRUQ0JIWlc1bGNtRjAKWldRZ1UyVnlkbVZ5SUVObGNuUnBabWxqWVhSbE1CMEdBMVVkRGdRV0JCU3Qra3hud054UlFGT2pXVTljekRwegp4elRYd2pDQmdnWURWUjBqQkhzd2VZQVVyZnBNWjhEY1VVQlRvMWxQWE13NmM4YzAxOEtoWHFSY01Gb3hPREEyCkJnTlZCQW9UTDNCbVUyVnVjMlVnZDJWaVEyOXVabWxuZFhKaGRHOXlJRk5sYkdZdFUybG5ibVZrSUVObGNuUnAKWm1sallYUmxNUjR3SEFZRFZRUURFeFZ3WmxObGJuTmxMVFZqTURCbE5XWTVNREk1WkdhQ0FRQXdIUVlEVlIwbApCQll3RkFZSUt3WUJCUVVIQXdFR0NDc0dBUVVGQ0FJQ01DQUdBMVVkRVFRWk1CZUNGWEJtVTJWdWMyVXROV013Ck1HVTFaamt3TWpsa1pqQU5CZ2txaGtpRzl3MEJBUXNGQUFPQ0FRRUEzZHhIRWR5SkpWeC9od0t3WGlwcXYrY04KWFpSQ3Q1NUFHbnNGeXZIcG5Rb3pxYzV1ZFdKSTFUcGF1TGNaZjF6OFM1cXQyUDd3V1BndFhnZ3BIWmgydUlqagpha2ZpV0JIQnorS3Q2Qjl5K2hmVTVPRHUwSXMrcHJyWngyM0ZNNjVCOFNiMGlmUlMvZXFTTFpHTHcvLzdhRVJ2CnVpOUhKOXRuemhRYklMb1VwUUQ5MTRLNERldXdJYXZ4dldMTElwMGsreWNoSTczV2NGR1VZVlJpanFNekhlcUcKY2RLRDVtbXZQTk1OYXdESVhuU3pldVpQMTkvVmhuc0J0Y3hiYzNMQ2RSR1VJS0ZNN2syK0xoaEZrdks1NjhlNQozalpNZjNSVWhQaTlFeEF2Vmw3blVyd1l4UU45TXhHMUJzZmNrYldNd1dUL3lFMHFnRHcrT2M4b21SSW9tZz09Ci0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K \n\t\tLS0tLS1CRUdJTiBQUklWQVRFIEtFWS0tLS0tCk1JSUV2UUlCQURBTkJna3Foa2lHOXcwQkFRRUZBQVNDQktjd2dnU2pBZ0VBQW9JQkFRRGtRN0FGbDN0dnBKSnoKMlFENVFENWowQ014RHdvcVQ3cThiMnZMQ1pSL20rdmlSdmNaODVNczVvazhoMXVOeW40T1NlL0FiWm5EWFdWLwozY3E2eGM3MG13YjRwSm5tVGk3WG1jK1dZV2pieTVaOUtoSDI1UUtab0hVUHpLemVzZzRUSEdHbk14eHB6a29jCkJCSDRkTVovSS9Vd0FkS0tEZ2Ewb0IrczNUZGIya0I0TkNNZkI1Q29VdXZjZUlWc2VtQlBnemt3VE9PUnRBbEoKL2sxdDBpdmo0alQ0VU5UcEt3OGlmNW1QKzMxTTBIeCtaeldLU2pIZ09xbGFyaFVwRitKQTFCVUtmTEllSjliYwpnWkNONGZ5MDRqSjUrdkFOY1NmRnBGS05rSEt1bkp4aDQveEJaeENXSFpJdVpXaWdsNTZTaGVMSVpIYTJWVU81CnE1L21qOGZmQWdNQkFBRUNnZ0VCQUpmblI1TmhESjd1T1J2cEZKSEtvL3BPZjZ6ZElsbW45MUFCSWczYkVUeWUKcWFwS3FaUldtT0d2aFRLSHJYQzlpWWUrd2xNZlhNMDdNUm1Yb3BzS21rQURqdThXc3VnbHJWeURHamNzR2RqegpNZkdYZHA4RUplZlFkVGFQY1pjOWpNcEEvK2VCeHUzT2Yxa0hpR0g4YkVBZDBNUWk0bFpISVVWQXJmT2V2NEZhCmlaTEJGdTEzY0pCMEJNbzJUZU9JZDQ1R0p3OXVTQWd3Q1VuZWQ5WG42SlkremI3cVRKUE1qQkdlYWY0L0E5UnMKV29nWW85ZUtYaTF3YmFRcGthdUZINWx2U29jckRsQWRiaERiam00c0lIdzJtQUwwSUk0d1YzVTJLbUhFMEg3Nwp2b1M0dUdHNW1BZFZ0elRDTnZOa09YMC9WVWdNMTJ1eHllZVZ4c3FaTkxFQ2dZRUEvcFhJR2hDNlhkVkNNNDk1CkVsR1RENW4zUXdUOTZXZkNRQ0w2cXlaK1UwUHNla0dDV2pXTWt3R2tHbWl1ZkVKdFN2VFl2d1NzcUZpaTZsdlkKNXRKSkR3dEd4ZW0weEF0SWc3RlNuUVcvdDNWcExXOE9QVmFXQ0lOSXJKSHc3L2tOZ2RpVmNBWXpiN05DUGtjVgptTEs5aSt6bXpKMmkrbE9vaFVKRlE5aVZEQWNDZ1lFQTVZaDFHYWlGMUl6UzRVdE9pZklLcjZ3bW40MEQ3ZEVmClF5SXF5d3JSTVcya1BxVkViaVBCVkM3dUxUeUlKMWdwVDhPakl3WFlrOUlRdW01ZW42TTc2aXlxYmUrY3JhdE8KbEliK3pLL2RBNzZuUjBHOGJ2eVBmMS9FbU5vL0J1ZUZldWQyaWNacWhMd25HUkxUL0FPQktkMTZ4ZGtoSjdkVwo5WWRsbmliL0gya0NnWUJqaC8rQllVVGJab0xKVWJCTjN5S1ZtT1k0aDMwVmdZRktQZUt1Z3hBa1VZdmtpRFFFClBLZEcyZjlrYThTN3crU2l4M0x0eTFBTlNRbjRnZ3djd2QzYVNkaFRpL2ttSkJzbmtXM3hBY3hnVjBEVmlIT1MKdTRWUXNyTDQ5TjJ6bERVWnJLbFA4THl2VU8vM0ZTZDJXWHNOZDRNTVFCejFyVHRYVGY5eWRQeGdoUUtCZ0FzRgptWEhvK0x3ekl2RTBsNG5pT0ljbEFobkpRTFlMdzYrS2xYbDRoSUVXSGJ2d1hhL1lRYkZVSzVXNmdXTTZSWW1TCkFHUnZKRzQ4dVJicXM5cUFrU0Qya2h5RFZBZTI0U2dhcjJPTzBsTWF0WmVqWFhRSzVxMGNJU21oMlVMd25TVkEKdGgxNWpLWGhEeE9TSnVIRUhWQ3dWUFBwTUVGaStXY0M0R3RPdmhONUFvR0FKbXdFSkR2QkZtL0t0SXlZMDhuQgpJSExkc1dSWmRXOXpNbHBsMVk2OTV1b21qS1hVMEwva3VDZ1QwRFVVVG1VK0Q3aGFZL2FQajB6MWpqR0JGcEQ0ClJ3cVA2dVJQTVhRMExLSG5IbmFQclJzanM2Q2xicVQ4ZU93dTRkeVpmYUtTS3VvbVpDZ1pkV2ZxWThVL21tbWIKT21vckhNeWJzWG0wWnJNaTZOemlzam89Ci0tLS0tRU5EIFBSSVZBVEUgS0VZLS0tLS0K \n\t \n \n 5db509cfed87d \n LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUQyVENDQXNHZ0F3SUJBZ0lCQURBTkJna3Foa2lHOXcwQkFRc0ZBREJTTVJRd0VnWURWUVFERXd0cGJuUmwKY201aGJDMWpZVEVOTUFzR0ExVUVDQk1FZEdWemRERU5NQXNHQTFVRUJ4TUVkR1Z6ZERFTk1Bc0dBMVVFQ2hNRQpkR1Z6\nZERFTk1Bc0dBMVVFQ3hNRWRHVnpkREFlRncweE9URXdNamN3TXpBMk5UWmFGdzB5T1RFd01qUXdNekEyCk5UWmFNRkl4RkRBU0JnTlZCQU1UQzJsdWRHVnlibUZzTFdOaE1RMHdDd1lEVlFRSUV3UjBaWE4wTVEwd0N3WUQKVlFRSEV3UjBaWE4wTVEwd0N3WURWUVFLRXdSMFpYTjBNUTB3Q3dZRFZRUUxFd1IwWlhOM\nE1JSUJJakFOQmdrcQpoa2lHOXcwQkFRRUZBQU9DQVE4QU1JSUJDZ0tDQVFFQXdpbHJ0bjJMaVpSc0g3Tit4MjZKK3BOcEhFL0FncWoyCkNYeG5wQUZKdWVCSlhaSVdPZWtEOEVteHRZUkQ2Wi9jMEEya0ZsTXk3VmwwTVZpL3Q3QUx1NEJVUWI3ZVNKQXgKaWd0VXMwTHJRbHhNSDh5S3VqcEg1RWtlZHZoYmtRcW0zNG\n02T21oR2RwUDBsT3BxWUFJN3pwYzlwODl2M1FPcwptUHBibkNDNE9kRUR6WDNFWWZ5YVZNWXZCa3FTVTZPczZ4VXRRL3JCV2F2T3lzQXlGSzBJSmFYRHI3QjVzZVV3CkdZOG5laHVJTmpicjlXbkFXN0ozcHZ0ZHhRbS9JUENHRGJXYnBtQVpEalRkQ1p3ZTU0MTlnejBZNlJVUDV6bGgKZFNKY1F6cDZjalR4aytiM1Y\nwd3Z5VlRDKzlmMC9wbDRMS3FIZE9ycWt4dHNEaUFzNUZjenlRSURBUUFCbzRHNQpNSUcyTUIwR0ExVWREZ1FXQkJUUnNyckN4cVUvMWxvTTBnS1RFNmlaMmxJNnV6QjZCZ05WSFNNRWN6QnhnQlRSCnNyckN4cVUvMWxvTTBnS1RFNmlaMmxJNnU2RldwRlF3VWpFVU1CSUdBMVVFQXhNTGFXNTBaWEp1WVd3dFkyRXgK\nRFRBTEJnTlZCQWdUQkhSbGMzUXhEVEFMQmdOVkJBY1RCSFJsYzNReERUQUxCZ05WQkFvVEJIUmxjM1F4RFRBTApCZ05WQkFzVEJIUmxjM1NDQVFBd0RBWURWUjBUQkFVd0F3RUIvekFMQmdOVkhROEVCQU1DQVFZd0RRWUpLb1pJCmh2Y05BUUVMQlFBRGdnRUJBQWd4MThXZk1ZVEcvdkw5d045clZmRmJNRnE3N2g0W\nGhBYkJPK1ZGR1liMlBRRXQKcFdwWW9sUjl0aUwvSzhXMGFCcEt6SkRtam1zKzVkNEtlYkxFdnNzdGttSi8vSlFVODdmVU1MVGp3WTBremdHUgpSMkNaUlJJcEc1cEJ6M0ZWeGU4a211YVppWDNvbGlHM2FzV1ByYmpQUUdzU21aRTZ0Y3h1Unh2cW4zOVVoSzRyCnJ4VDZqKzdxRGVWbmFzcThkYWdqT3ZKVjh1MTk4eG\nVyQmZwaFkzdDJwMEJjTDF4NmhrWWwvNnI2VGxTVmEwT1EKVUJXWHNDR1NGK1QrY2Z0VE43OEhOYTJFZlNRelMwRkVRTTJrY1VzMGV4cE9YZlo4UU1BdU5lVEpvc013NVh3ego0bERDUFEwZ09yWUxvdWJVWDlwK0NBSi9qeUNxc3FwRW53bmRiUEE9Ci0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K \n LS0tLS1CRUdJTiBQUklWQVRFIEtFWS0tLS0tCk1JSUV2UUlCQURBTkJna3Foa2lHOXcwQkFRRUZBQVNDQktjd2dnU2pBZ0VBQW9JQkFRRENLV3UyZll1SmxHd2YKczM3SGJvbjZrMmtjVDhDQ3FQWUpmR2VrQVVtNTRFbGRraFk1NlFQd1NiRzFoRVBwbjl6UURhUVdVekx0V1hReApXTCsz\nc0F1N2dGUkJ2dDVJa0RHS0MxU3pRdXRDWEV3ZnpJcTZPa2ZrU1I1MitGdVJDcWJmaWJvNmFFWjJrL1NVCjZtcGdBanZPbHoybnoyL2RBNnlZK2x1Y0lMZzUwUVBOZmNSaC9KcFV4aThHU3BKVG82enJGUzFEK3NGWnE4N0sKd0RJVXJRZ2xwY092c0hteDVUQVpqeWQ2RzRnMk51djFhY0Jic25lbSsxM0ZDYjhnOElZT\nnRadW1ZQmtPTk4wSgpuQjdualgyRFBSanBGUS9uT1dGMUlseERPbnB5TlBHVDV2ZFhUQy9KVk1MNzEvVCttWGdzcW9kMDZ1cVRHMndPCklDemtWelBKQWdNQkFBRUNnZ0VBT3oyZ0c4SWFmUlBJR2JRT2pwTHZqb0REcFZ2QUJSM0FWQXlkSXJFeDZZREIKWWNkYytMWmIrVWpDNi9zN0xXRVZZbldIQnpqRFpSL1NEK3\nhnTW8rSVJPRlcwK2lFc2VjczlrMld2a3RBdExLcwpsMWMxVExUVGtwZXNyK2YvS0RYenpHaWRaWXpEVXhLNW9XWVVwczZIcVBVRVh0c3Y2bU5nbWh4cEx5M2NoK2J4CjlWZ0daMm40NWhTU2NnQnNWay8rM0tEc3l5KzhlUHBrUGN4SS9nV3hCZkx1bWhMeGZSeTM5cy9yZUxla1hvdkkKNXp1Q0FYMEVRWithSHdhU2F\nyOEMwRkRzZ01xZFdyR2xpcVVmMWhCZlpYNm5pWkhITWw1MkRKNExUN0liR1p1LwpDNFhTSXVxdXBGMkVyZmxabkQ1WnByV1BYdEJVU3R2TDNBQUg2Vkl4d1FLQmdRRG9HcFVRZXZJUXZkRG1peldqCjgyZmE5bGxEazd6bzdKMVYreS92bWYrdTFrVUh4YUl5M2prbXVtTHpQMDIwTUJEVmtkSnh1TEVwQkVSVEdlSVcK\nTjJYYjRGZStRNkhQdDdlU3ZETC9EZGpHNjd5YW9EZEp3V1o3RkNjQ2hNTjVMYTREKzkzQk5meW5LUUFLQnRwYwpYZXQwVUVuanNHaUZNTEVCSU4yRnBwbklMUUtCZ1FEV0p0TFcxY2RMWGxvYi8xSXpLdDVMa29QNUdlN0grblpwCndLZVRhYjVQeWlFZnRjMHhyU0kzVURpRU5rSDFpZWtuZ1g0WWk4U200MlUyQW8vY\nXEvZjZpT0g2Q3A4c3BMTkQKU0dpNzh4cUFJYVFTT21oK0pPNlphL0NMemlzVFdUc1R6bHZsRGd1T3lLR2dmQ2pmeWh2OWpHV3Uwd0YxeURoego4VUdVT1pDZmpRS0JnQng4SHEwdUdZVWFkb2ZFcittV0ZyblZuL0RlTWNINFAvcnNYOTZzN0tjZFhzMXNZTktUCldUbzZoNmhJclpXZWpJSlphaFZRMEZVelU5dExBdW\nN0RjFBYndVajFiZWRiS2FsVmRZQzl4MHZxWkhRcGszOTIKdjhmOUdpaUIrS2RuaHNLd1oyK3QyM3I4V2lmZzNXMldqUzN5S0k5TCtCZlllUENsZ3VwREh2NWxBb0dCQU1EZQpsbVVHaEVkTTRycjBhSVBNeUFnb0hOUHNsekZrVWVGTXNhQUNUSFJ3QndVWUo0WGwrRHI0OU8yZU1DbUQyNGpKCkIxZjBDVmlFMUZLZ1h\nBOEZjb0VoWnVSYlRLQllkVnJUakFBNklsUGorSEN5U2duU0dWSHo5T0QwL2JhZlZxV3YKNVBPV2dySkYzOHM2QjFZR0lNOXA4dXBRLzYra2M3TjRSU2ZKOEliQkFvR0FFMmRMdG1aazZMOHFpZ2tKT0Y4TQpjN1Z4K2FHaXBiMXNWVURhcmRxdy9WWmdZOW9LUE8zOFNRT2JnWjNHQVc3UXpEUDdRYU14c2hvUk15ZmZS\nemFSCndVNi9BdTJFQU1vNHhZU2hYR1Z0M0gzUDE1TjlUTXN5UEltRXRTMmpEeER0d1lOSTBJUjhESGJQaEZUTG1lN2MKUE40T3BrYjUvd1B2QXoxVUExVWI1c2c9Ci0tLS0tRU5EIFBSSVZBVEUgS0VZLS0tLS0K \n 0 \n \n \n 5db509cfed87e \n LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUQyVENDQXNHZ0F3SUJBZ0lCQURBTkJna3Foa2lHOXcwQkFRc0ZBREJTTVJRd0VnWURWUVFERXd0cGJuUmwKY201aGJDMWpZVEVOTUFzR0ExVUVDQk1FZEdWemRERU5NQXNHQTFVRUJ4TUVkR1Z6ZERFTk1Bc0dBMVVFQ2hNRQpkR1Z6\nZERFTk1Bc0dBMVVFQ3hNRWRHVnpkREFlRncweE9URXdNamN3TXpBMk5UWmFGdzB5T1RFd01qUXdNekEyCk5UWmFNRkl4RkRBU0JnTlZCQU1UQzJsdWRHVnlibUZzTFdOaE1RMHdDd1lEVlFRSUV3UjBaWE4wTVEwd0N3WUQKVlFRSEV3UjBaWE4wTVEwd0N3WURWUVFLRXdSMFpYTjBNUTB3Q3dZRFZRUUxFd1IwWlhOM\nE1JSUJJakFOQmdrcQpoa2lHOXcwQkFRRUZBQU9DQVE4QU1JSUJDZ0tDQVFFQXdpbHJ0bjJMaVpSc0g3Tit4MjZKK3BOcEhFL0FncWoyCkNYeG5wQUZKdWVCSlhaSVdPZWtEOEVteHRZUkQ2Wi9jMEEya0ZsTXk3VmwwTVZpL3Q3QUx1NEJVUWI3ZVNKQXgKaWd0VXMwTHJRbHhNSDh5S3VqcEg1RWtlZHZoYmtRcW0zNG\n02T21oR2RwUDBsT3BxWUFJN3pwYzlwODl2M1FPcwptUHBibkNDNE9kRUR6WDNFWWZ5YVZNWXZCa3FTVTZPczZ4VXRRL3JCV2F2T3lzQXlGSzBJSmFYRHI3QjVzZVV3CkdZOG5laHVJTmpicjlXbkFXN0ozcHZ0ZHhRbS9JUENHRGJXYnBtQVpEalRkQ1p3ZTU0MTlnejBZNlJVUDV6bGgKZFNKY1F6cDZjalR4aytiM1Y\nwd3Z5VlRDKzlmMC9wbDRMS3FIZE9ycWt4dHNEaUFzNUZjenlRSURBUUFCbzRHNQpNSUcyTUIwR0ExVWREZ1FXQkJUUnNyckN4cVUvMWxvTTBnS1RFNmlaMmxJNnV6QjZCZ05WSFNNRWN6QnhnQlRSCnNyckN4cVUvMWxvTTBnS1RFNmlaMmxJNnU2RldwRlF3VWpFVU1CSUdBMVVFQXhNTGFXNTBaWEp1WVd3dFkyRXgK\nRFRBTEJnTlZCQWdUQkhSbGMzUXhEVEFMQmdOVkJBY1RCSFJsYzNReERUQUxCZ05WQkFvVEJIUmxjM1F4RFRBTApCZ05WQkFzVEJIUmxjM1NDQVFBd0RBWURWUjBUQkFVd0F3RUIvekFMQmdOVkhROEVCQU1DQVFZd0RRWUpLb1pJCmh2Y05BUUVMQlFBRGdnRUJBQWd4MThXZk1ZVEcvdkw5d045clZmRmJNRnE3N2g0W\nGhBYkJPK1ZGR1liMlBRRXQKcFdwWW9sUjl0aUwvSzhXMGFCcEt6SkRtam1zKzVkNEtlYkxFdnNzdGttSi8vSlFVODdmVU1MVGp3WTBremdHUgpSMkNaUlJJcEc1cEJ6M0ZWeGU4a211YVppWDNvbGlHM2FzV1ByYmpQUUdzU21aRTZ0Y3h1Unh2cW4zOVVoSzRyCnJ4VDZqKzdxRGVWbmFzcThkYWdqT3ZKVjh1MTk4eG\nVyQmZwaFkzdDJwMEJjTDF4NmhrWWwvNnI2VGxTVmEwT1EKVUJXWHNDR1NGK1QrY2Z0VE43OEhOYTJFZlNRelMwRkVRTTJrY1VzMGV4cE9YZlo4UU1BdU5lVEpvc013NVh3ego0bERDUFEwZ09yWUxvdWJVWDlwK0NBSi9qeUNxc3FwRW53bmRiUEE9Ci0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K \n LS0tLS1CRUdJTiBQUklWQVRFIEtFWS0tLS0tCk1JSUV2UUlCQURBTkJna3Foa2lHOXcwQkFRRUZBQVNDQktjd2dnU2pBZ0VBQW9JQkFRRENLV3UyZll1SmxHd2YKczM3SGJvbjZrMmtjVDhDQ3FQWUpmR2VrQVVtNTRFbGRraFk1NlFQd1NiRzFoRVBwbjl6UURhUVdVekx0V1hReApXTCsz\nc0F1N2dGUkJ2dDVJa0RHS0MxU3pRdXRDWEV3ZnpJcTZPa2ZrU1I1MitGdVJDcWJmaWJvNmFFWjJrL1NVCjZtcGdBanZPbHoybnoyL2RBNnlZK2x1Y0lMZzUwUVBOZmNSaC9KcFV4aThHU3BKVG82enJGUzFEK3NGWnE4N0sKd0RJVXJRZ2xwY092c0hteDVUQVpqeWQ2RzRnMk51djFhY0Jic25lbSsxM0ZDYjhnOElZT\nnRadW1ZQmtPTk4wSgpuQjdualgyRFBSanBGUS9uT1dGMUlseERPbnB5TlBHVDV2ZFhUQy9KVk1MNzEvVCttWGdzcW9kMDZ1cVRHMndPCklDemtWelBKQWdNQkFBRUNnZ0VBT3oyZ0c4SWFmUlBJR2JRT2pwTHZqb0REcFZ2QUJSM0FWQXlkSXJFeDZZREIKWWNkYytMWmIrVWpDNi9zN0xXRVZZbldIQnpqRFpSL1NEK3\nhnTW8rSVJPRlcwK2lFc2VjczlrMld2a3RBdExLcwpsMWMxVExUVGtwZXNyK2YvS0RYenpHaWRaWXpEVXhLNW9XWVVwczZIcVBVRVh0c3Y2bU5nbWh4cEx5M2NoK2J4CjlWZ0daMm40NWhTU2NnQnNWay8rM0tEc3l5KzhlUHBrUGN4SS9nV3hCZkx1bWhMeGZSeTM5cy9yZUxla1hvdkkKNXp1Q0FYMEVRWithSHdhU2F\nyOEMwRkRzZ01xZFdyR2xpcVVmMWhCZlpYNm5pWkhITWw1MkRKNExUN0liR1p1LwpDNFhTSXVxdXBGMkVyZmxabkQ1WnByV1BYdEJVU3R2TDNBQUg2Vkl4d1FLQmdRRG9HcFVRZXZJUXZkRG1peldqCjgyZmE5bGxEazd6bzdKMVYreS92bWYrdTFrVUh4YUl5M2prbXVtTHpQMDIwTUJEVmtkSnh1TEVwQkVSVEdlSVcK\nTjJYYjRGZStRNkhQdDdlU3ZETC9EZGpHNjd5YW9EZEp3V1o3RkNjQ2hNTjVMYTREKzkzQk5meW5LUUFLQnRwYwpYZXQwVUVuanNHaUZNTEVCSU4yRnBwbklMUUtCZ1FEV0p0TFcxY2RMWGxvYi8xSXpLdDVMa29QNUdlN0grblpwCndLZVRhYjVQeWlFZnRjMHhyU0kzVURpRU5rSDFpZWtuZ1g0WWk4U200MlUyQW8vY\nXEvZjZpT0g2Q3A4c3BMTkQKU0dpNzh4cUFJYVFTT21oK0pPNlphL0NMemlzVFdUc1R6bHZsRGd1T3lLR2dmQ2pmeWh2OWpHV3Uwd0YxeURoego4VUdVT1pDZmpRS0JnQng4SHEwdUdZVWFkb2ZFcittV0ZyblZuL0RlTWNINFAvcnNYOTZzN0tjZFhzMXNZTktUCldUbzZoNmhJclpXZWpJSlphaFZRMEZVelU5dExBdW\nN0RjFBYndVajFiZWRiS2FsVmRZQzl4MHZxWkhRcGszOTIKdjhmOUdpaUIrS2RuaHNLd1oyK3QyM3I4V2lmZzNXMldqUzN5S0k5TCtCZlllUENsZ3VwREh2NWxBb0dCQU1EZQpsbVVHaEVkTTRycjBhSVBNeUFnb0hOUHNsekZrVWVGTXNhQUNUSFJ3QndVWUo0WGwrRHI0OU8yZU1DbUQyNGpKCkIxZjBDVmlFMUZLZ1h\nBOEZjb0VoWnVSYlRLQllkVnJUakFBNklsUGorSEN5U2duU0dWSHo5T0QwL2JhZlZxV3YKNVBPV2dySkYzOHM2QjFZR0lNOXA4dXBRLzYra2M3TjRSU2ZKOEliQkFvR0FFMmRMdG1aazZMOHFpZ2tKT0Y4TQpjN1Z4K2FHaXBiMXNWVURhcmRxdy9WWmdZOW9LUE8zOFNRT2JnWjNHQVc3UXpEUDdRYU14c2hvUk15ZmZS\nemFSCndVNi9BdTJFQU1vNHhZU2hYR1Z0M0gzUDE1TjlUTXN5UEltRXRTMmpEeER0d1lOSTBJUjhESGJQaEZUTG1lN2MKUE40T3BrYjUvd1B2QXoxVUExVWI1c2c9Ci0tLS0tRU5EIFBSSVZBVEUgS0VZLS0tLS0K \n 0 \n \n\t\n\t\t\n\t\t\twan \n\t\t\t192.168.1.220 \n\t\t\tGW_WAN \n\t\t\t1 \n\t\t\tinet \n\t\t\tInterface wan Gateway \n\t\t \n\t\t\n\t\t\tlan \n\t\t\t192.168.1.220 \n\t\t\tGW_LAN \n\t\t\t1 \n\t\t\tinet \n\t\t\tInterface lan Gateway \n\t\t \n\t\tGW_WAN \n\t \n\t\n\t\t\n\t\t\tnmap \n\t\t\tNMap is a utility for network exploration or security auditing.&amp;amp;amp;amp;amp;amp;amp;amp;amp;amp;lt;br/&amp;amp;amp;amp;amp;amp;amp;amp;amp;amp;gt;\n\t\t\tIt supports ping scanning (determine which hosts are up), many port scanning techniques (determine what services the hosts are offering), version detection (determine what application/service is running on a port), and TCP/IP fingerprinting (remote host OS or device identification).\n\t\t\tIt also offers flexible target and port specification, decoy/stealth scanning, SunRPC scanning, and more. \n\t\t\t1.4.4_1 \n\t\t\thttps://doc.pfsense.org/index.php/Nmap_package \n\t\t\tnmap.xml \n\t\t\t/usr/local/pkg/nmap.inc \n\t\t \n\t\t\n\t\t\tiftop \n\t\t\thttps://forum.pfsense.org/ \n\t\t\tRealtime interface monitor (console/shell only). \n\t\t\thttp://www.ex-parrot.com/~pdw/iftop/ \n\t\t\t0.17_2 \n\t\t\tiftop.xml \n\t\t \n\t\t\n\t\t\tOpen-VM-Tools \n\t\t\tVMware Tools is a suite of utilities that enhances the performance of the virtual machine's guest operating system and improves management of the virtual machine. \n\t\t\thttp://open-vm-tools.sourceforge.net/ \n\t\t\t10.1.0,1 \n\t\t\thttps://doc.pfsense.org/index.php/Open_VM_Tools_package \n\t\t\topen-vm-tools.xml \n\t\t\t/usr/local/pkg/open-vm-tools.inc \n\t\t \n\t\t\n\t\t\tsquid3 \n\t\t\tsquid \n\t\t\tHigh performance web proxy cache (3.4 branch). It combines Squid as a proxy server with its capabilities of acting as a HTTP / HTTPS reverse proxy.&amp;amp;amp;amp;amp;amp;amp;amp;amp;amp;lt;br /&amp;amp;amp;amp;amp;amp;amp;amp;amp;amp;gt;\n\t\t\tIt includes an Exchange-Web-Access (OWA) Assistant, SSL filtering and antivirus integration via C-ICAP. \n\t\t\thttps://forum.pfsense.org/index.php?board=60.0 \n\t\t\thttp://www.squid-cache.org/ \n\t\t\t0.4.44_7 \n\t\t\tsquid.xml \n\t\t\tsquid_generate_rules \n\t\t\t\n\t\t\t\t\n\t\t\t\t\tGeneral \n\t\t\t\t\t/pkg_edit.php?xml=squid.xml&id=0 \n\t\t\t\t\t \n\t\t\t\t\n\t\t\t\t\tRemote Cache \n\t\t\t\t\t/pkg.php?xml=squid_upstream.xml \n\t\t\t\t \n\t\t\t\t\n\t\t\t\t\tLocal Cache \n\t\t\t\t\t/pkg_edit.php?xml=squid_cache.xml&id=0 \n\t\t\t\t \n\t\t\t\t\n\t\t\t\t\tAntivirus \n\t\t\t\t\t/pkg_edit.php?xml=squid_antivirus.xml&id=0 \n\t\t\t\t \n\t\t\t\t\n\t\t\t\t\tACLs \n\t\t\t\t\t/pkg_edit.php?xml=squid_nac.xml&id=0 \n\t\t\t\t \n\t\t\t\t\n\t\t\t\t\tTraffic Mgmt \n\t\t\t\t\t/pkg_edit.php?xml=squid_traffic.xml&id=0 \n\t\t\t\t \n\t\t\t\t\n\t\t\t\t\tAuthentication \n\t\t\t\t\t/pkg_edit.php?xml=squid_auth.xml&id=0 \n\t\t\t\t \n\t\t\t\t\n\t\t\t\t\tUsers \n\t\t\t\t\t/pkg.php?xml=squid_users.xml \n\t\t\t\t \n\t\t\t\t\n\t\t\t\t\tReal Time \n\t\t\t\t\t/squid_monitor.php \n\t\t\t\t \n\t\t\t\t\n\t\t\t\t\tSync \n\t\t\t\t\t/pkg_edit.php?xml=squid_sync.xml \n\t\t\t\t \n\t\t\t \n\t\t\t/usr/local/pkg/squid.inc \n\t\t \n\t\t\n\t\t\tNMap \n\t\t\t\n\t\t\tnmap.xml \n\t\t \n\t\t\n\t\t\tSquid Proxy Server \n\t\t\tModify the proxy server settings \n\t\t\t\n\t\t\t/pkg_edit.php?xml=squid.xml&id=0 \n\t\t \n\t\t\n\t\t\tSquid Reverse Proxy \n\t\t\tModify the reverse proxy server settings \n\t\t\t\n\t\t\t/pkg_edit.php?xml=squid_reverse_general.xml&id=0 \n\t\t \n\t\t\n\t\t\tvmware-guestd \n\t\t\tvmware-guestd.sh \n\t\t\tmwexec(\"/usr/local/etc/rc.d/vmware-guestd status\") == 0; \n\t\t\tVMware Guest Daemon \n\t\t \n\t\t\n\t\t\tvmware-kmod \n\t\t\tvmware-kmod.sh \n\t\t\tmwexec(\"/usr/local/etc/rc.d/vmware-kmod status\") == 0; \n\t\t\tVMware Kernel Modules \n\t\t \n\t\t\n\t\t\tsquid \n\t\t\tsquid.sh \n\t\t\tsquid \n\t\t\tSquid Proxy Server Service \n\t\t \n\t\t\n\t\t\tclamd \n\t\t\tclamd.sh \n\t\t\tclamd \n\t\t\tClamAV Antivirus \n\t\t \n\t\t\n\t\t\tc-icap \n\t\t\tc-icap.sh \n\t\t\tc-icap \n\t\t\tICAP Inteface for Squid and ClamAV integration \n\t\t \n\t\t\n\t\t\t\n\t\t\t\theap LFUDA \n\t\t\t\t90 \n\t\t\t\t95 \n\t\t\t\t100 \n\t\t\t\tufs \n\t\t\t\t16 \n\t\t\t\t/var/squid/cache \n\t\t\t\t0 \n\t\t\t\t4 \n\t\t\t\t64 \n\t\t\t\t256 \n\t\t\t\theap GDSF \n\t\t\t\t \n\t\t \n\t\t\n\t\t\t\n\t\t\t\tnone \n\t\t\t \n\t\t \n\t\t\n\t\t\t\n\t\t\t\ton \n\t\t\t\ton \n\t\t\t\tlan \n\t\t\t\t3128 \n\t\t\t\ton \n\t\t\t\tlan \n\t\t\t\tsplicewhitelist \n\t\t\t\tlan \n\t\t\t\tmodern \n\t\t\t\t2048 \n\t\t\t\tnone \n\t\t\t\t/var/squid/logs \n\t\t\t\tlocalhost \n\t\t\t\tadmin@localhost \n\t\t\t\ten \n\t\t\t\ton \n\t\t\t\tstrip \n\t\t\t\t \n\t\t \n\t\t\n\t\t\t\n\t\t\t\tLg== \n\t\t\t\t \n\t\t \n\t \n\t\n\t \n\t\n\t\t\n\t\t\tipalias \n\t\t\tlan \n\t\t\t5c0a4b6139b05 \n\t\t\tsingle \n\t\t\t24 \n\t\t\t10.255.2.254 \n\t\t \n\t\t\n\t\t\tipalias \n\t\t\tlan \n\t\t\t5c0a4bd391375 \n\t\t\tsingle \n\t\t\t24 \n\t\t\t10.255.3.254 \n\t\t \n\t \n\t\n\t\t\n\t\t\tpfSense \n\t\t\tacme.com \n\t\t \n\t \n\t\n\t\t\n\t\t\tvmx1 \n\t\t\t100 \n\t\t\tvmx1.100 \n\t\t \n\t\t\n\t\t\tvmx1 \n\t\t\t1100 \n\t\t\tvmx1.1100 \n\t\t \n\t\t\n\t\t\tvmx2 \n\t\t\t1100 \n\t\t\tvmx2.1100 \n\t\t \n\t \n \n"
},
{
"path": "tests/unit/plugins/modules/fixtures/pfsense_aggregate_config.xml",
"content": "\n\t18.9 \n\t\n\t\tnormal \n\t\tpfSense \n\t\tacme.com \n\t\ton \n\t\t\n\t\t\tall \n\t\t\tAll Users \n\t\t\tsystem \n\t\t\t1998 \n\t\t \n\t\t\n\t\t\tadmins \n\t\t\tSystem Administrators \n\t\t\tsystem \n\t\t\t1999 \n\t\t\t0 \n\t\t\tpage-all \n\t\t \n\t\t\n\t\t\tsystem \n\t\t\ttest \n\t\t\t \n\t\t\n\t\t\tsystem \n\t\t\tgroupe1 \n\t\t\t \n\t\t\n\t\t\tsystem \n\t\t\tgroupe2 \n\t\t\t \n\t\t\n\t\t\tadmin \n\t\t\tSystem Administrator \n\t\t\tsystem \n\t\t\tadmins \n\t\t\t$2y$10$AMCpA.Z.RNaferLp1yzFq.BvaGgfqaJKtQug7OErbocyNagsEK6xW \n\t\t\t0 \n\t\t\tuser-shell-access \n\t\t\t2 \n\t\t\tpfSense.css \n\t\t \n\t\t2000 \n\t\t2000 \n\t\t0.pfsense.pool.ntp.org \n\t\t\n\t\t\thttp \n\t\t\t5c00e5f9029df \n\t\t\t2 \n\t\t \n\t\tyes \n\t\t400000 \n\t\thadp \n\t\thadp \n\t\thadp \n\t\t\n\t\t\tmonthly \n\t\t \n\t\t\n\t\t\tenabled \n\t\t \n\t\tEtc/UTC \n\t \n\t\n\t\t\n\t\t\tvmx0 \n\t\t\twan \n\t\t\t192.168.240.137 \n\t\t\t32 \n\t\t\tSavedCfg \n\t\t\t24 \n\t\t\t \n\t\t\n\t\t\tvmx1 \n\t\t\tlan \n\t\t\t192.168.1.242 \n\t\t\t24 \n\t\t\t \n\t\t\n\t\t\tvmx2 \n\t\t\tvpn \n\t\t\t10.0.0.1 \n\t\t\t24 \n\t\t \n\t\t\n\t\t\tvmx3 \n\t\t\tvt1 \n\t\t\t \n\t\t\n\t\t\tlan_100 \n\t\t\tvmx1.1100 \n\t\t\t172.16.151.210 \n\t\t\t24 \n\t\t \n\t \n\t\n\t\t\n\t\t\t\n\t\t\t\t192.168.1.100 \n\t\t\t\t192.168.1.199 \n\t\t\t \n\t\t \n\t \n\t\n\t\t\n\t\t\t\n\t\t\t\t::1000 \n\t\t\t\t::2000 \n\t\t\t \n\t\t\tassist \n\t\t\tmedium \n\t\t \n\t \n\t\n\t\tpublic \n\t \n\t\n\t\t\n\t\t\t \n\t \n\t\n\t\t1 \n\t\t50 \n\t\tipv4 \n\t \n\t\n\t\t\n\t\t\tadvanced \n\t\t\t\n\t\t\t\t\n\t\t\t\t\tany \n\t\t\t\t \n\t\t\t\twan \n\t\t\t\t\n\t\t\t\t\t \n\t\t\t\t\n\t\t\t\t\t1544027052 \n\t\t\t\t\t \n\t\t\t\t\n\t\t\t\t\t1544027052 \n\t\t\t\t\t \n\t\t\t \n\t\t \n\t\t\n\t\t\t\n\t\t\t\t \n\t\t\t\n\t\t\t\twanip \n\t\t\t\t22022 \n\t\t\t \n\t\t\ttcp \n\t\t\t10.255.1.20 \n\t\t\t22 \n\t\t\twan \n\t\t\t\n\t\t\t\t1544085353 \n\t\t\t\t \n\t\t\t\n\t\t\t\t1544085353 \n\t\t\t\t \n\t\t \n\t \n\t\n\t\t\n\t\t\t\n\t\t\t\t\n\t\t\t\t\tfr1
\n\t\t\t\t\ttest_separator \n\t\t\t\t\tbg-info \n\t\t\t\t\twan \n\t\t\t\t \n\t\t\t \n\t\t\t\n\t\t\t\t\n\t\t\t\t\tfr1
\n\t\t\t\t\ttest_separator \n\t\t\t\t\tbg-info \n\t\t\t\t\tlan \n\t\t\t\t \n\t\t\t\t\n\t\t\t\t\tfr1
\n\t\t\t\t\tanother_test_separator \n\t\t\t\t\tbg-info \n\t\t\t\t\tlan \n\t\t\t\t \n\t\t\t\t\n\t\t\t\t\tfr1
\n\t\t\t\t\tlast_test_separator \n\t\t\t\t\tbg-info \n\t\t\t\t\tlan \n\t\t\t\t \n\t\t\t \n\t\t\t\n \t\t\t \n\t\t\t\t fr0
\n\t\t\t\t test_sep_floating \n\t\t\t\t bg-info \n\t\t\t\t floatingrules \n\t\t\t \n\t\t\t \n\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545574416 \n\t\t\t \n\t\t\ttcp \n\t\t\tany2any_ssh \n\t\t\t\n\t\t\t\t1545574416 \n\t\t\t \n\t\t\t\n\t\t\t\tport_ssh \n\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\t \n\t\t\t1545574416 \n\t\t\topt1 \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545574416 \n\t\t\t \n\t\t\ttcp \n\t\t\tany2any_http \n\t\t\t\n\t\t\t\t1545574416 \n\t\t\t \n\t\t\t\n\t\t\t\tport_http \n\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\t \n\t\t\t1545574416 \n\t\t\topt1 \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545574416 \n\t\t\t \n\t\t\ttcp \n\t\t\tany2any_https \n\t\t\t\n\t\t\t\t1545574416 \n\t\t\t \n\t\t\t\n\t\t\t\t443 \n\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\t \n\t\t\t1545574416 \n\t\t\topt1 \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545574416 \n\t\t\t \n\t\t\ttcp \n\t\t\tany2any_ssh \n\t\t\t\n\t\t\t\t1545574416 \n\t\t\t \n\t\t\t\n\t\t\t\tport_ssh \n\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\t \n\t\t\t1545574416 \n\t\t\tlan \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545574416 \n\t\t\t \n\t\t\ttcp \n\t\t\tany2any_http \n\t\t\t\n\t\t\t\t1545574416 \n\t\t\t \n\t\t\t\n\t\t\t\tport_http \n\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\t \n\t\t\t1545574416 \n\t\t\tlan \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545574416 \n\t\t\t \n\t\t\ttcp \n\t\t\tany2any_https \n\t\t\t\n\t\t\t\t1545574416 \n\t\t\t \n\t\t\t\n\t\t\t\t443 \n\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\t \n\t\t\t1545574416 \n\t\t\tlan \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t \n\t\n\t\t\n\t\t\tport \n\t\t\tport_ssh \n\t\t\t22 \n\t\t \n\t\t\n\t\t\tport \n\t\t\tport_http \n\t\t\t80 \n\t\t \n\t\t\n\t\t\thost \n\t\t\tone_server \n\t\t\t192.168.1.165 \n\t\t \n\t\t\n\t\t\tport \n\t\t\tport_dns \n\t\t\t51 \n\t\t \n\t\t \n\t\n\t\t- \n\t\t\t
1,31 \n\t\t\t0-5 \n\t\t\t* \n\t\t\t* \n\t\t\t* \n\t\t\troot \n\t\t\t/usr/bin/nice -n20 adjkerntz -a \n\t\t \n\t\t- \n\t\t\t
1 \n\t\t\t3 \n\t\t\t1 \n\t\t\t* \n\t\t\t* \n\t\t\troot \n\t\t\t/usr/bin/nice -n20 /etc/rc.update_bogons.sh \n\t\t \n\t\t- \n\t\t\t
*/60 \n\t\t\t* \n\t\t\t* \n\t\t\t* \n\t\t\t* \n\t\t\troot \n\t\t\t/usr/bin/nice -n20 /usr/local/sbin/expiretable -v -t 3600 sshguard \n\t\t \n\t\t- \n\t\t\t
*/60 \n\t\t\t* \n\t\t\t* \n\t\t\t* \n\t\t\t* \n\t\t\troot \n\t\t\t/usr/bin/nice -n20 /usr/local/sbin/expiretable -v -t 3600 webConfiguratorlockout \n\t\t \n\t\t- \n\t\t\t
1 \n\t\t\t1 \n\t\t\t* \n\t\t\t* \n\t\t\t* \n\t\t\troot \n\t\t\t/usr/bin/nice -n20 /etc/rc.dyndns.update \n\t\t \n\t\t- \n\t\t\t
*/60 \n\t\t\t* \n\t\t\t* \n\t\t\t* \n\t\t\t* \n\t\t\troot \n\t\t\t/usr/bin/nice -n20 /usr/local/sbin/expiretable -v -t 3600 virusprot \n\t\t \n\t\t- \n\t\t\t
30 \n\t\t\t12 \n\t\t\t* \n\t\t\t* \n\t\t\t* \n\t\t\troot \n\t\t\t/usr/bin/nice -n20 /etc/rc.update_urltables \n\t\t \n\t\t- \n\t\t\t
1 \n\t\t\t0 \n\t\t\t* \n\t\t\t* \n\t\t\t* \n\t\t\troot \n\t\t\t/usr/bin/nice -n20 /etc/rc.update_pkg_metadata \n\t\t \n\t\t- \n\t\t\t
0 \n\t\t\t0 \n\t\t\t* \n\t\t\t* \n\t\t\t* \n\t\t\troot \n\t\t\t/usr/local/sbin/squid -k rotate -f /usr/local/etc/squid/squid.conf \n\t\t \n\t\t- \n\t\t\t
15 \n\t\t\t0 \n\t\t\t* \n\t\t\t* \n\t\t\t* \n\t\t\troot \n\t\t\t/usr/local/pkg/swapstate_check.php \n\t\t \n\t \n\t\n\t\t \n\t\n\t\t\n\t\t\tICMP \n\t\t\ticmp \n\t\t\tICMP \n\t\t\t \n\t\t\n\t\t\tTCP \n\t\t\ttcp \n\t\t\tGeneric TCP \n\t\t\t \n\t\t\n\t\t\tHTTP \n\t\t\thttp \n\t\t\tGeneric HTTP \n\t\t\t\n\t\t\t\t/ \n\t\t\t\t200\n\t\t\t \n\t\t \n\t\t\n\t\t\tHTTPS \n\t\t\thttps \n\t\t\tGeneric HTTPS \n\t\t\t\n\t\t\t\t/ \n\t\t\t\t200\n\t\t\t \n\t\t \n\t\t\n\t\t\tSMTP \n\t\t\tsend \n\t\t\tGeneric SMTP \n\t\t\t\n\t\t\t\t220 * \n\t\t\t \n\t\t \n\t \n\t\n\t\tsystem_information:col1:open:0,interfaces:col2:open:0 \n\t\t10 \n\t \n\t\n\t\t \n\t\n\t\t1545602758 \n\t\taggregated change \n\t\t \n\t\n\t\t5c00e5f9029df \n\t\twebConfigurator default (5c00e5f9029df) \n\t\tserver \n\t\tLS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUVlakNDQTJLZ0F3SUJBZ0lCQURBTkJna3Foa2lHOXcwQkFRc0ZBREJhTVRnd05nWURWUVFLRXk5d1psTmwKYm5ObElIZGxZa052Ym1acFozVnlZWFJ2Y2lCVFpXeG1MVk5wWjI1bFpDQkRaWEowYVdacFkyRjBaVEVlTUJ3RwpBMVVFQXhNVmNHWlRaVzV6WlMwMVl6QXdaVFZtT1RBeU9XUm1NQjRYRFRFNE1URXpNREEzTWpVME5Wb1hEVEkwCk1EVXlNakEzTWpVME5Wb3dXakU0TURZR0ExVUVDaE12Y0daVFpXNXpaU0IzWldKRGIyNW1hV2QxY21GMGIzSWcKVTJWc1ppMVRhV2R1WldRZ1EyVnlkR2xtYVdOaGRHVXhIakFjQmdOVkJBTVRGWEJtVTJWdWMyVXROV013TUdVMQpaamt3TWpsa1pqQ0NBU0l3RFFZSktvWklodmNOQVFFQkJRQURnZ0VQQURDQ0FRb0NnZ0VCQU9SRHNBV1hlMitrCmtuUFpBUGxBUG1QUUl6RVBDaXBQdXJ4dmE4c0psSCtiNitKRzl4bnpreXptaVR5SFc0M0tmZzVKNzhCdG1jTmQKWlgvZHlyckZ6dlNiQnZpa21lWk9MdGVaejVaaGFOdkxsbjBxRWZibEFwbWdkUS9Nck42eURoTWNZYWN6SEduTwpTaHdFRWZoMHhuOGo5VEFCMG9vT0JyU2dINnpkTjF2YVFIZzBJeDhIa0toUzY5eDRoV3g2WUUrRE9UQk00NUcwCkNVbitUVzNTSytQaU5QaFExT2tyRHlKL21ZLzdmVXpRZkg1bk5ZcEtNZUE2cVZxdUZTa1g0a0RVRlFwOHNoNG4KMXR5QmtJM2gvTFRpTW5uNjhBMXhKOFdrVW8yUWNxNmNuR0hqL0VGbkVKWWRraTVsYUtDWG5wS0Y0c2hrZHJaVgpRN21ybithUHg5OENBd0VBQWFPQ0FVa3dnZ0ZGTUFrR0ExVWRFd1FDTUFBd0VRWUpZSVpJQVliNFFnRUJCQVFECkFnWkFNQXNHQTFVZER3UUVBd0lGb0RBekJnbGdoa2dCaHZoQ0FRMEVKaFlrVDNCbGJsTlRUQ0JIWlc1bGNtRjAKWldRZ1UyVnlkbVZ5SUVObGNuUnBabWxqWVhSbE1CMEdBMVVkRGdRV0JCU3Qra3hud054UlFGT2pXVTljekRwegp4elRYd2pDQmdnWURWUjBqQkhzd2VZQVVyZnBNWjhEY1VVQlRvMWxQWE13NmM4YzAxOEtoWHFSY01Gb3hPREEyCkJnTlZCQW9UTDNCbVUyVnVjMlVnZDJWaVEyOXVabWxuZFhKaGRHOXlJRk5sYkdZdFUybG5ibVZrSUVObGNuUnAKWm1sallYUmxNUjR3SEFZRFZRUURFeFZ3WmxObGJuTmxMVFZqTURCbE5XWTVNREk1WkdhQ0FRQXdIUVlEVlIwbApCQll3RkFZSUt3WUJCUVVIQXdFR0NDc0dBUVVGQ0FJQ01DQUdBMVVkRVFRWk1CZUNGWEJtVTJWdWMyVXROV013Ck1HVTFaamt3TWpsa1pqQU5CZ2txaGtpRzl3MEJBUXNGQUFPQ0FRRUEzZHhIRWR5SkpWeC9od0t3WGlwcXYrY04KWFpSQ3Q1NUFHbnNGeXZIcG5Rb3pxYzV1ZFdKSTFUcGF1TGNaZjF6OFM1cXQyUDd3V1BndFhnZ3BIWmgydUlqagpha2ZpV0JIQnorS3Q2Qjl5K2hmVTVPRHUwSXMrcHJyWngyM0ZNNjVCOFNiMGlmUlMvZXFTTFpHTHcvLzdhRVJ2CnVpOUhKOXRuemhRYklMb1VwUUQ5MTRLNERldXdJYXZ4dldMTElwMGsreWNoSTczV2NGR1VZVlJpanFNekhlcUcKY2RLRDVtbXZQTk1OYXdESVhuU3pldVpQMTkvVmhuc0J0Y3hiYzNMQ2RSR1VJS0ZNN2syK0xoaEZrdks1NjhlNQozalpNZjNSVWhQaTlFeEF2Vmw3blVyd1l4UU45TXhHMUJzZmNrYldNd1dUL3lFMHFnRHcrT2M4b21SSW9tZz09Ci0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K \n\t\tLS0tLS1CRUdJTiBQUklWQVRFIEtFWS0tLS0tCk1JSUV2UUlCQURBTkJna3Foa2lHOXcwQkFRRUZBQVNDQktjd2dnU2pBZ0VBQW9JQkFRRGtRN0FGbDN0dnBKSnoKMlFENVFENWowQ014RHdvcVQ3cThiMnZMQ1pSL20rdmlSdmNaODVNczVvazhoMXVOeW40T1NlL0FiWm5EWFdWLwozY3E2eGM3MG13YjRwSm5tVGk3WG1jK1dZV2pieTVaOUtoSDI1UUtab0hVUHpLemVzZzRUSEdHbk14eHB6a29jCkJCSDRkTVovSS9Vd0FkS0tEZ2Ewb0IrczNUZGIya0I0TkNNZkI1Q29VdXZjZUlWc2VtQlBnemt3VE9PUnRBbEoKL2sxdDBpdmo0alQ0VU5UcEt3OGlmNW1QKzMxTTBIeCtaeldLU2pIZ09xbGFyaFVwRitKQTFCVUtmTEllSjliYwpnWkNONGZ5MDRqSjUrdkFOY1NmRnBGS05rSEt1bkp4aDQveEJaeENXSFpJdVpXaWdsNTZTaGVMSVpIYTJWVU81CnE1L21qOGZmQWdNQkFBRUNnZ0VCQUpmblI1TmhESjd1T1J2cEZKSEtvL3BPZjZ6ZElsbW45MUFCSWczYkVUeWUKcWFwS3FaUldtT0d2aFRLSHJYQzlpWWUrd2xNZlhNMDdNUm1Yb3BzS21rQURqdThXc3VnbHJWeURHamNzR2RqegpNZkdYZHA4RUplZlFkVGFQY1pjOWpNcEEvK2VCeHUzT2Yxa0hpR0g4YkVBZDBNUWk0bFpISVVWQXJmT2V2NEZhCmlaTEJGdTEzY0pCMEJNbzJUZU9JZDQ1R0p3OXVTQWd3Q1VuZWQ5WG42SlkremI3cVRKUE1qQkdlYWY0L0E5UnMKV29nWW85ZUtYaTF3YmFRcGthdUZINWx2U29jckRsQWRiaERiam00c0lIdzJtQUwwSUk0d1YzVTJLbUhFMEg3Nwp2b1M0dUdHNW1BZFZ0elRDTnZOa09YMC9WVWdNMTJ1eHllZVZ4c3FaTkxFQ2dZRUEvcFhJR2hDNlhkVkNNNDk1CkVsR1RENW4zUXdUOTZXZkNRQ0w2cXlaK1UwUHNla0dDV2pXTWt3R2tHbWl1ZkVKdFN2VFl2d1NzcUZpaTZsdlkKNXRKSkR3dEd4ZW0weEF0SWc3RlNuUVcvdDNWcExXOE9QVmFXQ0lOSXJKSHc3L2tOZ2RpVmNBWXpiN05DUGtjVgptTEs5aSt6bXpKMmkrbE9vaFVKRlE5aVZEQWNDZ1lFQTVZaDFHYWlGMUl6UzRVdE9pZklLcjZ3bW40MEQ3ZEVmClF5SXF5d3JSTVcya1BxVkViaVBCVkM3dUxUeUlKMWdwVDhPakl3WFlrOUlRdW01ZW42TTc2aXlxYmUrY3JhdE8KbEliK3pLL2RBNzZuUjBHOGJ2eVBmMS9FbU5vL0J1ZUZldWQyaWNacWhMd25HUkxUL0FPQktkMTZ4ZGtoSjdkVwo5WWRsbmliL0gya0NnWUJqaC8rQllVVGJab0xKVWJCTjN5S1ZtT1k0aDMwVmdZRktQZUt1Z3hBa1VZdmtpRFFFClBLZEcyZjlrYThTN3crU2l4M0x0eTFBTlNRbjRnZ3djd2QzYVNkaFRpL2ttSkJzbmtXM3hBY3hnVjBEVmlIT1MKdTRWUXNyTDQ5TjJ6bERVWnJLbFA4THl2VU8vM0ZTZDJXWHNOZDRNTVFCejFyVHRYVGY5eWRQeGdoUUtCZ0FzRgptWEhvK0x3ekl2RTBsNG5pT0ljbEFobkpRTFlMdzYrS2xYbDRoSUVXSGJ2d1hhL1lRYkZVSzVXNmdXTTZSWW1TCkFHUnZKRzQ4dVJicXM5cUFrU0Qya2h5RFZBZTI0U2dhcjJPTzBsTWF0WmVqWFhRSzVxMGNJU21oMlVMd25TVkEKdGgxNWpLWGhEeE9TSnVIRUhWQ3dWUFBwTUVGaStXY0M0R3RPdmhONUFvR0FKbXdFSkR2QkZtL0t0SXlZMDhuQgpJSExkc1dSWmRXOXpNbHBsMVk2OTV1b21qS1hVMEwva3VDZ1QwRFVVVG1VK0Q3aGFZL2FQajB6MWpqR0JGcEQ0ClJ3cVA2dVJQTVhRMExLSG5IbmFQclJzanM2Q2xicVQ4ZU93dTRkeVpmYUtTS3VvbVpDZ1pkV2ZxWThVL21tbWIKT21vckhNeWJzWG0wWnJNaTZOemlzam89Ci0tLS0tRU5EIFBSSVZBVEUgS0VZLS0tLS0K \n\t \n\t\n\t\t\n\t\t\twan \n\t\t\t192.168.1.220 \n\t\t\tGW_WAN \n\t\t\t1 \n\t\t\tinet \n\t\t\tInterface wan Gateway \n\t\t \n\t\t\n\t\t\tlan \n\t\t\t192.168.1.220 \n\t\t\tGW_LAN \n\t\t\t1 \n\t\t\tinet \n\t\t\tInterface lan Gateway \n\t\t \n\t\tGW_WAN \n\t \n\t\n\t\t\n\t\t\tnmap \n\t\t\tNMap is a utility for network exploration or security auditing.&amp;amp;amp;amp;amp;amp;amp;amp;amp;amp;lt;br/&amp;amp;amp;amp;amp;amp;amp;amp;amp;amp;gt;\n\t\t\tIt supports ping scanning (determine which hosts are up), many port scanning techniques (determine what services the hosts are offering), version detection (determine what application/service is running on a port), and TCP/IP fingerprinting (remote host OS or device identification).\n\t\t\tIt also offers flexible target and port specification, decoy/stealth scanning, SunRPC scanning, and more. \n\t\t\t1.4.4_1 \n\t\t\thttps://doc.pfsense.org/index.php/Nmap_package \n\t\t\tnmap.xml \n\t\t\t/usr/local/pkg/nmap.inc \n\t\t \n\t\t\n\t\t\tiftop \n\t\t\thttps://forum.pfsense.org/ \n\t\t\tRealtime interface monitor (console/shell only). \n\t\t\thttp://www.ex-parrot.com/~pdw/iftop/ \n\t\t\t0.17_2 \n\t\t\tiftop.xml \n\t\t \n\t\t\n\t\t\tOpen-VM-Tools \n\t\t\tVMware Tools is a suite of utilities that enhances the performance of the virtual machine's guest operating system and improves management of the virtual machine. \n\t\t\thttp://open-vm-tools.sourceforge.net/ \n\t\t\t10.1.0,1 \n\t\t\thttps://doc.pfsense.org/index.php/Open_VM_Tools_package \n\t\t\topen-vm-tools.xml \n\t\t\t/usr/local/pkg/open-vm-tools.inc \n\t\t \n\t\t\n\t\t\tsquid3 \n\t\t\tsquid \n\t\t\tHigh performance web proxy cache (3.4 branch). It combines Squid as a proxy server with its capabilities of acting as a HTTP / HTTPS reverse proxy.&amp;amp;amp;amp;amp;amp;amp;amp;amp;amp;lt;br /&amp;amp;amp;amp;amp;amp;amp;amp;amp;amp;gt;\n\t\t\tIt includes an Exchange-Web-Access (OWA) Assistant, SSL filtering and antivirus integration via C-ICAP. \n\t\t\thttps://forum.pfsense.org/index.php?board=60.0 \n\t\t\thttp://www.squid-cache.org/ \n\t\t\t0.4.44_7 \n\t\t\tsquid.xml \n\t\t\tsquid_generate_rules \n\t\t\t\n\t\t\t\t\n\t\t\t\t\tGeneral \n\t\t\t\t\t/pkg_edit.php?xml=squid.xml&id=0 \n\t\t\t\t\t \n\t\t\t\t\n\t\t\t\t\tRemote Cache \n\t\t\t\t\t/pkg.php?xml=squid_upstream.xml \n\t\t\t\t \n\t\t\t\t\n\t\t\t\t\tLocal Cache \n\t\t\t\t\t/pkg_edit.php?xml=squid_cache.xml&id=0 \n\t\t\t\t \n\t\t\t\t\n\t\t\t\t\tAntivirus \n\t\t\t\t\t/pkg_edit.php?xml=squid_antivirus.xml&id=0 \n\t\t\t\t \n\t\t\t\t\n\t\t\t\t\tACLs \n\t\t\t\t\t/pkg_edit.php?xml=squid_nac.xml&id=0 \n\t\t\t\t \n\t\t\t\t\n\t\t\t\t\tTraffic Mgmt \n\t\t\t\t\t/pkg_edit.php?xml=squid_traffic.xml&id=0 \n\t\t\t\t \n\t\t\t\t\n\t\t\t\t\tAuthentication \n\t\t\t\t\t/pkg_edit.php?xml=squid_auth.xml&id=0 \n\t\t\t\t \n\t\t\t\t\n\t\t\t\t\tUsers \n\t\t\t\t\t/pkg.php?xml=squid_users.xml \n\t\t\t\t \n\t\t\t\t\n\t\t\t\t\tReal Time \n\t\t\t\t\t/squid_monitor.php \n\t\t\t\t \n\t\t\t\t\n\t\t\t\t\tSync \n\t\t\t\t\t/pkg_edit.php?xml=squid_sync.xml \n\t\t\t\t \n\t\t\t \n\t\t\t/usr/local/pkg/squid.inc \n\t\t \n\t\t\n\t\t\tNMap \n\t\t\t\n\t\t\tnmap.xml \n\t\t \n\t\t\n\t\t\tSquid Proxy Server \n\t\t\tModify the proxy server settings \n\t\t\t\n\t\t\t/pkg_edit.php?xml=squid.xml&id=0 \n\t\t \n\t\t\n\t\t\tSquid Reverse Proxy \n\t\t\tModify the reverse proxy server settings \n\t\t\t\n\t\t\t/pkg_edit.php?xml=squid_reverse_general.xml&id=0 \n\t\t \n\t\t\n\t\t\tvmware-guestd \n\t\t\tvmware-guestd.sh \n\t\t\tmwexec(\"/usr/local/etc/rc.d/vmware-guestd status\") == 0; \n\t\t\tVMware Guest Daemon \n\t\t \n\t\t\n\t\t\tvmware-kmod \n\t\t\tvmware-kmod.sh \n\t\t\tmwexec(\"/usr/local/etc/rc.d/vmware-kmod status\") == 0; \n\t\t\tVMware Kernel Modules \n\t\t \n\t\t\n\t\t\tsquid \n\t\t\tsquid.sh \n\t\t\tsquid \n\t\t\tSquid Proxy Server Service \n\t\t \n\t\t\n\t\t\tclamd \n\t\t\tclamd.sh \n\t\t\tclamd \n\t\t\tClamAV Antivirus \n\t\t \n\t\t\n\t\t\tc-icap \n\t\t\tc-icap.sh \n\t\t\tc-icap \n\t\t\tICAP Inteface for Squid and ClamAV integration \n\t\t \n\t\t\n\t\t\t\n\t\t\t\theap LFUDA \n\t\t\t\t90 \n\t\t\t\t95 \n\t\t\t\t100 \n\t\t\t\tufs \n\t\t\t\t16 \n\t\t\t\t/var/squid/cache \n\t\t\t\t0 \n\t\t\t\t4 \n\t\t\t\t64 \n\t\t\t\t256 \n\t\t\t\theap GDSF \n\t\t\t\t \n\t\t \n\t\t\n\t\t\t\n\t\t\t\tnone \n\t\t\t \n\t\t \n\t\t\n\t\t\t\n\t\t\t\ton \n\t\t\t\ton \n\t\t\t\tlan \n\t\t\t\t3128 \n\t\t\t\ton \n\t\t\t\tlan \n\t\t\t\tsplicewhitelist \n\t\t\t\tlan \n\t\t\t\tmodern \n\t\t\t\t2048 \n\t\t\t\tnone \n\t\t\t\t/var/squid/logs \n\t\t\t\tlocalhost \n\t\t\t\tadmin@localhost \n\t\t\t\ten \n\t\t\t\ton \n\t\t\t\tstrip \n\t\t\t\t \n\t\t \n\t\t\n\t\t\t\n\t\t\t\tLg== \n\t\t\t\t \n\t\t \n\t \n\t\n\t \n\t\n\t\t\n\t\t\tipalias \n\t\t\tlan \n\t\t\t5c0a4b6139b05 \n\t\t\tsingle \n\t\t\t24 \n\t\t\t10.255.2.254 \n\t\t \n\t\t\n\t\t\tipalias \n\t\t\tlan \n\t\t\t5c0a4bd391375 \n\t\t\tsingle \n\t\t\t24 \n\t\t\t10.255.3.254 \n\t\t \n\t \n\t\n\t\t\n\t\t\tpfSense \n\t\t\tacme.com \n\t\t \n\t \n\t\n\t\t\n\t\t\tvmx0 \n\t\t\t100 \n\t\t\tvmx0.100 \n\t\t \n\t\t\n\t\t\tvmx1 \n\t\t\t1100 \n\t\t\tvmx1.1100 \n\t\t \n\t\t\n\t\t\tvmx1 \n\t\t\t1200 \n\t\t\tvmx1.1200 \n\t\t \n\t \n \n"
},
{
"path": "tests/unit/plugins/modules/fixtures/pfsense_alias_config.xml",
"content": "\n\t18.9 \n\t\n\t\tnormal \n\t\tpfSense \n\t\tacme.com \n\t\ton \n\t\t\n\t\t\tall \n\t\t\tAll Users \n\t\t\tsystem \n\t\t\t1998 \n\t\t \n\t\t\n\t\t\tadmins \n\t\t\tSystem Administrators \n\t\t\tsystem \n\t\t\t1999 \n\t\t\t0 \n\t\t\tpage-all \n\t\t \n\t\t\n\t\t\tsystem \n\t\t\ttest \n\t\t\t \n\t\t\n\t\t\tsystem \n\t\t\tgroupe1 \n\t\t\t \n\t\t\n\t\t\tsystem \n\t\t\tgroupe2 \n\t\t\t \n\t\t\n\t\t\tadmin \n\t\t\tSystem Administrator \n\t\t\tsystem \n\t\t\tadmins \n\t\t\t$2y$10$AMCpA.Z.RNaferLp1yzFq.BvaGgfqaJKtQug7OErbocyNagsEK6xW \n\t\t\t0 \n\t\t\tuser-shell-access \n\t\t\t2 \n\t\t\tpfSense.css \n\t\t \n\t\t2000 \n\t\t2000 \n\t\t0.pfsense.pool.ntp.org \n\t\t\n\t\t\thttp \n\t\t\t5c00e5f9029df \n\t\t\t2 \n\t\t \n\t\tyes \n\t\t400000 \n\t\thadp \n\t\thadp \n\t\thadp \n\t\t\n\t\t\tmonthly \n\t\t \n\t\t\n\t\t\tenabled \n\t\t \n\t\tEtc/UTC \n\t \n\t\n\t\t\n\t\t\tvmx0 \n\t\t\twan \n\t\t\t192.168.240.137 \n\t\t\t32 \n\t\t\tSavedCfg \n\t\t\t24 \n\t\t\t \n\t\t\n\t\t\tvmx1 \n\t\t\tlan \n\t\t\t192.168.1.242 \n\t\t\t24 \n\t\t\t \n\t\t\n\t\t\tvmx2 \n\t\t\tvpn \n\t\t\t10.0.0.1 \n\t\t\t24 \n\t\t \n\t\t\n\t\t\tvmx3 \n\t\t\tvt1 \n\t\t\t \n\t\t\n\t\t\tlan_100 \n\t\t\tvmx1.1100 \n\t\t\t172.16.151.210 \n\t\t\t24 \n\t\t \n\t \n\t\n\t\t\n\t\t\t\n\t\t\t\t192.168.1.100 \n\t\t\t\t192.168.1.199 \n\t\t\t \n\t\t \n\t \n\t\n\t\t\n\t\t\t\n\t\t\t\t::1000 \n\t\t\t\t::2000 \n\t\t\t \n\t\t\tassist \n\t\t\tmedium \n\t\t \n\t \n\t\n\t\tpublic \n\t \n\t\n\t\t\n\t\t\t \n\t \n\t\n\t\t1 \n\t\t50 \n\t\tipv4 \n\t \n\t\n\t\t\n\t\t\tadvanced \n\t\t\t\n\t\t\t\t\n\t\t\t\t\tany \n\t\t\t\t \n\t\t\t\twan \n\t\t\t\t\n\t\t\t\t\t \n\t\t\t\t\n\t\t\t\t\t1544027052 \n\t\t\t\t\t \n\t\t\t\t\n\t\t\t\t\t1544027052 \n\t\t\t\t\t \n\t\t\t \n\t\t \n\t\t\n\t\t\t\n\t\t\t\t \n\t\t\t\n\t\t\t\twanip \n\t\t\t\t22022 \n\t\t\t \n\t\t\ttcp \n\t\t\t10.255.1.20 \n\t\t\t22 \n\t\t\twan \n\t\t\t\n\t\t\t\t1544085353 \n\t\t\t\t \n\t\t\t\n\t\t\t\t1544085353 \n\t\t\t\t \n\t\t \n\t \n\t\n\t\t\n\t\t\t\n\t\t\t\t\n\t\t\t\t\tfr1
\n\t\t\t\t\ttest_separator \n\t\t\t\t\tbg-info \n\t\t\t\t\tlan \n\t\t\t\t \n\t\t\t \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545574416 \n\t\t\t \n\t\t\ttcp \n\t\t\tantilock_out_1 \n\t\t\t\n\t\t\t\t1545574416 \n\t\t\t \n\t\t\t\n\t\t\t\tport_ssh \n\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\t \n\t\t\t1545574416 \n\t\t\twan \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545574416 \n\t\t\t \n\t\t\ttcp \n\t\t\tantilock_out_2 \n\t\t\t\n\t\t\t\t1545574416 \n\t\t\t \n\t\t\t\n\t\t\t\tport_http \n\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\t \n\t\t\t1545574416 \n\t\t\twan \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545574416 \n\t\t\t \n\t\t\ttcp \n\t\t\tantilock_out_3 \n\t\t\t\n\t\t\t\t1545574416 \n\t\t\t \n\t\t\t\n\t\t\t\t443 \n\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\t \n\t\t\t1545574416 \n\t\t\twan \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545574416 \n\t\t\t \n\t\t\ttcp \n\t\t\tantilock_out_1 \n\t\t\t\n\t\t\t\t1545574416 \n\t\t\t \n\t\t\t\n\t\t\t\tport_ssh \n\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\t \n\t\t\t1545574416 \n\t\t\tlan \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545574416 \n\t\t\t \n\t\t\ttcp \n\t\t\tantilock_out_2 \n\t\t\t\n\t\t\t\t1545574416 \n\t\t\t \n\t\t\t\n\t\t\t\tport_http \n\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\t \n\t\t\t1545574416 \n\t\t\tlan \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545574416 \n\t\t\t \n\t\t\ttcp \n\t\t\tantilock_out_3 \n\t\t\t\n\t\t\t\t1545574416 \n\t\t\t \n\t\t\t\n\t\t\t\t443 \n\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\t \n\t\t\t1545574416 \n\t\t\tlan \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\ticmp \n\t\t\tping_from_poc3_1 \n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\t\n\t\t\t\tsrv_admin \n\t\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\tlan_data_poc3 \n\t\t\t\t \n\t\t\t1545602758 \n\t\t\tlan \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\tudp \n\t\t\tads_to_ads_udp_1_1 \n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\t\n\t\t\t\tport_dns \n\t\t\t\tad_poc2 \n\t\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\tad_poc3 \n\t\t\t\t \n\t\t\t1545602758 \n\t\t\tlan \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\tudp \n\t\t\tads_to_ads_udp_1_2 \n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\t\n\t\t\t\tport_ldap \n\t\t\t\tad_poc2 \n\t\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\tad_poc3 \n\t\t\t\t \n\t\t\t1545602758 \n\t\t\tlan \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\tudp \n\t\t\tads_to_ads_udp_2_1 \n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\t\n\t\t\t\tport_dns \n\t\t\t\tad_poc1 \n\t\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\tad_poc3 \n\t\t\t\t \n\t\t\t1545602758 \n\t\t\tlan \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\tudp \n\t\t\tads_to_ads_udp_2_2 \n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\t\n\t\t\t\tport_ldap \n\t\t\t\tad_poc1 \n\t\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\tad_poc3 \n\t\t\t\t \n\t\t\t1545602758 \n\t\t\tlan \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\ttcp \n\t\t\tads_to_ads_tcp_1_1 \n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\t\n\t\t\t\tport_dns \n\t\t\t\tad_poc2 \n\t\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\tad_poc3 \n\t\t\t\t \n\t\t\t1545602758 \n\t\t\tlan \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\ttcp \n\t\t\tads_to_ads_tcp_1_2 \n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\t\n\t\t\t\tport_ldap \n\t\t\t\tad_poc2 \n\t\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\tad_poc3 \n\t\t\t\t \n\t\t\t1545602758 \n\t\t\tlan \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\ttcp \n\t\t\tads_to_ads_tcp_1_3 \n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\t\n\t\t\t\tport_ldap_ssl \n\t\t\t\tad_poc2 \n\t\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\tad_poc3 \n\t\t\t\t \n\t\t\t1545602758 \n\t\t\tlan \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\ttcp \n\t\t\tads_to_ads_tcp_2_1 \n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\t\n\t\t\t\tport_dns \n\t\t\t\tad_poc1 \n\t\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\tad_poc3 \n\t\t\t\t \n\t\t\t1545602758 \n\t\t\tlan \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\ttcp \n\t\t\tads_to_ads_tcp_2_2 \n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\t\n\t\t\t\tport_ldap \n\t\t\t\tad_poc1 \n\t\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\tad_poc3 \n\t\t\t\t \n\t\t\t1545602758 \n\t\t\tlan \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\ttcp \n\t\t\tads_to_ads_tcp_2_3 \n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\t\n\t\t\t\tport_ldap_ssl \n\t\t\t\tad_poc1 \n\t\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\tad_poc3 \n\t\t\t\t \n\t\t\t1545602758 \n\t\t\tlan \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545574416 \n\t\t\t \n\t\t\ttcp \n\t\t\tantilock_out_1 \n\t\t\t\n\t\t\t\t1545574416 \n\t\t\t \n\t\t\t\n\t\t\t\tport_ssh \n\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\t \n\t\t\t1545574416 \n\t\t\topt3 \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545574416 \n\t\t\t \n\t\t\ttcp \n\t\t\tantilock_out_2 \n\t\t\t\n\t\t\t\t1545574416 \n\t\t\t \n\t\t\t\n\t\t\t\tport_http \n\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\t \n\t\t\t1545574416 \n\t\t\topt3 \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545574416 \n\t\t\t \n\t\t\ttcp \n\t\t\tantilock_out_3 \n\t\t\t\n\t\t\t\t1545574416 \n\t\t\t \n\t\t\t\n\t\t\t\t443 \n\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\t \n\t\t\t1545574416 \n\t\t\topt3 \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\tudp \n\t\t\tvoid_conf_tftp_1 \n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\t\n\t\t\t\t69 \n\t\t\t\tlan_voip_poc2 \n\t\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\tipbx_poc3 \n\t\t\t\t \n\t\t\t1545602758 \n\t\t\topt3 \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\ticmp \n\t\t\tping_from_poc3_2 \n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\t\n\t\t\t\tsrv_admin \n\t\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\tlan_voip_poc3 \n\t\t\t\t \n\t\t\t1545602758 \n\t\t\topt3 \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\tudp \n\t\t\tvoid_conf_tftp_2 \n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\t\n\t\t\t\t69 \n\t\t\t\tlan_voip_poc1 \n\t\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\tipbx_poc3 \n\t\t\t\t \n\t\t\t1545602758 \n\t\t\topt3 \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545574416 \n\t\t\t \n\t\t\ttcp \n\t\t\tantilock_out_1 \n\t\t\t\n\t\t\t\t1545574416 \n\t\t\t \n\t\t\t\n\t\t\t\tport_ssh \n\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\t \n\t\t\t1545574416 \n\t\t\topt1 \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545574416 \n\t\t\t \n\t\t\ttcp \n\t\t\tantilock_out_2 \n\t\t\t\n\t\t\t\t1545574416 \n\t\t\t \n\t\t\t\n\t\t\t\tport_http \n\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\t \n\t\t\t1545574416 \n\t\t\topt1 \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545574416 \n\t\t\t \n\t\t\ttcp \n\t\t\tantilock_out_3 \n\t\t\t\n\t\t\t\t1545574416 \n\t\t\t \n\t\t\t\n\t\t\t\t443 \n\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\t \n\t\t\t1545574416 \n\t\t\topt1 \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\tudp \n\t\t\tvoid_conf_tftp_3 \n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\t\n\t\t\t\t69 \n\t\t\t\tlan_voip_poc3 \n\t\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\tipbx_poc2 \n\t\t\t\t \n\t\t\t1545602758 \n\t\t\topt1 \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\tudp \n\t\t\tads_to_ads_udp_3_1 \n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\t\n\t\t\t\tport_dns \n\t\t\t\tad_poc3 \n\t\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\tad_poc2 \n\t\t\t\t \n\t\t\t1545602758 \n\t\t\topt1 \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\tudp \n\t\t\tads_to_ads_udp_3_2 \n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\t\n\t\t\t\tport_ldap \n\t\t\t\tad_poc3 \n\t\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\tad_poc2 \n\t\t\t\t \n\t\t\t1545602758 \n\t\t\topt1 \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\tudp \n\t\t\tads_to_ads_udp_4_1 \n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\t\n\t\t\t\tport_dns \n\t\t\t\tad_poc3 \n\t\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\tad_poc1 \n\t\t\t\t \n\t\t\t1545602758 \n\t\t\topt1 \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\tudp \n\t\t\tads_to_ads_udp_4_2 \n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\t\n\t\t\t\tport_ldap \n\t\t\t\tad_poc3 \n\t\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\tad_poc1 \n\t\t\t\t \n\t\t\t1545602758 \n\t\t\topt1 \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\tudp \n\t\t\tvoid_conf_tftp_4 \n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\t\n\t\t\t\t69 \n\t\t\t\tlan_voip_poc3 \n\t\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\tipbx_poc1 \n\t\t\t\t \n\t\t\t1545602758 \n\t\t\topt1 \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\ttcp \n\t\t\tads_to_ads_tcp_4_1 \n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\t\n\t\t\t\tport_dns \n\t\t\t\tad_poc3 \n\t\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\tad_poc1 \n\t\t\t\t \n\t\t\t1545602758 \n\t\t\topt1 \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\ttcp \n\t\t\tads_to_ads_tcp_4_2 \n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\t\n\t\t\t\tport_ldap \n\t\t\t\tad_poc3 \n\t\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\tad_poc1 \n\t\t\t\t \n\t\t\t1545602758 \n\t\t\topt1 \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\ttcp \n\t\t\tads_to_ads_tcp_4_3 \n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\t\n\t\t\t\tport_ldap_ssl \n\t\t\t\tad_poc3 \n\t\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\tad_poc1 \n\t\t\t\t \n\t\t\t1545602758 \n\t\t\topt1 \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\tadmin_bypass \n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\t\n\t\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\tsrv_admin \n\t\t\t\t \n\t\t\t1545602758 \n\t\t\topt1 \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\ttcp \n\t\t\tads_to_ads_tcp_3_1 \n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\t\n\t\t\t\tport_dns \n\t\t\t\tad_poc3 \n\t\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\tad_poc2 \n\t\t\t\t \n\t\t\t1545602758 \n\t\t\topt1 \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\ttcp \n\t\t\tads_to_ads_tcp_3_2 \n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\t\n\t\t\t\tport_ldap \n\t\t\t\tad_poc3 \n\t\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\tad_poc2 \n\t\t\t\t \n\t\t\t1545602758 \n\t\t\topt1 \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\ttcp \n\t\t\tads_to_ads_tcp_3_3 \n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\t\n\t\t\t\tport_ldap_ssl \n\t\t\t\tad_poc3 \n\t\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\tad_poc2 \n\t\t\t\t \n\t\t\t1545602758 \n\t\t\topt1 \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t \n\t\n\t\t\n\t\t\tport \n\t\t\tport_ssh \n\t\t\t22 \n\t\t \n\t\t\n\t\t\tport \n\t\t\tport_http \n\t\t\t80 \n\t\t \n\t\t\n\t\t\thost \n\t\t\tsrv_admin \n\t\t\t192.168.1.165 \n\t\t \n\t\t\n\t\t\tport \n\t\t\tport_dns \n\t\t\t51 \n\t\t \n\t\t\n\t\t\tport \n\t\t\tport_ldap \n\t\t\t389 \n\t\t \n\t\t\n\t\t\tport \n\t\t\tport_ldap_ssl \n\t\t\t636 \n\t\t \n\t\n\t\t\tnetwork \n\t\t\tlan_voip_poc2 \n\t\t\t172.16.2.0/24 \n\t\t\t \n\t\t\n\t\t\tnetwork \n\t\t\tlan_voip_poc3 \n\t\t\t172.16.3.0/24 \n\t\t\t \n\t\t\n\t\t\tnetwork \n\t\t\tlan_voip_poc1 \n\t\t\t172.16.1.0/24 \n\t\t\t \n\t\t\n\t\t\thost \n\t\t\tad_poc3 \n\t\t\t192.168.3.3 \n\t\t\t \n\t\t\n\t\t\thost \n\t\t\tad_poc2 \n\t\t\t192.168.2.3 \n\t\t\t \n\t\t\n\t\t\thost \n\t\t\tad_poc1 \n\t\t\t192.168.1.3 \n\t\t\t \n\t\t\n\t\t\tnetwork \n\t\t\tlan_data_poc3 \n\t\t\t192.168.3.0/24 \n\t\t\t \n\t\t\n\t\t\thost \n\t\t\tipbx_poc3 \n\t\t\t172.16.3.3 \n\t\t\t \n\t\t\n\t\t\thost \n\t\t\tipbx_poc2 \n\t\t\t172.16.2.3 \n\t\t\t \n\t\t\n\t\t\thost \n\t\t\tipbx_poc1 \n\t\t\t172.16.1.3 \n\t\t\t \n\t\t\n\t\t\turltable \n\t\t\t10 \n\t\t\thttp://www.acme-corp.com \n\t\t\tacme_corp \n\t\t\t \n\t\t \n\t\n\t\t- \n\t\t\t
1,31 \n\t\t\t0-5 \n\t\t\t* \n\t\t\t* \n\t\t\t* \n\t\t\troot \n\t\t\t/usr/bin/nice -n20 adjkerntz -a \n\t\t \n\t\t- \n\t\t\t
1 \n\t\t\t3 \n\t\t\t1 \n\t\t\t* \n\t\t\t* \n\t\t\troot \n\t\t\t/usr/bin/nice -n20 /etc/rc.update_bogons.sh \n\t\t \n\t\t- \n\t\t\t
*/60 \n\t\t\t* \n\t\t\t* \n\t\t\t* \n\t\t\t* \n\t\t\troot \n\t\t\t/usr/bin/nice -n20 /usr/local/sbin/expiretable -v -t 3600 sshguard \n\t\t \n\t\t- \n\t\t\t
*/60 \n\t\t\t* \n\t\t\t* \n\t\t\t* \n\t\t\t* \n\t\t\troot \n\t\t\t/usr/bin/nice -n20 /usr/local/sbin/expiretable -v -t 3600 webConfiguratorlockout \n\t\t \n\t\t- \n\t\t\t
1 \n\t\t\t1 \n\t\t\t* \n\t\t\t* \n\t\t\t* \n\t\t\troot \n\t\t\t/usr/bin/nice -n20 /etc/rc.dyndns.update \n\t\t \n\t\t- \n\t\t\t
*/60 \n\t\t\t* \n\t\t\t* \n\t\t\t* \n\t\t\t* \n\t\t\troot \n\t\t\t/usr/bin/nice -n20 /usr/local/sbin/expiretable -v -t 3600 virusprot \n\t\t \n\t\t- \n\t\t\t
30 \n\t\t\t12 \n\t\t\t* \n\t\t\t* \n\t\t\t* \n\t\t\troot \n\t\t\t/usr/bin/nice -n20 /etc/rc.update_urltables \n\t\t \n\t\t- \n\t\t\t
1 \n\t\t\t0 \n\t\t\t* \n\t\t\t* \n\t\t\t* \n\t\t\troot \n\t\t\t/usr/bin/nice -n20 /etc/rc.update_pkg_metadata \n\t\t \n\t\t- \n\t\t\t
0 \n\t\t\t0 \n\t\t\t* \n\t\t\t* \n\t\t\t* \n\t\t\troot \n\t\t\t/usr/local/sbin/squid -k rotate -f /usr/local/etc/squid/squid.conf \n\t\t \n\t\t- \n\t\t\t
15 \n\t\t\t0 \n\t\t\t* \n\t\t\t* \n\t\t\t* \n\t\t\troot \n\t\t\t/usr/local/pkg/swapstate_check.php \n\t\t \n\t \n\t\n\t\t \n\t\n\t\t\n\t\t\tICMP \n\t\t\ticmp \n\t\t\tICMP \n\t\t\t \n\t\t\n\t\t\tTCP \n\t\t\ttcp \n\t\t\tGeneric TCP \n\t\t\t \n\t\t\n\t\t\tHTTP \n\t\t\thttp \n\t\t\tGeneric HTTP \n\t\t\t\n\t\t\t\t/ \n\t\t\t\t200\n\t\t\t \n\t\t \n\t\t\n\t\t\tHTTPS \n\t\t\thttps \n\t\t\tGeneric HTTPS \n\t\t\t\n\t\t\t\t/ \n\t\t\t\t200\n\t\t\t \n\t\t \n\t\t\n\t\t\tSMTP \n\t\t\tsend \n\t\t\tGeneric SMTP \n\t\t\t\n\t\t\t\t220 * \n\t\t\t \n\t\t \n\t \n\t\n\t\tsystem_information:col1:open:0,interfaces:col2:open:0 \n\t\t10 \n\t \n\t\n\t\t \n\t\n\t\t1545602758 \n\t\taggregated change \n\t\t \n\t\n\t\t5c00e5f9029df \n\t\twebConfigurator default (5c00e5f9029df) \n\t\tserver \n\t\tLS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUVlakNDQTJLZ0F3SUJBZ0lCQURBTkJna3Foa2lHOXcwQkFRc0ZBREJhTVRnd05nWURWUVFLRXk5d1psTmwKYm5ObElIZGxZa052Ym1acFozVnlZWFJ2Y2lCVFpXeG1MVk5wWjI1bFpDQkRaWEowYVdacFkyRjBaVEVlTUJ3RwpBMVVFQXhNVmNHWlRaVzV6WlMwMVl6QXdaVFZtT1RBeU9XUm1NQjRYRFRFNE1URXpNREEzTWpVME5Wb1hEVEkwCk1EVXlNakEzTWpVME5Wb3dXakU0TURZR0ExVUVDaE12Y0daVFpXNXpaU0IzWldKRGIyNW1hV2QxY21GMGIzSWcKVTJWc1ppMVRhV2R1WldRZ1EyVnlkR2xtYVdOaGRHVXhIakFjQmdOVkJBTVRGWEJtVTJWdWMyVXROV013TUdVMQpaamt3TWpsa1pqQ0NBU0l3RFFZSktvWklodmNOQVFFQkJRQURnZ0VQQURDQ0FRb0NnZ0VCQU9SRHNBV1hlMitrCmtuUFpBUGxBUG1QUUl6RVBDaXBQdXJ4dmE4c0psSCtiNitKRzl4bnpreXptaVR5SFc0M0tmZzVKNzhCdG1jTmQKWlgvZHlyckZ6dlNiQnZpa21lWk9MdGVaejVaaGFOdkxsbjBxRWZibEFwbWdkUS9Nck42eURoTWNZYWN6SEduTwpTaHdFRWZoMHhuOGo5VEFCMG9vT0JyU2dINnpkTjF2YVFIZzBJeDhIa0toUzY5eDRoV3g2WUUrRE9UQk00NUcwCkNVbitUVzNTSytQaU5QaFExT2tyRHlKL21ZLzdmVXpRZkg1bk5ZcEtNZUE2cVZxdUZTa1g0a0RVRlFwOHNoNG4KMXR5QmtJM2gvTFRpTW5uNjhBMXhKOFdrVW8yUWNxNmNuR0hqL0VGbkVKWWRraTVsYUtDWG5wS0Y0c2hrZHJaVgpRN21ybithUHg5OENBd0VBQWFPQ0FVa3dnZ0ZGTUFrR0ExVWRFd1FDTUFBd0VRWUpZSVpJQVliNFFnRUJCQVFECkFnWkFNQXNHQTFVZER3UUVBd0lGb0RBekJnbGdoa2dCaHZoQ0FRMEVKaFlrVDNCbGJsTlRUQ0JIWlc1bGNtRjAKWldRZ1UyVnlkbVZ5SUVObGNuUnBabWxqWVhSbE1CMEdBMVVkRGdRV0JCU3Qra3hud054UlFGT2pXVTljekRwegp4elRYd2pDQmdnWURWUjBqQkhzd2VZQVVyZnBNWjhEY1VVQlRvMWxQWE13NmM4YzAxOEtoWHFSY01Gb3hPREEyCkJnTlZCQW9UTDNCbVUyVnVjMlVnZDJWaVEyOXVabWxuZFhKaGRHOXlJRk5sYkdZdFUybG5ibVZrSUVObGNuUnAKWm1sallYUmxNUjR3SEFZRFZRUURFeFZ3WmxObGJuTmxMVFZqTURCbE5XWTVNREk1WkdhQ0FRQXdIUVlEVlIwbApCQll3RkFZSUt3WUJCUVVIQXdFR0NDc0dBUVVGQ0FJQ01DQUdBMVVkRVFRWk1CZUNGWEJtVTJWdWMyVXROV013Ck1HVTFaamt3TWpsa1pqQU5CZ2txaGtpRzl3MEJBUXNGQUFPQ0FRRUEzZHhIRWR5SkpWeC9od0t3WGlwcXYrY04KWFpSQ3Q1NUFHbnNGeXZIcG5Rb3pxYzV1ZFdKSTFUcGF1TGNaZjF6OFM1cXQyUDd3V1BndFhnZ3BIWmgydUlqagpha2ZpV0JIQnorS3Q2Qjl5K2hmVTVPRHUwSXMrcHJyWngyM0ZNNjVCOFNiMGlmUlMvZXFTTFpHTHcvLzdhRVJ2CnVpOUhKOXRuemhRYklMb1VwUUQ5MTRLNERldXdJYXZ4dldMTElwMGsreWNoSTczV2NGR1VZVlJpanFNekhlcUcKY2RLRDVtbXZQTk1OYXdESVhuU3pldVpQMTkvVmhuc0J0Y3hiYzNMQ2RSR1VJS0ZNN2syK0xoaEZrdks1NjhlNQozalpNZjNSVWhQaTlFeEF2Vmw3blVyd1l4UU45TXhHMUJzZmNrYldNd1dUL3lFMHFnRHcrT2M4b21SSW9tZz09Ci0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K \n\t\tLS0tLS1CRUdJTiBQUklWQVRFIEtFWS0tLS0tCk1JSUV2UUlCQURBTkJna3Foa2lHOXcwQkFRRUZBQVNDQktjd2dnU2pBZ0VBQW9JQkFRRGtRN0FGbDN0dnBKSnoKMlFENVFENWowQ014RHdvcVQ3cThiMnZMQ1pSL20rdmlSdmNaODVNczVvazhoMXVOeW40T1NlL0FiWm5EWFdWLwozY3E2eGM3MG13YjRwSm5tVGk3WG1jK1dZV2pieTVaOUtoSDI1UUtab0hVUHpLemVzZzRUSEdHbk14eHB6a29jCkJCSDRkTVovSS9Vd0FkS0tEZ2Ewb0IrczNUZGIya0I0TkNNZkI1Q29VdXZjZUlWc2VtQlBnemt3VE9PUnRBbEoKL2sxdDBpdmo0alQ0VU5UcEt3OGlmNW1QKzMxTTBIeCtaeldLU2pIZ09xbGFyaFVwRitKQTFCVUtmTEllSjliYwpnWkNONGZ5MDRqSjUrdkFOY1NmRnBGS05rSEt1bkp4aDQveEJaeENXSFpJdVpXaWdsNTZTaGVMSVpIYTJWVU81CnE1L21qOGZmQWdNQkFBRUNnZ0VCQUpmblI1TmhESjd1T1J2cEZKSEtvL3BPZjZ6ZElsbW45MUFCSWczYkVUeWUKcWFwS3FaUldtT0d2aFRLSHJYQzlpWWUrd2xNZlhNMDdNUm1Yb3BzS21rQURqdThXc3VnbHJWeURHamNzR2RqegpNZkdYZHA4RUplZlFkVGFQY1pjOWpNcEEvK2VCeHUzT2Yxa0hpR0g4YkVBZDBNUWk0bFpISVVWQXJmT2V2NEZhCmlaTEJGdTEzY0pCMEJNbzJUZU9JZDQ1R0p3OXVTQWd3Q1VuZWQ5WG42SlkremI3cVRKUE1qQkdlYWY0L0E5UnMKV29nWW85ZUtYaTF3YmFRcGthdUZINWx2U29jckRsQWRiaERiam00c0lIdzJtQUwwSUk0d1YzVTJLbUhFMEg3Nwp2b1M0dUdHNW1BZFZ0elRDTnZOa09YMC9WVWdNMTJ1eHllZVZ4c3FaTkxFQ2dZRUEvcFhJR2hDNlhkVkNNNDk1CkVsR1RENW4zUXdUOTZXZkNRQ0w2cXlaK1UwUHNla0dDV2pXTWt3R2tHbWl1ZkVKdFN2VFl2d1NzcUZpaTZsdlkKNXRKSkR3dEd4ZW0weEF0SWc3RlNuUVcvdDNWcExXOE9QVmFXQ0lOSXJKSHc3L2tOZ2RpVmNBWXpiN05DUGtjVgptTEs5aSt6bXpKMmkrbE9vaFVKRlE5aVZEQWNDZ1lFQTVZaDFHYWlGMUl6UzRVdE9pZklLcjZ3bW40MEQ3ZEVmClF5SXF5d3JSTVcya1BxVkViaVBCVkM3dUxUeUlKMWdwVDhPakl3WFlrOUlRdW01ZW42TTc2aXlxYmUrY3JhdE8KbEliK3pLL2RBNzZuUjBHOGJ2eVBmMS9FbU5vL0J1ZUZldWQyaWNacWhMd25HUkxUL0FPQktkMTZ4ZGtoSjdkVwo5WWRsbmliL0gya0NnWUJqaC8rQllVVGJab0xKVWJCTjN5S1ZtT1k0aDMwVmdZRktQZUt1Z3hBa1VZdmtpRFFFClBLZEcyZjlrYThTN3crU2l4M0x0eTFBTlNRbjRnZ3djd2QzYVNkaFRpL2ttSkJzbmtXM3hBY3hnVjBEVmlIT1MKdTRWUXNyTDQ5TjJ6bERVWnJLbFA4THl2VU8vM0ZTZDJXWHNOZDRNTVFCejFyVHRYVGY5eWRQeGdoUUtCZ0FzRgptWEhvK0x3ekl2RTBsNG5pT0ljbEFobkpRTFlMdzYrS2xYbDRoSUVXSGJ2d1hhL1lRYkZVSzVXNmdXTTZSWW1TCkFHUnZKRzQ4dVJicXM5cUFrU0Qya2h5RFZBZTI0U2dhcjJPTzBsTWF0WmVqWFhRSzVxMGNJU21oMlVMd25TVkEKdGgxNWpLWGhEeE9TSnVIRUhWQ3dWUFBwTUVGaStXY0M0R3RPdmhONUFvR0FKbXdFSkR2QkZtL0t0SXlZMDhuQgpJSExkc1dSWmRXOXpNbHBsMVk2OTV1b21qS1hVMEwva3VDZ1QwRFVVVG1VK0Q3aGFZL2FQajB6MWpqR0JGcEQ0ClJ3cVA2dVJQTVhRMExLSG5IbmFQclJzanM2Q2xicVQ4ZU93dTRkeVpmYUtTS3VvbVpDZ1pkV2ZxWThVL21tbWIKT21vckhNeWJzWG0wWnJNaTZOemlzam89Ci0tLS0tRU5EIFBSSVZBVEUgS0VZLS0tLS0K \n\t \n\t\n\t\t\n\t\t\twan \n\t\t\t192.168.1.220 \n\t\t\tGW_WAN \n\t\t\t1 \n\t\t\tinet \n\t\t\tInterface wan Gateway \n\t\t \n\t\t\n\t\t\tlan \n\t\t\t192.168.1.220 \n\t\t\tGW_LAN \n\t\t\t1 \n\t\t\tinet \n\t\t\tInterface lan Gateway \n\t\t \n\t\tGW_WAN \n\t \n\t\n\t\t\n\t\t\tnmap \n\t\t\tNMap is a utility for network exploration or security auditing.&amp;amp;amp;amp;amp;amp;amp;amp;amp;amp;lt;br/&amp;amp;amp;amp;amp;amp;amp;amp;amp;amp;gt;\n\t\t\tIt supports ping scanning (determine which hosts are up), many port scanning techniques (determine what services the hosts are offering), version detection (determine what application/service is running on a port), and TCP/IP fingerprinting (remote host OS or device identification).\n\t\t\tIt also offers flexible target and port specification, decoy/stealth scanning, SunRPC scanning, and more. \n\t\t\t1.4.4_1 \n\t\t\thttps://doc.pfsense.org/index.php/Nmap_package \n\t\t\tnmap.xml \n\t\t\t/usr/local/pkg/nmap.inc \n\t\t \n\t\t\n\t\t\tiftop \n\t\t\thttps://forum.pfsense.org/ \n\t\t\tRealtime interface monitor (console/shell only). \n\t\t\thttp://www.ex-parrot.com/~pdw/iftop/ \n\t\t\t0.17_2 \n\t\t\tiftop.xml \n\t\t \n\t\t\n\t\t\tOpen-VM-Tools \n\t\t\tVMware Tools is a suite of utilities that enhances the performance of the virtual machine's guest operating system and improves management of the virtual machine. \n\t\t\thttp://open-vm-tools.sourceforge.net/ \n\t\t\t10.1.0,1 \n\t\t\thttps://doc.pfsense.org/index.php/Open_VM_Tools_package \n\t\t\topen-vm-tools.xml \n\t\t\t/usr/local/pkg/open-vm-tools.inc \n\t\t \n\t\t\n\t\t\tsquid3 \n\t\t\tsquid \n\t\t\tHigh performance web proxy cache (3.4 branch). It combines Squid as a proxy server with its capabilities of acting as a HTTP / HTTPS reverse proxy.&amp;amp;amp;amp;amp;amp;amp;amp;amp;amp;lt;br /&amp;amp;amp;amp;amp;amp;amp;amp;amp;amp;gt;\n\t\t\tIt includes an Exchange-Web-Access (OWA) Assistant, SSL filtering and antivirus integration via C-ICAP. \n\t\t\thttps://forum.pfsense.org/index.php?board=60.0 \n\t\t\thttp://www.squid-cache.org/ \n\t\t\t0.4.44_7 \n\t\t\tsquid.xml \n\t\t\tsquid_generate_rules \n\t\t\t\n\t\t\t\t\n\t\t\t\t\tGeneral \n\t\t\t\t\t/pkg_edit.php?xml=squid.xml&id=0 \n\t\t\t\t\t \n\t\t\t\t\n\t\t\t\t\tRemote Cache \n\t\t\t\t\t/pkg.php?xml=squid_upstream.xml \n\t\t\t\t \n\t\t\t\t\n\t\t\t\t\tLocal Cache \n\t\t\t\t\t/pkg_edit.php?xml=squid_cache.xml&id=0 \n\t\t\t\t \n\t\t\t\t\n\t\t\t\t\tAntivirus \n\t\t\t\t\t/pkg_edit.php?xml=squid_antivirus.xml&id=0 \n\t\t\t\t \n\t\t\t\t\n\t\t\t\t\tACLs \n\t\t\t\t\t/pkg_edit.php?xml=squid_nac.xml&id=0 \n\t\t\t\t \n\t\t\t\t\n\t\t\t\t\tTraffic Mgmt \n\t\t\t\t\t/pkg_edit.php?xml=squid_traffic.xml&id=0 \n\t\t\t\t \n\t\t\t\t\n\t\t\t\t\tAuthentication \n\t\t\t\t\t/pkg_edit.php?xml=squid_auth.xml&id=0 \n\t\t\t\t \n\t\t\t\t\n\t\t\t\t\tUsers \n\t\t\t\t\t/pkg.php?xml=squid_users.xml \n\t\t\t\t \n\t\t\t\t\n\t\t\t\t\tReal Time \n\t\t\t\t\t/squid_monitor.php \n\t\t\t\t \n\t\t\t\t\n\t\t\t\t\tSync \n\t\t\t\t\t/pkg_edit.php?xml=squid_sync.xml \n\t\t\t\t \n\t\t\t \n\t\t\t/usr/local/pkg/squid.inc \n\t\t \n\t\t\n\t\t\tNMap \n\t\t\t\n\t\t\tnmap.xml \n\t\t \n\t\t\n\t\t\tSquid Proxy Server \n\t\t\tModify the proxy server settings \n\t\t\t\n\t\t\t/pkg_edit.php?xml=squid.xml&id=0 \n\t\t \n\t\t\n\t\t\tSquid Reverse Proxy \n\t\t\tModify the reverse proxy server settings \n\t\t\t\n\t\t\t/pkg_edit.php?xml=squid_reverse_general.xml&id=0 \n\t\t \n\t\t\n\t\t\tvmware-guestd \n\t\t\tvmware-guestd.sh \n\t\t\tmwexec(\"/usr/local/etc/rc.d/vmware-guestd status\") == 0; \n\t\t\tVMware Guest Daemon \n\t\t \n\t\t\n\t\t\tvmware-kmod \n\t\t\tvmware-kmod.sh \n\t\t\tmwexec(\"/usr/local/etc/rc.d/vmware-kmod status\") == 0; \n\t\t\tVMware Kernel Modules \n\t\t \n\t\t\n\t\t\tsquid \n\t\t\tsquid.sh \n\t\t\tsquid \n\t\t\tSquid Proxy Server Service \n\t\t \n\t\t\n\t\t\tclamd \n\t\t\tclamd.sh \n\t\t\tclamd \n\t\t\tClamAV Antivirus \n\t\t \n\t\t\n\t\t\tc-icap \n\t\t\tc-icap.sh \n\t\t\tc-icap \n\t\t\tICAP Inteface for Squid and ClamAV integration \n\t\t \n\t\t\n\t\t\t\n\t\t\t\theap LFUDA \n\t\t\t\t90 \n\t\t\t\t95 \n\t\t\t\t100 \n\t\t\t\tufs \n\t\t\t\t16 \n\t\t\t\t/var/squid/cache \n\t\t\t\t0 \n\t\t\t\t4 \n\t\t\t\t64 \n\t\t\t\t256 \n\t\t\t\theap GDSF \n\t\t\t\t \n\t\t \n\t\t\n\t\t\t\n\t\t\t\tnone \n\t\t\t \n\t\t \n\t\t\n\t\t\t\n\t\t\t\ton \n\t\t\t\ton \n\t\t\t\tlan \n\t\t\t\t3128 \n\t\t\t\ton \n\t\t\t\tlan \n\t\t\t\tsplicewhitelist \n\t\t\t\tlan \n\t\t\t\tmodern \n\t\t\t\t2048 \n\t\t\t\tnone \n\t\t\t\t/var/squid/logs \n\t\t\t\tlocalhost \n\t\t\t\tadmin@localhost \n\t\t\t\ten \n\t\t\t\ton \n\t\t\t\tstrip \n\t\t\t\t \n\t\t \n\t\t\n\t\t\t\n\t\t\t\tLg== \n\t\t\t\t \n\t\t \n\t \n\t\n\t \n\t\n\t\t\n\t\t\tipalias \n\t\t\tlan \n\t\t\t5c0a4b6139b05 \n\t\t\tsingle \n\t\t\t24 \n\t\t\t10.255.2.254 \n\t\t \n\t\t\n\t\t\tipalias \n\t\t\tlan \n\t\t\t5c0a4bd391375 \n\t\t\tsingle \n\t\t\t24 \n\t\t\t10.255.3.254 \n\t\t \n\t \n\t\n\t\t\n\t\t\tpfSense \n\t\t\tacme.com \n\t\t \n\t \n\t\n\t\t\n\t\t\tvmx1 \n\t\t\t1100 \n\t\t\tvmx1.1100 \n\t\t \n\t \n \n"
},
{
"path": "tests/unit/plugins/modules/fixtures/pfsense_alias_null_config.xml",
"content": "\n\t18.9 \n\t\n\t\tnormal \n\t\tpfSense \n\t\tacme.com \n\t\ton \n\t\t\n\t\t\tall \n\t\t\tAll Users \n\t\t\tsystem \n\t\t\t1998 \n\t\t \n\t\t\n\t\t\tadmins \n\t\t\tSystem Administrators \n\t\t\tsystem \n\t\t\t1999 \n\t\t\t0 \n\t\t\tpage-all \n\t\t \n\t\t\n\t\t\tsystem \n\t\t\ttest \n\t\t\t \n\t\t\n\t\t\tsystem \n\t\t\tgroupe1 \n\t\t\t \n\t\t\n\t\t\tsystem \n\t\t\tgroupe2 \n\t\t\t \n\t\t\n\t\t\tadmin \n\t\t\tSystem Administrator \n\t\t\tsystem \n\t\t\tadmins \n\t\t\t$2y$10$AMCpA.Z.RNaferLp1yzFq.BvaGgfqaJKtQug7OErbocyNagsEK6xW \n\t\t\t0 \n\t\t\tuser-shell-access \n\t\t\t2 \n\t\t\tpfSense.css \n\t\t \n\t\t2000 \n\t\t2000 \n\t\t0.pfsense.pool.ntp.org \n\t\t\n\t\t\thttp \n\t\t\t5c00e5f9029df \n\t\t\t2 \n\t\t \n\t\tyes \n\t\t400000 \n\t\thadp \n\t\thadp \n\t\thadp \n\t\t\n\t\t\tmonthly \n\t\t \n\t\t\n\t\t\tenabled \n\t\t \n\t\tEtc/UTC \n\t \n\t\n\t\t\n\t\t\tvmx0 \n\t\t\twan \n\t\t\t192.168.240.137 \n\t\t\t32 \n\t\t\tSavedCfg \n\t\t\t24 \n\t\t\t \n\t\t\n\t\t\tvmx1 \n\t\t\tlan \n\t\t\t192.168.1.242 \n\t\t\t24 \n\t\t\t \n\t\t\n\t\t\tvmx2 \n\t\t\tvpn \n\t\t\t10.0.0.1 \n\t\t\t24 \n\t\t \n\t\t\n\t\t\tvmx3 \n\t\t\tvt1 \n\t\t\t \n\t\t\n\t\t\tlan_100 \n\t\t\tvmx1.1100 \n\t\t\t172.16.151.210 \n\t\t\t24 \n\t\t \n\t \n\t\n\t\t\n\t\t\t\n\t\t\t\t192.168.1.100 \n\t\t\t\t192.168.1.199 \n\t\t\t \n\t\t \n\t \n\t\n\t\t\n\t\t\t\n\t\t\t\t::1000 \n\t\t\t\t::2000 \n\t\t\t \n\t\t\tassist \n\t\t\tmedium \n\t\t \n\t \n\t\n\t\tpublic \n\t \n\t\n\t\t\n\t\t\t \n\t \n\t\n\t\t1 \n\t\t50 \n\t\tipv4 \n\t \n\t\n\t\t\n\t\t\tadvanced \n\t\t\t\n\t\t\t\t\n\t\t\t\t\tany \n\t\t\t\t \n\t\t\t\twan \n\t\t\t\t\n\t\t\t\t\t \n\t\t\t\t\n\t\t\t\t\t1544027052 \n\t\t\t\t\t \n\t\t\t\t\n\t\t\t\t\t1544027052 \n\t\t\t\t\t \n\t\t\t \n\t\t \n\t\t\n\t\t\t\n\t\t\t\t \n\t\t\t\n\t\t\t\twanip \n\t\t\t\t22022 \n\t\t\t \n\t\t\ttcp \n\t\t\t10.255.1.20 \n\t\t\t22 \n\t\t\twan \n\t\t\t\n\t\t\t\t1544085353 \n\t\t\t\t \n\t\t\t\n\t\t\t\t1544085353 \n\t\t\t\t \n\t\t \n\t \n\t\n\t\t\n\t\t\t\n\t\t\t\t\n\t\t\t\t\tfr1
\n\t\t\t\t\ttest_separator \n\t\t\t\t\tbg-info \n\t\t\t\t\tlan \n\t\t\t\t \n\t\t\t \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545574416 \n\t\t\t \n\t\t\ttcp \n\t\t\tantilock_out_1 \n\t\t\t\n\t\t\t\t1545574416 \n\t\t\t \n\t\t\t\n\t\t\t\tport_ssh \n\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\t \n\t\t\t1545574416 \n\t\t\twan \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545574416 \n\t\t\t \n\t\t\ttcp \n\t\t\tantilock_out_2 \n\t\t\t\n\t\t\t\t1545574416 \n\t\t\t \n\t\t\t\n\t\t\t\tport_http \n\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\t \n\t\t\t1545574416 \n\t\t\twan \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545574416 \n\t\t\t \n\t\t\ttcp \n\t\t\tantilock_out_3 \n\t\t\t\n\t\t\t\t1545574416 \n\t\t\t \n\t\t\t\n\t\t\t\t443 \n\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\t \n\t\t\t1545574416 \n\t\t\twan \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545574416 \n\t\t\t \n\t\t\ttcp \n\t\t\tantilock_out_1 \n\t\t\t\n\t\t\t\t1545574416 \n\t\t\t \n\t\t\t\n\t\t\t\tport_ssh \n\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\t \n\t\t\t1545574416 \n\t\t\tlan \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545574416 \n\t\t\t \n\t\t\ttcp \n\t\t\tantilock_out_2 \n\t\t\t\n\t\t\t\t1545574416 \n\t\t\t \n\t\t\t\n\t\t\t\tport_http \n\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\t \n\t\t\t1545574416 \n\t\t\tlan \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545574416 \n\t\t\t \n\t\t\ttcp \n\t\t\tantilock_out_3 \n\t\t\t\n\t\t\t\t1545574416 \n\t\t\t \n\t\t\t\n\t\t\t\t443 \n\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\t \n\t\t\t1545574416 \n\t\t\tlan \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\ticmp \n\t\t\tping_from_poc3_1 \n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\t\n\t\t\t\tsrv_admin \n\t\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\tlan_data_poc3 \n\t\t\t\t \n\t\t\t1545602758 \n\t\t\tlan \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\tudp \n\t\t\tads_to_ads_udp_1_1 \n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\t\n\t\t\t\tport_dns \n\t\t\t\tad_poc2 \n\t\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\tad_poc3 \n\t\t\t\t \n\t\t\t1545602758 \n\t\t\tlan \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\tudp \n\t\t\tads_to_ads_udp_1_2 \n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\t\n\t\t\t\tport_ldap \n\t\t\t\tad_poc2 \n\t\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\tad_poc3 \n\t\t\t\t \n\t\t\t1545602758 \n\t\t\tlan \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\tudp \n\t\t\tads_to_ads_udp_2_1 \n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\t\n\t\t\t\tport_dns \n\t\t\t\tad_poc1 \n\t\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\tad_poc3 \n\t\t\t\t \n\t\t\t1545602758 \n\t\t\tlan \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\tudp \n\t\t\tads_to_ads_udp_2_2 \n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\t\n\t\t\t\tport_ldap \n\t\t\t\tad_poc1 \n\t\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\tad_poc3 \n\t\t\t\t \n\t\t\t1545602758 \n\t\t\tlan \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\ttcp \n\t\t\tads_to_ads_tcp_1_1 \n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\t\n\t\t\t\tport_dns \n\t\t\t\tad_poc2 \n\t\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\tad_poc3 \n\t\t\t\t \n\t\t\t1545602758 \n\t\t\tlan \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\ttcp \n\t\t\tads_to_ads_tcp_1_2 \n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\t\n\t\t\t\tport_ldap \n\t\t\t\tad_poc2 \n\t\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\tad_poc3 \n\t\t\t\t \n\t\t\t1545602758 \n\t\t\tlan \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\ttcp \n\t\t\tads_to_ads_tcp_1_3 \n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\t\n\t\t\t\tport_ldap_ssl \n\t\t\t\tad_poc2 \n\t\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\tad_poc3 \n\t\t\t\t \n\t\t\t1545602758 \n\t\t\tlan \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\ttcp \n\t\t\tads_to_ads_tcp_2_1 \n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\t\n\t\t\t\tport_dns \n\t\t\t\tad_poc1 \n\t\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\tad_poc3 \n\t\t\t\t \n\t\t\t1545602758 \n\t\t\tlan \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\ttcp \n\t\t\tads_to_ads_tcp_2_2 \n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\t\n\t\t\t\tport_ldap \n\t\t\t\tad_poc1 \n\t\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\tad_poc3 \n\t\t\t\t \n\t\t\t1545602758 \n\t\t\tlan \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\ttcp \n\t\t\tads_to_ads_tcp_2_3 \n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\t\n\t\t\t\tport_ldap_ssl \n\t\t\t\tad_poc1 \n\t\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\tad_poc3 \n\t\t\t\t \n\t\t\t1545602758 \n\t\t\tlan \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545574416 \n\t\t\t \n\t\t\ttcp \n\t\t\tantilock_out_1 \n\t\t\t\n\t\t\t\t1545574416 \n\t\t\t \n\t\t\t\n\t\t\t\tport_ssh \n\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\t \n\t\t\t1545574416 \n\t\t\topt3 \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545574416 \n\t\t\t \n\t\t\ttcp \n\t\t\tantilock_out_2 \n\t\t\t\n\t\t\t\t1545574416 \n\t\t\t \n\t\t\t\n\t\t\t\tport_http \n\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\t \n\t\t\t1545574416 \n\t\t\topt3 \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545574416 \n\t\t\t \n\t\t\ttcp \n\t\t\tantilock_out_3 \n\t\t\t\n\t\t\t\t1545574416 \n\t\t\t \n\t\t\t\n\t\t\t\t443 \n\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\t \n\t\t\t1545574416 \n\t\t\topt3 \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\tudp \n\t\t\tvoid_conf_tftp_1 \n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\t\n\t\t\t\t69 \n\t\t\t\tlan_voip_poc2 \n\t\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\tipbx_poc3 \n\t\t\t\t \n\t\t\t1545602758 \n\t\t\topt3 \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\ticmp \n\t\t\tping_from_poc3_2 \n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\t\n\t\t\t\tsrv_admin \n\t\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\tlan_voip_poc3 \n\t\t\t\t \n\t\t\t1545602758 \n\t\t\topt3 \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\tudp \n\t\t\tvoid_conf_tftp_2 \n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\t\n\t\t\t\t69 \n\t\t\t\tlan_voip_poc1 \n\t\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\tipbx_poc3 \n\t\t\t\t \n\t\t\t1545602758 \n\t\t\topt3 \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545574416 \n\t\t\t \n\t\t\ttcp \n\t\t\tantilock_out_1 \n\t\t\t\n\t\t\t\t1545574416 \n\t\t\t \n\t\t\t\n\t\t\t\tport_ssh \n\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\t \n\t\t\t1545574416 \n\t\t\topt1 \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545574416 \n\t\t\t \n\t\t\ttcp \n\t\t\tantilock_out_2 \n\t\t\t\n\t\t\t\t1545574416 \n\t\t\t \n\t\t\t\n\t\t\t\tport_http \n\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\t \n\t\t\t1545574416 \n\t\t\topt1 \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545574416 \n\t\t\t \n\t\t\ttcp \n\t\t\tantilock_out_3 \n\t\t\t\n\t\t\t\t1545574416 \n\t\t\t \n\t\t\t\n\t\t\t\t443 \n\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\t \n\t\t\t1545574416 \n\t\t\topt1 \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\tudp \n\t\t\tvoid_conf_tftp_3 \n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\t\n\t\t\t\t69 \n\t\t\t\tlan_voip_poc3 \n\t\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\tipbx_poc2 \n\t\t\t\t \n\t\t\t1545602758 \n\t\t\topt1 \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\tudp \n\t\t\tads_to_ads_udp_3_1 \n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\t\n\t\t\t\tport_dns \n\t\t\t\tad_poc3 \n\t\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\tad_poc2 \n\t\t\t\t \n\t\t\t1545602758 \n\t\t\topt1 \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\tudp \n\t\t\tads_to_ads_udp_3_2 \n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\t\n\t\t\t\tport_ldap \n\t\t\t\tad_poc3 \n\t\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\tad_poc2 \n\t\t\t\t \n\t\t\t1545602758 \n\t\t\topt1 \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\tudp \n\t\t\tads_to_ads_udp_4_1 \n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\t\n\t\t\t\tport_dns \n\t\t\t\tad_poc3 \n\t\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\tad_poc1 \n\t\t\t\t \n\t\t\t1545602758 \n\t\t\topt1 \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\tudp \n\t\t\tads_to_ads_udp_4_2 \n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\t\n\t\t\t\tport_ldap \n\t\t\t\tad_poc3 \n\t\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\tad_poc1 \n\t\t\t\t \n\t\t\t1545602758 \n\t\t\topt1 \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\tudp \n\t\t\tvoid_conf_tftp_4 \n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\t\n\t\t\t\t69 \n\t\t\t\tlan_voip_poc3 \n\t\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\tipbx_poc1 \n\t\t\t\t \n\t\t\t1545602758 \n\t\t\topt1 \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\ttcp \n\t\t\tads_to_ads_tcp_4_1 \n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\t\n\t\t\t\tport_dns \n\t\t\t\tad_poc3 \n\t\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\tad_poc1 \n\t\t\t\t \n\t\t\t1545602758 \n\t\t\topt1 \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\ttcp \n\t\t\tads_to_ads_tcp_4_2 \n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\t\n\t\t\t\tport_ldap \n\t\t\t\tad_poc3 \n\t\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\tad_poc1 \n\t\t\t\t \n\t\t\t1545602758 \n\t\t\topt1 \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\ttcp \n\t\t\tads_to_ads_tcp_4_3 \n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\t\n\t\t\t\tport_ldap_ssl \n\t\t\t\tad_poc3 \n\t\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\tad_poc1 \n\t\t\t\t \n\t\t\t1545602758 \n\t\t\topt1 \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\tadmin_bypass \n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\t\n\t\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\tsrv_admin \n\t\t\t\t \n\t\t\t1545602758 \n\t\t\topt1 \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\ttcp \n\t\t\tads_to_ads_tcp_3_1 \n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\t\n\t\t\t\tport_dns \n\t\t\t\tad_poc3 \n\t\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\tad_poc2 \n\t\t\t\t \n\t\t\t1545602758 \n\t\t\topt1 \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\ttcp \n\t\t\tads_to_ads_tcp_3_2 \n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\t\n\t\t\t\tport_ldap \n\t\t\t\tad_poc3 \n\t\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\tad_poc2 \n\t\t\t\t \n\t\t\t1545602758 \n\t\t\topt1 \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\ttcp \n\t\t\tads_to_ads_tcp_3_3 \n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\t\n\t\t\t\tport_ldap_ssl \n\t\t\t\tad_poc3 \n\t\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\tad_poc2 \n\t\t\t\t \n\t\t\t1545602758 \n\t\t\topt1 \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t \n\t\n\t\t- \n\t\t\t
1,31 \n\t\t\t0-5 \n\t\t\t* \n\t\t\t* \n\t\t\t* \n\t\t\troot \n\t\t\t/usr/bin/nice -n20 adjkerntz -a \n\t\t \n\t\t- \n\t\t\t
1 \n\t\t\t3 \n\t\t\t1 \n\t\t\t* \n\t\t\t* \n\t\t\troot \n\t\t\t/usr/bin/nice -n20 /etc/rc.update_bogons.sh \n\t\t \n\t\t- \n\t\t\t
*/60 \n\t\t\t* \n\t\t\t* \n\t\t\t* \n\t\t\t* \n\t\t\troot \n\t\t\t/usr/bin/nice -n20 /usr/local/sbin/expiretable -v -t 3600 sshguard \n\t\t \n\t\t- \n\t\t\t
*/60 \n\t\t\t* \n\t\t\t* \n\t\t\t* \n\t\t\t* \n\t\t\troot \n\t\t\t/usr/bin/nice -n20 /usr/local/sbin/expiretable -v -t 3600 webConfiguratorlockout \n\t\t \n\t\t- \n\t\t\t
1 \n\t\t\t1 \n\t\t\t* \n\t\t\t* \n\t\t\t* \n\t\t\troot \n\t\t\t/usr/bin/nice -n20 /etc/rc.dyndns.update \n\t\t \n\t\t- \n\t\t\t
*/60 \n\t\t\t* \n\t\t\t* \n\t\t\t* \n\t\t\t* \n\t\t\troot \n\t\t\t/usr/bin/nice -n20 /usr/local/sbin/expiretable -v -t 3600 virusprot \n\t\t \n\t\t- \n\t\t\t
30 \n\t\t\t12 \n\t\t\t* \n\t\t\t* \n\t\t\t* \n\t\t\troot \n\t\t\t/usr/bin/nice -n20 /etc/rc.update_urltables \n\t\t \n\t\t- \n\t\t\t
1 \n\t\t\t0 \n\t\t\t* \n\t\t\t* \n\t\t\t* \n\t\t\troot \n\t\t\t/usr/bin/nice -n20 /etc/rc.update_pkg_metadata \n\t\t \n\t\t- \n\t\t\t
0 \n\t\t\t0 \n\t\t\t* \n\t\t\t* \n\t\t\t* \n\t\t\troot \n\t\t\t/usr/local/sbin/squid -k rotate -f /usr/local/etc/squid/squid.conf \n\t\t \n\t\t- \n\t\t\t
15 \n\t\t\t0 \n\t\t\t* \n\t\t\t* \n\t\t\t* \n\t\t\troot \n\t\t\t/usr/local/pkg/swapstate_check.php \n\t\t \n\t \n\t\n\t\t \n\t\n\t\t\n\t\t\tICMP \n\t\t\ticmp \n\t\t\tICMP \n\t\t\t \n\t\t\n\t\t\tTCP \n\t\t\ttcp \n\t\t\tGeneric TCP \n\t\t\t \n\t\t\n\t\t\tHTTP \n\t\t\thttp \n\t\t\tGeneric HTTP \n\t\t\t\n\t\t\t\t/ \n\t\t\t\t200\n\t\t\t \n\t\t \n\t\t\n\t\t\tHTTPS \n\t\t\thttps \n\t\t\tGeneric HTTPS \n\t\t\t\n\t\t\t\t/ \n\t\t\t\t200\n\t\t\t \n\t\t \n\t\t\n\t\t\tSMTP \n\t\t\tsend \n\t\t\tGeneric SMTP \n\t\t\t\n\t\t\t\t220 * \n\t\t\t \n\t\t \n\t \n\t\n\t\tsystem_information:col1:open:0,interfaces:col2:open:0 \n\t\t10 \n\t \n\t\n\t\t \n\t\n\t\t1545602758 \n\t\taggregated change \n\t\t \n\t\n\t\t5c00e5f9029df \n\t\twebConfigurator default (5c00e5f9029df) \n\t\tserver \n\t\tLS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUVlakNDQTJLZ0F3SUJBZ0lCQURBTkJna3Foa2lHOXcwQkFRc0ZBREJhTVRnd05nWURWUVFLRXk5d1psTmwKYm5ObElIZGxZa052Ym1acFozVnlZWFJ2Y2lCVFpXeG1MVk5wWjI1bFpDQkRaWEowYVdacFkyRjBaVEVlTUJ3RwpBMVVFQXhNVmNHWlRaVzV6WlMwMVl6QXdaVFZtT1RBeU9XUm1NQjRYRFRFNE1URXpNREEzTWpVME5Wb1hEVEkwCk1EVXlNakEzTWpVME5Wb3dXakU0TURZR0ExVUVDaE12Y0daVFpXNXpaU0IzWldKRGIyNW1hV2QxY21GMGIzSWcKVTJWc1ppMVRhV2R1WldRZ1EyVnlkR2xtYVdOaGRHVXhIakFjQmdOVkJBTVRGWEJtVTJWdWMyVXROV013TUdVMQpaamt3TWpsa1pqQ0NBU0l3RFFZSktvWklodmNOQVFFQkJRQURnZ0VQQURDQ0FRb0NnZ0VCQU9SRHNBV1hlMitrCmtuUFpBUGxBUG1QUUl6RVBDaXBQdXJ4dmE4c0psSCtiNitKRzl4bnpreXptaVR5SFc0M0tmZzVKNzhCdG1jTmQKWlgvZHlyckZ6dlNiQnZpa21lWk9MdGVaejVaaGFOdkxsbjBxRWZibEFwbWdkUS9Nck42eURoTWNZYWN6SEduTwpTaHdFRWZoMHhuOGo5VEFCMG9vT0JyU2dINnpkTjF2YVFIZzBJeDhIa0toUzY5eDRoV3g2WUUrRE9UQk00NUcwCkNVbitUVzNTSytQaU5QaFExT2tyRHlKL21ZLzdmVXpRZkg1bk5ZcEtNZUE2cVZxdUZTa1g0a0RVRlFwOHNoNG4KMXR5QmtJM2gvTFRpTW5uNjhBMXhKOFdrVW8yUWNxNmNuR0hqL0VGbkVKWWRraTVsYUtDWG5wS0Y0c2hrZHJaVgpRN21ybithUHg5OENBd0VBQWFPQ0FVa3dnZ0ZGTUFrR0ExVWRFd1FDTUFBd0VRWUpZSVpJQVliNFFnRUJCQVFECkFnWkFNQXNHQTFVZER3UUVBd0lGb0RBekJnbGdoa2dCaHZoQ0FRMEVKaFlrVDNCbGJsTlRUQ0JIWlc1bGNtRjAKWldRZ1UyVnlkbVZ5SUVObGNuUnBabWxqWVhSbE1CMEdBMVVkRGdRV0JCU3Qra3hud054UlFGT2pXVTljekRwegp4elRYd2pDQmdnWURWUjBqQkhzd2VZQVVyZnBNWjhEY1VVQlRvMWxQWE13NmM4YzAxOEtoWHFSY01Gb3hPREEyCkJnTlZCQW9UTDNCbVUyVnVjMlVnZDJWaVEyOXVabWxuZFhKaGRHOXlJRk5sYkdZdFUybG5ibVZrSUVObGNuUnAKWm1sallYUmxNUjR3SEFZRFZRUURFeFZ3WmxObGJuTmxMVFZqTURCbE5XWTVNREk1WkdhQ0FRQXdIUVlEVlIwbApCQll3RkFZSUt3WUJCUVVIQXdFR0NDc0dBUVVGQ0FJQ01DQUdBMVVkRVFRWk1CZUNGWEJtVTJWdWMyVXROV013Ck1HVTFaamt3TWpsa1pqQU5CZ2txaGtpRzl3MEJBUXNGQUFPQ0FRRUEzZHhIRWR5SkpWeC9od0t3WGlwcXYrY04KWFpSQ3Q1NUFHbnNGeXZIcG5Rb3pxYzV1ZFdKSTFUcGF1TGNaZjF6OFM1cXQyUDd3V1BndFhnZ3BIWmgydUlqagpha2ZpV0JIQnorS3Q2Qjl5K2hmVTVPRHUwSXMrcHJyWngyM0ZNNjVCOFNiMGlmUlMvZXFTTFpHTHcvLzdhRVJ2CnVpOUhKOXRuemhRYklMb1VwUUQ5MTRLNERldXdJYXZ4dldMTElwMGsreWNoSTczV2NGR1VZVlJpanFNekhlcUcKY2RLRDVtbXZQTk1OYXdESVhuU3pldVpQMTkvVmhuc0J0Y3hiYzNMQ2RSR1VJS0ZNN2syK0xoaEZrdks1NjhlNQozalpNZjNSVWhQaTlFeEF2Vmw3blVyd1l4UU45TXhHMUJzZmNrYldNd1dUL3lFMHFnRHcrT2M4b21SSW9tZz09Ci0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K \n\t\tLS0tLS1CRUdJTiBQUklWQVRFIEtFWS0tLS0tCk1JSUV2UUlCQURBTkJna3Foa2lHOXcwQkFRRUZBQVNDQktjd2dnU2pBZ0VBQW9JQkFRRGtRN0FGbDN0dnBKSnoKMlFENVFENWowQ014RHdvcVQ3cThiMnZMQ1pSL20rdmlSdmNaODVNczVvazhoMXVOeW40T1NlL0FiWm5EWFdWLwozY3E2eGM3MG13YjRwSm5tVGk3WG1jK1dZV2pieTVaOUtoSDI1UUtab0hVUHpLemVzZzRUSEdHbk14eHB6a29jCkJCSDRkTVovSS9Vd0FkS0tEZ2Ewb0IrczNUZGIya0I0TkNNZkI1Q29VdXZjZUlWc2VtQlBnemt3VE9PUnRBbEoKL2sxdDBpdmo0alQ0VU5UcEt3OGlmNW1QKzMxTTBIeCtaeldLU2pIZ09xbGFyaFVwRitKQTFCVUtmTEllSjliYwpnWkNONGZ5MDRqSjUrdkFOY1NmRnBGS05rSEt1bkp4aDQveEJaeENXSFpJdVpXaWdsNTZTaGVMSVpIYTJWVU81CnE1L21qOGZmQWdNQkFBRUNnZ0VCQUpmblI1TmhESjd1T1J2cEZKSEtvL3BPZjZ6ZElsbW45MUFCSWczYkVUeWUKcWFwS3FaUldtT0d2aFRLSHJYQzlpWWUrd2xNZlhNMDdNUm1Yb3BzS21rQURqdThXc3VnbHJWeURHamNzR2RqegpNZkdYZHA4RUplZlFkVGFQY1pjOWpNcEEvK2VCeHUzT2Yxa0hpR0g4YkVBZDBNUWk0bFpISVVWQXJmT2V2NEZhCmlaTEJGdTEzY0pCMEJNbzJUZU9JZDQ1R0p3OXVTQWd3Q1VuZWQ5WG42SlkremI3cVRKUE1qQkdlYWY0L0E5UnMKV29nWW85ZUtYaTF3YmFRcGthdUZINWx2U29jckRsQWRiaERiam00c0lIdzJtQUwwSUk0d1YzVTJLbUhFMEg3Nwp2b1M0dUdHNW1BZFZ0elRDTnZOa09YMC9WVWdNMTJ1eHllZVZ4c3FaTkxFQ2dZRUEvcFhJR2hDNlhkVkNNNDk1CkVsR1RENW4zUXdUOTZXZkNRQ0w2cXlaK1UwUHNla0dDV2pXTWt3R2tHbWl1ZkVKdFN2VFl2d1NzcUZpaTZsdlkKNXRKSkR3dEd4ZW0weEF0SWc3RlNuUVcvdDNWcExXOE9QVmFXQ0lOSXJKSHc3L2tOZ2RpVmNBWXpiN05DUGtjVgptTEs5aSt6bXpKMmkrbE9vaFVKRlE5aVZEQWNDZ1lFQTVZaDFHYWlGMUl6UzRVdE9pZklLcjZ3bW40MEQ3ZEVmClF5SXF5d3JSTVcya1BxVkViaVBCVkM3dUxUeUlKMWdwVDhPakl3WFlrOUlRdW01ZW42TTc2aXlxYmUrY3JhdE8KbEliK3pLL2RBNzZuUjBHOGJ2eVBmMS9FbU5vL0J1ZUZldWQyaWNacWhMd25HUkxUL0FPQktkMTZ4ZGtoSjdkVwo5WWRsbmliL0gya0NnWUJqaC8rQllVVGJab0xKVWJCTjN5S1ZtT1k0aDMwVmdZRktQZUt1Z3hBa1VZdmtpRFFFClBLZEcyZjlrYThTN3crU2l4M0x0eTFBTlNRbjRnZ3djd2QzYVNkaFRpL2ttSkJzbmtXM3hBY3hnVjBEVmlIT1MKdTRWUXNyTDQ5TjJ6bERVWnJLbFA4THl2VU8vM0ZTZDJXWHNOZDRNTVFCejFyVHRYVGY5eWRQeGdoUUtCZ0FzRgptWEhvK0x3ekl2RTBsNG5pT0ljbEFobkpRTFlMdzYrS2xYbDRoSUVXSGJ2d1hhL1lRYkZVSzVXNmdXTTZSWW1TCkFHUnZKRzQ4dVJicXM5cUFrU0Qya2h5RFZBZTI0U2dhcjJPTzBsTWF0WmVqWFhRSzVxMGNJU21oMlVMd25TVkEKdGgxNWpLWGhEeE9TSnVIRUhWQ3dWUFBwTUVGaStXY0M0R3RPdmhONUFvR0FKbXdFSkR2QkZtL0t0SXlZMDhuQgpJSExkc1dSWmRXOXpNbHBsMVk2OTV1b21qS1hVMEwva3VDZ1QwRFVVVG1VK0Q3aGFZL2FQajB6MWpqR0JGcEQ0ClJ3cVA2dVJQTVhRMExLSG5IbmFQclJzanM2Q2xicVQ4ZU93dTRkeVpmYUtTS3VvbVpDZ1pkV2ZxWThVL21tbWIKT21vckhNeWJzWG0wWnJNaTZOemlzam89Ci0tLS0tRU5EIFBSSVZBVEUgS0VZLS0tLS0K \n\t \n\t\n\t\t\n\t\t\twan \n\t\t\t192.168.1.220 \n\t\t\tGW_WAN \n\t\t\t1 \n\t\t\tinet \n\t\t\tInterface wan Gateway \n\t\t \n\t\t\n\t\t\tlan \n\t\t\t192.168.1.220 \n\t\t\tGW_LAN \n\t\t\t1 \n\t\t\tinet \n\t\t\tInterface lan Gateway \n\t\t \n\t\tGW_WAN \n\t \n\t\n\t\t\n\t\t\tnmap \n\t\t\tNMap is a utility for network exploration or security auditing.&amp;amp;amp;amp;amp;amp;amp;amp;amp;amp;lt;br/&amp;amp;amp;amp;amp;amp;amp;amp;amp;amp;gt;\n\t\t\tIt supports ping scanning (determine which hosts are up), many port scanning techniques (determine what services the hosts are offering), version detection (determine what application/service is running on a port), and TCP/IP fingerprinting (remote host OS or device identification).\n\t\t\tIt also offers flexible target and port specification, decoy/stealth scanning, SunRPC scanning, and more. \n\t\t\t1.4.4_1 \n\t\t\thttps://doc.pfsense.org/index.php/Nmap_package \n\t\t\tnmap.xml \n\t\t\t/usr/local/pkg/nmap.inc \n\t\t \n\t\t\n\t\t\tiftop \n\t\t\thttps://forum.pfsense.org/ \n\t\t\tRealtime interface monitor (console/shell only). \n\t\t\thttp://www.ex-parrot.com/~pdw/iftop/ \n\t\t\t0.17_2 \n\t\t\tiftop.xml \n\t\t \n\t\t\n\t\t\tOpen-VM-Tools \n\t\t\tVMware Tools is a suite of utilities that enhances the performance of the virtual machine's guest operating system and improves management of the virtual machine. \n\t\t\thttp://open-vm-tools.sourceforge.net/ \n\t\t\t10.1.0,1 \n\t\t\thttps://doc.pfsense.org/index.php/Open_VM_Tools_package \n\t\t\topen-vm-tools.xml \n\t\t\t/usr/local/pkg/open-vm-tools.inc \n\t\t \n\t\t\n\t\t\tsquid3 \n\t\t\tsquid \n\t\t\tHigh performance web proxy cache (3.4 branch). It combines Squid as a proxy server with its capabilities of acting as a HTTP / HTTPS reverse proxy.&amp;amp;amp;amp;amp;amp;amp;amp;amp;amp;lt;br /&amp;amp;amp;amp;amp;amp;amp;amp;amp;amp;gt;\n\t\t\tIt includes an Exchange-Web-Access (OWA) Assistant, SSL filtering and antivirus integration via C-ICAP. \n\t\t\thttps://forum.pfsense.org/index.php?board=60.0 \n\t\t\thttp://www.squid-cache.org/ \n\t\t\t0.4.44_7 \n\t\t\tsquid.xml \n\t\t\tsquid_generate_rules \n\t\t\t\n\t\t\t\t\n\t\t\t\t\tGeneral \n\t\t\t\t\t/pkg_edit.php?xml=squid.xml&id=0 \n\t\t\t\t\t \n\t\t\t\t\n\t\t\t\t\tRemote Cache \n\t\t\t\t\t/pkg.php?xml=squid_upstream.xml \n\t\t\t\t \n\t\t\t\t\n\t\t\t\t\tLocal Cache \n\t\t\t\t\t/pkg_edit.php?xml=squid_cache.xml&id=0 \n\t\t\t\t \n\t\t\t\t\n\t\t\t\t\tAntivirus \n\t\t\t\t\t/pkg_edit.php?xml=squid_antivirus.xml&id=0 \n\t\t\t\t \n\t\t\t\t\n\t\t\t\t\tACLs \n\t\t\t\t\t/pkg_edit.php?xml=squid_nac.xml&id=0 \n\t\t\t\t \n\t\t\t\t\n\t\t\t\t\tTraffic Mgmt \n\t\t\t\t\t/pkg_edit.php?xml=squid_traffic.xml&id=0 \n\t\t\t\t \n\t\t\t\t\n\t\t\t\t\tAuthentication \n\t\t\t\t\t/pkg_edit.php?xml=squid_auth.xml&id=0 \n\t\t\t\t \n\t\t\t\t\n\t\t\t\t\tUsers \n\t\t\t\t\t/pkg.php?xml=squid_users.xml \n\t\t\t\t \n\t\t\t\t\n\t\t\t\t\tReal Time \n\t\t\t\t\t/squid_monitor.php \n\t\t\t\t \n\t\t\t\t\n\t\t\t\t\tSync \n\t\t\t\t\t/pkg_edit.php?xml=squid_sync.xml \n\t\t\t\t \n\t\t\t \n\t\t\t/usr/local/pkg/squid.inc \n\t\t \n\t\t\n\t\t\tNMap \n\t\t\t\n\t\t\tnmap.xml \n\t\t \n\t\t\n\t\t\tSquid Proxy Server \n\t\t\tModify the proxy server settings \n\t\t\t\n\t\t\t/pkg_edit.php?xml=squid.xml&id=0 \n\t\t \n\t\t\n\t\t\tSquid Reverse Proxy \n\t\t\tModify the reverse proxy server settings \n\t\t\t\n\t\t\t/pkg_edit.php?xml=squid_reverse_general.xml&id=0 \n\t\t \n\t\t\n\t\t\tvmware-guestd \n\t\t\tvmware-guestd.sh \n\t\t\tmwexec(\"/usr/local/etc/rc.d/vmware-guestd status\") == 0; \n\t\t\tVMware Guest Daemon \n\t\t \n\t\t\n\t\t\tvmware-kmod \n\t\t\tvmware-kmod.sh \n\t\t\tmwexec(\"/usr/local/etc/rc.d/vmware-kmod status\") == 0; \n\t\t\tVMware Kernel Modules \n\t\t \n\t\t\n\t\t\tsquid \n\t\t\tsquid.sh \n\t\t\tsquid \n\t\t\tSquid Proxy Server Service \n\t\t \n\t\t\n\t\t\tclamd \n\t\t\tclamd.sh \n\t\t\tclamd \n\t\t\tClamAV Antivirus \n\t\t \n\t\t\n\t\t\tc-icap \n\t\t\tc-icap.sh \n\t\t\tc-icap \n\t\t\tICAP Inteface for Squid and ClamAV integration \n\t\t \n\t\t\n\t\t\t\n\t\t\t\theap LFUDA \n\t\t\t\t90 \n\t\t\t\t95 \n\t\t\t\t100 \n\t\t\t\tufs \n\t\t\t\t16 \n\t\t\t\t/var/squid/cache \n\t\t\t\t0 \n\t\t\t\t4 \n\t\t\t\t64 \n\t\t\t\t256 \n\t\t\t\theap GDSF \n\t\t\t\t \n\t\t \n\t\t\n\t\t\t\n\t\t\t\tnone \n\t\t\t \n\t\t \n\t\t\n\t\t\t\n\t\t\t\ton \n\t\t\t\ton \n\t\t\t\tlan \n\t\t\t\t3128 \n\t\t\t\ton \n\t\t\t\tlan \n\t\t\t\tsplicewhitelist \n\t\t\t\tlan \n\t\t\t\tmodern \n\t\t\t\t2048 \n\t\t\t\tnone \n\t\t\t\t/var/squid/logs \n\t\t\t\tlocalhost \n\t\t\t\tadmin@localhost \n\t\t\t\ten \n\t\t\t\ton \n\t\t\t\tstrip \n\t\t\t\t \n\t\t \n\t\t\n\t\t\t\n\t\t\t\tLg== \n\t\t\t\t \n\t\t \n\t \n\t\n\t \n\t\n\t\t\n\t\t\tipalias \n\t\t\tlan \n\t\t\t5c0a4b6139b05 \n\t\t\tsingle \n\t\t\t24 \n\t\t\t10.255.2.254 \n\t\t \n\t\t\n\t\t\tipalias \n\t\t\tlan \n\t\t\t5c0a4bd391375 \n\t\t\tsingle \n\t\t\t24 \n\t\t\t10.255.3.254 \n\t\t \n\t \n\t\n\t\t\n\t\t\tpfSense \n\t\t\tacme.com \n\t\t \n\t \n\t\n\t\t\n\t\t\tvmx1 \n\t\t\t1100 \n\t\t\tvmx1.1100 \n\t\t \n\t \n \n"
},
{
"path": "tests/unit/plugins/modules/fixtures/pfsense_authserver_config.xml",
"content": "\n\n\t21.7 \n\t\n\t\tnormal \n\t\tpfSense \n\t\thome.arpa \n\t\t\n\t\t\tall \n\t\t\tsystem \n\t\t\t1998 \n\t\t\t0 \n\t\t \n\t\t\n\t\t\tadmins \n\t\t\tsystem \n\t\t\t1999 \n\t\t\t0 \n\t\t\tpage-all \n\t\t \n\t\t\n\t\t\tadmin \n\t\t\tsystem \n\t\t\tadmins \n\t\t\t$2b$10$13u6qwCOwODv34GyCMgdWub6oQF3RX0rG7c3d3X4JvzuEmAXLYDd2 \n\t\t\t0 \n\t\t\tuser-shell-access \n\t\t \n\t\t2000 \n\t\t2000 \n\t\t2.pfsense.pool.ntp.org \n\t\t\n\t\t\thttps \n\t\t\t62083679cd3d4 \n\t\t \n\t\tyes \n\t\t400000 \n\t\thadp \n\t\thadp \n\t\thadp \n\t\t\n\t\t\tmonthly \n\t\t \n\t\t\n DELRADIUS \n radius \n radius.example.com \n 1812 \n 1813 \n MSCHAPv2 \n 5 \n lan \n 620c5c2a8fab5 \n password1 \n \n \n 620c5f9d00ba4 \n ldap \n DELLDAP \n global \n ldap.example.com \n 389 \n Standard TCP \n 3 \n one \n 25 \n \n\t \n\t\n\t\t\n\t\t\tre0 \n\t\t\tdhcp \n\t\t\tdhcp6 \n\t\t\t0 \n\t\t \n\t\t\n\t\t\tre1 \n\t\t\t192.168.100.2 \n\t\t\t24 \n\t\t\twan \n\t\t\t0 \n\t\t\t \n\t \n\t\n\t\t\n\t\t\t\n\t\t\t\t192.168.1.100 \n\t\t\t\t192.168.1.199 \n\t\t\t \n\t\t \n\t \n\t\n\t\t\n\t\t\t\n\t\t\t\t::1000 \n\t\t\t\t::2000 \n\t\t\t \n\t\t\tdisabled \n\t\t\tmedium \n\t\t \n\t \n\t\n\t\tpublic \n\t \n\t\n\t\t\n\t\t\t \n\t \n\t\n\t\t1 \n\t \n\t\n\t\t\n\t\t\tautomatic \n\t\t \n\t \n\t\n\t\t\n\t\t\tpass \n\t\t\tinet \n\t\t\tlan \n\t\t\t0100000101 \n\t\t\t\n\t\t\t\tlan \n\t\t\t \n\t\t\t\n\t\t\t\t \n\t\t \n\t\t\n\t\t\tpass \n\t\t\tinet6 \n\t\t\tlan \n\t\t\t0100000102 \n\t\t\t\n\t\t\t\tlan \n\t\t\t \n\t\t\t\n\t\t\t\t \n\t\t \n\t \n\t\n\t\t \n\t\n\t\t- \n\t\t\t
*/1 \n\t\t\t* \n\t\t\t* \n\t\t\t* \n\t\t\t* \n\t\t\troot \n\t\t\t/usr/sbin/newsyslog \n\t\t \n\t\t- \n\t\t\t
1 \n\t\t\t3 \n\t\t\t* \n\t\t\t* \n\t\t\t* \n\t\t\troot \n\t\t\t/etc/rc.periodic daily \n\t\t \n\t\t- \n\t\t\t
15 \n\t\t\t4 \n\t\t\t* \n\t\t\t* \n\t\t\t6 \n\t\t\troot \n\t\t\t/etc/rc.periodic weekly \n\t\t \n\t\t- \n\t\t\t
30 \n\t\t\t5 \n\t\t\t1 \n\t\t\t* \n\t\t\t* \n\t\t\troot \n\t\t\t/etc/rc.periodic monthly \n\t\t \n\t\t- \n\t\t\t
1,31 \n\t\t\t0-5 \n\t\t\t* \n\t\t\t* \n\t\t\t* \n\t\t\troot \n\t\t\t/usr/bin/nice -n20 adjkerntz -a \n\t\t \n\t\t- \n\t\t\t
1 \n\t\t\t3 \n\t\t\t1 \n\t\t\t* \n\t\t\t* \n\t\t\troot \n\t\t\t/usr/bin/nice -n20 /etc/rc.update_bogons.sh \n\t\t \n\t\t- \n\t\t\t
1 \n\t\t\t1 \n\t\t\t* \n\t\t\t* \n\t\t\t* \n\t\t\troot \n\t\t\t/usr/bin/nice -n20 /etc/rc.dyndns.update \n\t\t \n\t\t- \n\t\t\t
*/60 \n\t\t\t* \n\t\t\t* \n\t\t\t* \n\t\t\t* \n\t\t\troot \n\t\t\t/usr/bin/nice -n20 /usr/local/sbin/expiretable -v -t 3600 virusprot \n\t\t \n\t\t- \n\t\t\t
30 \n\t\t\t12 \n\t\t\t* \n\t\t\t* \n\t\t\t* \n\t\t\troot \n\t\t\t/usr/bin/nice -n20 /etc/rc.update_urltables \n\t\t \n\t\t- \n\t\t\t
1 \n\t\t\t0 \n\t\t\t* \n\t\t\t* \n\t\t\t* \n\t\t\troot \n\t\t\t/usr/bin/nice -n20 /etc/rc.update_pkg_metadata \n\t\t \n\t \n\t\n\t\t \n\t\n\t\tsystem_information:col1:show,netgate_services_and_support:col2:show,interfaces:col2:show \n\t\t10 \n\t \n\t\n\t\t \n\t\n\t\t1644705489 \n\t\t \n\t\n\t\t62083679cd3d4 \n\t\tserver \n\t\tLS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUVsRENDQTN5Z0F3SUJBZ0lJU2JlZ00zSWZSTEV3RFFZSktvWklodmNOQVFFTEJRQXdXakU0TURZR0ExVUUKQ2hNdmNHWlRaVzV6WlNCM1pXSkRiMjVtYVdkMWNtRjBiM0lnVTJWc1ppMVRhV2R1WldRZ1EyVnlkR2xtYVdOaApkR1V4SGpBY0JnTlZCQU1URlhCbVUyVnVjMlV0TmpJd09ETTJOemxqWkROa05EQWVGdzB5TWpBeU1USXlNak0yCk5ERmFGdzB5TXpBek1UY3lNak0yTkRGYU1Gb3hPREEyQmdOVkJBb1RMM0JtVTJWdWMyVWdkMlZpUTI5dVptbG4KZFhKaGRHOXlJRk5sYkdZdFUybG5ibVZrSUVObGNuUnBabWxqWVhSbE1SNHdIQVlEVlFRREV4VndabE5sYm5ObApMVFl5TURnek5qYzVZMlF6WkRRd2dnRWlNQTBHQ1NxR1NJYjNEUUVCQVFVQUE0SUJEd0F3Z2dFS0FvSUJBUURHCjkzVW5PMm1MbTRFVTRwOUtlMCtmbkZCQTZGV245eTBDcjhaY0dxVFZiN0E3ejY4Y1JBd0l4bEVDYmtWaUx1ejcKSnNUK2gwd1Jiclo3RWI1dkpvZ3JaUHZSV1ByeW9JQWwrT2w1b1dFbE0ycTBQMVJQdjZETndaYjFsUHgzNXdXOApBa1gxQkhLL3FEWWJibjVVRXdqOVdmaVpmcnNJeFBHM21ubmpHMHpiMktOaGJGNDM4Tk1xVTVadVRvQW5PYW9PCmJqb2tveWhNUUh1N0JGV2tQS25lTFJGN3lmN0Q3TVp1QnBBbWVCbnllYkl1ZkpzS1ViWGE3OTNFanVPcjN4disKb2J3QmhtMUN3NWRpc1o2SDZzS2ZudFJ6UWFUZXhZWEo3WGo2MDdtMWc2YkpqR2FweG9WTTlvU1VlUGlzVWNCOQpNbEp1WkpnVmVOYVlFQkJPbEgxWkFnTUJBQUdqZ2dGY01JSUJXREFKQmdOVkhSTUVBakFBTUJFR0NXQ0dTQUdHCitFSUJBUVFFQXdJR1FEQUxCZ05WSFE4RUJBTUNCYUF3TXdZSllJWklBWWI0UWdFTkJDWVdKRTl3Wlc1VFUwd2cKUjJWdVpYSmhkR1ZrSUZObGNuWmxjaUJEWlhKMGFXWnBZMkYwWlRBZEJnTlZIUTRFRmdRVWNHMlpNNHdKRlpQRQoxV1ZndXd0eFRUT0RhOGd3Z1lzR0ExVWRJd1NCZ3pDQmdJQVVjRzJaTTR3SkZaUEUxV1ZndXd0eFRUT0RhOGloClhxUmNNRm94T0RBMkJnTlZCQW9UTDNCbVUyVnVjMlVnZDJWaVEyOXVabWxuZFhKaGRHOXlJRk5sYkdZdFUybG4KYm1Wa0lFTmxjblJwWm1sallYUmxNUjR3SEFZRFZRUURFeFZ3WmxObGJuTmxMVFl5TURnek5qYzVZMlF6WkRTQwpDRW0zb0ROeUgwU3hNQ2NHQTFVZEpRUWdNQjRHQ0NzR0FRVUZCd01CQmdnckJnRUZCUWNEQWdZSUt3WUJCUVVJCkFnSXdJQVlEVlIwUkJCa3dGNElWY0daVFpXNXpaUzAyTWpBNE16WTNPV05rTTJRME1BMEdDU3FHU0liM0RRRUIKQ3dVQUE0SUJBUUFzazBrTU12dVR0T3c2Ymx5a1U5cWNkRnQvVDlGOFZBZ0taNHgzYXNxNlArRG96N1FGVFpKVwprdmlrQVVUekpMMys4c0NKRDdjV3BZa2ZpdDRBYndhWFIyRzVsczhjL0JRcUdmY1ZOUnJVdWRscG12UUYrYk5iClMxZ2xjS2hYYXZuYnlQdkRMem9CZGVlTmhqYXIzcWc1TTV6T3I0aXYyM0hCZVc2aEY2c0FrV3dpVkU5NEJmZ00KOS9qeW5GalVYTkJheStMODM2TXBpNDhpNnE4OHdlQ25UdDdaTFFjWlZXb0IwcWNQSS96SExTUFlTNlhhcmdvdgpva3E1M3ZQSG9HNnRGUHpFSkpFVmNmOTV1bVcwaUpFR3hCQ3dTeVlnd2xSY0pEeGJ1QklFY0xWb2JKclVveHNLClJXcW13SHdQYkFxRjBOMUZ0cFJ6K3Yvd0lQYWdSQ2lVCi0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K \n\t\tLS0tLS1CRUdJTiBQUklWQVRFIEtFWS0tLS0tCk1JSUV2d0lCQURBTkJna3Foa2lHOXcwQkFRRUZBQVNDQktrd2dnU2xBZ0VBQW9JQkFRREc5M1VuTzJtTG00RVUKNHA5S2UwK2ZuRkJBNkZXbjl5MENyOFpjR3FUVmI3QTd6NjhjUkF3SXhsRUNia1ZpTHV6N0pzVCtoMHdSYnJaNwpFYjV2Sm9nclpQdlJXUHJ5b0lBbCtPbDVvV0VsTTJxMFAxUlB2NkROd1piMWxQeDM1d1c4QWtYMUJISy9xRFliCmJuNVVFd2o5V2ZpWmZyc0l4UEczbW5uakcwemIyS05oYkY0MzhOTXFVNVp1VG9Bbk9hb09iam9rb3loTVFIdTcKQkZXa1BLbmVMUkY3eWY3RDdNWnVCcEFtZUJueWViSXVmSnNLVWJYYTc5M0VqdU9yM3h2K29id0JobTFDdzVkaQpzWjZINnNLZm50UnpRYVRleFlYSjdYajYwN20xZzZiSmpHYXB4b1ZNOW9TVWVQaXNVY0I5TWxKdVpKZ1ZlTmFZCkVCQk9sSDFaQWdNQkFBRUNnZ0VCQUxldGVIeVlUMjV2UnpIVnFFSGxKbk50cFhUV1IwVUJYWThPWUN0aytXaUUKYkFnN1NTZnA5Y1lmOW1jdEQyWjlkWTdCa3JoNmhKSFBTQ3pEQzYrbXZheDUxRExHVnh5bmFNWWxUTHhaYThvZwo5aytoNng2WUJFWU9nbU1DZ0RQY2xTR2tZNXEyMll2dktNd1lMQTFIYVZRaHUrdFA0REJQUitvOGRHdGhKNG9ICmlna3Z4OWhQOVAzc1VBZjFQQWtKMzkyYjZ6dGJOYkRWdXhGSTFVbklCKzF1c2s5VUduWlM5bUVXTkxDRTEwYngKT2U1YlVJaTlCWkkzM3pTamdra3ZFQVdJMlBzVWJDaEFqa0RPUStFT1V1dktyQVJoUnBXUDVWUmdxVUJpc0ZuaApmeWFFMUNtTTQ4RWZyVGZ4QklXaTA0cHZ2U0I3Zm4rbXN3RkRCcjcvUGtVQ2dZRUE3L05NcHlZdGw2dng5b043ClNWUmdIY01JZlVZR2xJSVNvTGNJbmRURGQ3K3krR0pvRkFBclhBcVMvR2dKUFgxZkMxbWVYZWJDY0dqeHVGZEgKTlNNbnMxVk1OVHlEdjNMWVhhV0lBSlVvMWtTMlVYaWZHcUN3WEpSckVmVE11U1NlRXpXOGJaNE5Cdmk1R1VsdQpyTnJWNnBqTFQ5eS85ZENUbitHeWthamNMZzhDZ1lFQTFFWmpZTldhTXltbHgydDlpS3hsVTR2SlcxVDMrbW1DCkhWRDM5bDlUSS9BWlQ4Ti9VVGRYVXhjdDN2MnA4OTdPRWJ6cThBRno1dFRrNUV6Y1dJZDcwRmYwRUYxTFpMaXkKME1NZlVLVUlBTExwekh4T294T3YxNVRJTzlXSVF4d2J2TWcxaDh2M2M1MkNCVEpsVzFUektJM3dKMWV2RXBrRwpzcDVqN1NMSUJoY0NnWUVBeTdqTHlkWldPMEhYU3k3U2k2M0JkVU5UZjlqbVdVd2VPS2x0L1dMWkdtQjl1UGtECjJJZFVTTzhKWUplTDBOTVMwUFlqeVNIVXo4K3ArcExQZUVRQ3Z2V2FvRkJpb3pjRWtHMnNES0tYYTJRblR3Q1UKUk8xTkR5MUx3cEVQQjlvWkE4SkoydCtudTlXTWdmV2dxODJZZFhlSWxxT2JyejZKTitOTjB2R0ZEdTBDZ1lCcQp5a1p3anNVV2ZCdEVhZFVyanQ4aTJxNGYzbTBxY3kzY0pjRzVGbGV6T3JUaEpjN0ZRdndSZHhYQ213YUhBMDNVCktxQmV3YnhYSWo5TWcwWk8yMG4wbEdyYVdMVDNKTndBbmtrQXZ5VjVoSWlPTVBNMm8wN1JPNjVJTzdKallKNnIKcUdVVnZnenRBdzVJSXdST29Edjc2UHdxTHJpS3VLVmY4c0wrcDRMTlhRS0JnUUNrbXlIR3dielVJLzN6Z1FNSApxY1RkMUttMDhxTXJjUzZXdU03RGJxTEpIQXdlcFRSYUpuVmVLcnRRS2t4SGRlcjZsK2VWUjNvWXArUE9EbTVECjBGSXMxbXd2RFp3TjI2RVhmZnZkWG9EK1luNnVEeGlvVU9QZ1A2U1hLT3dxcnBuenVFZTFBNFpDQTFnRXJhd2MKTTNmejdiV3d0a1JUUE5uaGxybkVJNXY5Qmc9PQotLS0tLUVORCBQUklWQVRFIEtFWS0tLS0tCg== \n\t \n \n"
},
{
"path": "tests/unit/plugins/modules/fixtures/pfsense_ca_config.xml",
"content": "\n\n\t21.7 \n\t\n\t\tnormal \n\t\tpfSense \n\t\thome.arpa \n\t\t\n\t\t\tall \n\t\t\tsystem \n\t\t\t1998 \n\t\t\t0 \n\t\t \n\t\t\n\t\t\tadmins \n\t\t\tsystem \n\t\t\t1999 \n\t\t\t0 \n\t\t\tpage-all \n\t\t \n\t\t\n\t\t\tadmin \n\t\t\tsystem \n\t\t\tadmins \n\t\t\t$2b$10$13u6qwCOwODv34GyCMgdWub6oQF3RX0rG7c3d3X4JvzuEmAXLYDd2 \n\t\t\t0 \n\t\t\tuser-shell-access \n\t\t \n\t\t2000 \n\t\t2000 \n\t\t2.pfsense.pool.ntp.org \n\t\t\n\t\t\thttps \n\t\t\t62083679cd3d4 \n\t\t \n\t\tyes \n\t\t400000 \n\t\thadp \n\t\thadp \n\t\thadp \n\t\t\n\t\t\tmonthly \n\t\t \n\t\t \n\t\n\t\t\n\t\t\tre0 \n\t\t\tdhcp \n\t\t\tdhcp6 \n\t\t\t0 \n\t\t \n\t\t\n\t\t\tre1 \n\t\t\t192.168.100.2 \n\t\t\t24 \n\t\t\twan \n\t\t\t0 \n\t\t\t \n\t \n\t\n\t\t\n\t\t\t\n\t\t\t\t192.168.1.100 \n\t\t\t\t192.168.1.199 \n\t\t\t \n\t\t \n\t \n\t\n\t\t\n\t\t\t\n\t\t\t\t::1000 \n\t\t\t\t::2000 \n\t\t\t \n\t\t\tdisabled \n\t\t\tmedium \n\t\t \n\t \n\t\n\t\tpublic \n\t \n\t\n\t\t\n\t\t\t \n\t \n\t\n\t\t1 \n\t \n\t\n\t\t\n\t\t\tautomatic \n\t\t \n\t \n\t\n\t\t\n\t\t\tpass \n\t\t\tinet \n\t\t\tlan \n\t\t\t0100000101 \n\t\t\t\n\t\t\t\tlan \n\t\t\t \n\t\t\t\n\t\t\t\t \n\t\t \n\t\t\n\t\t\tpass \n\t\t\tinet6 \n\t\t\tlan \n\t\t\t0100000102 \n\t\t\t\n\t\t\t\tlan \n\t\t\t \n\t\t\t\n\t\t\t\t \n\t\t \n\t \n\t\n\t\t \n\t\n\t\t- \n\t\t\t
*/1 \n\t\t\t* \n\t\t\t* \n\t\t\t* \n\t\t\t* \n\t\t\troot \n\t\t\t/usr/sbin/newsyslog \n\t\t \n\t\t- \n\t\t\t
1 \n\t\t\t3 \n\t\t\t* \n\t\t\t* \n\t\t\t* \n\t\t\troot \n\t\t\t/etc/rc.periodic daily \n\t\t \n\t\t- \n\t\t\t
15 \n\t\t\t4 \n\t\t\t* \n\t\t\t* \n\t\t\t6 \n\t\t\troot \n\t\t\t/etc/rc.periodic weekly \n\t\t \n\t\t- \n\t\t\t
30 \n\t\t\t5 \n\t\t\t1 \n\t\t\t* \n\t\t\t* \n\t\t\troot \n\t\t\t/etc/rc.periodic monthly \n\t\t \n\t\t- \n\t\t\t
1,31 \n\t\t\t0-5 \n\t\t\t* \n\t\t\t* \n\t\t\t* \n\t\t\troot \n\t\t\t/usr/bin/nice -n20 adjkerntz -a \n\t\t \n\t\t- \n\t\t\t
1 \n\t\t\t3 \n\t\t\t1 \n\t\t\t* \n\t\t\t* \n\t\t\troot \n\t\t\t/usr/bin/nice -n20 /etc/rc.update_bogons.sh \n\t\t \n\t\t- \n\t\t\t
1 \n\t\t\t1 \n\t\t\t* \n\t\t\t* \n\t\t\t* \n\t\t\troot \n\t\t\t/usr/bin/nice -n20 /etc/rc.dyndns.update \n\t\t \n\t\t- \n\t\t\t
*/60 \n\t\t\t* \n\t\t\t* \n\t\t\t* \n\t\t\t* \n\t\t\troot \n\t\t\t/usr/bin/nice -n20 /usr/local/sbin/expiretable -v -t 3600 virusprot \n\t\t \n\t\t- \n\t\t\t
30 \n\t\t\t12 \n\t\t\t* \n\t\t\t* \n\t\t\t* \n\t\t\troot \n\t\t\t/usr/bin/nice -n20 /etc/rc.update_urltables \n\t\t \n\t\t- \n\t\t\t
1 \n\t\t\t0 \n\t\t\t* \n\t\t\t* \n\t\t\t* \n\t\t\troot \n\t\t\t/usr/bin/nice -n20 /etc/rc.update_pkg_metadata \n\t\t \n\t \n\t\n\t\t \n\t\n\t\tsystem_information:col1:show,netgate_services_and_support:col2:show,interfaces:col2:show \n\t\t10 \n\t \n\t\n\t\t \n\t\n\t\t1644705489 \n\t\t \n\t\n\t\t62083679cd3d4 \n\t\tserver \n\t\tLS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUVsRENDQTN5Z0F3SUJBZ0lJU2JlZ00zSWZSTEV3RFFZSktvWklodmNOQVFFTEJRQXdXakU0TURZR0ExVUUKQ2hNdmNHWlRaVzV6WlNCM1pXSkRiMjVtYVdkMWNtRjBiM0lnVTJWc1ppMVRhV2R1WldRZ1EyVnlkR2xtYVdOaApkR1V4SGpBY0JnTlZCQU1URlhCbVUyVnVjMlV0TmpJd09ETTJOemxqWkROa05EQWVGdzB5TWpBeU1USXlNak0yCk5ERmFGdzB5TXpBek1UY3lNak0yTkRGYU1Gb3hPREEyQmdOVkJBb1RMM0JtVTJWdWMyVWdkMlZpUTI5dVptbG4KZFhKaGRHOXlJRk5sYkdZdFUybG5ibVZrSUVObGNuUnBabWxqWVhSbE1SNHdIQVlEVlFRREV4VndabE5sYm5ObApMVFl5TURnek5qYzVZMlF6WkRRd2dnRWlNQTBHQ1NxR1NJYjNEUUVCQVFVQUE0SUJEd0F3Z2dFS0FvSUJBUURHCjkzVW5PMm1MbTRFVTRwOUtlMCtmbkZCQTZGV245eTBDcjhaY0dxVFZiN0E3ejY4Y1JBd0l4bEVDYmtWaUx1ejcKSnNUK2gwd1Jiclo3RWI1dkpvZ3JaUHZSV1ByeW9JQWwrT2w1b1dFbE0ycTBQMVJQdjZETndaYjFsUHgzNXdXOApBa1gxQkhLL3FEWWJibjVVRXdqOVdmaVpmcnNJeFBHM21ubmpHMHpiMktOaGJGNDM4Tk1xVTVadVRvQW5PYW9PCmJqb2tveWhNUUh1N0JGV2tQS25lTFJGN3lmN0Q3TVp1QnBBbWVCbnllYkl1ZkpzS1ViWGE3OTNFanVPcjN4disKb2J3QmhtMUN3NWRpc1o2SDZzS2ZudFJ6UWFUZXhZWEo3WGo2MDdtMWc2YkpqR2FweG9WTTlvU1VlUGlzVWNCOQpNbEp1WkpnVmVOYVlFQkJPbEgxWkFnTUJBQUdqZ2dGY01JSUJXREFKQmdOVkhSTUVBakFBTUJFR0NXQ0dTQUdHCitFSUJBUVFFQXdJR1FEQUxCZ05WSFE4RUJBTUNCYUF3TXdZSllJWklBWWI0UWdFTkJDWVdKRTl3Wlc1VFUwd2cKUjJWdVpYSmhkR1ZrSUZObGNuWmxjaUJEWlhKMGFXWnBZMkYwWlRBZEJnTlZIUTRFRmdRVWNHMlpNNHdKRlpQRQoxV1ZndXd0eFRUT0RhOGd3Z1lzR0ExVWRJd1NCZ3pDQmdJQVVjRzJaTTR3SkZaUEUxV1ZndXd0eFRUT0RhOGloClhxUmNNRm94T0RBMkJnTlZCQW9UTDNCbVUyVnVjMlVnZDJWaVEyOXVabWxuZFhKaGRHOXlJRk5sYkdZdFUybG4KYm1Wa0lFTmxjblJwWm1sallYUmxNUjR3SEFZRFZRUURFeFZ3WmxObGJuTmxMVFl5TURnek5qYzVZMlF6WkRTQwpDRW0zb0ROeUgwU3hNQ2NHQTFVZEpRUWdNQjRHQ0NzR0FRVUZCd01CQmdnckJnRUZCUWNEQWdZSUt3WUJCUVVJCkFnSXdJQVlEVlIwUkJCa3dGNElWY0daVFpXNXpaUzAyTWpBNE16WTNPV05rTTJRME1BMEdDU3FHU0liM0RRRUIKQ3dVQUE0SUJBUUFzazBrTU12dVR0T3c2Ymx5a1U5cWNkRnQvVDlGOFZBZ0taNHgzYXNxNlArRG96N1FGVFpKVwprdmlrQVVUekpMMys4c0NKRDdjV3BZa2ZpdDRBYndhWFIyRzVsczhjL0JRcUdmY1ZOUnJVdWRscG12UUYrYk5iClMxZ2xjS2hYYXZuYnlQdkRMem9CZGVlTmhqYXIzcWc1TTV6T3I0aXYyM0hCZVc2aEY2c0FrV3dpVkU5NEJmZ00KOS9qeW5GalVYTkJheStMODM2TXBpNDhpNnE4OHdlQ25UdDdaTFFjWlZXb0IwcWNQSS96SExTUFlTNlhhcmdvdgpva3E1M3ZQSG9HNnRGUHpFSkpFVmNmOTV1bVcwaUpFR3hCQ3dTeVlnd2xSY0pEeGJ1QklFY0xWb2JKclVveHNLClJXcW13SHdQYkFxRjBOMUZ0cFJ6K3Yvd0lQYWdSQ2lVCi0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K \n\t\tLS0tLS1CRUdJTiBQUklWQVRFIEtFWS0tLS0tCk1JSUV2d0lCQURBTkJna3Foa2lHOXcwQkFRRUZBQVNDQktrd2dnU2xBZ0VBQW9JQkFRREc5M1VuTzJtTG00RVUKNHA5S2UwK2ZuRkJBNkZXbjl5MENyOFpjR3FUVmI3QTd6NjhjUkF3SXhsRUNia1ZpTHV6N0pzVCtoMHdSYnJaNwpFYjV2Sm9nclpQdlJXUHJ5b0lBbCtPbDVvV0VsTTJxMFAxUlB2NkROd1piMWxQeDM1d1c4QWtYMUJISy9xRFliCmJuNVVFd2o5V2ZpWmZyc0l4UEczbW5uakcwemIyS05oYkY0MzhOTXFVNVp1VG9Bbk9hb09iam9rb3loTVFIdTcKQkZXa1BLbmVMUkY3eWY3RDdNWnVCcEFtZUJueWViSXVmSnNLVWJYYTc5M0VqdU9yM3h2K29id0JobTFDdzVkaQpzWjZINnNLZm50UnpRYVRleFlYSjdYajYwN20xZzZiSmpHYXB4b1ZNOW9TVWVQaXNVY0I5TWxKdVpKZ1ZlTmFZCkVCQk9sSDFaQWdNQkFBRUNnZ0VCQUxldGVIeVlUMjV2UnpIVnFFSGxKbk50cFhUV1IwVUJYWThPWUN0aytXaUUKYkFnN1NTZnA5Y1lmOW1jdEQyWjlkWTdCa3JoNmhKSFBTQ3pEQzYrbXZheDUxRExHVnh5bmFNWWxUTHhaYThvZwo5aytoNng2WUJFWU9nbU1DZ0RQY2xTR2tZNXEyMll2dktNd1lMQTFIYVZRaHUrdFA0REJQUitvOGRHdGhKNG9ICmlna3Z4OWhQOVAzc1VBZjFQQWtKMzkyYjZ6dGJOYkRWdXhGSTFVbklCKzF1c2s5VUduWlM5bUVXTkxDRTEwYngKT2U1YlVJaTlCWkkzM3pTamdra3ZFQVdJMlBzVWJDaEFqa0RPUStFT1V1dktyQVJoUnBXUDVWUmdxVUJpc0ZuaApmeWFFMUNtTTQ4RWZyVGZ4QklXaTA0cHZ2U0I3Zm4rbXN3RkRCcjcvUGtVQ2dZRUE3L05NcHlZdGw2dng5b043ClNWUmdIY01JZlVZR2xJSVNvTGNJbmRURGQ3K3krR0pvRkFBclhBcVMvR2dKUFgxZkMxbWVYZWJDY0dqeHVGZEgKTlNNbnMxVk1OVHlEdjNMWVhhV0lBSlVvMWtTMlVYaWZHcUN3WEpSckVmVE11U1NlRXpXOGJaNE5Cdmk1R1VsdQpyTnJWNnBqTFQ5eS85ZENUbitHeWthamNMZzhDZ1lFQTFFWmpZTldhTXltbHgydDlpS3hsVTR2SlcxVDMrbW1DCkhWRDM5bDlUSS9BWlQ4Ti9VVGRYVXhjdDN2MnA4OTdPRWJ6cThBRno1dFRrNUV6Y1dJZDcwRmYwRUYxTFpMaXkKME1NZlVLVUlBTExwekh4T294T3YxNVRJTzlXSVF4d2J2TWcxaDh2M2M1MkNCVEpsVzFUektJM3dKMWV2RXBrRwpzcDVqN1NMSUJoY0NnWUVBeTdqTHlkWldPMEhYU3k3U2k2M0JkVU5UZjlqbVdVd2VPS2x0L1dMWkdtQjl1UGtECjJJZFVTTzhKWUplTDBOTVMwUFlqeVNIVXo4K3ArcExQZUVRQ3Z2V2FvRkJpb3pjRWtHMnNES0tYYTJRblR3Q1UKUk8xTkR5MUx3cEVQQjlvWkE4SkoydCtudTlXTWdmV2dxODJZZFhlSWxxT2JyejZKTitOTjB2R0ZEdTBDZ1lCcQp5a1p3anNVV2ZCdEVhZFVyanQ4aTJxNGYzbTBxY3kzY0pjRzVGbGV6T3JUaEpjN0ZRdndSZHhYQ213YUhBMDNVCktxQmV3YnhYSWo5TWcwWk8yMG4wbEdyYVdMVDNKTndBbmtrQXZ5VjVoSWlPTVBNMm8wN1JPNjVJTzdKallKNnIKcUdVVnZnenRBdzVJSXdST29Edjc2UHdxTHJpS3VLVmY4c0wrcDRMTlhRS0JnUUNrbXlIR3dielVJLzN6Z1FNSApxY1RkMUttMDhxTXJjUzZXdU03RGJxTEpIQXdlcFRSYUpuVmVLcnRRS2t4SGRlcjZsK2VWUjNvWXArUE9EbTVECjBGSXMxbXd2RFp3TjI2RVhmZnZkWG9EK1luNnVEeGlvVU9QZ1A2U1hLT3dxcnBuenVFZTFBNFpDQTFnRXJhd2MKTTNmejdiV3d0a1JUUE5uaGxybkVJNXY5Qmc9PQotLS0tLUVORCBQUklWQVRFIEtFWS0tLS0tCg== \n\t \n \n 6209e3cef1e81 \n enabled \n enabled \n LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUVDRENDQXZDZ0F3SUJBZ0lJRmpGT2hzMW5NelF3RFFZSktvWklodmNOQVFFTEJRQXdYREVUTUJFR0ExVUUKQXhNS2IzQmxiblp3YmkxallURUxNQWtHQTFVRUJoTUNWVk14RVRBUEJnTlZCQWdUQ0VOdmJHOXlZV1J2TVJBdwpEZ1lEVlFRSEV3ZENiM1ZzWkdWeU1STXdFUVlEVlFRS0V3cHdabE5sYm5OcFlteGxNQjRYRFRJeU1ESXhOREExCk1EZ3pNVm9YRFRNeU1ESXhNakExTURnek1Wb3dYREVUTUJFR0ExVUVBeE1LYjNCbGJuWndiaTFqWVRFTE1Ba0cKQTFVRUJoTUNWVk14RVRBUEJnTlZCQWdUQ0VOdmJHOXlZV1J2TVJBd0RnWURWUVFIRXdkQ2IzVnNaR1Z5TVJNdwpFUVlEVlFRS0V3cHdabE5sYm5OcFlteGxNSUlCSWpBTkJna3Foa2lHOXcwQkFRRUZBQU9DQVE4QU1JSUJDZ0tDCkFRRUFtc3ZpSk1FMUVUZWQ0Zk90YmtIcEYzZDllTSs2NDA4WFBuYTh0SkdkQnEzVUFDeEV6b2FCS1J0MnkxY3QKNnpRRGU1RkY0QUF2dFYxdWNacHNsNW80RFMvSUdTYm42ZDNZTWsrajhqQVEzRW16UjhHT29obmdmMVE5QVhDNgpvaDRyQlA1c1g0WTh1WThrSjNZclg1cVRwRlk1S0hMVTFBb1BleVE3eXlNWkhMb2t0OW5jK0ZGWnd3VTdSQ0dTCmNOTFppVnhDUVFLNXA4azltQThiZ3hscVlrZjBtQXlCTnc5TUFmUFVjVWtxRjZQMGdXUEhsSXJIWi91aGc3ZFUKKzIyYW9jS1VFTml2OW1xYStCNmNVZ0xURlQ2czBWU0VzWC9kQWVoNjJZTGdmbVhKZzZkTkhRSStNZzZTa2VscAprOVZSVGVqaUVUSUVWOEpnZHYyTjdSU201d0lEQVFBQm80SE5NSUhLTUIwR0ExVWREZ1FXQkJSazVvQS8wcWEyCktQd2dvWEpxS010K0FvS0pnVENCalFZRFZSMGpCSUdGTUlHQ2dCUms1b0EvMHFhMktQd2dvWEpxS010K0FvS0oKZ2FGZ3BGNHdYREVUTUJFR0ExVUVBeE1LYjNCbGJuWndiaTFqWVRFTE1Ba0dBMVVFQmhNQ1ZWTXhFVEFQQmdOVgpCQWdUQ0VOdmJHOXlZV1J2TVJBd0RnWURWUVFIRXdkQ2IzVnNaR1Z5TVJNd0VRWURWUVFLRXdwd1psTmxibk5wCllteGxnZ2dXTVU2R3pXY3pOREFNQmdOVkhSTUVCVEFEQVFIL01Bc0dBMVVkRHdRRUF3SUJCakFOQmdrcWhraUcKOXcwQkFRc0ZBQU9DQVFFQVVIOUtDZG1KZG9BSmxVMHdCSkhZeGpMcktsbFBZNk9OYnpyNUpiaENNNjlIeHhZTgpCa2lpbXd1N09mRmFGZkZDT25NSjhvcStKVGxjMG9vREoxM2xCdHRONkdybnZrUTNQMXdZYkNFTmJuaWxPYVVCClRJcmlIeXRORFFhb3VOYS9LV3M3RmF1b2JjdEJsMXc5YXRvSFpzTjVvZWhUM3JBVHYxQ0NBdGpwYVRKSWZKUjMKMElRT1lrZTRvWTZEa0l3SHAydlBQbW9vR2dJdGJUdzNVK0U0MVlaZTdxQ21FLzd6TFRTWmtJTTJseDZ6RDQ2agpEZjRyZ044TVVMNnhpd09MbzlyQUp5ckRNM2JEeTJ1QjY0QkVzRFFMa2huUE92ZWtETjQ1NnV6TmpYS0E3VnE4CmgxL2d6RFpJRGkrV1hDWUFjYmdMaFpWQnF0bjYydW1GcE1SSXV3PT0KLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQo= \n LS0tLS1CRUdJTiBQUklWQVRFIEtFWS0tLS0tDQpNSUlFdlFJQkFEQU5CZ2txaGtpRzl3MEJBUUVGQUFTQ0JLY3dnZ1NqQWdFQUFvSUJBUUNheStJa3dUVVJONTNoDQo4NjF1UWVrWGQzMTR6N3JqVHhjK2RyeTBrWjBHcmRRQUxFVE9ob0VwRzNiTFZ5M3JOQU43a1VYZ0FDKzFYVzV4DQptbXlYbWpnTkw4Z1pKdWZwM2RneVQ2UHlNQkRjU2JOSHdZNmlHZUIvVkQwQmNMcWlIaXNFL214ZmhqeTVqeVFuDQpkaXRmbXBPa1Zqa29jdFRVQ2c5N0pEdkxJeGtjdWlTMzJkejRVVm5EQlR0RUlaSncwdG1KWEVKQkFybW55VDJZDQpEeHVER1dwaVIvU1lESUUzRDB3Qjg5UnhTU29Yby9TQlk4ZVVpc2RuKzZHRHQxVDdiWnFod3BRUTJLLzJhcHI0DQpIcHhTQXRNVlBxelJWSVN4ZjkwQjZIclpndUIrWmNtRHAwMGRBajR5RHBLUjZXbVQxVkZONk9JUk1nUlh3bUIyDQovWTN0RktibkFnTUJBQUVDZ2dFQUNYN0FIR2tOakVUUkZtOFFFRmRTcVBIWGJIV3hqUWZvOFJmdmMxUUxRY0dmDQo0M0xUdGFkaWZOY0dibXFta21yYVc5WUpaemdidFJCS0dnWFM2Mm0yVG5qRDJXY2RpcWJsQUJFS2lXeVJYREhaDQpJV21xQ2g5ME9kczg4cjJyZFE1TXJUMitBQTRINDRuNE9jTngzYWRwcndicThxUTRrZGtjSWYyUy9WN2x4M0U3DQpLWVNyVnNZT3hUS0dwQVl4MzVtU3oyckRadXFhcVhyRGtwSTYxa2tFVDluaGJzQStVZDE5aXZrZ3J1WlU3bVp3DQpmRzQ0V3JDeEhSNjdiYW1LQ3VPei81SnlKNUt5US9VaFkzak9lczkxZXRpeHJXUkRpaXRCVVIwc01kMXZuQ2cyDQpTSkpjQnAvYXRwbWNjMGY1OVZFSDRGOTNqY01jR3V5cE1mQmkwNExFd1FLQmdRRE1BUSsyVk5aQWJ5aVM0cWZqDQpXelE0UWl6MDNSdmUybVhaNHc1aEdKSmk0QnkvdmI4K2xoOE9acGFWSFBjRTVya0tBbExEaFRwUEl0dTFwNWZzDQpic05MTHpJYkIwUmVBdGUxc3JGOU9SRHp0VThKblhrNDEwcnFMbmdBZmhVTGUvSUttNjBtUG4vWWU0UnhVSVI3DQp2TjFNemJXMnlYdHJCSlZ5VG1jbFRkRDZ5UUtCZ1FEQ1FCa1B2NnFpYXZXaG1IRnBiZ3QvMklpSUlBUk5iSUJjDQpmVnVUYVFJbXlOZlVSVzlUVG10UHFiYXRuOGhaWFFaL1ZCbWdaMklPOCtCMXBFYW5zYjZCS2xJMXFUMFdMUzR4DQpaV0hLQ3hEdVFiMXNUYmNRMnd3NW5jbk50c1dlWlkxUlV1dlpYcVQwZFU4WUIwb2FsdGVYWTNVbDJrUWJuWUcvDQpINUpJeWJPOEx3S0JnUURKNE1zQnJoYVBrUERmMm5nMW4wMmYxcXpTYS9SbXBrMWdQemM5a3FsYU8xbDN6WGZ4DQpvWEYrT0xzUE9LaWlLd2cyQlhLTmxjdk1BRHpZR005WTQ0dFRYWk1CK0VFSm4xcURyaC9DUWJTcTEyTXRxcTRKDQpOOVFreG5OdVdWYk9GSXZEUDZjclQzSUljc0x2dDdSREZ2VVFTZ2xtcHlBQkdYb2lzYitVeE5ybk1RS0JnR09QDQpZc2oxbmNsOU5NUk1VK1NMcUkwd09Gbzh2cmZJSXNwRTNnamh5MTZCbGsyUUFRMGJwbGpBVFljVDNDWWhUZEU1DQpFNkZwRzVNNllCTXJ6YUxwc1JDVzFtZjJnLzYzelhNMzJUVXJFdFJyRVdGUE84TUI0blF0Y1Y5a2pFa3hGNHRWDQpDdGp3YjI5MEtNUFNDS00wS08vSTVDUXdpTFAydUtkeTBSRkpnRHUxQW9HQUxqSTdGZDl0ckFrY1dSenMyVHpRDQptaDRTZWxHRDFvdFAxRXpFa1hYVlZwK1lMNXlxOWM3V3hsa09RY1lFVmd1N2huNVFncnBRUFZPTFVmbkJoajdXDQo1MC9IVmR6V21wSXg5NUlqZXFDZklBV1U3N0I5cmJUR2hvWWMzbTdJcEdObzl2WlhHYWgrc2JHY3BEK1phV3UzDQp1Q25pTnJpZEhORGgzWHZQVFZkRTRlVT0NCi0tLS0tRU5EIFBSSVZBVEUgS0VZLS0tLS0NCg== \n 1 \n \n \n"
},
{
"path": "tests/unit/plugins/modules/fixtures/pfsense_cert_config.xml",
"content": "\n\n\t21.7 \n\t\n\t\tnormal \n\t\tpfSense \n\t\thome.arpa \n\t\t\n\t\t\tall \n\t\t\tsystem \n\t\t\t1998 \n\t\t\t0 \n\t\t \n\t\t\n\t\t\tadmins \n\t\t\tsystem \n\t\t\t1999 \n\t\t\t0 \n\t\t\tpage-all \n\t\t \n\t\t\n\t\t\tadmin \n\t\t\tsystem \n\t\t\tadmins \n\t\t\t$2b$10$13u6qwCOwODv34GyCMgdWub6oQF3RX0rG7c3d3X4JvzuEmAXLYDd2 \n\t\t\t0 \n\t\t\tuser-shell-access \n\t\t \n\t\t2000 \n\t\t2000 \n\t\t2.pfsense.pool.ntp.org \n\t\t\n\t\t\thttps \n\t\t\t62083679cd3d4 \n\t\t \n\t\tyes \n\t\t400000 \n\t\thadp \n\t\thadp \n\t\thadp \n\t\t\n\t\t\tmonthly \n\t\t \n\t\t \n\t\n\t\t\n\t\t\tre0 \n\t\t\tdhcp \n\t\t\tdhcp6 \n\t\t\t0 \n\t\t \n\t\t\n\t\t\tre1 \n\t\t\t192.168.100.2 \n\t\t\t24 \n\t\t\twan \n\t\t\t0 \n\t\t\t \n\t \n\t\n\t\t\n\t\t\t\n\t\t\t\t192.168.1.100 \n\t\t\t\t192.168.1.199 \n\t\t\t \n\t\t \n\t \n\t\n\t\t\n\t\t\t\n\t\t\t\t::1000 \n\t\t\t\t::2000 \n\t\t\t \n\t\t\tdisabled \n\t\t\tmedium \n\t\t \n\t \n\t\n\t\tpublic \n\t \n\t\n\t\t\n\t\t\t \n\t \n\t\n\t\t1 \n\t \n\t\n\t\t\n\t\t\tautomatic \n\t\t \n\t \n\t\n\t\t\n\t\t\tpass \n\t\t\tinet \n\t\t\tlan \n\t\t\t0100000101 \n\t\t\t\n\t\t\t\tlan \n\t\t\t \n\t\t\t\n\t\t\t\t \n\t\t \n\t\t\n\t\t\tpass \n\t\t\tinet6 \n\t\t\tlan \n\t\t\t0100000102 \n\t\t\t\n\t\t\t\tlan \n\t\t\t \n\t\t\t\n\t\t\t\t \n\t\t \n\t \n\t\n\t\t \n\t\n\t\t- \n\t\t\t
*/1 \n\t\t\t* \n\t\t\t* \n\t\t\t* \n\t\t\t* \n\t\t\troot \n\t\t\t/usr/sbin/newsyslog \n\t\t \n\t\t- \n\t\t\t
1 \n\t\t\t3 \n\t\t\t* \n\t\t\t* \n\t\t\t* \n\t\t\troot \n\t\t\t/etc/rc.periodic daily \n\t\t \n\t\t- \n\t\t\t
15 \n\t\t\t4 \n\t\t\t* \n\t\t\t* \n\t\t\t6 \n\t\t\troot \n\t\t\t/etc/rc.periodic weekly \n\t\t \n\t\t- \n\t\t\t
30 \n\t\t\t5 \n\t\t\t1 \n\t\t\t* \n\t\t\t* \n\t\t\troot \n\t\t\t/etc/rc.periodic monthly \n\t\t \n\t\t- \n\t\t\t
1,31 \n\t\t\t0-5 \n\t\t\t* \n\t\t\t* \n\t\t\t* \n\t\t\troot \n\t\t\t/usr/bin/nice -n20 adjkerntz -a \n\t\t \n\t\t- \n\t\t\t
1 \n\t\t\t3 \n\t\t\t1 \n\t\t\t* \n\t\t\t* \n\t\t\troot \n\t\t\t/usr/bin/nice -n20 /etc/rc.update_bogons.sh \n\t\t \n\t\t- \n\t\t\t
1 \n\t\t\t1 \n\t\t\t* \n\t\t\t* \n\t\t\t* \n\t\t\troot \n\t\t\t/usr/bin/nice -n20 /etc/rc.dyndns.update \n\t\t \n\t\t- \n\t\t\t
*/60 \n\t\t\t* \n\t\t\t* \n\t\t\t* \n\t\t\t* \n\t\t\troot \n\t\t\t/usr/bin/nice -n20 /usr/local/sbin/expiretable -v -t 3600 virusprot \n\t\t \n\t\t- \n\t\t\t
30 \n\t\t\t12 \n\t\t\t* \n\t\t\t* \n\t\t\t* \n\t\t\troot \n\t\t\t/usr/bin/nice -n20 /etc/rc.update_urltables \n\t\t \n\t\t- \n\t\t\t
1 \n\t\t\t0 \n\t\t\t* \n\t\t\t* \n\t\t\t* \n\t\t\troot \n\t\t\t/usr/bin/nice -n20 /etc/rc.update_pkg_metadata \n\t\t \n\t \n\t\n\t\t \n\t\n\t\tsystem_information:col1:show,netgate_services_and_support:col2:show,interfaces:col2:show \n\t\t10 \n\t \n\t\n\t\t \n\t\n\t\t1644705489 \n\t\t \n\t\n\t\t62083679cd3d4 \n\t\tserver \n\t\tLS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUVsRENDQTN5Z0F3SUJBZ0lJU2JlZ00zSWZSTEV3RFFZSktvWklodmNOQVFFTEJRQXdXakU0TURZR0ExVUUKQ2hNdmNHWlRaVzV6WlNCM1pXSkRiMjVtYVdkMWNtRjBiM0lnVTJWc1ppMVRhV2R1WldRZ1EyVnlkR2xtYVdOaApkR1V4SGpBY0JnTlZCQU1URlhCbVUyVnVjMlV0TmpJd09ETTJOemxqWkROa05EQWVGdzB5TWpBeU1USXlNak0yCk5ERmFGdzB5TXpBek1UY3lNak0yTkRGYU1Gb3hPREEyQmdOVkJBb1RMM0JtVTJWdWMyVWdkMlZpUTI5dVptbG4KZFhKaGRHOXlJRk5sYkdZdFUybG5ibVZrSUVObGNuUnBabWxqWVhSbE1SNHdIQVlEVlFRREV4VndabE5sYm5ObApMVFl5TURnek5qYzVZMlF6WkRRd2dnRWlNQTBHQ1NxR1NJYjNEUUVCQVFVQUE0SUJEd0F3Z2dFS0FvSUJBUURHCjkzVW5PMm1MbTRFVTRwOUtlMCtmbkZCQTZGV245eTBDcjhaY0dxVFZiN0E3ejY4Y1JBd0l4bEVDYmtWaUx1ejcKSnNUK2gwd1Jiclo3RWI1dkpvZ3JaUHZSV1ByeW9JQWwrT2w1b1dFbE0ycTBQMVJQdjZETndaYjFsUHgzNXdXOApBa1gxQkhLL3FEWWJibjVVRXdqOVdmaVpmcnNJeFBHM21ubmpHMHpiMktOaGJGNDM4Tk1xVTVadVRvQW5PYW9PCmJqb2tveWhNUUh1N0JGV2tQS25lTFJGN3lmN0Q3TVp1QnBBbWVCbnllYkl1ZkpzS1ViWGE3OTNFanVPcjN4disKb2J3QmhtMUN3NWRpc1o2SDZzS2ZudFJ6UWFUZXhZWEo3WGo2MDdtMWc2YkpqR2FweG9WTTlvU1VlUGlzVWNCOQpNbEp1WkpnVmVOYVlFQkJPbEgxWkFnTUJBQUdqZ2dGY01JSUJXREFKQmdOVkhSTUVBakFBTUJFR0NXQ0dTQUdHCitFSUJBUVFFQXdJR1FEQUxCZ05WSFE4RUJBTUNCYUF3TXdZSllJWklBWWI0UWdFTkJDWVdKRTl3Wlc1VFUwd2cKUjJWdVpYSmhkR1ZrSUZObGNuWmxjaUJEWlhKMGFXWnBZMkYwWlRBZEJnTlZIUTRFRmdRVWNHMlpNNHdKRlpQRQoxV1ZndXd0eFRUT0RhOGd3Z1lzR0ExVWRJd1NCZ3pDQmdJQVVjRzJaTTR3SkZaUEUxV1ZndXd0eFRUT0RhOGloClhxUmNNRm94T0RBMkJnTlZCQW9UTDNCbVUyVnVjMlVnZDJWaVEyOXVabWxuZFhKaGRHOXlJRk5sYkdZdFUybG4KYm1Wa0lFTmxjblJwWm1sallYUmxNUjR3SEFZRFZRUURFeFZ3WmxObGJuTmxMVFl5TURnek5qYzVZMlF6WkRTQwpDRW0zb0ROeUgwU3hNQ2NHQTFVZEpRUWdNQjRHQ0NzR0FRVUZCd01CQmdnckJnRUZCUWNEQWdZSUt3WUJCUVVJCkFnSXdJQVlEVlIwUkJCa3dGNElWY0daVFpXNXpaUzAyTWpBNE16WTNPV05rTTJRME1BMEdDU3FHU0liM0RRRUIKQ3dVQUE0SUJBUUFzazBrTU12dVR0T3c2Ymx5a1U5cWNkRnQvVDlGOFZBZ0taNHgzYXNxNlArRG96N1FGVFpKVwprdmlrQVVUekpMMys4c0NKRDdjV3BZa2ZpdDRBYndhWFIyRzVsczhjL0JRcUdmY1ZOUnJVdWRscG12UUYrYk5iClMxZ2xjS2hYYXZuYnlQdkRMem9CZGVlTmhqYXIzcWc1TTV6T3I0aXYyM0hCZVc2aEY2c0FrV3dpVkU5NEJmZ00KOS9qeW5GalVYTkJheStMODM2TXBpNDhpNnE4OHdlQ25UdDdaTFFjWlZXb0IwcWNQSS96SExTUFlTNlhhcmdvdgpva3E1M3ZQSG9HNnRGUHpFSkpFVmNmOTV1bVcwaUpFR3hCQ3dTeVlnd2xSY0pEeGJ1QklFY0xWb2JKclVveHNLClJXcW13SHdQYkFxRjBOMUZ0cFJ6K3Yvd0lQYWdSQ2lVCi0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K \n\t\tLS0tLS1CRUdJTiBQUklWQVRFIEtFWS0tLS0tCk1JSUV2d0lCQURBTkJna3Foa2lHOXcwQkFRRUZBQVNDQktrd2dnU2xBZ0VBQW9JQkFRREc5M1VuTzJtTG00RVUKNHA5S2UwK2ZuRkJBNkZXbjl5MENyOFpjR3FUVmI3QTd6NjhjUkF3SXhsRUNia1ZpTHV6N0pzVCtoMHdSYnJaNwpFYjV2Sm9nclpQdlJXUHJ5b0lBbCtPbDVvV0VsTTJxMFAxUlB2NkROd1piMWxQeDM1d1c4QWtYMUJISy9xRFliCmJuNVVFd2o5V2ZpWmZyc0l4UEczbW5uakcwemIyS05oYkY0MzhOTXFVNVp1VG9Bbk9hb09iam9rb3loTVFIdTcKQkZXa1BLbmVMUkY3eWY3RDdNWnVCcEFtZUJueWViSXVmSnNLVWJYYTc5M0VqdU9yM3h2K29id0JobTFDdzVkaQpzWjZINnNLZm50UnpRYVRleFlYSjdYajYwN20xZzZiSmpHYXB4b1ZNOW9TVWVQaXNVY0I5TWxKdVpKZ1ZlTmFZCkVCQk9sSDFaQWdNQkFBRUNnZ0VCQUxldGVIeVlUMjV2UnpIVnFFSGxKbk50cFhUV1IwVUJYWThPWUN0aytXaUUKYkFnN1NTZnA5Y1lmOW1jdEQyWjlkWTdCa3JoNmhKSFBTQ3pEQzYrbXZheDUxRExHVnh5bmFNWWxUTHhaYThvZwo5aytoNng2WUJFWU9nbU1DZ0RQY2xTR2tZNXEyMll2dktNd1lMQTFIYVZRaHUrdFA0REJQUitvOGRHdGhKNG9ICmlna3Z4OWhQOVAzc1VBZjFQQWtKMzkyYjZ6dGJOYkRWdXhGSTFVbklCKzF1c2s5VUduWlM5bUVXTkxDRTEwYngKT2U1YlVJaTlCWkkzM3pTamdra3ZFQVdJMlBzVWJDaEFqa0RPUStFT1V1dktyQVJoUnBXUDVWUmdxVUJpc0ZuaApmeWFFMUNtTTQ4RWZyVGZ4QklXaTA0cHZ2U0I3Zm4rbXN3RkRCcjcvUGtVQ2dZRUE3L05NcHlZdGw2dng5b043ClNWUmdIY01JZlVZR2xJSVNvTGNJbmRURGQ3K3krR0pvRkFBclhBcVMvR2dKUFgxZkMxbWVYZWJDY0dqeHVGZEgKTlNNbnMxVk1OVHlEdjNMWVhhV0lBSlVvMWtTMlVYaWZHcUN3WEpSckVmVE11U1NlRXpXOGJaNE5Cdmk1R1VsdQpyTnJWNnBqTFQ5eS85ZENUbitHeWthamNMZzhDZ1lFQTFFWmpZTldhTXltbHgydDlpS3hsVTR2SlcxVDMrbW1DCkhWRDM5bDlUSS9BWlQ4Ti9VVGRYVXhjdDN2MnA4OTdPRWJ6cThBRno1dFRrNUV6Y1dJZDcwRmYwRUYxTFpMaXkKME1NZlVLVUlBTExwekh4T294T3YxNVRJTzlXSVF4d2J2TWcxaDh2M2M1MkNCVEpsVzFUektJM3dKMWV2RXBrRwpzcDVqN1NMSUJoY0NnWUVBeTdqTHlkWldPMEhYU3k3U2k2M0JkVU5UZjlqbVdVd2VPS2x0L1dMWkdtQjl1UGtECjJJZFVTTzhKWUplTDBOTVMwUFlqeVNIVXo4K3ArcExQZUVRQ3Z2V2FvRkJpb3pjRWtHMnNES0tYYTJRblR3Q1UKUk8xTkR5MUx3cEVQQjlvWkE4SkoydCtudTlXTWdmV2dxODJZZFhlSWxxT2JyejZKTitOTjB2R0ZEdTBDZ1lCcQp5a1p3anNVV2ZCdEVhZFVyanQ4aTJxNGYzbTBxY3kzY0pjRzVGbGV6T3JUaEpjN0ZRdndSZHhYQ213YUhBMDNVCktxQmV3YnhYSWo5TWcwWk8yMG4wbEdyYVdMVDNKTndBbmtrQXZ5VjVoSWlPTVBNMm8wN1JPNjVJTzdKallKNnIKcUdVVnZnenRBdzVJSXdST29Edjc2UHdxTHJpS3VLVmY4c0wrcDRMTlhRS0JnUUNrbXlIR3dielVJLzN6Z1FNSApxY1RkMUttMDhxTXJjUzZXdU03RGJxTEpIQXdlcFRSYUpuVmVLcnRRS2t4SGRlcjZsK2VWUjNvWXArUE9EbTVECjBGSXMxbXd2RFp3TjI2RVhmZnZkWG9EK1luNnVEeGlvVU9QZ1A2U1hLT3dxcnBuenVFZTFBNFpDQTFnRXJhd2MKTTNmejdiV3d0a1JUUE5uaGxybkVJNXY5Qmc9PQotLS0tLUVORCBQUklWQVRFIEtFWS0tLS0tCg== \n\t \n \n 6209e3cef1e81 \n enabled \n enabled \n LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUVDRENDQXZDZ0F3SUJBZ0lJRmpGT2hzMW5NelF3RFFZSktvWklodmNOQVFFTEJRQXdYREVUTUJFR0ExVUUKQXhNS2IzQmxiblp3YmkxallURUxNQWtHQTFVRUJoTUNWVk14RVRBUEJnTlZCQWdUQ0VOdmJHOXlZV1J2TVJBdwpEZ1lEVlFRSEV3ZENiM1ZzWkdWeU1STXdFUVlEVlFRS0V3cHdabE5sYm5OcFlteGxNQjRYRFRJeU1ESXhOREExCk1EZ3pNVm9YRFRNeU1ESXhNakExTURnek1Wb3dYREVUTUJFR0ExVUVBeE1LYjNCbGJuWndiaTFqWVRFTE1Ba0cKQTFVRUJoTUNWVk14RVRBUEJnTlZCQWdUQ0VOdmJHOXlZV1J2TVJBd0RnWURWUVFIRXdkQ2IzVnNaR1Z5TVJNdwpFUVlEVlFRS0V3cHdabE5sYm5OcFlteGxNSUlCSWpBTkJna3Foa2lHOXcwQkFRRUZBQU9DQVE4QU1JSUJDZ0tDCkFRRUFtc3ZpSk1FMUVUZWQ0Zk90YmtIcEYzZDllTSs2NDA4WFBuYTh0SkdkQnEzVUFDeEV6b2FCS1J0MnkxY3QKNnpRRGU1RkY0QUF2dFYxdWNacHNsNW80RFMvSUdTYm42ZDNZTWsrajhqQVEzRW16UjhHT29obmdmMVE5QVhDNgpvaDRyQlA1c1g0WTh1WThrSjNZclg1cVRwRlk1S0hMVTFBb1BleVE3eXlNWkhMb2t0OW5jK0ZGWnd3VTdSQ0dTCmNOTFppVnhDUVFLNXA4azltQThiZ3hscVlrZjBtQXlCTnc5TUFmUFVjVWtxRjZQMGdXUEhsSXJIWi91aGc3ZFUKKzIyYW9jS1VFTml2OW1xYStCNmNVZ0xURlQ2czBWU0VzWC9kQWVoNjJZTGdmbVhKZzZkTkhRSStNZzZTa2VscAprOVZSVGVqaUVUSUVWOEpnZHYyTjdSU201d0lEQVFBQm80SE5NSUhLTUIwR0ExVWREZ1FXQkJSazVvQS8wcWEyCktQd2dvWEpxS010K0FvS0pnVENCalFZRFZSMGpCSUdGTUlHQ2dCUms1b0EvMHFhMktQd2dvWEpxS010K0FvS0oKZ2FGZ3BGNHdYREVUTUJFR0ExVUVBeE1LYjNCbGJuWndiaTFqWVRFTE1Ba0dBMVVFQmhNQ1ZWTXhFVEFQQmdOVgpCQWdUQ0VOdmJHOXlZV1J2TVJBd0RnWURWUVFIRXdkQ2IzVnNaR1Z5TVJNd0VRWURWUVFLRXdwd1psTmxibk5wCllteGxnZ2dXTVU2R3pXY3pOREFNQmdOVkhSTUVCVEFEQVFIL01Bc0dBMVVkRHdRRUF3SUJCakFOQmdrcWhraUcKOXcwQkFRc0ZBQU9DQVFFQVVIOUtDZG1KZG9BSmxVMHdCSkhZeGpMcktsbFBZNk9OYnpyNUpiaENNNjlIeHhZTgpCa2lpbXd1N09mRmFGZkZDT25NSjhvcStKVGxjMG9vREoxM2xCdHRONkdybnZrUTNQMXdZYkNFTmJuaWxPYVVCClRJcmlIeXRORFFhb3VOYS9LV3M3RmF1b2JjdEJsMXc5YXRvSFpzTjVvZWhUM3JBVHYxQ0NBdGpwYVRKSWZKUjMKMElRT1lrZTRvWTZEa0l3SHAydlBQbW9vR2dJdGJUdzNVK0U0MVlaZTdxQ21FLzd6TFRTWmtJTTJseDZ6RDQ2agpEZjRyZ044TVVMNnhpd09MbzlyQUp5ckRNM2JEeTJ1QjY0QkVzRFFMa2huUE92ZWtETjQ1NnV6TmpYS0E3VnE4CmgxL2d6RFpJRGkrV1hDWUFjYmdMaFpWQnF0bjYydW1GcE1SSXV3PT0KLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQo= \n LS0tLS1CRUdJTiBQUklWQVRFIEtFWS0tLS0tDQpNSUlFdlFJQkFEQU5CZ2txaGtpRzl3MEJBUUVGQUFTQ0JLY3dnZ1NqQWdFQUFvSUJBUUNheStJa3dUVVJONTNoDQo4NjF1UWVrWGQzMTR6N3JqVHhjK2RyeTBrWjBHcmRRQUxFVE9ob0VwRzNiTFZ5M3JOQU43a1VYZ0FDKzFYVzV4DQptbXlYbWpnTkw4Z1pKdWZwM2RneVQ2UHlNQkRjU2JOSHdZNmlHZUIvVkQwQmNMcWlIaXNFL214ZmhqeTVqeVFuDQpkaXRmbXBPa1Zqa29jdFRVQ2c5N0pEdkxJeGtjdWlTMzJkejRVVm5EQlR0RUlaSncwdG1KWEVKQkFybW55VDJZDQpEeHVER1dwaVIvU1lESUUzRDB3Qjg5UnhTU29Yby9TQlk4ZVVpc2RuKzZHRHQxVDdiWnFod3BRUTJLLzJhcHI0DQpIcHhTQXRNVlBxelJWSVN4ZjkwQjZIclpndUIrWmNtRHAwMGRBajR5RHBLUjZXbVQxVkZONk9JUk1nUlh3bUIyDQovWTN0RktibkFnTUJBQUVDZ2dFQUNYN0FIR2tOakVUUkZtOFFFRmRTcVBIWGJIV3hqUWZvOFJmdmMxUUxRY0dmDQo0M0xUdGFkaWZOY0dibXFta21yYVc5WUpaemdidFJCS0dnWFM2Mm0yVG5qRDJXY2RpcWJsQUJFS2lXeVJYREhaDQpJV21xQ2g5ME9kczg4cjJyZFE1TXJUMitBQTRINDRuNE9jTngzYWRwcndicThxUTRrZGtjSWYyUy9WN2x4M0U3DQpLWVNyVnNZT3hUS0dwQVl4MzVtU3oyckRadXFhcVhyRGtwSTYxa2tFVDluaGJzQStVZDE5aXZrZ3J1WlU3bVp3DQpmRzQ0V3JDeEhSNjdiYW1LQ3VPei81SnlKNUt5US9VaFkzak9lczkxZXRpeHJXUkRpaXRCVVIwc01kMXZuQ2cyDQpTSkpjQnAvYXRwbWNjMGY1OVZFSDRGOTNqY01jR3V5cE1mQmkwNExFd1FLQmdRRE1BUSsyVk5aQWJ5aVM0cWZqDQpXelE0UWl6MDNSdmUybVhaNHc1aEdKSmk0QnkvdmI4K2xoOE9acGFWSFBjRTVya0tBbExEaFRwUEl0dTFwNWZzDQpic05MTHpJYkIwUmVBdGUxc3JGOU9SRHp0VThKblhrNDEwcnFMbmdBZmhVTGUvSUttNjBtUG4vWWU0UnhVSVI3DQp2TjFNemJXMnlYdHJCSlZ5VG1jbFRkRDZ5UUtCZ1FEQ1FCa1B2NnFpYXZXaG1IRnBiZ3QvMklpSUlBUk5iSUJjDQpmVnVUYVFJbXlOZlVSVzlUVG10UHFiYXRuOGhaWFFaL1ZCbWdaMklPOCtCMXBFYW5zYjZCS2xJMXFUMFdMUzR4DQpaV0hLQ3hEdVFiMXNUYmNRMnd3NW5jbk50c1dlWlkxUlV1dlpYcVQwZFU4WUIwb2FsdGVYWTNVbDJrUWJuWUcvDQpINUpJeWJPOEx3S0JnUURKNE1zQnJoYVBrUERmMm5nMW4wMmYxcXpTYS9SbXBrMWdQemM5a3FsYU8xbDN6WGZ4DQpvWEYrT0xzUE9LaWlLd2cyQlhLTmxjdk1BRHpZR005WTQ0dFRYWk1CK0VFSm4xcURyaC9DUWJTcTEyTXRxcTRKDQpOOVFreG5OdVdWYk9GSXZEUDZjclQzSUljc0x2dDdSREZ2VVFTZ2xtcHlBQkdYb2lzYitVeE5ybk1RS0JnR09QDQpZc2oxbmNsOU5NUk1VK1NMcUkwd09Gbzh2cmZJSXNwRTNnamh5MTZCbGsyUUFRMGJwbGpBVFljVDNDWWhUZEU1DQpFNkZwRzVNNllCTXJ6YUxwc1JDVzFtZjJnLzYzelhNMzJUVXJFdFJyRVdGUE84TUI0blF0Y1Y5a2pFa3hGNHRWDQpDdGp3YjI5MEtNUFNDS00wS08vSTVDUXdpTFAydUtkeTBSRkpnRHUxQW9HQUxqSTdGZDl0ckFrY1dSenMyVHpRDQptaDRTZWxHRDFvdFAxRXpFa1hYVlZwK1lMNXlxOWM3V3hsa09RY1lFVmd1N2huNVFncnBRUFZPTFVmbkJoajdXDQo1MC9IVmR6V21wSXg5NUlqZXFDZklBV1U3N0I5cmJUR2hvWWMzbTdJcEdObzl2WlhHYWgrc2JHY3BEK1phV3UzDQp1Q25pTnJpZEhORGgzWHZQVFZkRTRlVT0NCi0tLS0tRU5EIFBSSVZBVEUgS0VZLS0tLS0NCg== \n 1 \n \n \n"
},
{
"path": "tests/unit/plugins/modules/fixtures/pfsense_dhcp_server_config.xml",
"content": "\n\t23.3 \n\t\n\t\tnormal \n\t\tpfSense \n\t\tacme.com \n\t\ton \n\t\t\n\t\t\tall \n\t\t\tAll Users \n\t\t\tsystem \n\t\t\t1998 \n\t\t \n\t\t\n\t\t\tadmins \n\t\t\tSystem Administrators \n\t\t\tsystem \n\t\t\t1999 \n\t\t\t0 \n\t\t\tpage-all \n\t\t \n\t\t\n\t\t\tsystem \n\t\t\ttest \n\t\t\t \n\t\t\n\t\t\tsystem \n\t\t\tgroupe1 \n\t\t\t \n\t\t\n\t\t\tsystem \n\t\t\tgroupe2 \n\t\t\t \n\t\t\n\t\t\tadmin \n\t\t\tSystem Administrator \n\t\t\tsystem \n\t\t\tadmins \n\t\t\t$2y$10$AMCpA.Z.RNaferLp1yzFq.BvaGgfqaJKtQug7OErbocyNagsEK6xW \n\t\t\t0 \n\t\t\tuser-shell-access \n\t\t\t2 \n\t\t\tpfSense.css \n\t\t \n\t\t2000 \n\t\t2000 \n\t\t0.pfsense.pool.ntp.org \n\t\t\n\t\t\thttp \n\t\t\t5c00e5f9029df \n\t\t\t2 \n\t\t \n\t\tyes \n\t\t400000 \n\t\thadp \n\t\thadp \n\t\thadp \n\t\t\n\t\t\tmonthly \n\t\t \n\t\tEtc/UTC \n\t \n\t\n\t\t\n\t\t\tem0 \n\t\t\tdhcp \n\t\t\tdhcp6 \n\t\t\t0 \n\t\t \n\t\t\n\t\t\tem1 \n\t\t\t192.168.1.1 \n\t\t\t24 \n\t\t\twan \n\t\t\t0 \n\t\t\t \n\t\t\n\t\t\tem2 \n\t\t\topt1 \n\t\t\t10.0.0.1 \n\t\t\t24 \n\t\t \n\t\t\n\t\t\tem1.100 \n\t\t\tVLAN 100 \n\t\t\t172.16.0.1 \n\t\t\t24 \n\t\t \n\t \n\t\n\t\t\n\t\tem1 \n\t\t100 \n\t\tVLAN 100 on LAN \n\t\tem1.100 \n\t\t \n\t \n\t\n\t\t\n\t\t\t\n\t\t\t\t192.168.1.100 \n\t\t\t\t192.168.1.199 \n\t\t\t \n\t\t\t86400 \n\t\t\t172800 \n\t\t\thmac-md5 \n\t\t\tallow \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t10.0.0.100 \n\t\t\t\t10.0.0.199 \n\t\t\t \n\t\t\t86400 \n\t\t\t172800 \n\t\t\topt1.example.com \n\t\t\thmac-md5 \n\t\t\tallow \n\t\t\tenabled \n\t\t \n\t \n\t\n\t\t\t1545602758 \n\t\t\taggregated change \n\t\t\t \n \n"
},
{
"path": "tests/unit/plugins/modules/fixtures/pfsense_dhcp_static_config.xml",
"content": "\n\t18.9 \n\t\n\t\tnormal \n\t\tpfSense \n\t\tacme.com \n\t\ton \n\t\t\n\t\t\tall \n\t\t\tAll Users \n\t\t\tsystem \n\t\t\t1998 \n\t\t \n\t\t\n\t\t\tadmins \n\t\t\tSystem Administrators \n\t\t\tsystem \n\t\t\t1999 \n\t\t\t0 \n\t\t\tpage-all \n\t\t \n\t\t\n\t\t\tsystem \n\t\t\ttest \n\t\t\t \n\t\t\n\t\t\tsystem \n\t\t\tgroupe1 \n\t\t\t \n\t\t\n\t\t\tsystem \n\t\t\tgroupe2 \n\t\t\t \n\t\t\n\t\t\tadmin \n\t\t\tSystem Administrator \n\t\t\tsystem \n\t\t\tadmins \n\t\t\t$2y$10$AMCpA.Z.RNaferLp1yzFq.BvaGgfqaJKtQug7OErbocyNagsEK6xW \n\t\t\t0 \n\t\t\tuser-shell-access \n\t\t\t2 \n\t\t\tpfSense.css \n\t\t \n\t\t2000 \n\t\t2000 \n\t\t0.pfsense.pool.ntp.org \n\t\t\n\t\t\thttp \n\t\t\t5c00e5f9029df \n\t\t\t2 \n\t\t \n\t\tyes \n\t\t400000 \n\t\thadp \n\t\thadp \n\t\thadp \n\t\t\n\t\t\tmonthly \n\t\t \n\t\t\n\t\t\tenabled \n\t\t \n\t\tEtc/UTC \n\t \n\t\n\t\t\n\t\t\tvmx0 \n\t\t\twan \n\t\t\t192.168.240.137 \n\t\t\t32 \n\t\t\tSavedCfg \n\t\t\t24 \n\t\t\t \n\t\t\n\t\t\tvmx1 \n\t\t\tlan \n\t\t\t192.168.1.242 \n\t\t\t24 \n\t\t\t2001::2001:22 \n\t\t\t64 \n\t\t\t \n\t\t\n\t\t\tvmx2 \n\t\t\tpub \n\t\t\t10.0.0.1 \n\t\t\t24 \n\t\t \n\t\t\n\t\t\tvmx3 \n\t\t\tvt1 \n\t\t\t10.10.0.1 \n\t\t\t16 \n\t\t \n\t\t\n\t\t\tlan_1100 \n\t\t\tvmx1.1100 \n\t\t\t172.16.151.210 \n\t\t\t24 \n\t\t \n\t\t\n\t\t\tlan_1200 \n\t\t\tvmx1.1200 \n\t\t\t172.16.152.210 \n\t\t\t24 \n\t\t \n\t\t\n\t\t\tvmx4 \n\t\t\tvt2 \n\t\t\tdhcp \n\t\t\t \n\t \n\t\n\t\t\n\t\t\t\n\t\t\t\t192.168.1.100 \n\t\t\t\t192.168.1.199 \n\t\t\t \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t10.0.0.2 \n\t\t\t\t10.0.0.99 \n\t\t\t \n\t\t\thmac-md5 \n\t\t\tallow \n\t\t\t\n\t\t\t\tab:ab:ab:ab:ab:ab \n\t\t\t\tdhcphostid \n\t\t\t\t10.0.0.100 \n\t\t\t\tdhcphostname \n\t\t\t\thmac-md5 \n\t\t\t\t \n\t\t \n\t\t\n\t\t\t\n\t\t\t\t10.10.0.2 \n\t\t\t\t10.10.0.99 \n\t\t\t \n\t\t\thmac-md5 \n\t\t\tallow \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t172.16.152.2 \n\t\t\t\t172.16.152.99 \n\t\t\t \n\t\t\thmac-md5 \n\t\t\tallow \n\t\t\t \n\t \n\t\n\t\t\n\t\t\t\n\t\t\t\t::1000 \n\t\t\t\t::2000 \n\t\t\t \n\t\t\tdisabled \n\t\t\tmedium \n\t\t \n\t \n\t\n\t\tpublic \n\t \n\t\n\t\t\n\t\t\t \n\t \n\t\n\t\t1 \n\t\t50 \n\t\tipv4 \n\t \n\t\n\t\t\n\t\t\tadvanced \n\t\t\t\n\t\t\t\t\n\t\t\t\t\tany \n\t\t\t\t \n\t\t\t\twan \n\t\t\t\t\n\t\t\t\t\t \n\t\t\t\t\n\t\t\t\t\t1544027052 \n\t\t\t\t\t \n\t\t\t\t\n\t\t\t\t\t1544027052 \n\t\t\t\t\t \n\t\t\t \n\t\t \n\t\t\n\t\t\t\n\t\t\t\t \n\t\t\t\n\t\t\t\twanip \n\t\t\t\t22022 \n\t\t\t \n\t\t\ttcp \n\t\t\t10.255.1.20 \n\t\t\t22 \n\t\t\twan \n\t\t\t\n\t\t\t\t1544085353 \n\t\t\t\t \n\t\t\t\n\t\t\t\t1544085353 \n\t\t\t\t \n\t\t \n\t \n\t\n\t\t\n\t\t\t\n\t\t\t\t\n\t\t\t\t\tfr1
\n\t\t\t\t\ttest_separator \n\t\t\t\t\tbg-info \n\t\t\t\t\tlan \n\t\t\t\t \n\t\t\t \n\t\t\t \n\t\t\n\t\t\t\t\t\t1560930241 \n\t\t\t\t\t\tmatch \n\t\t\t\t\t\tlan \n\t\t\t\t\t\tinet \n\t\t\t\t\t\tin \n\t\t\t\t\t\tyes \n\t\t\t\t\t\tyes \n\t\t\t\t\t\ttcp \n\t\t\t\t\t\t\n\t\t\t\t\t\t\tport_ssh \n\t\t\t\t\t\t \n\t\t\t\t\t\t\n\t\t\t\t\t\t\t \n\t\t\t\t\t\tfloating_rule_1 \n\t\t \n\t\t\n\t\t\t\t\t\t1560930241 \n\t\t\t\t\t\tmatch \n\t\t\t\t\t\tlan,wan,opt3 \n\t\t\t\t\t\tinet \n\t\t\t\t\t\tin \n\t\t\t\t\t\tyes \n\t\t\t\t\t\tyes \n\t\t\t\t\t\ttcp \n\t\t\t\t\t\t\n\t\t\t\t\t\t\t \n\t\t\t\t\t\t\n\t\t\t\t\t\t\tport_ssh \n\t\t\t\t\t\t \n\t\t\t\t\t\tfloating_rule_2 \n\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545574416 \n\t\t\t \n\t\t\ttcp \n\t\t\tantilock_out_1 \n\t\t\t\n\t\t\t\t1545574416 \n\t\t\t \n\t\t\t\n\t\t\t\tport_ssh \n\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\t \n\t\t\t1545574416 \n\t\t\twan \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545574416 \n\t\t\t \n\t\t\ttcp \n\t\t\tantilock_out_2 \n\t\t\t\n\t\t\t\t1545574416 \n\t\t\t \n\t\t\t\n\t\t\t\tport_http \n\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\t \n\t\t\t1545574416 \n\t\t\twan \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545574416 \n\t\t\t \n\t\t\ttcp \n\t\t\tantilock_out_3 \n\t\t\t\n\t\t\t\t1545574416 \n\t\t\t \n\t\t\t\n\t\t\t\t443 \n\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\t \n\t\t\t1545574416 \n\t\t\twan \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545574416 \n\t\t\t \n\t\t\ttcp \n\t\t\tantilock_out_1 \n\t\t\t\n\t\t\t\t1545574416 \n\t\t\t \n\t\t\t\n\t\t\t\tport_ssh \n\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\t \n\t\t\t1545574416 \n\t\t\tlan \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545574416 \n\t\t\t \n\t\t\ttcp \n\t\t\tantilock_out_2 \n\t\t\t\n\t\t\t\t1545574416 \n\t\t\t \n\t\t\t\n\t\t\t\tport_http \n\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\t \n\t\t\t1545574416 \n\t\t\tlan \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545574416 \n\t\t\t \n\t\t\ttcp \n\t\t\tantilock_out_3 \n\t\t\t\n\t\t\t\t1545574416 \n\t\t\t \n\t\t\t\n\t\t\t\t443 \n\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\t \n\t\t\t1545574416 \n\t\t\tlan \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545574416 \n\t\t\t \n\t\t\ttcp \n\t\t\tantilock_out_1 \n\t\t\t\n\t\t\t\t1545574416 \n\t\t\t \n\t\t\t\n\t\t\t\tport_ssh \n\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\t \n\t\t\t1545574416 \n\t\t\topt3 \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545574416 \n\t\t\t \n\t\t\ttcp \n\t\t\tantilock_out_2 \n\t\t\t\n\t\t\t\t1545574416 \n\t\t\t \n\t\t\t\n\t\t\t\tport_http \n\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\t \n\t\t\t1545574416 \n\t\t\topt3 \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545574416 \n\t\t\t \n\t\t\ttcp \n\t\t\tantilock_out_3 \n\t\t\t\n\t\t\t\t1545574416 \n\t\t\t \n\t\t\t\n\t\t\t\t443 \n\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\t \n\t\t\t1545574416 \n\t\t\topt3 \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\tudp \n\t\t\tvoid_conf_tftp_1 \n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\t\n\t\t\t\t69 \n\t\t\t\tlan_voip_poc2 \n\t\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\tipbx_poc3 \n\t\t\t\t \n\t\t\t1545602758 \n\t\t\topt3 \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\ticmp \n\t\t\tping_from_poc3_2 \n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\t\n\t\t\t\tsrv_admin \n\t\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\tlan_voip_poc3 \n\t\t\t\t \n\t\t\t1545602758 \n\t\t\topt3 \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\tudp \n\t\t\tvoid_conf_tftp_2 \n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\t\n\t\t\t\t69 \n\t\t\t\tlan_voip_poc1 \n\t\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\tipbx_poc3 \n\t\t\t\t \n\t\t\t1545602758 \n\t\t\topt3 \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545574416 \n\t\t\t \n\t\t\ttcp \n\t\t\tantilock_out_1 \n\t\t\t\n\t\t\t\t1545574416 \n\t\t\t \n\t\t\t\n\t\t\t\tport_ssh \n\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\t \n\t\t\t1545574416 \n\t\t\topt1 \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545574416 \n\t\t\t \n\t\t\ttcp \n\t\t\tantilock_out_2 \n\t\t\t\n\t\t\t\t1545574416 \n\t\t\t \n\t\t\t\n\t\t\t\tport_http \n\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\t \n\t\t\t1545574416 \n\t\t\topt1 \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545574416 \n\t\t\t \n\t\t\ttcp \n\t\t\tantilock_out_3 \n\t\t\t\n\t\t\t\t1545574416 \n\t\t\t \n\t\t\t\n\t\t\t\t443 \n\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\t \n\t\t\t1545574416 \n\t\t\topt1 \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\tudp \n\t\t\tvoid_conf_tftp_3 \n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\t\n\t\t\t\t69 \n\t\t\t\tlan_voip_poc3 \n\t\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\tipbx_poc2 \n\t\t\t\t \n\t\t\t1545602758 \n\t\t\topt1 \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\tudp \n\t\t\tads_to_ads_udp_3_1 \n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\t\n\t\t\t\tport_dns \n\t\t\t\tad_poc3 \n\t\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\tad_poc2 \n\t\t\t\t \n\t\t\t1545602758 \n\t\t\topt1 \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\tudp \n\t\t\tads_to_ads_udp_3_2 \n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\t\n\t\t\t\tport_ldap \n\t\t\t\tad_poc3 \n\t\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\tad_poc2 \n\t\t\t\t \n\t\t\t1545602758 \n\t\t\topt1 \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\tudp \n\t\t\tads_to_ads_udp_4_1 \n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\t\n\t\t\t\tport_dns \n\t\t\t\tad_poc3 \n\t\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\tad_poc1 \n\t\t\t\t \n\t\t\t1545602758 \n\t\t\topt1 \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\tudp \n\t\t\tads_to_ads_udp_4_2 \n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\t\n\t\t\t\tport_ldap \n\t\t\t\tad_poc3 \n\t\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\tad_poc1 \n\t\t\t\t \n\t\t\t1545602758 \n\t\t\topt1 \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\tudp \n\t\t\tvoid_conf_tftp_4 \n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\t\n\t\t\t\t69 \n\t\t\t\tlan_voip_poc3 \n\t\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\tipbx_poc1 \n\t\t\t\t \n\t\t\t1545602758 \n\t\t\topt1 \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\ttcp \n\t\t\tads_to_ads_tcp_4_1 \n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\t\n\t\t\t\tport_dns \n\t\t\t\tad_poc3 \n\t\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\tad_poc1 \n\t\t\t\t \n\t\t\t1545602758 \n\t\t\topt1 \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\ttcp \n\t\t\tads_to_ads_tcp_4_2 \n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\t\n\t\t\t\tport_ldap \n\t\t\t\tad_poc3 \n\t\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\tad_poc1 \n\t\t\t\t \n\t\t\t1545602758 \n\t\t\topt1 \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\ttcp \n\t\t\tads_to_ads_tcp_4_3 \n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\t\n\t\t\t\tport_ldap_ssl \n\t\t\t\tad_poc3 \n\t\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\tad_poc1 \n\t\t\t\t \n\t\t\t1545602758 \n\t\t\topt1 \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\tadmin_bypass \n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\t\n\t\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\tsrv_admin \n\t\t\t\t \n\t\t\t1545602758 \n\t\t\topt1 \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\ttcp \n\t\t\tads_to_ads_tcp_3_1 \n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\t\n\t\t\t\tport_dns \n\t\t\t\tad_poc3 \n\t\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\tad_poc2 \n\t\t\t\t \n\t\t\t1545602758 \n\t\t\topt1 \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\ttcp \n\t\t\tads_to_ads_tcp_3_2 \n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\t\n\t\t\t\tport_ldap \n\t\t\t\tad_poc3 \n\t\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\tad_poc2 \n\t\t\t\t \n\t\t\t1545602758 \n\t\t\topt1 \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\ttcp \n\t\t\tads_to_ads_tcp_3_3 \n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\t\n\t\t\t\tport_ldap_ssl \n\t\t\t\tad_poc3 \n\t\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\tad_poc2 \n\t\t\t\t \n\t\t\t1545602758 \n\t\t\topt1 \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t \n\t\n\t\t\n\t\t\tport \n\t\t\tport_ssh \n\t\t\t22 \n\t\t \n\t\t\n\t\t\tport \n\t\t\tport_http \n\t\t\t80 \n\t\t \n\t\t\n\t\t\thost \n\t\t\tsrv_admin \n\t\t\t192.168.1.165 \n\t\t \n\t\t\n\t\t\tport \n\t\t\tport_dns \n\t\t\t51 \n\t\t \n\t\t\n\t\t\tport \n\t\t\tport_ldap \n\t\t\t389 \n\t\t \n\t\t\n\t\t\tport \n\t\t\tport_ldap_ssl \n\t\t\t636 \n\t\t \n\t\n\t\t\tnetwork \n\t\t\tlan_voip_poc2 \n\t\t\t172.16.2.0/24 \n\t\t\t \n\t\t\n\t\t\tnetwork \n\t\t\tlan_voip_poc3 \n\t\t\t172.16.3.0/24 \n\t\t\t \n\t\t\n\t\t\tnetwork \n\t\t\tlan_voip_poc1 \n\t\t\t172.16.1.0/24 \n\t\t\t \n\t\t\n\t\t\thost \n\t\t\tad_poc3 \n\t\t\t192.168.3.3 \n\t\t\t \n\t\t\n\t\t\thost \n\t\t\tad_poc2 \n\t\t\t192.168.2.3 \n\t\t\t \n\t\t\n\t\t\thost \n\t\t\tad_poc1 \n\t\t\t192.168.1.3 \n\t\t\t \n\t\t\n\t\t\tnetwork \n\t\t\tlan_data_poc3 \n\t\t\t192.168.3.0/24 \n\t\t\t \n\t\t\n\t\t\thost \n\t\t\tipbx_poc3 \n\t\t\t172.16.3.3 \n\t\t\t \n\t\t\n\t\t\thost \n\t\t\tipbx_poc2 \n\t\t\t172.16.2.3 \n\t\t\t \n\t\t\n\t\t\thost \n\t\t\tipbx_poc1 \n\t\t\t172.16.1.3 \n\t\t\t \n\t\t\n\t\t\thttp://www.acme-corp.com \n\t\t\turltable \n\t\t\t10 \n\t\t\thttp://www.acme-corp.com \n\t\t\tacme_corp \n\t\t\t \n\t\t \n\t\n\t\t- \n\t\t\t
1,31 \n\t\t\t0-5 \n\t\t\t* \n\t\t\t* \n\t\t\t* \n\t\t\troot \n\t\t\t/usr/bin/nice -n20 adjkerntz -a \n\t\t \n\t\t- \n\t\t\t
1 \n\t\t\t3 \n\t\t\t1 \n\t\t\t* \n\t\t\t* \n\t\t\troot \n\t\t\t/usr/bin/nice -n20 /etc/rc.update_bogons.sh \n\t\t \n\t\t- \n\t\t\t
*/60 \n\t\t\t* \n\t\t\t* \n\t\t\t* \n\t\t\t* \n\t\t\troot \n\t\t\t/usr/bin/nice -n20 /usr/local/sbin/expiretable -v -t 3600 sshguard \n\t\t \n\t\t- \n\t\t\t
*/60 \n\t\t\t* \n\t\t\t* \n\t\t\t* \n\t\t\t* \n\t\t\troot \n\t\t\t/usr/bin/nice -n20 /usr/local/sbin/expiretable -v -t 3600 webConfiguratorlockout \n\t\t \n\t\t- \n\t\t\t
1 \n\t\t\t1 \n\t\t\t* \n\t\t\t* \n\t\t\t* \n\t\t\troot \n\t\t\t/usr/bin/nice -n20 /etc/rc.dyndns.update \n\t\t \n\t\t- \n\t\t\t
*/60 \n\t\t\t* \n\t\t\t* \n\t\t\t* \n\t\t\t* \n\t\t\troot \n\t\t\t/usr/bin/nice -n20 /usr/local/sbin/expiretable -v -t 3600 virusprot \n\t\t \n\t\t- \n\t\t\t
30 \n\t\t\t12 \n\t\t\t* \n\t\t\t* \n\t\t\t* \n\t\t\troot \n\t\t\t/usr/bin/nice -n20 /etc/rc.update_urltables \n\t\t \n\t\t- \n\t\t\t
1 \n\t\t\t0 \n\t\t\t* \n\t\t\t* \n\t\t\t* \n\t\t\troot \n\t\t\t/usr/bin/nice -n20 /etc/rc.update_pkg_metadata \n\t\t \n\t\t- \n\t\t\t
0 \n\t\t\t0 \n\t\t\t* \n\t\t\t* \n\t\t\t* \n\t\t\troot \n\t\t\t/usr/local/sbin/squid -k rotate -f /usr/local/etc/squid/squid.conf \n\t\t \n\t\t- \n\t\t\t
15 \n\t\t\t0 \n\t\t\t* \n\t\t\t* \n\t\t\t* \n\t\t\troot \n\t\t\t/usr/local/pkg/swapstate_check.php \n\t\t \n\t \n\t\n\t\t \n\t\n\t\t\n\t\t\tICMP \n\t\t\ticmp \n\t\t\tICMP \n\t\t\t \n\t\t\n\t\t\tTCP \n\t\t\ttcp \n\t\t\tGeneric TCP \n\t\t\t \n\t\t\n\t\t\tHTTP \n\t\t\thttp \n\t\t\tGeneric HTTP \n\t\t\t\n\t\t\t\t/ \n\t\t\t\t200\n\t\t\t \n\t\t \n\t\t\n\t\t\tHTTPS \n\t\t\thttps \n\t\t\tGeneric HTTPS \n\t\t\t\n\t\t\t\t/ \n\t\t\t\t200\n\t\t\t \n\t\t \n\t\t\n\t\t\tSMTP \n\t\t\tsend \n\t\t\tGeneric SMTP \n\t\t\t\n\t\t\t\t220 * \n\t\t\t \n\t\t \n\t \n\t\n\t\tsystem_information:col1:open:0,interfaces:col2:open:0 \n\t\t10 \n\t \n\t\n\t\t \n\t\n\t\t1545602758 \n\t\taggregated change \n\t\t \n\t\n\t\t5c00e5f9029df \n\t\twebConfigurator default (5c00e5f9029df) \n\t\tserver \n\t\tLS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUVlakNDQTJLZ0F3SUJBZ0lCQURBTkJna3Foa2lHOXcwQkFRc0ZBREJhTVRnd05nWURWUVFLRXk5d1psTmwKYm5ObElIZGxZa052Ym1acFozVnlZWFJ2Y2lCVFpXeG1MVk5wWjI1bFpDQkRaWEowYVdacFkyRjBaVEVlTUJ3RwpBMVVFQXhNVmNHWlRaVzV6WlMwMVl6QXdaVFZtT1RBeU9XUm1NQjRYRFRFNE1URXpNREEzTWpVME5Wb1hEVEkwCk1EVXlNakEzTWpVME5Wb3dXakU0TURZR0ExVUVDaE12Y0daVFpXNXpaU0IzWldKRGIyNW1hV2QxY21GMGIzSWcKVTJWc1ppMVRhV2R1WldRZ1EyVnlkR2xtYVdOaGRHVXhIakFjQmdOVkJBTVRGWEJtVTJWdWMyVXROV013TUdVMQpaamt3TWpsa1pqQ0NBU0l3RFFZSktvWklodmNOQVFFQkJRQURnZ0VQQURDQ0FRb0NnZ0VCQU9SRHNBV1hlMitrCmtuUFpBUGxBUG1QUUl6RVBDaXBQdXJ4dmE4c0psSCtiNitKRzl4bnpreXptaVR5SFc0M0tmZzVKNzhCdG1jTmQKWlgvZHlyckZ6dlNiQnZpa21lWk9MdGVaejVaaGFOdkxsbjBxRWZibEFwbWdkUS9Nck42eURoTWNZYWN6SEduTwpTaHdFRWZoMHhuOGo5VEFCMG9vT0JyU2dINnpkTjF2YVFIZzBJeDhIa0toUzY5eDRoV3g2WUUrRE9UQk00NUcwCkNVbitUVzNTSytQaU5QaFExT2tyRHlKL21ZLzdmVXpRZkg1bk5ZcEtNZUE2cVZxdUZTa1g0a0RVRlFwOHNoNG4KMXR5QmtJM2gvTFRpTW5uNjhBMXhKOFdrVW8yUWNxNmNuR0hqL0VGbkVKWWRraTVsYUtDWG5wS0Y0c2hrZHJaVgpRN21ybithUHg5OENBd0VBQWFPQ0FVa3dnZ0ZGTUFrR0ExVWRFd1FDTUFBd0VRWUpZSVpJQVliNFFnRUJCQVFECkFnWkFNQXNHQTFVZER3UUVBd0lGb0RBekJnbGdoa2dCaHZoQ0FRMEVKaFlrVDNCbGJsTlRUQ0JIWlc1bGNtRjAKWldRZ1UyVnlkbVZ5SUVObGNuUnBabWxqWVhSbE1CMEdBMVVkRGdRV0JCU3Qra3hud054UlFGT2pXVTljekRwegp4elRYd2pDQmdnWURWUjBqQkhzd2VZQVVyZnBNWjhEY1VVQlRvMWxQWE13NmM4YzAxOEtoWHFSY01Gb3hPREEyCkJnTlZCQW9UTDNCbVUyVnVjMlVnZDJWaVEyOXVabWxuZFhKaGRHOXlJRk5sYkdZdFUybG5ibVZrSUVObGNuUnAKWm1sallYUmxNUjR3SEFZRFZRUURFeFZ3WmxObGJuTmxMVFZqTURCbE5XWTVNREk1WkdhQ0FRQXdIUVlEVlIwbApCQll3RkFZSUt3WUJCUVVIQXdFR0NDc0dBUVVGQ0FJQ01DQUdBMVVkRVFRWk1CZUNGWEJtVTJWdWMyVXROV013Ck1HVTFaamt3TWpsa1pqQU5CZ2txaGtpRzl3MEJBUXNGQUFPQ0FRRUEzZHhIRWR5SkpWeC9od0t3WGlwcXYrY04KWFpSQ3Q1NUFHbnNGeXZIcG5Rb3pxYzV1ZFdKSTFUcGF1TGNaZjF6OFM1cXQyUDd3V1BndFhnZ3BIWmgydUlqagpha2ZpV0JIQnorS3Q2Qjl5K2hmVTVPRHUwSXMrcHJyWngyM0ZNNjVCOFNiMGlmUlMvZXFTTFpHTHcvLzdhRVJ2CnVpOUhKOXRuemhRYklMb1VwUUQ5MTRLNERldXdJYXZ4dldMTElwMGsreWNoSTczV2NGR1VZVlJpanFNekhlcUcKY2RLRDVtbXZQTk1OYXdESVhuU3pldVpQMTkvVmhuc0J0Y3hiYzNMQ2RSR1VJS0ZNN2syK0xoaEZrdks1NjhlNQozalpNZjNSVWhQaTlFeEF2Vmw3blVyd1l4UU45TXhHMUJzZmNrYldNd1dUL3lFMHFnRHcrT2M4b21SSW9tZz09Ci0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K \n\t\tLS0tLS1CRUdJTiBQUklWQVRFIEtFWS0tLS0tCk1JSUV2UUlCQURBTkJna3Foa2lHOXcwQkFRRUZBQVNDQktjd2dnU2pBZ0VBQW9JQkFRRGtRN0FGbDN0dnBKSnoKMlFENVFENWowQ014RHdvcVQ3cThiMnZMQ1pSL20rdmlSdmNaODVNczVvazhoMXVOeW40T1NlL0FiWm5EWFdWLwozY3E2eGM3MG13YjRwSm5tVGk3WG1jK1dZV2pieTVaOUtoSDI1UUtab0hVUHpLemVzZzRUSEdHbk14eHB6a29jCkJCSDRkTVovSS9Vd0FkS0tEZ2Ewb0IrczNUZGIya0I0TkNNZkI1Q29VdXZjZUlWc2VtQlBnemt3VE9PUnRBbEoKL2sxdDBpdmo0alQ0VU5UcEt3OGlmNW1QKzMxTTBIeCtaeldLU2pIZ09xbGFyaFVwRitKQTFCVUtmTEllSjliYwpnWkNONGZ5MDRqSjUrdkFOY1NmRnBGS05rSEt1bkp4aDQveEJaeENXSFpJdVpXaWdsNTZTaGVMSVpIYTJWVU81CnE1L21qOGZmQWdNQkFBRUNnZ0VCQUpmblI1TmhESjd1T1J2cEZKSEtvL3BPZjZ6ZElsbW45MUFCSWczYkVUeWUKcWFwS3FaUldtT0d2aFRLSHJYQzlpWWUrd2xNZlhNMDdNUm1Yb3BzS21rQURqdThXc3VnbHJWeURHamNzR2RqegpNZkdYZHA4RUplZlFkVGFQY1pjOWpNcEEvK2VCeHUzT2Yxa0hpR0g4YkVBZDBNUWk0bFpISVVWQXJmT2V2NEZhCmlaTEJGdTEzY0pCMEJNbzJUZU9JZDQ1R0p3OXVTQWd3Q1VuZWQ5WG42SlkremI3cVRKUE1qQkdlYWY0L0E5UnMKV29nWW85ZUtYaTF3YmFRcGthdUZINWx2U29jckRsQWRiaERiam00c0lIdzJtQUwwSUk0d1YzVTJLbUhFMEg3Nwp2b1M0dUdHNW1BZFZ0elRDTnZOa09YMC9WVWdNMTJ1eHllZVZ4c3FaTkxFQ2dZRUEvcFhJR2hDNlhkVkNNNDk1CkVsR1RENW4zUXdUOTZXZkNRQ0w2cXlaK1UwUHNla0dDV2pXTWt3R2tHbWl1ZkVKdFN2VFl2d1NzcUZpaTZsdlkKNXRKSkR3dEd4ZW0weEF0SWc3RlNuUVcvdDNWcExXOE9QVmFXQ0lOSXJKSHc3L2tOZ2RpVmNBWXpiN05DUGtjVgptTEs5aSt6bXpKMmkrbE9vaFVKRlE5aVZEQWNDZ1lFQTVZaDFHYWlGMUl6UzRVdE9pZklLcjZ3bW40MEQ3ZEVmClF5SXF5d3JSTVcya1BxVkViaVBCVkM3dUxUeUlKMWdwVDhPakl3WFlrOUlRdW01ZW42TTc2aXlxYmUrY3JhdE8KbEliK3pLL2RBNzZuUjBHOGJ2eVBmMS9FbU5vL0J1ZUZldWQyaWNacWhMd25HUkxUL0FPQktkMTZ4ZGtoSjdkVwo5WWRsbmliL0gya0NnWUJqaC8rQllVVGJab0xKVWJCTjN5S1ZtT1k0aDMwVmdZRktQZUt1Z3hBa1VZdmtpRFFFClBLZEcyZjlrYThTN3crU2l4M0x0eTFBTlNRbjRnZ3djd2QzYVNkaFRpL2ttSkJzbmtXM3hBY3hnVjBEVmlIT1MKdTRWUXNyTDQ5TjJ6bERVWnJLbFA4THl2VU8vM0ZTZDJXWHNOZDRNTVFCejFyVHRYVGY5eWRQeGdoUUtCZ0FzRgptWEhvK0x3ekl2RTBsNG5pT0ljbEFobkpRTFlMdzYrS2xYbDRoSUVXSGJ2d1hhL1lRYkZVSzVXNmdXTTZSWW1TCkFHUnZKRzQ4dVJicXM5cUFrU0Qya2h5RFZBZTI0U2dhcjJPTzBsTWF0WmVqWFhRSzVxMGNJU21oMlVMd25TVkEKdGgxNWpLWGhEeE9TSnVIRUhWQ3dWUFBwTUVGaStXY0M0R3RPdmhONUFvR0FKbXdFSkR2QkZtL0t0SXlZMDhuQgpJSExkc1dSWmRXOXpNbHBsMVk2OTV1b21qS1hVMEwva3VDZ1QwRFVVVG1VK0Q3aGFZL2FQajB6MWpqR0JGcEQ0ClJ3cVA2dVJQTVhRMExLSG5IbmFQclJzanM2Q2xicVQ4ZU93dTRkeVpmYUtTS3VvbVpDZ1pkV2ZxWThVL21tbWIKT21vckhNeWJzWG0wWnJNaTZOemlzam89Ci0tLS0tRU5EIFBSSVZBVEUgS0VZLS0tLS0K \n\t \n\t\n\t\t\n\t\t\twan \n\t\t\t192.168.1.220 \n\t\t\tGW_WAN \n\t\t\t1 \n\t\t\tinet \n\t\t\tInterface wan Gateway \n\t\t \n\t\t\n\t\t\tlan \n\t\t\t192.168.1.220 \n\t\t\tGW_LAN \n\t\t\t1 \n\t\t\tinet \n\t\t\tInterface lan Gateway \n\t\t \n\t\tGW_WAN \n\t \n\t\n\t\t\n\t\t\tnmap \n\t\t\tNMap is a utility for network exploration or security auditing.&amp;amp;amp;amp;amp;amp;amp;amp;amp;amp;lt;br/&amp;amp;amp;amp;amp;amp;amp;amp;amp;amp;gt;\n\t\t\tIt supports ping scanning (determine which hosts are up), many port scanning techniques (determine what services the hosts are offering), version detection (determine what application/service is running on a port), and TCP/IP fingerprinting (remote host OS or device identification).\n\t\t\tIt also offers flexible target and port specification, decoy/stealth scanning, SunRPC scanning, and more. \n\t\t\t1.4.4_1 \n\t\t\thttps://doc.pfsense.org/index.php/Nmap_package \n\t\t\tnmap.xml \n\t\t\t/usr/local/pkg/nmap.inc \n\t\t \n\t\t\n\t\t\tiftop \n\t\t\thttps://forum.pfsense.org/ \n\t\t\tRealtime interface monitor (console/shell only). \n\t\t\thttp://www.ex-parrot.com/~pdw/iftop/ \n\t\t\t0.17_2 \n\t\t\tiftop.xml \n\t\t \n\t\t\n\t\t\tOpen-VM-Tools \n\t\t\tVMware Tools is a suite of utilities that enhances the performance of the virtual machine's guest operating system and improves management of the virtual machine. \n\t\t\thttp://open-vm-tools.sourceforge.net/ \n\t\t\t10.1.0,1 \n\t\t\thttps://doc.pfsense.org/index.php/Open_VM_Tools_package \n\t\t\topen-vm-tools.xml \n\t\t\t/usr/local/pkg/open-vm-tools.inc \n\t\t \n\t\t\n\t\t\tsquid3 \n\t\t\tsquid \n\t\t\tHigh performance web proxy cache (3.4 branch). It combines Squid as a proxy server with its capabilities of acting as a HTTP / HTTPS reverse proxy.&amp;amp;amp;amp;amp;amp;amp;amp;amp;amp;lt;br /&amp;amp;amp;amp;amp;amp;amp;amp;amp;amp;gt;\n\t\t\tIt includes an Exchange-Web-Access (OWA) Assistant, SSL filtering and antivirus integration via C-ICAP. \n\t\t\thttps://forum.pfsense.org/index.php?board=60.0 \n\t\t\thttp://www.squid-cache.org/ \n\t\t\t0.4.44_7 \n\t\t\tsquid.xml \n\t\t\tsquid_generate_rules \n\t\t\t\n\t\t\t\t\n\t\t\t\t\tGeneral \n\t\t\t\t\t/pkg_edit.php?xml=squid.xml&id=0 \n\t\t\t\t\t \n\t\t\t\t\n\t\t\t\t\tRemote Cache \n\t\t\t\t\t/pkg.php?xml=squid_upstream.xml \n\t\t\t\t \n\t\t\t\t\n\t\t\t\t\tLocal Cache \n\t\t\t\t\t/pkg_edit.php?xml=squid_cache.xml&id=0 \n\t\t\t\t \n\t\t\t\t\n\t\t\t\t\tAntivirus \n\t\t\t\t\t/pkg_edit.php?xml=squid_antivirus.xml&id=0 \n\t\t\t\t \n\t\t\t\t\n\t\t\t\t\tACLs \n\t\t\t\t\t/pkg_edit.php?xml=squid_nac.xml&id=0 \n\t\t\t\t \n\t\t\t\t\n\t\t\t\t\tTraffic Mgmt \n\t\t\t\t\t/pkg_edit.php?xml=squid_traffic.xml&id=0 \n\t\t\t\t \n\t\t\t\t\n\t\t\t\t\tAuthentication \n\t\t\t\t\t/pkg_edit.php?xml=squid_auth.xml&id=0 \n\t\t\t\t \n\t\t\t\t\n\t\t\t\t\tUsers \n\t\t\t\t\t/pkg.php?xml=squid_users.xml \n\t\t\t\t \n\t\t\t\t\n\t\t\t\t\tReal Time \n\t\t\t\t\t/squid_monitor.php \n\t\t\t\t \n\t\t\t\t\n\t\t\t\t\tSync \n\t\t\t\t\t/pkg_edit.php?xml=squid_sync.xml \n\t\t\t\t \n\t\t\t \n\t\t\t/usr/local/pkg/squid.inc \n\t\t \n\t\t\n\t\t\tNMap \n\t\t\t\n\t\t\tnmap.xml \n\t\t \n\t\t\n\t\t\tSquid Proxy Server \n\t\t\tModify the proxy server settings \n\t\t\t\n\t\t\t/pkg_edit.php?xml=squid.xml&id=0 \n\t\t \n\t\t\n\t\t\tSquid Reverse Proxy \n\t\t\tModify the reverse proxy server settings \n\t\t\t\n\t\t\t/pkg_edit.php?xml=squid_reverse_general.xml&id=0 \n\t\t \n\t\t\n\t\t\tvmware-guestd \n\t\t\tvmware-guestd.sh \n\t\t\tmwexec(\"/usr/local/etc/rc.d/vmware-guestd status\") == 0; \n\t\t\tVMware Guest Daemon \n\t\t \n\t\t\n\t\t\tvmware-kmod \n\t\t\tvmware-kmod.sh \n\t\t\tmwexec(\"/usr/local/etc/rc.d/vmware-kmod status\") == 0; \n\t\t\tVMware Kernel Modules \n\t\t \n\t\t\n\t\t\tsquid \n\t\t\tsquid.sh \n\t\t\tsquid \n\t\t\tSquid Proxy Server Service \n\t\t \n\t\t\n\t\t\tclamd \n\t\t\tclamd.sh \n\t\t\tclamd \n\t\t\tClamAV Antivirus \n\t\t \n\t\t\n\t\t\tc-icap \n\t\t\tc-icap.sh \n\t\t\tc-icap \n\t\t\tICAP Inteface for Squid and ClamAV integration \n\t\t \n\t\t\n\t\t\t\n\t\t\t\theap LFUDA \n\t\t\t\t90 \n\t\t\t\t95 \n\t\t\t\t100 \n\t\t\t\tufs \n\t\t\t\t16 \n\t\t\t\t/var/squid/cache \n\t\t\t\t0 \n\t\t\t\t4 \n\t\t\t\t64 \n\t\t\t\t256 \n\t\t\t\theap GDSF \n\t\t\t\t \n\t\t \n\t\t\n\t\t\t\n\t\t\t\tnone \n\t\t\t \n\t\t \n\t\t\n\t\t\t\n\t\t\t\ton \n\t\t\t\ton \n\t\t\t\tlan \n\t\t\t\t3128 \n\t\t\t\ton \n\t\t\t\tlan \n\t\t\t\tsplicewhitelist \n\t\t\t\tlan \n\t\t\t\tmodern \n\t\t\t\t2048 \n\t\t\t\tnone \n\t\t\t\t/var/squid/logs \n\t\t\t\tlocalhost \n\t\t\t\tadmin@localhost \n\t\t\t\ten \n\t\t\t\ton \n\t\t\t\tstrip \n\t\t\t\t \n\t\t \n\t\t\n\t\t\t\n\t\t\t\tLg== \n\t\t\t\t \n\t\t \n\t \n\t\n\t \n\t\n\t\t\n\t\t\tipalias \n\t\t\tlan \n\t\t\t5c0a4b6139b05 \n\t\t\tsingle \n\t\t\t24 \n\t\t\t10.255.2.254 \n\t\t \n\t\t\n\t\t\tipalias \n\t\t\tlan \n\t\t\t5c0a4bd391375 \n\t\t\tsingle \n\t\t\t24 \n\t\t\t10.255.3.254 \n\t\t \n\t \n\t\n\t\t\n\t\t\tpfSense \n\t\t\tacme.com \n\t\t \n\t \n \n \n opt1 opt2 opt3 \n IFGROUP1 \n \n \n\t\n\t\t\n\t\t\tvmx0 \n\t\t\t100 \n\t\t\tvmx0.100 \n\t\t \n\t\t\n\t\t\tvmx1 \n\t\t\t100 \n\t\t\tvmx1.100 \n\t\t \n\t\t\n\t\t\tvmx1 \n\t\t\t1100 \n\t\t\tvmx1.1100 \n\t\t \n\t\t\n\t\t\tvmx2 \n\t\t\t1100 \n\t\t\tvmx2.1100 \n\t\t \n\t \n \n"
},
{
"path": "tests/unit/plugins/modules/fixtures/pfsense_dns_resolver_config_full.xml",
"content": "\n\t23.3 \n\t\n\t\tnormal \n\t\tpfSense \n\t\tacme.com \n\t\ton \n\t\t\n\t\t\tall \n\t\t\tAll Users \n\t\t\tsystem \n\t\t\t1998 \n\t\t \n\t\t\n\t\t\tadmins \n\t\t\tSystem Administrators \n\t\t\tsystem \n\t\t\t1999 \n\t\t\t0 \n\t\t\tpage-all \n\t\t \n\t\t\n\t\t\tsystem \n\t\t\ttest \n\t\t\t \n\t\t\n\t\t\tsystem \n\t\t\tgroupe1 \n\t\t\t \n\t\t\n\t\t\tsystem \n\t\t\tgroupe2 \n\t\t\t \n\t\t\n\t\t\tadmin \n\t\t\tSystem Administrator \n\t\t\tsystem \n\t\t\tadmins \n\t\t\t$2y$10$AMCpA.Z.RNaferLp1yzFq.BvaGgfqaJKtQug7OErbocyNagsEK6xW \n\t\t\t0 \n\t\t\tuser-shell-access \n\t\t\t2 \n\t\t\tpfSense.css \n\t\t \n\t\t2000 \n\t\t2000 \n\t\t0.pfsense.pool.ntp.org \n\t\t\n\t\t\thttp \n\t\t\t5c00e5f9029df \n\t\t\t2 \n\t\t \n\t\tyes \n\t\t400000 \n\t\thadp \n\t\thadp \n\t\thadp \n\t\t\n\t\t\tmonthly \n\t\t \n\t\tEtc/UTC \n\t \n\t\n\t\t\n\t\t\tem0 \n\t\t\tdhcp \n\t\t\tdhcp6 \n\t\t\t0 \n\t\t \n\t\t\n\t\t\tem1 \n\t\t\t192.168.1.1 \n\t\t\t24 \n\t\t\twan \n\t\t\t0 \n\t\t\t \n\t\t\n\t\t\tem2 \n\t\t\topt1 \n\t\t\t10.0.0.1 \n\t\t\t24 \n\t\t \n\t\t\n\t\t\tem1.100 \n\t\t\tVLAN 100 \n\t\t\t172.16.0.1 \n\t\t\t24 \n\t\t \n\t \n\t\n\t\t\n\t\tem1 \n\t\t100 \n\t\tVLAN 100 on LAN \n\t\tem1.100 \n\t\t \n\t \n\t\n\t\t\n\t\t\t\n\t\t\t\t192.168.1.100 \n\t\t\t\t192.168.1.199 \n\t\t\t \n\t\t\t86400 \n\t\t\t172800 \n\t\t\thmac-md5 \n\t\t\tallow \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t10.0.0.100 \n\t\t\t\t10.0.0.199 \n\t\t\t \n\t\t\t86400 \n\t\t\t172800 \n\t\t\topt1.example.com \n\t\t\thmac-md5 \n\t\t\tallow \n\t\t\tenabled \n\t\t \n\t \n\t\n\t\tall \n\t\tall \n\t\ttransparent \n\t\t4 \n\t\t10 \n\t\t10 \n\t\tauto \n\t\t512 \n\t\t200 \n\t\t86400 \n\t\t0 \n\t\t900 \n\t\t10000 \n\t\tdisabled \n\t\t1 \n\t \n\t\n\t\t\t1545602758 \n\t\t\taggregated change \n\t\t\t \n \n"
},
{
"path": "tests/unit/plugins/modules/fixtures/pfsense_dns_resolver_config_init.xml",
"content": "\n\t23.3 \n\t\n\t\tnormal \n\t\tpfSense \n\t\tacme.com \n\t\ton \n\t\t\n\t\t\tall \n\t\t\tAll Users \n\t\t\tsystem \n\t\t\t1998 \n\t\t \n\t\t\n\t\t\tadmins \n\t\t\tSystem Administrators \n\t\t\tsystem \n\t\t\t1999 \n\t\t\t0 \n\t\t\tpage-all \n\t\t \n\t\t\n\t\t\tsystem \n\t\t\ttest \n\t\t\t \n\t\t\n\t\t\tsystem \n\t\t\tgroupe1 \n\t\t\t \n\t\t\n\t\t\tsystem \n\t\t\tgroupe2 \n\t\t\t \n\t\t\n\t\t\tadmin \n\t\t\tSystem Administrator \n\t\t\tsystem \n\t\t\tadmins \n\t\t\t$2y$10$AMCpA.Z.RNaferLp1yzFq.BvaGgfqaJKtQug7OErbocyNagsEK6xW \n\t\t\t0 \n\t\t\tuser-shell-access \n\t\t\t2 \n\t\t\tpfSense.css \n\t\t \n\t\t2000 \n\t\t2000 \n\t\t0.pfsense.pool.ntp.org \n\t\t\n\t\t\thttp \n\t\t\t5c00e5f9029df \n\t\t\t2 \n\t\t \n\t\tyes \n\t\t400000 \n\t\thadp \n\t\thadp \n\t\thadp \n\t\t\n\t\t\tmonthly \n\t\t \n\t\tEtc/UTC \n\t \n\t\n\t\t\n\t\t\tem0 \n\t\t\tdhcp \n\t\t\tdhcp6 \n\t\t\t0 \n\t\t \n\t\t\n\t\t\tem1 \n\t\t\t192.168.1.1 \n\t\t\t24 \n\t\t\twan \n\t\t\t0 \n\t\t\t \n\t\t\n\t\t\tem2 \n\t\t\topt1 \n\t\t\t10.0.0.1 \n\t\t\t24 \n\t\t \n\t\t\n\t\t\tem1.100 \n\t\t\tVLAN 100 \n\t\t\t172.16.0.1 \n\t\t\t24 \n\t\t \n\t \n\t\n\t\t\n\t\tem1 \n\t\t100 \n\t\tVLAN 100 on LAN \n\t\tem1.100 \n\t\t \n\t \n\t\n\t\t\n\t\t\t\n\t\t\t\t192.168.1.100 \n\t\t\t\t192.168.1.199 \n\t\t\t \n\t\t\t86400 \n\t\t\t172800 \n\t\t\thmac-md5 \n\t\t\tallow \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t10.0.0.100 \n\t\t\t\t10.0.0.199 \n\t\t\t \n\t\t\t86400 \n\t\t\t172800 \n\t\t\topt1.example.com \n\t\t\thmac-md5 \n\t\t\tallow \n\t\t\tenabled \n\t\t \n\t \n \n \n\t\n\t\t\t1545602758 \n\t\t\taggregated change \n\t\t\t \n \n"
},
{
"path": "tests/unit/plugins/modules/fixtures/pfsense_gateway_config.xml",
"content": "\n\t18.9 \n\t\n\t\tnormal \n\t\tpfSense \n\t\tacme.com \n\t\ton \n\t\t\n\t\t\tall \n\t\t\tAll Users \n\t\t\tsystem \n\t\t\t1998 \n\t\t \n\t\t\n\t\t\tadmins \n\t\t\tSystem Administrators \n\t\t\tsystem \n\t\t\t1999 \n\t\t\t0 \n\t\t\tpage-all \n\t\t \n\t\t\n\t\t\tsystem \n\t\t\ttest \n\t\t\t \n\t\t\n\t\t\tsystem \n\t\t\tgroupe1 \n\t\t\t \n\t\t\n\t\t\tsystem \n\t\t\tgroupe2 \n\t\t\t \n\t\t\n\t\t\tadmin \n\t\t\tSystem Administrator \n\t\t\tsystem \n\t\t\tadmins \n\t\t\t$2y$10$AMCpA.Z.RNaferLp1yzFq.BvaGgfqaJKtQug7OErbocyNagsEK6xW \n\t\t\t0 \n\t\t\tuser-shell-access \n\t\t\t2 \n\t\t\tpfSense.css \n\t\t \n\t\t2000 \n\t\t2000 \n\t\t0.pfsense.pool.ntp.org \n\t\t\n\t\t\thttp \n\t\t\t5c00e5f9029df \n\t\t\t2 \n\t\t \n\t\tyes \n\t\t400000 \n\t\thadp \n\t\thadp \n\t\thadp \n\t\t\n\t\t\tmonthly \n\t\t \n\t\t\n\t\t\tenabled \n\t\t \n\t\tEtc/UTC \n\t \n\t\n\t\t\n\t\t\tvmx0 \n\t\t\twan \n\t\t\t192.168.240.137 \n\t\t\t32 \n\t\t\tSavedCfg \n\t\t\t24 \n\t\t\t2001:: \n\t\t\t64 \n\t\t\t \n\t\t\n\t\t\tvmx1 \n\t\t\tlan \n\t\t\t192.168.1.242 \n\t\t\t24 \n\t\t\t \n\t\t\n\t\t\tvmx2 \n\t\t\tvpn \n\t\t\t10.0.0.1 \n\t\t\t24 \n\t\t \n\t\t\n\t\t\tvmx3 \n\t\t\tvt1 \n\t\t\t \n\t\t\n\t\t\tlan_100 \n\t\t\tvmx1.1100 \n\t\t\t172.16.151.210 \n\t\t\t24 \n\t\t \n\t \n\t\n\t\t\n\t\t\t\t\t\t10.3.0.0/16 \n\t\t\t\t\t\tGW_WAN \n\t\t\t\t\t\tGW_WAN route \n\t\t \n\t \n\t\n\t\t\n\t\t\t\n\t\t\t\t192.168.1.100 \n\t\t\t\t192.168.1.199 \n\t\t\t \n\t\t \n\t \n\t\n\t\t\n\t\t\t\n\t\t\t\t::1000 \n\t\t\t\t::2000 \n\t\t\t \n\t\t\tassist \n\t\t\tmedium \n\t\t \n\t \n\t\n\t\tpublic \n\t \n\t\n\t\t\n\t\t\t \n\t \n\t\n\t\t1 \n\t\t50 \n\t\tipv4 \n\t \n\t\n\t\t\n\t\t\tadvanced \n\t\t\t\n\t\t\t\t\n\t\t\t\t\tany \n\t\t\t\t \n\t\t\t\tone rule \n\t\t\t\twan \n\t\t\t\t\n\t\t\t\t\t \n\t\t\t\t\n\t\t\t\t\t1544027052 \n\t\t\t\t\t \n\t\t\t\t\n\t\t\t\t\t1544027052 \n\t\t\t\t\t \n\t\t\t \n\t\t\t\n\t\t\t\t\n\t\t\t\t\tany \n\t\t\t\t \n\t\t\t\tanother rule \n\t\t\t\twan \n\t\t\t\t\n\t\t\t\t\t \n\t\t\t\t\n\t\t\t\t\t1544027052 \n\t\t\t\t\t \n\t\t\t\t\n\t\t\t\t\t1544027052 \n\t\t\t\t\t \n\t\t\t \n\t\t\t\n\t\t\t\t\n\t\t\t\t\tany \n\t\t\t\t \n\t\t\t\tthird rule \n\t\t\t\twan \n\t\t\t\t\n\t\t\t\t\t \n\t\t\t\t\n\t\t\t\t\t1544027052 \n\t\t\t\t\t \n\t\t\t\t\n\t\t\t\t\t1544027052 \n\t\t\t\t\t \n\t\t\t \n\t\t \n\t\t\n\t\t\t\n\t\t\t\t \n\t\t\t\n\t\t\t\twanip \n\t\t\t\t22022 \n\t\t\t \n\t\t\ttcp \n\t\t\t10.255.1.20 \n\t\t\t22 \n\t\t\twan \n\t\t\tone \n\t\t\t\n\t\t\t\t1544085353 \n\t\t\t\t \n\t\t\t\n\t\t\t\t1544085353 \n\t\t\t\t \n\t\t \n \n\t\t\t\n\t\t\t\t \n\t\t\t\n\t\t\t\twanip \n\t\t\t\t22022 \n\t\t\t \n\t\t\ttcp \n\t\t\t10.255.1.20 \n\t\t\t22 \n\t\t\twan \n\t\t\ttwo \n\t\t\tpass \n\t\t\t\n\t\t\t\t1544085353 \n\t\t\t\t \n\t\t\t\n\t\t\t\t1544085353 \n\t\t\t\t \n\t\t \n \n\t\t\t\n\t\t\t\t \n\t\t\t\n\t\t\t\twanip \n\t\t\t\t22022 \n\t\t\t \n\t\t\ttcp \n\t\t\t10.255.1.20 \n\t\t\t22 \n\t\t\twan \n\t\t\tlast \n\t\t\tnat_5e03858acc6b82.92150982 \n\t\t\t\n\t\t\t\t1544085353 \n\t\t\t\t \n\t\t\t\n\t\t\t\t1544085353 \n\t\t\t\t \n\t\t \n\t \n\t\n \n\t\t\t\n\t\t\t\t \n\t\t\t\n\t\t\t\twanip \n\t\t\t\t22022 \n\t\t\t \n\t\t\ttcp \n\t\t\twan \n\t\t\tNAT last \n\t\t\tnat_5e03858acc6b82.92150982 \n\t\t \n\t\t\n\t\t\t\n\t\t\t\t\n\t\t\t\t\tfr1
\n\t\t\t\t\ttest_separator \n\t\t\t\t\tbg-info \n\t\t\t\t\tlan \n\t\t\t\t \n\t\t\t \n\t\t\t\n\t\t\t\t\t\t\t\n\t\t\t\t\t\t\t\t\t\t\tfr0
\n\t\t\t\t\t\t\t\t\t\t\tbg-info \n\t\t\t\t\t\t\t\t\t\t\topt2 \n\t\t\t\t\t\t\t \n\t\t\t\t\t\t\t\n\t\t\t\t\t\t\t\t\t\t\tfr3
\n\t\t\t\t\t\t\t\t\t\t\tbg-info \n\t\t\t\t\t\t\t\t\t\t\topt2 \n\t\t\t\t\t\t\t \n\t\t\t \n\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545574416 \n\t\t\t \n\t\t\ttcp \n\t\t\ttest_rule \n\t\t\t\n\t\t\t\t1545574416 \n\t\t\t \n\t\t\t\n\t\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\t \n\t\t\t1545574416 \n\t\t\twan \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545574416 \n\t\t\t \n\t\t\ttcp \n\t\t\ttest_rule_2 \n\t\t\t\n\t\t\t\t1545574416 \n\t\t\t \n\t\t\t\n\t\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\t \n\t\t\t1545574416 \n\t\t\twan \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545574416 \n\t\t\t \n\t\t\ttcp \n\t\t\ttest_lan_100_1 \n\t\t\t\n\t\t\t\t1545574416 \n\t\t\t \n\t\t\t\n\t\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\t \n\t\t\t1545574416 \n\t\t\topt3 \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545574416 \n\t\t\t \n\t\t\ttcp \n\t\t\ttest_lan_100_2 \n\t\t\t\n\t\t\t\t1545574416 \n\t\t\t \n\t\t\t\n\t\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\t \n\t\t\t1545574416 \n\t\t\topt3 \n\t\t\tinet \n\t\t\tpass \n\t\t\tone_queue \n\t\t\tanother_queue \n\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545574416 \n\t\t\t \n\t\t\ttcp \n\t\t\ttest_lan_100_3 \n\t\t\t\n\t\t\t\t1545574416 \n\t\t\t \n\t\t\t\n\t\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\t \n\t\t\t1545574416 \n\t\t\topt3 \n\t\t\tinet \n\t\t\tpass \n\t\t\tone_queue \n\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545574416 \n\t\t\t \n\t\t\ttcp \n\t\t\ttest_lan_100_4 \n\t\t\t\n\t\t\t\t1545574416 \n\t\t\t \n\t\t\t\n\t\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\t \n\t\t\t1545574416 \n\t\t\topt3 \n\t\t\tinet \n\t\t\tpass \n\t\t\tone_limiter \n\t\t\tanother_limiter \n\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545574416 \n\t\t\t \n\t\t\ttcp \n\t\t\ttest_lan_100_5 \n\t\t\t\n\t\t\t\t1545574416 \n\t\t\t \n\t\t\t\n\t\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\t \n\t\t\t1545574416 \n\t\t\topt3 \n\t\t\tinet \n\t\t\tpass \n\t\t\tone_limiter \n\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545574416 \n\t\t\t \n\t\t\ttcp \n\t\t\ttest_rule_3 \n\t\t\t\n\t\t\t\t1545574416 \n\t\t\t \n\t\t\t\n\t\t\t\tport_http \n\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\t \n\t\t\t1545574416 \n\t\t\twan \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545574416 \n\t\t\t \n\t\t\ttcp \n\t\t\tantilock_out_3 \n\t\t\t\n\t\t\t\t1545574416 \n\t\t\t \n\t\t\t\n\t\t\t\t443 \n\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\t \n\t\t\t1545574416 \n\t\t\twan \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\t \n\t\t\t\t\t\t fbor \n\t\t\t\t\t\t 1545907554 \n\t\t\t\t \n\t\t\t\t tcp \n\t\t\t\t test_rule_floating \n\t\t\t\t \n\t\t\t\t\t\t 1545574416 \n\t\t\t\t \n\t\t\t\t \n\t\t\t\t\t\t \n\t\t\t\t keep state \n\t\t\t\t \n\t\t\t\t\t\t \n\t\t\t\t 1545574416 \n\t\t\t\t wan \n\t\t\t\t inet \n\t\t\t\t pass \n\t\t\t\t any \n\t\t\t\t yes \n\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545574416 \n\t\t\t \n\t\t\ttcp \n\t\t\tantilock_out_1 \n\t\t\t\n\t\t\t\t1545574416 \n\t\t\t \n\t\t\t\n\t\t\t\tport_ssh \n\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\t \n\t\t\t1545574416 \n\t\t\tlan \n\t\t\tinet \n\t\t\tpass \n\t\t\tGW_LAN \n\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545574416 \n\t\t\t \n\t\t\ttcp \n\t\t\tnot_rule_dst \n\t\t\t\n\t\t\t\t1545574416 \n\t\t\t \n\t\t\t\n\t\t\t\tsrv_admin \n\t\t\t\tport_ssh \n\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\t \n\t\t\t1545574416 \n\t\t\tlan \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545574416 \n\t\t\t \n\t\t\ttcp \n\t\t\tnot_rule_src \n\t\t\t\n\t\t\t\t1545574416 \n\t\t\t \n\t\t\t\n\t\t\t\tport_ssh \n\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\tsrv_admin \n\t\t\t\t \n\t\t\t1545574416 \n\t\t\tlan \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545574416 \n\t\t\t \n\t\t\ttcp \n\t\t\tantilock_out_2 \n\t\t\t\n\t\t\t\t1545574416 \n\t\t\t \n\t\t\t\n\t\t\t\tport_http \n\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\t \n\t\t\t1545574416 \n\t\t\tlan \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545574416 \n\t\t\t \n\t\t\ttcp \n\t\t\tantilock_out_3 \n\t\t\t\n\t\t\t\t1545574416 \n\t\t\t \n\t\t\t\n\t\t\t\t443 \n\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\t \n\t\t\t1545574416 \n\t\t\tlan \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\ticmp \n\t\t\tping_from_poc3_1 \n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\t\n\t\t\t\tsrv_admin \n\t\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\tlan_data_poc3 \n\t\t\t\t \n\t\t\t1545602758 \n\t\t\tlan \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\tudp \n\t\t\tads_to_ads_udp_1_1 \n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\t\n\t\t\t\tport_dns \n\t\t\t\tad_poc2 \n\t\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\tad_poc3 \n\t\t\t\t \n\t\t\t1545602758 \n\t\t\tlan \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\tudp \n\t\t\tads_to_ads_udp_1_2 \n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\t\n\t\t\t\tport_ldap \n\t\t\t\tad_poc2 \n\t\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\tad_poc3 \n\t\t\t\t \n\t\t\t1545602758 \n\t\t\tlan \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\tudp \n\t\t\tads_to_ads_udp_2_1 \n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\t\n\t\t\t\tport_dns \n\t\t\t\tad_poc1 \n\t\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\tad_poc3 \n\t\t\t\t \n\t\t\t1545602758 \n\t\t\tlan \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\tudp \n\t\t\tads_to_ads_udp_2_2 \n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\t\n\t\t\t\tport_ldap \n\t\t\t\tad_poc1 \n\t\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\tad_poc3 \n\t\t\t\t \n\t\t\t1545602758 \n\t\t\tlan \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\ttcp \n\t\t\tads_to_ads_tcp_1_1 \n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\t\n\t\t\t\tport_dns \n\t\t\t\tad_poc2 \n\t\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\tad_poc3 \n\t\t\t\t \n\t\t\t1545602758 \n\t\t\tlan \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\ttcp \n\t\t\tads_to_ads_tcp_1_2 \n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\t\n\t\t\t\tport_ldap \n\t\t\t\tad_poc2 \n\t\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\tad_poc3 \n\t\t\t\t \n\t\t\t1545602758 \n\t\t\tlan \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\ttcp \n\t\t\tads_to_ads_tcp_1_3 \n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\t\n\t\t\t\tport_ldap_ssl \n\t\t\t\tad_poc2 \n\t\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\tad_poc3 \n\t\t\t\t \n\t\t\t1545602758 \n\t\t\tlan \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\ttcp \n\t\t\tads_to_ads_tcp_2_1 \n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\t\n\t\t\t\tport_dns \n\t\t\t\tad_poc1 \n\t\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\tad_poc3 \n\t\t\t\t \n\t\t\t1545602758 \n\t\t\tlan \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\ttcp \n\t\t\tads_to_ads_tcp_2_2 \n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\t\n\t\t\t\tport_ldap \n\t\t\t\tad_poc1 \n\t\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\tad_poc3 \n\t\t\t\t \n\t\t\t1545602758 \n\t\t\tlan \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\ttcp \n\t\t\tads_to_ads_tcp_2_3 \n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\t\n\t\t\t\tport_ldap_ssl \n\t\t\t\tad_poc1 \n\t\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\tport_ldap_ssl \n\t\t\t\tad_poc3 \n\t\t\t\t \n\t\t\t1545602758 \n\t\t\tlan \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545574416 \n\t\t\t \n\t\t\ttcp \n\t\t\tantilock_out_1 \n\t\t\t\n\t\t\t\t1545574416 \n\t\t\t \n\t\t\t\n\t\t\t\tport_ssh \n\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\t \n\t\t\t1545574416 \n\t\t\topt3 \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545574416 \n\t\t\t \n\t\t\ttcp \n\t\t\tantilock_out_2 \n\t\t\t\n\t\t\t\t1545574416 \n\t\t\t \n\t\t\t\n\t\t\t\tport_http \n\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\t \n\t\t\t1545574416 \n\t\t\topt3 \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545574416 \n\t\t\t \n\t\t\ttcp \n\t\t\tantilock_out_3 \n\t\t\t\n\t\t\t\t1545574416 \n\t\t\t \n\t\t\t\n\t\t\t\t443 \n\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\t \n\t\t\t1545574416 \n\t\t\topt3 \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\tudp \n\t\t\tvoid_conf_tftp_1 \n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\t\n\t\t\t\t69 \n\t\t\t\tlan_voip_poc2 \n\t\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\tipbx_poc3 \n\t\t\t\t \n\t\t\t1545602758 \n\t\t\topt3 \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\ticmp \n\t\t\tping_from_poc3_2 \n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\t\n\t\t\t\tsrv_admin \n\t\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\tlan_voip_poc3 \n\t\t\t\t \n\t\t\t1545602758 \n\t\t\topt3 \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\tudp \n\t\t\tvoid_conf_tftp_2 \n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\t\n\t\t\t\t69 \n\t\t\t\tlan_voip_poc1 \n\t\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\tipbx_poc3 \n\t\t\t\t \n\t\t\t1545602758 \n\t\t\topt3 \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545574416 \n\t\t\t \n\t\t\ttcp \n\t\t\tantilock_out_1 \n\t\t\t\n\t\t\t\t1545574416 \n\t\t\t \n\t\t\t\n\t\t\t\tport_ssh \n\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\t \n\t\t\t1545574416 \n\t\t\topt1 \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545574416 \n\t\t\t \n\t\t\ttcp \n\t\t\tantilock_out_2 \n\t\t\t\n\t\t\t\t1545574416 \n\t\t\t \n\t\t\t\n\t\t\t\tport_http \n\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\t \n\t\t\t1545574416 \n\t\t\topt1 \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545574416 \n\t\t\t \n\t\t\ttcp \n\t\t\tantilock_out_3 \n\t\t\t\n\t\t\t\t1545574416 \n\t\t\t \n\t\t\t\n\t\t\t\t443 \n\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\t \n\t\t\t1545574416 \n\t\t\topt1 \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\tudp \n\t\t\tvoid_conf_tftp_3 \n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\t\n\t\t\t\t69 \n\t\t\t\tlan_voip_poc3 \n\t\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\tipbx_poc2 \n\t\t\t\t \n\t\t\t1545602758 \n\t\t\topt1 \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\tudp \n\t\t\tads_to_ads_udp_3_1 \n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\t\n\t\t\t\tport_dns \n\t\t\t\tad_poc3 \n\t\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\tad_poc2 \n\t\t\t\t \n\t\t\t1545602758 \n\t\t\topt1 \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\tudp \n\t\t\tads_to_ads_udp_3_2 \n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\t\n\t\t\t\tport_ldap \n\t\t\t\tad_poc3 \n\t\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\tad_poc2 \n\t\t\t\t \n\t\t\t1545602758 \n\t\t\topt1 \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\tudp \n\t\t\tads_to_ads_udp_4_1 \n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\t\n\t\t\t\tport_dns \n\t\t\t\tad_poc3 \n\t\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\tad_poc1 \n\t\t\t\t \n\t\t\t1545602758 \n\t\t\topt1 \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\tudp \n\t\t\tads_to_ads_udp_4_2 \n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\t\n\t\t\t\tport_ldap \n\t\t\t\tad_poc3 \n\t\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\tad_poc1 \n\t\t\t\t \n\t\t\t1545602758 \n\t\t\topt1 \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\tudp \n\t\t\tvoid_conf_tftp_4 \n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\t\n\t\t\t\t69 \n\t\t\t\tlan_voip_poc3 \n\t\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\tipbx_poc1 \n\t\t\t\t \n\t\t\t1545602758 \n\t\t\topt1 \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\ttcp \n\t\t\tads_to_ads_tcp_4_1 \n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\t\n\t\t\t\tport_dns \n\t\t\t\tad_poc3 \n\t\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\tad_poc1 \n\t\t\t\t \n\t\t\t1545602758 \n\t\t\topt1 \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\ttcp \n\t\t\tads_to_ads_tcp_4_2 \n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\t\n\t\t\t\tport_ldap \n\t\t\t\tad_poc3 \n\t\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\tad_poc1 \n\t\t\t\t \n\t\t\t1545602758 \n\t\t\topt1 \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\ttcp \n\t\t\tads_to_ads_tcp_4_3 \n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\t\n\t\t\t\tport_ldap_ssl \n\t\t\t\tad_poc3 \n\t\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\tad_poc1 \n\t\t\t\t \n\t\t\t1545602758 \n\t\t\topt1 \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\tadmin_bypass \n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\t\n\t\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\tsrv_admin \n\t\t\t\t \n\t\t\t1545602758 \n\t\t\topt1 \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\ttcp \n\t\t\tads_to_ads_tcp_3_1 \n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\t\n\t\t\t\tport_dns \n\t\t\t\tad_poc3 \n\t\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\tad_poc2 \n\t\t\t\t \n\t\t\t1545602758 \n\t\t\topt1 \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\ttcp \n\t\t\tads_to_ads_tcp_3_2 \n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\t\n\t\t\t\tport_ldap \n\t\t\t\tad_poc3 \n\t\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\tad_poc2 \n\t\t\t\t \n\t\t\t1545602758 \n\t\t\topt1 \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\ttcp \n\t\t\tads_to_ads_tcp_3_3 \n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\t\n\t\t\t\tport_ldap_ssl \n\t\t\t\tad_poc3 \n\t\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\tad_poc2 \n\t\t\t\t \n\t\t\t1545602758 \n\t\t\topt1 \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\t\n\t\t\t\t\t\t\t1546111216 \n\t\t\t\t\t\t\tpass \n\t\t\t\t\t\t\topt2 \n\t\t\t\t\t\t\tinet \n\t\t\t\t\t\t\ttcp \n\t\t\t\t\t\t\t\n\t\t\t\t\t\t\t\t\t\t\t \n\t\t\t\t\t\t\t\n\t\t\t\t\t\t\t\t\t\t\t \n\t\t\t\t\t\t\t\n\t\t\t\t\t\t\t\t\t\t\t1546111216 \n\t\t\t\t\t\t\t\t\t\t\tadmin \n\t\t\t\t\t\t\t \n\t\t\t\t\t\t\t\n\t\t\t\t\t\t\t\t\t\t\t1546111216 \n\t\t\t\t\t\t\t\t\t\t\tadmin \n\t\t\t\t\t\t\t \n\t\t\t \n\t\t\t\n\t\t\t\t\t\t\t1546111271 \n\t\t\t\t\t\t\tpass \n\t\t\t\t\t\t\topt2 \n\t\t\t\t\t\t\tinet \n\t\t\t\t\t\t\ttcp \n\t\t\t\t\t\t\t\n\t\t\t\t\t\t\t\t\t\t\t \n\t\t\t\t\t\t\t\n\t\t\t\t\t\t\t\t\t\t\t \n\t\t\t\t\t\t\t\n\t\t\t\t\t\t\t\t\t\t\t1546111271 \n\t\t\t\t\t\t\t\t\t\t\tadmin \n\t\t\t\t\t\t\t \n\t\t\t\t\t\t\t\n\t\t\t\t\t\t\t\t\t\t\t1546111271 \n\t\t\t\t\t\t\t\t\t\t\tadmin \n\t\t\t\t\t\t\t \n\t\t\t \n\t\t\t\n\t\t\t\t\t\t\t1546111294 \n\t\t\t\t\t\t\tpass \n\t\t\t\t\t\t\topt2 \n\t\t\t\t\t\t\tinet \n\t\t\t\t\t\t\ttcp \n\t\t\t\t\t\t\t\n\t\t\t\t\t\t\t\t\t\t\t \n\t\t\t\t\t\t\t\n\t\t\t\t\t\t\t\t\t\t\t \n\t\t\t\t\t\t\t\n\t\t\t\t\t\t\t\t\t\t\t1546111294 \n\t\t\t\t\t\t\t\t\t\t\tadmin \n\t\t\t\t\t\t\t \n\t\t\t\t\t\t\t\n\t\t\t\t\t\t\t\t\t\t\t1546111294 \n\t\t\t\t\t\t\t\t\t\t\tadmin \n\t\t\t\t\t\t\t \n\t\t\t \n\t\t \n\t\n\t\t\n\t\t\t\t\t\topt2 \n\t\t\t\t\t\topt2 \n\t\t\t\t\t\tCBQ \n\t\t\t\t\t\t100 \n\t\t\t\t\t\tMb \n\t\t\t\t\t\t\n\t\t\t\t\t\t\t\t\t\topt2 \n\t\t\t\t\t\t\t\t\t\t10000 \n\t\t\t\t\t\t\t\t\t\t0 \n\t\t\t\t\t\t\t\t\t\tone_queue \n\t\t\t\t\t\t\t\t\t\t50 \n\t\t\t\t\t\t\t\t\t\tMb \n\t\t\t\t\t\t\t\t\t\ton \n\t\t\t\t\t\t \n\t\t\t\t\t\t\n\t\t\t\t\t\t\t\t\t\topt2 \n\t\t\t\t\t\t\t\t\t\t1000 \n\t\t\t\t\t\t\t\t\t\t1 \n\t\t\t\t\t\t\t\t\t\tanother_queue \n\t\t\t\t\t\t\t\t\t\t50 \n\t\t\t\t\t\t\t\t\t\tMb \n\t\t\t\t\t\t\t\t\t\ton \n\t\t\t\t\t\t \n\t\t\t\t\t\ton \n\t\t \n\t \n\t\n\t\t\n\t\t\tport \n\t\t\tport_ssh \n\t\t\t22 \n\t\t \n\t\t\n\t\t\tport \n\t\t\tport_http \n\t\t\t80 \n\t\t \n\t\t\n\t\t\thost \n\t\t\tsrv_admin \n\t\t\t192.168.1.165 \n\t\t \n\t\t\n\t\t\tport \n\t\t\tport_dns \n\t\t\t51 \n\t\t \n\t\t\n\t\t\tport \n\t\t\tport_ldap \n\t\t\t389 \n\t\t \n\t\t\n\t\t\tport \n\t\t\tport_ldap_ssl \n\t\t\t636 \n\t\t \n\t\n\t\t\tnetwork \n\t\t\tlan_voip_poc2 \n\t\t\t172.16.2.0/24 \n\t\t\t \n\t\t\n\t\t\tnetwork \n\t\t\tlan_voip_poc3 \n\t\t\t172.16.3.0/24 \n\t\t\t \n\t\t\n\t\t\tnetwork \n\t\t\tlan_voip_poc1 \n\t\t\t172.16.1.0/24 \n\t\t\t \n\t\t\n\t\t\thost \n\t\t\tad_poc3 \n\t\t\t192.168.3.3 \n\t\t\t \n\t\t\n\t\t\thost \n\t\t\tad_poc2 \n\t\t\t192.168.2.3 \n\t\t\t \n\t\t\n\t\t\thost \n\t\t\tad_poc1 \n\t\t\t192.168.1.3 \n\t\t\t \n\t\t\n\t\t\tnetwork \n\t\t\tlan_data_poc3 \n\t\t\t192.168.3.0/24 \n\t\t\t \n\t\t\n\t\t\thost \n\t\t\tipbx_poc3 \n\t\t\t172.16.3.3 \n\t\t\t \n\t\t\n\t\t\thost \n\t\t\tipbx_poc2 \n\t\t\t172.16.2.3 \n\t\t\t \n\t\t\n\t\t\thost \n\t\t\tipbx_poc1 \n\t\t\t172.16.1.3 \n\t\t\t \n\t\t\n\t\t\thttp://www.acme-corp.com \n\t\t\turltable \n\t\t\t10 \n\t\t\thttp://www.acme-corp.com \n\t\t\tacme_corp \n\t\t\t \n\t\t \n\t\n\t\t- \n\t\t\t
1,31 \n\t\t\t0-5 \n\t\t\t* \n\t\t\t* \n\t\t\t* \n\t\t\troot \n\t\t\t/usr/bin/nice -n20 adjkerntz -a \n\t\t \n\t\t- \n\t\t\t
1 \n\t\t\t3 \n\t\t\t1 \n\t\t\t* \n\t\t\t* \n\t\t\troot \n\t\t\t/usr/bin/nice -n20 /etc/rc.update_bogons.sh \n\t\t \n\t\t- \n\t\t\t
*/60 \n\t\t\t* \n\t\t\t* \n\t\t\t* \n\t\t\t* \n\t\t\troot \n\t\t\t/usr/bin/nice -n20 /usr/local/sbin/expiretable -v -t 3600 sshguard \n\t\t \n\t\t- \n\t\t\t
*/60 \n\t\t\t* \n\t\t\t* \n\t\t\t* \n\t\t\t* \n\t\t\troot \n\t\t\t/usr/bin/nice -n20 /usr/local/sbin/expiretable -v -t 3600 webConfiguratorlockout \n\t\t \n\t\t- \n\t\t\t
1 \n\t\t\t1 \n\t\t\t* \n\t\t\t* \n\t\t\t* \n\t\t\troot \n\t\t\t/usr/bin/nice -n20 /etc/rc.dyndns.update \n\t\t \n\t\t- \n\t\t\t
*/60 \n\t\t\t* \n\t\t\t* \n\t\t\t* \n\t\t\t* \n\t\t\troot \n\t\t\t/usr/bin/nice -n20 /usr/local/sbin/expiretable -v -t 3600 virusprot \n\t\t \n\t\t- \n\t\t\t
30 \n\t\t\t12 \n\t\t\t* \n\t\t\t* \n\t\t\t* \n\t\t\troot \n\t\t\t/usr/bin/nice -n20 /etc/rc.update_urltables \n\t\t \n\t\t- \n\t\t\t
1 \n\t\t\t0 \n\t\t\t* \n\t\t\t* \n\t\t\t* \n\t\t\troot \n\t\t\t/usr/bin/nice -n20 /etc/rc.update_pkg_metadata \n\t\t \n\t\t- \n\t\t\t
0 \n\t\t\t0 \n\t\t\t* \n\t\t\t* \n\t\t\t* \n\t\t\troot \n\t\t\t/usr/local/sbin/squid -k rotate -f /usr/local/etc/squid/squid.conf \n\t\t \n\t\t- \n\t\t\t
15 \n\t\t\t0 \n\t\t\t* \n\t\t\t* \n\t\t\t* \n\t\t\troot \n\t\t\t/usr/local/pkg/swapstate_check.php \n\t\t \n\t \n\t\n\t\t \n\t\n\t\t\n\t\t\tICMP \n\t\t\ticmp \n\t\t\tICMP \n\t\t\t \n\t\t\n\t\t\tTCP \n\t\t\ttcp \n\t\t\tGeneric TCP \n\t\t\t \n\t\t\n\t\t\tHTTP \n\t\t\thttp \n\t\t\tGeneric HTTP \n\t\t\t\n\t\t\t\t/ \n\t\t\t\t200\n\t\t\t \n\t\t \n\t\t\n\t\t\tHTTPS \n\t\t\thttps \n\t\t\tGeneric HTTPS \n\t\t\t\n\t\t\t\t/ \n\t\t\t\t200\n\t\t\t \n\t\t \n\t\t\n\t\t\tSMTP \n\t\t\tsend \n\t\t\tGeneric SMTP \n\t\t\t\n\t\t\t\t220 * \n\t\t\t \n\t\t \n\t \n\t\n\t\tsystem_information:col1:open:0,interfaces:col2:open:0 \n\t\t10 \n\t \n\t\n\t\t\n\t\t\t\t\t\tone_limiter \n\t\t\t\t\t\t1 \n\t\t\t\t\t\t\n\t\t\t\t\t\t\t\t\t\t- \n\t\t\t\t\t\t\t\t\t\t\t\t\t\t
100 \n\t\t\t\t\t\t\t\t\t\t\t\t\t\tMb \n\t\t\t\t\t\t\t\t\t\t\t\t\t\tnone \n\t\t\t\t\t\t\t\t\t\t \n\t\t\t\t\t\t \n\t\t\t\t\t\ton \n\t\t\t\t\t\tnone \n\t\t\t\t\t\t0 \n\t\t\t\t\t\twf2q+ \n\t\t\t\t\t\tdroptail \n\t\t\t\t\t\t \n\t\t\n\t\t\t\t\t\tanother_limiter \n\t\t\t\t\t\t2 \n\t\t\t\t\t\t\n\t\t\t\t\t\t\t\t\t\t- \n\t\t\t\t\t\t\t\t\t\t\t\t\t\t
1 \n\t\t\t\t\t\t\t\t\t\t\t\t\t\tMb \n\t\t\t\t\t\t\t\t\t\t\t\t\t\tnone \n\t\t\t\t\t\t\t\t\t\t \n\t\t\t\t\t\t \n\t\t\t\t\t\ton \n\t\t\t\t\t\tnone \n\t\t\t\t\t\t0 \n\t\t\t\t\t\twf2q+ \n\t\t\t\t\t\tdroptail \n\t\t\t\t\t\t \n\t\t\n\t\t\t\t\t\tdisabled_limiter \n\t\t\t\t\t\t3 \n\t\t\t\t\t\t\n\t\t\t\t\t\t\t\t\t\t- \n\t\t\t\t\t\t\t\t\t\t\t\t\t\t
1 \n\t\t\t\t\t\t\t\t\t\t\t\t\t\tKb \n\t\t\t\t\t\t\t\t\t\t\t\t\t\tnone \n\t\t\t\t\t\t\t\t\t\t \n\t\t\t\t\t\t \n\t\t\t\t\t\tnone \n\t\t\t\t\t\t0 \n\t\t\t\t\t\twf2q+ \n\t\t\t\t\t\tdroptail \n\t\t\t\t\t\t \n\t \n\t\n\t\t \n\t\n\t\t1545602758 \n\t\taggregated change \n\t\t \n\t\n\t\t5c00e5f9029df \n\t\twebConfigurator default (5c00e5f9029df) \n\t\tserver \n\t\tLS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUVlakNDQTJLZ0F3SUJBZ0lCQURBTkJna3Foa2lHOXcwQkFRc0ZBREJhTVRnd05nWURWUVFLRXk5d1psTmwKYm5ObElIZGxZa052Ym1acFozVnlZWFJ2Y2lCVFpXeG1MVk5wWjI1bFpDQkRaWEowYVdacFkyRjBaVEVlTUJ3RwpBMVVFQXhNVmNHWlRaVzV6WlMwMVl6QXdaVFZtT1RBeU9XUm1NQjRYRFRFNE1URXpNREEzTWpVME5Wb1hEVEkwCk1EVXlNakEzTWpVME5Wb3dXakU0TURZR0ExVUVDaE12Y0daVFpXNXpaU0IzWldKRGIyNW1hV2QxY21GMGIzSWcKVTJWc1ppMVRhV2R1WldRZ1EyVnlkR2xtYVdOaGRHVXhIakFjQmdOVkJBTVRGWEJtVTJWdWMyVXROV013TUdVMQpaamt3TWpsa1pqQ0NBU0l3RFFZSktvWklodmNOQVFFQkJRQURnZ0VQQURDQ0FRb0NnZ0VCQU9SRHNBV1hlMitrCmtuUFpBUGxBUG1QUUl6RVBDaXBQdXJ4dmE4c0psSCtiNitKRzl4bnpreXptaVR5SFc0M0tmZzVKNzhCdG1jTmQKWlgvZHlyckZ6dlNiQnZpa21lWk9MdGVaejVaaGFOdkxsbjBxRWZibEFwbWdkUS9Nck42eURoTWNZYWN6SEduTwpTaHdFRWZoMHhuOGo5VEFCMG9vT0JyU2dINnpkTjF2YVFIZzBJeDhIa0toUzY5eDRoV3g2WUUrRE9UQk00NUcwCkNVbitUVzNTSytQaU5QaFExT2tyRHlKL21ZLzdmVXpRZkg1bk5ZcEtNZUE2cVZxdUZTa1g0a0RVRlFwOHNoNG4KMXR5QmtJM2gvTFRpTW5uNjhBMXhKOFdrVW8yUWNxNmNuR0hqL0VGbkVKWWRraTVsYUtDWG5wS0Y0c2hrZHJaVgpRN21ybithUHg5OENBd0VBQWFPQ0FVa3dnZ0ZGTUFrR0ExVWRFd1FDTUFBd0VRWUpZSVpJQVliNFFnRUJCQVFECkFnWkFNQXNHQTFVZER3UUVBd0lGb0RBekJnbGdoa2dCaHZoQ0FRMEVKaFlrVDNCbGJsTlRUQ0JIWlc1bGNtRjAKWldRZ1UyVnlkbVZ5SUVObGNuUnBabWxqWVhSbE1CMEdBMVVkRGdRV0JCU3Qra3hud054UlFGT2pXVTljekRwegp4elRYd2pDQmdnWURWUjBqQkhzd2VZQVVyZnBNWjhEY1VVQlRvMWxQWE13NmM4YzAxOEtoWHFSY01Gb3hPREEyCkJnTlZCQW9UTDNCbVUyVnVjMlVnZDJWaVEyOXVabWxuZFhKaGRHOXlJRk5sYkdZdFUybG5ibVZrSUVObGNuUnAKWm1sallYUmxNUjR3SEFZRFZRUURFeFZ3WmxObGJuTmxMVFZqTURCbE5XWTVNREk1WkdhQ0FRQXdIUVlEVlIwbApCQll3RkFZSUt3WUJCUVVIQXdFR0NDc0dBUVVGQ0FJQ01DQUdBMVVkRVFRWk1CZUNGWEJtVTJWdWMyVXROV013Ck1HVTFaamt3TWpsa1pqQU5CZ2txaGtpRzl3MEJBUXNGQUFPQ0FRRUEzZHhIRWR5SkpWeC9od0t3WGlwcXYrY04KWFpSQ3Q1NUFHbnNGeXZIcG5Rb3pxYzV1ZFdKSTFUcGF1TGNaZjF6OFM1cXQyUDd3V1BndFhnZ3BIWmgydUlqagpha2ZpV0JIQnorS3Q2Qjl5K2hmVTVPRHUwSXMrcHJyWngyM0ZNNjVCOFNiMGlmUlMvZXFTTFpHTHcvLzdhRVJ2CnVpOUhKOXRuemhRYklMb1VwUUQ5MTRLNERldXdJYXZ4dldMTElwMGsreWNoSTczV2NGR1VZVlJpanFNekhlcUcKY2RLRDVtbXZQTk1OYXdESVhuU3pldVpQMTkvVmhuc0J0Y3hiYzNMQ2RSR1VJS0ZNN2syK0xoaEZrdks1NjhlNQozalpNZjNSVWhQaTlFeEF2Vmw3blVyd1l4UU45TXhHMUJzZmNrYldNd1dUL3lFMHFnRHcrT2M4b21SSW9tZz09Ci0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K \n\t\tLS0tLS1CRUdJTiBQUklWQVRFIEtFWS0tLS0tCk1JSUV2UUlCQURBTkJna3Foa2lHOXcwQkFRRUZBQVNDQktjd2dnU2pBZ0VBQW9JQkFRRGtRN0FGbDN0dnBKSnoKMlFENVFENWowQ014RHdvcVQ3cThiMnZMQ1pSL20rdmlSdmNaODVNczVvazhoMXVOeW40T1NlL0FiWm5EWFdWLwozY3E2eGM3MG13YjRwSm5tVGk3WG1jK1dZV2pieTVaOUtoSDI1UUtab0hVUHpLemVzZzRUSEdHbk14eHB6a29jCkJCSDRkTVovSS9Vd0FkS0tEZ2Ewb0IrczNUZGIya0I0TkNNZkI1Q29VdXZjZUlWc2VtQlBnemt3VE9PUnRBbEoKL2sxdDBpdmo0alQ0VU5UcEt3OGlmNW1QKzMxTTBIeCtaeldLU2pIZ09xbGFyaFVwRitKQTFCVUtmTEllSjliYwpnWkNONGZ5MDRqSjUrdkFOY1NmRnBGS05rSEt1bkp4aDQveEJaeENXSFpJdVpXaWdsNTZTaGVMSVpIYTJWVU81CnE1L21qOGZmQWdNQkFBRUNnZ0VCQUpmblI1TmhESjd1T1J2cEZKSEtvL3BPZjZ6ZElsbW45MUFCSWczYkVUeWUKcWFwS3FaUldtT0d2aFRLSHJYQzlpWWUrd2xNZlhNMDdNUm1Yb3BzS21rQURqdThXc3VnbHJWeURHamNzR2RqegpNZkdYZHA4RUplZlFkVGFQY1pjOWpNcEEvK2VCeHUzT2Yxa0hpR0g4YkVBZDBNUWk0bFpISVVWQXJmT2V2NEZhCmlaTEJGdTEzY0pCMEJNbzJUZU9JZDQ1R0p3OXVTQWd3Q1VuZWQ5WG42SlkremI3cVRKUE1qQkdlYWY0L0E5UnMKV29nWW85ZUtYaTF3YmFRcGthdUZINWx2U29jckRsQWRiaERiam00c0lIdzJtQUwwSUk0d1YzVTJLbUhFMEg3Nwp2b1M0dUdHNW1BZFZ0elRDTnZOa09YMC9WVWdNMTJ1eHllZVZ4c3FaTkxFQ2dZRUEvcFhJR2hDNlhkVkNNNDk1CkVsR1RENW4zUXdUOTZXZkNRQ0w2cXlaK1UwUHNla0dDV2pXTWt3R2tHbWl1ZkVKdFN2VFl2d1NzcUZpaTZsdlkKNXRKSkR3dEd4ZW0weEF0SWc3RlNuUVcvdDNWcExXOE9QVmFXQ0lOSXJKSHc3L2tOZ2RpVmNBWXpiN05DUGtjVgptTEs5aSt6bXpKMmkrbE9vaFVKRlE5aVZEQWNDZ1lFQTVZaDFHYWlGMUl6UzRVdE9pZklLcjZ3bW40MEQ3ZEVmClF5SXF5d3JSTVcya1BxVkViaVBCVkM3dUxUeUlKMWdwVDhPakl3WFlrOUlRdW01ZW42TTc2aXlxYmUrY3JhdE8KbEliK3pLL2RBNzZuUjBHOGJ2eVBmMS9FbU5vL0J1ZUZldWQyaWNacWhMd25HUkxUL0FPQktkMTZ4ZGtoSjdkVwo5WWRsbmliL0gya0NnWUJqaC8rQllVVGJab0xKVWJCTjN5S1ZtT1k0aDMwVmdZRktQZUt1Z3hBa1VZdmtpRFFFClBLZEcyZjlrYThTN3crU2l4M0x0eTFBTlNRbjRnZ3djd2QzYVNkaFRpL2ttSkJzbmtXM3hBY3hnVjBEVmlIT1MKdTRWUXNyTDQ5TjJ6bERVWnJLbFA4THl2VU8vM0ZTZDJXWHNOZDRNTVFCejFyVHRYVGY5eWRQeGdoUUtCZ0FzRgptWEhvK0x3ekl2RTBsNG5pT0ljbEFobkpRTFlMdzYrS2xYbDRoSUVXSGJ2d1hhL1lRYkZVSzVXNmdXTTZSWW1TCkFHUnZKRzQ4dVJicXM5cUFrU0Qya2h5RFZBZTI0U2dhcjJPTzBsTWF0WmVqWFhRSzVxMGNJU21oMlVMd25TVkEKdGgxNWpLWGhEeE9TSnVIRUhWQ3dWUFBwTUVGaStXY0M0R3RPdmhONUFvR0FKbXdFSkR2QkZtL0t0SXlZMDhuQgpJSExkc1dSWmRXOXpNbHBsMVk2OTV1b21qS1hVMEwva3VDZ1QwRFVVVG1VK0Q3aGFZL2FQajB6MWpqR0JGcEQ0ClJ3cVA2dVJQTVhRMExLSG5IbmFQclJzanM2Q2xicVQ4ZU93dTRkeVpmYUtTS3VvbVpDZ1pkV2ZxWThVL21tbWIKT21vckhNeWJzWG0wWnJNaTZOemlzam89Ci0tLS0tRU5EIFBSSVZBVEUgS0VZLS0tLS0K \n\t \n\t\n\t\t\n\t\t\twan \n\t\t\t192.168.240.1 \n\t\t\tGW_WAN \n\t\t\t1 \n\t\t\tinet \n\t\t\tInterface wan Gateway \n\t\t \n\t\t\n\t\t\twan \n\t\t\t192.168.240.1 \n\t\t\tGW_DEFAULT \n\t\t\t1 \n\t\t\tinet \n\t\t\tInterface wan Gateway \n\t\t \n\t\t\n\t\t\twan \n\t\t\t192.168.240.1 \n\t\t\tGW_WAN2 \n\t\t\t1 \n\t\t\tinet \n\t\t\tInterface wan Gateway \n\t\t \n\t\t\n\t\t\tlan \n\t\t\t192.168.1.1 \n\t\t\tGW_LAN \n\t\t\t1 \n\t\t\tinet \n\t\t\tInterface lan Gateway \n\t\t\t8.8.8.8 \n\t\t \n\t\t\n\t\t\topt3 \n\t\t\tdynamic \n\t\t\tOPT3_VTIV4 \n\t\t\t1 \n\t\t\tinet \n\t\t\t \n\t\tGW_DEFAULT \n\t\t\n\t\t\t\t\t\tGWGroup \n\t\t\t\t\t\t- OPT3_VTIV4|1|address
\n\t\t\t\t\t\t- GW_LAN|2|address
\n\t\t\t\t\t\tdown \n\t\t\t\t\t\tFailover group \n\t\t \n\t \n\t\n\t\t\n\t\t\tnmap \n\t\t\tNMap is a utility for network exploration or security auditing.&amp;amp;amp;amp;amp;amp;amp;amp;amp;amp;lt;br/&amp;amp;amp;amp;amp;amp;amp;amp;amp;amp;gt;\n\t\t\tIt supports ping scanning (determine which hosts are up), many port scanning techniques (determine what services the hosts are offering), version detection (determine what application/service is running on a port), and TCP/IP fingerprinting (remote host OS or device identification).\n\t\t\tIt also offers flexible target and port specification, decoy/stealth scanning, SunRPC scanning, and more. \n\t\t\t1.4.4_1 \n\t\t\thttps://doc.pfsense.org/index.php/Nmap_package \n\t\t\tnmap.xml \n\t\t\t/usr/local/pkg/nmap.inc \n\t\t \n\t\t\n\t\t\tiftop \n\t\t\thttps://forum.pfsense.org/ \n\t\t\tRealtime interface monitor (console/shell only). \n\t\t\thttp://www.ex-parrot.com/~pdw/iftop/ \n\t\t\t0.17_2 \n\t\t\tiftop.xml \n\t\t \n\t\t\n\t\t\tOpen-VM-Tools \n\t\t\tVMware Tools is a suite of utilities that enhances the performance of the virtual machine's guest operating system and improves management of the virtual machine. \n\t\t\thttp://open-vm-tools.sourceforge.net/ \n\t\t\t10.1.0,1 \n\t\t\thttps://doc.pfsense.org/index.php/Open_VM_Tools_package \n\t\t\topen-vm-tools.xml \n\t\t\t/usr/local/pkg/open-vm-tools.inc \n\t\t \n\t\t\n\t\t\tsquid3 \n\t\t\tsquid \n\t\t\tHigh performance web proxy cache (3.4 branch). It combines Squid as a proxy server with its capabilities of acting as a HTTP / HTTPS reverse proxy.&amp;amp;amp;amp;amp;amp;amp;amp;amp;amp;lt;br /&amp;amp;amp;amp;amp;amp;amp;amp;amp;amp;gt;\n\t\t\tIt includes an Exchange-Web-Access (OWA) Assistant, SSL filtering and antivirus integration via C-ICAP. \n\t\t\thttps://forum.pfsense.org/index.php?board=60.0 \n\t\t\thttp://www.squid-cache.org/ \n\t\t\t0.4.44_7 \n\t\t\tsquid.xml \n\t\t\tsquid_generate_rules \n\t\t\t\n\t\t\t\t\n\t\t\t\t\tGeneral \n\t\t\t\t\t/pkg_edit.php?xml=squid.xml&id=0 \n\t\t\t\t\t \n\t\t\t\t\n\t\t\t\t\tRemote Cache \n\t\t\t\t\t/pkg.php?xml=squid_upstream.xml \n\t\t\t\t \n\t\t\t\t\n\t\t\t\t\tLocal Cache \n\t\t\t\t\t/pkg_edit.php?xml=squid_cache.xml&id=0 \n\t\t\t\t \n\t\t\t\t\n\t\t\t\t\tAntivirus \n\t\t\t\t\t/pkg_edit.php?xml=squid_antivirus.xml&id=0 \n\t\t\t\t \n\t\t\t\t\n\t\t\t\t\tACLs \n\t\t\t\t\t/pkg_edit.php?xml=squid_nac.xml&id=0 \n\t\t\t\t \n\t\t\t\t\n\t\t\t\t\tTraffic Mgmt \n\t\t\t\t\t/pkg_edit.php?xml=squid_traffic.xml&id=0 \n\t\t\t\t \n\t\t\t\t\n\t\t\t\t\tAuthentication \n\t\t\t\t\t/pkg_edit.php?xml=squid_auth.xml&id=0 \n\t\t\t\t \n\t\t\t\t\n\t\t\t\t\tUsers \n\t\t\t\t\t/pkg.php?xml=squid_users.xml \n\t\t\t\t \n\t\t\t\t\n\t\t\t\t\tReal Time \n\t\t\t\t\t/squid_monitor.php \n\t\t\t\t \n\t\t\t\t\n\t\t\t\t\tSync \n\t\t\t\t\t/pkg_edit.php?xml=squid_sync.xml \n\t\t\t\t \n\t\t\t \n\t\t\t/usr/local/pkg/squid.inc \n\t\t \n\t\t\n\t\t\tNMap \n\t\t\t\n\t\t\tnmap.xml \n\t\t \n\t\t\n\t\t\tSquid Proxy Server \n\t\t\tModify the proxy server settings \n\t\t\t\n\t\t\t/pkg_edit.php?xml=squid.xml&id=0 \n\t\t \n\t\t\n\t\t\tSquid Reverse Proxy \n\t\t\tModify the reverse proxy server settings \n\t\t\t\n\t\t\t/pkg_edit.php?xml=squid_reverse_general.xml&id=0 \n\t\t \n\t\t\n\t\t\tvmware-guestd \n\t\t\tvmware-guestd.sh \n\t\t\tmwexec(\"/usr/local/etc/rc.d/vmware-guestd status\") == 0; \n\t\t\tVMware Guest Daemon \n\t\t \n\t\t\n\t\t\tvmware-kmod \n\t\t\tvmware-kmod.sh \n\t\t\tmwexec(\"/usr/local/etc/rc.d/vmware-kmod status\") == 0; \n\t\t\tVMware Kernel Modules \n\t\t \n\t\t\n\t\t\tsquid \n\t\t\tsquid.sh \n\t\t\tsquid \n\t\t\tSquid Proxy Server Service \n\t\t \n\t\t\n\t\t\tclamd \n\t\t\tclamd.sh \n\t\t\tclamd \n\t\t\tClamAV Antivirus \n\t\t \n\t\t\n\t\t\tc-icap \n\t\t\tc-icap.sh \n\t\t\tc-icap \n\t\t\tICAP Inteface for Squid and ClamAV integration \n\t\t \n\t\t\n\t\t\t\n\t\t\t\theap LFUDA \n\t\t\t\t90 \n\t\t\t\t95 \n\t\t\t\t100 \n\t\t\t\tufs \n\t\t\t\t16 \n\t\t\t\t/var/squid/cache \n\t\t\t\t0 \n\t\t\t\t4 \n\t\t\t\t64 \n\t\t\t\t256 \n\t\t\t\theap GDSF \n\t\t\t\t \n\t\t \n\t\t\n\t\t\t\n\t\t\t\tnone \n\t\t\t \n\t\t \n\t\t\n\t\t\t\n\t\t\t\ton \n\t\t\t\ton \n\t\t\t\tlan \n\t\t\t\t3128 \n\t\t\t\ton \n\t\t\t\tlan \n\t\t\t\tsplicewhitelist \n\t\t\t\tlan \n\t\t\t\tmodern \n\t\t\t\t2048 \n\t\t\t\tnone \n\t\t\t\t/var/squid/logs \n\t\t\t\tlocalhost \n\t\t\t\tadmin@localhost \n\t\t\t\ten \n\t\t\t\ton \n\t\t\t\tstrip \n\t\t\t\t \n\t\t \n\t\t\n\t\t\t\n\t\t\t\tLg== \n\t\t\t\t \n\t\t \n\t \n\t\n\t \n\t\n\t\t\n\t\t\tother \n\t\t\tlan \n\t\t\t5c0a4b6139b05 \n\t\t\tnetwork \n\t\t\t24 \n\t\t\t10.255.2.254 \n\t\t \n\t\t\n\t\t\tipalias \n\t\t\tlan \n\t\t\t5c0a4bd391375 \n\t\t\tsingle \n\t\t\t24 \n\t\t\t10.255.3.254 \n\t\t \n\t \n\t\n\t\t\n\t\t\tpfSense \n\t\t\tacme.com \n\t\t \n\t \n\t\n\t\t\n\t\t\tvmx1 \n\t\t\t1100 \n\t\t\tvmx1.1100 \n\t\t \n\t \n \n"
},
{
"path": "tests/unit/plugins/modules/fixtures/pfsense_haproxy_backend_config.xml",
"content": "\n\t18.9 \n\t\n\t\tnormal \n\t\tpfSense \n\t\tacme.com \n\t\ton \n\t\t\n\t\t\tall \n\t\t\tAll Users \n\t\t\tsystem \n\t\t\t1998 \n\t\t \n\t\t\n\t\t\tadmins \n\t\t\tSystem Administrators \n\t\t\tsystem \n\t\t\t1999 \n\t\t\t0 \n\t\t\tpage-all \n\t\t \n\t\t\n\t\t\tsystem \n\t\t\ttest \n\t\t\t \n\t\t\n\t\t\tsystem \n\t\t\tgroupe1 \n\t\t\t \n\t\t\n\t\t\tsystem \n\t\t\tgroupe2 \n\t\t\t \n\t\t\n\t\t\tadmin \n\t\t\tSystem Administrator \n\t\t\tsystem \n\t\t\tadmins \n\t\t\t$2y$10$AMCpA.Z.RNaferLp1yzFq.BvaGgfqaJKtQug7OErbocyNagsEK6xW \n\t\t\t0 \n\t\t\tuser-shell-access \n\t\t\t2 \n\t\t\tpfSense.css \n\t\t \n\t\t2000 \n\t\t2000 \n\t\t0.pfsense.pool.ntp.org \n\t\t\n\t\t\thttp \n\t\t\t5c00e5f9029df \n\t\t\t2 \n\t\t \n\t\tyes \n\t\t400000 \n\t\thadp \n\t\thadp \n\t\thadp \n\t\t\n\t\t\tmonthly \n\t\t \n\t\t\n\t\t\tenabled \n\t\t \n\t\tEtc/UTC \n\t \n\t\n\t\t\n\t\t\tvmx0 \n\t\t\twan \n\t\t\t192.168.240.137 \n\t\t\t32 \n\t\t\tSavedCfg \n\t\t\t24 \n\t\t\t \n\t\t\n\t\t\tvmx1 \n\t\t\tlan \n\t\t\t192.168.1.242 \n\t\t\t24 \n\t\t\t \n\t\t\n\t\t\tvmx2 \n\t\t\tvpn \n\t\t\t10.0.0.1 \n\t\t\t24 \n\t\t \n\t\t\n\t\t\tvmx3 \n\t\t\tvt1 \n\t\t\t \n\t\t\n\t\t\tlan_100 \n\t\t\tvmx1.1100 \n\t\t\t172.16.151.210 \n\t\t\t24 \n\t\t \n\t \n\t\n\t\t\n\t\t\t\n\t\t\t\t192.168.1.100 \n\t\t\t\t192.168.1.199 \n\t\t\t \n\t\t \n\t \n\t\n\t\t\n\t\t\t\n\t\t\t\t::1000 \n\t\t\t\t::2000 \n\t\t\t \n\t\t\tassist \n\t\t\tmedium \n\t\t \n\t \n\t\n\t\tpublic \n\t \n\t\n\t\t\n\t\t\t \n\t \n\t\n\t\t1 \n\t\t50 \n\t\tipv4 \n\t \n\t\n\t\t\n\t\t\tadvanced \n\t\t\t\n\t\t\t\t\n\t\t\t\t\tany \n\t\t\t\t \n\t\t\t\twan \n\t\t\t\t\n\t\t\t\t\t \n\t\t\t\t\n\t\t\t\t\t1544027052 \n\t\t\t\t\t \n\t\t\t\t\n\t\t\t\t\t1544027052 \n\t\t\t\t\t \n\t\t\t \n\t\t \n\t\t\n\t\t\t\n\t\t\t\t \n\t\t\t\n\t\t\t\twanip \n\t\t\t\t22022 \n\t\t\t \n\t\t\ttcp \n\t\t\t10.255.1.20 \n\t\t\t22 \n\t\t\twan \n\t\t\t\n\t\t\t\t1544085353 \n\t\t\t\t \n\t\t\t\n\t\t\t\t1544085353 \n\t\t\t\t \n\t\t \n\t \n\t\n\t\t\n\t\t\t\n\t\t\t\t\n\t\t\t\t\tfr1
\n\t\t\t\t\ttest_separator \n\t\t\t\t\tbg-info \n\t\t\t\t\tlan \n\t\t\t\t \n\t\t\t \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545574416 \n\t\t\t \n\t\t\ttcp \n\t\t\tantilock_out_1 \n\t\t\t\n\t\t\t\t1545574416 \n\t\t\t \n\t\t\t\n\t\t\t\tport_ssh \n\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\t \n\t\t\t1545574416 \n\t\t\twan \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545574416 \n\t\t\t \n\t\t\ttcp \n\t\t\tantilock_out_2 \n\t\t\t\n\t\t\t\t1545574416 \n\t\t\t \n\t\t\t\n\t\t\t\tport_http \n\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\t \n\t\t\t1545574416 \n\t\t\twan \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545574416 \n\t\t\t \n\t\t\ttcp \n\t\t\tantilock_out_3 \n\t\t\t\n\t\t\t\t1545574416 \n\t\t\t \n\t\t\t\n\t\t\t\t443 \n\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\t \n\t\t\t1545574416 \n\t\t\twan \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545574416 \n\t\t\t \n\t\t\ttcp \n\t\t\tantilock_out_1 \n\t\t\t\n\t\t\t\t1545574416 \n\t\t\t \n\t\t\t\n\t\t\t\tport_ssh \n\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\t \n\t\t\t1545574416 \n\t\t\tlan \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545574416 \n\t\t\t \n\t\t\ttcp \n\t\t\tantilock_out_2 \n\t\t\t\n\t\t\t\t1545574416 \n\t\t\t \n\t\t\t\n\t\t\t\tport_http \n\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\t \n\t\t\t1545574416 \n\t\t\tlan \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545574416 \n\t\t\t \n\t\t\ttcp \n\t\t\tantilock_out_3 \n\t\t\t\n\t\t\t\t1545574416 \n\t\t\t \n\t\t\t\n\t\t\t\t443 \n\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\t \n\t\t\t1545574416 \n\t\t\tlan \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\ticmp \n\t\t\tping_from_poc3_1 \n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\t\n\t\t\t\tsrv_admin \n\t\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\tlan_data_poc3 \n\t\t\t\t \n\t\t\t1545602758 \n\t\t\tlan \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\tudp \n\t\t\tads_to_ads_udp_1_1 \n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\t\n\t\t\t\tport_dns \n\t\t\t\tad_poc2 \n\t\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\tad_poc3 \n\t\t\t\t \n\t\t\t1545602758 \n\t\t\tlan \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\tudp \n\t\t\tads_to_ads_udp_1_2 \n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\t\n\t\t\t\tport_ldap \n\t\t\t\tad_poc2 \n\t\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\tad_poc3 \n\t\t\t\t \n\t\t\t1545602758 \n\t\t\tlan \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\tudp \n\t\t\tads_to_ads_udp_2_1 \n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\t\n\t\t\t\tport_dns \n\t\t\t\tad_poc1 \n\t\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\tad_poc3 \n\t\t\t\t \n\t\t\t1545602758 \n\t\t\tlan \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\tudp \n\t\t\tads_to_ads_udp_2_2 \n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\t\n\t\t\t\tport_ldap \n\t\t\t\tad_poc1 \n\t\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\tad_poc3 \n\t\t\t\t \n\t\t\t1545602758 \n\t\t\tlan \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\ttcp \n\t\t\tads_to_ads_tcp_1_1 \n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\t\n\t\t\t\tport_dns \n\t\t\t\tad_poc2 \n\t\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\tad_poc3 \n\t\t\t\t \n\t\t\t1545602758 \n\t\t\tlan \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\ttcp \n\t\t\tads_to_ads_tcp_1_2 \n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\t\n\t\t\t\tport_ldap \n\t\t\t\tad_poc2 \n\t\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\tad_poc3 \n\t\t\t\t \n\t\t\t1545602758 \n\t\t\tlan \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\ttcp \n\t\t\tads_to_ads_tcp_1_3 \n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\t\n\t\t\t\tport_ldap_ssl \n\t\t\t\tad_poc2 \n\t\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\tad_poc3 \n\t\t\t\t \n\t\t\t1545602758 \n\t\t\tlan \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\ttcp \n\t\t\tads_to_ads_tcp_2_1 \n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\t\n\t\t\t\tport_dns \n\t\t\t\tad_poc1 \n\t\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\tad_poc3 \n\t\t\t\t \n\t\t\t1545602758 \n\t\t\tlan \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\ttcp \n\t\t\tads_to_ads_tcp_2_2 \n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\t\n\t\t\t\tport_ldap \n\t\t\t\tad_poc1 \n\t\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\tad_poc3 \n\t\t\t\t \n\t\t\t1545602758 \n\t\t\tlan \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\ttcp \n\t\t\tads_to_ads_tcp_2_3 \n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\t\n\t\t\t\tport_ldap_ssl \n\t\t\t\tad_poc1 \n\t\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\tad_poc3 \n\t\t\t\t \n\t\t\t1545602758 \n\t\t\tlan \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545574416 \n\t\t\t \n\t\t\ttcp \n\t\t\tantilock_out_1 \n\t\t\t\n\t\t\t\t1545574416 \n\t\t\t \n\t\t\t\n\t\t\t\tport_ssh \n\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\t \n\t\t\t1545574416 \n\t\t\topt3 \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545574416 \n\t\t\t \n\t\t\ttcp \n\t\t\tantilock_out_2 \n\t\t\t\n\t\t\t\t1545574416 \n\t\t\t \n\t\t\t\n\t\t\t\tport_http \n\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\t \n\t\t\t1545574416 \n\t\t\topt3 \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545574416 \n\t\t\t \n\t\t\ttcp \n\t\t\tantilock_out_3 \n\t\t\t\n\t\t\t\t1545574416 \n\t\t\t \n\t\t\t\n\t\t\t\t443 \n\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\t \n\t\t\t1545574416 \n\t\t\topt3 \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\tudp \n\t\t\tvoid_conf_tftp_1 \n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\t\n\t\t\t\t69 \n\t\t\t\tlan_voip_poc2 \n\t\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\tipbx_poc3 \n\t\t\t\t \n\t\t\t1545602758 \n\t\t\topt3 \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\ticmp \n\t\t\tping_from_poc3_2 \n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\t\n\t\t\t\tsrv_admin \n\t\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\tlan_voip_poc3 \n\t\t\t\t \n\t\t\t1545602758 \n\t\t\topt3 \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\tudp \n\t\t\tvoid_conf_tftp_2 \n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\t\n\t\t\t\t69 \n\t\t\t\tlan_voip_poc1 \n\t\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\tipbx_poc3 \n\t\t\t\t \n\t\t\t1545602758 \n\t\t\topt3 \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545574416 \n\t\t\t \n\t\t\ttcp \n\t\t\tantilock_out_1 \n\t\t\t\n\t\t\t\t1545574416 \n\t\t\t \n\t\t\t\n\t\t\t\tport_ssh \n\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\t \n\t\t\t1545574416 \n\t\t\topt1 \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545574416 \n\t\t\t \n\t\t\ttcp \n\t\t\tantilock_out_2 \n\t\t\t\n\t\t\t\t1545574416 \n\t\t\t \n\t\t\t\n\t\t\t\tport_http \n\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\t \n\t\t\t1545574416 \n\t\t\topt1 \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545574416 \n\t\t\t \n\t\t\ttcp \n\t\t\tantilock_out_3 \n\t\t\t\n\t\t\t\t1545574416 \n\t\t\t \n\t\t\t\n\t\t\t\t443 \n\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\t \n\t\t\t1545574416 \n\t\t\topt1 \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\tudp \n\t\t\tvoid_conf_tftp_3 \n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\t\n\t\t\t\t69 \n\t\t\t\tlan_voip_poc3 \n\t\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\tipbx_poc2 \n\t\t\t\t \n\t\t\t1545602758 \n\t\t\topt1 \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\tudp \n\t\t\tads_to_ads_udp_3_1 \n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\t\n\t\t\t\tport_dns \n\t\t\t\tad_poc3 \n\t\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\tad_poc2 \n\t\t\t\t \n\t\t\t1545602758 \n\t\t\topt1 \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\tudp \n\t\t\tads_to_ads_udp_3_2 \n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\t\n\t\t\t\tport_ldap \n\t\t\t\tad_poc3 \n\t\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\tad_poc2 \n\t\t\t\t \n\t\t\t1545602758 \n\t\t\topt1 \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\tudp \n\t\t\tads_to_ads_udp_4_1 \n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\t\n\t\t\t\tport_dns \n\t\t\t\tad_poc3 \n\t\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\tad_poc1 \n\t\t\t\t \n\t\t\t1545602758 \n\t\t\topt1 \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\tudp \n\t\t\tads_to_ads_udp_4_2 \n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\t\n\t\t\t\tport_ldap \n\t\t\t\tad_poc3 \n\t\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\tad_poc1 \n\t\t\t\t \n\t\t\t1545602758 \n\t\t\topt1 \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\tudp \n\t\t\tvoid_conf_tftp_4 \n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\t\n\t\t\t\t69 \n\t\t\t\tlan_voip_poc3 \n\t\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\tipbx_poc1 \n\t\t\t\t \n\t\t\t1545602758 \n\t\t\topt1 \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\ttcp \n\t\t\tads_to_ads_tcp_4_1 \n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\t\n\t\t\t\tport_dns \n\t\t\t\tad_poc3 \n\t\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\tad_poc1 \n\t\t\t\t \n\t\t\t1545602758 \n\t\t\topt1 \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\ttcp \n\t\t\tads_to_ads_tcp_4_2 \n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\t\n\t\t\t\tport_ldap \n\t\t\t\tad_poc3 \n\t\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\tad_poc1 \n\t\t\t\t \n\t\t\t1545602758 \n\t\t\topt1 \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\ttcp \n\t\t\tads_to_ads_tcp_4_3 \n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\t\n\t\t\t\tport_ldap_ssl \n\t\t\t\tad_poc3 \n\t\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\tad_poc1 \n\t\t\t\t \n\t\t\t1545602758 \n\t\t\topt1 \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\tadmin_bypass \n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\t\n\t\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\tsrv_admin \n\t\t\t\t \n\t\t\t1545602758 \n\t\t\topt1 \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\ttcp \n\t\t\tads_to_ads_tcp_3_1 \n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\t\n\t\t\t\tport_dns \n\t\t\t\tad_poc3 \n\t\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\tad_poc2 \n\t\t\t\t \n\t\t\t1545602758 \n\t\t\topt1 \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\ttcp \n\t\t\tads_to_ads_tcp_3_2 \n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\t\n\t\t\t\tport_ldap \n\t\t\t\tad_poc3 \n\t\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\tad_poc2 \n\t\t\t\t \n\t\t\t1545602758 \n\t\t\topt1 \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\ttcp \n\t\t\tads_to_ads_tcp_3_3 \n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\t\n\t\t\t\tport_ldap_ssl \n\t\t\t\tad_poc3 \n\t\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\tad_poc2 \n\t\t\t\t \n\t\t\t1545602758 \n\t\t\topt1 \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t \n\t\n\t\t\n\t\t\tport \n\t\t\tport_ssh \n\t\t\t22 \n\t\t \n\t\t\n\t\t\tport \n\t\t\tport_http \n\t\t\t80 \n\t\t \n\t\t\n\t\t\thost \n\t\t\tsrv_admin \n\t\t\t192.168.1.165 \n\t\t \n\t\t\n\t\t\tport \n\t\t\tport_dns \n\t\t\t51 \n\t\t \n\t\t\n\t\t\tport \n\t\t\tport_ldap \n\t\t\t389 \n\t\t \n\t\t\n\t\t\tport \n\t\t\tport_ldap_ssl \n\t\t\t636 \n\t\t \n\t\n\t\t\tnetwork \n\t\t\tlan_voip_poc2 \n\t\t\t172.16.2.0/24 \n\t\t\t \n\t\t\n\t\t\tnetwork \n\t\t\tlan_voip_poc3 \n\t\t\t172.16.3.0/24 \n\t\t\t \n\t\t\n\t\t\tnetwork \n\t\t\tlan_voip_poc1 \n\t\t\t172.16.1.0/24 \n\t\t\t \n\t\t\n\t\t\thost \n\t\t\tad_poc3 \n\t\t\t192.168.3.3 \n\t\t\t \n\t\t\n\t\t\thost \n\t\t\tad_poc2 \n\t\t\t192.168.2.3 \n\t\t\t \n\t\t\n\t\t\thost \n\t\t\tad_poc1 \n\t\t\t192.168.1.3 \n\t\t\t \n\t\t\n\t\t\tnetwork \n\t\t\tlan_data_poc3 \n\t\t\t192.168.3.0/24 \n\t\t\t \n\t\t\n\t\t\thost \n\t\t\tipbx_poc3 \n\t\t\t172.16.3.3 \n\t\t\t \n\t\t\n\t\t\thost \n\t\t\tipbx_poc2 \n\t\t\t172.16.2.3 \n\t\t\t \n\t\t\n\t\t\thost \n\t\t\tipbx_poc1 \n\t\t\t172.16.1.3 \n\t\t\t \n\t\t\n\t\t\thttp://www.acme-corp.com \n\t\t\turltable \n\t\t\t10 \n\t\t\thttp://www.acme-corp.com \n\t\t\tacme_corp \n\t\t\t \n\t\t \n\t\n\t\t- \n\t\t\t
1,31 \n\t\t\t0-5 \n\t\t\t* \n\t\t\t* \n\t\t\t* \n\t\t\troot \n\t\t\t/usr/bin/nice -n20 adjkerntz -a \n\t\t \n\t\t- \n\t\t\t
1 \n\t\t\t3 \n\t\t\t1 \n\t\t\t* \n\t\t\t* \n\t\t\troot \n\t\t\t/usr/bin/nice -n20 /etc/rc.update_bogons.sh \n\t\t \n\t\t- \n\t\t\t
*/60 \n\t\t\t* \n\t\t\t* \n\t\t\t* \n\t\t\t* \n\t\t\troot \n\t\t\t/usr/bin/nice -n20 /usr/local/sbin/expiretable -v -t 3600 sshguard \n\t\t \n\t\t- \n\t\t\t
*/60 \n\t\t\t* \n\t\t\t* \n\t\t\t* \n\t\t\t* \n\t\t\troot \n\t\t\t/usr/bin/nice -n20 /usr/local/sbin/expiretable -v -t 3600 webConfiguratorlockout \n\t\t \n\t\t- \n\t\t\t
1 \n\t\t\t1 \n\t\t\t* \n\t\t\t* \n\t\t\t* \n\t\t\troot \n\t\t\t/usr/bin/nice -n20 /etc/rc.dyndns.update \n\t\t \n\t\t- \n\t\t\t
*/60 \n\t\t\t* \n\t\t\t* \n\t\t\t* \n\t\t\t* \n\t\t\troot \n\t\t\t/usr/bin/nice -n20 /usr/local/sbin/expiretable -v -t 3600 virusprot \n\t\t \n\t\t- \n\t\t\t
30 \n\t\t\t12 \n\t\t\t* \n\t\t\t* \n\t\t\t* \n\t\t\troot \n\t\t\t/usr/bin/nice -n20 /etc/rc.update_urltables \n\t\t \n\t\t- \n\t\t\t
1 \n\t\t\t0 \n\t\t\t* \n\t\t\t* \n\t\t\t* \n\t\t\troot \n\t\t\t/usr/bin/nice -n20 /etc/rc.update_pkg_metadata \n\t\t \n\t\t- \n\t\t\t
0 \n\t\t\t0 \n\t\t\t* \n\t\t\t* \n\t\t\t* \n\t\t\troot \n\t\t\t/usr/local/sbin/squid -k rotate -f /usr/local/etc/squid/squid.conf \n\t\t \n\t\t- \n\t\t\t
15 \n\t\t\t0 \n\t\t\t* \n\t\t\t* \n\t\t\t* \n\t\t\troot \n\t\t\t/usr/local/pkg/swapstate_check.php \n\t\t \n\t \n\t\n\t\t \n\t\n\t\t\n\t\t\tICMP \n\t\t\ticmp \n\t\t\tICMP \n\t\t\t \n\t\t\n\t\t\tTCP \n\t\t\ttcp \n\t\t\tGeneric TCP \n\t\t\t \n\t\t\n\t\t\tHTTP \n\t\t\thttp \n\t\t\tGeneric HTTP \n\t\t\t\n\t\t\t\t/ \n\t\t\t\t200\n\t\t\t \n\t\t \n\t\t\n\t\t\tHTTPS \n\t\t\thttps \n\t\t\tGeneric HTTPS \n\t\t\t\n\t\t\t\t/ \n\t\t\t\t200\n\t\t\t \n\t\t \n\t\t\n\t\t\tSMTP \n\t\t\tsend \n\t\t\tGeneric SMTP \n\t\t\t\n\t\t\t\t220 * \n\t\t\t \n\t\t \n\t \n\t\n\t\tsystem_information:col1:open:0,interfaces:col2:open:0 \n\t\t10 \n\t \n\t\n\t\t \n\t\n\t\t1545602758 \n\t\taggregated change \n\t\t \n\t\n\t\t5c00e5f9029df \n\t\twebConfigurator default (5c00e5f9029df) \n\t\tserver \n\t\tLS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUVlakNDQTJLZ0F3SUJBZ0lCQURBTkJna3Foa2lHOXcwQkFRc0ZBREJhTVRnd05nWURWUVFLRXk5d1psTmwKYm5ObElIZGxZa052Ym1acFozVnlZWFJ2Y2lCVFpXeG1MVk5wWjI1bFpDQkRaWEowYVdacFkyRjBaVEVlTUJ3RwpBMVVFQXhNVmNHWlRaVzV6WlMwMVl6QXdaVFZtT1RBeU9XUm1NQjRYRFRFNE1URXpNREEzTWpVME5Wb1hEVEkwCk1EVXlNakEzTWpVME5Wb3dXakU0TURZR0ExVUVDaE12Y0daVFpXNXpaU0IzWldKRGIyNW1hV2QxY21GMGIzSWcKVTJWc1ppMVRhV2R1WldRZ1EyVnlkR2xtYVdOaGRHVXhIakFjQmdOVkJBTVRGWEJtVTJWdWMyVXROV013TUdVMQpaamt3TWpsa1pqQ0NBU0l3RFFZSktvWklodmNOQVFFQkJRQURnZ0VQQURDQ0FRb0NnZ0VCQU9SRHNBV1hlMitrCmtuUFpBUGxBUG1QUUl6RVBDaXBQdXJ4dmE4c0psSCtiNitKRzl4bnpreXptaVR5SFc0M0tmZzVKNzhCdG1jTmQKWlgvZHlyckZ6dlNiQnZpa21lWk9MdGVaejVaaGFOdkxsbjBxRWZibEFwbWdkUS9Nck42eURoTWNZYWN6SEduTwpTaHdFRWZoMHhuOGo5VEFCMG9vT0JyU2dINnpkTjF2YVFIZzBJeDhIa0toUzY5eDRoV3g2WUUrRE9UQk00NUcwCkNVbitUVzNTSytQaU5QaFExT2tyRHlKL21ZLzdmVXpRZkg1bk5ZcEtNZUE2cVZxdUZTa1g0a0RVRlFwOHNoNG4KMXR5QmtJM2gvTFRpTW5uNjhBMXhKOFdrVW8yUWNxNmNuR0hqL0VGbkVKWWRraTVsYUtDWG5wS0Y0c2hrZHJaVgpRN21ybithUHg5OENBd0VBQWFPQ0FVa3dnZ0ZGTUFrR0ExVWRFd1FDTUFBd0VRWUpZSVpJQVliNFFnRUJCQVFECkFnWkFNQXNHQTFVZER3UUVBd0lGb0RBekJnbGdoa2dCaHZoQ0FRMEVKaFlrVDNCbGJsTlRUQ0JIWlc1bGNtRjAKWldRZ1UyVnlkbVZ5SUVObGNuUnBabWxqWVhSbE1CMEdBMVVkRGdRV0JCU3Qra3hud054UlFGT2pXVTljekRwegp4elRYd2pDQmdnWURWUjBqQkhzd2VZQVVyZnBNWjhEY1VVQlRvMWxQWE13NmM4YzAxOEtoWHFSY01Gb3hPREEyCkJnTlZCQW9UTDNCbVUyVnVjMlVnZDJWaVEyOXVabWxuZFhKaGRHOXlJRk5sYkdZdFUybG5ibVZrSUVObGNuUnAKWm1sallYUmxNUjR3SEFZRFZRUURFeFZ3WmxObGJuTmxMVFZqTURCbE5XWTVNREk1WkdhQ0FRQXdIUVlEVlIwbApCQll3RkFZSUt3WUJCUVVIQXdFR0NDc0dBUVVGQ0FJQ01DQUdBMVVkRVFRWk1CZUNGWEJtVTJWdWMyVXROV013Ck1HVTFaamt3TWpsa1pqQU5CZ2txaGtpRzl3MEJBUXNGQUFPQ0FRRUEzZHhIRWR5SkpWeC9od0t3WGlwcXYrY04KWFpSQ3Q1NUFHbnNGeXZIcG5Rb3pxYzV1ZFdKSTFUcGF1TGNaZjF6OFM1cXQyUDd3V1BndFhnZ3BIWmgydUlqagpha2ZpV0JIQnorS3Q2Qjl5K2hmVTVPRHUwSXMrcHJyWngyM0ZNNjVCOFNiMGlmUlMvZXFTTFpHTHcvLzdhRVJ2CnVpOUhKOXRuemhRYklMb1VwUUQ5MTRLNERldXdJYXZ4dldMTElwMGsreWNoSTczV2NGR1VZVlJpanFNekhlcUcKY2RLRDVtbXZQTk1OYXdESVhuU3pldVpQMTkvVmhuc0J0Y3hiYzNMQ2RSR1VJS0ZNN2syK0xoaEZrdks1NjhlNQozalpNZjNSVWhQaTlFeEF2Vmw3blVyd1l4UU45TXhHMUJzZmNrYldNd1dUL3lFMHFnRHcrT2M4b21SSW9tZz09Ci0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K \n\t\tLS0tLS1CRUdJTiBQUklWQVRFIEtFWS0tLS0tCk1JSUV2UUlCQURBTkJna3Foa2lHOXcwQkFRRUZBQVNDQktjd2dnU2pBZ0VBQW9JQkFRRGtRN0FGbDN0dnBKSnoKMlFENVFENWowQ014RHdvcVQ3cThiMnZMQ1pSL20rdmlSdmNaODVNczVvazhoMXVOeW40T1NlL0FiWm5EWFdWLwozY3E2eGM3MG13YjRwSm5tVGk3WG1jK1dZV2pieTVaOUtoSDI1UUtab0hVUHpLemVzZzRUSEdHbk14eHB6a29jCkJCSDRkTVovSS9Vd0FkS0tEZ2Ewb0IrczNUZGIya0I0TkNNZkI1Q29VdXZjZUlWc2VtQlBnemt3VE9PUnRBbEoKL2sxdDBpdmo0alQ0VU5UcEt3OGlmNW1QKzMxTTBIeCtaeldLU2pIZ09xbGFyaFVwRitKQTFCVUtmTEllSjliYwpnWkNONGZ5MDRqSjUrdkFOY1NmRnBGS05rSEt1bkp4aDQveEJaeENXSFpJdVpXaWdsNTZTaGVMSVpIYTJWVU81CnE1L21qOGZmQWdNQkFBRUNnZ0VCQUpmblI1TmhESjd1T1J2cEZKSEtvL3BPZjZ6ZElsbW45MUFCSWczYkVUeWUKcWFwS3FaUldtT0d2aFRLSHJYQzlpWWUrd2xNZlhNMDdNUm1Yb3BzS21rQURqdThXc3VnbHJWeURHamNzR2RqegpNZkdYZHA4RUplZlFkVGFQY1pjOWpNcEEvK2VCeHUzT2Yxa0hpR0g4YkVBZDBNUWk0bFpISVVWQXJmT2V2NEZhCmlaTEJGdTEzY0pCMEJNbzJUZU9JZDQ1R0p3OXVTQWd3Q1VuZWQ5WG42SlkremI3cVRKUE1qQkdlYWY0L0E5UnMKV29nWW85ZUtYaTF3YmFRcGthdUZINWx2U29jckRsQWRiaERiam00c0lIdzJtQUwwSUk0d1YzVTJLbUhFMEg3Nwp2b1M0dUdHNW1BZFZ0elRDTnZOa09YMC9WVWdNMTJ1eHllZVZ4c3FaTkxFQ2dZRUEvcFhJR2hDNlhkVkNNNDk1CkVsR1RENW4zUXdUOTZXZkNRQ0w2cXlaK1UwUHNla0dDV2pXTWt3R2tHbWl1ZkVKdFN2VFl2d1NzcUZpaTZsdlkKNXRKSkR3dEd4ZW0weEF0SWc3RlNuUVcvdDNWcExXOE9QVmFXQ0lOSXJKSHc3L2tOZ2RpVmNBWXpiN05DUGtjVgptTEs5aSt6bXpKMmkrbE9vaFVKRlE5aVZEQWNDZ1lFQTVZaDFHYWlGMUl6UzRVdE9pZklLcjZ3bW40MEQ3ZEVmClF5SXF5d3JSTVcya1BxVkViaVBCVkM3dUxUeUlKMWdwVDhPakl3WFlrOUlRdW01ZW42TTc2aXlxYmUrY3JhdE8KbEliK3pLL2RBNzZuUjBHOGJ2eVBmMS9FbU5vL0J1ZUZldWQyaWNacWhMd25HUkxUL0FPQktkMTZ4ZGtoSjdkVwo5WWRsbmliL0gya0NnWUJqaC8rQllVVGJab0xKVWJCTjN5S1ZtT1k0aDMwVmdZRktQZUt1Z3hBa1VZdmtpRFFFClBLZEcyZjlrYThTN3crU2l4M0x0eTFBTlNRbjRnZ3djd2QzYVNkaFRpL2ttSkJzbmtXM3hBY3hnVjBEVmlIT1MKdTRWUXNyTDQ5TjJ6bERVWnJLbFA4THl2VU8vM0ZTZDJXWHNOZDRNTVFCejFyVHRYVGY5eWRQeGdoUUtCZ0FzRgptWEhvK0x3ekl2RTBsNG5pT0ljbEFobkpRTFlMdzYrS2xYbDRoSUVXSGJ2d1hhL1lRYkZVSzVXNmdXTTZSWW1TCkFHUnZKRzQ4dVJicXM5cUFrU0Qya2h5RFZBZTI0U2dhcjJPTzBsTWF0WmVqWFhRSzVxMGNJU21oMlVMd25TVkEKdGgxNWpLWGhEeE9TSnVIRUhWQ3dWUFBwTUVGaStXY0M0R3RPdmhONUFvR0FKbXdFSkR2QkZtL0t0SXlZMDhuQgpJSExkc1dSWmRXOXpNbHBsMVk2OTV1b21qS1hVMEwva3VDZ1QwRFVVVG1VK0Q3aGFZL2FQajB6MWpqR0JGcEQ0ClJ3cVA2dVJQTVhRMExLSG5IbmFQclJzanM2Q2xicVQ4ZU93dTRkeVpmYUtTS3VvbVpDZ1pkV2ZxWThVL21tbWIKT21vckhNeWJzWG0wWnJNaTZOemlzam89Ci0tLS0tRU5EIFBSSVZBVEUgS0VZLS0tLS0K \n\t \n\t\n\t\t\n\t\t\twan \n\t\t\t192.168.1.220 \n\t\t\tGW_WAN \n\t\t\t1 \n\t\t\tinet \n\t\t\tInterface wan Gateway \n\t\t \n\t\t\n\t\t\tlan \n\t\t\t192.168.1.220 \n\t\t\tGW_LAN \n\t\t\t1 \n\t\t\tinet \n\t\t\tInterface lan Gateway \n\t\t \n\t\tGW_WAN \n\t \n\t\n\t\t\n\t\t\tnmap \n\t\t\tNMap is a utility for network exploration or security auditing.&amp;amp;amp;amp;amp;amp;amp;amp;amp;amp;lt;br/&amp;amp;amp;amp;amp;amp;amp;amp;amp;amp;gt;\n\t\t\tIt supports ping scanning (determine which hosts are up), many port scanning techniques (determine what services the hosts are offering), version detection (determine what application/service is running on a port), and TCP/IP fingerprinting (remote host OS or device identification).\n\t\t\tIt also offers flexible target and port specification, decoy/stealth scanning, SunRPC scanning, and more. \n\t\t\t1.4.4_1 \n\t\t\thttps://doc.pfsense.org/index.php/Nmap_package \n\t\t\tnmap.xml \n\t\t\t/usr/local/pkg/nmap.inc \n\t\t \n\t\t\n\t\t\tiftop \n\t\t\thttps://forum.pfsense.org/ \n\t\t\tRealtime interface monitor (console/shell only). \n\t\t\thttp://www.ex-parrot.com/~pdw/iftop/ \n\t\t\t0.17_2 \n\t\t\tiftop.xml \n\t\t \n\t\t\n\t\t\tOpen-VM-Tools \n\t\t\tVMware Tools is a suite of utilities that enhances the performance of the virtual machine's guest operating system and improves management of the virtual machine. \n\t\t\thttp://open-vm-tools.sourceforge.net/ \n\t\t\t10.1.0,1 \n\t\t\thttps://doc.pfsense.org/index.php/Open_VM_Tools_package \n\t\t\topen-vm-tools.xml \n\t\t\t/usr/local/pkg/open-vm-tools.inc \n\t\t \n\t\t\n\t\t\tsquid3 \n\t\t\tsquid \n\t\t\tHigh performance web proxy cache (3.4 branch). It combines Squid as a proxy server with its capabilities of acting as a HTTP / HTTPS reverse proxy.&amp;amp;amp;amp;amp;amp;amp;amp;amp;amp;lt;br /&amp;amp;amp;amp;amp;amp;amp;amp;amp;amp;gt;\n\t\t\tIt includes an Exchange-Web-Access (OWA) Assistant, SSL filtering and antivirus integration via C-ICAP. \n\t\t\thttps://forum.pfsense.org/index.php?board=60.0 \n\t\t\thttp://www.squid-cache.org/ \n\t\t\t0.4.44_7 \n\t\t\tsquid.xml \n\t\t\tsquid_generate_rules \n\t\t\t\n\t\t\t\t\n\t\t\t\t\tGeneral \n\t\t\t\t\t/pkg_edit.php?xml=squid.xml&id=0 \n\t\t\t\t\t \n\t\t\t\t\n\t\t\t\t\tRemote Cache \n\t\t\t\t\t/pkg.php?xml=squid_upstream.xml \n\t\t\t\t \n\t\t\t\t\n\t\t\t\t\tLocal Cache \n\t\t\t\t\t/pkg_edit.php?xml=squid_cache.xml&id=0 \n\t\t\t\t \n\t\t\t\t\n\t\t\t\t\tAntivirus \n\t\t\t\t\t/pkg_edit.php?xml=squid_antivirus.xml&id=0 \n\t\t\t\t \n\t\t\t\t\n\t\t\t\t\tACLs \n\t\t\t\t\t/pkg_edit.php?xml=squid_nac.xml&id=0 \n\t\t\t\t \n\t\t\t\t\n\t\t\t\t\tTraffic Mgmt \n\t\t\t\t\t/pkg_edit.php?xml=squid_traffic.xml&id=0 \n\t\t\t\t \n\t\t\t\t\n\t\t\t\t\tAuthentication \n\t\t\t\t\t/pkg_edit.php?xml=squid_auth.xml&id=0 \n\t\t\t\t \n\t\t\t\t\n\t\t\t\t\tUsers \n\t\t\t\t\t/pkg.php?xml=squid_users.xml \n\t\t\t\t \n\t\t\t\t\n\t\t\t\t\tReal Time \n\t\t\t\t\t/squid_monitor.php \n\t\t\t\t \n\t\t\t\t\n\t\t\t\t\tSync \n\t\t\t\t\t/pkg_edit.php?xml=squid_sync.xml \n\t\t\t\t \n\t\t\t \n\t\t\t/usr/local/pkg/squid.inc \n\t\t \n\t\t\n\t\t\tNMap \n\t\t\t\n\t\t\tnmap.xml \n\t\t \n\t\t\n\t\t\tSquid Proxy Server \n\t\t\tModify the proxy server settings \n\t\t\t\n\t\t\t/pkg_edit.php?xml=squid.xml&id=0 \n\t\t \n\t\t\n\t\t\tSquid Reverse Proxy \n\t\t\tModify the reverse proxy server settings \n\t\t\t\n\t\t\t/pkg_edit.php?xml=squid_reverse_general.xml&id=0 \n\t\t \n\t\t\n\t\t\tvmware-guestd \n\t\t\tvmware-guestd.sh \n\t\t\tmwexec(\"/usr/local/etc/rc.d/vmware-guestd status\") == 0; \n\t\t\tVMware Guest Daemon \n\t\t \n\t\t\n\t\t\tvmware-kmod \n\t\t\tvmware-kmod.sh \n\t\t\tmwexec(\"/usr/local/etc/rc.d/vmware-kmod status\") == 0; \n\t\t\tVMware Kernel Modules \n\t\t \n\t\t\n\t\t\tsquid \n\t\t\tsquid.sh \n\t\t\tsquid \n\t\t\tSquid Proxy Server Service \n\t\t \n\t\t\n\t\t\tclamd \n\t\t\tclamd.sh \n\t\t\tclamd \n\t\t\tClamAV Antivirus \n\t\t \n\t\t\n\t\t\tc-icap \n\t\t\tc-icap.sh \n\t\t\tc-icap \n\t\t\tICAP Inteface for Squid and ClamAV integration \n\t\t \n\t\t\n\t\t\t\n\t\t\t\theap LFUDA \n\t\t\t\t90 \n\t\t\t\t95 \n\t\t\t\t100 \n\t\t\t\tufs \n\t\t\t\t16 \n\t\t\t\t/var/squid/cache \n\t\t\t\t0 \n\t\t\t\t4 \n\t\t\t\t64 \n\t\t\t\t256 \n\t\t\t\theap GDSF \n\t\t\t\t \n\t\t \n\t\t\n\t\t\t\n\t\t\t\tnone \n\t\t\t \n\t\t \n\t\t\n\t\t\t\n\t\t\t\ton \n\t\t\t\ton \n\t\t\t\tlan \n\t\t\t\t3128 \n\t\t\t\ton \n\t\t\t\tlan \n\t\t\t\tsplicewhitelist \n\t\t\t\tlan \n\t\t\t\tmodern \n\t\t\t\t2048 \n\t\t\t\tnone \n\t\t\t\t/var/squid/logs \n\t\t\t\tlocalhost \n\t\t\t\tadmin@localhost \n\t\t\t\ten \n\t\t\t\ton \n\t\t\t\tstrip \n\t\t\t\t \n\t\t \n\t\t\n\t\t\t\n\t\t\t\tLg== \n\t\t\t\t \n\t\t \n\t\t\n\t\t\t\n\t\t\t\t- \n\t\t\t\t\t\t\t\t
\n\t\t\t\t\t\t\t\t\t\t\t\t- \n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t
active \n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\texchange.acme.org \n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\texchange.acme.org \n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t8080 \n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<_index />\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t101 \n\t\t\t\t\t\t\t\t\t\t\t\t \n\t\t\t\t\t\t\t\t \n\t\t\t\t\t\t\t\ttest-backend \n\t\t\t\t\t\t\t\turi \n\t\t\t\t\t\t\t\tyes \n\t\t\t\t\t\t\t\tlan \n\t\t\t\t\t\t\t\tSSL \n\t\t\t\t\t\t\t\t123456 \n\t\t\t\t\t\t\t\tyes \n\t\t\t\t\t\t\t\tOPTIONS \n\t\t\t\t\t\t\t\ttest backend \n\t\t\t\t\t\t\t\tnone \n\t\t\t\t\t\t\t\tpassive \n\t\t\t\t\t\t\t\t100 \n\t\t\t\t \n\t\t\t \n\t\t \n\t \n\t\n\t \n\t\n\t\t\n\t\t\tipalias \n\t\t\tlan \n\t\t\t5c0a4b6139b05 \n\t\t\tsingle \n\t\t\t24 \n\t\t\t10.255.2.254 \n\t\t \n\t\t\n\t\t\tipalias \n\t\t\tlan \n\t\t\t5c0a4bd391375 \n\t\t\tsingle \n\t\t\t24 \n\t\t\t10.255.3.254 \n\t\t \n\t \n\t\n\t\t\n\t\t\tpfSense \n\t\t\tacme.com \n\t\t \n\t \n\t\n\t\t\n\t\t\tvmx1 \n\t\t\t100 \n\t\t\tvmx1.100 \n\t\t \n\t\t\n\t\t\tvmx1 \n\t\t\t1100 \n\t\t\tvmx1.1100 \n\t\t \n\t\t\n\t\t\tvmx2 \n\t\t\t1100 \n\t\t\tvmx2.1100 \n\t\t \n\t \n \n"
},
{
"path": "tests/unit/plugins/modules/fixtures/pfsense_haproxy_backend_server_config.xml",
"content": "\n\t18.9 \n\t\n\t\tnormal \n\t\tpfSense \n\t\tacme.com \n\t\ton \n\t\t\n\t\t\tall \n\t\t\tAll Users \n\t\t\tsystem \n\t\t\t1998 \n\t\t \n\t\t\n\t\t\tadmins \n\t\t\tSystem Administrators \n\t\t\tsystem \n\t\t\t1999 \n\t\t\t0 \n\t\t\tpage-all \n\t\t \n\t\t\n\t\t\tsystem \n\t\t\ttest \n\t\t\t \n\t\t\n\t\t\tsystem \n\t\t\tgroupe1 \n\t\t\t \n\t\t\n\t\t\tsystem \n\t\t\tgroupe2 \n\t\t\t \n\t\t\n\t\t\tadmin \n\t\t\tSystem Administrator \n\t\t\tsystem \n\t\t\tadmins \n\t\t\t$2y$10$AMCpA.Z.RNaferLp1yzFq.BvaGgfqaJKtQug7OErbocyNagsEK6xW \n\t\t\t0 \n\t\t\tuser-shell-access \n\t\t\t2 \n\t\t\tpfSense.css \n\t\t \n\t\t2000 \n\t\t2000 \n\t\t0.pfsense.pool.ntp.org \n\t\t\n\t\t\thttp \n\t\t\t5c00e5f9029df \n\t\t\t2 \n\t\t \n\t\tyes \n\t\t400000 \n\t\thadp \n\t\thadp \n\t\thadp \n\t\t\n\t\t\tmonthly \n\t\t \n\t\t\n\t\t\tenabled \n\t\t \n\t\tEtc/UTC \n\t \n\t\n\t\t\n\t\t\tvmx0 \n\t\t\twan \n\t\t\t192.168.240.137 \n\t\t\t32 \n\t\t\tSavedCfg \n\t\t\t24 \n\t\t\t \n\t\t\n\t\t\tvmx1 \n\t\t\tlan \n\t\t\t192.168.1.242 \n\t\t\t24 \n\t\t\t \n\t\t\n\t\t\tvmx2 \n\t\t\tvpn \n\t\t\t10.0.0.1 \n\t\t\t24 \n\t\t \n\t\t\n\t\t\tvmx3 \n\t\t\tvt1 \n\t\t\t \n\t\t\n\t\t\tlan_100 \n\t\t\tvmx1.1100 \n\t\t\t172.16.151.210 \n\t\t\t24 \n\t\t \n\t \n\t\n\t\t\n\t\t\t\n\t\t\t\t192.168.1.100 \n\t\t\t\t192.168.1.199 \n\t\t\t \n\t\t \n\t \n\t\n\t\t\n\t\t\t\n\t\t\t\t::1000 \n\t\t\t\t::2000 \n\t\t\t \n\t\t\tassist \n\t\t\tmedium \n\t\t \n\t \n\t\n\t\tpublic \n\t \n\t\n\t\t\n\t\t\t \n\t \n\t\n\t\t1 \n\t\t50 \n\t\tipv4 \n\t \n\t\n\t\t\n\t\t\tadvanced \n\t\t\t\n\t\t\t\t\n\t\t\t\t\tany \n\t\t\t\t \n\t\t\t\twan \n\t\t\t\t\n\t\t\t\t\t \n\t\t\t\t\n\t\t\t\t\t1544027052 \n\t\t\t\t\t \n\t\t\t\t\n\t\t\t\t\t1544027052 \n\t\t\t\t\t \n\t\t\t \n\t\t \n\t\t\n\t\t\t\n\t\t\t\t \n\t\t\t\n\t\t\t\twanip \n\t\t\t\t22022 \n\t\t\t \n\t\t\ttcp \n\t\t\t10.255.1.20 \n\t\t\t22 \n\t\t\twan \n\t\t\t\n\t\t\t\t1544085353 \n\t\t\t\t \n\t\t\t\n\t\t\t\t1544085353 \n\t\t\t\t \n\t\t \n\t \n\t\n\t\t\n\t\t\t\n\t\t\t\t\n\t\t\t\t\tfr1
\n\t\t\t\t\ttest_separator \n\t\t\t\t\tbg-info \n\t\t\t\t\tlan \n\t\t\t\t \n\t\t\t \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545574416 \n\t\t\t \n\t\t\ttcp \n\t\t\tantilock_out_1 \n\t\t\t\n\t\t\t\t1545574416 \n\t\t\t \n\t\t\t\n\t\t\t\tport_ssh \n\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\t \n\t\t\t1545574416 \n\t\t\twan \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545574416 \n\t\t\t \n\t\t\ttcp \n\t\t\tantilock_out_2 \n\t\t\t\n\t\t\t\t1545574416 \n\t\t\t \n\t\t\t\n\t\t\t\tport_http \n\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\t \n\t\t\t1545574416 \n\t\t\twan \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545574416 \n\t\t\t \n\t\t\ttcp \n\t\t\tantilock_out_3 \n\t\t\t\n\t\t\t\t1545574416 \n\t\t\t \n\t\t\t\n\t\t\t\t443 \n\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\t \n\t\t\t1545574416 \n\t\t\twan \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545574416 \n\t\t\t \n\t\t\ttcp \n\t\t\tantilock_out_1 \n\t\t\t\n\t\t\t\t1545574416 \n\t\t\t \n\t\t\t\n\t\t\t\tport_ssh \n\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\t \n\t\t\t1545574416 \n\t\t\tlan \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545574416 \n\t\t\t \n\t\t\ttcp \n\t\t\tantilock_out_2 \n\t\t\t\n\t\t\t\t1545574416 \n\t\t\t \n\t\t\t\n\t\t\t\tport_http \n\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\t \n\t\t\t1545574416 \n\t\t\tlan \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545574416 \n\t\t\t \n\t\t\ttcp \n\t\t\tantilock_out_3 \n\t\t\t\n\t\t\t\t1545574416 \n\t\t\t \n\t\t\t\n\t\t\t\t443 \n\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\t \n\t\t\t1545574416 \n\t\t\tlan \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\ticmp \n\t\t\tping_from_poc3_1 \n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\t\n\t\t\t\tsrv_admin \n\t\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\tlan_data_poc3 \n\t\t\t\t \n\t\t\t1545602758 \n\t\t\tlan \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\tudp \n\t\t\tads_to_ads_udp_1_1 \n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\t\n\t\t\t\tport_dns \n\t\t\t\tad_poc2 \n\t\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\tad_poc3 \n\t\t\t\t \n\t\t\t1545602758 \n\t\t\tlan \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\tudp \n\t\t\tads_to_ads_udp_1_2 \n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\t\n\t\t\t\tport_ldap \n\t\t\t\tad_poc2 \n\t\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\tad_poc3 \n\t\t\t\t \n\t\t\t1545602758 \n\t\t\tlan \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\tudp \n\t\t\tads_to_ads_udp_2_1 \n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\t\n\t\t\t\tport_dns \n\t\t\t\tad_poc1 \n\t\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\tad_poc3 \n\t\t\t\t \n\t\t\t1545602758 \n\t\t\tlan \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\tudp \n\t\t\tads_to_ads_udp_2_2 \n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\t\n\t\t\t\tport_ldap \n\t\t\t\tad_poc1 \n\t\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\tad_poc3 \n\t\t\t\t \n\t\t\t1545602758 \n\t\t\tlan \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\ttcp \n\t\t\tads_to_ads_tcp_1_1 \n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\t\n\t\t\t\tport_dns \n\t\t\t\tad_poc2 \n\t\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\tad_poc3 \n\t\t\t\t \n\t\t\t1545602758 \n\t\t\tlan \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\ttcp \n\t\t\tads_to_ads_tcp_1_2 \n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\t\n\t\t\t\tport_ldap \n\t\t\t\tad_poc2 \n\t\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\tad_poc3 \n\t\t\t\t \n\t\t\t1545602758 \n\t\t\tlan \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\ttcp \n\t\t\tads_to_ads_tcp_1_3 \n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\t\n\t\t\t\tport_ldap_ssl \n\t\t\t\tad_poc2 \n\t\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\tad_poc3 \n\t\t\t\t \n\t\t\t1545602758 \n\t\t\tlan \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\ttcp \n\t\t\tads_to_ads_tcp_2_1 \n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\t\n\t\t\t\tport_dns \n\t\t\t\tad_poc1 \n\t\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\tad_poc3 \n\t\t\t\t \n\t\t\t1545602758 \n\t\t\tlan \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\ttcp \n\t\t\tads_to_ads_tcp_2_2 \n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\t\n\t\t\t\tport_ldap \n\t\t\t\tad_poc1 \n\t\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\tad_poc3 \n\t\t\t\t \n\t\t\t1545602758 \n\t\t\tlan \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\ttcp \n\t\t\tads_to_ads_tcp_2_3 \n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\t\n\t\t\t\tport_ldap_ssl \n\t\t\t\tad_poc1 \n\t\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\tad_poc3 \n\t\t\t\t \n\t\t\t1545602758 \n\t\t\tlan \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545574416 \n\t\t\t \n\t\t\ttcp \n\t\t\tantilock_out_1 \n\t\t\t\n\t\t\t\t1545574416 \n\t\t\t \n\t\t\t\n\t\t\t\tport_ssh \n\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\t \n\t\t\t1545574416 \n\t\t\topt3 \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545574416 \n\t\t\t \n\t\t\ttcp \n\t\t\tantilock_out_2 \n\t\t\t\n\t\t\t\t1545574416 \n\t\t\t \n\t\t\t\n\t\t\t\tport_http \n\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\t \n\t\t\t1545574416 \n\t\t\topt3 \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545574416 \n\t\t\t \n\t\t\ttcp \n\t\t\tantilock_out_3 \n\t\t\t\n\t\t\t\t1545574416 \n\t\t\t \n\t\t\t\n\t\t\t\t443 \n\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\t \n\t\t\t1545574416 \n\t\t\topt3 \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\tudp \n\t\t\tvoid_conf_tftp_1 \n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\t\n\t\t\t\t69 \n\t\t\t\tlan_voip_poc2 \n\t\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\tipbx_poc3 \n\t\t\t\t \n\t\t\t1545602758 \n\t\t\topt3 \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\ticmp \n\t\t\tping_from_poc3_2 \n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\t\n\t\t\t\tsrv_admin \n\t\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\tlan_voip_poc3 \n\t\t\t\t \n\t\t\t1545602758 \n\t\t\topt3 \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\tudp \n\t\t\tvoid_conf_tftp_2 \n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\t\n\t\t\t\t69 \n\t\t\t\tlan_voip_poc1 \n\t\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\tipbx_poc3 \n\t\t\t\t \n\t\t\t1545602758 \n\t\t\topt3 \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545574416 \n\t\t\t \n\t\t\ttcp \n\t\t\tantilock_out_1 \n\t\t\t\n\t\t\t\t1545574416 \n\t\t\t \n\t\t\t\n\t\t\t\tport_ssh \n\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\t \n\t\t\t1545574416 \n\t\t\topt1 \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545574416 \n\t\t\t \n\t\t\ttcp \n\t\t\tantilock_out_2 \n\t\t\t\n\t\t\t\t1545574416 \n\t\t\t \n\t\t\t\n\t\t\t\tport_http \n\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\t \n\t\t\t1545574416 \n\t\t\topt1 \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545574416 \n\t\t\t \n\t\t\ttcp \n\t\t\tantilock_out_3 \n\t\t\t\n\t\t\t\t1545574416 \n\t\t\t \n\t\t\t\n\t\t\t\t443 \n\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\t \n\t\t\t1545574416 \n\t\t\topt1 \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\tudp \n\t\t\tvoid_conf_tftp_3 \n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\t\n\t\t\t\t69 \n\t\t\t\tlan_voip_poc3 \n\t\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\tipbx_poc2 \n\t\t\t\t \n\t\t\t1545602758 \n\t\t\topt1 \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\tudp \n\t\t\tads_to_ads_udp_3_1 \n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\t\n\t\t\t\tport_dns \n\t\t\t\tad_poc3 \n\t\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\tad_poc2 \n\t\t\t\t \n\t\t\t1545602758 \n\t\t\topt1 \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\tudp \n\t\t\tads_to_ads_udp_3_2 \n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\t\n\t\t\t\tport_ldap \n\t\t\t\tad_poc3 \n\t\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\tad_poc2 \n\t\t\t\t \n\t\t\t1545602758 \n\t\t\topt1 \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\tudp \n\t\t\tads_to_ads_udp_4_1 \n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\t\n\t\t\t\tport_dns \n\t\t\t\tad_poc3 \n\t\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\tad_poc1 \n\t\t\t\t \n\t\t\t1545602758 \n\t\t\topt1 \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\tudp \n\t\t\tads_to_ads_udp_4_2 \n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\t\n\t\t\t\tport_ldap \n\t\t\t\tad_poc3 \n\t\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\tad_poc1 \n\t\t\t\t \n\t\t\t1545602758 \n\t\t\topt1 \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\tudp \n\t\t\tvoid_conf_tftp_4 \n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\t\n\t\t\t\t69 \n\t\t\t\tlan_voip_poc3 \n\t\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\tipbx_poc1 \n\t\t\t\t \n\t\t\t1545602758 \n\t\t\topt1 \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\ttcp \n\t\t\tads_to_ads_tcp_4_1 \n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\t\n\t\t\t\tport_dns \n\t\t\t\tad_poc3 \n\t\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\tad_poc1 \n\t\t\t\t \n\t\t\t1545602758 \n\t\t\topt1 \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\ttcp \n\t\t\tads_to_ads_tcp_4_2 \n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\t\n\t\t\t\tport_ldap \n\t\t\t\tad_poc3 \n\t\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\tad_poc1 \n\t\t\t\t \n\t\t\t1545602758 \n\t\t\topt1 \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\ttcp \n\t\t\tads_to_ads_tcp_4_3 \n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\t\n\t\t\t\tport_ldap_ssl \n\t\t\t\tad_poc3 \n\t\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\tad_poc1 \n\t\t\t\t \n\t\t\t1545602758 \n\t\t\topt1 \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\tadmin_bypass \n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\t\n\t\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\tsrv_admin \n\t\t\t\t \n\t\t\t1545602758 \n\t\t\topt1 \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\ttcp \n\t\t\tads_to_ads_tcp_3_1 \n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\t\n\t\t\t\tport_dns \n\t\t\t\tad_poc3 \n\t\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\tad_poc2 \n\t\t\t\t \n\t\t\t1545602758 \n\t\t\topt1 \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\ttcp \n\t\t\tads_to_ads_tcp_3_2 \n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\t\n\t\t\t\tport_ldap \n\t\t\t\tad_poc3 \n\t\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\tad_poc2 \n\t\t\t\t \n\t\t\t1545602758 \n\t\t\topt1 \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\ttcp \n\t\t\tads_to_ads_tcp_3_3 \n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\t\n\t\t\t\tport_ldap_ssl \n\t\t\t\tad_poc3 \n\t\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\tad_poc2 \n\t\t\t\t \n\t\t\t1545602758 \n\t\t\topt1 \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t \n\t\n\t\t\n\t\t\tport \n\t\t\tport_ssh \n\t\t\t22 \n\t\t \n\t\t\n\t\t\tport \n\t\t\tport_http \n\t\t\t80 \n\t\t \n\t\t\n\t\t\thost \n\t\t\tsrv_admin \n\t\t\t192.168.1.165 \n\t\t \n\t\t\n\t\t\tport \n\t\t\tport_dns \n\t\t\t51 \n\t\t \n\t\t\n\t\t\tport \n\t\t\tport_ldap \n\t\t\t389 \n\t\t \n\t\t\n\t\t\tport \n\t\t\tport_ldap_ssl \n\t\t\t636 \n\t\t \n\t\n\t\t\tnetwork \n\t\t\tlan_voip_poc2 \n\t\t\t172.16.2.0/24 \n\t\t\t \n\t\t\n\t\t\tnetwork \n\t\t\tlan_voip_poc3 \n\t\t\t172.16.3.0/24 \n\t\t\t \n\t\t\n\t\t\tnetwork \n\t\t\tlan_voip_poc1 \n\t\t\t172.16.1.0/24 \n\t\t\t \n\t\t\n\t\t\thost \n\t\t\tad_poc3 \n\t\t\t192.168.3.3 \n\t\t\t \n\t\t\n\t\t\thost \n\t\t\tad_poc2 \n\t\t\t192.168.2.3 \n\t\t\t \n\t\t\n\t\t\thost \n\t\t\tad_poc1 \n\t\t\t192.168.1.3 \n\t\t\t \n\t\t\n\t\t\tnetwork \n\t\t\tlan_data_poc3 \n\t\t\t192.168.3.0/24 \n\t\t\t \n\t\t\n\t\t\thost \n\t\t\tipbx_poc3 \n\t\t\t172.16.3.3 \n\t\t\t \n\t\t\n\t\t\thost \n\t\t\tipbx_poc2 \n\t\t\t172.16.2.3 \n\t\t\t \n\t\t\n\t\t\thost \n\t\t\tipbx_poc1 \n\t\t\t172.16.1.3 \n\t\t\t \n\t\t\n\t\t\thttp://www.acme-corp.com \n\t\t\turltable \n\t\t\t10 \n\t\t\thttp://www.acme-corp.com \n\t\t\tacme_corp \n\t\t\t \n\t\t \n\t\n\t\t- \n\t\t\t
1,31 \n\t\t\t0-5 \n\t\t\t* \n\t\t\t* \n\t\t\t* \n\t\t\troot \n\t\t\t/usr/bin/nice -n20 adjkerntz -a \n\t\t \n\t\t- \n\t\t\t
1 \n\t\t\t3 \n\t\t\t1 \n\t\t\t* \n\t\t\t* \n\t\t\troot \n\t\t\t/usr/bin/nice -n20 /etc/rc.update_bogons.sh \n\t\t \n\t\t- \n\t\t\t
*/60 \n\t\t\t* \n\t\t\t* \n\t\t\t* \n\t\t\t* \n\t\t\troot \n\t\t\t/usr/bin/nice -n20 /usr/local/sbin/expiretable -v -t 3600 sshguard \n\t\t \n\t\t- \n\t\t\t
*/60 \n\t\t\t* \n\t\t\t* \n\t\t\t* \n\t\t\t* \n\t\t\troot \n\t\t\t/usr/bin/nice -n20 /usr/local/sbin/expiretable -v -t 3600 webConfiguratorlockout \n\t\t \n\t\t- \n\t\t\t
1 \n\t\t\t1 \n\t\t\t* \n\t\t\t* \n\t\t\t* \n\t\t\troot \n\t\t\t/usr/bin/nice -n20 /etc/rc.dyndns.update \n\t\t \n\t\t- \n\t\t\t
*/60 \n\t\t\t* \n\t\t\t* \n\t\t\t* \n\t\t\t* \n\t\t\troot \n\t\t\t/usr/bin/nice -n20 /usr/local/sbin/expiretable -v -t 3600 virusprot \n\t\t \n\t\t- \n\t\t\t
30 \n\t\t\t12 \n\t\t\t* \n\t\t\t* \n\t\t\t* \n\t\t\troot \n\t\t\t/usr/bin/nice -n20 /etc/rc.update_urltables \n\t\t \n\t\t- \n\t\t\t
1 \n\t\t\t0 \n\t\t\t* \n\t\t\t* \n\t\t\t* \n\t\t\troot \n\t\t\t/usr/bin/nice -n20 /etc/rc.update_pkg_metadata \n\t\t \n\t\t- \n\t\t\t
0 \n\t\t\t0 \n\t\t\t* \n\t\t\t* \n\t\t\t* \n\t\t\troot \n\t\t\t/usr/local/sbin/squid -k rotate -f /usr/local/etc/squid/squid.conf \n\t\t \n\t\t- \n\t\t\t
15 \n\t\t\t0 \n\t\t\t* \n\t\t\t* \n\t\t\t* \n\t\t\troot \n\t\t\t/usr/local/pkg/swapstate_check.php \n\t\t \n\t \n\t\n\t\t \n\t\n\t\t\n\t\t\tICMP \n\t\t\ticmp \n\t\t\tICMP \n\t\t\t \n\t\t\n\t\t\tTCP \n\t\t\ttcp \n\t\t\tGeneric TCP \n\t\t\t \n\t\t\n\t\t\tHTTP \n\t\t\thttp \n\t\t\tGeneric HTTP \n\t\t\t\n\t\t\t\t/ \n\t\t\t\t200\n\t\t\t \n\t\t \n\t\t\n\t\t\tHTTPS \n\t\t\thttps \n\t\t\tGeneric HTTPS \n\t\t\t\n\t\t\t\t/ \n\t\t\t\t200\n\t\t\t \n\t\t \n\t\t\n\t\t\tSMTP \n\t\t\tsend \n\t\t\tGeneric SMTP \n\t\t\t\n\t\t\t\t220 * \n\t\t\t \n\t\t \n\t \n\t\n\t\tsystem_information:col1:open:0,interfaces:col2:open:0 \n\t\t10 \n\t \n\t\n\t\t \n\t\n\t\t1545602758 \n\t\taggregated change \n\t\t \n\t\n\t\t5c00e5f9029df \n\t\twebConfigurator default (5c00e5f9029df) \n\t\tserver \n\t\tLS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUVlakNDQTJLZ0F3SUJBZ0lCQURBTkJna3Foa2lHOXcwQkFRc0ZBREJhTVRnd05nWURWUVFLRXk5d1psTmwKYm5ObElIZGxZa052Ym1acFozVnlZWFJ2Y2lCVFpXeG1MVk5wWjI1bFpDQkRaWEowYVdacFkyRjBaVEVlTUJ3RwpBMVVFQXhNVmNHWlRaVzV6WlMwMVl6QXdaVFZtT1RBeU9XUm1NQjRYRFRFNE1URXpNREEzTWpVME5Wb1hEVEkwCk1EVXlNakEzTWpVME5Wb3dXakU0TURZR0ExVUVDaE12Y0daVFpXNXpaU0IzWldKRGIyNW1hV2QxY21GMGIzSWcKVTJWc1ppMVRhV2R1WldRZ1EyVnlkR2xtYVdOaGRHVXhIakFjQmdOVkJBTVRGWEJtVTJWdWMyVXROV013TUdVMQpaamt3TWpsa1pqQ0NBU0l3RFFZSktvWklodmNOQVFFQkJRQURnZ0VQQURDQ0FRb0NnZ0VCQU9SRHNBV1hlMitrCmtuUFpBUGxBUG1QUUl6RVBDaXBQdXJ4dmE4c0psSCtiNitKRzl4bnpreXptaVR5SFc0M0tmZzVKNzhCdG1jTmQKWlgvZHlyckZ6dlNiQnZpa21lWk9MdGVaejVaaGFOdkxsbjBxRWZibEFwbWdkUS9Nck42eURoTWNZYWN6SEduTwpTaHdFRWZoMHhuOGo5VEFCMG9vT0JyU2dINnpkTjF2YVFIZzBJeDhIa0toUzY5eDRoV3g2WUUrRE9UQk00NUcwCkNVbitUVzNTSytQaU5QaFExT2tyRHlKL21ZLzdmVXpRZkg1bk5ZcEtNZUE2cVZxdUZTa1g0a0RVRlFwOHNoNG4KMXR5QmtJM2gvTFRpTW5uNjhBMXhKOFdrVW8yUWNxNmNuR0hqL0VGbkVKWWRraTVsYUtDWG5wS0Y0c2hrZHJaVgpRN21ybithUHg5OENBd0VBQWFPQ0FVa3dnZ0ZGTUFrR0ExVWRFd1FDTUFBd0VRWUpZSVpJQVliNFFnRUJCQVFECkFnWkFNQXNHQTFVZER3UUVBd0lGb0RBekJnbGdoa2dCaHZoQ0FRMEVKaFlrVDNCbGJsTlRUQ0JIWlc1bGNtRjAKWldRZ1UyVnlkbVZ5SUVObGNuUnBabWxqWVhSbE1CMEdBMVVkRGdRV0JCU3Qra3hud054UlFGT2pXVTljekRwegp4elRYd2pDQmdnWURWUjBqQkhzd2VZQVVyZnBNWjhEY1VVQlRvMWxQWE13NmM4YzAxOEtoWHFSY01Gb3hPREEyCkJnTlZCQW9UTDNCbVUyVnVjMlVnZDJWaVEyOXVabWxuZFhKaGRHOXlJRk5sYkdZdFUybG5ibVZrSUVObGNuUnAKWm1sallYUmxNUjR3SEFZRFZRUURFeFZ3WmxObGJuTmxMVFZqTURCbE5XWTVNREk1WkdhQ0FRQXdIUVlEVlIwbApCQll3RkFZSUt3WUJCUVVIQXdFR0NDc0dBUVVGQ0FJQ01DQUdBMVVkRVFRWk1CZUNGWEJtVTJWdWMyVXROV013Ck1HVTFaamt3TWpsa1pqQU5CZ2txaGtpRzl3MEJBUXNGQUFPQ0FRRUEzZHhIRWR5SkpWeC9od0t3WGlwcXYrY04KWFpSQ3Q1NUFHbnNGeXZIcG5Rb3pxYzV1ZFdKSTFUcGF1TGNaZjF6OFM1cXQyUDd3V1BndFhnZ3BIWmgydUlqagpha2ZpV0JIQnorS3Q2Qjl5K2hmVTVPRHUwSXMrcHJyWngyM0ZNNjVCOFNiMGlmUlMvZXFTTFpHTHcvLzdhRVJ2CnVpOUhKOXRuemhRYklMb1VwUUQ5MTRLNERldXdJYXZ4dldMTElwMGsreWNoSTczV2NGR1VZVlJpanFNekhlcUcKY2RLRDVtbXZQTk1OYXdESVhuU3pldVpQMTkvVmhuc0J0Y3hiYzNMQ2RSR1VJS0ZNN2syK0xoaEZrdks1NjhlNQozalpNZjNSVWhQaTlFeEF2Vmw3blVyd1l4UU45TXhHMUJzZmNrYldNd1dUL3lFMHFnRHcrT2M4b21SSW9tZz09Ci0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K \n\t\tLS0tLS1CRUdJTiBQUklWQVRFIEtFWS0tLS0tCk1JSUV2UUlCQURBTkJna3Foa2lHOXcwQkFRRUZBQVNDQktjd2dnU2pBZ0VBQW9JQkFRRGtRN0FGbDN0dnBKSnoKMlFENVFENWowQ014RHdvcVQ3cThiMnZMQ1pSL20rdmlSdmNaODVNczVvazhoMXVOeW40T1NlL0FiWm5EWFdWLwozY3E2eGM3MG13YjRwSm5tVGk3WG1jK1dZV2pieTVaOUtoSDI1UUtab0hVUHpLemVzZzRUSEdHbk14eHB6a29jCkJCSDRkTVovSS9Vd0FkS0tEZ2Ewb0IrczNUZGIya0I0TkNNZkI1Q29VdXZjZUlWc2VtQlBnemt3VE9PUnRBbEoKL2sxdDBpdmo0alQ0VU5UcEt3OGlmNW1QKzMxTTBIeCtaeldLU2pIZ09xbGFyaFVwRitKQTFCVUtmTEllSjliYwpnWkNONGZ5MDRqSjUrdkFOY1NmRnBGS05rSEt1bkp4aDQveEJaeENXSFpJdVpXaWdsNTZTaGVMSVpIYTJWVU81CnE1L21qOGZmQWdNQkFBRUNnZ0VCQUpmblI1TmhESjd1T1J2cEZKSEtvL3BPZjZ6ZElsbW45MUFCSWczYkVUeWUKcWFwS3FaUldtT0d2aFRLSHJYQzlpWWUrd2xNZlhNMDdNUm1Yb3BzS21rQURqdThXc3VnbHJWeURHamNzR2RqegpNZkdYZHA4RUplZlFkVGFQY1pjOWpNcEEvK2VCeHUzT2Yxa0hpR0g4YkVBZDBNUWk0bFpISVVWQXJmT2V2NEZhCmlaTEJGdTEzY0pCMEJNbzJUZU9JZDQ1R0p3OXVTQWd3Q1VuZWQ5WG42SlkremI3cVRKUE1qQkdlYWY0L0E5UnMKV29nWW85ZUtYaTF3YmFRcGthdUZINWx2U29jckRsQWRiaERiam00c0lIdzJtQUwwSUk0d1YzVTJLbUhFMEg3Nwp2b1M0dUdHNW1BZFZ0elRDTnZOa09YMC9WVWdNMTJ1eHllZVZ4c3FaTkxFQ2dZRUEvcFhJR2hDNlhkVkNNNDk1CkVsR1RENW4zUXdUOTZXZkNRQ0w2cXlaK1UwUHNla0dDV2pXTWt3R2tHbWl1ZkVKdFN2VFl2d1NzcUZpaTZsdlkKNXRKSkR3dEd4ZW0weEF0SWc3RlNuUVcvdDNWcExXOE9QVmFXQ0lOSXJKSHc3L2tOZ2RpVmNBWXpiN05DUGtjVgptTEs5aSt6bXpKMmkrbE9vaFVKRlE5aVZEQWNDZ1lFQTVZaDFHYWlGMUl6UzRVdE9pZklLcjZ3bW40MEQ3ZEVmClF5SXF5d3JSTVcya1BxVkViaVBCVkM3dUxUeUlKMWdwVDhPakl3WFlrOUlRdW01ZW42TTc2aXlxYmUrY3JhdE8KbEliK3pLL2RBNzZuUjBHOGJ2eVBmMS9FbU5vL0J1ZUZldWQyaWNacWhMd25HUkxUL0FPQktkMTZ4ZGtoSjdkVwo5WWRsbmliL0gya0NnWUJqaC8rQllVVGJab0xKVWJCTjN5S1ZtT1k0aDMwVmdZRktQZUt1Z3hBa1VZdmtpRFFFClBLZEcyZjlrYThTN3crU2l4M0x0eTFBTlNRbjRnZ3djd2QzYVNkaFRpL2ttSkJzbmtXM3hBY3hnVjBEVmlIT1MKdTRWUXNyTDQ5TjJ6bERVWnJLbFA4THl2VU8vM0ZTZDJXWHNOZDRNTVFCejFyVHRYVGY5eWRQeGdoUUtCZ0FzRgptWEhvK0x3ekl2RTBsNG5pT0ljbEFobkpRTFlMdzYrS2xYbDRoSUVXSGJ2d1hhL1lRYkZVSzVXNmdXTTZSWW1TCkFHUnZKRzQ4dVJicXM5cUFrU0Qya2h5RFZBZTI0U2dhcjJPTzBsTWF0WmVqWFhRSzVxMGNJU21oMlVMd25TVkEKdGgxNWpLWGhEeE9TSnVIRUhWQ3dWUFBwTUVGaStXY0M0R3RPdmhONUFvR0FKbXdFSkR2QkZtL0t0SXlZMDhuQgpJSExkc1dSWmRXOXpNbHBsMVk2OTV1b21qS1hVMEwva3VDZ1QwRFVVVG1VK0Q3aGFZL2FQajB6MWpqR0JGcEQ0ClJ3cVA2dVJQTVhRMExLSG5IbmFQclJzanM2Q2xicVQ4ZU93dTRkeVpmYUtTS3VvbVpDZ1pkV2ZxWThVL21tbWIKT21vckhNeWJzWG0wWnJNaTZOemlzam89Ci0tLS0tRU5EIFBSSVZBVEUgS0VZLS0tLS0K \n\t \n\t\n\t\t\n\t\t\twan \n\t\t\t192.168.1.220 \n\t\t\tGW_WAN \n\t\t\t1 \n\t\t\tinet \n\t\t\tInterface wan Gateway \n\t\t \n\t\t\n\t\t\tlan \n\t\t\t192.168.1.220 \n\t\t\tGW_LAN \n\t\t\t1 \n\t\t\tinet \n\t\t\tInterface lan Gateway \n\t\t \n\t\tGW_WAN \n\t \n\t\n\t\t\n\t\t\tnmap \n\t\t\tNMap is a utility for network exploration or security auditing.&amp;amp;amp;amp;amp;amp;amp;amp;amp;amp;lt;br/&amp;amp;amp;amp;amp;amp;amp;amp;amp;amp;gt;\n\t\t\tIt supports ping scanning (determine which hosts are up), many port scanning techniques (determine what services the hosts are offering), version detection (determine what application/service is running on a port), and TCP/IP fingerprinting (remote host OS or device identification).\n\t\t\tIt also offers flexible target and port specification, decoy/stealth scanning, SunRPC scanning, and more. \n\t\t\t1.4.4_1 \n\t\t\thttps://doc.pfsense.org/index.php/Nmap_package \n\t\t\tnmap.xml \n\t\t\t/usr/local/pkg/nmap.inc \n\t\t \n\t\t\n\t\t\tiftop \n\t\t\thttps://forum.pfsense.org/ \n\t\t\tRealtime interface monitor (console/shell only). \n\t\t\thttp://www.ex-parrot.com/~pdw/iftop/ \n\t\t\t0.17_2 \n\t\t\tiftop.xml \n\t\t \n\t\t\n\t\t\tOpen-VM-Tools \n\t\t\tVMware Tools is a suite of utilities that enhances the performance of the virtual machine's guest operating system and improves management of the virtual machine. \n\t\t\thttp://open-vm-tools.sourceforge.net/ \n\t\t\t10.1.0,1 \n\t\t\thttps://doc.pfsense.org/index.php/Open_VM_Tools_package \n\t\t\topen-vm-tools.xml \n\t\t\t/usr/local/pkg/open-vm-tools.inc \n\t\t \n\t\t\n\t\t\tsquid3 \n\t\t\tsquid \n\t\t\tHigh performance web proxy cache (3.4 branch). It combines Squid as a proxy server with its capabilities of acting as a HTTP / HTTPS reverse proxy.&amp;amp;amp;amp;amp;amp;amp;amp;amp;amp;lt;br /&amp;amp;amp;amp;amp;amp;amp;amp;amp;amp;gt;\n\t\t\tIt includes an Exchange-Web-Access (OWA) Assistant, SSL filtering and antivirus integration via C-ICAP. \n\t\t\thttps://forum.pfsense.org/index.php?board=60.0 \n\t\t\thttp://www.squid-cache.org/ \n\t\t\t0.4.44_7 \n\t\t\tsquid.xml \n\t\t\tsquid_generate_rules \n\t\t\t\n\t\t\t\t\n\t\t\t\t\tGeneral \n\t\t\t\t\t/pkg_edit.php?xml=squid.xml&id=0 \n\t\t\t\t\t \n\t\t\t\t\n\t\t\t\t\tRemote Cache \n\t\t\t\t\t/pkg.php?xml=squid_upstream.xml \n\t\t\t\t \n\t\t\t\t\n\t\t\t\t\tLocal Cache \n\t\t\t\t\t/pkg_edit.php?xml=squid_cache.xml&id=0 \n\t\t\t\t \n\t\t\t\t\n\t\t\t\t\tAntivirus \n\t\t\t\t\t/pkg_edit.php?xml=squid_antivirus.xml&id=0 \n\t\t\t\t \n\t\t\t\t\n\t\t\t\t\tACLs \n\t\t\t\t\t/pkg_edit.php?xml=squid_nac.xml&id=0 \n\t\t\t\t \n\t\t\t\t\n\t\t\t\t\tTraffic Mgmt \n\t\t\t\t\t/pkg_edit.php?xml=squid_traffic.xml&id=0 \n\t\t\t\t \n\t\t\t\t\n\t\t\t\t\tAuthentication \n\t\t\t\t\t/pkg_edit.php?xml=squid_auth.xml&id=0 \n\t\t\t\t \n\t\t\t\t\n\t\t\t\t\tUsers \n\t\t\t\t\t/pkg.php?xml=squid_users.xml \n\t\t\t\t \n\t\t\t\t\n\t\t\t\t\tReal Time \n\t\t\t\t\t/squid_monitor.php \n\t\t\t\t \n\t\t\t\t\n\t\t\t\t\tSync \n\t\t\t\t\t/pkg_edit.php?xml=squid_sync.xml \n\t\t\t\t \n\t\t\t \n\t\t\t/usr/local/pkg/squid.inc \n\t\t \n\t\t\n\t\t\tNMap \n\t\t\t\n\t\t\tnmap.xml \n\t\t \n\t\t\n\t\t\tSquid Proxy Server \n\t\t\tModify the proxy server settings \n\t\t\t\n\t\t\t/pkg_edit.php?xml=squid.xml&id=0 \n\t\t \n\t\t\n\t\t\tSquid Reverse Proxy \n\t\t\tModify the reverse proxy server settings \n\t\t\t\n\t\t\t/pkg_edit.php?xml=squid_reverse_general.xml&id=0 \n\t\t \n\t\t\n\t\t\tvmware-guestd \n\t\t\tvmware-guestd.sh \n\t\t\tmwexec(\"/usr/local/etc/rc.d/vmware-guestd status\") == 0; \n\t\t\tVMware Guest Daemon \n\t\t \n\t\t\n\t\t\tvmware-kmod \n\t\t\tvmware-kmod.sh \n\t\t\tmwexec(\"/usr/local/etc/rc.d/vmware-kmod status\") == 0; \n\t\t\tVMware Kernel Modules \n\t\t \n\t\t\n\t\t\tsquid \n\t\t\tsquid.sh \n\t\t\tsquid \n\t\t\tSquid Proxy Server Service \n\t\t \n\t\t\n\t\t\tclamd \n\t\t\tclamd.sh \n\t\t\tclamd \n\t\t\tClamAV Antivirus \n\t\t \n\t\t\n\t\t\tc-icap \n\t\t\tc-icap.sh \n\t\t\tc-icap \n\t\t\tICAP Inteface for Squid and ClamAV integration \n\t\t \n\t\t\n\t\t\t\n\t\t\t\theap LFUDA \n\t\t\t\t90 \n\t\t\t\t95 \n\t\t\t\t100 \n\t\t\t\tufs \n\t\t\t\t16 \n\t\t\t\t/var/squid/cache \n\t\t\t\t0 \n\t\t\t\t4 \n\t\t\t\t64 \n\t\t\t\t256 \n\t\t\t\theap GDSF \n\t\t\t\t \n\t\t \n\t\t\n\t\t\t\n\t\t\t\tnone \n\t\t\t \n\t\t \n\t\t\n\t\t\t\n\t\t\t\ton \n\t\t\t\ton \n\t\t\t\tlan \n\t\t\t\t3128 \n\t\t\t\ton \n\t\t\t\tlan \n\t\t\t\tsplicewhitelist \n\t\t\t\tlan \n\t\t\t\tmodern \n\t\t\t\t2048 \n\t\t\t\tnone \n\t\t\t\t/var/squid/logs \n\t\t\t\tlocalhost \n\t\t\t\tadmin@localhost \n\t\t\t\ten \n\t\t\t\ton \n\t\t\t\tstrip \n\t\t\t\t \n\t\t \n\t\t\n\t\t\t\n\t\t\t\tLg== \n\t\t\t\t \n\t\t \n\t\t\n\t\t\t\n\t\t\t\t\t\t\t- \n\t\t\t\t\t\t\t\t\t\t\t
test-frontend \n\t\t\t\t\t\t\t\t\t\t\tactive \n\t\t\t\t\t\t\t\t\t\t\thttp \n\t\t\t\t\t\t\t\t\t\t\thttp-keep-alive \n\t\t\t\t\t\t\t\t\t\t\t5b6b8cfb32997 \n\t\t\t\t\t\t\t\t\t\t\tyes \n\t\t\t\t\t\t\t\t\t\t\t\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t- \n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t
wan_ipv4 \n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t80 \n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<_index>\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t \n\t\t\t\t\t\t\t\t\t\t\t \n\t\t\t\t\t\t\t\t\t\t\t \n\t\t\t \n\t\t\t\n\t\t\t\t- \n\t\t\t\t\t\t\t\t
\n\t\t\t\t\t\t\t\t\t- \n\t\t\t\t\t\t\t\t\t\t\t\t\t
active \n\t\t\t\t\t\t\t\t\t\t\t\t\texchange.acme.org \n\t\t\t\t\t\t\t\t\t\t\t\t\texchange.acme.org \n\t\t\t\t\t\t\t\t\t\t\t\t\t443 \n\t\t\t\t\t\t\t\t\t\t\t\t\t<_index />\n\t\t\t\t\t\t\t\t\t\t\t\t\t101 \n\t\t\t\t\t\t\t\t\t \n\t\t\t\t\t\t\t\t\t- \n\t\t\t\t\t\t\t\t\t\t\t\t\t
active \n\t\t\t\t\t\t\t\t\t\t\t\t\texchange2.acme.org \n\t\t\t\t\t\t\t\t\t\t\t\t\texchange2.acme.org \n\t\t\t\t\t\t\t\t\t\t\t\t\t443 \n\t\t\t\t\t\t\t\t\t\t\t\t\t<_index />\n\t\t\t\t\t\t\t\t\t\t\t\t\t102 \n\t\t\t\t\t\t\t\t\t\t\t\t\t5d85d3071588f \n\t\t\t\t\t\t\t\t\t\t\t\t\t5df5edf6cae0f \n\t\t\t\t\t\t\t\t\t\t\t\t\t5df5ec78b3048 \n\t\t\t\t\t\t\t\t\t \n\t\t\t\t\t\t\t\t \n\t\t\t\t\t\t\t\ttest-backend \n\t\t\t\t\t\t\t\turi \n\t\t\t\t\t\t\t\tyes \n\t\t\t\t\t\t\t\tlan \n\t\t\t\t\t\t\t\tSSL \n\t\t\t\t\t\t\t\t123456 \n\t\t\t\t\t\t\t\tyes \n\t\t\t\t\t\t\t\tOPTIONS \n\t\t\t\t\t\t\t\ttest backend \n\t\t\t\t\t\t\t\tnone \n\t\t\t\t\t\t\t\tpassive \n\t\t\t\t\t\t\t\t100 \n\t\t\t\t \n\t\t\t \n\t\t \n\t \n\t\n\t \n\t\n\t\t\n\t\t\tipalias \n\t\t\tlan \n\t\t\t5c0a4b6139b05 \n\t\t\tsingle \n\t\t\t24 \n\t\t\t10.255.2.254 \n\t\t \n\t\t\n\t\t\tipalias \n\t\t\tlan \n\t\t\t5c0a4bd391375 \n\t\t\tsingle \n\t\t\t24 \n\t\t\t10.255.3.254 \n\t\t \n\t \n\t\n\t\t\n\t\t\tpfSense \n\t\t\tacme.com \n\t\t \n\t \n\t\n\t\t\n\t\t\tvmx1 \n\t\t\t100 \n\t\t\tvmx1.100 \n\t\t \n\t\t\n\t\t\tvmx1 \n\t\t\t1100 \n\t\t\tvmx1.1100 \n\t\t \n\t\t\n\t\t\tvmx2 \n\t\t\t1100 \n\t\t\tvmx2.1100 \n\t\t \n\t \n\t\n\t\t\t\t\t5d85d3071588f \n\t\t\t\t\tLS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURJekNDQWd1Z0F3SUJBZ0lCQURBTkJna3Foa2lHOXcwQkFRc0ZBREFXTVJRd0VnWURWUVFERXd0cGJuUmwKY201aGJDMWpZVEFlRncweE9UQTVNakV3TnpNMk16bGFGdzB5T1RBNU1UZ3dOek0yTXpsYU1CWXhGREFTQmdOVgpCQU1U\nQzJsdWRHVnlibUZzTFdOaE1JSUJJakFOQmdrcWhraUc5dzBCQVFFRkFBT0NBUThBTUlJQkNnS0NBUUVBCjdySzNPNzlUdkFQbFJZVVZyY3o1eGE2dlo5REZzSTROMTRIL0ltaUZRbDZ6OVNRTVZlL0Jra1BaMTRCbG9iQ2oKQUNmYklFd0g5d05ydGQ5ZUJhdGFDS0puVm9WMTR5YzJwTkpMM1lod0hUSlgwMmVhRi8ye\nnU2STN4WGRUZkJoMgo2NU5GdGRrMDNEdmhBbUdUWExrNHJCNm82V1Z0ZkFGSzNrMTlqVWk4K0hSVUV6MHJnSTFNNlZjeUJ2V2lrblJUCjl5TTRmbWppUzd1amljSGtHUnhpKzV6MndFY21zV3pzamV2Rks3cHVpcmRGU0FtQWVPNHNVQ084dmpHQ3I4OUwKVzUrWjNuMklxT3ZQZkxzRC9FTm5tWVdyUGU3b3Z3WUl4U2\n91MFdKWGMvb044VGVUMnBxa3pLMnhHcEpCdjdyQgpVUHJLWWl4VmtnZi96YkNqN2dhUlV3SURBUUFCbzN3d2VqQWRCZ05WSFE0RUZnUVUvYlVDTmNhSFNyVUVwWXpHCkNvTDJrNHJBNUE4d1BnWURWUjBqQkRjd05ZQVUvYlVDTmNhSFNyVUVwWXpHQ29MMms0ckE1QStoR3FRWU1CWXgKRkRBU0JnTlZCQU1UQzJsdWR\nHVnlibUZzTFdOaGdnRUFNQXdHQTFVZEV3UUZNQU1CQWY4d0N3WURWUjBQQkFRRApBZ0VHTUEwR0NTcUdTSWIzRFFFQkN3VUFBNElCQVFDaWZOMlBTN3FJZHFZd3BKL2J2eEsyNkVYZk9RaEFjRlUxCjN1YS9qRUpySVRmYUtETWhPK0ZYNGZudWpzcXFrY21sV3ZhNnJvdkhtdmh0TEpteHNZTWZZdkNsNVF4Rzg1S1kK\nV0IwRWp6aUwxKzVRTFhSY0tiVFhJSkYzQ2lDcklBeW5ybUh3RWI3TEJ6clNCZFdNODQ2eVhrLytxUzZ0WEdvTApGYVd5MUw1MlNXTVlKaE5uVWVraFVGTld5TUdwdVJNWkJLVU5MZkFmbGJBdEpwUFVnZXpIaWI2WnRiekdoR1o0CldiUStVTWZsNWFuQ08wRHp3OUVGMEpGbkhyWTRnOHVrMFJnZmJqY3Q1akx3c2RFO\nElFbHRjbmtuR1Ayc0M0L2UKRUlubW9ocytUSzJKbWdoTmZVbHZNdGJIZ3ZuNjY0ZlJoTWs3R0g1SWM4QUZvRXQ2TGtrTAotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg== \n\t\t\t\t\tLS0tLS1CRUdJTiBQUklWQVRFIEtFWS0tLS0tCk1JSUV2d0lCQURBTkJna3Foa2lHOXcwQkFRRUZBQVNDQktrd2dnU2xBZ0VBQW9JQkFRRHVzcmM3djFPOEErVkYKaFJXdHpQbkZycTluME1Xd2pnM1hnZjhpYUlWQ1hyUDFKQXhWNzhHU1E5blhnR1doc0tNQUo5c2dUQWYzQTJ1MQozMTRG\ncTFvSW9tZFdoWFhqSnphazBrdmRpSEFkTWxmVFo1b1gvYk83b2pmRmQxTjhHSGJyazBXMTJUVGNPK0VDCllaTmN1VGlzSHFqcFpXMThBVXJlVFgyTlNMejRkRlFUUFN1QWpVenBWeklHOWFLU2RGUDNJemgrYU9KTHU2T0oKd2VRWkhHTDduUGJBUnlheGJPeU42OFVydW02S3QwVklDWUI0N2l4UUk3eStNWUt2ejB0Y\nm41bmVmWWlvNjg5OAp1d1A4UTJlWmhhczk3dWkvQmdqRktpN1JZbGR6K2czeE41UGFtcVRNcmJFYWtrRy91c0ZRK3NwaUxGV1NCLy9OCnNLUHVCcEZUQWdNQkFBRUNnZ0VBSWFzYnBWWExYYzIrM1J0MGYxdFdMOGYvL2NpNDJicHZ3V0lZdHFXL2hpa04KZ1JwZ2t3NktZek1tMnZyRld4VXJLSzUyZmd1N1krQWJwVC\ntvWjJ4UCtyL05pNnF2Z2liWjBrM0hYYXdOQkZGQgppaFFtN0JOZzhxcGk2M3QxVHgrMFJtNHpldjcwTWN4UVpLR1d3NUZzcVBwNklOR3BxOEFTNjJCS3dVN3RPSzRLCkhMdzNoK0NndGtxM01LQUdYTlNFZEJTQVZlNWE1SDZMZ3VYaEw3ZFhDSFE3ZFIwWkpGYmdzZjNVNmxjLy9FWmQKZVp6MzZ0emVlSnBMcmx3blN\n1TjN1QVpKK2dYOWVXOWlaWHNDN0szNEwwVFF6QktNZmxpYXVkU0Z0dGtIb1ZhTwpXN1ZOdlR6VndBRFdEUmVmQyt4QnBWOFRKNmIzbGNjeUpxN0czTDN1QVFLQmdRRDlBYXJNYWdKYVNsYTdJMG5PCitWcFNTdTF6enZ3TUtGWFFzcjU4WU9WQjlHN2dXbzlnSytwVEpPd0RYWmt4eUdPeTRJaU5MQUxCL1JKYVh2YzEK\nQ1YwY2pHZG1aOURnK3gxSUVvNFJhcC9hR1hOQU1lOXRsY3VhMSt4VDl6OFQ2WWNvQnNuc0ZhRTE4RUVhcG9pdgpSdVNXS2lhK2ZVL1oybHVlWW1SajUwdG1rd0tCZ1FEeGhiV3pmdU5VV3F0MWxBdkpEUUMyNGlGOEs5eDVjNnRqCnpjZk9YUWlIRHA5Tk1ZY1ZQZzlkZFFEbEl6TTZxdU5QRGRIRi81UEJkcHIxV2dha\nStSNUJHZS9QVUpHajBWZHoKYzQxcnc4dUV0djBKYmcwemsyNCtBVE90SHFHV3h4ZTlNdUpmSkVlcS9RZnlrSFhMaUpYOGxNNjI5eFNPYXZDNgorOVU4UmZZaVFRS0JnUUNNQmxNd0JPKytadXd2Y0MxV1JuenRsSmhzZ3I3T1A3aVc0NFkzTWkxUDNtZEs5ZlBxCkJ3UU45aDVGRXBWSmp4MVdqNXdqZlpzZEgrSDdjQm\n1qR2NhVm1VTlUwdG93MmVudnpJMGlLSC9GNWxYNXpta3oKbmpic1FOcUQ4Zy9RQm13T0JBdlhCSFdQYzZPa2kweVVyVWl2cnk1NE9NUnJ6c1RzR0lwMUhEcUh6d0tCZ1FEYwpjamk0enZaYnhpNTlzVlZZZXYvTjdYUzJ5Nm4vU082RXVBekpkTzBWcU9rS0lreXp2T04xWUJnakRRL3pXb3NECld3Ky9jMW0vMmF2eWl\nldEkwYTBscXJEU1B5M1Bvb0g1cE56T0lmWWUrbzdYRHBZS0gyVWVQeWFWdTBHdVI2YUoKVUdxQ2dMRFJod2E4QmRNZXBWcVJJcG5UTW82V3QxRm11Zm1WZkIzK2dRS0JnUUNxVkF1MGV0T2lwZDdUeUcwTgo4TE5oZnBUblppeEZ1eUhPRWZzUE5wTlVQOVNWY2RudGNQUG1uZysycG1YQUp1N09GOHNTK09zL3NXK0xY\ndk9oCnptSlp6OG9venBRUElwaTRxbksvYVMxUXFHSUp0dzg2KzBja0xKNVJaUlA0MjVoYXFvb29GQWgxMjBUUXNaSVUKOUdxQlZ0QXV5MTNsOW9vbHMxK2NJR1pmSXc9PQotLS0tLUVORCBQUklWQVRFIEtFWS0tLS0tCg== \n\t\t\t\t\t2 \n\t \n\t\n\t\t\t\t\t5df5ec5668d9f \n\t\t\t\t\tLS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURJekNDQWd1Z0F3SUJBZ0lCQURBTkJna3Foa2lHOXcwQkFRc0ZBREFXTVJRd0VnWURWUVFERXd0cGJuUmwKY201aGJDMWpZVEFlRncweE9URXlNVFV3T0RFNE16QmFGdzB5T1RFeU1USXdPREU0TXpCYU1CWXhGREFTQmdOVgpCQU1U\nQzJsdWRHVnlibUZzTFdOaE1JSUJJakFOQmdrcWhraUc5dzBCQVFFRkFBT0NBUThBTUlJQkNnS0NBUUVBCm5Pd0pNak5ZajJLNTc0dE00WDdQWDlVRDVPTE55RlNwNCtPTVhEMUpHMFg4WWlkbFFFQW5FOUxVTE5JQUE2bVYKaHl3Z3prVGVvbDFvcnkwTkNMWHkxU1J0eEUvL2taaDNGMGx1cnUxNWJ6bVMxZ2I1b2x1b\n3V4Tno0WTF0YmZleQpMVHVML0dpUHNJV2plYnBjUFdMUWpsZS93aC9Tc3JnYzFPeVNybDYwVnBZRHNaK25RTmM0Yy9qWnJvYXU3cEtSCjB0U1hQUzZXemhwb0x5aEtRQkFGZ0QwOUhQcDQ2VUg4bVVpYXdQcXpiMDhGQzd3elFIOVczck0xb1E2UXp3bGkKVUJRWjkrYnVvdUllL3dtN0VOWG5ibVFDSlk3VXV2aWttcn\ndJRE5lakwrV2UxaVJnR1V3bG5JVHptOUlJYXBTVAp5bTZXYXo4WlBHdFo0SndoNjFsOVR3SURBUUFCbzN3d2VqQWRCZ05WSFE0RUZnUVVZSDRuNGNyOUtwU1U0aXNmCjliTG82Yk9HWTJFd1BnWURWUjBqQkRjd05ZQVVZSDRuNGNyOUtwU1U0aXNmOWJMbzZiT0dZMkdoR3FRWU1CWXgKRkRBU0JnTlZCQU1UQzJsdWR\nHVnlibUZzTFdOaGdnRUFNQXdHQTFVZEV3UUZNQU1CQWY4d0N3WURWUjBQQkFRRApBZ0VHTUEwR0NTcUdTSWIzRFFFQkN3VUFBNElCQVFCS1AvTVQ1OUdTVmVKbnpBcEhPNW1aaUJlazJwT3pSd0cvCkZ3VVBjYWd2Vyt4UVlPcEp2eHFQTFZvOU91RjBOZTRFOG9aZU5HbDB0U2k2VWtpV2FqRVMyUnB2NllCSnFSVlAK\ndmdPdHdVeUptSkV5UVZ1SUNDNEkvK0k1NUR4d0ZTZW05bDZJRjg4aEVaaXBQVEZvbUlCNGRwb1JHL2NOLzEydAp0UXpSem9lc05CQTJaeEZFcTBCU0JMazhsenBrN1RmOFFFVWJ1Yk5xcWUybmUxZ2oyeFlsRXlERVYzUHhTMVcxCnFhUjl2Y0h0d0pXSGoyblhpQlRnTjQ4aW5sVU1uQW5EWnozZm84RTNuRGk1SHFCW\nFhOQWV4cDZobkxNRDBHYWcKVmtrS0J0U3BKUG9wSmlreWRGOXViYlo2NGF0QUd5WEd4MHRkdHZkY3dFSjJVcWdoYi9wKwotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg== \n\t\t\t\t\tLS0tLS1CRUdJTiBQUklWQVRFIEtFWS0tLS0tCk1JSUV2UUlCQURBTkJna3Foa2lHOXcwQkFRRUZBQVNDQktjd2dnU2pBZ0VBQW9JQkFRQ2M3QWt5TTFpUFlybnYKaTB6aGZzOWYxUVBrNHMzSVZLbmo0NHhjUFVrYlJmeGlKMlZBUUNjVDB0UXMwZ0FEcVpXSExDRE9STjZpWFdpdgpMUTBJ\ndGZMVkpHM0VULytSbUhjWFNXNnU3WGx2T1pMV0J2bWlXNmk3RTNQaGpXMXQ5N0l0TzR2OGFJK3doYU41CnVsdzlZdENPVjcvQ0g5S3l1QnpVN0pLdVhyUldsZ094bjZkQTF6aHorTm11aHE3dWtwSFMxSmM5THBiT0dtZ3YKS0VwQUVBV0FQVDBjK25qcFFmeVpTSnJBK3JOdlR3VUx2RE5BZjFiZXN6V2hEcERQQ1dKU\nUZCbjM1dTZpNGg3LwpDYnNRMWVkdVpBSWxqdFM2K0tTYXZBZ00xNk12NVo3V0pHQVpUQ1djaFBPYjBnaHFsSlBLYnBaclB4azhhMW5nCm5DSHJXWDFQQWdNQkFBRUNnZ0VBU2JIb0Y3VlpiKzFUbVJYNGd5WUV5ZUxHTTJYNGNvNmdRckFJcVFEM0ptSFYKeDFydENDR1l1SXlZckh2ckdjMDR0Z1NaVzRXb2NPUWhWN0\n4yblpLbGVrZmpiUUNNNjVtSXhGenVLQ1RLbE51YgpBL3krbStzajhNZVA4bXR5NnVRYXYzZHBwSjZPYkw0MktlTEZrdWFuUDFJaWNrNXpxdzhnS3piM0pBREIvSzgyCnh0VFpxa0R6RTk5ZStSV3hEclNGYnFmOHlxbkZTenE3ZTZzMXJKc3JjbllISHU2TCtqRnptWDVLcUh5UEVzZUgKTmY1VVdQdXZkU0RJN1VsOVB\nadUdIeVlOZkxuTHJsWW9jb3lZMzJZajQySThEVFhlMWs4ZjNGalV2anZDSnVhNgp1cWtxM2p3WnA2a1pCdUlKeE0xZmlHbDdkNHVvQzVuVWhwOE13R0x4QVFLQmdRREk0Wm5LMGxKTU13UlVVTVBmCmMrclFpdk42SVM1YTl3TytGanluQytKMjhkRXUvRUZORmhncEpQRUVyalZobGM4WnJYNk1HdGVpQ0o5RjhlQzAK\nT1RBaUFHQ0FRaDdFUnY0Wm01bEdNdFRab2NwWTB6SXIzLzFwWEZ0aTZ6T21pdTgyZ0tXb0tyVC9mTXcwejJXbwpYN0p6QWZqcENOdkNUU0sxdWJEQ2M1anN3UUtCZ1FESCtxRC9Vc1E1d0NVRnVGbmZ3d0ZxKytDdmo0KzJsVnpHCnNLVVh4TU85VWpUeU1ISkg0ZVB0SmVobEY3Zk1oZ1RhRWttK2NUSU81SXhzekNlQ\nXFwcGppZ283U0NsWVl6cHIKQmlQYkg4bkRwS2h3THltU2cwT1RwZGZUM2gwbnFGMk1tcGxGcytCbEZ5R3hBaEF0V1E4OWRzbnJVMUxrQmtaVAo3dHkwc2VVZUR3S0JnUUNaTU1JUmxCYkNtVjFCMTEyb09FUG55UzhvQWNuU0FQSFBzakdLeWx0bmpiMlNjVGh6ClN0Z2QrRmY4MDhWTnArc0pqKzhqZFF6Z09tY0w5Z3\nNBSldSNWFZUXVDejVmUEN4bTV1d2FSb1ZmZWl4UFZLKzgKR2RLczJJdXdnZUVmcm5BQ1JsVU9TNU5BQ3JISHpDbWdIMnA4bmhKdDFCMlNyVFE5RldDZ3lYcmpnUUtCZ0FjMwpieW5ubGJjenpPSTQ5ZDFTVHpIS0p5Q093TFBwRGZFSm5OdVB1VFNTeStCVmlUbzQxNTNPT1dXMGhtaDJDYVRJCjlpcE9NVzFDS0NNZzl\n1ZjR3QnVKZHJjTzhwY0M5YSs1Q0FBM1ZIT2Y5SWdmMjVNeTgzUlhqc05SaDZIUHZKaC8KVjdxaE5CN1J4K0I0WDVjVFdLNXlJL1UvQzRXNUNENnRKdi9LVDZkWEFvR0FVQjBJZlp4M24wLzRmMTE3U1puawpXMmp3REVUWVU1MUVTU3hlVTVBRW9DVGJOOWkyL0lEenM1RUNzaVVQMDZ3aGxaNU1wQkZndHVNOXJaYytH\nTjRqCjlzbkMwTjVuT2c0TlNhUXNiNzVNVm5FOVoxVDYrWHIwd1dxcUw0WXZzZ01GMzhJdmJORGFqbU9jMVlIL3ZLbTEKYjdab3dMbmhDV1FPQXBoWkV0enhpME09Ci0tLS0tRU5EIFBSSVZBVEUgS0VZLS0tLS0K \n\t\t\t\t\t2 \n\t \n\t\n\t\t\t\t\t5df5edf6cae0f \n\t\t\t\t\t5d85d3071588f \n\t\t\t\t\tinternal \n\t\t\t\t\t9999 \n\t\t\t\t\t3650 \n\t \n\t\n\t\t\t\t\t5df5ee048c106 \n\t\t\t\t\t5df5ec5668d9f \n\t\t\t\t\tinternal \n\t\t\t\t\t9999 \n\t\t\t\t\t3650 \n\t \n\t\n\t\t\t\t\t5df5ec78b3048 \n\t\t\t\t\tuser \n\t\t\t\t\t5d85d3071588f \n\t\t\t\t\tLS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURmakNDQW1hZ0F3SUJBZ0lCQVRBTkJna3Foa2lHOXcwQkFRc0ZBREFXTVJRd0VnWURWUVFERXd0cGJuUmwKY201aGJDMWpZVEFlRncweE9URXlNVFV3T0RFNU1EUmFGdzB5T1RFeU1USXdPREU1TURSYU1CUXhFakFRQmdOVgpCQU1V\nQ1hSbGMzUmZZMlZ5ZERDQ0FTSXdEUVlKS29aSWh2Y05BUUVCQlFBRGdnRVBBRENDQVFvQ2dnRUJBUGtRCkVuT09zRXlqVGNaSHg1enVWUzMwUFlnU0JSZW5MUHFNV1NpWWhtYU9aeTcxM2h1QVFWRVlZOXNnSk9NeFBuL2kKeVR1a3l4VHNLNFBSOW9qUXpvVllVb2RkMU1Rajh2NENTbTlVc1VpNkJEWDl3cFcwdnp1T\nHZFcUVMTzIzVDBrTQptMzRITlU5RXFVQXNXaW54VTY5TFlYZlJkYStrclhKcGNhbUQvMDNYTE54TlBQQXg5dHJhSURxSGwvY3pmcjlGCit0aWt2dDFDMENLMHZoUkh1cnJGZE91aEIyTHBBVVEvTnU1bjJoS3hvN1htekRjMjk0bmpCSDBSSUhscXdSY3EKblBqMlEvb2NWbG1vakhnMzdJcmx2R0F0RjdVaUJxdFF5aE\nVvR1RmRUhHemJzM1ZtZ0piN3AyQzNBOW9reDBRWQozN2toV3pjUDI4dFRsTUdLNHo4Q0F3RUFBYU9CMkRDQjFUQUpCZ05WSFJNRUFqQUFNQXNHQTFVZER3UUVBd0lGCjREQXhCZ2xnaGtnQmh2aENBUTBFSkJZaVQzQmxibE5UVENCSFpXNWxjbUYwWldRZ1ZYTmxjaUJEWlhKMGFXWnAKWTJGMFpUQWRCZ05WSFE0RUZ\nnUVVoYTVnQXFTZW5sY2VqMDlleFZzaDVHYVduRjh3UGdZRFZSMGpCRGN3TllBVQovYlVDTmNhSFNyVUVwWXpHQ29MMms0ckE1QStoR3FRWU1CWXhGREFTQmdOVkJBTVRDMmx1ZEdWeWJtRnNMV05oCmdnRUFNQk1HQTFVZEpRUU1NQW9HQ0NzR0FRVUZCd01DTUJRR0ExVWRFUVFOTUF1Q0NYUmxjM1JmWTJWeWREQU4K\nQmdrcWhraUc5dzBCQVFzRkFBT0NBUUVBVVFrU2lKNWlnUExVbDBiaW4vVGRoY2k3clloK2lqWURTN1Jra3FhZgpmTEtDTXpJMmw5UFZkZFlGQXAxYW93eVFleEUrRjNLMUdjOWpKRmRFTjRIWG9ZUGQwWk53VVJ4c0tGd0dvcTUrCllFdy85RUk2dEt3aEUwdHZqbFA1WmZtMVVXY2E5emdGQlYzMHdCcFZSRlVLRG1je\nVBwKzA1cnhzK1ZscnRJa0IKWjVDYzZBT3BvZFh6RzNXTzJkdHRJT0xhT09hdkpIRUpGU0hvTmhOY3RzT3oySEx2eGRzRU9STXJlUXZzeTNXRgo4TzUwSGlNWUdjVnBETXFkSnc5dE5UZWZtcXd3UDVlSXFKb0xXeng3SnhaK1gzRlZCVzdlUTlhNnh4L0JmTkNzCkFnZVM0d3V0eG9Ca0UyV05pTU53d1BzWFFzdXdCVT\nRPSFFnOXB5MTRmc0NpS3c9PQotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg== \n\t\t\t\t\tLS0tLS1CRUdJTiBQUklWQVRFIEtFWS0tLS0tCk1JSUV2QUlCQURBTkJna3Foa2lHOXcwQkFRRUZBQVNDQktZd2dnU2lBZ0VBQW9JQkFRRDVFQkp6anJCTW8wM0cKUjhlYzdsVXQ5RDJJRWdVWHB5ejZqRmtvbUlabWptY3U5ZDRiZ0VGUkdHUGJJQ1RqTVQ1LzRzazdwTXNVN0N1RAowZmFJ\nME02RldGS0hYZFRFSS9MK0FrcHZWTEZJdWdRMS9jS1Z0TDg3aTd4S2hDenR0MDlKREp0K0J6VlBSS2xBCkxGb3A4Vk92UzJGMzBYV3ZwSzF5YVhHcGcvOU4xeXpjVFR6d01mYmEyaUE2aDVmM00zNi9SZnJZcEw3ZFF0QWkKdEw0VVI3cTZ4WFRyb1FkaTZRRkVQemJ1WjlvU3NhTzE1c3czTnZlSjR3UjlFU0I1YXNFW\nEtwejQ5a1A2SEZaWgpxSXg0Tit5SzVieGdMUmUxSWdhclVNb1JLQmszeEJ4czI3TjFab0NXKzZkZ3R3UGFKTWRFR04rNUlWczNEOXZMClU1VEJpdU0vQWdNQkFBRUNnZ0VBT1VHQ25HSWZFVjh4VC9YTVk3MCtnN1AwT1VXN09mYktsa2FSY0kydngvL1EKcExFTkFGRjVzb1RpMzhzQjcrQ3dONElSTk03cmlNSEtOeU\ndiaFZSTFJjaEtJS2huY3plNGNzQmdFRHZ1RFlRRgoxOHVnWWY0TlFFa2RYaHdJb0JWVityc1ZPK0c0VmFLNUxmR0VRTVFqc3RhbmIzNE5pZlZYa2tlL1EzTCt6QXZKClAzVkdmK0FmTnZRS3RKeEdZL3VteVpmdUczNVFVdTE2SFlyQllXYldTN01jeEtNZ3hIclZmNEN3TkRLK05qVEsKTGRGa2VvTzMxVDBJa3FZc1R\n5OVBJY3VzcnRzMXRvM0pVQ1lJK2FjYkJ5M0o5Y0tpbTJNUmo5R1lPTWY1UnZjLwoxTXU1SjBqTHQvcHBCQkNqWlNFMEZSU2hjREpuNTV5VGdzWmJ4YUxCY1FLQmdRRC9hS3FoOEVZcitBVTdDUURnCmdMRVZGREU0WnV4QkZDVks4R3J3dXJTNlZvYkpLd2hYNGxFaDlURTN5Y2tpdlVrQ0hKNW1YYjd2blNiSXg4d24K\ncHBlVytDb3pNeXl1Qk9ac01kbEFGL3VyRHhBeFNHbmJHVmE3UHpBMktXbTgxQWo3Mk10S1ErWHc3dmgxVTJKWQpGNVlzS3NIaGRZcm8vUGt1TzNYR2psTE5YUUtCZ1FENW82VTVFcUsxZFQ4WnVLbkZXNkNsTDg5RWkwVHpFNXgzClVGQ3ZhRkhLc0NRRkNETzYwMW5BRW15bGd6K3d3alUxQzA1Rm9tbHBlZHIxTW5QO\nVFKbGFTcGJSUG9paUQyTDYKdlo4WEdEanA3OFhrTkwyZmlQajhtVTVhYnFmdU8yclBXemQrUHdkUzZnSEFWWTFkZHhwVG9FKzJQUDlhTytwZwp4UVR5RFpjTlN3S0JnRVZwbWE0SEVkc1RQY0Nza3J0dzNpOS9YRjBhdzZ4d0lDNThwbU9rS2tmV0NpMlQ3MkdMCkZVZW9UbWIrQlJiVzRJZWRaWU1taVNTdnpnR1ZJeX\nZIZjcwODFxTXhqandCQXVwMnBiZGdqVG9SRHZLRjNwYjQKRFBVNG1BNndOSmRuL01VTlJ6cDR0MzVDUSs0RzZseE1sTGlPS2tEdTVBQ3I5OENUMGs5VEVMZlZBb0dBVVR2TgpNZ3M4WXl2cUFxYXlxQVF1L0ZIWWNvZVhRam9wZWpIcWI0blV3ODRaaW9HbXc2NnV6Kyt1NXhVVWpxSkR5aVVKCnJXTXlSaDVlLzljUkk\nySDRCUWVzbUI1dk83MGlDbEhXQ1IvYXRWVk80Zm0va3NCeHRWRDF6RHVoN2NYcjlkbksKN3d2M2lDV1p1RXFlbThGOEVhWmpDZnhEWTh1SGMwSHBZQkxJQ28wQ2dZQTA1M2dLcGRiWmZIdnFnL2E4c0E2dwp0cFlOTEJlcXJPd3BsMWNHOVpyc3hFMmEyT3dZWnB6ei9mdlp1bWhVRmZTTTJrM2Iyd2pBSG1uTkF4eWpT\nQjJUCjlQUCt6NHFXOWtwNUdZWGJjdnE1cjY5bVM4MWJjdktMdW9kd3lLS2RjQ0NPRzB3bVpGZk1CajlVY3NrZ2hCcFAKZ2oxOVFuYU1iM3hFU2dqeXQ5clA2Zz09Ci0tLS0tRU5EIFBSSVZBVEUgS0VZLS0tLS0K \n\t \n\t\n\t\t\t\t\t5df5ec97dfd07 \n\t\t\t\t\tuser \n\t\t\t\t\t5df5ec5668d9f \n\t\t\t\t\tLS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURnRENDQW1pZ0F3SUJBZ0lCQVRBTkJna3Foa2lHOXcwQkFRc0ZBREFXTVJRd0VnWURWUVFERXd0cGJuUmwKY201aGJDMWpZVEFlRncweE9URXlNVFV3T0RFNU16VmFGdzB5T1RFeU1USXdPREU1TXpWYU1CVXhFekFSQmdOVgpCQU1V\nQ25SbGMzUmZZMlZ5ZERJd2dnRWlNQTBHQ1NxR1NJYjNEUUVCQVFVQUE0SUJEd0F3Z2dFS0FvSUJBUURiCkRQWi9zNDFmNkpqL0JIMXlzekVnb0xOVTF1OGxaQ1dEblczSjBuWFY5WnZ1REFFS1pBd3FHL1BpK09ZM0xLRmQKZlRiN1VoZ1ltdmZSVndkSVZGK2tPYkxEdHRmTGNLU0E0TkRISzJ0eSttaFpMWHQ4VGpXZ\nzdrNzJ6SWxhVzdadQpXazhEaGlabTFvR0NJU2R2MWVYN3NsL2tJdXNwZkVFQW5rbUI0dUVrVjllWmZZaktDTzBKTG5ZMzZJeEx5bmxTCnBIZDBOS1pEdjZ2MzhpSnAvOGdYekxDWHdObUpCMzFwSit6NmVoL3g5QUx5OGphSnlzN2dQV1dQb2s2Q0JGZlUKRXhJV2FuRUhsbHdIYmNwSlJsbGpHbHplSGx3UVZUUUQxc3\nJ4aXpsT2xKUDFORGlmc25UWHEwSW1ENjlmZ2t6QQpnRnBnYmFvZWtUakhNbGdmQXgyL0FnTUJBQUdqZ2Rrd2dkWXdDUVlEVlIwVEJBSXdBREFMQmdOVkhROEVCQU1DCkJlQXdNUVlKWUlaSUFZYjRRZ0VOQkNRV0lrOXdaVzVUVTB3Z1IyVnVaWEpoZEdWa0lGVnpaWElnUTJWeWRHbG0KYVdOaGRHVXdIUVlEVlIwT0J\nCWUVGRlRCMnZOM05SblBVSjhBcDlKT3J5REorOEdrTUQ0R0ExVWRJd1EzTURXQQpGR0IrSitISy9TcVVsT0lySC9XeTZPbXpobU5ob1Jxa0dEQVdNUlF3RWdZRFZRUURFd3RwYm5SbGNtNWhiQzFqCllZSUJBREFUQmdOVkhTVUVEREFLQmdnckJnRUZCUWNEQWpBVkJnTlZIUkVFRGpBTWdncDBaWE4wWDJObGNuUXkK\nTUEwR0NTcUdTSWIzRFFFQkN3VUFBNElCQVFBbENGREFrS2JZVStPWWxkSkR4eklGRHlPN3FvZE1odjR3VDhJcwpURlgycWdSRGlvN0w0VnJtT0JqT3pMNjlVdlFLcHgvRjYrN1BidGticDJPSUNwT1dHR2xIN3FrM1NuUnA4bm5iCjVuQzdoc0l5RkdJNnpuSTJscHpzcFh2QzRDdUgySjYwMi9DY1V2YXBENDlPVmJ6U\n3p0cW8wSHpLMnB2V04zMFQKSlJUaGxiN0JHZU5iKzJqNUpwS2F4SzEzRTlnbnJZQkZPL2RmeS9ldThWdytkQ0dLM3J6UUJJdkZ3ck0rK1RmSApNaE9MRXB0NE1rVkQxeWwxdWlHL281UUthT3lLb2RBL2VIVmdidlgvUFMxakZyVUcwUTZvdXJEa1FDNnJCdDYwClpKaHA3SzlxSU5rYVlQclZuY3NaeWJ0aUx1bnpMLz\nA3QUZrR1Bacm13b1UvdXMxMgotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg== \n\t\t\t\t\tLS0tLS1CRUdJTiBQUklWQVRFIEtFWS0tLS0tCk1JSUV2d0lCQURBTkJna3Foa2lHOXcwQkFRRUZBQVNDQktrd2dnU2xBZ0VBQW9JQkFRRGJEUFovczQxZjZKai8KQkgxeXN6RWdvTE5VMXU4bFpDV0RuVzNKMG5YVjladnVEQUVLWkF3cUcvUGkrT1kzTEtGZGZUYjdVaGdZbXZmUgpWd2RJ\nVkYra09iTER0dGZMY0tTQTROREhLMnR5K21oWkxYdDhUaldnN2s3MnpJbGFXN1p1V2s4RGhpWm0xb0dDCklTZHYxZVg3c2wva0l1c3BmRUVBbmttQjR1RWtWOWVaZllqS0NPMEpMblkzNkl4THlubFNwSGQwTktaRHY2djMKOGlKcC84Z1h6TENYd05tSkIzMXBKK3o2ZWgveDlBTHk4amFKeXM3Z1BXV1BvazZDQkZmV\nUV4SVdhbkVIbGx3SApiY3BKUmxsakdsemVIbHdRVlRRRDFzcnhpemxPbEpQMU5EaWZzblRYcTBJbUQ2OWZna3pBZ0ZwZ2Jhb2VrVGpICk1sZ2ZBeDIvQWdNQkFBRUNnZ0VBR21Hc1NtTUFrdDE3bDdNZHZMT3lKZ0RVdUZJT2lVMVBhMU9KaG5ZUGRRNVkKa2tubDBpK01lNEhVVkxDdllWUEJ0M1crS25TUHJGNzFtOF\nBFZjhTUnBFRENzK21RZ2RMMkxRTm1nYVpNRVpQdwovMVNIKzhlYms5OC9xVittNXpnR2Q3SHV0RGp5NVEzT21US1BBbHdiajczQzZNSC8yb1k1ZWU2V1ljdEdYRTd5Ci9QSXAzaWVQZk5XM1lIUUt0ZmdWc3FrcFJTL3kyS09qVG5xMXpmNDlpOUozbWFUbnlzMVVScHVsMWw2V2t0MGkKUXY0bW8xMW83ODFLS3JUand\nvYjRxNml0eE9BUGxXNEFMNWRUYmdOazN4Z0k3K2h3Z0VVVS9USlA2djZsVys4SwpyaG9xQU1ySERQeFJvNmZ4N3dsYVkzUWdVNzUrZUxORlh3VWVXb1NuWVFLQmdRRHlkeUVHMko5Ymh0ZHRmdFQvCmpicCtvcVdsd0hidEE3WlhzRGx0Z045SUJvQUlXMmJ0RmVhQjhBU1ppL0M2Z2I3Ym1lQUQ1YmFOdDExNURkRGUK\nTGd2TEswenJrdFhqeHlXakN0RDhOczY5MUs1ZjFSK2J0RHpQNnZvaG9DbWxrTHg5dFBsNlJINFFwekVrajM4cQpYWTFWTlRkQlpXSjdqWEh6T1Nha3V0SVNUd0tCZ1FEblJ6dlNBd0tSKzVwMUE1QXdBNHJSSFpnQm1IVUoxRDVEClVFQkZVTWl2T1d0c1U2L3NoaW5kM1BqQ0lMYldmT1lUZGorRkVpaHJKNUhyN0dUT\nmgzd0htR3FDMWNYbXNEQXgKR2pVK1ArbW1ESTlYR3d4czJpV0VyeDQwMXBHSkJRWDErWDhVQSs2eU81YithNG5Scm9jaDRHQUpEMUlUUUZhQgpEN3VMY2RpUmtRS0JnUUN4S1paNk9DSUljSGhNUzFZNi9FWCtiYjEzWlRBQWNxdnpXcEk3anVTVzdoanpBa1lzCmljb0p1MlRCQk4xNmlYNzVXbSt5cVZCQU1IRWVHSm\nc3SDQ0Q2Y3c09qaFcyL3paaThXNU9PNFhJY3ZTT2xWMHAKR2dNdE1OWmZaM1hHd2dEWUlUb0F1cmNhVisreWRSOUh4MStUbVBTczFmV2xyVzVMZDhEaXNKYjZSUUtCZ1FDUQpOaUc5N1RTUUZJUVdUTGQreU9hcFNEdTlXdlEzd2NsbExjZzFzSTdDZkJwWXZNSW95T3VZTlM1RDFpUk1FQ3RpCm5VdzBUTU01TmI1T2p\n1TzRLTEFWQ0Z2NTR4UjRxUW9UeEJUSkVROC9BL3ZwUTZ0MndIdStoWGRmV1IvOGdVNWIKTjB5ZkRXaXNhRzNaalBLdDlaYTdiKzVTRitTRXJveUNBMjVkSUFyN2tRS0JnUUNnVXhNUm1zWGhGanFjNVYyQwptbDh2VFFxc254dklkdzVQWjFPSkdBMHROcXh0dTc5dTliSnBUdGd0YVhGV1FBSGlnMlBESWdsYi9HdjFh\nekJXCmU3a1FUcHFaNmY4QjRmUWg5MDQwYnJlcm9aNlE2REtIQWlna0lsbmdaUXVVNEU5MDhjVzdWbk10dUhpNTN2WDEKRjNaci9nVE9BV2E3NkJuY3hkYzNQNTZndHc9PQotLS0tLUVORCBQUklWQVRFIEtFWS0tLS0tCg== \n\t \n \n"
},
{
"path": "tests/unit/plugins/modules/fixtures/pfsense_interface_config.xml",
"content": "\n\t18.9 \n\t\n\t\tnormal \n\t\tpfSense \n\t\tacme.com \n\t\ton \n\t\t\n\t\t\tall \n\t\t\tAll Users \n\t\t\tsystem \n\t\t\t1998 \n\t\t \n\t\t\n\t\t\tadmins \n\t\t\tSystem Administrators \n\t\t\tsystem \n\t\t\t1999 \n\t\t\t0 \n\t\t\tpage-all \n\t\t \n\t\t\n\t\t\tsystem \n\t\t\ttest \n\t\t\t \n\t\t\n\t\t\tsystem \n\t\t\tgroupe1 \n\t\t\t \n\t\t\n\t\t\tsystem \n\t\t\tgroupe2 \n\t\t\t \n\t\t\n\t\t\tadmin \n\t\t\tSystem Administrator \n\t\t\tsystem \n\t\t\tadmins \n\t\t\t$2y$10$AMCpA.Z.RNaferLp1yzFq.BvaGgfqaJKtQug7OErbocyNagsEK6xW \n\t\t\t0 \n\t\t\tuser-shell-access \n\t\t\t2 \n\t\t\tpfSense.css \n\t\t \n\t\t2000 \n\t\t2000 \n\t\t0.pfsense.pool.ntp.org \n\t\t\n\t\t\thttp \n\t\t\t5c00e5f9029df \n\t\t\t2 \n\t\t \n\t\tyes \n\t\t400000 \n\t\thadp \n\t\thadp \n\t\thadp \n\t\t\n\t\t\tmonthly \n\t\t \n\t\t\n\t\t\tenabled \n\t\t \n\t\tEtc/UTC \n\t \n\t\n\t\t\n\t\t\tvmx0 \n\t\t\twan \n\t\t\t192.168.240.137 \n\t\t\t32 \n\t\t\tSavedCfg \n\t\t\t24 \n\t\t\t \n\t\t\n\t\t\tvmx1 \n\t\t\tlan \n\t\t\t192.168.1.242 \n\t\t\t24 \n\t\t\t2001::2001:22 \n\t\t\t64 \n\t\t\t \n\t\t\n\t\t\tvmx2 \n\t\t\tvpn \n\t\t\t10.0.0.1 \n\t\t\t24 \n\t\t \n\t\t\n\t\t\tvmx3 \n\t\t\tvt1 \n\t\t\t \n\t\t\n\t\t\tlan_1100 \n\t\t\tvmx1.1100 \n\t\t\t172.16.151.210 \n\t\t\t24 \n\t\t \n\t\t\n\t\t\tlan_1200 \n\t\t\tvmx1.1200 \n\t\t\t172.16.152.210 \n\t\t\t24 \n\t\t \n\t\t\n\t\t\tvmx4 \n\t\t\tvt2 \n\t\t\tdhcp \n\t\t\t \n\t \n\t\n\t\t\n\t\t\t\n\t\t\t\t192.168.1.100 \n\t\t\t\t192.168.1.199 \n\t\t\t \n\t\t \n\t \n\t\n\t\t\n\t\t\t\n\t\t\t\t::1000 \n\t\t\t\t::2000 \n\t\t\t \n\t\t\tassist \n\t\t\tmedium \n\t\t \n\t \n\t\n\t\tpublic \n\t \n\t\n\t\t\n\t\t\t \n\t \n\t\n\t\t1 \n\t\t50 \n\t\tipv4 \n\t \n\t\n\t\t\n\t\t\tadvanced \n\t\t\t\n\t\t\t\t\n\t\t\t\t\tany \n\t\t\t\t \n\t\t\t\twan \n\t\t\t\t\n\t\t\t\t\t \n\t\t\t\t\n\t\t\t\t\t1544027052 \n\t\t\t\t\t \n\t\t\t\t\n\t\t\t\t\t1544027052 \n\t\t\t\t\t \n\t\t\t \n\t\t \n\t\t\n\t\t\t\n\t\t\t\t \n\t\t\t\n\t\t\t\twanip \n\t\t\t\t22022 \n\t\t\t \n\t\t\ttcp \n\t\t\t10.255.1.20 \n\t\t\t22 \n\t\t\twan \n\t\t\t\n\t\t\t\t1544085353 \n\t\t\t\t \n\t\t\t\n\t\t\t\t1544085353 \n\t\t\t\t \n\t\t \n\t \n\t\n\t\t\n\t\t\t\n\t\t\t\t\n\t\t\t\t\tfr1
\n\t\t\t\t\ttest_separator \n\t\t\t\t\tbg-info \n\t\t\t\t\tlan \n\t\t\t\t \n\t\t\t \n\t\t\t \n\t\t\n\t\t\t\t\t\t1560930241 \n\t\t\t\t\t\tmatch \n\t\t\t\t\t\tlan \n\t\t\t\t\t\tinet \n\t\t\t\t\t\tin \n\t\t\t\t\t\tyes \n\t\t\t\t\t\tyes \n\t\t\t\t\t\ttcp \n\t\t\t\t\t\t\n\t\t\t\t\t\t\tport_ssh \n\t\t\t\t\t\t \n\t\t\t\t\t\t\n\t\t\t\t\t\t\t \n\t\t\t\t\t\tfloating_rule_1 \n\t\t \n\t\t\n\t\t\t\t\t\t1560930241 \n\t\t\t\t\t\tmatch \n\t\t\t\t\t\tlan,wan,opt3 \n\t\t\t\t\t\tinet \n\t\t\t\t\t\tin \n\t\t\t\t\t\tyes \n\t\t\t\t\t\tyes \n\t\t\t\t\t\ttcp \n\t\t\t\t\t\t\n\t\t\t\t\t\t\t \n\t\t\t\t\t\t\n\t\t\t\t\t\t\tport_ssh \n\t\t\t\t\t\t \n\t\t\t\t\t\tfloating_rule_2 \n\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545574416 \n\t\t\t \n\t\t\ttcp \n\t\t\tantilock_out_1 \n\t\t\t\n\t\t\t\t1545574416 \n\t\t\t \n\t\t\t\n\t\t\t\tport_ssh \n\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\t \n\t\t\t1545574416 \n\t\t\twan \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545574416 \n\t\t\t \n\t\t\ttcp \n\t\t\tantilock_out_2 \n\t\t\t\n\t\t\t\t1545574416 \n\t\t\t \n\t\t\t\n\t\t\t\tport_http \n\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\t \n\t\t\t1545574416 \n\t\t\twan \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545574416 \n\t\t\t \n\t\t\ttcp \n\t\t\tantilock_out_3 \n\t\t\t\n\t\t\t\t1545574416 \n\t\t\t \n\t\t\t\n\t\t\t\t443 \n\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\t \n\t\t\t1545574416 \n\t\t\twan \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545574416 \n\t\t\t \n\t\t\ttcp \n\t\t\tantilock_out_1 \n\t\t\t\n\t\t\t\t1545574416 \n\t\t\t \n\t\t\t\n\t\t\t\tport_ssh \n\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\t \n\t\t\t1545574416 \n\t\t\tlan \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545574416 \n\t\t\t \n\t\t\ttcp \n\t\t\tantilock_out_2 \n\t\t\t\n\t\t\t\t1545574416 \n\t\t\t \n\t\t\t\n\t\t\t\tport_http \n\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\t \n\t\t\t1545574416 \n\t\t\tlan \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545574416 \n\t\t\t \n\t\t\ttcp \n\t\t\tantilock_out_3 \n\t\t\t\n\t\t\t\t1545574416 \n\t\t\t \n\t\t\t\n\t\t\t\t443 \n\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\t \n\t\t\t1545574416 \n\t\t\tlan \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545574416 \n\t\t\t \n\t\t\ttcp \n\t\t\tantilock_out_1 \n\t\t\t\n\t\t\t\t1545574416 \n\t\t\t \n\t\t\t\n\t\t\t\tport_ssh \n\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\t \n\t\t\t1545574416 \n\t\t\topt3 \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545574416 \n\t\t\t \n\t\t\ttcp \n\t\t\tantilock_out_2 \n\t\t\t\n\t\t\t\t1545574416 \n\t\t\t \n\t\t\t\n\t\t\t\tport_http \n\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\t \n\t\t\t1545574416 \n\t\t\topt3 \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545574416 \n\t\t\t \n\t\t\ttcp \n\t\t\tantilock_out_3 \n\t\t\t\n\t\t\t\t1545574416 \n\t\t\t \n\t\t\t\n\t\t\t\t443 \n\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\t \n\t\t\t1545574416 \n\t\t\topt3 \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\tudp \n\t\t\tvoid_conf_tftp_1 \n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\t\n\t\t\t\t69 \n\t\t\t\tlan_voip_poc2 \n\t\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\tipbx_poc3 \n\t\t\t\t \n\t\t\t1545602758 \n\t\t\topt3 \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\ticmp \n\t\t\tping_from_poc3_2 \n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\t\n\t\t\t\tsrv_admin \n\t\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\tlan_voip_poc3 \n\t\t\t\t \n\t\t\t1545602758 \n\t\t\topt3 \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\tudp \n\t\t\tvoid_conf_tftp_2 \n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\t\n\t\t\t\t69 \n\t\t\t\tlan_voip_poc1 \n\t\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\tipbx_poc3 \n\t\t\t\t \n\t\t\t1545602758 \n\t\t\topt3 \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545574416 \n\t\t\t \n\t\t\ttcp \n\t\t\tantilock_out_1 \n\t\t\t\n\t\t\t\t1545574416 \n\t\t\t \n\t\t\t\n\t\t\t\tport_ssh \n\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\t \n\t\t\t1545574416 \n\t\t\topt1 \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545574416 \n\t\t\t \n\t\t\ttcp \n\t\t\tantilock_out_2 \n\t\t\t\n\t\t\t\t1545574416 \n\t\t\t \n\t\t\t\n\t\t\t\tport_http \n\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\t \n\t\t\t1545574416 \n\t\t\topt1 \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545574416 \n\t\t\t \n\t\t\ttcp \n\t\t\tantilock_out_3 \n\t\t\t\n\t\t\t\t1545574416 \n\t\t\t \n\t\t\t\n\t\t\t\t443 \n\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\t \n\t\t\t1545574416 \n\t\t\topt1 \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\tudp \n\t\t\tvoid_conf_tftp_3 \n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\t\n\t\t\t\t69 \n\t\t\t\tlan_voip_poc3 \n\t\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\tipbx_poc2 \n\t\t\t\t \n\t\t\t1545602758 \n\t\t\topt1 \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\tudp \n\t\t\tads_to_ads_udp_3_1 \n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\t\n\t\t\t\tport_dns \n\t\t\t\tad_poc3 \n\t\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\tad_poc2 \n\t\t\t\t \n\t\t\t1545602758 \n\t\t\topt1 \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\tudp \n\t\t\tads_to_ads_udp_3_2 \n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\t\n\t\t\t\tport_ldap \n\t\t\t\tad_poc3 \n\t\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\tad_poc2 \n\t\t\t\t \n\t\t\t1545602758 \n\t\t\topt1 \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\tudp \n\t\t\tads_to_ads_udp_4_1 \n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\t\n\t\t\t\tport_dns \n\t\t\t\tad_poc3 \n\t\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\tad_poc1 \n\t\t\t\t \n\t\t\t1545602758 \n\t\t\topt1 \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\tudp \n\t\t\tads_to_ads_udp_4_2 \n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\t\n\t\t\t\tport_ldap \n\t\t\t\tad_poc3 \n\t\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\tad_poc1 \n\t\t\t\t \n\t\t\t1545602758 \n\t\t\topt1 \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\tudp \n\t\t\tvoid_conf_tftp_4 \n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\t\n\t\t\t\t69 \n\t\t\t\tlan_voip_poc3 \n\t\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\tipbx_poc1 \n\t\t\t\t \n\t\t\t1545602758 \n\t\t\topt1 \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\ttcp \n\t\t\tads_to_ads_tcp_4_1 \n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\t\n\t\t\t\tport_dns \n\t\t\t\tad_poc3 \n\t\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\tad_poc1 \n\t\t\t\t \n\t\t\t1545602758 \n\t\t\topt1 \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\ttcp \n\t\t\tads_to_ads_tcp_4_2 \n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\t\n\t\t\t\tport_ldap \n\t\t\t\tad_poc3 \n\t\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\tad_poc1 \n\t\t\t\t \n\t\t\t1545602758 \n\t\t\topt1 \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\ttcp \n\t\t\tads_to_ads_tcp_4_3 \n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\t\n\t\t\t\tport_ldap_ssl \n\t\t\t\tad_poc3 \n\t\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\tad_poc1 \n\t\t\t\t \n\t\t\t1545602758 \n\t\t\topt1 \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\tadmin_bypass \n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\t\n\t\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\tsrv_admin \n\t\t\t\t \n\t\t\t1545602758 \n\t\t\topt1 \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\ttcp \n\t\t\tads_to_ads_tcp_3_1 \n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\t\n\t\t\t\tport_dns \n\t\t\t\tad_poc3 \n\t\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\tad_poc2 \n\t\t\t\t \n\t\t\t1545602758 \n\t\t\topt1 \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\ttcp \n\t\t\tads_to_ads_tcp_3_2 \n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\t\n\t\t\t\tport_ldap \n\t\t\t\tad_poc3 \n\t\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\tad_poc2 \n\t\t\t\t \n\t\t\t1545602758 \n\t\t\topt1 \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\ttcp \n\t\t\tads_to_ads_tcp_3_3 \n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\t\n\t\t\t\tport_ldap_ssl \n\t\t\t\tad_poc3 \n\t\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\tad_poc2 \n\t\t\t\t \n\t\t\t1545602758 \n\t\t\topt1 \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t \n\t\n\t\t\n\t\t\tport \n\t\t\tport_ssh \n\t\t\t22 \n\t\t \n\t\t\n\t\t\tport \n\t\t\tport_http \n\t\t\t80 \n\t\t \n\t\t\n\t\t\thost \n\t\t\tsrv_admin \n\t\t\t192.168.1.165 \n\t\t \n\t\t\n\t\t\tport \n\t\t\tport_dns \n\t\t\t51 \n\t\t \n\t\t\n\t\t\tport \n\t\t\tport_ldap \n\t\t\t389 \n\t\t \n\t\t\n\t\t\tport \n\t\t\tport_ldap_ssl \n\t\t\t636 \n\t\t \n\t\n\t\t\tnetwork \n\t\t\tlan_voip_poc2 \n\t\t\t172.16.2.0/24 \n\t\t\t \n\t\t\n\t\t\tnetwork \n\t\t\tlan_voip_poc3 \n\t\t\t172.16.3.0/24 \n\t\t\t \n\t\t\n\t\t\tnetwork \n\t\t\tlan_voip_poc1 \n\t\t\t172.16.1.0/24 \n\t\t\t \n\t\t\n\t\t\thost \n\t\t\tad_poc3 \n\t\t\t192.168.3.3 \n\t\t\t \n\t\t\n\t\t\thost \n\t\t\tad_poc2 \n\t\t\t192.168.2.3 \n\t\t\t \n\t\t\n\t\t\thost \n\t\t\tad_poc1 \n\t\t\t192.168.1.3 \n\t\t\t \n\t\t\n\t\t\tnetwork \n\t\t\tlan_data_poc3 \n\t\t\t192.168.3.0/24 \n\t\t\t \n\t\t\n\t\t\thost \n\t\t\tipbx_poc3 \n\t\t\t172.16.3.3 \n\t\t\t \n\t\t\n\t\t\thost \n\t\t\tipbx_poc2 \n\t\t\t172.16.2.3 \n\t\t\t \n\t\t\n\t\t\thost \n\t\t\tipbx_poc1 \n\t\t\t172.16.1.3 \n\t\t\t \n\t\t\n\t\t\thttp://www.acme-corp.com \n\t\t\turltable \n\t\t\t10 \n\t\t\thttp://www.acme-corp.com \n\t\t\tacme_corp \n\t\t\t \n\t\t \n\t\n\t\t- \n\t\t\t
1,31 \n\t\t\t0-5 \n\t\t\t* \n\t\t\t* \n\t\t\t* \n\t\t\troot \n\t\t\t/usr/bin/nice -n20 adjkerntz -a \n\t\t \n\t\t- \n\t\t\t
1 \n\t\t\t3 \n\t\t\t1 \n\t\t\t* \n\t\t\t* \n\t\t\troot \n\t\t\t/usr/bin/nice -n20 /etc/rc.update_bogons.sh \n\t\t \n\t\t- \n\t\t\t
*/60 \n\t\t\t* \n\t\t\t* \n\t\t\t* \n\t\t\t* \n\t\t\troot \n\t\t\t/usr/bin/nice -n20 /usr/local/sbin/expiretable -v -t 3600 sshguard \n\t\t \n\t\t- \n\t\t\t
*/60 \n\t\t\t* \n\t\t\t* \n\t\t\t* \n\t\t\t* \n\t\t\troot \n\t\t\t/usr/bin/nice -n20 /usr/local/sbin/expiretable -v -t 3600 webConfiguratorlockout \n\t\t \n\t\t- \n\t\t\t
1 \n\t\t\t1 \n\t\t\t* \n\t\t\t* \n\t\t\t* \n\t\t\troot \n\t\t\t/usr/bin/nice -n20 /etc/rc.dyndns.update \n\t\t \n\t\t- \n\t\t\t
*/60 \n\t\t\t* \n\t\t\t* \n\t\t\t* \n\t\t\t* \n\t\t\troot \n\t\t\t/usr/bin/nice -n20 /usr/local/sbin/expiretable -v -t 3600 virusprot \n\t\t \n\t\t- \n\t\t\t
30 \n\t\t\t12 \n\t\t\t* \n\t\t\t* \n\t\t\t* \n\t\t\troot \n\t\t\t/usr/bin/nice -n20 /etc/rc.update_urltables \n\t\t \n\t\t- \n\t\t\t
1 \n\t\t\t0 \n\t\t\t* \n\t\t\t* \n\t\t\t* \n\t\t\troot \n\t\t\t/usr/bin/nice -n20 /etc/rc.update_pkg_metadata \n\t\t \n\t\t- \n\t\t\t
0 \n\t\t\t0 \n\t\t\t* \n\t\t\t* \n\t\t\t* \n\t\t\troot \n\t\t\t/usr/local/sbin/squid -k rotate -f /usr/local/etc/squid/squid.conf \n\t\t \n\t\t- \n\t\t\t
15 \n\t\t\t0 \n\t\t\t* \n\t\t\t* \n\t\t\t* \n\t\t\troot \n\t\t\t/usr/local/pkg/swapstate_check.php \n\t\t \n\t \n\t\n\t\t \n\t\n\t\t\n\t\t\tICMP \n\t\t\ticmp \n\t\t\tICMP \n\t\t\t \n\t\t\n\t\t\tTCP \n\t\t\ttcp \n\t\t\tGeneric TCP \n\t\t\t \n\t\t\n\t\t\tHTTP \n\t\t\thttp \n\t\t\tGeneric HTTP \n\t\t\t\n\t\t\t\t/ \n\t\t\t\t200\n\t\t\t \n\t\t \n\t\t\n\t\t\tHTTPS \n\t\t\thttps \n\t\t\tGeneric HTTPS \n\t\t\t\n\t\t\t\t/ \n\t\t\t\t200\n\t\t\t \n\t\t \n\t\t\n\t\t\tSMTP \n\t\t\tsend \n\t\t\tGeneric SMTP \n\t\t\t\n\t\t\t\t220 * \n\t\t\t \n\t\t \n\t \n\t\n\t\tsystem_information:col1:open:0,interfaces:col2:open:0 \n\t\t10 \n\t \n\t\n\t\t \n\t\n\t\t1545602758 \n\t\taggregated change \n\t\t \n\t\n\t\t5c00e5f9029df \n\t\twebConfigurator default (5c00e5f9029df) \n\t\tserver \n\t\tLS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUVlakNDQTJLZ0F3SUJBZ0lCQURBTkJna3Foa2lHOXcwQkFRc0ZBREJhTVRnd05nWURWUVFLRXk5d1psTmwKYm5ObElIZGxZa052Ym1acFozVnlZWFJ2Y2lCVFpXeG1MVk5wWjI1bFpDQkRaWEowYVdacFkyRjBaVEVlTUJ3RwpBMVVFQXhNVmNHWlRaVzV6WlMwMVl6QXdaVFZtT1RBeU9XUm1NQjRYRFRFNE1URXpNREEzTWpVME5Wb1hEVEkwCk1EVXlNakEzTWpVME5Wb3dXakU0TURZR0ExVUVDaE12Y0daVFpXNXpaU0IzWldKRGIyNW1hV2QxY21GMGIzSWcKVTJWc1ppMVRhV2R1WldRZ1EyVnlkR2xtYVdOaGRHVXhIakFjQmdOVkJBTVRGWEJtVTJWdWMyVXROV013TUdVMQpaamt3TWpsa1pqQ0NBU0l3RFFZSktvWklodmNOQVFFQkJRQURnZ0VQQURDQ0FRb0NnZ0VCQU9SRHNBV1hlMitrCmtuUFpBUGxBUG1QUUl6RVBDaXBQdXJ4dmE4c0psSCtiNitKRzl4bnpreXptaVR5SFc0M0tmZzVKNzhCdG1jTmQKWlgvZHlyckZ6dlNiQnZpa21lWk9MdGVaejVaaGFOdkxsbjBxRWZibEFwbWdkUS9Nck42eURoTWNZYWN6SEduTwpTaHdFRWZoMHhuOGo5VEFCMG9vT0JyU2dINnpkTjF2YVFIZzBJeDhIa0toUzY5eDRoV3g2WUUrRE9UQk00NUcwCkNVbitUVzNTSytQaU5QaFExT2tyRHlKL21ZLzdmVXpRZkg1bk5ZcEtNZUE2cVZxdUZTa1g0a0RVRlFwOHNoNG4KMXR5QmtJM2gvTFRpTW5uNjhBMXhKOFdrVW8yUWNxNmNuR0hqL0VGbkVKWWRraTVsYUtDWG5wS0Y0c2hrZHJaVgpRN21ybithUHg5OENBd0VBQWFPQ0FVa3dnZ0ZGTUFrR0ExVWRFd1FDTUFBd0VRWUpZSVpJQVliNFFnRUJCQVFECkFnWkFNQXNHQTFVZER3UUVBd0lGb0RBekJnbGdoa2dCaHZoQ0FRMEVKaFlrVDNCbGJsTlRUQ0JIWlc1bGNtRjAKWldRZ1UyVnlkbVZ5SUVObGNuUnBabWxqWVhSbE1CMEdBMVVkRGdRV0JCU3Qra3hud054UlFGT2pXVTljekRwegp4elRYd2pDQmdnWURWUjBqQkhzd2VZQVVyZnBNWjhEY1VVQlRvMWxQWE13NmM4YzAxOEtoWHFSY01Gb3hPREEyCkJnTlZCQW9UTDNCbVUyVnVjMlVnZDJWaVEyOXVabWxuZFhKaGRHOXlJRk5sYkdZdFUybG5ibVZrSUVObGNuUnAKWm1sallYUmxNUjR3SEFZRFZRUURFeFZ3WmxObGJuTmxMVFZqTURCbE5XWTVNREk1WkdhQ0FRQXdIUVlEVlIwbApCQll3RkFZSUt3WUJCUVVIQXdFR0NDc0dBUVVGQ0FJQ01DQUdBMVVkRVFRWk1CZUNGWEJtVTJWdWMyVXROV013Ck1HVTFaamt3TWpsa1pqQU5CZ2txaGtpRzl3MEJBUXNGQUFPQ0FRRUEzZHhIRWR5SkpWeC9od0t3WGlwcXYrY04KWFpSQ3Q1NUFHbnNGeXZIcG5Rb3pxYzV1ZFdKSTFUcGF1TGNaZjF6OFM1cXQyUDd3V1BndFhnZ3BIWmgydUlqagpha2ZpV0JIQnorS3Q2Qjl5K2hmVTVPRHUwSXMrcHJyWngyM0ZNNjVCOFNiMGlmUlMvZXFTTFpHTHcvLzdhRVJ2CnVpOUhKOXRuemhRYklMb1VwUUQ5MTRLNERldXdJYXZ4dldMTElwMGsreWNoSTczV2NGR1VZVlJpanFNekhlcUcKY2RLRDVtbXZQTk1OYXdESVhuU3pldVpQMTkvVmhuc0J0Y3hiYzNMQ2RSR1VJS0ZNN2syK0xoaEZrdks1NjhlNQozalpNZjNSVWhQaTlFeEF2Vmw3blVyd1l4UU45TXhHMUJzZmNrYldNd1dUL3lFMHFnRHcrT2M4b21SSW9tZz09Ci0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K \n\t\tLS0tLS1CRUdJTiBQUklWQVRFIEtFWS0tLS0tCk1JSUV2UUlCQURBTkJna3Foa2lHOXcwQkFRRUZBQVNDQktjd2dnU2pBZ0VBQW9JQkFRRGtRN0FGbDN0dnBKSnoKMlFENVFENWowQ014RHdvcVQ3cThiMnZMQ1pSL20rdmlSdmNaODVNczVvazhoMXVOeW40T1NlL0FiWm5EWFdWLwozY3E2eGM3MG13YjRwSm5tVGk3WG1jK1dZV2pieTVaOUtoSDI1UUtab0hVUHpLemVzZzRUSEdHbk14eHB6a29jCkJCSDRkTVovSS9Vd0FkS0tEZ2Ewb0IrczNUZGIya0I0TkNNZkI1Q29VdXZjZUlWc2VtQlBnemt3VE9PUnRBbEoKL2sxdDBpdmo0alQ0VU5UcEt3OGlmNW1QKzMxTTBIeCtaeldLU2pIZ09xbGFyaFVwRitKQTFCVUtmTEllSjliYwpnWkNONGZ5MDRqSjUrdkFOY1NmRnBGS05rSEt1bkp4aDQveEJaeENXSFpJdVpXaWdsNTZTaGVMSVpIYTJWVU81CnE1L21qOGZmQWdNQkFBRUNnZ0VCQUpmblI1TmhESjd1T1J2cEZKSEtvL3BPZjZ6ZElsbW45MUFCSWczYkVUeWUKcWFwS3FaUldtT0d2aFRLSHJYQzlpWWUrd2xNZlhNMDdNUm1Yb3BzS21rQURqdThXc3VnbHJWeURHamNzR2RqegpNZkdYZHA4RUplZlFkVGFQY1pjOWpNcEEvK2VCeHUzT2Yxa0hpR0g4YkVBZDBNUWk0bFpISVVWQXJmT2V2NEZhCmlaTEJGdTEzY0pCMEJNbzJUZU9JZDQ1R0p3OXVTQWd3Q1VuZWQ5WG42SlkremI3cVRKUE1qQkdlYWY0L0E5UnMKV29nWW85ZUtYaTF3YmFRcGthdUZINWx2U29jckRsQWRiaERiam00c0lIdzJtQUwwSUk0d1YzVTJLbUhFMEg3Nwp2b1M0dUdHNW1BZFZ0elRDTnZOa09YMC9WVWdNMTJ1eHllZVZ4c3FaTkxFQ2dZRUEvcFhJR2hDNlhkVkNNNDk1CkVsR1RENW4zUXdUOTZXZkNRQ0w2cXlaK1UwUHNla0dDV2pXTWt3R2tHbWl1ZkVKdFN2VFl2d1NzcUZpaTZsdlkKNXRKSkR3dEd4ZW0weEF0SWc3RlNuUVcvdDNWcExXOE9QVmFXQ0lOSXJKSHc3L2tOZ2RpVmNBWXpiN05DUGtjVgptTEs5aSt6bXpKMmkrbE9vaFVKRlE5aVZEQWNDZ1lFQTVZaDFHYWlGMUl6UzRVdE9pZklLcjZ3bW40MEQ3ZEVmClF5SXF5d3JSTVcya1BxVkViaVBCVkM3dUxUeUlKMWdwVDhPakl3WFlrOUlRdW01ZW42TTc2aXlxYmUrY3JhdE8KbEliK3pLL2RBNzZuUjBHOGJ2eVBmMS9FbU5vL0J1ZUZldWQyaWNacWhMd25HUkxUL0FPQktkMTZ4ZGtoSjdkVwo5WWRsbmliL0gya0NnWUJqaC8rQllVVGJab0xKVWJCTjN5S1ZtT1k0aDMwVmdZRktQZUt1Z3hBa1VZdmtpRFFFClBLZEcyZjlrYThTN3crU2l4M0x0eTFBTlNRbjRnZ3djd2QzYVNkaFRpL2ttSkJzbmtXM3hBY3hnVjBEVmlIT1MKdTRWUXNyTDQ5TjJ6bERVWnJLbFA4THl2VU8vM0ZTZDJXWHNOZDRNTVFCejFyVHRYVGY5eWRQeGdoUUtCZ0FzRgptWEhvK0x3ekl2RTBsNG5pT0ljbEFobkpRTFlMdzYrS2xYbDRoSUVXSGJ2d1hhL1lRYkZVSzVXNmdXTTZSWW1TCkFHUnZKRzQ4dVJicXM5cUFrU0Qya2h5RFZBZTI0U2dhcjJPTzBsTWF0WmVqWFhRSzVxMGNJU21oMlVMd25TVkEKdGgxNWpLWGhEeE9TSnVIRUhWQ3dWUFBwTUVGaStXY0M0R3RPdmhONUFvR0FKbXdFSkR2QkZtL0t0SXlZMDhuQgpJSExkc1dSWmRXOXpNbHBsMVk2OTV1b21qS1hVMEwva3VDZ1QwRFVVVG1VK0Q3aGFZL2FQajB6MWpqR0JGcEQ0ClJ3cVA2dVJQTVhRMExLSG5IbmFQclJzanM2Q2xicVQ4ZU93dTRkeVpmYUtTS3VvbVpDZ1pkV2ZxWThVL21tbWIKT21vckhNeWJzWG0wWnJNaTZOemlzam89Ci0tLS0tRU5EIFBSSVZBVEUgS0VZLS0tLS0K \n\t \n\t\n\t\t\n\t\t\twan \n\t\t\t192.168.1.220 \n\t\t\tGW_WAN \n\t\t\t1 \n\t\t\tinet \n\t\t\tInterface wan Gateway \n\t\t \n\t\t\n\t\t\tlan \n\t\t\t192.168.1.220 \n\t\t\tGW_LAN \n\t\t\t1 \n\t\t\tinet \n\t\t\tInterface lan Gateway \n\t\t \n\t\tGW_WAN \n\t \n\t\n\t\t\n\t\t\tnmap \n\t\t\tNMap is a utility for network exploration or security auditing.&amp;amp;amp;amp;amp;amp;amp;amp;amp;amp;lt;br/&amp;amp;amp;amp;amp;amp;amp;amp;amp;amp;gt;\n\t\t\tIt supports ping scanning (determine which hosts are up), many port scanning techniques (determine what services the hosts are offering), version detection (determine what application/service is running on a port), and TCP/IP fingerprinting (remote host OS or device identification).\n\t\t\tIt also offers flexible target and port specification, decoy/stealth scanning, SunRPC scanning, and more. \n\t\t\t1.4.4_1 \n\t\t\thttps://doc.pfsense.org/index.php/Nmap_package \n\t\t\tnmap.xml \n\t\t\t/usr/local/pkg/nmap.inc \n\t\t \n\t\t\n\t\t\tiftop \n\t\t\thttps://forum.pfsense.org/ \n\t\t\tRealtime interface monitor (console/shell only). \n\t\t\thttp://www.ex-parrot.com/~pdw/iftop/ \n\t\t\t0.17_2 \n\t\t\tiftop.xml \n\t\t \n\t\t\n\t\t\tOpen-VM-Tools \n\t\t\tVMware Tools is a suite of utilities that enhances the performance of the virtual machine's guest operating system and improves management of the virtual machine. \n\t\t\thttp://open-vm-tools.sourceforge.net/ \n\t\t\t10.1.0,1 \n\t\t\thttps://doc.pfsense.org/index.php/Open_VM_Tools_package \n\t\t\topen-vm-tools.xml \n\t\t\t/usr/local/pkg/open-vm-tools.inc \n\t\t \n\t\t\n\t\t\tsquid3 \n\t\t\tsquid \n\t\t\tHigh performance web proxy cache (3.4 branch). It combines Squid as a proxy server with its capabilities of acting as a HTTP / HTTPS reverse proxy.&amp;amp;amp;amp;amp;amp;amp;amp;amp;amp;lt;br /&amp;amp;amp;amp;amp;amp;amp;amp;amp;amp;gt;\n\t\t\tIt includes an Exchange-Web-Access (OWA) Assistant, SSL filtering and antivirus integration via C-ICAP. \n\t\t\thttps://forum.pfsense.org/index.php?board=60.0 \n\t\t\thttp://www.squid-cache.org/ \n\t\t\t0.4.44_7 \n\t\t\tsquid.xml \n\t\t\tsquid_generate_rules \n\t\t\t\n\t\t\t\t\n\t\t\t\t\tGeneral \n\t\t\t\t\t/pkg_edit.php?xml=squid.xml&id=0 \n\t\t\t\t\t \n\t\t\t\t\n\t\t\t\t\tRemote Cache \n\t\t\t\t\t/pkg.php?xml=squid_upstream.xml \n\t\t\t\t \n\t\t\t\t\n\t\t\t\t\tLocal Cache \n\t\t\t\t\t/pkg_edit.php?xml=squid_cache.xml&id=0 \n\t\t\t\t \n\t\t\t\t\n\t\t\t\t\tAntivirus \n\t\t\t\t\t/pkg_edit.php?xml=squid_antivirus.xml&id=0 \n\t\t\t\t \n\t\t\t\t\n\t\t\t\t\tACLs \n\t\t\t\t\t/pkg_edit.php?xml=squid_nac.xml&id=0 \n\t\t\t\t \n\t\t\t\t\n\t\t\t\t\tTraffic Mgmt \n\t\t\t\t\t/pkg_edit.php?xml=squid_traffic.xml&id=0 \n\t\t\t\t \n\t\t\t\t\n\t\t\t\t\tAuthentication \n\t\t\t\t\t/pkg_edit.php?xml=squid_auth.xml&id=0 \n\t\t\t\t \n\t\t\t\t\n\t\t\t\t\tUsers \n\t\t\t\t\t/pkg.php?xml=squid_users.xml \n\t\t\t\t \n\t\t\t\t\n\t\t\t\t\tReal Time \n\t\t\t\t\t/squid_monitor.php \n\t\t\t\t \n\t\t\t\t\n\t\t\t\t\tSync \n\t\t\t\t\t/pkg_edit.php?xml=squid_sync.xml \n\t\t\t\t \n\t\t\t \n\t\t\t/usr/local/pkg/squid.inc \n\t\t \n\t\t\n\t\t\tNMap \n\t\t\t\n\t\t\tnmap.xml \n\t\t \n\t\t\n\t\t\tSquid Proxy Server \n\t\t\tModify the proxy server settings \n\t\t\t\n\t\t\t/pkg_edit.php?xml=squid.xml&id=0 \n\t\t \n\t\t\n\t\t\tSquid Reverse Proxy \n\t\t\tModify the reverse proxy server settings \n\t\t\t\n\t\t\t/pkg_edit.php?xml=squid_reverse_general.xml&id=0 \n\t\t \n\t\t\n\t\t\tvmware-guestd \n\t\t\tvmware-guestd.sh \n\t\t\tmwexec(\"/usr/local/etc/rc.d/vmware-guestd status\") == 0; \n\t\t\tVMware Guest Daemon \n\t\t \n\t\t\n\t\t\tvmware-kmod \n\t\t\tvmware-kmod.sh \n\t\t\tmwexec(\"/usr/local/etc/rc.d/vmware-kmod status\") == 0; \n\t\t\tVMware Kernel Modules \n\t\t \n\t\t\n\t\t\tsquid \n\t\t\tsquid.sh \n\t\t\tsquid \n\t\t\tSquid Proxy Server Service \n\t\t \n\t\t\n\t\t\tclamd \n\t\t\tclamd.sh \n\t\t\tclamd \n\t\t\tClamAV Antivirus \n\t\t \n\t\t\n\t\t\tc-icap \n\t\t\tc-icap.sh \n\t\t\tc-icap \n\t\t\tICAP Inteface for Squid and ClamAV integration \n\t\t \n\t\t\n\t\t\t\n\t\t\t\theap LFUDA \n\t\t\t\t90 \n\t\t\t\t95 \n\t\t\t\t100 \n\t\t\t\tufs \n\t\t\t\t16 \n\t\t\t\t/var/squid/cache \n\t\t\t\t0 \n\t\t\t\t4 \n\t\t\t\t64 \n\t\t\t\t256 \n\t\t\t\theap GDSF \n\t\t\t\t \n\t\t \n\t\t\n\t\t\t\n\t\t\t\tnone \n\t\t\t \n\t\t \n\t\t\n\t\t\t\n\t\t\t\ton \n\t\t\t\ton \n\t\t\t\tlan \n\t\t\t\t3128 \n\t\t\t\ton \n\t\t\t\tlan \n\t\t\t\tsplicewhitelist \n\t\t\t\tlan \n\t\t\t\tmodern \n\t\t\t\t2048 \n\t\t\t\tnone \n\t\t\t\t/var/squid/logs \n\t\t\t\tlocalhost \n\t\t\t\tadmin@localhost \n\t\t\t\ten \n\t\t\t\ton \n\t\t\t\tstrip \n\t\t\t\t \n\t\t \n\t\t\n\t\t\t\n\t\t\t\tLg== \n\t\t\t\t \n\t\t \n\t \n\t\n\t \n\t\n\t\t\n\t\t\tipalias \n\t\t\tlan \n\t\t\t5c0a4b6139b05 \n\t\t\tsingle \n\t\t\t24 \n\t\t\t10.255.2.254 \n\t\t \n\t\t\n\t\t\tipalias \n\t\t\tlan \n\t\t\t5c0a4bd391375 \n\t\t\tsingle \n\t\t\t24 \n\t\t\t10.255.3.254 \n\t\t \n\t \n\t\n\t\t\n\t\t\tpfSense \n\t\t\tacme.com \n\t\t \n\t \n \n \n IFGROUP1 \n opt1 opt3 \n \n \n\t\n\t\t\n\t\t\tvmx0 \n\t\t\t100 \n\t\t\tvmx0.100 \n\t\t \n\t\t\n\t\t\tvmx1 \n\t\t\t100 \n\t\t\tvmx1.100 \n\t\t \n\t\t\n\t\t\tvmx1 \n\t\t\t1100 \n\t\t\tvmx1.1100 \n\t\t \n\t\t\n\t\t\tvmx2 \n\t\t\t1100 \n\t\t\tvmx2.1100 \n\t\t \n\t \n \n"
},
{
"path": "tests/unit/plugins/modules/fixtures/pfsense_ipsec_aggregate_config.xml",
"content": "\n\t22.2 \n\t\n\t\tnormal \n\t\tpfSense \n\t\tacme.com \n\t\ton \n\t\t\n\t\t\tall \n\t\t\tAll Users \n\t\t\tsystem \n\t\t\t1998 \n\t\t \n\t\t\n\t\t\tadmins \n\t\t\tSystem Administrators \n\t\t\tsystem \n\t\t\t1999 \n\t\t\t0 \n\t\t\tpage-all \n\t\t \n\t\t\n\t\t\tsystem \n\t\t\ttest \n\t\t\t \n\t\t\n\t\t\tsystem \n\t\t\tgroupe1 \n\t\t\t \n\t\t\n\t\t\tsystem \n\t\t\tgroupe2 \n\t\t\t \n\t\t\n\t\t\tadmin \n\t\t\tSystem Administrator \n\t\t\tsystem \n\t\t\tadmins \n\t\t\t$2y$10$AMCpA.Z.RNaferLp1yzFq.BvaGgfqaJKtQug7OErbocyNagsEK6xW \n\t\t\t0 \n\t\t\tuser-shell-access \n\t\t\t2 \n\t\t\tpfSense.css \n\t\t \n\t\t2000 \n\t\t2000 \n\t\t0.pfsense.pool.ntp.org \n\t\t\n\t\t\thttp \n\t\t\t5c00e5f9029df \n\t\t\t2 \n\t\t \n\t\tyes \n\t\t400000 \n\t\thadp \n\t\thadp \n\t\thadp \n\t\t\n\t\t\tmonthly \n\t\t \n\t\t\n\t\t\tenabled \n\t\t \n\t\tEtc/UTC \n\t \n\t\n\t\t\n\t\t\tvmx0 \n\t\t\twan \n\t\t\t192.168.240.137 \n\t\t\t32 \n\t\t\tSavedCfg \n\t\t\t24 \n\t\t\t \n\t\t\n\t\t\tvmx1 \n\t\t\tlan \n\t\t\t192.168.1.242 \n\t\t\t24 \n\t\t\t \n\t\t\n\t\t\tvmx2 \n\t\t\tvpn \n\t\t\t10.0.0.1 \n\t\t\t24 \n\t\t \n\t\t\n\t\t\tvmx3 \n\t\t\tvt1 \n\t\t\t \n\t\t\n\t\t\tlan_100 \n\t\t\tvmx1.1100 \n\t\t\t172.16.151.210 \n\t\t\t24 \n\t\t \n\t \n\t\n\t\t\n\t\t\t\n\t\t\t\t192.168.1.100 \n\t\t\t\t192.168.1.199 \n\t\t\t \n\t\t \n\t \n\t\n\t\t\n\t\t\t\n\t\t\t\t::1000 \n\t\t\t\t::2000 \n\t\t\t \n\t\t\tassist \n\t\t\tmedium \n\t\t \n\t \n\t\n\t\tpublic \n\t \n\t\n\t\t\n\t\t\t \n\t \n\t\n\t\t1 \n\t\t50 \n\t\tipv4 \n\t \n\t\n\t\t\n\t\t\tadvanced \n\t\t\t\n\t\t\t\t\n\t\t\t\t\tany \n\t\t\t\t \n\t\t\t\twan \n\t\t\t\t\n\t\t\t\t\t \n\t\t\t\t\n\t\t\t\t\t1544027052 \n\t\t\t\t\t \n\t\t\t\t\n\t\t\t\t\t1544027052 \n\t\t\t\t\t \n\t\t\t \n\t\t \n\t\t\n\t\t\t\n\t\t\t\t \n\t\t\t\n\t\t\t\twanip \n\t\t\t\t22022 \n\t\t\t \n\t\t\ttcp \n\t\t\t10.255.1.20 \n\t\t\t22 \n\t\t\twan \n\t\t\t\n\t\t\t\t1544085353 \n\t\t\t\t \n\t\t\t\n\t\t\t\t1544085353 \n\t\t\t\t \n\t\t \n\t \n\t\n\t\t\n\t\t\t\n\t\t\t\t\n\t\t\t\t\tfr1
\n\t\t\t\t\ttest_separator \n\t\t\t\t\tbg-info \n\t\t\t\t\tlan \n\t\t\t\t \n\t\t\t \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545574416 \n\t\t\t \n\t\t\ttcp \n\t\t\tantilock_out_1 \n\t\t\t\n\t\t\t\t1545574416 \n\t\t\t \n\t\t\t\n\t\t\t\tport_ssh \n\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\t \n\t\t\t1545574416 \n\t\t\twan \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545574416 \n\t\t\t \n\t\t\ttcp \n\t\t\tantilock_out_2 \n\t\t\t\n\t\t\t\t1545574416 \n\t\t\t \n\t\t\t\n\t\t\t\tport_http \n\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\t \n\t\t\t1545574416 \n\t\t\twan \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545574416 \n\t\t\t \n\t\t\ttcp \n\t\t\tantilock_out_3 \n\t\t\t\n\t\t\t\t1545574416 \n\t\t\t \n\t\t\t\n\t\t\t\t443 \n\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\t \n\t\t\t1545574416 \n\t\t\twan \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545574416 \n\t\t\t \n\t\t\ttcp \n\t\t\tantilock_out_1 \n\t\t\t\n\t\t\t\t1545574416 \n\t\t\t \n\t\t\t\n\t\t\t\tport_ssh \n\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\t \n\t\t\t1545574416 \n\t\t\tlan \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545574416 \n\t\t\t \n\t\t\ttcp \n\t\t\tantilock_out_2 \n\t\t\t\n\t\t\t\t1545574416 \n\t\t\t \n\t\t\t\n\t\t\t\tport_http \n\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\t \n\t\t\t1545574416 \n\t\t\tlan \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545574416 \n\t\t\t \n\t\t\ttcp \n\t\t\tantilock_out_3 \n\t\t\t\n\t\t\t\t1545574416 \n\t\t\t \n\t\t\t\n\t\t\t\t443 \n\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\t \n\t\t\t1545574416 \n\t\t\tlan \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\ticmp \n\t\t\tping_from_poc3_1 \n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\t\n\t\t\t\tsrv_admin \n\t\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\tlan_data_poc3 \n\t\t\t\t \n\t\t\t1545602758 \n\t\t\tlan \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\tudp \n\t\t\tads_to_ads_udp_1_1 \n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\t\n\t\t\t\tport_dns \n\t\t\t\tad_poc2 \n\t\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\tad_poc3 \n\t\t\t\t \n\t\t\t1545602758 \n\t\t\tlan \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\tudp \n\t\t\tads_to_ads_udp_1_2 \n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\t\n\t\t\t\tport_ldap \n\t\t\t\tad_poc2 \n\t\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\tad_poc3 \n\t\t\t\t \n\t\t\t1545602758 \n\t\t\tlan \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\tudp \n\t\t\tads_to_ads_udp_2_1 \n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\t\n\t\t\t\tport_dns \n\t\t\t\tad_poc1 \n\t\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\tad_poc3 \n\t\t\t\t \n\t\t\t1545602758 \n\t\t\tlan \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\tudp \n\t\t\tads_to_ads_udp_2_2 \n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\t\n\t\t\t\tport_ldap \n\t\t\t\tad_poc1 \n\t\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\tad_poc3 \n\t\t\t\t \n\t\t\t1545602758 \n\t\t\tlan \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\ttcp \n\t\t\tads_to_ads_tcp_1_1 \n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\t\n\t\t\t\tport_dns \n\t\t\t\tad_poc2 \n\t\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\tad_poc3 \n\t\t\t\t \n\t\t\t1545602758 \n\t\t\tlan \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\ttcp \n\t\t\tads_to_ads_tcp_1_2 \n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\t\n\t\t\t\tport_ldap \n\t\t\t\tad_poc2 \n\t\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\tad_poc3 \n\t\t\t\t \n\t\t\t1545602758 \n\t\t\tlan \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\ttcp \n\t\t\tads_to_ads_tcp_1_3 \n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\t\n\t\t\t\tport_ldap_ssl \n\t\t\t\tad_poc2 \n\t\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\tad_poc3 \n\t\t\t\t \n\t\t\t1545602758 \n\t\t\tlan \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\ttcp \n\t\t\tads_to_ads_tcp_2_1 \n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\t\n\t\t\t\tport_dns \n\t\t\t\tad_poc1 \n\t\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\tad_poc3 \n\t\t\t\t \n\t\t\t1545602758 \n\t\t\tlan \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\ttcp \n\t\t\tads_to_ads_tcp_2_2 \n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\t\n\t\t\t\tport_ldap \n\t\t\t\tad_poc1 \n\t\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\tad_poc3 \n\t\t\t\t \n\t\t\t1545602758 \n\t\t\tlan \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\ttcp \n\t\t\tads_to_ads_tcp_2_3 \n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\t\n\t\t\t\tport_ldap_ssl \n\t\t\t\tad_poc1 \n\t\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\tad_poc3 \n\t\t\t\t \n\t\t\t1545602758 \n\t\t\tlan \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545574416 \n\t\t\t \n\t\t\ttcp \n\t\t\tantilock_out_1 \n\t\t\t\n\t\t\t\t1545574416 \n\t\t\t \n\t\t\t\n\t\t\t\tport_ssh \n\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\t \n\t\t\t1545574416 \n\t\t\topt3 \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545574416 \n\t\t\t \n\t\t\ttcp \n\t\t\tantilock_out_2 \n\t\t\t\n\t\t\t\t1545574416 \n\t\t\t \n\t\t\t\n\t\t\t\tport_http \n\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\t \n\t\t\t1545574416 \n\t\t\topt3 \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545574416 \n\t\t\t \n\t\t\ttcp \n\t\t\tantilock_out_3 \n\t\t\t\n\t\t\t\t1545574416 \n\t\t\t \n\t\t\t\n\t\t\t\t443 \n\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\t \n\t\t\t1545574416 \n\t\t\topt3 \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\tudp \n\t\t\tvoid_conf_tftp_1 \n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\t\n\t\t\t\t69 \n\t\t\t\tlan_voip_poc2 \n\t\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\tipbx_poc3 \n\t\t\t\t \n\t\t\t1545602758 \n\t\t\topt3 \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\ticmp \n\t\t\tping_from_poc3_2 \n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\t\n\t\t\t\tsrv_admin \n\t\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\tlan_voip_poc3 \n\t\t\t\t \n\t\t\t1545602758 \n\t\t\topt3 \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\tudp \n\t\t\tvoid_conf_tftp_2 \n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\t\n\t\t\t\t69 \n\t\t\t\tlan_voip_poc1 \n\t\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\tipbx_poc3 \n\t\t\t\t \n\t\t\t1545602758 \n\t\t\topt3 \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545574416 \n\t\t\t \n\t\t\ttcp \n\t\t\tantilock_out_1 \n\t\t\t\n\t\t\t\t1545574416 \n\t\t\t \n\t\t\t\n\t\t\t\tport_ssh \n\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\t \n\t\t\t1545574416 \n\t\t\topt1 \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545574416 \n\t\t\t \n\t\t\ttcp \n\t\t\tantilock_out_2 \n\t\t\t\n\t\t\t\t1545574416 \n\t\t\t \n\t\t\t\n\t\t\t\tport_http \n\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\t \n\t\t\t1545574416 \n\t\t\topt1 \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545574416 \n\t\t\t \n\t\t\ttcp \n\t\t\tantilock_out_3 \n\t\t\t\n\t\t\t\t1545574416 \n\t\t\t \n\t\t\t\n\t\t\t\t443 \n\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\t \n\t\t\t1545574416 \n\t\t\topt1 \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\tudp \n\t\t\tvoid_conf_tftp_3 \n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\t\n\t\t\t\t69 \n\t\t\t\tlan_voip_poc3 \n\t\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\tipbx_poc2 \n\t\t\t\t \n\t\t\t1545602758 \n\t\t\topt1 \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\tudp \n\t\t\tads_to_ads_udp_3_1 \n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\t\n\t\t\t\tport_dns \n\t\t\t\tad_poc3 \n\t\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\tad_poc2 \n\t\t\t\t \n\t\t\t1545602758 \n\t\t\topt1 \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\tudp \n\t\t\tads_to_ads_udp_3_2 \n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\t\n\t\t\t\tport_ldap \n\t\t\t\tad_poc3 \n\t\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\tad_poc2 \n\t\t\t\t \n\t\t\t1545602758 \n\t\t\topt1 \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\tudp \n\t\t\tads_to_ads_udp_4_1 \n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\t\n\t\t\t\tport_dns \n\t\t\t\tad_poc3 \n\t\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\tad_poc1 \n\t\t\t\t \n\t\t\t1545602758 \n\t\t\topt1 \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\tudp \n\t\t\tads_to_ads_udp_4_2 \n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\t\n\t\t\t\tport_ldap \n\t\t\t\tad_poc3 \n\t\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\tad_poc1 \n\t\t\t\t \n\t\t\t1545602758 \n\t\t\topt1 \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\tudp \n\t\t\tvoid_conf_tftp_4 \n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\t\n\t\t\t\t69 \n\t\t\t\tlan_voip_poc3 \n\t\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\tipbx_poc1 \n\t\t\t\t \n\t\t\t1545602758 \n\t\t\topt1 \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\ttcp \n\t\t\tads_to_ads_tcp_4_1 \n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\t\n\t\t\t\tport_dns \n\t\t\t\tad_poc3 \n\t\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\tad_poc1 \n\t\t\t\t \n\t\t\t1545602758 \n\t\t\topt1 \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\ttcp \n\t\t\tads_to_ads_tcp_4_2 \n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\t\n\t\t\t\tport_ldap \n\t\t\t\tad_poc3 \n\t\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\tad_poc1 \n\t\t\t\t \n\t\t\t1545602758 \n\t\t\topt1 \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\ttcp \n\t\t\tads_to_ads_tcp_4_3 \n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\t\n\t\t\t\tport_ldap_ssl \n\t\t\t\tad_poc3 \n\t\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\tad_poc1 \n\t\t\t\t \n\t\t\t1545602758 \n\t\t\topt1 \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\tadmin_bypass \n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\t\n\t\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\tsrv_admin \n\t\t\t\t \n\t\t\t1545602758 \n\t\t\topt1 \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\ttcp \n\t\t\tads_to_ads_tcp_3_1 \n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\t\n\t\t\t\tport_dns \n\t\t\t\tad_poc3 \n\t\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\tad_poc2 \n\t\t\t\t \n\t\t\t1545602758 \n\t\t\topt1 \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\ttcp \n\t\t\tads_to_ads_tcp_3_2 \n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\t\n\t\t\t\tport_ldap \n\t\t\t\tad_poc3 \n\t\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\tad_poc2 \n\t\t\t\t \n\t\t\t1545602758 \n\t\t\topt1 \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\ttcp \n\t\t\tads_to_ads_tcp_3_3 \n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\t\n\t\t\t\tport_ldap_ssl \n\t\t\t\tad_poc3 \n\t\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\tad_poc2 \n\t\t\t\t \n\t\t\t1545602758 \n\t\t\topt1 \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t \n\t\n \n 1 \n ikev2 \n opt3 \n 1.2.4.8 \n inet \n myaddress \n peeraddress \n \n - \n
\n aes \n 128 \n \n\t\t\t sha256 \n\t\t\t sha256 \n 14 \n \n - \n
\n aes \n 256 \n \n sha256 \n\t\t\t sha256 \n 14 \n \n - \n
\n aes128gcm \n 128 \n \n sha256 \n\t\t\t sha256 \n 14 \n \n - \n
\n blowfish \n 256 \n \n aesxcbc \n\t\t\t sha256 \n 14 \n \n \n 28800 \n\t 1234 \n pre_shared_key \n test_tunnel \n on \n off \n 10 \n 5 \n \n \n 1 \n 5db7be207c845 \n tunnel \n 1 \n \n lan \n \n \n network \n 10.20.30.40 \n 24 \n \n esp \n \n aes \n 128 \n \n \n aes128gcm \n 128 \n \n hmac_sha256 \n 14 \n 3600 \n one_p2 \n \n \n 1 \n 5db7be3c0502e \n tunnel \n 2 \n \n lan \n \n \n network \n 10.20.30.50 \n 24 \n \n esp \n\t\t\t\t\t\t\n aes \n 128 \n \n \n aes128gcm \n 128 \n \n\t\t\t\t\t\t\n 3des \n \n hmac_sha256 \n 14 \n 3600 \n another_p2 \n \n\t\t\n 1 \n 5db7be3c0502f \n tunnel \n 3 \n \n\t\t\t\t\t\t\tnetwork \n\t\t\t\t\t\t\t1.2.3.4/24 \n\t\t\t\t\t\t\t24 \n \n \n network \n 10.20.30.50 \n 24 \n \n esp \n\t\t\t\t\t\t\n aes \n 128 \n \n \n aes128gcm \n 128 \n \n\t\t\t\t\t\t\n 3des \n \n hmac_sha256 \n 14 \n 3600 \n third_p2 \n \n\t\t\n 1 \n 5db7be207c846 \n tunnel \n 4 \n \n lan \n \n\t\t\t\t\t\t\n network \n 10.20.30.40 \n 24 \n \n\t\t\t\t\t\t\n network \n 1.2.3.4 \n 24 \n \n esp \n \n aes \n 128 \n \n \n aes128gcm \n 128 \n \n hmac_sha256 \n 14 \n 3600 \n nat_p2 \n \n \n 2 \n ikev2 \n opt3 \n 1.2.3.6 \n inet \n myaddress \n peeraddress \n \n - \n
\n aes \n 128 \n \n sha256 \n\t\t\t sha256 \n 14 \n \n - \n
\n aes \n 256 \n \n sha256 \n\t\t\t sha256 \n 14 \n \n - \n
\n aes128gcm \n 128 \n \n sha256 \n\t\t\t sha256 \n 14 \n \n - \n
\n blowfish \n 256 \n \n aesxcbc \n\t\t\t sha256 \n 14 \n \n \n 28800 \n\t 1234 \n 5c00e5f9029df \n 5db509cfed87d \n rsasig \n test_tunnel2 \n on \n off \n 10 \n 5 \n \n \n\t\n\t\t\n\t\t\tport \n\t\t\tport_ssh \n\t\t\t22 \n\t\t \n\t\t\n\t\t\tport \n\t\t\tport_http \n\t\t\t80 \n\t\t \n\t\t\n\t\t\thost \n\t\t\tsrv_admin \n\t\t\t192.168.1.165 \n\t\t \n\t\t\n\t\t\tport \n\t\t\tport_dns \n\t\t\t51 \n\t\t \n\t\t\n\t\t\tport \n\t\t\tport_ldap \n\t\t\t389 \n\t\t \n\t\t\n\t\t\tport \n\t\t\tport_ldap_ssl \n\t\t\t636 \n\t\t \n\t\n\t\t\tnetwork \n\t\t\tlan_voip_poc2 \n\t\t\t172.16.2.0/24 \n\t\t\t \n\t\t\n\t\t\tnetwork \n\t\t\tlan_voip_poc3 \n\t\t\t172.16.3.0/24 \n\t\t\t \n\t\t\n\t\t\tnetwork \n\t\t\tlan_voip_poc1 \n\t\t\t172.16.1.0/24 \n\t\t\t \n\t\t\n\t\t\thost \n\t\t\tad_poc3 \n\t\t\t192.168.3.3 \n\t\t\t \n\t\t\n\t\t\thost \n\t\t\tad_poc2 \n\t\t\t192.168.2.3 \n\t\t\t \n\t\t\n\t\t\thost \n\t\t\tad_poc1 \n\t\t\t192.168.1.3 \n\t\t\t \n\t\t\n\t\t\tnetwork \n\t\t\tlan_data_poc3 \n\t\t\t192.168.3.0/24 \n\t\t\t \n\t\t\n\t\t\thost \n\t\t\tipbx_poc3 \n\t\t\t172.16.3.3 \n\t\t\t \n\t\t\n\t\t\thost \n\t\t\tipbx_poc2 \n\t\t\t172.16.2.3 \n\t\t\t \n\t\t\n\t\t\thost \n\t\t\tipbx_poc1 \n\t\t\t172.16.1.3 \n\t\t\t \n\t\t\n\t\t\turltable \n\t\t\t10 \n\t\t\thttp://www.acme-corp.com \n\t\t\tacme_corp \n\t\t\t \n\t\t \n\t\n\t\t- \n\t\t\t
1,31 \n\t\t\t0-5 \n\t\t\t* \n\t\t\t* \n\t\t\t* \n\t\t\troot \n\t\t\t/usr/bin/nice -n20 adjkerntz -a \n\t\t \n\t\t- \n\t\t\t
1 \n\t\t\t3 \n\t\t\t1 \n\t\t\t* \n\t\t\t* \n\t\t\troot \n\t\t\t/usr/bin/nice -n20 /etc/rc.update_bogons.sh \n\t\t \n\t\t- \n\t\t\t
*/60 \n\t\t\t* \n\t\t\t* \n\t\t\t* \n\t\t\t* \n\t\t\troot \n\t\t\t/usr/bin/nice -n20 /usr/local/sbin/expiretable -v -t 3600 sshguard \n\t\t \n\t\t- \n\t\t\t
*/60 \n\t\t\t* \n\t\t\t* \n\t\t\t* \n\t\t\t* \n\t\t\troot \n\t\t\t/usr/bin/nice -n20 /usr/local/sbin/expiretable -v -t 3600 webConfiguratorlockout \n\t\t \n\t\t- \n\t\t\t
1 \n\t\t\t1 \n\t\t\t* \n\t\t\t* \n\t\t\t* \n\t\t\troot \n\t\t\t/usr/bin/nice -n20 /etc/rc.dyndns.update \n\t\t \n\t\t- \n\t\t\t
*/60 \n\t\t\t* \n\t\t\t* \n\t\t\t* \n\t\t\t* \n\t\t\troot \n\t\t\t/usr/bin/nice -n20 /usr/local/sbin/expiretable -v -t 3600 virusprot \n\t\t \n\t\t- \n\t\t\t
30 \n\t\t\t12 \n\t\t\t* \n\t\t\t* \n\t\t\t* \n\t\t\troot \n\t\t\t/usr/bin/nice -n20 /etc/rc.update_urltables \n\t\t \n\t\t- \n\t\t\t
1 \n\t\t\t0 \n\t\t\t* \n\t\t\t* \n\t\t\t* \n\t\t\troot \n\t\t\t/usr/bin/nice -n20 /etc/rc.update_pkg_metadata \n\t\t \n\t\t- \n\t\t\t
0 \n\t\t\t0 \n\t\t\t* \n\t\t\t* \n\t\t\t* \n\t\t\troot \n\t\t\t/usr/local/sbin/squid -k rotate -f /usr/local/etc/squid/squid.conf \n\t\t \n\t\t- \n\t\t\t
15 \n\t\t\t0 \n\t\t\t* \n\t\t\t* \n\t\t\t* \n\t\t\troot \n\t\t\t/usr/local/pkg/swapstate_check.php \n\t\t \n\t \n\t\n\t\t \n\t\n\t\t\n\t\t\tICMP \n\t\t\ticmp \n\t\t\tICMP \n\t\t\t \n\t\t\n\t\t\tTCP \n\t\t\ttcp \n\t\t\tGeneric TCP \n\t\t\t \n\t\t\n\t\t\tHTTP \n\t\t\thttp \n\t\t\tGeneric HTTP \n\t\t\t\n\t\t\t\t/ \n\t\t\t\t200\n\t\t\t \n\t\t \n\t\t\n\t\t\tHTTPS \n\t\t\thttps \n\t\t\tGeneric HTTPS \n\t\t\t\n\t\t\t\t/ \n\t\t\t\t200\n\t\t\t \n\t\t \n\t\t\n\t\t\tSMTP \n\t\t\tsend \n\t\t\tGeneric SMTP \n\t\t\t\n\t\t\t\t220 * \n\t\t\t \n\t\t \n\t \n\t\n\t\tsystem_information:col1:open:0,interfaces:col2:open:0 \n\t\t10 \n\t \n\t\n\t\t \n\t\n\t\t1545602758 \n\t\taggregated change \n\t\t \n \n\t\t5c00e5f9029df \n\t\twebConfigurator default (5c00e5f9029df) \n\t\tserver \n\t\tLS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUVlakNDQTJLZ0F3SUJBZ0lCQURBTkJna3Foa2lHOXcwQkFRc0ZBREJhTVRnd05nWURWUVFLRXk5d1psTmwKYm5ObElIZGxZa052Ym1acFozVnlZWFJ2Y2lCVFpXeG1MVk5wWjI1bFpDQkRaWEowYVdacFkyRjBaVEVlTUJ3RwpBMVVFQXhNVmNHWlRaVzV6WlMwMVl6QXdaVFZtT1RBeU9XUm1NQjRYRFRFNE1URXpNREEzTWpVME5Wb1hEVEkwCk1EVXlNakEzTWpVME5Wb3dXakU0TURZR0ExVUVDaE12Y0daVFpXNXpaU0IzWldKRGIyNW1hV2QxY21GMGIzSWcKVTJWc1ppMVRhV2R1WldRZ1EyVnlkR2xtYVdOaGRHVXhIakFjQmdOVkJBTVRGWEJtVTJWdWMyVXROV013TUdVMQpaamt3TWpsa1pqQ0NBU0l3RFFZSktvWklodmNOQVFFQkJRQURnZ0VQQURDQ0FRb0NnZ0VCQU9SRHNBV1hlMitrCmtuUFpBUGxBUG1QUUl6RVBDaXBQdXJ4dmE4c0psSCtiNitKRzl4bnpreXptaVR5SFc0M0tmZzVKNzhCdG1jTmQKWlgvZHlyckZ6dlNiQnZpa21lWk9MdGVaejVaaGFOdkxsbjBxRWZibEFwbWdkUS9Nck42eURoTWNZYWN6SEduTwpTaHdFRWZoMHhuOGo5VEFCMG9vT0JyU2dINnpkTjF2YVFIZzBJeDhIa0toUzY5eDRoV3g2WUUrRE9UQk00NUcwCkNVbitUVzNTSytQaU5QaFExT2tyRHlKL21ZLzdmVXpRZkg1bk5ZcEtNZUE2cVZxdUZTa1g0a0RVRlFwOHNoNG4KMXR5QmtJM2gvTFRpTW5uNjhBMXhKOFdrVW8yUWNxNmNuR0hqL0VGbkVKWWRraTVsYUtDWG5wS0Y0c2hrZHJaVgpRN21ybithUHg5OENBd0VBQWFPQ0FVa3dnZ0ZGTUFrR0ExVWRFd1FDTUFBd0VRWUpZSVpJQVliNFFnRUJCQVFECkFnWkFNQXNHQTFVZER3UUVBd0lGb0RBekJnbGdoa2dCaHZoQ0FRMEVKaFlrVDNCbGJsTlRUQ0JIWlc1bGNtRjAKWldRZ1UyVnlkbVZ5SUVObGNuUnBabWxqWVhSbE1CMEdBMVVkRGdRV0JCU3Qra3hud054UlFGT2pXVTljekRwegp4elRYd2pDQmdnWURWUjBqQkhzd2VZQVVyZnBNWjhEY1VVQlRvMWxQWE13NmM4YzAxOEtoWHFSY01Gb3hPREEyCkJnTlZCQW9UTDNCbVUyVnVjMlVnZDJWaVEyOXVabWxuZFhKaGRHOXlJRk5sYkdZdFUybG5ibVZrSUVObGNuUnAKWm1sallYUmxNUjR3SEFZRFZRUURFeFZ3WmxObGJuTmxMVFZqTURCbE5XWTVNREk1WkdhQ0FRQXdIUVlEVlIwbApCQll3RkFZSUt3WUJCUVVIQXdFR0NDc0dBUVVGQ0FJQ01DQUdBMVVkRVFRWk1CZUNGWEJtVTJWdWMyVXROV013Ck1HVTFaamt3TWpsa1pqQU5CZ2txaGtpRzl3MEJBUXNGQUFPQ0FRRUEzZHhIRWR5SkpWeC9od0t3WGlwcXYrY04KWFpSQ3Q1NUFHbnNGeXZIcG5Rb3pxYzV1ZFdKSTFUcGF1TGNaZjF6OFM1cXQyUDd3V1BndFhnZ3BIWmgydUlqagpha2ZpV0JIQnorS3Q2Qjl5K2hmVTVPRHUwSXMrcHJyWngyM0ZNNjVCOFNiMGlmUlMvZXFTTFpHTHcvLzdhRVJ2CnVpOUhKOXRuemhRYklMb1VwUUQ5MTRLNERldXdJYXZ4dldMTElwMGsreWNoSTczV2NGR1VZVlJpanFNekhlcUcKY2RLRDVtbXZQTk1OYXdESVhuU3pldVpQMTkvVmhuc0J0Y3hiYzNMQ2RSR1VJS0ZNN2syK0xoaEZrdks1NjhlNQozalpNZjNSVWhQaTlFeEF2Vmw3blVyd1l4UU45TXhHMUJzZmNrYldNd1dUL3lFMHFnRHcrT2M4b21SSW9tZz09Ci0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K \n\t\tLS0tLS1CRUdJTiBQUklWQVRFIEtFWS0tLS0tCk1JSUV2UUlCQURBTkJna3Foa2lHOXcwQkFRRUZBQVNDQktjd2dnU2pBZ0VBQW9JQkFRRGtRN0FGbDN0dnBKSnoKMlFENVFENWowQ014RHdvcVQ3cThiMnZMQ1pSL20rdmlSdmNaODVNczVvazhoMXVOeW40T1NlL0FiWm5EWFdWLwozY3E2eGM3MG13YjRwSm5tVGk3WG1jK1dZV2pieTVaOUtoSDI1UUtab0hVUHpLemVzZzRUSEdHbk14eHB6a29jCkJCSDRkTVovSS9Vd0FkS0tEZ2Ewb0IrczNUZGIya0I0TkNNZkI1Q29VdXZjZUlWc2VtQlBnemt3VE9PUnRBbEoKL2sxdDBpdmo0alQ0VU5UcEt3OGlmNW1QKzMxTTBIeCtaeldLU2pIZ09xbGFyaFVwRitKQTFCVUtmTEllSjliYwpnWkNONGZ5MDRqSjUrdkFOY1NmRnBGS05rSEt1bkp4aDQveEJaeENXSFpJdVpXaWdsNTZTaGVMSVpIYTJWVU81CnE1L21qOGZmQWdNQkFBRUNnZ0VCQUpmblI1TmhESjd1T1J2cEZKSEtvL3BPZjZ6ZElsbW45MUFCSWczYkVUeWUKcWFwS3FaUldtT0d2aFRLSHJYQzlpWWUrd2xNZlhNMDdNUm1Yb3BzS21rQURqdThXc3VnbHJWeURHamNzR2RqegpNZkdYZHA4RUplZlFkVGFQY1pjOWpNcEEvK2VCeHUzT2Yxa0hpR0g4YkVBZDBNUWk0bFpISVVWQXJmT2V2NEZhCmlaTEJGdTEzY0pCMEJNbzJUZU9JZDQ1R0p3OXVTQWd3Q1VuZWQ5WG42SlkremI3cVRKUE1qQkdlYWY0L0E5UnMKV29nWW85ZUtYaTF3YmFRcGthdUZINWx2U29jckRsQWRiaERiam00c0lIdzJtQUwwSUk0d1YzVTJLbUhFMEg3Nwp2b1M0dUdHNW1BZFZ0elRDTnZOa09YMC9WVWdNMTJ1eHllZVZ4c3FaTkxFQ2dZRUEvcFhJR2hDNlhkVkNNNDk1CkVsR1RENW4zUXdUOTZXZkNRQ0w2cXlaK1UwUHNla0dDV2pXTWt3R2tHbWl1ZkVKdFN2VFl2d1NzcUZpaTZsdlkKNXRKSkR3dEd4ZW0weEF0SWc3RlNuUVcvdDNWcExXOE9QVmFXQ0lOSXJKSHc3L2tOZ2RpVmNBWXpiN05DUGtjVgptTEs5aSt6bXpKMmkrbE9vaFVKRlE5aVZEQWNDZ1lFQTVZaDFHYWlGMUl6UzRVdE9pZklLcjZ3bW40MEQ3ZEVmClF5SXF5d3JSTVcya1BxVkViaVBCVkM3dUxUeUlKMWdwVDhPakl3WFlrOUlRdW01ZW42TTc2aXlxYmUrY3JhdE8KbEliK3pLL2RBNzZuUjBHOGJ2eVBmMS9FbU5vL0J1ZUZldWQyaWNacWhMd25HUkxUL0FPQktkMTZ4ZGtoSjdkVwo5WWRsbmliL0gya0NnWUJqaC8rQllVVGJab0xKVWJCTjN5S1ZtT1k0aDMwVmdZRktQZUt1Z3hBa1VZdmtpRFFFClBLZEcyZjlrYThTN3crU2l4M0x0eTFBTlNRbjRnZ3djd2QzYVNkaFRpL2ttSkJzbmtXM3hBY3hnVjBEVmlIT1MKdTRWUXNyTDQ5TjJ6bERVWnJLbFA4THl2VU8vM0ZTZDJXWHNOZDRNTVFCejFyVHRYVGY5eWRQeGdoUUtCZ0FzRgptWEhvK0x3ekl2RTBsNG5pT0ljbEFobkpRTFlMdzYrS2xYbDRoSUVXSGJ2d1hhL1lRYkZVSzVXNmdXTTZSWW1TCkFHUnZKRzQ4dVJicXM5cUFrU0Qya2h5RFZBZTI0U2dhcjJPTzBsTWF0WmVqWFhRSzVxMGNJU21oMlVMd25TVkEKdGgxNWpLWGhEeE9TSnVIRUhWQ3dWUFBwTUVGaStXY0M0R3RPdmhONUFvR0FKbXdFSkR2QkZtL0t0SXlZMDhuQgpJSExkc1dSWmRXOXpNbHBsMVk2OTV1b21qS1hVMEwva3VDZ1QwRFVVVG1VK0Q3aGFZL2FQajB6MWpqR0JGcEQ0ClJ3cVA2dVJQTVhRMExLSG5IbmFQclJzanM2Q2xicVQ4ZU93dTRkeVpmYUtTS3VvbVpDZ1pkV2ZxWThVL21tbWIKT21vckhNeWJzWG0wWnJNaTZOemlzam89Ci0tLS0tRU5EIFBSSVZBVEUgS0VZLS0tLS0K \n\t \n \n\t\t5c00e5f9029de \n\t\twebConfigurator default copy \n\t\tserver \n\t\tLS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUVlakNDQTJLZ0F3SUJBZ0lCQURBTkJna3Foa2lHOXcwQkFRc0ZBREJhTVRnd05nWURWUVFLRXk5d1psTmwKYm5ObElIZGxZa052Ym1acFozVnlZWFJ2Y2lCVFpXeG1MVk5wWjI1bFpDQkRaWEowYVdacFkyRjBaVEVlTUJ3RwpBMVVFQXhNVmNHWlRaVzV6WlMwMVl6QXdaVFZtT1RBeU9XUm1NQjRYRFRFNE1URXpNREEzTWpVME5Wb1hEVEkwCk1EVXlNakEzTWpVME5Wb3dXakU0TURZR0ExVUVDaE12Y0daVFpXNXpaU0IzWldKRGIyNW1hV2QxY21GMGIzSWcKVTJWc1ppMVRhV2R1WldRZ1EyVnlkR2xtYVdOaGRHVXhIakFjQmdOVkJBTVRGWEJtVTJWdWMyVXROV013TUdVMQpaamt3TWpsa1pqQ0NBU0l3RFFZSktvWklodmNOQVFFQkJRQURnZ0VQQURDQ0FRb0NnZ0VCQU9SRHNBV1hlMitrCmtuUFpBUGxBUG1QUUl6RVBDaXBQdXJ4dmE4c0psSCtiNitKRzl4bnpreXptaVR5SFc0M0tmZzVKNzhCdG1jTmQKWlgvZHlyckZ6dlNiQnZpa21lWk9MdGVaejVaaGFOdkxsbjBxRWZibEFwbWdkUS9Nck42eURoTWNZYWN6SEduTwpTaHdFRWZoMHhuOGo5VEFCMG9vT0JyU2dINnpkTjF2YVFIZzBJeDhIa0toUzY5eDRoV3g2WUUrRE9UQk00NUcwCkNVbitUVzNTSytQaU5QaFExT2tyRHlKL21ZLzdmVXpRZkg1bk5ZcEtNZUE2cVZxdUZTa1g0a0RVRlFwOHNoNG4KMXR5QmtJM2gvTFRpTW5uNjhBMXhKOFdrVW8yUWNxNmNuR0hqL0VGbkVKWWRraTVsYUtDWG5wS0Y0c2hrZHJaVgpRN21ybithUHg5OENBd0VBQWFPQ0FVa3dnZ0ZGTUFrR0ExVWRFd1FDTUFBd0VRWUpZSVpJQVliNFFnRUJCQVFECkFnWkFNQXNHQTFVZER3UUVBd0lGb0RBekJnbGdoa2dCaHZoQ0FRMEVKaFlrVDNCbGJsTlRUQ0JIWlc1bGNtRjAKWldRZ1UyVnlkbVZ5SUVObGNuUnBabWxqWVhSbE1CMEdBMVVkRGdRV0JCU3Qra3hud054UlFGT2pXVTljekRwegp4elRYd2pDQmdnWURWUjBqQkhzd2VZQVVyZnBNWjhEY1VVQlRvMWxQWE13NmM4YzAxOEtoWHFSY01Gb3hPREEyCkJnTlZCQW9UTDNCbVUyVnVjMlVnZDJWaVEyOXVabWxuZFhKaGRHOXlJRk5sYkdZdFUybG5ibVZrSUVObGNuUnAKWm1sallYUmxNUjR3SEFZRFZRUURFeFZ3WmxObGJuTmxMVFZqTURCbE5XWTVNREk1WkdhQ0FRQXdIUVlEVlIwbApCQll3RkFZSUt3WUJCUVVIQXdFR0NDc0dBUVVGQ0FJQ01DQUdBMVVkRVFRWk1CZUNGWEJtVTJWdWMyVXROV013Ck1HVTFaamt3TWpsa1pqQU5CZ2txaGtpRzl3MEJBUXNGQUFPQ0FRRUEzZHhIRWR5SkpWeC9od0t3WGlwcXYrY04KWFpSQ3Q1NUFHbnNGeXZIcG5Rb3pxYzV1ZFdKSTFUcGF1TGNaZjF6OFM1cXQyUDd3V1BndFhnZ3BIWmgydUlqagpha2ZpV0JIQnorS3Q2Qjl5K2hmVTVPRHUwSXMrcHJyWngyM0ZNNjVCOFNiMGlmUlMvZXFTTFpHTHcvLzdhRVJ2CnVpOUhKOXRuemhRYklMb1VwUUQ5MTRLNERldXdJYXZ4dldMTElwMGsreWNoSTczV2NGR1VZVlJpanFNekhlcUcKY2RLRDVtbXZQTk1OYXdESVhuU3pldVpQMTkvVmhuc0J0Y3hiYzNMQ2RSR1VJS0ZNN2syK0xoaEZrdks1NjhlNQozalpNZjNSVWhQaTlFeEF2Vmw3blVyd1l4UU45TXhHMUJzZmNrYldNd1dUL3lFMHFnRHcrT2M4b21SSW9tZz09Ci0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K \n\t\tLS0tLS1CRUdJTiBQUklWQVRFIEtFWS0tLS0tCk1JSUV2UUlCQURBTkJna3Foa2lHOXcwQkFRRUZBQVNDQktjd2dnU2pBZ0VBQW9JQkFRRGtRN0FGbDN0dnBKSnoKMlFENVFENWowQ014RHdvcVQ3cThiMnZMQ1pSL20rdmlSdmNaODVNczVvazhoMXVOeW40T1NlL0FiWm5EWFdWLwozY3E2eGM3MG13YjRwSm5tVGk3WG1jK1dZV2pieTVaOUtoSDI1UUtab0hVUHpLemVzZzRUSEdHbk14eHB6a29jCkJCSDRkTVovSS9Vd0FkS0tEZ2Ewb0IrczNUZGIya0I0TkNNZkI1Q29VdXZjZUlWc2VtQlBnemt3VE9PUnRBbEoKL2sxdDBpdmo0alQ0VU5UcEt3OGlmNW1QKzMxTTBIeCtaeldLU2pIZ09xbGFyaFVwRitKQTFCVUtmTEllSjliYwpnWkNONGZ5MDRqSjUrdkFOY1NmRnBGS05rSEt1bkp4aDQveEJaeENXSFpJdVpXaWdsNTZTaGVMSVpIYTJWVU81CnE1L21qOGZmQWdNQkFBRUNnZ0VCQUpmblI1TmhESjd1T1J2cEZKSEtvL3BPZjZ6ZElsbW45MUFCSWczYkVUeWUKcWFwS3FaUldtT0d2aFRLSHJYQzlpWWUrd2xNZlhNMDdNUm1Yb3BzS21rQURqdThXc3VnbHJWeURHamNzR2RqegpNZkdYZHA4RUplZlFkVGFQY1pjOWpNcEEvK2VCeHUzT2Yxa0hpR0g4YkVBZDBNUWk0bFpISVVWQXJmT2V2NEZhCmlaTEJGdTEzY0pCMEJNbzJUZU9JZDQ1R0p3OXVTQWd3Q1VuZWQ5WG42SlkremI3cVRKUE1qQkdlYWY0L0E5UnMKV29nWW85ZUtYaTF3YmFRcGthdUZINWx2U29jckRsQWRiaERiam00c0lIdzJtQUwwSUk0d1YzVTJLbUhFMEg3Nwp2b1M0dUdHNW1BZFZ0elRDTnZOa09YMC9WVWdNMTJ1eHllZVZ4c3FaTkxFQ2dZRUEvcFhJR2hDNlhkVkNNNDk1CkVsR1RENW4zUXdUOTZXZkNRQ0w2cXlaK1UwUHNla0dDV2pXTWt3R2tHbWl1ZkVKdFN2VFl2d1NzcUZpaTZsdlkKNXRKSkR3dEd4ZW0weEF0SWc3RlNuUVcvdDNWcExXOE9QVmFXQ0lOSXJKSHc3L2tOZ2RpVmNBWXpiN05DUGtjVgptTEs5aSt6bXpKMmkrbE9vaFVKRlE5aVZEQWNDZ1lFQTVZaDFHYWlGMUl6UzRVdE9pZklLcjZ3bW40MEQ3ZEVmClF5SXF5d3JSTVcya1BxVkViaVBCVkM3dUxUeUlKMWdwVDhPakl3WFlrOUlRdW01ZW42TTc2aXlxYmUrY3JhdE8KbEliK3pLL2RBNzZuUjBHOGJ2eVBmMS9FbU5vL0J1ZUZldWQyaWNacWhMd25HUkxUL0FPQktkMTZ4ZGtoSjdkVwo5WWRsbmliL0gya0NnWUJqaC8rQllVVGJab0xKVWJCTjN5S1ZtT1k0aDMwVmdZRktQZUt1Z3hBa1VZdmtpRFFFClBLZEcyZjlrYThTN3crU2l4M0x0eTFBTlNRbjRnZ3djd2QzYVNkaFRpL2ttSkJzbmtXM3hBY3hnVjBEVmlIT1MKdTRWUXNyTDQ5TjJ6bERVWnJLbFA4THl2VU8vM0ZTZDJXWHNOZDRNTVFCejFyVHRYVGY5eWRQeGdoUUtCZ0FzRgptWEhvK0x3ekl2RTBsNG5pT0ljbEFobkpRTFlMdzYrS2xYbDRoSUVXSGJ2d1hhL1lRYkZVSzVXNmdXTTZSWW1TCkFHUnZKRzQ4dVJicXM5cUFrU0Qya2h5RFZBZTI0U2dhcjJPTzBsTWF0WmVqWFhRSzVxMGNJU21oMlVMd25TVkEKdGgxNWpLWGhEeE9TSnVIRUhWQ3dWUFBwTUVGaStXY0M0R3RPdmhONUFvR0FKbXdFSkR2QkZtL0t0SXlZMDhuQgpJSExkc1dSWmRXOXpNbHBsMVk2OTV1b21qS1hVMEwva3VDZ1QwRFVVVG1VK0Q3aGFZL2FQajB6MWpqR0JGcEQ0ClJ3cVA2dVJQTVhRMExLSG5IbmFQclJzanM2Q2xicVQ4ZU93dTRkeVpmYUtTS3VvbVpDZ1pkV2ZxWThVL21tbWIKT21vckhNeWJzWG0wWnJNaTZOemlzam89Ci0tLS0tRU5EIFBSSVZBVEUgS0VZLS0tLS0K \n\t \n \n 5db509cfed87d \n LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUQyVENDQXNHZ0F3SUJBZ0lCQURBTkJna3Foa2lHOXcwQkFRc0ZBREJTTVJRd0VnWURWUVFERXd0cGJuUmwKY201aGJDMWpZVEVOTUFzR0ExVUVDQk1FZEdWemRERU5NQXNHQTFVRUJ4TUVkR1Z6ZERFTk1Bc0dBMVVFQ2hNRQpkR1Z6\nZERFTk1Bc0dBMVVFQ3hNRWRHVnpkREFlRncweE9URXdNamN3TXpBMk5UWmFGdzB5T1RFd01qUXdNekEyCk5UWmFNRkl4RkRBU0JnTlZCQU1UQzJsdWRHVnlibUZzTFdOaE1RMHdDd1lEVlFRSUV3UjBaWE4wTVEwd0N3WUQKVlFRSEV3UjBaWE4wTVEwd0N3WURWUVFLRXdSMFpYTjBNUTB3Q3dZRFZRUUxFd1IwWlhOM\nE1JSUJJakFOQmdrcQpoa2lHOXcwQkFRRUZBQU9DQVE4QU1JSUJDZ0tDQVFFQXdpbHJ0bjJMaVpSc0g3Tit4MjZKK3BOcEhFL0FncWoyCkNYeG5wQUZKdWVCSlhaSVdPZWtEOEVteHRZUkQ2Wi9jMEEya0ZsTXk3VmwwTVZpL3Q3QUx1NEJVUWI3ZVNKQXgKaWd0VXMwTHJRbHhNSDh5S3VqcEg1RWtlZHZoYmtRcW0zNG\n02T21oR2RwUDBsT3BxWUFJN3pwYzlwODl2M1FPcwptUHBibkNDNE9kRUR6WDNFWWZ5YVZNWXZCa3FTVTZPczZ4VXRRL3JCV2F2T3lzQXlGSzBJSmFYRHI3QjVzZVV3CkdZOG5laHVJTmpicjlXbkFXN0ozcHZ0ZHhRbS9JUENHRGJXYnBtQVpEalRkQ1p3ZTU0MTlnejBZNlJVUDV6bGgKZFNKY1F6cDZjalR4aytiM1Y\nwd3Z5VlRDKzlmMC9wbDRMS3FIZE9ycWt4dHNEaUFzNUZjenlRSURBUUFCbzRHNQpNSUcyTUIwR0ExVWREZ1FXQkJUUnNyckN4cVUvMWxvTTBnS1RFNmlaMmxJNnV6QjZCZ05WSFNNRWN6QnhnQlRSCnNyckN4cVUvMWxvTTBnS1RFNmlaMmxJNnU2RldwRlF3VWpFVU1CSUdBMVVFQXhNTGFXNTBaWEp1WVd3dFkyRXgK\nRFRBTEJnTlZCQWdUQkhSbGMzUXhEVEFMQmdOVkJBY1RCSFJsYzNReERUQUxCZ05WQkFvVEJIUmxjM1F4RFRBTApCZ05WQkFzVEJIUmxjM1NDQVFBd0RBWURWUjBUQkFVd0F3RUIvekFMQmdOVkhROEVCQU1DQVFZd0RRWUpLb1pJCmh2Y05BUUVMQlFBRGdnRUJBQWd4MThXZk1ZVEcvdkw5d045clZmRmJNRnE3N2g0W\nGhBYkJPK1ZGR1liMlBRRXQKcFdwWW9sUjl0aUwvSzhXMGFCcEt6SkRtam1zKzVkNEtlYkxFdnNzdGttSi8vSlFVODdmVU1MVGp3WTBremdHUgpSMkNaUlJJcEc1cEJ6M0ZWeGU4a211YVppWDNvbGlHM2FzV1ByYmpQUUdzU21aRTZ0Y3h1Unh2cW4zOVVoSzRyCnJ4VDZqKzdxRGVWbmFzcThkYWdqT3ZKVjh1MTk4eG\nVyQmZwaFkzdDJwMEJjTDF4NmhrWWwvNnI2VGxTVmEwT1EKVUJXWHNDR1NGK1QrY2Z0VE43OEhOYTJFZlNRelMwRkVRTTJrY1VzMGV4cE9YZlo4UU1BdU5lVEpvc013NVh3ego0bERDUFEwZ09yWUxvdWJVWDlwK0NBSi9qeUNxc3FwRW53bmRiUEE9Ci0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K \n LS0tLS1CRUdJTiBQUklWQVRFIEtFWS0tLS0tCk1JSUV2UUlCQURBTkJna3Foa2lHOXcwQkFRRUZBQVNDQktjd2dnU2pBZ0VBQW9JQkFRRENLV3UyZll1SmxHd2YKczM3SGJvbjZrMmtjVDhDQ3FQWUpmR2VrQVVtNTRFbGRraFk1NlFQd1NiRzFoRVBwbjl6UURhUVdVekx0V1hReApXTCsz\nc0F1N2dGUkJ2dDVJa0RHS0MxU3pRdXRDWEV3ZnpJcTZPa2ZrU1I1MitGdVJDcWJmaWJvNmFFWjJrL1NVCjZtcGdBanZPbHoybnoyL2RBNnlZK2x1Y0lMZzUwUVBOZmNSaC9KcFV4aThHU3BKVG82enJGUzFEK3NGWnE4N0sKd0RJVXJRZ2xwY092c0hteDVUQVpqeWQ2RzRnMk51djFhY0Jic25lbSsxM0ZDYjhnOElZT\nnRadW1ZQmtPTk4wSgpuQjdualgyRFBSanBGUS9uT1dGMUlseERPbnB5TlBHVDV2ZFhUQy9KVk1MNzEvVCttWGdzcW9kMDZ1cVRHMndPCklDemtWelBKQWdNQkFBRUNnZ0VBT3oyZ0c4SWFmUlBJR2JRT2pwTHZqb0REcFZ2QUJSM0FWQXlkSXJFeDZZREIKWWNkYytMWmIrVWpDNi9zN0xXRVZZbldIQnpqRFpSL1NEK3\nhnTW8rSVJPRlcwK2lFc2VjczlrMld2a3RBdExLcwpsMWMxVExUVGtwZXNyK2YvS0RYenpHaWRaWXpEVXhLNW9XWVVwczZIcVBVRVh0c3Y2bU5nbWh4cEx5M2NoK2J4CjlWZ0daMm40NWhTU2NnQnNWay8rM0tEc3l5KzhlUHBrUGN4SS9nV3hCZkx1bWhMeGZSeTM5cy9yZUxla1hvdkkKNXp1Q0FYMEVRWithSHdhU2F\nyOEMwRkRzZ01xZFdyR2xpcVVmMWhCZlpYNm5pWkhITWw1MkRKNExUN0liR1p1LwpDNFhTSXVxdXBGMkVyZmxabkQ1WnByV1BYdEJVU3R2TDNBQUg2Vkl4d1FLQmdRRG9HcFVRZXZJUXZkRG1peldqCjgyZmE5bGxEazd6bzdKMVYreS92bWYrdTFrVUh4YUl5M2prbXVtTHpQMDIwTUJEVmtkSnh1TEVwQkVSVEdlSVcK\nTjJYYjRGZStRNkhQdDdlU3ZETC9EZGpHNjd5YW9EZEp3V1o3RkNjQ2hNTjVMYTREKzkzQk5meW5LUUFLQnRwYwpYZXQwVUVuanNHaUZNTEVCSU4yRnBwbklMUUtCZ1FEV0p0TFcxY2RMWGxvYi8xSXpLdDVMa29QNUdlN0grblpwCndLZVRhYjVQeWlFZnRjMHhyU0kzVURpRU5rSDFpZWtuZ1g0WWk4U200MlUyQW8vY\nXEvZjZpT0g2Q3A4c3BMTkQKU0dpNzh4cUFJYVFTT21oK0pPNlphL0NMemlzVFdUc1R6bHZsRGd1T3lLR2dmQ2pmeWh2OWpHV3Uwd0YxeURoego4VUdVT1pDZmpRS0JnQng4SHEwdUdZVWFkb2ZFcittV0ZyblZuL0RlTWNINFAvcnNYOTZzN0tjZFhzMXNZTktUCldUbzZoNmhJclpXZWpJSlphaFZRMEZVelU5dExBdW\nN0RjFBYndVajFiZWRiS2FsVmRZQzl4MHZxWkhRcGszOTIKdjhmOUdpaUIrS2RuaHNLd1oyK3QyM3I4V2lmZzNXMldqUzN5S0k5TCtCZlllUENsZ3VwREh2NWxBb0dCQU1EZQpsbVVHaEVkTTRycjBhSVBNeUFnb0hOUHNsekZrVWVGTXNhQUNUSFJ3QndVWUo0WGwrRHI0OU8yZU1DbUQyNGpKCkIxZjBDVmlFMUZLZ1h\nBOEZjb0VoWnVSYlRLQllkVnJUakFBNklsUGorSEN5U2duU0dWSHo5T0QwL2JhZlZxV3YKNVBPV2dySkYzOHM2QjFZR0lNOXA4dXBRLzYra2M3TjRSU2ZKOEliQkFvR0FFMmRMdG1aazZMOHFpZ2tKT0Y4TQpjN1Z4K2FHaXBiMXNWVURhcmRxdy9WWmdZOW9LUE8zOFNRT2JnWjNHQVc3UXpEUDdRYU14c2hvUk15ZmZS\nemFSCndVNi9BdTJFQU1vNHhZU2hYR1Z0M0gzUDE1TjlUTXN5UEltRXRTMmpEeER0d1lOSTBJUjhESGJQaEZUTG1lN2MKUE40T3BrYjUvd1B2QXoxVUExVWI1c2c9Ci0tLS0tRU5EIFBSSVZBVEUgS0VZLS0tLS0K \n 0 \n \n \n 5db509cfed87e \n LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUQyVENDQXNHZ0F3SUJBZ0lCQURBTkJna3Foa2lHOXcwQkFRc0ZBREJTTVJRd0VnWURWUVFERXd0cGJuUmwKY201aGJDMWpZVEVOTUFzR0ExVUVDQk1FZEdWemRERU5NQXNHQTFVRUJ4TUVkR1Z6ZERFTk1Bc0dBMVVFQ2hNRQpkR1Z6\nZERFTk1Bc0dBMVVFQ3hNRWRHVnpkREFlRncweE9URXdNamN3TXpBMk5UWmFGdzB5T1RFd01qUXdNekEyCk5UWmFNRkl4RkRBU0JnTlZCQU1UQzJsdWRHVnlibUZzTFdOaE1RMHdDd1lEVlFRSUV3UjBaWE4wTVEwd0N3WUQKVlFRSEV3UjBaWE4wTVEwd0N3WURWUVFLRXdSMFpYTjBNUTB3Q3dZRFZRUUxFd1IwWlhOM\nE1JSUJJakFOQmdrcQpoa2lHOXcwQkFRRUZBQU9DQVE4QU1JSUJDZ0tDQVFFQXdpbHJ0bjJMaVpSc0g3Tit4MjZKK3BOcEhFL0FncWoyCkNYeG5wQUZKdWVCSlhaSVdPZWtEOEVteHRZUkQ2Wi9jMEEya0ZsTXk3VmwwTVZpL3Q3QUx1NEJVUWI3ZVNKQXgKaWd0VXMwTHJRbHhNSDh5S3VqcEg1RWtlZHZoYmtRcW0zNG\n02T21oR2RwUDBsT3BxWUFJN3pwYzlwODl2M1FPcwptUHBibkNDNE9kRUR6WDNFWWZ5YVZNWXZCa3FTVTZPczZ4VXRRL3JCV2F2T3lzQXlGSzBJSmFYRHI3QjVzZVV3CkdZOG5laHVJTmpicjlXbkFXN0ozcHZ0ZHhRbS9JUENHRGJXYnBtQVpEalRkQ1p3ZTU0MTlnejBZNlJVUDV6bGgKZFNKY1F6cDZjalR4aytiM1Y\nwd3Z5VlRDKzlmMC9wbDRMS3FIZE9ycWt4dHNEaUFzNUZjenlRSURBUUFCbzRHNQpNSUcyTUIwR0ExVWREZ1FXQkJUUnNyckN4cVUvMWxvTTBnS1RFNmlaMmxJNnV6QjZCZ05WSFNNRWN6QnhnQlRSCnNyckN4cVUvMWxvTTBnS1RFNmlaMmxJNnU2RldwRlF3VWpFVU1CSUdBMVVFQXhNTGFXNTBaWEp1WVd3dFkyRXgK\nRFRBTEJnTlZCQWdUQkhSbGMzUXhEVEFMQmdOVkJBY1RCSFJsYzNReERUQUxCZ05WQkFvVEJIUmxjM1F4RFRBTApCZ05WQkFzVEJIUmxjM1NDQVFBd0RBWURWUjBUQkFVd0F3RUIvekFMQmdOVkhROEVCQU1DQVFZd0RRWUpLb1pJCmh2Y05BUUVMQlFBRGdnRUJBQWd4MThXZk1ZVEcvdkw5d045clZmRmJNRnE3N2g0W\nGhBYkJPK1ZGR1liMlBRRXQKcFdwWW9sUjl0aUwvSzhXMGFCcEt6SkRtam1zKzVkNEtlYkxFdnNzdGttSi8vSlFVODdmVU1MVGp3WTBremdHUgpSMkNaUlJJcEc1cEJ6M0ZWeGU4a211YVppWDNvbGlHM2FzV1ByYmpQUUdzU21aRTZ0Y3h1Unh2cW4zOVVoSzRyCnJ4VDZqKzdxRGVWbmFzcThkYWdqT3ZKVjh1MTk4eG\nVyQmZwaFkzdDJwMEJjTDF4NmhrWWwvNnI2VGxTVmEwT1EKVUJXWHNDR1NGK1QrY2Z0VE43OEhOYTJFZlNRelMwRkVRTTJrY1VzMGV4cE9YZlo4UU1BdU5lVEpvc013NVh3ego0bERDUFEwZ09yWUxvdWJVWDlwK0NBSi9qeUNxc3FwRW53bmRiUEE9Ci0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K \n LS0tLS1CRUdJTiBQUklWQVRFIEtFWS0tLS0tCk1JSUV2UUlCQURBTkJna3Foa2lHOXcwQkFRRUZBQVNDQktjd2dnU2pBZ0VBQW9JQkFRRENLV3UyZll1SmxHd2YKczM3SGJvbjZrMmtjVDhDQ3FQWUpmR2VrQVVtNTRFbGRraFk1NlFQd1NiRzFoRVBwbjl6UURhUVdVekx0V1hReApXTCsz\nc0F1N2dGUkJ2dDVJa0RHS0MxU3pRdXRDWEV3ZnpJcTZPa2ZrU1I1MitGdVJDcWJmaWJvNmFFWjJrL1NVCjZtcGdBanZPbHoybnoyL2RBNnlZK2x1Y0lMZzUwUVBOZmNSaC9KcFV4aThHU3BKVG82enJGUzFEK3NGWnE4N0sKd0RJVXJRZ2xwY092c0hteDVUQVpqeWQ2RzRnMk51djFhY0Jic25lbSsxM0ZDYjhnOElZT\nnRadW1ZQmtPTk4wSgpuQjdualgyRFBSanBGUS9uT1dGMUlseERPbnB5TlBHVDV2ZFhUQy9KVk1MNzEvVCttWGdzcW9kMDZ1cVRHMndPCklDemtWelBKQWdNQkFBRUNnZ0VBT3oyZ0c4SWFmUlBJR2JRT2pwTHZqb0REcFZ2QUJSM0FWQXlkSXJFeDZZREIKWWNkYytMWmIrVWpDNi9zN0xXRVZZbldIQnpqRFpSL1NEK3\nhnTW8rSVJPRlcwK2lFc2VjczlrMld2a3RBdExLcwpsMWMxVExUVGtwZXNyK2YvS0RYenpHaWRaWXpEVXhLNW9XWVVwczZIcVBVRVh0c3Y2bU5nbWh4cEx5M2NoK2J4CjlWZ0daMm40NWhTU2NnQnNWay8rM0tEc3l5KzhlUHBrUGN4SS9nV3hCZkx1bWhMeGZSeTM5cy9yZUxla1hvdkkKNXp1Q0FYMEVRWithSHdhU2F\nyOEMwRkRzZ01xZFdyR2xpcVVmMWhCZlpYNm5pWkhITWw1MkRKNExUN0liR1p1LwpDNFhTSXVxdXBGMkVyZmxabkQ1WnByV1BYdEJVU3R2TDNBQUg2Vkl4d1FLQmdRRG9HcFVRZXZJUXZkRG1peldqCjgyZmE5bGxEazd6bzdKMVYreS92bWYrdTFrVUh4YUl5M2prbXVtTHpQMDIwTUJEVmtkSnh1TEVwQkVSVEdlSVcK\nTjJYYjRGZStRNkhQdDdlU3ZETC9EZGpHNjd5YW9EZEp3V1o3RkNjQ2hNTjVMYTREKzkzQk5meW5LUUFLQnRwYwpYZXQwVUVuanNHaUZNTEVCSU4yRnBwbklMUUtCZ1FEV0p0TFcxY2RMWGxvYi8xSXpLdDVMa29QNUdlN0grblpwCndLZVRhYjVQeWlFZnRjMHhyU0kzVURpRU5rSDFpZWtuZ1g0WWk4U200MlUyQW8vY\nXEvZjZpT0g2Q3A4c3BMTkQKU0dpNzh4cUFJYVFTT21oK0pPNlphL0NMemlzVFdUc1R6bHZsRGd1T3lLR2dmQ2pmeWh2OWpHV3Uwd0YxeURoego4VUdVT1pDZmpRS0JnQng4SHEwdUdZVWFkb2ZFcittV0ZyblZuL0RlTWNINFAvcnNYOTZzN0tjZFhzMXNZTktUCldUbzZoNmhJclpXZWpJSlphaFZRMEZVelU5dExBdW\nN0RjFBYndVajFiZWRiS2FsVmRZQzl4MHZxWkhRcGszOTIKdjhmOUdpaUIrS2RuaHNLd1oyK3QyM3I4V2lmZzNXMldqUzN5S0k5TCtCZlllUENsZ3VwREh2NWxBb0dCQU1EZQpsbVVHaEVkTTRycjBhSVBNeUFnb0hOUHNsekZrVWVGTXNhQUNUSFJ3QndVWUo0WGwrRHI0OU8yZU1DbUQyNGpKCkIxZjBDVmlFMUZLZ1h\nBOEZjb0VoWnVSYlRLQllkVnJUakFBNklsUGorSEN5U2duU0dWSHo5T0QwL2JhZlZxV3YKNVBPV2dySkYzOHM2QjFZR0lNOXA4dXBRLzYra2M3TjRSU2ZKOEliQkFvR0FFMmRMdG1aazZMOHFpZ2tKT0Y4TQpjN1Z4K2FHaXBiMXNWVURhcmRxdy9WWmdZOW9LUE8zOFNRT2JnWjNHQVc3UXpEUDdRYU14c2hvUk15ZmZS\nemFSCndVNi9BdTJFQU1vNHhZU2hYR1Z0M0gzUDE1TjlUTXN5UEltRXRTMmpEeER0d1lOSTBJUjhESGJQaEZUTG1lN2MKUE40T3BrYjUvd1B2QXoxVUExVWI1c2c9Ci0tLS0tRU5EIFBSSVZBVEUgS0VZLS0tLS0K \n 0 \n \n\t\n\t\t\n\t\t\twan \n\t\t\t192.168.1.220 \n\t\t\tGW_WAN \n\t\t\t1 \n\t\t\tinet \n\t\t\tInterface wan Gateway \n\t\t \n\t\t\n\t\t\tlan \n\t\t\t192.168.1.220 \n\t\t\tGW_LAN \n\t\t\t1 \n\t\t\tinet \n\t\t\tInterface lan Gateway \n\t\t \n\t\tGW_WAN \n\t \n\t\n\t\t\n\t\t\tnmap \n\t\t\tNMap is a utility for network exploration or security auditing.&amp;amp;amp;amp;amp;amp;amp;amp;amp;amp;lt;br/&amp;amp;amp;amp;amp;amp;amp;amp;amp;amp;gt;\n\t\t\tIt supports ping scanning (determine which hosts are up), many port scanning techniques (determine what services the hosts are offering), version detection (determine what application/service is running on a port), and TCP/IP fingerprinting (remote host OS or device identification).\n\t\t\tIt also offers flexible target and port specification, decoy/stealth scanning, SunRPC scanning, and more. \n\t\t\t1.4.4_1 \n\t\t\thttps://doc.pfsense.org/index.php/Nmap_package \n\t\t\tnmap.xml \n\t\t\t/usr/local/pkg/nmap.inc \n\t\t \n\t\t\n\t\t\tiftop \n\t\t\thttps://forum.pfsense.org/ \n\t\t\tRealtime interface monitor (console/shell only). \n\t\t\thttp://www.ex-parrot.com/~pdw/iftop/ \n\t\t\t0.17_2 \n\t\t\tiftop.xml \n\t\t \n\t\t\n\t\t\tOpen-VM-Tools \n\t\t\tVMware Tools is a suite of utilities that enhances the performance of the virtual machine's guest operating system and improves management of the virtual machine. \n\t\t\thttp://open-vm-tools.sourceforge.net/ \n\t\t\t10.1.0,1 \n\t\t\thttps://doc.pfsense.org/index.php/Open_VM_Tools_package \n\t\t\topen-vm-tools.xml \n\t\t\t/usr/local/pkg/open-vm-tools.inc \n\t\t \n\t\t\n\t\t\tsquid3 \n\t\t\tsquid \n\t\t\tHigh performance web proxy cache (3.4 branch). It combines Squid as a proxy server with its capabilities of acting as a HTTP / HTTPS reverse proxy.&amp;amp;amp;amp;amp;amp;amp;amp;amp;amp;lt;br /&amp;amp;amp;amp;amp;amp;amp;amp;amp;amp;gt;\n\t\t\tIt includes an Exchange-Web-Access (OWA) Assistant, SSL filtering and antivirus integration via C-ICAP. \n\t\t\thttps://forum.pfsense.org/index.php?board=60.0 \n\t\t\thttp://www.squid-cache.org/ \n\t\t\t0.4.44_7 \n\t\t\tsquid.xml \n\t\t\tsquid_generate_rules \n\t\t\t\n\t\t\t\t\n\t\t\t\t\tGeneral \n\t\t\t\t\t/pkg_edit.php?xml=squid.xml&id=0 \n\t\t\t\t\t \n\t\t\t\t\n\t\t\t\t\tRemote Cache \n\t\t\t\t\t/pkg.php?xml=squid_upstream.xml \n\t\t\t\t \n\t\t\t\t\n\t\t\t\t\tLocal Cache \n\t\t\t\t\t/pkg_edit.php?xml=squid_cache.xml&id=0 \n\t\t\t\t \n\t\t\t\t\n\t\t\t\t\tAntivirus \n\t\t\t\t\t/pkg_edit.php?xml=squid_antivirus.xml&id=0 \n\t\t\t\t \n\t\t\t\t\n\t\t\t\t\tACLs \n\t\t\t\t\t/pkg_edit.php?xml=squid_nac.xml&id=0 \n\t\t\t\t \n\t\t\t\t\n\t\t\t\t\tTraffic Mgmt \n\t\t\t\t\t/pkg_edit.php?xml=squid_traffic.xml&id=0 \n\t\t\t\t \n\t\t\t\t\n\t\t\t\t\tAuthentication \n\t\t\t\t\t/pkg_edit.php?xml=squid_auth.xml&id=0 \n\t\t\t\t \n\t\t\t\t\n\t\t\t\t\tUsers \n\t\t\t\t\t/pkg.php?xml=squid_users.xml \n\t\t\t\t \n\t\t\t\t\n\t\t\t\t\tReal Time \n\t\t\t\t\t/squid_monitor.php \n\t\t\t\t \n\t\t\t\t\n\t\t\t\t\tSync \n\t\t\t\t\t/pkg_edit.php?xml=squid_sync.xml \n\t\t\t\t \n\t\t\t \n\t\t\t/usr/local/pkg/squid.inc \n\t\t \n\t\t\n\t\t\tNMap \n\t\t\t\n\t\t\tnmap.xml \n\t\t \n\t\t\n\t\t\tSquid Proxy Server \n\t\t\tModify the proxy server settings \n\t\t\t\n\t\t\t/pkg_edit.php?xml=squid.xml&id=0 \n\t\t \n\t\t\n\t\t\tSquid Reverse Proxy \n\t\t\tModify the reverse proxy server settings \n\t\t\t\n\t\t\t/pkg_edit.php?xml=squid_reverse_general.xml&id=0 \n\t\t \n\t\t\n\t\t\tvmware-guestd \n\t\t\tvmware-guestd.sh \n\t\t\tmwexec(\"/usr/local/etc/rc.d/vmware-guestd status\") == 0; \n\t\t\tVMware Guest Daemon \n\t\t \n\t\t\n\t\t\tvmware-kmod \n\t\t\tvmware-kmod.sh \n\t\t\tmwexec(\"/usr/local/etc/rc.d/vmware-kmod status\") == 0; \n\t\t\tVMware Kernel Modules \n\t\t \n\t\t\n\t\t\tsquid \n\t\t\tsquid.sh \n\t\t\tsquid \n\t\t\tSquid Proxy Server Service \n\t\t \n\t\t\n\t\t\tclamd \n\t\t\tclamd.sh \n\t\t\tclamd \n\t\t\tClamAV Antivirus \n\t\t \n\t\t\n\t\t\tc-icap \n\t\t\tc-icap.sh \n\t\t\tc-icap \n\t\t\tICAP Inteface for Squid and ClamAV integration \n\t\t \n\t\t\n\t\t\t\n\t\t\t\theap LFUDA \n\t\t\t\t90 \n\t\t\t\t95 \n\t\t\t\t100 \n\t\t\t\tufs \n\t\t\t\t16 \n\t\t\t\t/var/squid/cache \n\t\t\t\t0 \n\t\t\t\t4 \n\t\t\t\t64 \n\t\t\t\t256 \n\t\t\t\theap GDSF \n\t\t\t\t \n\t\t \n\t\t\n\t\t\t\n\t\t\t\tnone \n\t\t\t \n\t\t \n\t\t\n\t\t\t\n\t\t\t\ton \n\t\t\t\ton \n\t\t\t\tlan \n\t\t\t\t3128 \n\t\t\t\ton \n\t\t\t\tlan \n\t\t\t\tsplicewhitelist \n\t\t\t\tlan \n\t\t\t\tmodern \n\t\t\t\t2048 \n\t\t\t\tnone \n\t\t\t\t/var/squid/logs \n\t\t\t\tlocalhost \n\t\t\t\tadmin@localhost \n\t\t\t\ten \n\t\t\t\ton \n\t\t\t\tstrip \n\t\t\t\t \n\t\t \n\t\t\n\t\t\t\n\t\t\t\tLg== \n\t\t\t\t \n\t\t \n\t \n\t\n\t \n\t\n\t\t\n\t\t\tipalias \n\t\t\tlan \n\t\t\t5c0a4b6139b05 \n\t\t\tsingle \n\t\t\t24 \n\t\t\t10.255.2.254 \n\t\t \n\t\t\n\t\t\tipalias \n\t\t\tlan \n\t\t\t5c0a4bd391375 \n\t\t\tsingle \n\t\t\t24 \n\t\t\t10.255.3.254 \n\t\t \n\t \n\t\n\t\t\n\t\t\tpfSense \n\t\t\tacme.com \n\t\t \n\t \n\t\n\t\t\n\t\t\tvmx1 \n\t\t\t100 \n\t\t\tvmx1.100 \n\t\t \n\t\t\n\t\t\tvmx1 \n\t\t\t1100 \n\t\t\tvmx1.1100 \n\t\t \n\t\t\n\t\t\tvmx2 \n\t\t\t1100 \n\t\t\tvmx2.1100 \n\t\t \n\t \n \n"
},
{
"path": "tests/unit/plugins/modules/fixtures/pfsense_ipsec_config.xml",
"content": "\n\t22.2 \n\t\n\t\tnormal \n\t\tpfSense \n\t\tacme.com \n\t\ton \n\t\t\n\t\t\tall \n\t\t\tAll Users \n\t\t\tsystem \n\t\t\t1998 \n\t\t \n\t\t\n\t\t\tadmins \n\t\t\tSystem Administrators \n\t\t\tsystem \n\t\t\t1999 \n\t\t\t0 \n\t\t\tpage-all \n\t\t \n\t\t\n\t\t\tsystem \n\t\t\ttest \n\t\t\t \n\t\t\n\t\t\tsystem \n\t\t\tgroupe1 \n\t\t\t \n\t\t\n\t\t\tsystem \n\t\t\tgroupe2 \n\t\t\t \n\t\t\n\t\t\tadmin \n\t\t\tSystem Administrator \n\t\t\tsystem \n\t\t\tadmins \n\t\t\t$2y$10$AMCpA.Z.RNaferLp1yzFq.BvaGgfqaJKtQug7OErbocyNagsEK6xW \n\t\t\t0 \n\t\t\tuser-shell-access \n\t\t\t2 \n\t\t\tpfSense.css \n\t\t \n\t\t2000 \n\t\t2000 \n\t\t0.pfsense.pool.ntp.org \n\t\t\n\t\t\thttp \n\t\t\t5c00e5f9029df \n\t\t\t2 \n\t\t \n\t\tyes \n\t\t400000 \n\t\thadp \n\t\thadp \n\t\thadp \n\t\t\n\t\t\tmonthly \n\t\t \n\t\t\n\t\t\tenabled \n\t\t \n\t\tEtc/UTC \n\t \n\t\n\t\t\n\t\t\tvmx0 \n\t\t\twan \n\t\t\t192.168.240.137 \n\t\t\t32 \n\t\t\tSavedCfg \n\t\t\t24 \n\t\t\t \n\t\t\n\t\t\tvmx1 \n\t\t\tlan \n\t\t\t192.168.1.242 \n\t\t\t24 \n\t\t\t \n\t\t\n\t\t\tvmx2 \n\t\t\tvpn \n\t\t\t10.0.0.1 \n\t\t\t24 \n\t\t \n\t\t\n\t\t\tvmx3 \n\t\t\tvt1 \n\t\t\t \n\t\t\n\t\t\tlan_100 \n\t\t\tvmx1.1100 \n\t\t\t172.16.151.210 \n\t\t\t24 \n\t\t \n\t \n\t\n\t\t\n\t\t\t\n\t\t\t\t192.168.1.100 \n\t\t\t\t192.168.1.199 \n\t\t\t \n\t\t \n\t \n\t\n\t\t\n\t\t\t\n\t\t\t\t::1000 \n\t\t\t\t::2000 \n\t\t\t \n\t\t\tassist \n\t\t\tmedium \n\t\t \n\t \n\t\n\t\tpublic \n\t \n\t\n\t\t\n\t\t\t \n\t \n\t\n\t\t1 \n\t\t50 \n\t\tipv4 \n\t \n\t\n\t\t\n\t\t\tadvanced \n\t\t\t\n\t\t\t\t\n\t\t\t\t\tany \n\t\t\t\t \n\t\t\t\twan \n\t\t\t\t\n\t\t\t\t\t \n\t\t\t\t\n\t\t\t\t\t1544027052 \n\t\t\t\t\t \n\t\t\t\t\n\t\t\t\t\t1544027052 \n\t\t\t\t\t \n\t\t\t \n\t\t \n\t\t\n\t\t\t\n\t\t\t\t \n\t\t\t\n\t\t\t\twanip \n\t\t\t\t22022 \n\t\t\t \n\t\t\ttcp \n\t\t\t10.255.1.20 \n\t\t\t22 \n\t\t\twan \n\t\t\t\n\t\t\t\t1544085353 \n\t\t\t\t \n\t\t\t\n\t\t\t\t1544085353 \n\t\t\t\t \n\t\t \n\t \n\t\n\t\t\n\t\t\t\n\t\t\t\t\n\t\t\t\t\tfr1
\n\t\t\t\t\ttest_separator \n\t\t\t\t\tbg-info \n\t\t\t\t\tlan \n\t\t\t\t \n\t\t\t \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545574416 \n\t\t\t \n\t\t\ttcp \n\t\t\tantilock_out_1 \n\t\t\t\n\t\t\t\t1545574416 \n\t\t\t \n\t\t\t\n\t\t\t\tport_ssh \n\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\t \n\t\t\t1545574416 \n\t\t\twan \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545574416 \n\t\t\t \n\t\t\ttcp \n\t\t\tantilock_out_2 \n\t\t\t\n\t\t\t\t1545574416 \n\t\t\t \n\t\t\t\n\t\t\t\tport_http \n\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\t \n\t\t\t1545574416 \n\t\t\twan \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545574416 \n\t\t\t \n\t\t\ttcp \n\t\t\tantilock_out_3 \n\t\t\t\n\t\t\t\t1545574416 \n\t\t\t \n\t\t\t\n\t\t\t\t443 \n\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\t \n\t\t\t1545574416 \n\t\t\twan \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545574416 \n\t\t\t \n\t\t\ttcp \n\t\t\tantilock_out_1 \n\t\t\t\n\t\t\t\t1545574416 \n\t\t\t \n\t\t\t\n\t\t\t\tport_ssh \n\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\t \n\t\t\t1545574416 \n\t\t\tlan \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545574416 \n\t\t\t \n\t\t\ttcp \n\t\t\tantilock_out_2 \n\t\t\t\n\t\t\t\t1545574416 \n\t\t\t \n\t\t\t\n\t\t\t\tport_http \n\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\t \n\t\t\t1545574416 \n\t\t\tlan \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545574416 \n\t\t\t \n\t\t\ttcp \n\t\t\tantilock_out_3 \n\t\t\t\n\t\t\t\t1545574416 \n\t\t\t \n\t\t\t\n\t\t\t\t443 \n\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\t \n\t\t\t1545574416 \n\t\t\tlan \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\ticmp \n\t\t\tping_from_poc3_1 \n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\t\n\t\t\t\tsrv_admin \n\t\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\tlan_data_poc3 \n\t\t\t\t \n\t\t\t1545602758 \n\t\t\tlan \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\tudp \n\t\t\tads_to_ads_udp_1_1 \n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\t\n\t\t\t\tport_dns \n\t\t\t\tad_poc2 \n\t\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\tad_poc3 \n\t\t\t\t \n\t\t\t1545602758 \n\t\t\tlan \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\tudp \n\t\t\tads_to_ads_udp_1_2 \n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\t\n\t\t\t\tport_ldap \n\t\t\t\tad_poc2 \n\t\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\tad_poc3 \n\t\t\t\t \n\t\t\t1545602758 \n\t\t\tlan \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\tudp \n\t\t\tads_to_ads_udp_2_1 \n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\t\n\t\t\t\tport_dns \n\t\t\t\tad_poc1 \n\t\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\tad_poc3 \n\t\t\t\t \n\t\t\t1545602758 \n\t\t\tlan \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\tudp \n\t\t\tads_to_ads_udp_2_2 \n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\t\n\t\t\t\tport_ldap \n\t\t\t\tad_poc1 \n\t\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\tad_poc3 \n\t\t\t\t \n\t\t\t1545602758 \n\t\t\tlan \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\ttcp \n\t\t\tads_to_ads_tcp_1_1 \n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\t\n\t\t\t\tport_dns \n\t\t\t\tad_poc2 \n\t\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\tad_poc3 \n\t\t\t\t \n\t\t\t1545602758 \n\t\t\tlan \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\ttcp \n\t\t\tads_to_ads_tcp_1_2 \n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\t\n\t\t\t\tport_ldap \n\t\t\t\tad_poc2 \n\t\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\tad_poc3 \n\t\t\t\t \n\t\t\t1545602758 \n\t\t\tlan \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\ttcp \n\t\t\tads_to_ads_tcp_1_3 \n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\t\n\t\t\t\tport_ldap_ssl \n\t\t\t\tad_poc2 \n\t\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\tad_poc3 \n\t\t\t\t \n\t\t\t1545602758 \n\t\t\tlan \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\ttcp \n\t\t\tads_to_ads_tcp_2_1 \n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\t\n\t\t\t\tport_dns \n\t\t\t\tad_poc1 \n\t\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\tad_poc3 \n\t\t\t\t \n\t\t\t1545602758 \n\t\t\tlan \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\ttcp \n\t\t\tads_to_ads_tcp_2_2 \n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\t\n\t\t\t\tport_ldap \n\t\t\t\tad_poc1 \n\t\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\tad_poc3 \n\t\t\t\t \n\t\t\t1545602758 \n\t\t\tlan \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\ttcp \n\t\t\tads_to_ads_tcp_2_3 \n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\t\n\t\t\t\tport_ldap_ssl \n\t\t\t\tad_poc1 \n\t\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\tad_poc3 \n\t\t\t\t \n\t\t\t1545602758 \n\t\t\tlan \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545574416 \n\t\t\t \n\t\t\ttcp \n\t\t\tantilock_out_1 \n\t\t\t\n\t\t\t\t1545574416 \n\t\t\t \n\t\t\t\n\t\t\t\tport_ssh \n\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\t \n\t\t\t1545574416 \n\t\t\topt3 \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545574416 \n\t\t\t \n\t\t\ttcp \n\t\t\tantilock_out_2 \n\t\t\t\n\t\t\t\t1545574416 \n\t\t\t \n\t\t\t\n\t\t\t\tport_http \n\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\t \n\t\t\t1545574416 \n\t\t\topt3 \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545574416 \n\t\t\t \n\t\t\ttcp \n\t\t\tantilock_out_3 \n\t\t\t\n\t\t\t\t1545574416 \n\t\t\t \n\t\t\t\n\t\t\t\t443 \n\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\t \n\t\t\t1545574416 \n\t\t\topt3 \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\tudp \n\t\t\tvoid_conf_tftp_1 \n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\t\n\t\t\t\t69 \n\t\t\t\tlan_voip_poc2 \n\t\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\tipbx_poc3 \n\t\t\t\t \n\t\t\t1545602758 \n\t\t\topt3 \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\ticmp \n\t\t\tping_from_poc3_2 \n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\t\n\t\t\t\tsrv_admin \n\t\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\tlan_voip_poc3 \n\t\t\t\t \n\t\t\t1545602758 \n\t\t\topt3 \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\tudp \n\t\t\tvoid_conf_tftp_2 \n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\t\n\t\t\t\t69 \n\t\t\t\tlan_voip_poc1 \n\t\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\tipbx_poc3 \n\t\t\t\t \n\t\t\t1545602758 \n\t\t\topt3 \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545574416 \n\t\t\t \n\t\t\ttcp \n\t\t\tantilock_out_1 \n\t\t\t\n\t\t\t\t1545574416 \n\t\t\t \n\t\t\t\n\t\t\t\tport_ssh \n\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\t \n\t\t\t1545574416 \n\t\t\topt1 \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545574416 \n\t\t\t \n\t\t\ttcp \n\t\t\tantilock_out_2 \n\t\t\t\n\t\t\t\t1545574416 \n\t\t\t \n\t\t\t\n\t\t\t\tport_http \n\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\t \n\t\t\t1545574416 \n\t\t\topt1 \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545574416 \n\t\t\t \n\t\t\ttcp \n\t\t\tantilock_out_3 \n\t\t\t\n\t\t\t\t1545574416 \n\t\t\t \n\t\t\t\n\t\t\t\t443 \n\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\t \n\t\t\t1545574416 \n\t\t\topt1 \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\tudp \n\t\t\tvoid_conf_tftp_3 \n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\t\n\t\t\t\t69 \n\t\t\t\tlan_voip_poc3 \n\t\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\tipbx_poc2 \n\t\t\t\t \n\t\t\t1545602758 \n\t\t\topt1 \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\tudp \n\t\t\tads_to_ads_udp_3_1 \n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\t\n\t\t\t\tport_dns \n\t\t\t\tad_poc3 \n\t\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\tad_poc2 \n\t\t\t\t \n\t\t\t1545602758 \n\t\t\topt1 \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\tudp \n\t\t\tads_to_ads_udp_3_2 \n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\t\n\t\t\t\tport_ldap \n\t\t\t\tad_poc3 \n\t\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\tad_poc2 \n\t\t\t\t \n\t\t\t1545602758 \n\t\t\topt1 \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\tudp \n\t\t\tads_to_ads_udp_4_1 \n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\t\n\t\t\t\tport_dns \n\t\t\t\tad_poc3 \n\t\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\tad_poc1 \n\t\t\t\t \n\t\t\t1545602758 \n\t\t\topt1 \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\tudp \n\t\t\tads_to_ads_udp_4_2 \n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\t\n\t\t\t\tport_ldap \n\t\t\t\tad_poc3 \n\t\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\tad_poc1 \n\t\t\t\t \n\t\t\t1545602758 \n\t\t\topt1 \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\tudp \n\t\t\tvoid_conf_tftp_4 \n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\t\n\t\t\t\t69 \n\t\t\t\tlan_voip_poc3 \n\t\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\tipbx_poc1 \n\t\t\t\t \n\t\t\t1545602758 \n\t\t\topt1 \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\ttcp \n\t\t\tads_to_ads_tcp_4_1 \n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\t\n\t\t\t\tport_dns \n\t\t\t\tad_poc3 \n\t\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\tad_poc1 \n\t\t\t\t \n\t\t\t1545602758 \n\t\t\topt1 \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\ttcp \n\t\t\tads_to_ads_tcp_4_2 \n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\t\n\t\t\t\tport_ldap \n\t\t\t\tad_poc3 \n\t\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\tad_poc1 \n\t\t\t\t \n\t\t\t1545602758 \n\t\t\topt1 \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\ttcp \n\t\t\tads_to_ads_tcp_4_3 \n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\t\n\t\t\t\tport_ldap_ssl \n\t\t\t\tad_poc3 \n\t\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\tad_poc1 \n\t\t\t\t \n\t\t\t1545602758 \n\t\t\topt1 \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\tadmin_bypass \n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\t\n\t\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\tsrv_admin \n\t\t\t\t \n\t\t\t1545602758 \n\t\t\topt1 \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\ttcp \n\t\t\tads_to_ads_tcp_3_1 \n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\t\n\t\t\t\tport_dns \n\t\t\t\tad_poc3 \n\t\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\tad_poc2 \n\t\t\t\t \n\t\t\t1545602758 \n\t\t\topt1 \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\ttcp \n\t\t\tads_to_ads_tcp_3_2 \n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\t\n\t\t\t\tport_ldap \n\t\t\t\tad_poc3 \n\t\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\tad_poc2 \n\t\t\t\t \n\t\t\t1545602758 \n\t\t\topt1 \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\ttcp \n\t\t\tads_to_ads_tcp_3_3 \n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\t\n\t\t\t\tport_ldap_ssl \n\t\t\t\tad_poc3 \n\t\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\tad_poc2 \n\t\t\t\t \n\t\t\t1545602758 \n\t\t\topt1 \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t \n\t\n\t\t\n\t 1 \n\t ikev2 \n\t opt3 \n\t 1.2.4.8 \n\t inet \n\t myaddress \n\t peeraddress \n\t \n\t - \n\t
\n\t aes \n\t 128 \n\t \n\t sha256 \n\t 14 \n\t \n\t - \n\t
\n\t aes \n\t 256 \n\t \n\t sha256 \n\t 14 \n\t \n\t - \n\t
\n\t aes128gcm \n\t 128 \n\t \n\t sha256 \n\t 14 \n\t \n\t - \n\t
\n\t blowfish \n\t 256 \n\t \n\t aesxcbc \n\t 14 \n\t \n\t \n\t 28800 \n\t \t 25000 \n\t \t 1234 \n\t pre_shared_key \n\t test_tunnel \n\t on \n\t off \n\t 10 \n\t 5 \n\t \n\t\t\n\t 10 \n\t ikev2 \n\t opt3 \n\t 1.2.4.16 \n\t inet \n\t myaddress \n\t peeraddress \n\t \n\t - \n\t
\n\t aes \n\t 128 \n\t \n\t sha256 \n\t 14 \n\t \n\t - \n\t
\n\t aes \n\t 256 \n\t \n\t sha256 \n\t 14 \n\t \n\t - \n\t
\n\t aes128gcm \n\t 128 \n\t \n\t sha256 \n\t 14 \n\t \n\t - \n\t
\n\t blowfish \n\t 256 \n\t \n\t aesxcbc \n\t 14 \n\t \n\t \n\t 28800 \n\t \t 1000 \n\t \t 1000 \n\t \t 1000 \n\t\t 4501 \n\t\t 1234 \n\t pre_shared_key \n\t test_tunnel_2_5_0 \n\t on \n\t off \n\t 10 \n\t 5 \n\t \n \n 1 \n 5db7be207c845 \n tunnel \n 1 \n \n lan \n \n \n network \n 10.20.30.40 \n 24 \n \n esp \n \n aes \n 128 \n \n \n aes128gcm \n 128 \n \n hmac_sha256 \n 14 \n 3600 \n \n \n 1 \n 5db7be3c0502e \n tunnel \n 2 \n \n lan \n \n \n network \n 10.20.30.50 \n 24 \n \n esp \n \n aes \n 128 \n \n \n aes128gcm \n 128 \n \n hmac_sha256 \n 14 \n 3600 \n \n \n 2 \n ikev2 \n opt3 \n 1.2.3.6 \n inet \n myaddress \n peeraddress \n \n - \n
\n aes \n 128 \n \n sha256 \n 14 \n \n - \n
\n aes \n 256 \n \n sha256 \n 14 \n \n - \n
\n aes128gcm \n 128 \n \n sha256 \n 14 \n \n - \n
\n blowfish \n 256 \n \n aesxcbc \n 14 \n \n \n 28800 \n\t 1234 \n 5c00e5f9029df \n 5db509cfed87d \n rsasig \n test_tunnel2 \n on \n off \n 10 \n 5 \n \n \n\t\n\t\t\n\t\t\tport \n\t\t\tport_ssh \n\t\t\t22 \n\t\t \n\t\t\n\t\t\tport \n\t\t\tport_http \n\t\t\t80 \n\t\t \n\t\t\n\t\t\thost \n\t\t\tsrv_admin \n\t\t\t192.168.1.165 \n\t\t \n\t\t\n\t\t\tport \n\t\t\tport_dns \n\t\t\t51 \n\t\t \n\t\t\n\t\t\tport \n\t\t\tport_ldap \n\t\t\t389 \n\t\t \n\t\t\n\t\t\tport \n\t\t\tport_ldap_ssl \n\t\t\t636 \n\t\t \n\t\n\t\t\tnetwork \n\t\t\tlan_voip_poc2 \n\t\t\t172.16.2.0/24 \n\t\t\t \n\t\t\n\t\t\tnetwork \n\t\t\tlan_voip_poc3 \n\t\t\t172.16.3.0/24 \n\t\t\t \n\t\t\n\t\t\tnetwork \n\t\t\tlan_voip_poc1 \n\t\t\t172.16.1.0/24 \n\t\t\t \n\t\t\n\t\t\thost \n\t\t\tad_poc3 \n\t\t\t192.168.3.3 \n\t\t\t \n\t\t\n\t\t\thost \n\t\t\tad_poc2 \n\t\t\t192.168.2.3 \n\t\t\t \n\t\t\n\t\t\thost \n\t\t\tad_poc1 \n\t\t\t192.168.1.3 \n\t\t\t \n\t\t\n\t\t\tnetwork \n\t\t\tlan_data_poc3 \n\t\t\t192.168.3.0/24 \n\t\t\t \n\t\t\n\t\t\thost \n\t\t\tipbx_poc3 \n\t\t\t172.16.3.3 \n\t\t\t \n\t\t\n\t\t\thost \n\t\t\tipbx_poc2 \n\t\t\t172.16.2.3 \n\t\t\t \n\t\t\n\t\t\thost \n\t\t\tipbx_poc1 \n\t\t\t172.16.1.3 \n\t\t\t \n\t\t\n\t\t\thttp://www.acme-corp.com \n\t\t\turltable \n\t\t\t10 \n\t\t\thttp://www.acme-corp.com \n\t\t\tacme_corp \n\t\t\t \n\t\t \n\t\n\t\t- \n\t\t\t
1,31 \n\t\t\t0-5 \n\t\t\t* \n\t\t\t* \n\t\t\t* \n\t\t\troot \n\t\t\t/usr/bin/nice -n20 adjkerntz -a \n\t\t \n\t\t- \n\t\t\t
1 \n\t\t\t3 \n\t\t\t1 \n\t\t\t* \n\t\t\t* \n\t\t\troot \n\t\t\t/usr/bin/nice -n20 /etc/rc.update_bogons.sh \n\t\t \n\t\t- \n\t\t\t
*/60 \n\t\t\t* \n\t\t\t* \n\t\t\t* \n\t\t\t* \n\t\t\troot \n\t\t\t/usr/bin/nice -n20 /usr/local/sbin/expiretable -v -t 3600 sshguard \n\t\t \n\t\t- \n\t\t\t
*/60 \n\t\t\t* \n\t\t\t* \n\t\t\t* \n\t\t\t* \n\t\t\troot \n\t\t\t/usr/bin/nice -n20 /usr/local/sbin/expiretable -v -t 3600 webConfiguratorlockout \n\t\t \n\t\t- \n\t\t\t
1 \n\t\t\t1 \n\t\t\t* \n\t\t\t* \n\t\t\t* \n\t\t\troot \n\t\t\t/usr/bin/nice -n20 /etc/rc.dyndns.update \n\t\t \n\t\t- \n\t\t\t
*/60 \n\t\t\t* \n\t\t\t* \n\t\t\t* \n\t\t\t* \n\t\t\troot \n\t\t\t/usr/bin/nice -n20 /usr/local/sbin/expiretable -v -t 3600 virusprot \n\t\t \n\t\t- \n\t\t\t
30 \n\t\t\t12 \n\t\t\t* \n\t\t\t* \n\t\t\t* \n\t\t\troot \n\t\t\t/usr/bin/nice -n20 /etc/rc.update_urltables \n\t\t \n\t\t- \n\t\t\t
1 \n\t\t\t0 \n\t\t\t* \n\t\t\t* \n\t\t\t* \n\t\t\troot \n\t\t\t/usr/bin/nice -n20 /etc/rc.update_pkg_metadata \n\t\t \n\t\t- \n\t\t\t
0 \n\t\t\t0 \n\t\t\t* \n\t\t\t* \n\t\t\t* \n\t\t\troot \n\t\t\t/usr/local/sbin/squid -k rotate -f /usr/local/etc/squid/squid.conf \n\t\t \n\t\t- \n\t\t\t
15 \n\t\t\t0 \n\t\t\t* \n\t\t\t* \n\t\t\t* \n\t\t\troot \n\t\t\t/usr/local/pkg/swapstate_check.php \n\t\t \n\t \n\t\n\t\t \n\t\n\t\t\n\t\t\tICMP \n\t\t\ticmp \n\t\t\tICMP \n\t\t\t \n\t\t\n\t\t\tTCP \n\t\t\ttcp \n\t\t\tGeneric TCP \n\t\t\t \n\t\t\n\t\t\tHTTP \n\t\t\thttp \n\t\t\tGeneric HTTP \n\t\t\t\n\t\t\t\t/ \n\t\t\t\t200\n\t\t\t \n\t\t \n\t\t\n\t\t\tHTTPS \n\t\t\thttps \n\t\t\tGeneric HTTPS \n\t\t\t\n\t\t\t\t/ \n\t\t\t\t200\n\t\t\t \n\t\t \n\t\t\n\t\t\tSMTP \n\t\t\tsend \n\t\t\tGeneric SMTP \n\t\t\t\n\t\t\t\t220 * \n\t\t\t \n\t\t \n\t \n\t\n\t\tsystem_information:col1:open:0,interfaces:col2:open:0 \n\t\t10 \n\t \n\t\n\t\t \n\t\n\t\t1545602758 \n\t\taggregated change \n\t\t \n \n\t\t5c00e5f9029df \n\t\twebConfigurator default (5c00e5f9029df) \n\t\tserver \n\t\tLS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUVlakNDQTJLZ0F3SUJBZ0lCQURBTkJna3Foa2lHOXcwQkFRc0ZBREJhTVRnd05nWURWUVFLRXk5d1psTmwKYm5ObElIZGxZa052Ym1acFozVnlZWFJ2Y2lCVFpXeG1MVk5wWjI1bFpDQkRaWEowYVdacFkyRjBaVEVlTUJ3RwpBMVVFQXhNVmNHWlRaVzV6WlMwMVl6QXdaVFZtT1RBeU9XUm1NQjRYRFRFNE1URXpNREEzTWpVME5Wb1hEVEkwCk1EVXlNakEzTWpVME5Wb3dXakU0TURZR0ExVUVDaE12Y0daVFpXNXpaU0IzWldKRGIyNW1hV2QxY21GMGIzSWcKVTJWc1ppMVRhV2R1WldRZ1EyVnlkR2xtYVdOaGRHVXhIakFjQmdOVkJBTVRGWEJtVTJWdWMyVXROV013TUdVMQpaamt3TWpsa1pqQ0NBU0l3RFFZSktvWklodmNOQVFFQkJRQURnZ0VQQURDQ0FRb0NnZ0VCQU9SRHNBV1hlMitrCmtuUFpBUGxBUG1QUUl6RVBDaXBQdXJ4dmE4c0psSCtiNitKRzl4bnpreXptaVR5SFc0M0tmZzVKNzhCdG1jTmQKWlgvZHlyckZ6dlNiQnZpa21lWk9MdGVaejVaaGFOdkxsbjBxRWZibEFwbWdkUS9Nck42eURoTWNZYWN6SEduTwpTaHdFRWZoMHhuOGo5VEFCMG9vT0JyU2dINnpkTjF2YVFIZzBJeDhIa0toUzY5eDRoV3g2WUUrRE9UQk00NUcwCkNVbitUVzNTSytQaU5QaFExT2tyRHlKL21ZLzdmVXpRZkg1bk5ZcEtNZUE2cVZxdUZTa1g0a0RVRlFwOHNoNG4KMXR5QmtJM2gvTFRpTW5uNjhBMXhKOFdrVW8yUWNxNmNuR0hqL0VGbkVKWWRraTVsYUtDWG5wS0Y0c2hrZHJaVgpRN21ybithUHg5OENBd0VBQWFPQ0FVa3dnZ0ZGTUFrR0ExVWRFd1FDTUFBd0VRWUpZSVpJQVliNFFnRUJCQVFECkFnWkFNQXNHQTFVZER3UUVBd0lGb0RBekJnbGdoa2dCaHZoQ0FRMEVKaFlrVDNCbGJsTlRUQ0JIWlc1bGNtRjAKWldRZ1UyVnlkbVZ5SUVObGNuUnBabWxqWVhSbE1CMEdBMVVkRGdRV0JCU3Qra3hud054UlFGT2pXVTljekRwegp4elRYd2pDQmdnWURWUjBqQkhzd2VZQVVyZnBNWjhEY1VVQlRvMWxQWE13NmM4YzAxOEtoWHFSY01Gb3hPREEyCkJnTlZCQW9UTDNCbVUyVnVjMlVnZDJWaVEyOXVabWxuZFhKaGRHOXlJRk5sYkdZdFUybG5ibVZrSUVObGNuUnAKWm1sallYUmxNUjR3SEFZRFZRUURFeFZ3WmxObGJuTmxMVFZqTURCbE5XWTVNREk1WkdhQ0FRQXdIUVlEVlIwbApCQll3RkFZSUt3WUJCUVVIQXdFR0NDc0dBUVVGQ0FJQ01DQUdBMVVkRVFRWk1CZUNGWEJtVTJWdWMyVXROV013Ck1HVTFaamt3TWpsa1pqQU5CZ2txaGtpRzl3MEJBUXNGQUFPQ0FRRUEzZHhIRWR5SkpWeC9od0t3WGlwcXYrY04KWFpSQ3Q1NUFHbnNGeXZIcG5Rb3pxYzV1ZFdKSTFUcGF1TGNaZjF6OFM1cXQyUDd3V1BndFhnZ3BIWmgydUlqagpha2ZpV0JIQnorS3Q2Qjl5K2hmVTVPRHUwSXMrcHJyWngyM0ZNNjVCOFNiMGlmUlMvZXFTTFpHTHcvLzdhRVJ2CnVpOUhKOXRuemhRYklMb1VwUUQ5MTRLNERldXdJYXZ4dldMTElwMGsreWNoSTczV2NGR1VZVlJpanFNekhlcUcKY2RLRDVtbXZQTk1OYXdESVhuU3pldVpQMTkvVmhuc0J0Y3hiYzNMQ2RSR1VJS0ZNN2syK0xoaEZrdks1NjhlNQozalpNZjNSVWhQaTlFeEF2Vmw3blVyd1l4UU45TXhHMUJzZmNrYldNd1dUL3lFMHFnRHcrT2M4b21SSW9tZz09Ci0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K \n\t\tLS0tLS1CRUdJTiBQUklWQVRFIEtFWS0tLS0tCk1JSUV2UUlCQURBTkJna3Foa2lHOXcwQkFRRUZBQVNDQktjd2dnU2pBZ0VBQW9JQkFRRGtRN0FGbDN0dnBKSnoKMlFENVFENWowQ014RHdvcVQ3cThiMnZMQ1pSL20rdmlSdmNaODVNczVvazhoMXVOeW40T1NlL0FiWm5EWFdWLwozY3E2eGM3MG13YjRwSm5tVGk3WG1jK1dZV2pieTVaOUtoSDI1UUtab0hVUHpLemVzZzRUSEdHbk14eHB6a29jCkJCSDRkTVovSS9Vd0FkS0tEZ2Ewb0IrczNUZGIya0I0TkNNZkI1Q29VdXZjZUlWc2VtQlBnemt3VE9PUnRBbEoKL2sxdDBpdmo0alQ0VU5UcEt3OGlmNW1QKzMxTTBIeCtaeldLU2pIZ09xbGFyaFVwRitKQTFCVUtmTEllSjliYwpnWkNONGZ5MDRqSjUrdkFOY1NmRnBGS05rSEt1bkp4aDQveEJaeENXSFpJdVpXaWdsNTZTaGVMSVpIYTJWVU81CnE1L21qOGZmQWdNQkFBRUNnZ0VCQUpmblI1TmhESjd1T1J2cEZKSEtvL3BPZjZ6ZElsbW45MUFCSWczYkVUeWUKcWFwS3FaUldtT0d2aFRLSHJYQzlpWWUrd2xNZlhNMDdNUm1Yb3BzS21rQURqdThXc3VnbHJWeURHamNzR2RqegpNZkdYZHA4RUplZlFkVGFQY1pjOWpNcEEvK2VCeHUzT2Yxa0hpR0g4YkVBZDBNUWk0bFpISVVWQXJmT2V2NEZhCmlaTEJGdTEzY0pCMEJNbzJUZU9JZDQ1R0p3OXVTQWd3Q1VuZWQ5WG42SlkremI3cVRKUE1qQkdlYWY0L0E5UnMKV29nWW85ZUtYaTF3YmFRcGthdUZINWx2U29jckRsQWRiaERiam00c0lIdzJtQUwwSUk0d1YzVTJLbUhFMEg3Nwp2b1M0dUdHNW1BZFZ0elRDTnZOa09YMC9WVWdNMTJ1eHllZVZ4c3FaTkxFQ2dZRUEvcFhJR2hDNlhkVkNNNDk1CkVsR1RENW4zUXdUOTZXZkNRQ0w2cXlaK1UwUHNla0dDV2pXTWt3R2tHbWl1ZkVKdFN2VFl2d1NzcUZpaTZsdlkKNXRKSkR3dEd4ZW0weEF0SWc3RlNuUVcvdDNWcExXOE9QVmFXQ0lOSXJKSHc3L2tOZ2RpVmNBWXpiN05DUGtjVgptTEs5aSt6bXpKMmkrbE9vaFVKRlE5aVZEQWNDZ1lFQTVZaDFHYWlGMUl6UzRVdE9pZklLcjZ3bW40MEQ3ZEVmClF5SXF5d3JSTVcya1BxVkViaVBCVkM3dUxUeUlKMWdwVDhPakl3WFlrOUlRdW01ZW42TTc2aXlxYmUrY3JhdE8KbEliK3pLL2RBNzZuUjBHOGJ2eVBmMS9FbU5vL0J1ZUZldWQyaWNacWhMd25HUkxUL0FPQktkMTZ4ZGtoSjdkVwo5WWRsbmliL0gya0NnWUJqaC8rQllVVGJab0xKVWJCTjN5S1ZtT1k0aDMwVmdZRktQZUt1Z3hBa1VZdmtpRFFFClBLZEcyZjlrYThTN3crU2l4M0x0eTFBTlNRbjRnZ3djd2QzYVNkaFRpL2ttSkJzbmtXM3hBY3hnVjBEVmlIT1MKdTRWUXNyTDQ5TjJ6bERVWnJLbFA4THl2VU8vM0ZTZDJXWHNOZDRNTVFCejFyVHRYVGY5eWRQeGdoUUtCZ0FzRgptWEhvK0x3ekl2RTBsNG5pT0ljbEFobkpRTFlMdzYrS2xYbDRoSUVXSGJ2d1hhL1lRYkZVSzVXNmdXTTZSWW1TCkFHUnZKRzQ4dVJicXM5cUFrU0Qya2h5RFZBZTI0U2dhcjJPTzBsTWF0WmVqWFhRSzVxMGNJU21oMlVMd25TVkEKdGgxNWpLWGhEeE9TSnVIRUhWQ3dWUFBwTUVGaStXY0M0R3RPdmhONUFvR0FKbXdFSkR2QkZtL0t0SXlZMDhuQgpJSExkc1dSWmRXOXpNbHBsMVk2OTV1b21qS1hVMEwva3VDZ1QwRFVVVG1VK0Q3aGFZL2FQajB6MWpqR0JGcEQ0ClJ3cVA2dVJQTVhRMExLSG5IbmFQclJzanM2Q2xicVQ4ZU93dTRkeVpmYUtTS3VvbVpDZ1pkV2ZxWThVL21tbWIKT21vckhNeWJzWG0wWnJNaTZOemlzam89Ci0tLS0tRU5EIFBSSVZBVEUgS0VZLS0tLS0K \n\t \n \n\t\t5c00e5f9029de \n\t\twebConfigurator default copy \n\t\tserver \n\t\tLS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUVlakNDQTJLZ0F3SUJBZ0lCQURBTkJna3Foa2lHOXcwQkFRc0ZBREJhTVRnd05nWURWUVFLRXk5d1psTmwKYm5ObElIZGxZa052Ym1acFozVnlZWFJ2Y2lCVFpXeG1MVk5wWjI1bFpDQkRaWEowYVdacFkyRjBaVEVlTUJ3RwpBMVVFQXhNVmNHWlRaVzV6WlMwMVl6QXdaVFZtT1RBeU9XUm1NQjRYRFRFNE1URXpNREEzTWpVME5Wb1hEVEkwCk1EVXlNakEzTWpVME5Wb3dXakU0TURZR0ExVUVDaE12Y0daVFpXNXpaU0IzWldKRGIyNW1hV2QxY21GMGIzSWcKVTJWc1ppMVRhV2R1WldRZ1EyVnlkR2xtYVdOaGRHVXhIakFjQmdOVkJBTVRGWEJtVTJWdWMyVXROV013TUdVMQpaamt3TWpsa1pqQ0NBU0l3RFFZSktvWklodmNOQVFFQkJRQURnZ0VQQURDQ0FRb0NnZ0VCQU9SRHNBV1hlMitrCmtuUFpBUGxBUG1QUUl6RVBDaXBQdXJ4dmE4c0psSCtiNitKRzl4bnpreXptaVR5SFc0M0tmZzVKNzhCdG1jTmQKWlgvZHlyckZ6dlNiQnZpa21lWk9MdGVaejVaaGFOdkxsbjBxRWZibEFwbWdkUS9Nck42eURoTWNZYWN6SEduTwpTaHdFRWZoMHhuOGo5VEFCMG9vT0JyU2dINnpkTjF2YVFIZzBJeDhIa0toUzY5eDRoV3g2WUUrRE9UQk00NUcwCkNVbitUVzNTSytQaU5QaFExT2tyRHlKL21ZLzdmVXpRZkg1bk5ZcEtNZUE2cVZxdUZTa1g0a0RVRlFwOHNoNG4KMXR5QmtJM2gvTFRpTW5uNjhBMXhKOFdrVW8yUWNxNmNuR0hqL0VGbkVKWWRraTVsYUtDWG5wS0Y0c2hrZHJaVgpRN21ybithUHg5OENBd0VBQWFPQ0FVa3dnZ0ZGTUFrR0ExVWRFd1FDTUFBd0VRWUpZSVpJQVliNFFnRUJCQVFECkFnWkFNQXNHQTFVZER3UUVBd0lGb0RBekJnbGdoa2dCaHZoQ0FRMEVKaFlrVDNCbGJsTlRUQ0JIWlc1bGNtRjAKWldRZ1UyVnlkbVZ5SUVObGNuUnBabWxqWVhSbE1CMEdBMVVkRGdRV0JCU3Qra3hud054UlFGT2pXVTljekRwegp4elRYd2pDQmdnWURWUjBqQkhzd2VZQVVyZnBNWjhEY1VVQlRvMWxQWE13NmM4YzAxOEtoWHFSY01Gb3hPREEyCkJnTlZCQW9UTDNCbVUyVnVjMlVnZDJWaVEyOXVabWxuZFhKaGRHOXlJRk5sYkdZdFUybG5ibVZrSUVObGNuUnAKWm1sallYUmxNUjR3SEFZRFZRUURFeFZ3WmxObGJuTmxMVFZqTURCbE5XWTVNREk1WkdhQ0FRQXdIUVlEVlIwbApCQll3RkFZSUt3WUJCUVVIQXdFR0NDc0dBUVVGQ0FJQ01DQUdBMVVkRVFRWk1CZUNGWEJtVTJWdWMyVXROV013Ck1HVTFaamt3TWpsa1pqQU5CZ2txaGtpRzl3MEJBUXNGQUFPQ0FRRUEzZHhIRWR5SkpWeC9od0t3WGlwcXYrY04KWFpSQ3Q1NUFHbnNGeXZIcG5Rb3pxYzV1ZFdKSTFUcGF1TGNaZjF6OFM1cXQyUDd3V1BndFhnZ3BIWmgydUlqagpha2ZpV0JIQnorS3Q2Qjl5K2hmVTVPRHUwSXMrcHJyWngyM0ZNNjVCOFNiMGlmUlMvZXFTTFpHTHcvLzdhRVJ2CnVpOUhKOXRuemhRYklMb1VwUUQ5MTRLNERldXdJYXZ4dldMTElwMGsreWNoSTczV2NGR1VZVlJpanFNekhlcUcKY2RLRDVtbXZQTk1OYXdESVhuU3pldVpQMTkvVmhuc0J0Y3hiYzNMQ2RSR1VJS0ZNN2syK0xoaEZrdks1NjhlNQozalpNZjNSVWhQaTlFeEF2Vmw3blVyd1l4UU45TXhHMUJzZmNrYldNd1dUL3lFMHFnRHcrT2M4b21SSW9tZz09Ci0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K \n\t\tLS0tLS1CRUdJTiBQUklWQVRFIEtFWS0tLS0tCk1JSUV2UUlCQURBTkJna3Foa2lHOXcwQkFRRUZBQVNDQktjd2dnU2pBZ0VBQW9JQkFRRGtRN0FGbDN0dnBKSnoKMlFENVFENWowQ014RHdvcVQ3cThiMnZMQ1pSL20rdmlSdmNaODVNczVvazhoMXVOeW40T1NlL0FiWm5EWFdWLwozY3E2eGM3MG13YjRwSm5tVGk3WG1jK1dZV2pieTVaOUtoSDI1UUtab0hVUHpLemVzZzRUSEdHbk14eHB6a29jCkJCSDRkTVovSS9Vd0FkS0tEZ2Ewb0IrczNUZGIya0I0TkNNZkI1Q29VdXZjZUlWc2VtQlBnemt3VE9PUnRBbEoKL2sxdDBpdmo0alQ0VU5UcEt3OGlmNW1QKzMxTTBIeCtaeldLU2pIZ09xbGFyaFVwRitKQTFCVUtmTEllSjliYwpnWkNONGZ5MDRqSjUrdkFOY1NmRnBGS05rSEt1bkp4aDQveEJaeENXSFpJdVpXaWdsNTZTaGVMSVpIYTJWVU81CnE1L21qOGZmQWdNQkFBRUNnZ0VCQUpmblI1TmhESjd1T1J2cEZKSEtvL3BPZjZ6ZElsbW45MUFCSWczYkVUeWUKcWFwS3FaUldtT0d2aFRLSHJYQzlpWWUrd2xNZlhNMDdNUm1Yb3BzS21rQURqdThXc3VnbHJWeURHamNzR2RqegpNZkdYZHA4RUplZlFkVGFQY1pjOWpNcEEvK2VCeHUzT2Yxa0hpR0g4YkVBZDBNUWk0bFpISVVWQXJmT2V2NEZhCmlaTEJGdTEzY0pCMEJNbzJUZU9JZDQ1R0p3OXVTQWd3Q1VuZWQ5WG42SlkremI3cVRKUE1qQkdlYWY0L0E5UnMKV29nWW85ZUtYaTF3YmFRcGthdUZINWx2U29jckRsQWRiaERiam00c0lIdzJtQUwwSUk0d1YzVTJLbUhFMEg3Nwp2b1M0dUdHNW1BZFZ0elRDTnZOa09YMC9WVWdNMTJ1eHllZVZ4c3FaTkxFQ2dZRUEvcFhJR2hDNlhkVkNNNDk1CkVsR1RENW4zUXdUOTZXZkNRQ0w2cXlaK1UwUHNla0dDV2pXTWt3R2tHbWl1ZkVKdFN2VFl2d1NzcUZpaTZsdlkKNXRKSkR3dEd4ZW0weEF0SWc3RlNuUVcvdDNWcExXOE9QVmFXQ0lOSXJKSHc3L2tOZ2RpVmNBWXpiN05DUGtjVgptTEs5aSt6bXpKMmkrbE9vaFVKRlE5aVZEQWNDZ1lFQTVZaDFHYWlGMUl6UzRVdE9pZklLcjZ3bW40MEQ3ZEVmClF5SXF5d3JSTVcya1BxVkViaVBCVkM3dUxUeUlKMWdwVDhPakl3WFlrOUlRdW01ZW42TTc2aXlxYmUrY3JhdE8KbEliK3pLL2RBNzZuUjBHOGJ2eVBmMS9FbU5vL0J1ZUZldWQyaWNacWhMd25HUkxUL0FPQktkMTZ4ZGtoSjdkVwo5WWRsbmliL0gya0NnWUJqaC8rQllVVGJab0xKVWJCTjN5S1ZtT1k0aDMwVmdZRktQZUt1Z3hBa1VZdmtpRFFFClBLZEcyZjlrYThTN3crU2l4M0x0eTFBTlNRbjRnZ3djd2QzYVNkaFRpL2ttSkJzbmtXM3hBY3hnVjBEVmlIT1MKdTRWUXNyTDQ5TjJ6bERVWnJLbFA4THl2VU8vM0ZTZDJXWHNOZDRNTVFCejFyVHRYVGY5eWRQeGdoUUtCZ0FzRgptWEhvK0x3ekl2RTBsNG5pT0ljbEFobkpRTFlMdzYrS2xYbDRoSUVXSGJ2d1hhL1lRYkZVSzVXNmdXTTZSWW1TCkFHUnZKRzQ4dVJicXM5cUFrU0Qya2h5RFZBZTI0U2dhcjJPTzBsTWF0WmVqWFhRSzVxMGNJU21oMlVMd25TVkEKdGgxNWpLWGhEeE9TSnVIRUhWQ3dWUFBwTUVGaStXY0M0R3RPdmhONUFvR0FKbXdFSkR2QkZtL0t0SXlZMDhuQgpJSExkc1dSWmRXOXpNbHBsMVk2OTV1b21qS1hVMEwva3VDZ1QwRFVVVG1VK0Q3aGFZL2FQajB6MWpqR0JGcEQ0ClJ3cVA2dVJQTVhRMExLSG5IbmFQclJzanM2Q2xicVQ4ZU93dTRkeVpmYUtTS3VvbVpDZ1pkV2ZxWThVL21tbWIKT21vckhNeWJzWG0wWnJNaTZOemlzam89Ci0tLS0tRU5EIFBSSVZBVEUgS0VZLS0tLS0K \n\t \n \n 5db509cfed87d \n LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUQyVENDQXNHZ0F3SUJBZ0lCQURBTkJna3Foa2lHOXcwQkFRc0ZBREJTTVJRd0VnWURWUVFERXd0cGJuUmwKY201aGJDMWpZVEVOTUFzR0ExVUVDQk1FZEdWemRERU5NQXNHQTFVRUJ4TUVkR1Z6ZERFTk1Bc0dBMVVFQ2hNRQpkR1Z6\nZERFTk1Bc0dBMVVFQ3hNRWRHVnpkREFlRncweE9URXdNamN3TXpBMk5UWmFGdzB5T1RFd01qUXdNekEyCk5UWmFNRkl4RkRBU0JnTlZCQU1UQzJsdWRHVnlibUZzTFdOaE1RMHdDd1lEVlFRSUV3UjBaWE4wTVEwd0N3WUQKVlFRSEV3UjBaWE4wTVEwd0N3WURWUVFLRXdSMFpYTjBNUTB3Q3dZRFZRUUxFd1IwWlhOM\nE1JSUJJakFOQmdrcQpoa2lHOXcwQkFRRUZBQU9DQVE4QU1JSUJDZ0tDQVFFQXdpbHJ0bjJMaVpSc0g3Tit4MjZKK3BOcEhFL0FncWoyCkNYeG5wQUZKdWVCSlhaSVdPZWtEOEVteHRZUkQ2Wi9jMEEya0ZsTXk3VmwwTVZpL3Q3QUx1NEJVUWI3ZVNKQXgKaWd0VXMwTHJRbHhNSDh5S3VqcEg1RWtlZHZoYmtRcW0zNG\n02T21oR2RwUDBsT3BxWUFJN3pwYzlwODl2M1FPcwptUHBibkNDNE9kRUR6WDNFWWZ5YVZNWXZCa3FTVTZPczZ4VXRRL3JCV2F2T3lzQXlGSzBJSmFYRHI3QjVzZVV3CkdZOG5laHVJTmpicjlXbkFXN0ozcHZ0ZHhRbS9JUENHRGJXYnBtQVpEalRkQ1p3ZTU0MTlnejBZNlJVUDV6bGgKZFNKY1F6cDZjalR4aytiM1Y\nwd3Z5VlRDKzlmMC9wbDRMS3FIZE9ycWt4dHNEaUFzNUZjenlRSURBUUFCbzRHNQpNSUcyTUIwR0ExVWREZ1FXQkJUUnNyckN4cVUvMWxvTTBnS1RFNmlaMmxJNnV6QjZCZ05WSFNNRWN6QnhnQlRSCnNyckN4cVUvMWxvTTBnS1RFNmlaMmxJNnU2RldwRlF3VWpFVU1CSUdBMVVFQXhNTGFXNTBaWEp1WVd3dFkyRXgK\nRFRBTEJnTlZCQWdUQkhSbGMzUXhEVEFMQmdOVkJBY1RCSFJsYzNReERUQUxCZ05WQkFvVEJIUmxjM1F4RFRBTApCZ05WQkFzVEJIUmxjM1NDQVFBd0RBWURWUjBUQkFVd0F3RUIvekFMQmdOVkhROEVCQU1DQVFZd0RRWUpLb1pJCmh2Y05BUUVMQlFBRGdnRUJBQWd4MThXZk1ZVEcvdkw5d045clZmRmJNRnE3N2g0W\nGhBYkJPK1ZGR1liMlBRRXQKcFdwWW9sUjl0aUwvSzhXMGFCcEt6SkRtam1zKzVkNEtlYkxFdnNzdGttSi8vSlFVODdmVU1MVGp3WTBremdHUgpSMkNaUlJJcEc1cEJ6M0ZWeGU4a211YVppWDNvbGlHM2FzV1ByYmpQUUdzU21aRTZ0Y3h1Unh2cW4zOVVoSzRyCnJ4VDZqKzdxRGVWbmFzcThkYWdqT3ZKVjh1MTk4eG\nVyQmZwaFkzdDJwMEJjTDF4NmhrWWwvNnI2VGxTVmEwT1EKVUJXWHNDR1NGK1QrY2Z0VE43OEhOYTJFZlNRelMwRkVRTTJrY1VzMGV4cE9YZlo4UU1BdU5lVEpvc013NVh3ego0bERDUFEwZ09yWUxvdWJVWDlwK0NBSi9qeUNxc3FwRW53bmRiUEE9Ci0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K \n LS0tLS1CRUdJTiBQUklWQVRFIEtFWS0tLS0tCk1JSUV2UUlCQURBTkJna3Foa2lHOXcwQkFRRUZBQVNDQktjd2dnU2pBZ0VBQW9JQkFRRENLV3UyZll1SmxHd2YKczM3SGJvbjZrMmtjVDhDQ3FQWUpmR2VrQVVtNTRFbGRraFk1NlFQd1NiRzFoRVBwbjl6UURhUVdVekx0V1hReApXTCsz\nc0F1N2dGUkJ2dDVJa0RHS0MxU3pRdXRDWEV3ZnpJcTZPa2ZrU1I1MitGdVJDcWJmaWJvNmFFWjJrL1NVCjZtcGdBanZPbHoybnoyL2RBNnlZK2x1Y0lMZzUwUVBOZmNSaC9KcFV4aThHU3BKVG82enJGUzFEK3NGWnE4N0sKd0RJVXJRZ2xwY092c0hteDVUQVpqeWQ2RzRnMk51djFhY0Jic25lbSsxM0ZDYjhnOElZT\nnRadW1ZQmtPTk4wSgpuQjdualgyRFBSanBGUS9uT1dGMUlseERPbnB5TlBHVDV2ZFhUQy9KVk1MNzEvVCttWGdzcW9kMDZ1cVRHMndPCklDemtWelBKQWdNQkFBRUNnZ0VBT3oyZ0c4SWFmUlBJR2JRT2pwTHZqb0REcFZ2QUJSM0FWQXlkSXJFeDZZREIKWWNkYytMWmIrVWpDNi9zN0xXRVZZbldIQnpqRFpSL1NEK3\nhnTW8rSVJPRlcwK2lFc2VjczlrMld2a3RBdExLcwpsMWMxVExUVGtwZXNyK2YvS0RYenpHaWRaWXpEVXhLNW9XWVVwczZIcVBVRVh0c3Y2bU5nbWh4cEx5M2NoK2J4CjlWZ0daMm40NWhTU2NnQnNWay8rM0tEc3l5KzhlUHBrUGN4SS9nV3hCZkx1bWhMeGZSeTM5cy9yZUxla1hvdkkKNXp1Q0FYMEVRWithSHdhU2F\nyOEMwRkRzZ01xZFdyR2xpcVVmMWhCZlpYNm5pWkhITWw1MkRKNExUN0liR1p1LwpDNFhTSXVxdXBGMkVyZmxabkQ1WnByV1BYdEJVU3R2TDNBQUg2Vkl4d1FLQmdRRG9HcFVRZXZJUXZkRG1peldqCjgyZmE5bGxEazd6bzdKMVYreS92bWYrdTFrVUh4YUl5M2prbXVtTHpQMDIwTUJEVmtkSnh1TEVwQkVSVEdlSVcK\nTjJYYjRGZStRNkhQdDdlU3ZETC9EZGpHNjd5YW9EZEp3V1o3RkNjQ2hNTjVMYTREKzkzQk5meW5LUUFLQnRwYwpYZXQwVUVuanNHaUZNTEVCSU4yRnBwbklMUUtCZ1FEV0p0TFcxY2RMWGxvYi8xSXpLdDVMa29QNUdlN0grblpwCndLZVRhYjVQeWlFZnRjMHhyU0kzVURpRU5rSDFpZWtuZ1g0WWk4U200MlUyQW8vY\nXEvZjZpT0g2Q3A4c3BMTkQKU0dpNzh4cUFJYVFTT21oK0pPNlphL0NMemlzVFdUc1R6bHZsRGd1T3lLR2dmQ2pmeWh2OWpHV3Uwd0YxeURoego4VUdVT1pDZmpRS0JnQng4SHEwdUdZVWFkb2ZFcittV0ZyblZuL0RlTWNINFAvcnNYOTZzN0tjZFhzMXNZTktUCldUbzZoNmhJclpXZWpJSlphaFZRMEZVelU5dExBdW\nN0RjFBYndVajFiZWRiS2FsVmRZQzl4MHZxWkhRcGszOTIKdjhmOUdpaUIrS2RuaHNLd1oyK3QyM3I4V2lmZzNXMldqUzN5S0k5TCtCZlllUENsZ3VwREh2NWxBb0dCQU1EZQpsbVVHaEVkTTRycjBhSVBNeUFnb0hOUHNsekZrVWVGTXNhQUNUSFJ3QndVWUo0WGwrRHI0OU8yZU1DbUQyNGpKCkIxZjBDVmlFMUZLZ1h\nBOEZjb0VoWnVSYlRLQllkVnJUakFBNklsUGorSEN5U2duU0dWSHo5T0QwL2JhZlZxV3YKNVBPV2dySkYzOHM2QjFZR0lNOXA4dXBRLzYra2M3TjRSU2ZKOEliQkFvR0FFMmRMdG1aazZMOHFpZ2tKT0Y4TQpjN1Z4K2FHaXBiMXNWVURhcmRxdy9WWmdZOW9LUE8zOFNRT2JnWjNHQVc3UXpEUDdRYU14c2hvUk15ZmZS\nemFSCndVNi9BdTJFQU1vNHhZU2hYR1Z0M0gzUDE1TjlUTXN5UEltRXRTMmpEeER0d1lOSTBJUjhESGJQaEZUTG1lN2MKUE40T3BrYjUvd1B2QXoxVUExVWI1c2c9Ci0tLS0tRU5EIFBSSVZBVEUgS0VZLS0tLS0K \n 0 \n \n \n 5db509cfed87e \n LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUQyVENDQXNHZ0F3SUJBZ0lCQURBTkJna3Foa2lHOXcwQkFRc0ZBREJTTVJRd0VnWURWUVFERXd0cGJuUmwKY201aGJDMWpZVEVOTUFzR0ExVUVDQk1FZEdWemRERU5NQXNHQTFVRUJ4TUVkR1Z6ZERFTk1Bc0dBMVVFQ2hNRQpkR1Z6\nZERFTk1Bc0dBMVVFQ3hNRWRHVnpkREFlRncweE9URXdNamN3TXpBMk5UWmFGdzB5T1RFd01qUXdNekEyCk5UWmFNRkl4RkRBU0JnTlZCQU1UQzJsdWRHVnlibUZzTFdOaE1RMHdDd1lEVlFRSUV3UjBaWE4wTVEwd0N3WUQKVlFRSEV3UjBaWE4wTVEwd0N3WURWUVFLRXdSMFpYTjBNUTB3Q3dZRFZRUUxFd1IwWlhOM\nE1JSUJJakFOQmdrcQpoa2lHOXcwQkFRRUZBQU9DQVE4QU1JSUJDZ0tDQVFFQXdpbHJ0bjJMaVpSc0g3Tit4MjZKK3BOcEhFL0FncWoyCkNYeG5wQUZKdWVCSlhaSVdPZWtEOEVteHRZUkQ2Wi9jMEEya0ZsTXk3VmwwTVZpL3Q3QUx1NEJVUWI3ZVNKQXgKaWd0VXMwTHJRbHhNSDh5S3VqcEg1RWtlZHZoYmtRcW0zNG\n02T21oR2RwUDBsT3BxWUFJN3pwYzlwODl2M1FPcwptUHBibkNDNE9kRUR6WDNFWWZ5YVZNWXZCa3FTVTZPczZ4VXRRL3JCV2F2T3lzQXlGSzBJSmFYRHI3QjVzZVV3CkdZOG5laHVJTmpicjlXbkFXN0ozcHZ0ZHhRbS9JUENHRGJXYnBtQVpEalRkQ1p3ZTU0MTlnejBZNlJVUDV6bGgKZFNKY1F6cDZjalR4aytiM1Y\nwd3Z5VlRDKzlmMC9wbDRMS3FIZE9ycWt4dHNEaUFzNUZjenlRSURBUUFCbzRHNQpNSUcyTUIwR0ExVWREZ1FXQkJUUnNyckN4cVUvMWxvTTBnS1RFNmlaMmxJNnV6QjZCZ05WSFNNRWN6QnhnQlRSCnNyckN4cVUvMWxvTTBnS1RFNmlaMmxJNnU2RldwRlF3VWpFVU1CSUdBMVVFQXhNTGFXNTBaWEp1WVd3dFkyRXgK\nRFRBTEJnTlZCQWdUQkhSbGMzUXhEVEFMQmdOVkJBY1RCSFJsYzNReERUQUxCZ05WQkFvVEJIUmxjM1F4RFRBTApCZ05WQkFzVEJIUmxjM1NDQVFBd0RBWURWUjBUQkFVd0F3RUIvekFMQmdOVkhROEVCQU1DQVFZd0RRWUpLb1pJCmh2Y05BUUVMQlFBRGdnRUJBQWd4MThXZk1ZVEcvdkw5d045clZmRmJNRnE3N2g0W\nGhBYkJPK1ZGR1liMlBRRXQKcFdwWW9sUjl0aUwvSzhXMGFCcEt6SkRtam1zKzVkNEtlYkxFdnNzdGttSi8vSlFVODdmVU1MVGp3WTBremdHUgpSMkNaUlJJcEc1cEJ6M0ZWeGU4a211YVppWDNvbGlHM2FzV1ByYmpQUUdzU21aRTZ0Y3h1Unh2cW4zOVVoSzRyCnJ4VDZqKzdxRGVWbmFzcThkYWdqT3ZKVjh1MTk4eG\nVyQmZwaFkzdDJwMEJjTDF4NmhrWWwvNnI2VGxTVmEwT1EKVUJXWHNDR1NGK1QrY2Z0VE43OEhOYTJFZlNRelMwRkVRTTJrY1VzMGV4cE9YZlo4UU1BdU5lVEpvc013NVh3ego0bERDUFEwZ09yWUxvdWJVWDlwK0NBSi9qeUNxc3FwRW53bmRiUEE9Ci0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K \n LS0tLS1CRUdJTiBQUklWQVRFIEtFWS0tLS0tCk1JSUV2UUlCQURBTkJna3Foa2lHOXcwQkFRRUZBQVNDQktjd2dnU2pBZ0VBQW9JQkFRRENLV3UyZll1SmxHd2YKczM3SGJvbjZrMmtjVDhDQ3FQWUpmR2VrQVVtNTRFbGRraFk1NlFQd1NiRzFoRVBwbjl6UURhUVdVekx0V1hReApXTCsz\nc0F1N2dGUkJ2dDVJa0RHS0MxU3pRdXRDWEV3ZnpJcTZPa2ZrU1I1MitGdVJDcWJmaWJvNmFFWjJrL1NVCjZtcGdBanZPbHoybnoyL2RBNnlZK2x1Y0lMZzUwUVBOZmNSaC9KcFV4aThHU3BKVG82enJGUzFEK3NGWnE4N0sKd0RJVXJRZ2xwY092c0hteDVUQVpqeWQ2RzRnMk51djFhY0Jic25lbSsxM0ZDYjhnOElZT\nnRadW1ZQmtPTk4wSgpuQjdualgyRFBSanBGUS9uT1dGMUlseERPbnB5TlBHVDV2ZFhUQy9KVk1MNzEvVCttWGdzcW9kMDZ1cVRHMndPCklDemtWelBKQWdNQkFBRUNnZ0VBT3oyZ0c4SWFmUlBJR2JRT2pwTHZqb0REcFZ2QUJSM0FWQXlkSXJFeDZZREIKWWNkYytMWmIrVWpDNi9zN0xXRVZZbldIQnpqRFpSL1NEK3\nhnTW8rSVJPRlcwK2lFc2VjczlrMld2a3RBdExLcwpsMWMxVExUVGtwZXNyK2YvS0RYenpHaWRaWXpEVXhLNW9XWVVwczZIcVBVRVh0c3Y2bU5nbWh4cEx5M2NoK2J4CjlWZ0daMm40NWhTU2NnQnNWay8rM0tEc3l5KzhlUHBrUGN4SS9nV3hCZkx1bWhMeGZSeTM5cy9yZUxla1hvdkkKNXp1Q0FYMEVRWithSHdhU2F\nyOEMwRkRzZ01xZFdyR2xpcVVmMWhCZlpYNm5pWkhITWw1MkRKNExUN0liR1p1LwpDNFhTSXVxdXBGMkVyZmxabkQ1WnByV1BYdEJVU3R2TDNBQUg2Vkl4d1FLQmdRRG9HcFVRZXZJUXZkRG1peldqCjgyZmE5bGxEazd6bzdKMVYreS92bWYrdTFrVUh4YUl5M2prbXVtTHpQMDIwTUJEVmtkSnh1TEVwQkVSVEdlSVcK\nTjJYYjRGZStRNkhQdDdlU3ZETC9EZGpHNjd5YW9EZEp3V1o3RkNjQ2hNTjVMYTREKzkzQk5meW5LUUFLQnRwYwpYZXQwVUVuanNHaUZNTEVCSU4yRnBwbklMUUtCZ1FEV0p0TFcxY2RMWGxvYi8xSXpLdDVMa29QNUdlN0grblpwCndLZVRhYjVQeWlFZnRjMHhyU0kzVURpRU5rSDFpZWtuZ1g0WWk4U200MlUyQW8vY\nXEvZjZpT0g2Q3A4c3BMTkQKU0dpNzh4cUFJYVFTT21oK0pPNlphL0NMemlzVFdUc1R6bHZsRGd1T3lLR2dmQ2pmeWh2OWpHV3Uwd0YxeURoego4VUdVT1pDZmpRS0JnQng4SHEwdUdZVWFkb2ZFcittV0ZyblZuL0RlTWNINFAvcnNYOTZzN0tjZFhzMXNZTktUCldUbzZoNmhJclpXZWpJSlphaFZRMEZVelU5dExBdW\nN0RjFBYndVajFiZWRiS2FsVmRZQzl4MHZxWkhRcGszOTIKdjhmOUdpaUIrS2RuaHNLd1oyK3QyM3I4V2lmZzNXMldqUzN5S0k5TCtCZlllUENsZ3VwREh2NWxBb0dCQU1EZQpsbVVHaEVkTTRycjBhSVBNeUFnb0hOUHNsekZrVWVGTXNhQUNUSFJ3QndVWUo0WGwrRHI0OU8yZU1DbUQyNGpKCkIxZjBDVmlFMUZLZ1h\nBOEZjb0VoWnVSYlRLQllkVnJUakFBNklsUGorSEN5U2duU0dWSHo5T0QwL2JhZlZxV3YKNVBPV2dySkYzOHM2QjFZR0lNOXA4dXBRLzYra2M3TjRSU2ZKOEliQkFvR0FFMmRMdG1aazZMOHFpZ2tKT0Y4TQpjN1Z4K2FHaXBiMXNWVURhcmRxdy9WWmdZOW9LUE8zOFNRT2JnWjNHQVc3UXpEUDdRYU14c2hvUk15ZmZS\nemFSCndVNi9BdTJFQU1vNHhZU2hYR1Z0M0gzUDE1TjlUTXN5UEltRXRTMmpEeER0d1lOSTBJUjhESGJQaEZUTG1lN2MKUE40T3BrYjUvd1B2QXoxVUExVWI1c2c9Ci0tLS0tRU5EIFBSSVZBVEUgS0VZLS0tLS0K \n 0 \n \n\t\n\t\t\n\t\t\twan \n\t\t\t192.168.1.220 \n\t\t\tGW_WAN \n\t\t\t1 \n\t\t\tinet \n\t\t\tInterface wan Gateway \n\t\t \n\t\t\n\t\t\tlan \n\t\t\t192.168.1.220 \n\t\t\tGW_LAN \n\t\t\t1 \n\t\t\tinet \n\t\t\tInterface lan Gateway \n\t\t \n\t\tGW_WAN \n\t \n\t\n\t\t\n\t\t\tnmap \n\t\t\tNMap is a utility for network exploration or security auditing.&amp;amp;amp;amp;amp;amp;amp;amp;amp;amp;lt;br/&amp;amp;amp;amp;amp;amp;amp;amp;amp;amp;gt;\n\t\t\tIt supports ping scanning (determine which hosts are up), many port scanning techniques (determine what services the hosts are offering), version detection (determine what application/service is running on a port), and TCP/IP fingerprinting (remote host OS or device identification).\n\t\t\tIt also offers flexible target and port specification, decoy/stealth scanning, SunRPC scanning, and more. \n\t\t\t1.4.4_1 \n\t\t\thttps://doc.pfsense.org/index.php/Nmap_package \n\t\t\tnmap.xml \n\t\t\t/usr/local/pkg/nmap.inc \n\t\t \n\t\t\n\t\t\tiftop \n\t\t\thttps://forum.pfsense.org/ \n\t\t\tRealtime interface monitor (console/shell only). \n\t\t\thttp://www.ex-parrot.com/~pdw/iftop/ \n\t\t\t0.17_2 \n\t\t\tiftop.xml \n\t\t \n\t\t\n\t\t\tOpen-VM-Tools \n\t\t\tVMware Tools is a suite of utilities that enhances the performance of the virtual machine's guest operating system and improves management of the virtual machine. \n\t\t\thttp://open-vm-tools.sourceforge.net/ \n\t\t\t10.1.0,1 \n\t\t\thttps://doc.pfsense.org/index.php/Open_VM_Tools_package \n\t\t\topen-vm-tools.xml \n\t\t\t/usr/local/pkg/open-vm-tools.inc \n\t\t \n\t\t\n\t\t\tsquid3 \n\t\t\tsquid \n\t\t\tHigh performance web proxy cache (3.4 branch). It combines Squid as a proxy server with its capabilities of acting as a HTTP / HTTPS reverse proxy.&amp;amp;amp;amp;amp;amp;amp;amp;amp;amp;lt;br /&amp;amp;amp;amp;amp;amp;amp;amp;amp;amp;gt;\n\t\t\tIt includes an Exchange-Web-Access (OWA) Assistant, SSL filtering and antivirus integration via C-ICAP. \n\t\t\thttps://forum.pfsense.org/index.php?board=60.0 \n\t\t\thttp://www.squid-cache.org/ \n\t\t\t0.4.44_7 \n\t\t\tsquid.xml \n\t\t\tsquid_generate_rules \n\t\t\t\n\t\t\t\t\n\t\t\t\t\tGeneral \n\t\t\t\t\t/pkg_edit.php?xml=squid.xml&id=0 \n\t\t\t\t\t \n\t\t\t\t\n\t\t\t\t\tRemote Cache \n\t\t\t\t\t/pkg.php?xml=squid_upstream.xml \n\t\t\t\t \n\t\t\t\t\n\t\t\t\t\tLocal Cache \n\t\t\t\t\t/pkg_edit.php?xml=squid_cache.xml&id=0 \n\t\t\t\t \n\t\t\t\t\n\t\t\t\t\tAntivirus \n\t\t\t\t\t/pkg_edit.php?xml=squid_antivirus.xml&id=0 \n\t\t\t\t \n\t\t\t\t\n\t\t\t\t\tACLs \n\t\t\t\t\t/pkg_edit.php?xml=squid_nac.xml&id=0 \n\t\t\t\t \n\t\t\t\t\n\t\t\t\t\tTraffic Mgmt \n\t\t\t\t\t/pkg_edit.php?xml=squid_traffic.xml&id=0 \n\t\t\t\t \n\t\t\t\t\n\t\t\t\t\tAuthentication \n\t\t\t\t\t/pkg_edit.php?xml=squid_auth.xml&id=0 \n\t\t\t\t \n\t\t\t\t\n\t\t\t\t\tUsers \n\t\t\t\t\t/pkg.php?xml=squid_users.xml \n\t\t\t\t \n\t\t\t\t\n\t\t\t\t\tReal Time \n\t\t\t\t\t/squid_monitor.php \n\t\t\t\t \n\t\t\t\t\n\t\t\t\t\tSync \n\t\t\t\t\t/pkg_edit.php?xml=squid_sync.xml \n\t\t\t\t \n\t\t\t \n\t\t\t/usr/local/pkg/squid.inc \n\t\t \n\t\t\n\t\t\tNMap \n\t\t\t\n\t\t\tnmap.xml \n\t\t \n\t\t\n\t\t\tSquid Proxy Server \n\t\t\tModify the proxy server settings \n\t\t\t\n\t\t\t/pkg_edit.php?xml=squid.xml&id=0 \n\t\t \n\t\t\n\t\t\tSquid Reverse Proxy \n\t\t\tModify the reverse proxy server settings \n\t\t\t\n\t\t\t/pkg_edit.php?xml=squid_reverse_general.xml&id=0 \n\t\t \n\t\t\n\t\t\tvmware-guestd \n\t\t\tvmware-guestd.sh \n\t\t\tmwexec(\"/usr/local/etc/rc.d/vmware-guestd status\") == 0; \n\t\t\tVMware Guest Daemon \n\t\t \n\t\t\n\t\t\tvmware-kmod \n\t\t\tvmware-kmod.sh \n\t\t\tmwexec(\"/usr/local/etc/rc.d/vmware-kmod status\") == 0; \n\t\t\tVMware Kernel Modules \n\t\t \n\t\t\n\t\t\tsquid \n\t\t\tsquid.sh \n\t\t\tsquid \n\t\t\tSquid Proxy Server Service \n\t\t \n\t\t\n\t\t\tclamd \n\t\t\tclamd.sh \n\t\t\tclamd \n\t\t\tClamAV Antivirus \n\t\t \n\t\t\n\t\t\tc-icap \n\t\t\tc-icap.sh \n\t\t\tc-icap \n\t\t\tICAP Inteface for Squid and ClamAV integration \n\t\t \n\t\t\n\t\t\t\n\t\t\t\theap LFUDA \n\t\t\t\t90 \n\t\t\t\t95 \n\t\t\t\t100 \n\t\t\t\tufs \n\t\t\t\t16 \n\t\t\t\t/var/squid/cache \n\t\t\t\t0 \n\t\t\t\t4 \n\t\t\t\t64 \n\t\t\t\t256 \n\t\t\t\theap GDSF \n\t\t\t\t \n\t\t \n\t\t\n\t\t\t\n\t\t\t\tnone \n\t\t\t \n\t\t \n\t\t\n\t\t\t\n\t\t\t\ton \n\t\t\t\ton \n\t\t\t\tlan \n\t\t\t\t3128 \n\t\t\t\ton \n\t\t\t\tlan \n\t\t\t\tsplicewhitelist \n\t\t\t\tlan \n\t\t\t\tmodern \n\t\t\t\t2048 \n\t\t\t\tnone \n\t\t\t\t/var/squid/logs \n\t\t\t\tlocalhost \n\t\t\t\tadmin@localhost \n\t\t\t\ten \n\t\t\t\ton \n\t\t\t\tstrip \n\t\t\t\t \n\t\t \n\t\t\n\t\t\t\n\t\t\t\tLg== \n\t\t\t\t \n\t\t \n\t \n\t\n\t \n\t\n\t\t\n\t\t\tipalias \n\t\t\tlan \n\t\t\t5c0a4b6139b05 \n\t\t\tsingle \n\t\t\t24 \n\t\t\t10.255.2.254 \n\t\t \n\t\t\n\t\t\tipalias \n\t\t\tlan \n\t\t\t5c0a4bd391375 \n\t\t\tsingle \n\t\t\t24 \n\t\t\t10.255.3.254 \n\t\t \n\t\t\n\t\t\tcarp \n\t\t\twan \n\t\t\t90 \n\t\t\t100 \n\t\t\t1 \n\t\t\t602874de0ff00 \n\t\t\tsingle \n\t\t\t29 \n\t\t\t151.25.19.11 \n\t\t \n\t \n\t\n\t\t\n\t\t\tpfSense \n\t\t\tacme.com \n\t\t \n\t \n\t\n\t\t\n\t\t\tvmx1 \n\t\t\t100 \n\t\t\tvmx1.100 \n\t\t \n\t\t\n\t\t\tvmx1 \n\t\t\t1100 \n\t\t\tvmx1.1100 \n\t\t \n\t\t\n\t\t\tvmx2 \n\t\t\t1100 \n\t\t\tvmx2.1100 \n\t\t \n\t \n \n"
},
{
"path": "tests/unit/plugins/modules/fixtures/pfsense_ipsec_p2_config.xml",
"content": "\n\t18.9 \n\t\n\t\tnormal \n\t\tpfSense \n\t\tacme.com \n\t\ton \n\t\t\n\t\t\tall \n\t\t\tAll Users \n\t\t\tsystem \n\t\t\t1998 \n\t\t \n\t\t\n\t\t\tadmins \n\t\t\tSystem Administrators \n\t\t\tsystem \n\t\t\t1999 \n\t\t\t0 \n\t\t\tpage-all \n\t\t \n\t\t\n\t\t\tsystem \n\t\t\ttest \n\t\t\t \n\t\t\n\t\t\tsystem \n\t\t\tgroupe1 \n\t\t\t \n\t\t\n\t\t\tsystem \n\t\t\tgroupe2 \n\t\t\t \n\t\t\n\t\t\tadmin \n\t\t\tSystem Administrator \n\t\t\tsystem \n\t\t\tadmins \n\t\t\t$2y$10$AMCpA.Z.RNaferLp1yzFq.BvaGgfqaJKtQug7OErbocyNagsEK6xW \n\t\t\t0 \n\t\t\tuser-shell-access \n\t\t\t2 \n\t\t\tpfSense.css \n\t\t \n\t\t2000 \n\t\t2000 \n\t\t0.pfsense.pool.ntp.org \n\t\t\n\t\t\thttp \n\t\t\t5c00e5f9029df \n\t\t\t2 \n\t\t \n\t\tyes \n\t\t400000 \n\t\thadp \n\t\thadp \n\t\thadp \n\t\t\n\t\t\tmonthly \n\t\t \n\t\t\n\t\t\tenabled \n\t\t \n\t\tEtc/UTC \n\t \n\t\n\t\t\n\t\t\tvmx0 \n\t\t\twan \n\t\t\t192.168.240.137 \n\t\t\t32 \n\t\t\tSavedCfg \n\t\t\t24 \n\t\t\t \n\t\t\n\t\t\tvmx1 \n\t\t\tlan \n\t\t\t192.168.1.242 \n\t\t\t24 \n\t\t\t \n\t\t\n\t\t\tvmx2 \n\t\t\tvpn \n\t\t\t10.0.0.1 \n\t\t\t24 \n\t\t \n\t\t\n\t\t\tvmx3 \n\t\t\tvt1 \n\t\t\t \n\t\t\n\t\t\tlan_100 \n\t\t\tvmx1.1100 \n\t\t\t172.16.151.210 \n\t\t\t24 \n\t\t \n\t \n\t\n\t\t\n\t\t\t\n\t\t\t\t192.168.1.100 \n\t\t\t\t192.168.1.199 \n\t\t\t \n\t\t \n\t \n\t\n\t\t\n\t\t\t\n\t\t\t\t::1000 \n\t\t\t\t::2000 \n\t\t\t \n\t\t\tassist \n\t\t\tmedium \n\t\t \n\t \n\t\n\t\tpublic \n\t \n\t\n\t\t\n\t\t\t \n\t \n\t\n\t\t1 \n\t\t50 \n\t\tipv4 \n\t \n\t\n\t\t\n\t\t\tadvanced \n\t\t\t\n\t\t\t\t\n\t\t\t\t\tany \n\t\t\t\t \n\t\t\t\twan \n\t\t\t\t\n\t\t\t\t\t \n\t\t\t\t\n\t\t\t\t\t1544027052 \n\t\t\t\t\t \n\t\t\t\t\n\t\t\t\t\t1544027052 \n\t\t\t\t\t \n\t\t\t \n\t\t \n\t\t\n\t\t\t\n\t\t\t\t \n\t\t\t\n\t\t\t\twanip \n\t\t\t\t22022 \n\t\t\t \n\t\t\ttcp \n\t\t\t10.255.1.20 \n\t\t\t22 \n\t\t\twan \n\t\t\t\n\t\t\t\t1544085353 \n\t\t\t\t \n\t\t\t\n\t\t\t\t1544085353 \n\t\t\t\t \n\t\t \n\t \n\t\n\t\t\n\t\t\t\n\t\t\t\t\n\t\t\t\t\tfr1
\n\t\t\t\t\ttest_separator \n\t\t\t\t\tbg-info \n\t\t\t\t\tlan \n\t\t\t\t \n\t\t\t \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545574416 \n\t\t\t \n\t\t\ttcp \n\t\t\tantilock_out_1 \n\t\t\t\n\t\t\t\t1545574416 \n\t\t\t \n\t\t\t\n\t\t\t\tport_ssh \n\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\t \n\t\t\t1545574416 \n\t\t\twan \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545574416 \n\t\t\t \n\t\t\ttcp \n\t\t\tantilock_out_2 \n\t\t\t\n\t\t\t\t1545574416 \n\t\t\t \n\t\t\t\n\t\t\t\tport_http \n\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\t \n\t\t\t1545574416 \n\t\t\twan \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545574416 \n\t\t\t \n\t\t\ttcp \n\t\t\tantilock_out_3 \n\t\t\t\n\t\t\t\t1545574416 \n\t\t\t \n\t\t\t\n\t\t\t\t443 \n\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\t \n\t\t\t1545574416 \n\t\t\twan \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545574416 \n\t\t\t \n\t\t\ttcp \n\t\t\tantilock_out_1 \n\t\t\t\n\t\t\t\t1545574416 \n\t\t\t \n\t\t\t\n\t\t\t\tport_ssh \n\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\t \n\t\t\t1545574416 \n\t\t\tlan \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545574416 \n\t\t\t \n\t\t\ttcp \n\t\t\tantilock_out_2 \n\t\t\t\n\t\t\t\t1545574416 \n\t\t\t \n\t\t\t\n\t\t\t\tport_http \n\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\t \n\t\t\t1545574416 \n\t\t\tlan \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545574416 \n\t\t\t \n\t\t\ttcp \n\t\t\tantilock_out_3 \n\t\t\t\n\t\t\t\t1545574416 \n\t\t\t \n\t\t\t\n\t\t\t\t443 \n\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\t \n\t\t\t1545574416 \n\t\t\tlan \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\ticmp \n\t\t\tping_from_poc3_1 \n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\t\n\t\t\t\tsrv_admin \n\t\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\tlan_data_poc3 \n\t\t\t\t \n\t\t\t1545602758 \n\t\t\tlan \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\tudp \n\t\t\tads_to_ads_udp_1_1 \n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\t\n\t\t\t\tport_dns \n\t\t\t\tad_poc2 \n\t\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\tad_poc3 \n\t\t\t\t \n\t\t\t1545602758 \n\t\t\tlan \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\tudp \n\t\t\tads_to_ads_udp_1_2 \n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\t\n\t\t\t\tport_ldap \n\t\t\t\tad_poc2 \n\t\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\tad_poc3 \n\t\t\t\t \n\t\t\t1545602758 \n\t\t\tlan \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\tudp \n\t\t\tads_to_ads_udp_2_1 \n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\t\n\t\t\t\tport_dns \n\t\t\t\tad_poc1 \n\t\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\tad_poc3 \n\t\t\t\t \n\t\t\t1545602758 \n\t\t\tlan \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\tudp \n\t\t\tads_to_ads_udp_2_2 \n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\t\n\t\t\t\tport_ldap \n\t\t\t\tad_poc1 \n\t\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\tad_poc3 \n\t\t\t\t \n\t\t\t1545602758 \n\t\t\tlan \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\ttcp \n\t\t\tads_to_ads_tcp_1_1 \n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\t\n\t\t\t\tport_dns \n\t\t\t\tad_poc2 \n\t\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\tad_poc3 \n\t\t\t\t \n\t\t\t1545602758 \n\t\t\tlan \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\ttcp \n\t\t\tads_to_ads_tcp_1_2 \n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\t\n\t\t\t\tport_ldap \n\t\t\t\tad_poc2 \n\t\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\tad_poc3 \n\t\t\t\t \n\t\t\t1545602758 \n\t\t\tlan \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\ttcp \n\t\t\tads_to_ads_tcp_1_3 \n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\t\n\t\t\t\tport_ldap_ssl \n\t\t\t\tad_poc2 \n\t\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\tad_poc3 \n\t\t\t\t \n\t\t\t1545602758 \n\t\t\tlan \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\ttcp \n\t\t\tads_to_ads_tcp_2_1 \n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\t\n\t\t\t\tport_dns \n\t\t\t\tad_poc1 \n\t\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\tad_poc3 \n\t\t\t\t \n\t\t\t1545602758 \n\t\t\tlan \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\ttcp \n\t\t\tads_to_ads_tcp_2_2 \n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\t\n\t\t\t\tport_ldap \n\t\t\t\tad_poc1 \n\t\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\tad_poc3 \n\t\t\t\t \n\t\t\t1545602758 \n\t\t\tlan \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\ttcp \n\t\t\tads_to_ads_tcp_2_3 \n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\t\n\t\t\t\tport_ldap_ssl \n\t\t\t\tad_poc1 \n\t\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\tad_poc3 \n\t\t\t\t \n\t\t\t1545602758 \n\t\t\tlan \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545574416 \n\t\t\t \n\t\t\ttcp \n\t\t\tantilock_out_1 \n\t\t\t\n\t\t\t\t1545574416 \n\t\t\t \n\t\t\t\n\t\t\t\tport_ssh \n\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\t \n\t\t\t1545574416 \n\t\t\topt3 \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545574416 \n\t\t\t \n\t\t\ttcp \n\t\t\tantilock_out_2 \n\t\t\t\n\t\t\t\t1545574416 \n\t\t\t \n\t\t\t\n\t\t\t\tport_http \n\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\t \n\t\t\t1545574416 \n\t\t\topt3 \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545574416 \n\t\t\t \n\t\t\ttcp \n\t\t\tantilock_out_3 \n\t\t\t\n\t\t\t\t1545574416 \n\t\t\t \n\t\t\t\n\t\t\t\t443 \n\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\t \n\t\t\t1545574416 \n\t\t\topt3 \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\tudp \n\t\t\tvoid_conf_tftp_1 \n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\t\n\t\t\t\t69 \n\t\t\t\tlan_voip_poc2 \n\t\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\tipbx_poc3 \n\t\t\t\t \n\t\t\t1545602758 \n\t\t\topt3 \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\ticmp \n\t\t\tping_from_poc3_2 \n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\t\n\t\t\t\tsrv_admin \n\t\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\tlan_voip_poc3 \n\t\t\t\t \n\t\t\t1545602758 \n\t\t\topt3 \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\tudp \n\t\t\tvoid_conf_tftp_2 \n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\t\n\t\t\t\t69 \n\t\t\t\tlan_voip_poc1 \n\t\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\tipbx_poc3 \n\t\t\t\t \n\t\t\t1545602758 \n\t\t\topt3 \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545574416 \n\t\t\t \n\t\t\ttcp \n\t\t\tantilock_out_1 \n\t\t\t\n\t\t\t\t1545574416 \n\t\t\t \n\t\t\t\n\t\t\t\tport_ssh \n\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\t \n\t\t\t1545574416 \n\t\t\topt1 \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545574416 \n\t\t\t \n\t\t\ttcp \n\t\t\tantilock_out_2 \n\t\t\t\n\t\t\t\t1545574416 \n\t\t\t \n\t\t\t\n\t\t\t\tport_http \n\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\t \n\t\t\t1545574416 \n\t\t\topt1 \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545574416 \n\t\t\t \n\t\t\ttcp \n\t\t\tantilock_out_3 \n\t\t\t\n\t\t\t\t1545574416 \n\t\t\t \n\t\t\t\n\t\t\t\t443 \n\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\t \n\t\t\t1545574416 \n\t\t\topt1 \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\tudp \n\t\t\tvoid_conf_tftp_3 \n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\t\n\t\t\t\t69 \n\t\t\t\tlan_voip_poc3 \n\t\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\tipbx_poc2 \n\t\t\t\t \n\t\t\t1545602758 \n\t\t\topt1 \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\tudp \n\t\t\tads_to_ads_udp_3_1 \n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\t\n\t\t\t\tport_dns \n\t\t\t\tad_poc3 \n\t\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\tad_poc2 \n\t\t\t\t \n\t\t\t1545602758 \n\t\t\topt1 \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\tudp \n\t\t\tads_to_ads_udp_3_2 \n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\t\n\t\t\t\tport_ldap \n\t\t\t\tad_poc3 \n\t\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\tad_poc2 \n\t\t\t\t \n\t\t\t1545602758 \n\t\t\topt1 \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\tudp \n\t\t\tads_to_ads_udp_4_1 \n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\t\n\t\t\t\tport_dns \n\t\t\t\tad_poc3 \n\t\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\tad_poc1 \n\t\t\t\t \n\t\t\t1545602758 \n\t\t\topt1 \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\tudp \n\t\t\tads_to_ads_udp_4_2 \n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\t\n\t\t\t\tport_ldap \n\t\t\t\tad_poc3 \n\t\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\tad_poc1 \n\t\t\t\t \n\t\t\t1545602758 \n\t\t\topt1 \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\tudp \n\t\t\tvoid_conf_tftp_4 \n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\t\n\t\t\t\t69 \n\t\t\t\tlan_voip_poc3 \n\t\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\tipbx_poc1 \n\t\t\t\t \n\t\t\t1545602758 \n\t\t\topt1 \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\ttcp \n\t\t\tads_to_ads_tcp_4_1 \n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\t\n\t\t\t\tport_dns \n\t\t\t\tad_poc3 \n\t\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\tad_poc1 \n\t\t\t\t \n\t\t\t1545602758 \n\t\t\topt1 \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\ttcp \n\t\t\tads_to_ads_tcp_4_2 \n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\t\n\t\t\t\tport_ldap \n\t\t\t\tad_poc3 \n\t\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\tad_poc1 \n\t\t\t\t \n\t\t\t1545602758 \n\t\t\topt1 \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\ttcp \n\t\t\tads_to_ads_tcp_4_3 \n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\t\n\t\t\t\tport_ldap_ssl \n\t\t\t\tad_poc3 \n\t\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\tad_poc1 \n\t\t\t\t \n\t\t\t1545602758 \n\t\t\topt1 \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\tadmin_bypass \n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\t\n\t\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\tsrv_admin \n\t\t\t\t \n\t\t\t1545602758 \n\t\t\topt1 \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\ttcp \n\t\t\tads_to_ads_tcp_3_1 \n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\t\n\t\t\t\tport_dns \n\t\t\t\tad_poc3 \n\t\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\tad_poc2 \n\t\t\t\t \n\t\t\t1545602758 \n\t\t\topt1 \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\ttcp \n\t\t\tads_to_ads_tcp_3_2 \n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\t\n\t\t\t\tport_ldap \n\t\t\t\tad_poc3 \n\t\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\tad_poc2 \n\t\t\t\t \n\t\t\t1545602758 \n\t\t\topt1 \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\ttcp \n\t\t\tads_to_ads_tcp_3_3 \n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\t\n\t\t\t\tport_ldap_ssl \n\t\t\t\tad_poc3 \n\t\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\tad_poc2 \n\t\t\t\t \n\t\t\t1545602758 \n\t\t\topt1 \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t \n\t\n \n 1 \n ikev2 \n opt3 \n 1.2.4.8 \n inet \n myaddress \n peeraddress \n \n - \n
\n aes \n 128 \n \n sha256 \n 14 \n \n - \n
\n aes \n 256 \n \n sha256 \n 14 \n \n - \n
\n aes128gcm \n 128 \n \n sha256 \n 14 \n \n - \n
\n blowfish \n 256 \n \n aesxcbc \n 14 \n \n \n 28800 \n 1234 \n pre_shared_key \n test_tunnel \n on \n off \n 10 \n 5 \n \n \n 1 \n 5db7be207c845 \n tunnel \n 1 \n \n lan \n \n \n network \n 10.20.30.40 \n 24 \n \n esp \n \n aes \n 128 \n \n \n aes128gcm \n 128 \n \n hmac_sha256 \n 14 \n 3600 \n one_p2 \n \n \n 1 \n 5db7be3c0502e \n tunnel \n 2 \n \n lan \n \n \n network \n 10.20.30.50 \n 24 \n \n esp \n\t\t\t\t\t\t\n aes \n 128 \n \n \n aes128gcm \n 128 \n \n\t\t\t\t\t\t\n 3des \n \n hmac_sha256 \n 14 \n 3600 \n another_p2 \n \n\t\t\n 1 \n 5db7be3c0502f \n tunnel \n 3 \n \n\t\t\t\t\t\t\tnetwork \n\t\t\t\t\t\t\t1.2.3.4/24 \n\t\t\t\t\t\t\t24 \n \n \n network \n 10.20.30.50 \n 24 \n \n esp \n\t\t\t\t\t\t\n aes \n 128 \n \n \n aes128gcm \n 128 \n \n\t\t\t\t\t\t\n 3des \n \n hmac_sha256 \n 14 \n 3600 \n third_p2 \n \n\t\t\n 1 \n 5db7be207c846 \n tunnel \n 4 \n \n lan \n \n\t\t\t\t\t\t\n network \n 10.20.30.40 \n 24 \n \n\t\t\t\t\t\t\n network \n 1.2.3.4 \n 24 \n \n esp \n \n aes \n 128 \n \n \n aes128gcm \n 128 \n \n hmac_sha256 \n 14 \n 3600 \n nat_p2 \n \n \n 2 \n ikev2 \n opt3 \n 1.2.3.6 \n inet \n myaddress \n peeraddress \n \n - \n
\n aes \n 128 \n \n sha256 \n 14 \n \n - \n
\n aes \n 256 \n \n sha256 \n 14 \n \n - \n
\n aes128gcm \n 128 \n \n sha256 \n 14 \n \n - \n
\n blowfish \n 256 \n \n aesxcbc \n 14 \n \n \n 28800 \n 1234 \n 5c00e5f9029df \n 5db509cfed87d \n rsasig \n test_tunnel2 \n on \n off \n 10 \n 5 \n \n \n\t\n\t\t\n\t\t\tport \n\t\t\tport_ssh \n\t\t\t22 \n\t\t \n\t\t\n\t\t\tport \n\t\t\tport_http \n\t\t\t80 \n\t\t \n\t\t\n\t\t\thost \n\t\t\tsrv_admin \n\t\t\t192.168.1.165 \n\t\t \n\t\t\n\t\t\tport \n\t\t\tport_dns \n\t\t\t51 \n\t\t \n\t\t\n\t\t\tport \n\t\t\tport_ldap \n\t\t\t389 \n\t\t \n\t\t\n\t\t\tport \n\t\t\tport_ldap_ssl \n\t\t\t636 \n\t\t \n\t\n\t\t\tnetwork \n\t\t\tlan_voip_poc2 \n\t\t\t172.16.2.0/24 \n\t\t\t \n\t\t\n\t\t\tnetwork \n\t\t\tlan_voip_poc3 \n\t\t\t172.16.3.0/24 \n\t\t\t \n\t\t\n\t\t\tnetwork \n\t\t\tlan_voip_poc1 \n\t\t\t172.16.1.0/24 \n\t\t\t \n\t\t\n\t\t\thost \n\t\t\tad_poc3 \n\t\t\t192.168.3.3 \n\t\t\t \n\t\t\n\t\t\thost \n\t\t\tad_poc2 \n\t\t\t192.168.2.3 \n\t\t\t \n\t\t\n\t\t\thost \n\t\t\tad_poc1 \n\t\t\t192.168.1.3 \n\t\t\t \n\t\t\n\t\t\tnetwork \n\t\t\tlan_data_poc3 \n\t\t\t192.168.3.0/24 \n\t\t\t \n\t\t\n\t\t\thost \n\t\t\tipbx_poc3 \n\t\t\t172.16.3.3 \n\t\t\t \n\t\t\n\t\t\thost \n\t\t\tipbx_poc2 \n\t\t\t172.16.2.3 \n\t\t\t \n\t\t\n\t\t\thost \n\t\t\tipbx_poc1 \n\t\t\t172.16.1.3 \n\t\t\t \n\t\t\n\t\t\thttp://www.acme-corp.com \n\t\t\turltable \n\t\t\t10 \n\t\t\thttp://www.acme-corp.com \n\t\t\tacme_corp \n\t\t\t \n\t\t \n\t\n\t\t- \n\t\t\t
1,31 \n\t\t\t0-5 \n\t\t\t* \n\t\t\t* \n\t\t\t* \n\t\t\troot \n\t\t\t/usr/bin/nice -n20 adjkerntz -a \n\t\t \n\t\t- \n\t\t\t
1 \n\t\t\t3 \n\t\t\t1 \n\t\t\t* \n\t\t\t* \n\t\t\troot \n\t\t\t/usr/bin/nice -n20 /etc/rc.update_bogons.sh \n\t\t \n\t\t- \n\t\t\t
*/60 \n\t\t\t* \n\t\t\t* \n\t\t\t* \n\t\t\t* \n\t\t\troot \n\t\t\t/usr/bin/nice -n20 /usr/local/sbin/expiretable -v -t 3600 sshguard \n\t\t \n\t\t- \n\t\t\t
*/60 \n\t\t\t* \n\t\t\t* \n\t\t\t* \n\t\t\t* \n\t\t\troot \n\t\t\t/usr/bin/nice -n20 /usr/local/sbin/expiretable -v -t 3600 webConfiguratorlockout \n\t\t \n\t\t- \n\t\t\t
1 \n\t\t\t1 \n\t\t\t* \n\t\t\t* \n\t\t\t* \n\t\t\troot \n\t\t\t/usr/bin/nice -n20 /etc/rc.dyndns.update \n\t\t \n\t\t- \n\t\t\t
*/60 \n\t\t\t* \n\t\t\t* \n\t\t\t* \n\t\t\t* \n\t\t\troot \n\t\t\t/usr/bin/nice -n20 /usr/local/sbin/expiretable -v -t 3600 virusprot \n\t\t \n\t\t- \n\t\t\t
30 \n\t\t\t12 \n\t\t\t* \n\t\t\t* \n\t\t\t* \n\t\t\troot \n\t\t\t/usr/bin/nice -n20 /etc/rc.update_urltables \n\t\t \n\t\t- \n\t\t\t
1 \n\t\t\t0 \n\t\t\t* \n\t\t\t* \n\t\t\t* \n\t\t\troot \n\t\t\t/usr/bin/nice -n20 /etc/rc.update_pkg_metadata \n\t\t \n\t\t- \n\t\t\t
0 \n\t\t\t0 \n\t\t\t* \n\t\t\t* \n\t\t\t* \n\t\t\troot \n\t\t\t/usr/local/sbin/squid -k rotate -f /usr/local/etc/squid/squid.conf \n\t\t \n\t\t- \n\t\t\t
15 \n\t\t\t0 \n\t\t\t* \n\t\t\t* \n\t\t\t* \n\t\t\troot \n\t\t\t/usr/local/pkg/swapstate_check.php \n\t\t \n\t \n\t\n\t\t \n\t\n\t\t\n\t\t\tICMP \n\t\t\ticmp \n\t\t\tICMP \n\t\t\t \n\t\t\n\t\t\tTCP \n\t\t\ttcp \n\t\t\tGeneric TCP \n\t\t\t \n\t\t\n\t\t\tHTTP \n\t\t\thttp \n\t\t\tGeneric HTTP \n\t\t\t\n\t\t\t\t/ \n\t\t\t\t200\n\t\t\t \n\t\t \n\t\t\n\t\t\tHTTPS \n\t\t\thttps \n\t\t\tGeneric HTTPS \n\t\t\t\n\t\t\t\t/ \n\t\t\t\t200\n\t\t\t \n\t\t \n\t\t\n\t\t\tSMTP \n\t\t\tsend \n\t\t\tGeneric SMTP \n\t\t\t\n\t\t\t\t220 * \n\t\t\t \n\t\t \n\t \n\t\n\t\tsystem_information:col1:open:0,interfaces:col2:open:0 \n\t\t10 \n\t \n\t\n\t\t \n\t\n\t\t1545602758 \n\t\taggregated change \n\t\t \n \n\t\t5c00e5f9029df \n\t\twebConfigurator default (5c00e5f9029df) \n\t\tserver \n\t\tLS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUVlakNDQTJLZ0F3SUJBZ0lCQURBTkJna3Foa2lHOXcwQkFRc0ZBREJhTVRnd05nWURWUVFLRXk5d1psTmwKYm5ObElIZGxZa052Ym1acFozVnlZWFJ2Y2lCVFpXeG1MVk5wWjI1bFpDQkRaWEowYVdacFkyRjBaVEVlTUJ3RwpBMVVFQXhNVmNHWlRaVzV6WlMwMVl6QXdaVFZtT1RBeU9XUm1NQjRYRFRFNE1URXpNREEzTWpVME5Wb1hEVEkwCk1EVXlNakEzTWpVME5Wb3dXakU0TURZR0ExVUVDaE12Y0daVFpXNXpaU0IzWldKRGIyNW1hV2QxY21GMGIzSWcKVTJWc1ppMVRhV2R1WldRZ1EyVnlkR2xtYVdOaGRHVXhIakFjQmdOVkJBTVRGWEJtVTJWdWMyVXROV013TUdVMQpaamt3TWpsa1pqQ0NBU0l3RFFZSktvWklodmNOQVFFQkJRQURnZ0VQQURDQ0FRb0NnZ0VCQU9SRHNBV1hlMitrCmtuUFpBUGxBUG1QUUl6RVBDaXBQdXJ4dmE4c0psSCtiNitKRzl4bnpreXptaVR5SFc0M0tmZzVKNzhCdG1jTmQKWlgvZHlyckZ6dlNiQnZpa21lWk9MdGVaejVaaGFOdkxsbjBxRWZibEFwbWdkUS9Nck42eURoTWNZYWN6SEduTwpTaHdFRWZoMHhuOGo5VEFCMG9vT0JyU2dINnpkTjF2YVFIZzBJeDhIa0toUzY5eDRoV3g2WUUrRE9UQk00NUcwCkNVbitUVzNTSytQaU5QaFExT2tyRHlKL21ZLzdmVXpRZkg1bk5ZcEtNZUE2cVZxdUZTa1g0a0RVRlFwOHNoNG4KMXR5QmtJM2gvTFRpTW5uNjhBMXhKOFdrVW8yUWNxNmNuR0hqL0VGbkVKWWRraTVsYUtDWG5wS0Y0c2hrZHJaVgpRN21ybithUHg5OENBd0VBQWFPQ0FVa3dnZ0ZGTUFrR0ExVWRFd1FDTUFBd0VRWUpZSVpJQVliNFFnRUJCQVFECkFnWkFNQXNHQTFVZER3UUVBd0lGb0RBekJnbGdoa2dCaHZoQ0FRMEVKaFlrVDNCbGJsTlRUQ0JIWlc1bGNtRjAKWldRZ1UyVnlkbVZ5SUVObGNuUnBabWxqWVhSbE1CMEdBMVVkRGdRV0JCU3Qra3hud054UlFGT2pXVTljekRwegp4elRYd2pDQmdnWURWUjBqQkhzd2VZQVVyZnBNWjhEY1VVQlRvMWxQWE13NmM4YzAxOEtoWHFSY01Gb3hPREEyCkJnTlZCQW9UTDNCbVUyVnVjMlVnZDJWaVEyOXVabWxuZFhKaGRHOXlJRk5sYkdZdFUybG5ibVZrSUVObGNuUnAKWm1sallYUmxNUjR3SEFZRFZRUURFeFZ3WmxObGJuTmxMVFZqTURCbE5XWTVNREk1WkdhQ0FRQXdIUVlEVlIwbApCQll3RkFZSUt3WUJCUVVIQXdFR0NDc0dBUVVGQ0FJQ01DQUdBMVVkRVFRWk1CZUNGWEJtVTJWdWMyVXROV013Ck1HVTFaamt3TWpsa1pqQU5CZ2txaGtpRzl3MEJBUXNGQUFPQ0FRRUEzZHhIRWR5SkpWeC9od0t3WGlwcXYrY04KWFpSQ3Q1NUFHbnNGeXZIcG5Rb3pxYzV1ZFdKSTFUcGF1TGNaZjF6OFM1cXQyUDd3V1BndFhnZ3BIWmgydUlqagpha2ZpV0JIQnorS3Q2Qjl5K2hmVTVPRHUwSXMrcHJyWngyM0ZNNjVCOFNiMGlmUlMvZXFTTFpHTHcvLzdhRVJ2CnVpOUhKOXRuemhRYklMb1VwUUQ5MTRLNERldXdJYXZ4dldMTElwMGsreWNoSTczV2NGR1VZVlJpanFNekhlcUcKY2RLRDVtbXZQTk1OYXdESVhuU3pldVpQMTkvVmhuc0J0Y3hiYzNMQ2RSR1VJS0ZNN2syK0xoaEZrdks1NjhlNQozalpNZjNSVWhQaTlFeEF2Vmw3blVyd1l4UU45TXhHMUJzZmNrYldNd1dUL3lFMHFnRHcrT2M4b21SSW9tZz09Ci0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K \n\t\tLS0tLS1CRUdJTiBQUklWQVRFIEtFWS0tLS0tCk1JSUV2UUlCQURBTkJna3Foa2lHOXcwQkFRRUZBQVNDQktjd2dnU2pBZ0VBQW9JQkFRRGtRN0FGbDN0dnBKSnoKMlFENVFENWowQ014RHdvcVQ3cThiMnZMQ1pSL20rdmlSdmNaODVNczVvazhoMXVOeW40T1NlL0FiWm5EWFdWLwozY3E2eGM3MG13YjRwSm5tVGk3WG1jK1dZV2pieTVaOUtoSDI1UUtab0hVUHpLemVzZzRUSEdHbk14eHB6a29jCkJCSDRkTVovSS9Vd0FkS0tEZ2Ewb0IrczNUZGIya0I0TkNNZkI1Q29VdXZjZUlWc2VtQlBnemt3VE9PUnRBbEoKL2sxdDBpdmo0alQ0VU5UcEt3OGlmNW1QKzMxTTBIeCtaeldLU2pIZ09xbGFyaFVwRitKQTFCVUtmTEllSjliYwpnWkNONGZ5MDRqSjUrdkFOY1NmRnBGS05rSEt1bkp4aDQveEJaeENXSFpJdVpXaWdsNTZTaGVMSVpIYTJWVU81CnE1L21qOGZmQWdNQkFBRUNnZ0VCQUpmblI1TmhESjd1T1J2cEZKSEtvL3BPZjZ6ZElsbW45MUFCSWczYkVUeWUKcWFwS3FaUldtT0d2aFRLSHJYQzlpWWUrd2xNZlhNMDdNUm1Yb3BzS21rQURqdThXc3VnbHJWeURHamNzR2RqegpNZkdYZHA4RUplZlFkVGFQY1pjOWpNcEEvK2VCeHUzT2Yxa0hpR0g4YkVBZDBNUWk0bFpISVVWQXJmT2V2NEZhCmlaTEJGdTEzY0pCMEJNbzJUZU9JZDQ1R0p3OXVTQWd3Q1VuZWQ5WG42SlkremI3cVRKUE1qQkdlYWY0L0E5UnMKV29nWW85ZUtYaTF3YmFRcGthdUZINWx2U29jckRsQWRiaERiam00c0lIdzJtQUwwSUk0d1YzVTJLbUhFMEg3Nwp2b1M0dUdHNW1BZFZ0elRDTnZOa09YMC9WVWdNMTJ1eHllZVZ4c3FaTkxFQ2dZRUEvcFhJR2hDNlhkVkNNNDk1CkVsR1RENW4zUXdUOTZXZkNRQ0w2cXlaK1UwUHNla0dDV2pXTWt3R2tHbWl1ZkVKdFN2VFl2d1NzcUZpaTZsdlkKNXRKSkR3dEd4ZW0weEF0SWc3RlNuUVcvdDNWcExXOE9QVmFXQ0lOSXJKSHc3L2tOZ2RpVmNBWXpiN05DUGtjVgptTEs5aSt6bXpKMmkrbE9vaFVKRlE5aVZEQWNDZ1lFQTVZaDFHYWlGMUl6UzRVdE9pZklLcjZ3bW40MEQ3ZEVmClF5SXF5d3JSTVcya1BxVkViaVBCVkM3dUxUeUlKMWdwVDhPakl3WFlrOUlRdW01ZW42TTc2aXlxYmUrY3JhdE8KbEliK3pLL2RBNzZuUjBHOGJ2eVBmMS9FbU5vL0J1ZUZldWQyaWNacWhMd25HUkxUL0FPQktkMTZ4ZGtoSjdkVwo5WWRsbmliL0gya0NnWUJqaC8rQllVVGJab0xKVWJCTjN5S1ZtT1k0aDMwVmdZRktQZUt1Z3hBa1VZdmtpRFFFClBLZEcyZjlrYThTN3crU2l4M0x0eTFBTlNRbjRnZ3djd2QzYVNkaFRpL2ttSkJzbmtXM3hBY3hnVjBEVmlIT1MKdTRWUXNyTDQ5TjJ6bERVWnJLbFA4THl2VU8vM0ZTZDJXWHNOZDRNTVFCejFyVHRYVGY5eWRQeGdoUUtCZ0FzRgptWEhvK0x3ekl2RTBsNG5pT0ljbEFobkpRTFlMdzYrS2xYbDRoSUVXSGJ2d1hhL1lRYkZVSzVXNmdXTTZSWW1TCkFHUnZKRzQ4dVJicXM5cUFrU0Qya2h5RFZBZTI0U2dhcjJPTzBsTWF0WmVqWFhRSzVxMGNJU21oMlVMd25TVkEKdGgxNWpLWGhEeE9TSnVIRUhWQ3dWUFBwTUVGaStXY0M0R3RPdmhONUFvR0FKbXdFSkR2QkZtL0t0SXlZMDhuQgpJSExkc1dSWmRXOXpNbHBsMVk2OTV1b21qS1hVMEwva3VDZ1QwRFVVVG1VK0Q3aGFZL2FQajB6MWpqR0JGcEQ0ClJ3cVA2dVJQTVhRMExLSG5IbmFQclJzanM2Q2xicVQ4ZU93dTRkeVpmYUtTS3VvbVpDZ1pkV2ZxWThVL21tbWIKT21vckhNeWJzWG0wWnJNaTZOemlzam89Ci0tLS0tRU5EIFBSSVZBVEUgS0VZLS0tLS0K \n\t \n \n\t\t5c00e5f9029de \n\t\twebConfigurator default copy \n\t\tserver \n\t\tLS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUVlakNDQTJLZ0F3SUJBZ0lCQURBTkJna3Foa2lHOXcwQkFRc0ZBREJhTVRnd05nWURWUVFLRXk5d1psTmwKYm5ObElIZGxZa052Ym1acFozVnlZWFJ2Y2lCVFpXeG1MVk5wWjI1bFpDQkRaWEowYVdacFkyRjBaVEVlTUJ3RwpBMVVFQXhNVmNHWlRaVzV6WlMwMVl6QXdaVFZtT1RBeU9XUm1NQjRYRFRFNE1URXpNREEzTWpVME5Wb1hEVEkwCk1EVXlNakEzTWpVME5Wb3dXakU0TURZR0ExVUVDaE12Y0daVFpXNXpaU0IzWldKRGIyNW1hV2QxY21GMGIzSWcKVTJWc1ppMVRhV2R1WldRZ1EyVnlkR2xtYVdOaGRHVXhIakFjQmdOVkJBTVRGWEJtVTJWdWMyVXROV013TUdVMQpaamt3TWpsa1pqQ0NBU0l3RFFZSktvWklodmNOQVFFQkJRQURnZ0VQQURDQ0FRb0NnZ0VCQU9SRHNBV1hlMitrCmtuUFpBUGxBUG1QUUl6RVBDaXBQdXJ4dmE4c0psSCtiNitKRzl4bnpreXptaVR5SFc0M0tmZzVKNzhCdG1jTmQKWlgvZHlyckZ6dlNiQnZpa21lWk9MdGVaejVaaGFOdkxsbjBxRWZibEFwbWdkUS9Nck42eURoTWNZYWN6SEduTwpTaHdFRWZoMHhuOGo5VEFCMG9vT0JyU2dINnpkTjF2YVFIZzBJeDhIa0toUzY5eDRoV3g2WUUrRE9UQk00NUcwCkNVbitUVzNTSytQaU5QaFExT2tyRHlKL21ZLzdmVXpRZkg1bk5ZcEtNZUE2cVZxdUZTa1g0a0RVRlFwOHNoNG4KMXR5QmtJM2gvTFRpTW5uNjhBMXhKOFdrVW8yUWNxNmNuR0hqL0VGbkVKWWRraTVsYUtDWG5wS0Y0c2hrZHJaVgpRN21ybithUHg5OENBd0VBQWFPQ0FVa3dnZ0ZGTUFrR0ExVWRFd1FDTUFBd0VRWUpZSVpJQVliNFFnRUJCQVFECkFnWkFNQXNHQTFVZER3UUVBd0lGb0RBekJnbGdoa2dCaHZoQ0FRMEVKaFlrVDNCbGJsTlRUQ0JIWlc1bGNtRjAKWldRZ1UyVnlkbVZ5SUVObGNuUnBabWxqWVhSbE1CMEdBMVVkRGdRV0JCU3Qra3hud054UlFGT2pXVTljekRwegp4elRYd2pDQmdnWURWUjBqQkhzd2VZQVVyZnBNWjhEY1VVQlRvMWxQWE13NmM4YzAxOEtoWHFSY01Gb3hPREEyCkJnTlZCQW9UTDNCbVUyVnVjMlVnZDJWaVEyOXVabWxuZFhKaGRHOXlJRk5sYkdZdFUybG5ibVZrSUVObGNuUnAKWm1sallYUmxNUjR3SEFZRFZRUURFeFZ3WmxObGJuTmxMVFZqTURCbE5XWTVNREk1WkdhQ0FRQXdIUVlEVlIwbApCQll3RkFZSUt3WUJCUVVIQXdFR0NDc0dBUVVGQ0FJQ01DQUdBMVVkRVFRWk1CZUNGWEJtVTJWdWMyVXROV013Ck1HVTFaamt3TWpsa1pqQU5CZ2txaGtpRzl3MEJBUXNGQUFPQ0FRRUEzZHhIRWR5SkpWeC9od0t3WGlwcXYrY04KWFpSQ3Q1NUFHbnNGeXZIcG5Rb3pxYzV1ZFdKSTFUcGF1TGNaZjF6OFM1cXQyUDd3V1BndFhnZ3BIWmgydUlqagpha2ZpV0JIQnorS3Q2Qjl5K2hmVTVPRHUwSXMrcHJyWngyM0ZNNjVCOFNiMGlmUlMvZXFTTFpHTHcvLzdhRVJ2CnVpOUhKOXRuemhRYklMb1VwUUQ5MTRLNERldXdJYXZ4dldMTElwMGsreWNoSTczV2NGR1VZVlJpanFNekhlcUcKY2RLRDVtbXZQTk1OYXdESVhuU3pldVpQMTkvVmhuc0J0Y3hiYzNMQ2RSR1VJS0ZNN2syK0xoaEZrdks1NjhlNQozalpNZjNSVWhQaTlFeEF2Vmw3blVyd1l4UU45TXhHMUJzZmNrYldNd1dUL3lFMHFnRHcrT2M4b21SSW9tZz09Ci0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K \n\t\tLS0tLS1CRUdJTiBQUklWQVRFIEtFWS0tLS0tCk1JSUV2UUlCQURBTkJna3Foa2lHOXcwQkFRRUZBQVNDQktjd2dnU2pBZ0VBQW9JQkFRRGtRN0FGbDN0dnBKSnoKMlFENVFENWowQ014RHdvcVQ3cThiMnZMQ1pSL20rdmlSdmNaODVNczVvazhoMXVOeW40T1NlL0FiWm5EWFdWLwozY3E2eGM3MG13YjRwSm5tVGk3WG1jK1dZV2pieTVaOUtoSDI1UUtab0hVUHpLemVzZzRUSEdHbk14eHB6a29jCkJCSDRkTVovSS9Vd0FkS0tEZ2Ewb0IrczNUZGIya0I0TkNNZkI1Q29VdXZjZUlWc2VtQlBnemt3VE9PUnRBbEoKL2sxdDBpdmo0alQ0VU5UcEt3OGlmNW1QKzMxTTBIeCtaeldLU2pIZ09xbGFyaFVwRitKQTFCVUtmTEllSjliYwpnWkNONGZ5MDRqSjUrdkFOY1NmRnBGS05rSEt1bkp4aDQveEJaeENXSFpJdVpXaWdsNTZTaGVMSVpIYTJWVU81CnE1L21qOGZmQWdNQkFBRUNnZ0VCQUpmblI1TmhESjd1T1J2cEZKSEtvL3BPZjZ6ZElsbW45MUFCSWczYkVUeWUKcWFwS3FaUldtT0d2aFRLSHJYQzlpWWUrd2xNZlhNMDdNUm1Yb3BzS21rQURqdThXc3VnbHJWeURHamNzR2RqegpNZkdYZHA4RUplZlFkVGFQY1pjOWpNcEEvK2VCeHUzT2Yxa0hpR0g4YkVBZDBNUWk0bFpISVVWQXJmT2V2NEZhCmlaTEJGdTEzY0pCMEJNbzJUZU9JZDQ1R0p3OXVTQWd3Q1VuZWQ5WG42SlkremI3cVRKUE1qQkdlYWY0L0E5UnMKV29nWW85ZUtYaTF3YmFRcGthdUZINWx2U29jckRsQWRiaERiam00c0lIdzJtQUwwSUk0d1YzVTJLbUhFMEg3Nwp2b1M0dUdHNW1BZFZ0elRDTnZOa09YMC9WVWdNMTJ1eHllZVZ4c3FaTkxFQ2dZRUEvcFhJR2hDNlhkVkNNNDk1CkVsR1RENW4zUXdUOTZXZkNRQ0w2cXlaK1UwUHNla0dDV2pXTWt3R2tHbWl1ZkVKdFN2VFl2d1NzcUZpaTZsdlkKNXRKSkR3dEd4ZW0weEF0SWc3RlNuUVcvdDNWcExXOE9QVmFXQ0lOSXJKSHc3L2tOZ2RpVmNBWXpiN05DUGtjVgptTEs5aSt6bXpKMmkrbE9vaFVKRlE5aVZEQWNDZ1lFQTVZaDFHYWlGMUl6UzRVdE9pZklLcjZ3bW40MEQ3ZEVmClF5SXF5d3JSTVcya1BxVkViaVBCVkM3dUxUeUlKMWdwVDhPakl3WFlrOUlRdW01ZW42TTc2aXlxYmUrY3JhdE8KbEliK3pLL2RBNzZuUjBHOGJ2eVBmMS9FbU5vL0J1ZUZldWQyaWNacWhMd25HUkxUL0FPQktkMTZ4ZGtoSjdkVwo5WWRsbmliL0gya0NnWUJqaC8rQllVVGJab0xKVWJCTjN5S1ZtT1k0aDMwVmdZRktQZUt1Z3hBa1VZdmtpRFFFClBLZEcyZjlrYThTN3crU2l4M0x0eTFBTlNRbjRnZ3djd2QzYVNkaFRpL2ttSkJzbmtXM3hBY3hnVjBEVmlIT1MKdTRWUXNyTDQ5TjJ6bERVWnJLbFA4THl2VU8vM0ZTZDJXWHNOZDRNTVFCejFyVHRYVGY5eWRQeGdoUUtCZ0FzRgptWEhvK0x3ekl2RTBsNG5pT0ljbEFobkpRTFlMdzYrS2xYbDRoSUVXSGJ2d1hhL1lRYkZVSzVXNmdXTTZSWW1TCkFHUnZKRzQ4dVJicXM5cUFrU0Qya2h5RFZBZTI0U2dhcjJPTzBsTWF0WmVqWFhRSzVxMGNJU21oMlVMd25TVkEKdGgxNWpLWGhEeE9TSnVIRUhWQ3dWUFBwTUVGaStXY0M0R3RPdmhONUFvR0FKbXdFSkR2QkZtL0t0SXlZMDhuQgpJSExkc1dSWmRXOXpNbHBsMVk2OTV1b21qS1hVMEwva3VDZ1QwRFVVVG1VK0Q3aGFZL2FQajB6MWpqR0JGcEQ0ClJ3cVA2dVJQTVhRMExLSG5IbmFQclJzanM2Q2xicVQ4ZU93dTRkeVpmYUtTS3VvbVpDZ1pkV2ZxWThVL21tbWIKT21vckhNeWJzWG0wWnJNaTZOemlzam89Ci0tLS0tRU5EIFBSSVZBVEUgS0VZLS0tLS0K \n\t \n \n 5db509cfed87d \n LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUQyVENDQXNHZ0F3SUJBZ0lCQURBTkJna3Foa2lHOXcwQkFRc0ZBREJTTVJRd0VnWURWUVFERXd0cGJuUmwKY201aGJDMWpZVEVOTUFzR0ExVUVDQk1FZEdWemRERU5NQXNHQTFVRUJ4TUVkR1Z6ZERFTk1Bc0dBMVVFQ2hNRQpkR1Z6\nZERFTk1Bc0dBMVVFQ3hNRWRHVnpkREFlRncweE9URXdNamN3TXpBMk5UWmFGdzB5T1RFd01qUXdNekEyCk5UWmFNRkl4RkRBU0JnTlZCQU1UQzJsdWRHVnlibUZzTFdOaE1RMHdDd1lEVlFRSUV3UjBaWE4wTVEwd0N3WUQKVlFRSEV3UjBaWE4wTVEwd0N3WURWUVFLRXdSMFpYTjBNUTB3Q3dZRFZRUUxFd1IwWlhOM\nE1JSUJJakFOQmdrcQpoa2lHOXcwQkFRRUZBQU9DQVE4QU1JSUJDZ0tDQVFFQXdpbHJ0bjJMaVpSc0g3Tit4MjZKK3BOcEhFL0FncWoyCkNYeG5wQUZKdWVCSlhaSVdPZWtEOEVteHRZUkQ2Wi9jMEEya0ZsTXk3VmwwTVZpL3Q3QUx1NEJVUWI3ZVNKQXgKaWd0VXMwTHJRbHhNSDh5S3VqcEg1RWtlZHZoYmtRcW0zNG\n02T21oR2RwUDBsT3BxWUFJN3pwYzlwODl2M1FPcwptUHBibkNDNE9kRUR6WDNFWWZ5YVZNWXZCa3FTVTZPczZ4VXRRL3JCV2F2T3lzQXlGSzBJSmFYRHI3QjVzZVV3CkdZOG5laHVJTmpicjlXbkFXN0ozcHZ0ZHhRbS9JUENHRGJXYnBtQVpEalRkQ1p3ZTU0MTlnejBZNlJVUDV6bGgKZFNKY1F6cDZjalR4aytiM1Y\nwd3Z5VlRDKzlmMC9wbDRMS3FIZE9ycWt4dHNEaUFzNUZjenlRSURBUUFCbzRHNQpNSUcyTUIwR0ExVWREZ1FXQkJUUnNyckN4cVUvMWxvTTBnS1RFNmlaMmxJNnV6QjZCZ05WSFNNRWN6QnhnQlRSCnNyckN4cVUvMWxvTTBnS1RFNmlaMmxJNnU2RldwRlF3VWpFVU1CSUdBMVVFQXhNTGFXNTBaWEp1WVd3dFkyRXgK\nRFRBTEJnTlZCQWdUQkhSbGMzUXhEVEFMQmdOVkJBY1RCSFJsYzNReERUQUxCZ05WQkFvVEJIUmxjM1F4RFRBTApCZ05WQkFzVEJIUmxjM1NDQVFBd0RBWURWUjBUQkFVd0F3RUIvekFMQmdOVkhROEVCQU1DQVFZd0RRWUpLb1pJCmh2Y05BUUVMQlFBRGdnRUJBQWd4MThXZk1ZVEcvdkw5d045clZmRmJNRnE3N2g0W\nGhBYkJPK1ZGR1liMlBRRXQKcFdwWW9sUjl0aUwvSzhXMGFCcEt6SkRtam1zKzVkNEtlYkxFdnNzdGttSi8vSlFVODdmVU1MVGp3WTBremdHUgpSMkNaUlJJcEc1cEJ6M0ZWeGU4a211YVppWDNvbGlHM2FzV1ByYmpQUUdzU21aRTZ0Y3h1Unh2cW4zOVVoSzRyCnJ4VDZqKzdxRGVWbmFzcThkYWdqT3ZKVjh1MTk4eG\nVyQmZwaFkzdDJwMEJjTDF4NmhrWWwvNnI2VGxTVmEwT1EKVUJXWHNDR1NGK1QrY2Z0VE43OEhOYTJFZlNRelMwRkVRTTJrY1VzMGV4cE9YZlo4UU1BdU5lVEpvc013NVh3ego0bERDUFEwZ09yWUxvdWJVWDlwK0NBSi9qeUNxc3FwRW53bmRiUEE9Ci0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K \n LS0tLS1CRUdJTiBQUklWQVRFIEtFWS0tLS0tCk1JSUV2UUlCQURBTkJna3Foa2lHOXcwQkFRRUZBQVNDQktjd2dnU2pBZ0VBQW9JQkFRRENLV3UyZll1SmxHd2YKczM3SGJvbjZrMmtjVDhDQ3FQWUpmR2VrQVVtNTRFbGRraFk1NlFQd1NiRzFoRVBwbjl6UURhUVdVekx0V1hReApXTCsz\nc0F1N2dGUkJ2dDVJa0RHS0MxU3pRdXRDWEV3ZnpJcTZPa2ZrU1I1MitGdVJDcWJmaWJvNmFFWjJrL1NVCjZtcGdBanZPbHoybnoyL2RBNnlZK2x1Y0lMZzUwUVBOZmNSaC9KcFV4aThHU3BKVG82enJGUzFEK3NGWnE4N0sKd0RJVXJRZ2xwY092c0hteDVUQVpqeWQ2RzRnMk51djFhY0Jic25lbSsxM0ZDYjhnOElZT\nnRadW1ZQmtPTk4wSgpuQjdualgyRFBSanBGUS9uT1dGMUlseERPbnB5TlBHVDV2ZFhUQy9KVk1MNzEvVCttWGdzcW9kMDZ1cVRHMndPCklDemtWelBKQWdNQkFBRUNnZ0VBT3oyZ0c4SWFmUlBJR2JRT2pwTHZqb0REcFZ2QUJSM0FWQXlkSXJFeDZZREIKWWNkYytMWmIrVWpDNi9zN0xXRVZZbldIQnpqRFpSL1NEK3\nhnTW8rSVJPRlcwK2lFc2VjczlrMld2a3RBdExLcwpsMWMxVExUVGtwZXNyK2YvS0RYenpHaWRaWXpEVXhLNW9XWVVwczZIcVBVRVh0c3Y2bU5nbWh4cEx5M2NoK2J4CjlWZ0daMm40NWhTU2NnQnNWay8rM0tEc3l5KzhlUHBrUGN4SS9nV3hCZkx1bWhMeGZSeTM5cy9yZUxla1hvdkkKNXp1Q0FYMEVRWithSHdhU2F\nyOEMwRkRzZ01xZFdyR2xpcVVmMWhCZlpYNm5pWkhITWw1MkRKNExUN0liR1p1LwpDNFhTSXVxdXBGMkVyZmxabkQ1WnByV1BYdEJVU3R2TDNBQUg2Vkl4d1FLQmdRRG9HcFVRZXZJUXZkRG1peldqCjgyZmE5bGxEazd6bzdKMVYreS92bWYrdTFrVUh4YUl5M2prbXVtTHpQMDIwTUJEVmtkSnh1TEVwQkVSVEdlSVcK\nTjJYYjRGZStRNkhQdDdlU3ZETC9EZGpHNjd5YW9EZEp3V1o3RkNjQ2hNTjVMYTREKzkzQk5meW5LUUFLQnRwYwpYZXQwVUVuanNHaUZNTEVCSU4yRnBwbklMUUtCZ1FEV0p0TFcxY2RMWGxvYi8xSXpLdDVMa29QNUdlN0grblpwCndLZVRhYjVQeWlFZnRjMHhyU0kzVURpRU5rSDFpZWtuZ1g0WWk4U200MlUyQW8vY\nXEvZjZpT0g2Q3A4c3BMTkQKU0dpNzh4cUFJYVFTT21oK0pPNlphL0NMemlzVFdUc1R6bHZsRGd1T3lLR2dmQ2pmeWh2OWpHV3Uwd0YxeURoego4VUdVT1pDZmpRS0JnQng4SHEwdUdZVWFkb2ZFcittV0ZyblZuL0RlTWNINFAvcnNYOTZzN0tjZFhzMXNZTktUCldUbzZoNmhJclpXZWpJSlphaFZRMEZVelU5dExBdW\nN0RjFBYndVajFiZWRiS2FsVmRZQzl4MHZxWkhRcGszOTIKdjhmOUdpaUIrS2RuaHNLd1oyK3QyM3I4V2lmZzNXMldqUzN5S0k5TCtCZlllUENsZ3VwREh2NWxBb0dCQU1EZQpsbVVHaEVkTTRycjBhSVBNeUFnb0hOUHNsekZrVWVGTXNhQUNUSFJ3QndVWUo0WGwrRHI0OU8yZU1DbUQyNGpKCkIxZjBDVmlFMUZLZ1h\nBOEZjb0VoWnVSYlRLQllkVnJUakFBNklsUGorSEN5U2duU0dWSHo5T0QwL2JhZlZxV3YKNVBPV2dySkYzOHM2QjFZR0lNOXA4dXBRLzYra2M3TjRSU2ZKOEliQkFvR0FFMmRMdG1aazZMOHFpZ2tKT0Y4TQpjN1Z4K2FHaXBiMXNWVURhcmRxdy9WWmdZOW9LUE8zOFNRT2JnWjNHQVc3UXpEUDdRYU14c2hvUk15ZmZS\nemFSCndVNi9BdTJFQU1vNHhZU2hYR1Z0M0gzUDE1TjlUTXN5UEltRXRTMmpEeER0d1lOSTBJUjhESGJQaEZUTG1lN2MKUE40T3BrYjUvd1B2QXoxVUExVWI1c2c9Ci0tLS0tRU5EIFBSSVZBVEUgS0VZLS0tLS0K \n 0 \n \n \n 5db509cfed87e \n LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUQyVENDQXNHZ0F3SUJBZ0lCQURBTkJna3Foa2lHOXcwQkFRc0ZBREJTTVJRd0VnWURWUVFERXd0cGJuUmwKY201aGJDMWpZVEVOTUFzR0ExVUVDQk1FZEdWemRERU5NQXNHQTFVRUJ4TUVkR1Z6ZERFTk1Bc0dBMVVFQ2hNRQpkR1Z6\nZERFTk1Bc0dBMVVFQ3hNRWRHVnpkREFlRncweE9URXdNamN3TXpBMk5UWmFGdzB5T1RFd01qUXdNekEyCk5UWmFNRkl4RkRBU0JnTlZCQU1UQzJsdWRHVnlibUZzTFdOaE1RMHdDd1lEVlFRSUV3UjBaWE4wTVEwd0N3WUQKVlFRSEV3UjBaWE4wTVEwd0N3WURWUVFLRXdSMFpYTjBNUTB3Q3dZRFZRUUxFd1IwWlhOM\nE1JSUJJakFOQmdrcQpoa2lHOXcwQkFRRUZBQU9DQVE4QU1JSUJDZ0tDQVFFQXdpbHJ0bjJMaVpSc0g3Tit4MjZKK3BOcEhFL0FncWoyCkNYeG5wQUZKdWVCSlhaSVdPZWtEOEVteHRZUkQ2Wi9jMEEya0ZsTXk3VmwwTVZpL3Q3QUx1NEJVUWI3ZVNKQXgKaWd0VXMwTHJRbHhNSDh5S3VqcEg1RWtlZHZoYmtRcW0zNG\n02T21oR2RwUDBsT3BxWUFJN3pwYzlwODl2M1FPcwptUHBibkNDNE9kRUR6WDNFWWZ5YVZNWXZCa3FTVTZPczZ4VXRRL3JCV2F2T3lzQXlGSzBJSmFYRHI3QjVzZVV3CkdZOG5laHVJTmpicjlXbkFXN0ozcHZ0ZHhRbS9JUENHRGJXYnBtQVpEalRkQ1p3ZTU0MTlnejBZNlJVUDV6bGgKZFNKY1F6cDZjalR4aytiM1Y\nwd3Z5VlRDKzlmMC9wbDRMS3FIZE9ycWt4dHNEaUFzNUZjenlRSURBUUFCbzRHNQpNSUcyTUIwR0ExVWREZ1FXQkJUUnNyckN4cVUvMWxvTTBnS1RFNmlaMmxJNnV6QjZCZ05WSFNNRWN6QnhnQlRSCnNyckN4cVUvMWxvTTBnS1RFNmlaMmxJNnU2RldwRlF3VWpFVU1CSUdBMVVFQXhNTGFXNTBaWEp1WVd3dFkyRXgK\nRFRBTEJnTlZCQWdUQkhSbGMzUXhEVEFMQmdOVkJBY1RCSFJsYzNReERUQUxCZ05WQkFvVEJIUmxjM1F4RFRBTApCZ05WQkFzVEJIUmxjM1NDQVFBd0RBWURWUjBUQkFVd0F3RUIvekFMQmdOVkhROEVCQU1DQVFZd0RRWUpLb1pJCmh2Y05BUUVMQlFBRGdnRUJBQWd4MThXZk1ZVEcvdkw5d045clZmRmJNRnE3N2g0W\nGhBYkJPK1ZGR1liMlBRRXQKcFdwWW9sUjl0aUwvSzhXMGFCcEt6SkRtam1zKzVkNEtlYkxFdnNzdGttSi8vSlFVODdmVU1MVGp3WTBremdHUgpSMkNaUlJJcEc1cEJ6M0ZWeGU4a211YVppWDNvbGlHM2FzV1ByYmpQUUdzU21aRTZ0Y3h1Unh2cW4zOVVoSzRyCnJ4VDZqKzdxRGVWbmFzcThkYWdqT3ZKVjh1MTk4eG\nVyQmZwaFkzdDJwMEJjTDF4NmhrWWwvNnI2VGxTVmEwT1EKVUJXWHNDR1NGK1QrY2Z0VE43OEhOYTJFZlNRelMwRkVRTTJrY1VzMGV4cE9YZlo4UU1BdU5lVEpvc013NVh3ego0bERDUFEwZ09yWUxvdWJVWDlwK0NBSi9qeUNxc3FwRW53bmRiUEE9Ci0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K \n LS0tLS1CRUdJTiBQUklWQVRFIEtFWS0tLS0tCk1JSUV2UUlCQURBTkJna3Foa2lHOXcwQkFRRUZBQVNDQktjd2dnU2pBZ0VBQW9JQkFRRENLV3UyZll1SmxHd2YKczM3SGJvbjZrMmtjVDhDQ3FQWUpmR2VrQVVtNTRFbGRraFk1NlFQd1NiRzFoRVBwbjl6UURhUVdVekx0V1hReApXTCsz\nc0F1N2dGUkJ2dDVJa0RHS0MxU3pRdXRDWEV3ZnpJcTZPa2ZrU1I1MitGdVJDcWJmaWJvNmFFWjJrL1NVCjZtcGdBanZPbHoybnoyL2RBNnlZK2x1Y0lMZzUwUVBOZmNSaC9KcFV4aThHU3BKVG82enJGUzFEK3NGWnE4N0sKd0RJVXJRZ2xwY092c0hteDVUQVpqeWQ2RzRnMk51djFhY0Jic25lbSsxM0ZDYjhnOElZT\nnRadW1ZQmtPTk4wSgpuQjdualgyRFBSanBGUS9uT1dGMUlseERPbnB5TlBHVDV2ZFhUQy9KVk1MNzEvVCttWGdzcW9kMDZ1cVRHMndPCklDemtWelBKQWdNQkFBRUNnZ0VBT3oyZ0c4SWFmUlBJR2JRT2pwTHZqb0REcFZ2QUJSM0FWQXlkSXJFeDZZREIKWWNkYytMWmIrVWpDNi9zN0xXRVZZbldIQnpqRFpSL1NEK3\nhnTW8rSVJPRlcwK2lFc2VjczlrMld2a3RBdExLcwpsMWMxVExUVGtwZXNyK2YvS0RYenpHaWRaWXpEVXhLNW9XWVVwczZIcVBVRVh0c3Y2bU5nbWh4cEx5M2NoK2J4CjlWZ0daMm40NWhTU2NnQnNWay8rM0tEc3l5KzhlUHBrUGN4SS9nV3hCZkx1bWhMeGZSeTM5cy9yZUxla1hvdkkKNXp1Q0FYMEVRWithSHdhU2F\nyOEMwRkRzZ01xZFdyR2xpcVVmMWhCZlpYNm5pWkhITWw1MkRKNExUN0liR1p1LwpDNFhTSXVxdXBGMkVyZmxabkQ1WnByV1BYdEJVU3R2TDNBQUg2Vkl4d1FLQmdRRG9HcFVRZXZJUXZkRG1peldqCjgyZmE5bGxEazd6bzdKMVYreS92bWYrdTFrVUh4YUl5M2prbXVtTHpQMDIwTUJEVmtkSnh1TEVwQkVSVEdlSVcK\nTjJYYjRGZStRNkhQdDdlU3ZETC9EZGpHNjd5YW9EZEp3V1o3RkNjQ2hNTjVMYTREKzkzQk5meW5LUUFLQnRwYwpYZXQwVUVuanNHaUZNTEVCSU4yRnBwbklMUUtCZ1FEV0p0TFcxY2RMWGxvYi8xSXpLdDVMa29QNUdlN0grblpwCndLZVRhYjVQeWlFZnRjMHhyU0kzVURpRU5rSDFpZWtuZ1g0WWk4U200MlUyQW8vY\nXEvZjZpT0g2Q3A4c3BMTkQKU0dpNzh4cUFJYVFTT21oK0pPNlphL0NMemlzVFdUc1R6bHZsRGd1T3lLR2dmQ2pmeWh2OWpHV3Uwd0YxeURoego4VUdVT1pDZmpRS0JnQng4SHEwdUdZVWFkb2ZFcittV0ZyblZuL0RlTWNINFAvcnNYOTZzN0tjZFhzMXNZTktUCldUbzZoNmhJclpXZWpJSlphaFZRMEZVelU5dExBdW\nN0RjFBYndVajFiZWRiS2FsVmRZQzl4MHZxWkhRcGszOTIKdjhmOUdpaUIrS2RuaHNLd1oyK3QyM3I4V2lmZzNXMldqUzN5S0k5TCtCZlllUENsZ3VwREh2NWxBb0dCQU1EZQpsbVVHaEVkTTRycjBhSVBNeUFnb0hOUHNsekZrVWVGTXNhQUNUSFJ3QndVWUo0WGwrRHI0OU8yZU1DbUQyNGpKCkIxZjBDVmlFMUZLZ1h\nBOEZjb0VoWnVSYlRLQllkVnJUakFBNklsUGorSEN5U2duU0dWSHo5T0QwL2JhZlZxV3YKNVBPV2dySkYzOHM2QjFZR0lNOXA4dXBRLzYra2M3TjRSU2ZKOEliQkFvR0FFMmRMdG1aazZMOHFpZ2tKT0Y4TQpjN1Z4K2FHaXBiMXNWVURhcmRxdy9WWmdZOW9LUE8zOFNRT2JnWjNHQVc3UXpEUDdRYU14c2hvUk15ZmZS\nemFSCndVNi9BdTJFQU1vNHhZU2hYR1Z0M0gzUDE1TjlUTXN5UEltRXRTMmpEeER0d1lOSTBJUjhESGJQaEZUTG1lN2MKUE40T3BrYjUvd1B2QXoxVUExVWI1c2c9Ci0tLS0tRU5EIFBSSVZBVEUgS0VZLS0tLS0K \n 0 \n \n\t\n\t\t\n\t\t\twan \n\t\t\t192.168.1.220 \n\t\t\tGW_WAN \n\t\t\t1 \n\t\t\tinet \n\t\t\tInterface wan Gateway \n\t\t \n\t\t\n\t\t\tlan \n\t\t\t192.168.1.220 \n\t\t\tGW_LAN \n\t\t\t1 \n\t\t\tinet \n\t\t\tInterface lan Gateway \n\t\t \n\t\tGW_WAN \n\t \n\t\n\t\t\n\t\t\tnmap \n\t\t\tNMap is a utility for network exploration or security auditing.&amp;amp;amp;amp;amp;amp;amp;amp;amp;amp;lt;br/&amp;amp;amp;amp;amp;amp;amp;amp;amp;amp;gt;\n\t\t\tIt supports ping scanning (determine which hosts are up), many port scanning techniques (determine what services the hosts are offering), version detection (determine what application/service is running on a port), and TCP/IP fingerprinting (remote host OS or device identification).\n\t\t\tIt also offers flexible target and port specification, decoy/stealth scanning, SunRPC scanning, and more. \n\t\t\t1.4.4_1 \n\t\t\thttps://doc.pfsense.org/index.php/Nmap_package \n\t\t\tnmap.xml \n\t\t\t/usr/local/pkg/nmap.inc \n\t\t \n\t\t\n\t\t\tiftop \n\t\t\thttps://forum.pfsense.org/ \n\t\t\tRealtime interface monitor (console/shell only). \n\t\t\thttp://www.ex-parrot.com/~pdw/iftop/ \n\t\t\t0.17_2 \n\t\t\tiftop.xml \n\t\t \n\t\t\n\t\t\tOpen-VM-Tools \n\t\t\tVMware Tools is a suite of utilities that enhances the performance of the virtual machine's guest operating system and improves management of the virtual machine. \n\t\t\thttp://open-vm-tools.sourceforge.net/ \n\t\t\t10.1.0,1 \n\t\t\thttps://doc.pfsense.org/index.php/Open_VM_Tools_package \n\t\t\topen-vm-tools.xml \n\t\t\t/usr/local/pkg/open-vm-tools.inc \n\t\t \n\t\t\n\t\t\tsquid3 \n\t\t\tsquid \n\t\t\tHigh performance web proxy cache (3.4 branch). It combines Squid as a proxy server with its capabilities of acting as a HTTP / HTTPS reverse proxy.&amp;amp;amp;amp;amp;amp;amp;amp;amp;amp;lt;br /&amp;amp;amp;amp;amp;amp;amp;amp;amp;amp;gt;\n\t\t\tIt includes an Exchange-Web-Access (OWA) Assistant, SSL filtering and antivirus integration via C-ICAP. \n\t\t\thttps://forum.pfsense.org/index.php?board=60.0 \n\t\t\thttp://www.squid-cache.org/ \n\t\t\t0.4.44_7 \n\t\t\tsquid.xml \n\t\t\tsquid_generate_rules \n\t\t\t\n\t\t\t\t\n\t\t\t\t\tGeneral \n\t\t\t\t\t/pkg_edit.php?xml=squid.xml&id=0 \n\t\t\t\t\t \n\t\t\t\t\n\t\t\t\t\tRemote Cache \n\t\t\t\t\t/pkg.php?xml=squid_upstream.xml \n\t\t\t\t \n\t\t\t\t\n\t\t\t\t\tLocal Cache \n\t\t\t\t\t/pkg_edit.php?xml=squid_cache.xml&id=0 \n\t\t\t\t \n\t\t\t\t\n\t\t\t\t\tAntivirus \n\t\t\t\t\t/pkg_edit.php?xml=squid_antivirus.xml&id=0 \n\t\t\t\t \n\t\t\t\t\n\t\t\t\t\tACLs \n\t\t\t\t\t/pkg_edit.php?xml=squid_nac.xml&id=0 \n\t\t\t\t \n\t\t\t\t\n\t\t\t\t\tTraffic Mgmt \n\t\t\t\t\t/pkg_edit.php?xml=squid_traffic.xml&id=0 \n\t\t\t\t \n\t\t\t\t\n\t\t\t\t\tAuthentication \n\t\t\t\t\t/pkg_edit.php?xml=squid_auth.xml&id=0 \n\t\t\t\t \n\t\t\t\t\n\t\t\t\t\tUsers \n\t\t\t\t\t/pkg.php?xml=squid_users.xml \n\t\t\t\t \n\t\t\t\t\n\t\t\t\t\tReal Time \n\t\t\t\t\t/squid_monitor.php \n\t\t\t\t \n\t\t\t\t\n\t\t\t\t\tSync \n\t\t\t\t\t/pkg_edit.php?xml=squid_sync.xml \n\t\t\t\t \n\t\t\t \n\t\t\t/usr/local/pkg/squid.inc \n\t\t \n\t\t\n\t\t\tNMap \n\t\t\t\n\t\t\tnmap.xml \n\t\t \n\t\t\n\t\t\tSquid Proxy Server \n\t\t\tModify the proxy server settings \n\t\t\t\n\t\t\t/pkg_edit.php?xml=squid.xml&id=0 \n\t\t \n\t\t\n\t\t\tSquid Reverse Proxy \n\t\t\tModify the reverse proxy server settings \n\t\t\t\n\t\t\t/pkg_edit.php?xml=squid_reverse_general.xml&id=0 \n\t\t \n\t\t\n\t\t\tvmware-guestd \n\t\t\tvmware-guestd.sh \n\t\t\tmwexec(\"/usr/local/etc/rc.d/vmware-guestd status\") == 0; \n\t\t\tVMware Guest Daemon \n\t\t \n\t\t\n\t\t\tvmware-kmod \n\t\t\tvmware-kmod.sh \n\t\t\tmwexec(\"/usr/local/etc/rc.d/vmware-kmod status\") == 0; \n\t\t\tVMware Kernel Modules \n\t\t \n\t\t\n\t\t\tsquid \n\t\t\tsquid.sh \n\t\t\tsquid \n\t\t\tSquid Proxy Server Service \n\t\t \n\t\t\n\t\t\tclamd \n\t\t\tclamd.sh \n\t\t\tclamd \n\t\t\tClamAV Antivirus \n\t\t \n\t\t\n\t\t\tc-icap \n\t\t\tc-icap.sh \n\t\t\tc-icap \n\t\t\tICAP Inteface for Squid and ClamAV integration \n\t\t \n\t\t\n\t\t\t\n\t\t\t\theap LFUDA \n\t\t\t\t90 \n\t\t\t\t95 \n\t\t\t\t100 \n\t\t\t\tufs \n\t\t\t\t16 \n\t\t\t\t/var/squid/cache \n\t\t\t\t0 \n\t\t\t\t4 \n\t\t\t\t64 \n\t\t\t\t256 \n\t\t\t\theap GDSF \n\t\t\t\t \n\t\t \n\t\t\n\t\t\t\n\t\t\t\tnone \n\t\t\t \n\t\t \n\t\t\n\t\t\t\n\t\t\t\ton \n\t\t\t\ton \n\t\t\t\tlan \n\t\t\t\t3128 \n\t\t\t\ton \n\t\t\t\tlan \n\t\t\t\tsplicewhitelist \n\t\t\t\tlan \n\t\t\t\tmodern \n\t\t\t\t2048 \n\t\t\t\tnone \n\t\t\t\t/var/squid/logs \n\t\t\t\tlocalhost \n\t\t\t\tadmin@localhost \n\t\t\t\ten \n\t\t\t\ton \n\t\t\t\tstrip \n\t\t\t\t \n\t\t \n\t\t\n\t\t\t\n\t\t\t\tLg== \n\t\t\t\t \n\t\t \n\t \n\t\n\t \n\t\n\t\t\n\t\t\tipalias \n\t\t\tlan \n\t\t\t5c0a4b6139b05 \n\t\t\tsingle \n\t\t\t24 \n\t\t\t10.255.2.254 \n\t\t \n\t\t\n\t\t\tipalias \n\t\t\tlan \n\t\t\t5c0a4bd391375 \n\t\t\tsingle \n\t\t\t24 \n\t\t\t10.255.3.254 \n\t\t \n\t \n\t\n\t\t\n\t\t\tpfSense \n\t\t\tacme.com \n\t\t \n\t \n\t\n\t\t\n\t\t\tvmx1 \n\t\t\t100 \n\t\t\tvmx1.100 \n\t\t \n\t\t\n\t\t\tvmx1 \n\t\t\t1100 \n\t\t\tvmx1.1100 \n\t\t \n\t\t\n\t\t\tvmx2 \n\t\t\t1100 \n\t\t\tvmx2.1100 \n\t\t \n\t \n \n"
},
{
"path": "tests/unit/plugins/modules/fixtures/pfsense_ipsec_proposal_config.xml",
"content": "\n\t18.9 \n\t\n\t\tnormal \n\t\tpfSense \n\t\tacme.com \n\t\ton \n\t\t\n\t\t\tall \n\t\t\tAll Users \n\t\t\tsystem \n\t\t\t1998 \n\t\t \n\t\t\n\t\t\tadmins \n\t\t\tSystem Administrators \n\t\t\tsystem \n\t\t\t1999 \n\t\t\t0 \n\t\t\tpage-all \n\t\t \n\t\t\n\t\t\tsystem \n\t\t\ttest \n\t\t\t \n\t\t\n\t\t\tsystem \n\t\t\tgroupe1 \n\t\t\t \n\t\t\n\t\t\tsystem \n\t\t\tgroupe2 \n\t\t\t \n\t\t\n\t\t\tadmin \n\t\t\tSystem Administrator \n\t\t\tsystem \n\t\t\tadmins \n\t\t\t$2y$10$AMCpA.Z.RNaferLp1yzFq.BvaGgfqaJKtQug7OErbocyNagsEK6xW \n\t\t\t0 \n\t\t\tuser-shell-access \n\t\t\t2 \n\t\t\tpfSense.css \n\t\t \n\t\t2000 \n\t\t2000 \n\t\t0.pfsense.pool.ntp.org \n\t\t\n\t\t\thttp \n\t\t\t5c00e5f9029df \n\t\t\t2 \n\t\t \n\t\tyes \n\t\t400000 \n\t\thadp \n\t\thadp \n\t\thadp \n\t\t\n\t\t\tmonthly \n\t\t \n\t\t\n\t\t\tenabled \n\t\t \n\t\tEtc/UTC \n\t \n\t\n\t\t\n\t\t\tvmx0 \n\t\t\twan \n\t\t\t192.168.240.137 \n\t\t\t32 \n\t\t\tSavedCfg \n\t\t\t24 \n\t\t\t \n\t\t\n\t\t\tvmx1 \n\t\t\tlan \n\t\t\t192.168.1.242 \n\t\t\t24 \n\t\t\t \n\t\t\n\t\t\tvmx2 \n\t\t\tvpn \n\t\t\t10.0.0.1 \n\t\t\t24 \n\t\t \n\t\t\n\t\t\tvmx3 \n\t\t\tvt1 \n\t\t\t \n\t\t\n\t\t\tlan_100 \n\t\t\tvmx1.1100 \n\t\t\t172.16.151.210 \n\t\t\t24 \n\t\t \n\t \n\t\n\t\t\n\t\t\t\n\t\t\t\t192.168.1.100 \n\t\t\t\t192.168.1.199 \n\t\t\t \n\t\t \n\t \n\t\n\t\t\n\t\t\t\n\t\t\t\t::1000 \n\t\t\t\t::2000 \n\t\t\t \n\t\t\tassist \n\t\t\tmedium \n\t\t \n\t \n\t\n\t\tpublic \n\t \n\t\n\t\t\n\t\t\t \n\t \n\t\n\t\t1 \n\t\t50 \n\t\tipv4 \n\t \n\t\n\t\t\n\t\t\tadvanced \n\t\t\t\n\t\t\t\t\n\t\t\t\t\tany \n\t\t\t\t \n\t\t\t\twan \n\t\t\t\t\n\t\t\t\t\t \n\t\t\t\t\n\t\t\t\t\t1544027052 \n\t\t\t\t\t \n\t\t\t\t\n\t\t\t\t\t1544027052 \n\t\t\t\t\t \n\t\t\t \n\t\t \n\t\t\n\t\t\t\n\t\t\t\t \n\t\t\t\n\t\t\t\twanip \n\t\t\t\t22022 \n\t\t\t \n\t\t\ttcp \n\t\t\t10.255.1.20 \n\t\t\t22 \n\t\t\twan \n\t\t\t\n\t\t\t\t1544085353 \n\t\t\t\t \n\t\t\t\n\t\t\t\t1544085353 \n\t\t\t\t \n\t\t \n\t \n\t\n\t\t\n\t\t\t\n\t\t\t\t\n\t\t\t\t\tfr1
\n\t\t\t\t\ttest_separator \n\t\t\t\t\tbg-info \n\t\t\t\t\tlan \n\t\t\t\t \n\t\t\t \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545574416 \n\t\t\t \n\t\t\ttcp \n\t\t\tantilock_out_1 \n\t\t\t\n\t\t\t\t1545574416 \n\t\t\t \n\t\t\t\n\t\t\t\tport_ssh \n\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\t \n\t\t\t1545574416 \n\t\t\twan \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545574416 \n\t\t\t \n\t\t\ttcp \n\t\t\tantilock_out_2 \n\t\t\t\n\t\t\t\t1545574416 \n\t\t\t \n\t\t\t\n\t\t\t\tport_http \n\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\t \n\t\t\t1545574416 \n\t\t\twan \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545574416 \n\t\t\t \n\t\t\ttcp \n\t\t\tantilock_out_3 \n\t\t\t\n\t\t\t\t1545574416 \n\t\t\t \n\t\t\t\n\t\t\t\t443 \n\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\t \n\t\t\t1545574416 \n\t\t\twan \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545574416 \n\t\t\t \n\t\t\ttcp \n\t\t\tantilock_out_1 \n\t\t\t\n\t\t\t\t1545574416 \n\t\t\t \n\t\t\t\n\t\t\t\tport_ssh \n\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\t \n\t\t\t1545574416 \n\t\t\tlan \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545574416 \n\t\t\t \n\t\t\ttcp \n\t\t\tantilock_out_2 \n\t\t\t\n\t\t\t\t1545574416 \n\t\t\t \n\t\t\t\n\t\t\t\tport_http \n\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\t \n\t\t\t1545574416 \n\t\t\tlan \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545574416 \n\t\t\t \n\t\t\ttcp \n\t\t\tantilock_out_3 \n\t\t\t\n\t\t\t\t1545574416 \n\t\t\t \n\t\t\t\n\t\t\t\t443 \n\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\t \n\t\t\t1545574416 \n\t\t\tlan \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\ticmp \n\t\t\tping_from_poc3_1 \n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\t\n\t\t\t\tsrv_admin \n\t\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\tlan_data_poc3 \n\t\t\t\t \n\t\t\t1545602758 \n\t\t\tlan \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\tudp \n\t\t\tads_to_ads_udp_1_1 \n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\t\n\t\t\t\tport_dns \n\t\t\t\tad_poc2 \n\t\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\tad_poc3 \n\t\t\t\t \n\t\t\t1545602758 \n\t\t\tlan \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\tudp \n\t\t\tads_to_ads_udp_1_2 \n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\t\n\t\t\t\tport_ldap \n\t\t\t\tad_poc2 \n\t\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\tad_poc3 \n\t\t\t\t \n\t\t\t1545602758 \n\t\t\tlan \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\tudp \n\t\t\tads_to_ads_udp_2_1 \n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\t\n\t\t\t\tport_dns \n\t\t\t\tad_poc1 \n\t\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\tad_poc3 \n\t\t\t\t \n\t\t\t1545602758 \n\t\t\tlan \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\tudp \n\t\t\tads_to_ads_udp_2_2 \n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\t\n\t\t\t\tport_ldap \n\t\t\t\tad_poc1 \n\t\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\tad_poc3 \n\t\t\t\t \n\t\t\t1545602758 \n\t\t\tlan \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\ttcp \n\t\t\tads_to_ads_tcp_1_1 \n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\t\n\t\t\t\tport_dns \n\t\t\t\tad_poc2 \n\t\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\tad_poc3 \n\t\t\t\t \n\t\t\t1545602758 \n\t\t\tlan \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\ttcp \n\t\t\tads_to_ads_tcp_1_2 \n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\t\n\t\t\t\tport_ldap \n\t\t\t\tad_poc2 \n\t\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\tad_poc3 \n\t\t\t\t \n\t\t\t1545602758 \n\t\t\tlan \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\ttcp \n\t\t\tads_to_ads_tcp_1_3 \n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\t\n\t\t\t\tport_ldap_ssl \n\t\t\t\tad_poc2 \n\t\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\tad_poc3 \n\t\t\t\t \n\t\t\t1545602758 \n\t\t\tlan \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\ttcp \n\t\t\tads_to_ads_tcp_2_1 \n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\t\n\t\t\t\tport_dns \n\t\t\t\tad_poc1 \n\t\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\tad_poc3 \n\t\t\t\t \n\t\t\t1545602758 \n\t\t\tlan \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\ttcp \n\t\t\tads_to_ads_tcp_2_2 \n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\t\n\t\t\t\tport_ldap \n\t\t\t\tad_poc1 \n\t\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\tad_poc3 \n\t\t\t\t \n\t\t\t1545602758 \n\t\t\tlan \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\ttcp \n\t\t\tads_to_ads_tcp_2_3 \n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\t\n\t\t\t\tport_ldap_ssl \n\t\t\t\tad_poc1 \n\t\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\tad_poc3 \n\t\t\t\t \n\t\t\t1545602758 \n\t\t\tlan \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545574416 \n\t\t\t \n\t\t\ttcp \n\t\t\tantilock_out_1 \n\t\t\t\n\t\t\t\t1545574416 \n\t\t\t \n\t\t\t\n\t\t\t\tport_ssh \n\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\t \n\t\t\t1545574416 \n\t\t\topt3 \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545574416 \n\t\t\t \n\t\t\ttcp \n\t\t\tantilock_out_2 \n\t\t\t\n\t\t\t\t1545574416 \n\t\t\t \n\t\t\t\n\t\t\t\tport_http \n\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\t \n\t\t\t1545574416 \n\t\t\topt3 \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545574416 \n\t\t\t \n\t\t\ttcp \n\t\t\tantilock_out_3 \n\t\t\t\n\t\t\t\t1545574416 \n\t\t\t \n\t\t\t\n\t\t\t\t443 \n\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\t \n\t\t\t1545574416 \n\t\t\topt3 \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\tudp \n\t\t\tvoid_conf_tftp_1 \n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\t\n\t\t\t\t69 \n\t\t\t\tlan_voip_poc2 \n\t\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\tipbx_poc3 \n\t\t\t\t \n\t\t\t1545602758 \n\t\t\topt3 \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\ticmp \n\t\t\tping_from_poc3_2 \n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\t\n\t\t\t\tsrv_admin \n\t\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\tlan_voip_poc3 \n\t\t\t\t \n\t\t\t1545602758 \n\t\t\topt3 \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\tudp \n\t\t\tvoid_conf_tftp_2 \n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\t\n\t\t\t\t69 \n\t\t\t\tlan_voip_poc1 \n\t\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\tipbx_poc3 \n\t\t\t\t \n\t\t\t1545602758 \n\t\t\topt3 \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545574416 \n\t\t\t \n\t\t\ttcp \n\t\t\tantilock_out_1 \n\t\t\t\n\t\t\t\t1545574416 \n\t\t\t \n\t\t\t\n\t\t\t\tport_ssh \n\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\t \n\t\t\t1545574416 \n\t\t\topt1 \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545574416 \n\t\t\t \n\t\t\ttcp \n\t\t\tantilock_out_2 \n\t\t\t\n\t\t\t\t1545574416 \n\t\t\t \n\t\t\t\n\t\t\t\tport_http \n\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\t \n\t\t\t1545574416 \n\t\t\topt1 \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545574416 \n\t\t\t \n\t\t\ttcp \n\t\t\tantilock_out_3 \n\t\t\t\n\t\t\t\t1545574416 \n\t\t\t \n\t\t\t\n\t\t\t\t443 \n\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\t \n\t\t\t1545574416 \n\t\t\topt1 \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\tudp \n\t\t\tvoid_conf_tftp_3 \n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\t\n\t\t\t\t69 \n\t\t\t\tlan_voip_poc3 \n\t\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\tipbx_poc2 \n\t\t\t\t \n\t\t\t1545602758 \n\t\t\topt1 \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\tudp \n\t\t\tads_to_ads_udp_3_1 \n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\t\n\t\t\t\tport_dns \n\t\t\t\tad_poc3 \n\t\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\tad_poc2 \n\t\t\t\t \n\t\t\t1545602758 \n\t\t\topt1 \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\tudp \n\t\t\tads_to_ads_udp_3_2 \n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\t\n\t\t\t\tport_ldap \n\t\t\t\tad_poc3 \n\t\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\tad_poc2 \n\t\t\t\t \n\t\t\t1545602758 \n\t\t\topt1 \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\tudp \n\t\t\tads_to_ads_udp_4_1 \n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\t\n\t\t\t\tport_dns \n\t\t\t\tad_poc3 \n\t\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\tad_poc1 \n\t\t\t\t \n\t\t\t1545602758 \n\t\t\topt1 \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\tudp \n\t\t\tads_to_ads_udp_4_2 \n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\t\n\t\t\t\tport_ldap \n\t\t\t\tad_poc3 \n\t\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\tad_poc1 \n\t\t\t\t \n\t\t\t1545602758 \n\t\t\topt1 \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\tudp \n\t\t\tvoid_conf_tftp_4 \n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\t\n\t\t\t\t69 \n\t\t\t\tlan_voip_poc3 \n\t\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\tipbx_poc1 \n\t\t\t\t \n\t\t\t1545602758 \n\t\t\topt1 \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\ttcp \n\t\t\tads_to_ads_tcp_4_1 \n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\t\n\t\t\t\tport_dns \n\t\t\t\tad_poc3 \n\t\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\tad_poc1 \n\t\t\t\t \n\t\t\t1545602758 \n\t\t\topt1 \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\ttcp \n\t\t\tads_to_ads_tcp_4_2 \n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\t\n\t\t\t\tport_ldap \n\t\t\t\tad_poc3 \n\t\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\tad_poc1 \n\t\t\t\t \n\t\t\t1545602758 \n\t\t\topt1 \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\ttcp \n\t\t\tads_to_ads_tcp_4_3 \n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\t\n\t\t\t\tport_ldap_ssl \n\t\t\t\tad_poc3 \n\t\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\tad_poc1 \n\t\t\t\t \n\t\t\t1545602758 \n\t\t\topt1 \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\tadmin_bypass \n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\t\n\t\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\tsrv_admin \n\t\t\t\t \n\t\t\t1545602758 \n\t\t\topt1 \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\ttcp \n\t\t\tads_to_ads_tcp_3_1 \n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\t\n\t\t\t\tport_dns \n\t\t\t\tad_poc3 \n\t\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\tad_poc2 \n\t\t\t\t \n\t\t\t1545602758 \n\t\t\topt1 \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\ttcp \n\t\t\tads_to_ads_tcp_3_2 \n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\t\n\t\t\t\tport_ldap \n\t\t\t\tad_poc3 \n\t\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\tad_poc2 \n\t\t\t\t \n\t\t\t1545602758 \n\t\t\topt1 \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\ttcp \n\t\t\tads_to_ads_tcp_3_3 \n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\t\n\t\t\t\tport_ldap_ssl \n\t\t\t\tad_poc3 \n\t\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\tad_poc2 \n\t\t\t\t \n\t\t\t1545602758 \n\t\t\topt1 \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t \n\t\n \n 1 \n ikev2 \n opt3 \n 1.2.4.8 \n inet \n myaddress \n peeraddress \n \n - \n
\n aes \n 128 \n \n\t\t\t sha256 \n\t\t\t sha256 \n 14 \n \n - \n
\n aes \n 256 \n \n sha256 \n\t\t\t sha256 \n 14 \n \n - \n
\n aes128gcm \n 128 \n \n sha256 \n\t\t\t sha256 \n 14 \n \n - \n
\n blowfish \n 256 \n \n aesxcbc \n\t\t\t sha256 \n 14 \n \n \n 28800 \n 1234 \n pre_shared_key \n test_tunnel \n on \n off \n 10 \n 5 \n \n \n 1 \n 5db7be207c845 \n tunnel \n 1 \n \n lan \n \n \n network \n 10.20.30.40 \n 24 \n \n esp \n \n aes \n 128 \n \n \n aes128gcm \n 128 \n \n hmac_sha256 \n 14 \n 3600 \n \n \n 1 \n 5db7be3c0502e \n tunnel \n 2 \n \n lan \n \n \n network \n 10.20.30.50 \n 24 \n \n esp \n \n aes \n 128 \n \n \n aes128gcm \n 128 \n \n hmac_sha256 \n 14 \n 3600 \n \n \n 2 \n ikev1 \n opt3 \n 1.2.3.6 \n inet \n myaddress \n peeraddress \n 28800 \n 1234 \n 5c00e5f9029df \n 5db509cfed87d \n rsasig \n test_tunnel2 \n on \n off \n 10 \n 5 \n \n \n\t\n\t\t\n\t\t\tport \n\t\t\tport_ssh \n\t\t\t22 \n\t\t \n\t\t\n\t\t\tport \n\t\t\tport_http \n\t\t\t80 \n\t\t \n\t\t\n\t\t\thost \n\t\t\tsrv_admin \n\t\t\t192.168.1.165 \n\t\t \n\t\t\n\t\t\tport \n\t\t\tport_dns \n\t\t\t51 \n\t\t \n\t\t\n\t\t\tport \n\t\t\tport_ldap \n\t\t\t389 \n\t\t \n\t\t\n\t\t\tport \n\t\t\tport_ldap_ssl \n\t\t\t636 \n\t\t \n\t\n\t\t\tnetwork \n\t\t\tlan_voip_poc2 \n\t\t\t172.16.2.0/24 \n\t\t\t \n\t\t\n\t\t\tnetwork \n\t\t\tlan_voip_poc3 \n\t\t\t172.16.3.0/24 \n\t\t\t \n\t\t\n\t\t\tnetwork \n\t\t\tlan_voip_poc1 \n\t\t\t172.16.1.0/24 \n\t\t\t \n\t\t\n\t\t\thost \n\t\t\tad_poc3 \n\t\t\t192.168.3.3 \n\t\t\t \n\t\t\n\t\t\thost \n\t\t\tad_poc2 \n\t\t\t192.168.2.3 \n\t\t\t \n\t\t\n\t\t\thost \n\t\t\tad_poc1 \n\t\t\t192.168.1.3 \n\t\t\t \n\t\t\n\t\t\tnetwork \n\t\t\tlan_data_poc3 \n\t\t\t192.168.3.0/24 \n\t\t\t \n\t\t\n\t\t\thost \n\t\t\tipbx_poc3 \n\t\t\t172.16.3.3 \n\t\t\t \n\t\t\n\t\t\thost \n\t\t\tipbx_poc2 \n\t\t\t172.16.2.3 \n\t\t\t \n\t\t\n\t\t\thost \n\t\t\tipbx_poc1 \n\t\t\t172.16.1.3 \n\t\t\t \n\t\t\n\t\t\thttp://www.acme-corp.com \n\t\t\turltable \n\t\t\t10 \n\t\t\thttp://www.acme-corp.com \n\t\t\tacme_corp \n\t\t\t \n\t\t \n\t\n\t\t- \n\t\t\t
1,31 \n\t\t\t0-5 \n\t\t\t* \n\t\t\t* \n\t\t\t* \n\t\t\troot \n\t\t\t/usr/bin/nice -n20 adjkerntz -a \n\t\t \n\t\t- \n\t\t\t
1 \n\t\t\t3 \n\t\t\t1 \n\t\t\t* \n\t\t\t* \n\t\t\troot \n\t\t\t/usr/bin/nice -n20 /etc/rc.update_bogons.sh \n\t\t \n\t\t- \n\t\t\t
*/60 \n\t\t\t* \n\t\t\t* \n\t\t\t* \n\t\t\t* \n\t\t\troot \n\t\t\t/usr/bin/nice -n20 /usr/local/sbin/expiretable -v -t 3600 sshguard \n\t\t \n\t\t- \n\t\t\t
*/60 \n\t\t\t* \n\t\t\t* \n\t\t\t* \n\t\t\t* \n\t\t\troot \n\t\t\t/usr/bin/nice -n20 /usr/local/sbin/expiretable -v -t 3600 webConfiguratorlockout \n\t\t \n\t\t- \n\t\t\t
1 \n\t\t\t1 \n\t\t\t* \n\t\t\t* \n\t\t\t* \n\t\t\troot \n\t\t\t/usr/bin/nice -n20 /etc/rc.dyndns.update \n\t\t \n\t\t- \n\t\t\t
*/60 \n\t\t\t* \n\t\t\t* \n\t\t\t* \n\t\t\t* \n\t\t\troot \n\t\t\t/usr/bin/nice -n20 /usr/local/sbin/expiretable -v -t 3600 virusprot \n\t\t \n\t\t- \n\t\t\t
30 \n\t\t\t12 \n\t\t\t* \n\t\t\t* \n\t\t\t* \n\t\t\troot \n\t\t\t/usr/bin/nice -n20 /etc/rc.update_urltables \n\t\t \n\t\t- \n\t\t\t
1 \n\t\t\t0 \n\t\t\t* \n\t\t\t* \n\t\t\t* \n\t\t\troot \n\t\t\t/usr/bin/nice -n20 /etc/rc.update_pkg_metadata \n\t\t \n\t\t- \n\t\t\t
0 \n\t\t\t0 \n\t\t\t* \n\t\t\t* \n\t\t\t* \n\t\t\troot \n\t\t\t/usr/local/sbin/squid -k rotate -f /usr/local/etc/squid/squid.conf \n\t\t \n\t\t- \n\t\t\t
15 \n\t\t\t0 \n\t\t\t* \n\t\t\t* \n\t\t\t* \n\t\t\troot \n\t\t\t/usr/local/pkg/swapstate_check.php \n\t\t \n\t \n\t\n\t\t \n\t\n\t\t\n\t\t\tICMP \n\t\t\ticmp \n\t\t\tICMP \n\t\t\t \n\t\t\n\t\t\tTCP \n\t\t\ttcp \n\t\t\tGeneric TCP \n\t\t\t \n\t\t\n\t\t\tHTTP \n\t\t\thttp \n\t\t\tGeneric HTTP \n\t\t\t\n\t\t\t\t/ \n\t\t\t\t200\n\t\t\t \n\t\t \n\t\t\n\t\t\tHTTPS \n\t\t\thttps \n\t\t\tGeneric HTTPS \n\t\t\t\n\t\t\t\t/ \n\t\t\t\t200\n\t\t\t \n\t\t \n\t\t\n\t\t\tSMTP \n\t\t\tsend \n\t\t\tGeneric SMTP \n\t\t\t\n\t\t\t\t220 * \n\t\t\t \n\t\t \n\t \n\t\n\t\tsystem_information:col1:open:0,interfaces:col2:open:0 \n\t\t10 \n\t \n\t\n\t\t \n\t\n\t\t1545602758 \n\t\taggregated change \n\t\t \n \n\t\t5c00e5f9029df \n\t\twebConfigurator default (5c00e5f9029df) \n\t\tserver \n\t\tLS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUVlakNDQTJLZ0F3SUJBZ0lCQURBTkJna3Foa2lHOXcwQkFRc0ZBREJhTVRnd05nWURWUVFLRXk5d1psTmwKYm5ObElIZGxZa052Ym1acFozVnlZWFJ2Y2lCVFpXeG1MVk5wWjI1bFpDQkRaWEowYVdacFkyRjBaVEVlTUJ3RwpBMVVFQXhNVmNHWlRaVzV6WlMwMVl6QXdaVFZtT1RBeU9XUm1NQjRYRFRFNE1URXpNREEzTWpVME5Wb1hEVEkwCk1EVXlNakEzTWpVME5Wb3dXakU0TURZR0ExVUVDaE12Y0daVFpXNXpaU0IzWldKRGIyNW1hV2QxY21GMGIzSWcKVTJWc1ppMVRhV2R1WldRZ1EyVnlkR2xtYVdOaGRHVXhIakFjQmdOVkJBTVRGWEJtVTJWdWMyVXROV013TUdVMQpaamt3TWpsa1pqQ0NBU0l3RFFZSktvWklodmNOQVFFQkJRQURnZ0VQQURDQ0FRb0NnZ0VCQU9SRHNBV1hlMitrCmtuUFpBUGxBUG1QUUl6RVBDaXBQdXJ4dmE4c0psSCtiNitKRzl4bnpreXptaVR5SFc0M0tmZzVKNzhCdG1jTmQKWlgvZHlyckZ6dlNiQnZpa21lWk9MdGVaejVaaGFOdkxsbjBxRWZibEFwbWdkUS9Nck42eURoTWNZYWN6SEduTwpTaHdFRWZoMHhuOGo5VEFCMG9vT0JyU2dINnpkTjF2YVFIZzBJeDhIa0toUzY5eDRoV3g2WUUrRE9UQk00NUcwCkNVbitUVzNTSytQaU5QaFExT2tyRHlKL21ZLzdmVXpRZkg1bk5ZcEtNZUE2cVZxdUZTa1g0a0RVRlFwOHNoNG4KMXR5QmtJM2gvTFRpTW5uNjhBMXhKOFdrVW8yUWNxNmNuR0hqL0VGbkVKWWRraTVsYUtDWG5wS0Y0c2hrZHJaVgpRN21ybithUHg5OENBd0VBQWFPQ0FVa3dnZ0ZGTUFrR0ExVWRFd1FDTUFBd0VRWUpZSVpJQVliNFFnRUJCQVFECkFnWkFNQXNHQTFVZER3UUVBd0lGb0RBekJnbGdoa2dCaHZoQ0FRMEVKaFlrVDNCbGJsTlRUQ0JIWlc1bGNtRjAKWldRZ1UyVnlkbVZ5SUVObGNuUnBabWxqWVhSbE1CMEdBMVVkRGdRV0JCU3Qra3hud054UlFGT2pXVTljekRwegp4elRYd2pDQmdnWURWUjBqQkhzd2VZQVVyZnBNWjhEY1VVQlRvMWxQWE13NmM4YzAxOEtoWHFSY01Gb3hPREEyCkJnTlZCQW9UTDNCbVUyVnVjMlVnZDJWaVEyOXVabWxuZFhKaGRHOXlJRk5sYkdZdFUybG5ibVZrSUVObGNuUnAKWm1sallYUmxNUjR3SEFZRFZRUURFeFZ3WmxObGJuTmxMVFZqTURCbE5XWTVNREk1WkdhQ0FRQXdIUVlEVlIwbApCQll3RkFZSUt3WUJCUVVIQXdFR0NDc0dBUVVGQ0FJQ01DQUdBMVVkRVFRWk1CZUNGWEJtVTJWdWMyVXROV013Ck1HVTFaamt3TWpsa1pqQU5CZ2txaGtpRzl3MEJBUXNGQUFPQ0FRRUEzZHhIRWR5SkpWeC9od0t3WGlwcXYrY04KWFpSQ3Q1NUFHbnNGeXZIcG5Rb3pxYzV1ZFdKSTFUcGF1TGNaZjF6OFM1cXQyUDd3V1BndFhnZ3BIWmgydUlqagpha2ZpV0JIQnorS3Q2Qjl5K2hmVTVPRHUwSXMrcHJyWngyM0ZNNjVCOFNiMGlmUlMvZXFTTFpHTHcvLzdhRVJ2CnVpOUhKOXRuemhRYklMb1VwUUQ5MTRLNERldXdJYXZ4dldMTElwMGsreWNoSTczV2NGR1VZVlJpanFNekhlcUcKY2RLRDVtbXZQTk1OYXdESVhuU3pldVpQMTkvVmhuc0J0Y3hiYzNMQ2RSR1VJS0ZNN2syK0xoaEZrdks1NjhlNQozalpNZjNSVWhQaTlFeEF2Vmw3blVyd1l4UU45TXhHMUJzZmNrYldNd1dUL3lFMHFnRHcrT2M4b21SSW9tZz09Ci0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K \n\t\tLS0tLS1CRUdJTiBQUklWQVRFIEtFWS0tLS0tCk1JSUV2UUlCQURBTkJna3Foa2lHOXcwQkFRRUZBQVNDQktjd2dnU2pBZ0VBQW9JQkFRRGtRN0FGbDN0dnBKSnoKMlFENVFENWowQ014RHdvcVQ3cThiMnZMQ1pSL20rdmlSdmNaODVNczVvazhoMXVOeW40T1NlL0FiWm5EWFdWLwozY3E2eGM3MG13YjRwSm5tVGk3WG1jK1dZV2pieTVaOUtoSDI1UUtab0hVUHpLemVzZzRUSEdHbk14eHB6a29jCkJCSDRkTVovSS9Vd0FkS0tEZ2Ewb0IrczNUZGIya0I0TkNNZkI1Q29VdXZjZUlWc2VtQlBnemt3VE9PUnRBbEoKL2sxdDBpdmo0alQ0VU5UcEt3OGlmNW1QKzMxTTBIeCtaeldLU2pIZ09xbGFyaFVwRitKQTFCVUtmTEllSjliYwpnWkNONGZ5MDRqSjUrdkFOY1NmRnBGS05rSEt1bkp4aDQveEJaeENXSFpJdVpXaWdsNTZTaGVMSVpIYTJWVU81CnE1L21qOGZmQWdNQkFBRUNnZ0VCQUpmblI1TmhESjd1T1J2cEZKSEtvL3BPZjZ6ZElsbW45MUFCSWczYkVUeWUKcWFwS3FaUldtT0d2aFRLSHJYQzlpWWUrd2xNZlhNMDdNUm1Yb3BzS21rQURqdThXc3VnbHJWeURHamNzR2RqegpNZkdYZHA4RUplZlFkVGFQY1pjOWpNcEEvK2VCeHUzT2Yxa0hpR0g4YkVBZDBNUWk0bFpISVVWQXJmT2V2NEZhCmlaTEJGdTEzY0pCMEJNbzJUZU9JZDQ1R0p3OXVTQWd3Q1VuZWQ5WG42SlkremI3cVRKUE1qQkdlYWY0L0E5UnMKV29nWW85ZUtYaTF3YmFRcGthdUZINWx2U29jckRsQWRiaERiam00c0lIdzJtQUwwSUk0d1YzVTJLbUhFMEg3Nwp2b1M0dUdHNW1BZFZ0elRDTnZOa09YMC9WVWdNMTJ1eHllZVZ4c3FaTkxFQ2dZRUEvcFhJR2hDNlhkVkNNNDk1CkVsR1RENW4zUXdUOTZXZkNRQ0w2cXlaK1UwUHNla0dDV2pXTWt3R2tHbWl1ZkVKdFN2VFl2d1NzcUZpaTZsdlkKNXRKSkR3dEd4ZW0weEF0SWc3RlNuUVcvdDNWcExXOE9QVmFXQ0lOSXJKSHc3L2tOZ2RpVmNBWXpiN05DUGtjVgptTEs5aSt6bXpKMmkrbE9vaFVKRlE5aVZEQWNDZ1lFQTVZaDFHYWlGMUl6UzRVdE9pZklLcjZ3bW40MEQ3ZEVmClF5SXF5d3JSTVcya1BxVkViaVBCVkM3dUxUeUlKMWdwVDhPakl3WFlrOUlRdW01ZW42TTc2aXlxYmUrY3JhdE8KbEliK3pLL2RBNzZuUjBHOGJ2eVBmMS9FbU5vL0J1ZUZldWQyaWNacWhMd25HUkxUL0FPQktkMTZ4ZGtoSjdkVwo5WWRsbmliL0gya0NnWUJqaC8rQllVVGJab0xKVWJCTjN5S1ZtT1k0aDMwVmdZRktQZUt1Z3hBa1VZdmtpRFFFClBLZEcyZjlrYThTN3crU2l4M0x0eTFBTlNRbjRnZ3djd2QzYVNkaFRpL2ttSkJzbmtXM3hBY3hnVjBEVmlIT1MKdTRWUXNyTDQ5TjJ6bERVWnJLbFA4THl2VU8vM0ZTZDJXWHNOZDRNTVFCejFyVHRYVGY5eWRQeGdoUUtCZ0FzRgptWEhvK0x3ekl2RTBsNG5pT0ljbEFobkpRTFlMdzYrS2xYbDRoSUVXSGJ2d1hhL1lRYkZVSzVXNmdXTTZSWW1TCkFHUnZKRzQ4dVJicXM5cUFrU0Qya2h5RFZBZTI0U2dhcjJPTzBsTWF0WmVqWFhRSzVxMGNJU21oMlVMd25TVkEKdGgxNWpLWGhEeE9TSnVIRUhWQ3dWUFBwTUVGaStXY0M0R3RPdmhONUFvR0FKbXdFSkR2QkZtL0t0SXlZMDhuQgpJSExkc1dSWmRXOXpNbHBsMVk2OTV1b21qS1hVMEwva3VDZ1QwRFVVVG1VK0Q3aGFZL2FQajB6MWpqR0JGcEQ0ClJ3cVA2dVJQTVhRMExLSG5IbmFQclJzanM2Q2xicVQ4ZU93dTRkeVpmYUtTS3VvbVpDZ1pkV2ZxWThVL21tbWIKT21vckhNeWJzWG0wWnJNaTZOemlzam89Ci0tLS0tRU5EIFBSSVZBVEUgS0VZLS0tLS0K \n\t \n \n\t\t5c00e5f9029de \n\t\twebConfigurator default copy \n\t\tserver \n\t\tLS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUVlakNDQTJLZ0F3SUJBZ0lCQURBTkJna3Foa2lHOXcwQkFRc0ZBREJhTVRnd05nWURWUVFLRXk5d1psTmwKYm5ObElIZGxZa052Ym1acFozVnlZWFJ2Y2lCVFpXeG1MVk5wWjI1bFpDQkRaWEowYVdacFkyRjBaVEVlTUJ3RwpBMVVFQXhNVmNHWlRaVzV6WlMwMVl6QXdaVFZtT1RBeU9XUm1NQjRYRFRFNE1URXpNREEzTWpVME5Wb1hEVEkwCk1EVXlNakEzTWpVME5Wb3dXakU0TURZR0ExVUVDaE12Y0daVFpXNXpaU0IzWldKRGIyNW1hV2QxY21GMGIzSWcKVTJWc1ppMVRhV2R1WldRZ1EyVnlkR2xtYVdOaGRHVXhIakFjQmdOVkJBTVRGWEJtVTJWdWMyVXROV013TUdVMQpaamt3TWpsa1pqQ0NBU0l3RFFZSktvWklodmNOQVFFQkJRQURnZ0VQQURDQ0FRb0NnZ0VCQU9SRHNBV1hlMitrCmtuUFpBUGxBUG1QUUl6RVBDaXBQdXJ4dmE4c0psSCtiNitKRzl4bnpreXptaVR5SFc0M0tmZzVKNzhCdG1jTmQKWlgvZHlyckZ6dlNiQnZpa21lWk9MdGVaejVaaGFOdkxsbjBxRWZibEFwbWdkUS9Nck42eURoTWNZYWN6SEduTwpTaHdFRWZoMHhuOGo5VEFCMG9vT0JyU2dINnpkTjF2YVFIZzBJeDhIa0toUzY5eDRoV3g2WUUrRE9UQk00NUcwCkNVbitUVzNTSytQaU5QaFExT2tyRHlKL21ZLzdmVXpRZkg1bk5ZcEtNZUE2cVZxdUZTa1g0a0RVRlFwOHNoNG4KMXR5QmtJM2gvTFRpTW5uNjhBMXhKOFdrVW8yUWNxNmNuR0hqL0VGbkVKWWRraTVsYUtDWG5wS0Y0c2hrZHJaVgpRN21ybithUHg5OENBd0VBQWFPQ0FVa3dnZ0ZGTUFrR0ExVWRFd1FDTUFBd0VRWUpZSVpJQVliNFFnRUJCQVFECkFnWkFNQXNHQTFVZER3UUVBd0lGb0RBekJnbGdoa2dCaHZoQ0FRMEVKaFlrVDNCbGJsTlRUQ0JIWlc1bGNtRjAKWldRZ1UyVnlkbVZ5SUVObGNuUnBabWxqWVhSbE1CMEdBMVVkRGdRV0JCU3Qra3hud054UlFGT2pXVTljekRwegp4elRYd2pDQmdnWURWUjBqQkhzd2VZQVVyZnBNWjhEY1VVQlRvMWxQWE13NmM4YzAxOEtoWHFSY01Gb3hPREEyCkJnTlZCQW9UTDNCbVUyVnVjMlVnZDJWaVEyOXVabWxuZFhKaGRHOXlJRk5sYkdZdFUybG5ibVZrSUVObGNuUnAKWm1sallYUmxNUjR3SEFZRFZRUURFeFZ3WmxObGJuTmxMVFZqTURCbE5XWTVNREk1WkdhQ0FRQXdIUVlEVlIwbApCQll3RkFZSUt3WUJCUVVIQXdFR0NDc0dBUVVGQ0FJQ01DQUdBMVVkRVFRWk1CZUNGWEJtVTJWdWMyVXROV013Ck1HVTFaamt3TWpsa1pqQU5CZ2txaGtpRzl3MEJBUXNGQUFPQ0FRRUEzZHhIRWR5SkpWeC9od0t3WGlwcXYrY04KWFpSQ3Q1NUFHbnNGeXZIcG5Rb3pxYzV1ZFdKSTFUcGF1TGNaZjF6OFM1cXQyUDd3V1BndFhnZ3BIWmgydUlqagpha2ZpV0JIQnorS3Q2Qjl5K2hmVTVPRHUwSXMrcHJyWngyM0ZNNjVCOFNiMGlmUlMvZXFTTFpHTHcvLzdhRVJ2CnVpOUhKOXRuemhRYklMb1VwUUQ5MTRLNERldXdJYXZ4dldMTElwMGsreWNoSTczV2NGR1VZVlJpanFNekhlcUcKY2RLRDVtbXZQTk1OYXdESVhuU3pldVpQMTkvVmhuc0J0Y3hiYzNMQ2RSR1VJS0ZNN2syK0xoaEZrdks1NjhlNQozalpNZjNSVWhQaTlFeEF2Vmw3blVyd1l4UU45TXhHMUJzZmNrYldNd1dUL3lFMHFnRHcrT2M4b21SSW9tZz09Ci0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K \n\t\tLS0tLS1CRUdJTiBQUklWQVRFIEtFWS0tLS0tCk1JSUV2UUlCQURBTkJna3Foa2lHOXcwQkFRRUZBQVNDQktjd2dnU2pBZ0VBQW9JQkFRRGtRN0FGbDN0dnBKSnoKMlFENVFENWowQ014RHdvcVQ3cThiMnZMQ1pSL20rdmlSdmNaODVNczVvazhoMXVOeW40T1NlL0FiWm5EWFdWLwozY3E2eGM3MG13YjRwSm5tVGk3WG1jK1dZV2pieTVaOUtoSDI1UUtab0hVUHpLemVzZzRUSEdHbk14eHB6a29jCkJCSDRkTVovSS9Vd0FkS0tEZ2Ewb0IrczNUZGIya0I0TkNNZkI1Q29VdXZjZUlWc2VtQlBnemt3VE9PUnRBbEoKL2sxdDBpdmo0alQ0VU5UcEt3OGlmNW1QKzMxTTBIeCtaeldLU2pIZ09xbGFyaFVwRitKQTFCVUtmTEllSjliYwpnWkNONGZ5MDRqSjUrdkFOY1NmRnBGS05rSEt1bkp4aDQveEJaeENXSFpJdVpXaWdsNTZTaGVMSVpIYTJWVU81CnE1L21qOGZmQWdNQkFBRUNnZ0VCQUpmblI1TmhESjd1T1J2cEZKSEtvL3BPZjZ6ZElsbW45MUFCSWczYkVUeWUKcWFwS3FaUldtT0d2aFRLSHJYQzlpWWUrd2xNZlhNMDdNUm1Yb3BzS21rQURqdThXc3VnbHJWeURHamNzR2RqegpNZkdYZHA4RUplZlFkVGFQY1pjOWpNcEEvK2VCeHUzT2Yxa0hpR0g4YkVBZDBNUWk0bFpISVVWQXJmT2V2NEZhCmlaTEJGdTEzY0pCMEJNbzJUZU9JZDQ1R0p3OXVTQWd3Q1VuZWQ5WG42SlkremI3cVRKUE1qQkdlYWY0L0E5UnMKV29nWW85ZUtYaTF3YmFRcGthdUZINWx2U29jckRsQWRiaERiam00c0lIdzJtQUwwSUk0d1YzVTJLbUhFMEg3Nwp2b1M0dUdHNW1BZFZ0elRDTnZOa09YMC9WVWdNMTJ1eHllZVZ4c3FaTkxFQ2dZRUEvcFhJR2hDNlhkVkNNNDk1CkVsR1RENW4zUXdUOTZXZkNRQ0w2cXlaK1UwUHNla0dDV2pXTWt3R2tHbWl1ZkVKdFN2VFl2d1NzcUZpaTZsdlkKNXRKSkR3dEd4ZW0weEF0SWc3RlNuUVcvdDNWcExXOE9QVmFXQ0lOSXJKSHc3L2tOZ2RpVmNBWXpiN05DUGtjVgptTEs5aSt6bXpKMmkrbE9vaFVKRlE5aVZEQWNDZ1lFQTVZaDFHYWlGMUl6UzRVdE9pZklLcjZ3bW40MEQ3ZEVmClF5SXF5d3JSTVcya1BxVkViaVBCVkM3dUxUeUlKMWdwVDhPakl3WFlrOUlRdW01ZW42TTc2aXlxYmUrY3JhdE8KbEliK3pLL2RBNzZuUjBHOGJ2eVBmMS9FbU5vL0J1ZUZldWQyaWNacWhMd25HUkxUL0FPQktkMTZ4ZGtoSjdkVwo5WWRsbmliL0gya0NnWUJqaC8rQllVVGJab0xKVWJCTjN5S1ZtT1k0aDMwVmdZRktQZUt1Z3hBa1VZdmtpRFFFClBLZEcyZjlrYThTN3crU2l4M0x0eTFBTlNRbjRnZ3djd2QzYVNkaFRpL2ttSkJzbmtXM3hBY3hnVjBEVmlIT1MKdTRWUXNyTDQ5TjJ6bERVWnJLbFA4THl2VU8vM0ZTZDJXWHNOZDRNTVFCejFyVHRYVGY5eWRQeGdoUUtCZ0FzRgptWEhvK0x3ekl2RTBsNG5pT0ljbEFobkpRTFlMdzYrS2xYbDRoSUVXSGJ2d1hhL1lRYkZVSzVXNmdXTTZSWW1TCkFHUnZKRzQ4dVJicXM5cUFrU0Qya2h5RFZBZTI0U2dhcjJPTzBsTWF0WmVqWFhRSzVxMGNJU21oMlVMd25TVkEKdGgxNWpLWGhEeE9TSnVIRUhWQ3dWUFBwTUVGaStXY0M0R3RPdmhONUFvR0FKbXdFSkR2QkZtL0t0SXlZMDhuQgpJSExkc1dSWmRXOXpNbHBsMVk2OTV1b21qS1hVMEwva3VDZ1QwRFVVVG1VK0Q3aGFZL2FQajB6MWpqR0JGcEQ0ClJ3cVA2dVJQTVhRMExLSG5IbmFQclJzanM2Q2xicVQ4ZU93dTRkeVpmYUtTS3VvbVpDZ1pkV2ZxWThVL21tbWIKT21vckhNeWJzWG0wWnJNaTZOemlzam89Ci0tLS0tRU5EIFBSSVZBVEUgS0VZLS0tLS0K \n\t \n \n 5db509cfed87d \n LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUQyVENDQXNHZ0F3SUJBZ0lCQURBTkJna3Foa2lHOXcwQkFRc0ZBREJTTVJRd0VnWURWUVFERXd0cGJuUmwKY201aGJDMWpZVEVOTUFzR0ExVUVDQk1FZEdWemRERU5NQXNHQTFVRUJ4TUVkR1Z6ZERFTk1Bc0dBMVVFQ2hNRQpkR1Z6\nZERFTk1Bc0dBMVVFQ3hNRWRHVnpkREFlRncweE9URXdNamN3TXpBMk5UWmFGdzB5T1RFd01qUXdNekEyCk5UWmFNRkl4RkRBU0JnTlZCQU1UQzJsdWRHVnlibUZzTFdOaE1RMHdDd1lEVlFRSUV3UjBaWE4wTVEwd0N3WUQKVlFRSEV3UjBaWE4wTVEwd0N3WURWUVFLRXdSMFpYTjBNUTB3Q3dZRFZRUUxFd1IwWlhOM\nE1JSUJJakFOQmdrcQpoa2lHOXcwQkFRRUZBQU9DQVE4QU1JSUJDZ0tDQVFFQXdpbHJ0bjJMaVpSc0g3Tit4MjZKK3BOcEhFL0FncWoyCkNYeG5wQUZKdWVCSlhaSVdPZWtEOEVteHRZUkQ2Wi9jMEEya0ZsTXk3VmwwTVZpL3Q3QUx1NEJVUWI3ZVNKQXgKaWd0VXMwTHJRbHhNSDh5S3VqcEg1RWtlZHZoYmtRcW0zNG\n02T21oR2RwUDBsT3BxWUFJN3pwYzlwODl2M1FPcwptUHBibkNDNE9kRUR6WDNFWWZ5YVZNWXZCa3FTVTZPczZ4VXRRL3JCV2F2T3lzQXlGSzBJSmFYRHI3QjVzZVV3CkdZOG5laHVJTmpicjlXbkFXN0ozcHZ0ZHhRbS9JUENHRGJXYnBtQVpEalRkQ1p3ZTU0MTlnejBZNlJVUDV6bGgKZFNKY1F6cDZjalR4aytiM1Y\nwd3Z5VlRDKzlmMC9wbDRMS3FIZE9ycWt4dHNEaUFzNUZjenlRSURBUUFCbzRHNQpNSUcyTUIwR0ExVWREZ1FXQkJUUnNyckN4cVUvMWxvTTBnS1RFNmlaMmxJNnV6QjZCZ05WSFNNRWN6QnhnQlRSCnNyckN4cVUvMWxvTTBnS1RFNmlaMmxJNnU2RldwRlF3VWpFVU1CSUdBMVVFQXhNTGFXNTBaWEp1WVd3dFkyRXgK\nRFRBTEJnTlZCQWdUQkhSbGMzUXhEVEFMQmdOVkJBY1RCSFJsYzNReERUQUxCZ05WQkFvVEJIUmxjM1F4RFRBTApCZ05WQkFzVEJIUmxjM1NDQVFBd0RBWURWUjBUQkFVd0F3RUIvekFMQmdOVkhROEVCQU1DQVFZd0RRWUpLb1pJCmh2Y05BUUVMQlFBRGdnRUJBQWd4MThXZk1ZVEcvdkw5d045clZmRmJNRnE3N2g0W\nGhBYkJPK1ZGR1liMlBRRXQKcFdwWW9sUjl0aUwvSzhXMGFCcEt6SkRtam1zKzVkNEtlYkxFdnNzdGttSi8vSlFVODdmVU1MVGp3WTBremdHUgpSMkNaUlJJcEc1cEJ6M0ZWeGU4a211YVppWDNvbGlHM2FzV1ByYmpQUUdzU21aRTZ0Y3h1Unh2cW4zOVVoSzRyCnJ4VDZqKzdxRGVWbmFzcThkYWdqT3ZKVjh1MTk4eG\nVyQmZwaFkzdDJwMEJjTDF4NmhrWWwvNnI2VGxTVmEwT1EKVUJXWHNDR1NGK1QrY2Z0VE43OEhOYTJFZlNRelMwRkVRTTJrY1VzMGV4cE9YZlo4UU1BdU5lVEpvc013NVh3ego0bERDUFEwZ09yWUxvdWJVWDlwK0NBSi9qeUNxc3FwRW53bmRiUEE9Ci0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K \n LS0tLS1CRUdJTiBQUklWQVRFIEtFWS0tLS0tCk1JSUV2UUlCQURBTkJna3Foa2lHOXcwQkFRRUZBQVNDQktjd2dnU2pBZ0VBQW9JQkFRRENLV3UyZll1SmxHd2YKczM3SGJvbjZrMmtjVDhDQ3FQWUpmR2VrQVVtNTRFbGRraFk1NlFQd1NiRzFoRVBwbjl6UURhUVdVekx0V1hReApXTCsz\nc0F1N2dGUkJ2dDVJa0RHS0MxU3pRdXRDWEV3ZnpJcTZPa2ZrU1I1MitGdVJDcWJmaWJvNmFFWjJrL1NVCjZtcGdBanZPbHoybnoyL2RBNnlZK2x1Y0lMZzUwUVBOZmNSaC9KcFV4aThHU3BKVG82enJGUzFEK3NGWnE4N0sKd0RJVXJRZ2xwY092c0hteDVUQVpqeWQ2RzRnMk51djFhY0Jic25lbSsxM0ZDYjhnOElZT\nnRadW1ZQmtPTk4wSgpuQjdualgyRFBSanBGUS9uT1dGMUlseERPbnB5TlBHVDV2ZFhUQy9KVk1MNzEvVCttWGdzcW9kMDZ1cVRHMndPCklDemtWelBKQWdNQkFBRUNnZ0VBT3oyZ0c4SWFmUlBJR2JRT2pwTHZqb0REcFZ2QUJSM0FWQXlkSXJFeDZZREIKWWNkYytMWmIrVWpDNi9zN0xXRVZZbldIQnpqRFpSL1NEK3\nhnTW8rSVJPRlcwK2lFc2VjczlrMld2a3RBdExLcwpsMWMxVExUVGtwZXNyK2YvS0RYenpHaWRaWXpEVXhLNW9XWVVwczZIcVBVRVh0c3Y2bU5nbWh4cEx5M2NoK2J4CjlWZ0daMm40NWhTU2NnQnNWay8rM0tEc3l5KzhlUHBrUGN4SS9nV3hCZkx1bWhMeGZSeTM5cy9yZUxla1hvdkkKNXp1Q0FYMEVRWithSHdhU2F\nyOEMwRkRzZ01xZFdyR2xpcVVmMWhCZlpYNm5pWkhITWw1MkRKNExUN0liR1p1LwpDNFhTSXVxdXBGMkVyZmxabkQ1WnByV1BYdEJVU3R2TDNBQUg2Vkl4d1FLQmdRRG9HcFVRZXZJUXZkRG1peldqCjgyZmE5bGxEazd6bzdKMVYreS92bWYrdTFrVUh4YUl5M2prbXVtTHpQMDIwTUJEVmtkSnh1TEVwQkVSVEdlSVcK\nTjJYYjRGZStRNkhQdDdlU3ZETC9EZGpHNjd5YW9EZEp3V1o3RkNjQ2hNTjVMYTREKzkzQk5meW5LUUFLQnRwYwpYZXQwVUVuanNHaUZNTEVCSU4yRnBwbklMUUtCZ1FEV0p0TFcxY2RMWGxvYi8xSXpLdDVMa29QNUdlN0grblpwCndLZVRhYjVQeWlFZnRjMHhyU0kzVURpRU5rSDFpZWtuZ1g0WWk4U200MlUyQW8vY\nXEvZjZpT0g2Q3A4c3BMTkQKU0dpNzh4cUFJYVFTT21oK0pPNlphL0NMemlzVFdUc1R6bHZsRGd1T3lLR2dmQ2pmeWh2OWpHV3Uwd0YxeURoego4VUdVT1pDZmpRS0JnQng4SHEwdUdZVWFkb2ZFcittV0ZyblZuL0RlTWNINFAvcnNYOTZzN0tjZFhzMXNZTktUCldUbzZoNmhJclpXZWpJSlphaFZRMEZVelU5dExBdW\nN0RjFBYndVajFiZWRiS2FsVmRZQzl4MHZxWkhRcGszOTIKdjhmOUdpaUIrS2RuaHNLd1oyK3QyM3I4V2lmZzNXMldqUzN5S0k5TCtCZlllUENsZ3VwREh2NWxBb0dCQU1EZQpsbVVHaEVkTTRycjBhSVBNeUFnb0hOUHNsekZrVWVGTXNhQUNUSFJ3QndVWUo0WGwrRHI0OU8yZU1DbUQyNGpKCkIxZjBDVmlFMUZLZ1h\nBOEZjb0VoWnVSYlRLQllkVnJUakFBNklsUGorSEN5U2duU0dWSHo5T0QwL2JhZlZxV3YKNVBPV2dySkYzOHM2QjFZR0lNOXA4dXBRLzYra2M3TjRSU2ZKOEliQkFvR0FFMmRMdG1aazZMOHFpZ2tKT0Y4TQpjN1Z4K2FHaXBiMXNWVURhcmRxdy9WWmdZOW9LUE8zOFNRT2JnWjNHQVc3UXpEUDdRYU14c2hvUk15ZmZS\nemFSCndVNi9BdTJFQU1vNHhZU2hYR1Z0M0gzUDE1TjlUTXN5UEltRXRTMmpEeER0d1lOSTBJUjhESGJQaEZUTG1lN2MKUE40T3BrYjUvd1B2QXoxVUExVWI1c2c9Ci0tLS0tRU5EIFBSSVZBVEUgS0VZLS0tLS0K \n 0 \n \n \n 5db509cfed87e \n LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUQyVENDQXNHZ0F3SUJBZ0lCQURBTkJna3Foa2lHOXcwQkFRc0ZBREJTTVJRd0VnWURWUVFERXd0cGJuUmwKY201aGJDMWpZVEVOTUFzR0ExVUVDQk1FZEdWemRERU5NQXNHQTFVRUJ4TUVkR1Z6ZERFTk1Bc0dBMVVFQ2hNRQpkR1Z6\nZERFTk1Bc0dBMVVFQ3hNRWRHVnpkREFlRncweE9URXdNamN3TXpBMk5UWmFGdzB5T1RFd01qUXdNekEyCk5UWmFNRkl4RkRBU0JnTlZCQU1UQzJsdWRHVnlibUZzTFdOaE1RMHdDd1lEVlFRSUV3UjBaWE4wTVEwd0N3WUQKVlFRSEV3UjBaWE4wTVEwd0N3WURWUVFLRXdSMFpYTjBNUTB3Q3dZRFZRUUxFd1IwWlhOM\nE1JSUJJakFOQmdrcQpoa2lHOXcwQkFRRUZBQU9DQVE4QU1JSUJDZ0tDQVFFQXdpbHJ0bjJMaVpSc0g3Tit4MjZKK3BOcEhFL0FncWoyCkNYeG5wQUZKdWVCSlhaSVdPZWtEOEVteHRZUkQ2Wi9jMEEya0ZsTXk3VmwwTVZpL3Q3QUx1NEJVUWI3ZVNKQXgKaWd0VXMwTHJRbHhNSDh5S3VqcEg1RWtlZHZoYmtRcW0zNG\n02T21oR2RwUDBsT3BxWUFJN3pwYzlwODl2M1FPcwptUHBibkNDNE9kRUR6WDNFWWZ5YVZNWXZCa3FTVTZPczZ4VXRRL3JCV2F2T3lzQXlGSzBJSmFYRHI3QjVzZVV3CkdZOG5laHVJTmpicjlXbkFXN0ozcHZ0ZHhRbS9JUENHRGJXYnBtQVpEalRkQ1p3ZTU0MTlnejBZNlJVUDV6bGgKZFNKY1F6cDZjalR4aytiM1Y\nwd3Z5VlRDKzlmMC9wbDRMS3FIZE9ycWt4dHNEaUFzNUZjenlRSURBUUFCbzRHNQpNSUcyTUIwR0ExVWREZ1FXQkJUUnNyckN4cVUvMWxvTTBnS1RFNmlaMmxJNnV6QjZCZ05WSFNNRWN6QnhnQlRSCnNyckN4cVUvMWxvTTBnS1RFNmlaMmxJNnU2RldwRlF3VWpFVU1CSUdBMVVFQXhNTGFXNTBaWEp1WVd3dFkyRXgK\nRFRBTEJnTlZCQWdUQkhSbGMzUXhEVEFMQmdOVkJBY1RCSFJsYzNReERUQUxCZ05WQkFvVEJIUmxjM1F4RFRBTApCZ05WQkFzVEJIUmxjM1NDQVFBd0RBWURWUjBUQkFVd0F3RUIvekFMQmdOVkhROEVCQU1DQVFZd0RRWUpLb1pJCmh2Y05BUUVMQlFBRGdnRUJBQWd4MThXZk1ZVEcvdkw5d045clZmRmJNRnE3N2g0W\nGhBYkJPK1ZGR1liMlBRRXQKcFdwWW9sUjl0aUwvSzhXMGFCcEt6SkRtam1zKzVkNEtlYkxFdnNzdGttSi8vSlFVODdmVU1MVGp3WTBremdHUgpSMkNaUlJJcEc1cEJ6M0ZWeGU4a211YVppWDNvbGlHM2FzV1ByYmpQUUdzU21aRTZ0Y3h1Unh2cW4zOVVoSzRyCnJ4VDZqKzdxRGVWbmFzcThkYWdqT3ZKVjh1MTk4eG\nVyQmZwaFkzdDJwMEJjTDF4NmhrWWwvNnI2VGxTVmEwT1EKVUJXWHNDR1NGK1QrY2Z0VE43OEhOYTJFZlNRelMwRkVRTTJrY1VzMGV4cE9YZlo4UU1BdU5lVEpvc013NVh3ego0bERDUFEwZ09yWUxvdWJVWDlwK0NBSi9qeUNxc3FwRW53bmRiUEE9Ci0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K \n LS0tLS1CRUdJTiBQUklWQVRFIEtFWS0tLS0tCk1JSUV2UUlCQURBTkJna3Foa2lHOXcwQkFRRUZBQVNDQktjd2dnU2pBZ0VBQW9JQkFRRENLV3UyZll1SmxHd2YKczM3SGJvbjZrMmtjVDhDQ3FQWUpmR2VrQVVtNTRFbGRraFk1NlFQd1NiRzFoRVBwbjl6UURhUVdVekx0V1hReApXTCsz\nc0F1N2dGUkJ2dDVJa0RHS0MxU3pRdXRDWEV3ZnpJcTZPa2ZrU1I1MitGdVJDcWJmaWJvNmFFWjJrL1NVCjZtcGdBanZPbHoybnoyL2RBNnlZK2x1Y0lMZzUwUVBOZmNSaC9KcFV4aThHU3BKVG82enJGUzFEK3NGWnE4N0sKd0RJVXJRZ2xwY092c0hteDVUQVpqeWQ2RzRnMk51djFhY0Jic25lbSsxM0ZDYjhnOElZT\nnRadW1ZQmtPTk4wSgpuQjdualgyRFBSanBGUS9uT1dGMUlseERPbnB5TlBHVDV2ZFhUQy9KVk1MNzEvVCttWGdzcW9kMDZ1cVRHMndPCklDemtWelBKQWdNQkFBRUNnZ0VBT3oyZ0c4SWFmUlBJR2JRT2pwTHZqb0REcFZ2QUJSM0FWQXlkSXJFeDZZREIKWWNkYytMWmIrVWpDNi9zN0xXRVZZbldIQnpqRFpSL1NEK3\nhnTW8rSVJPRlcwK2lFc2VjczlrMld2a3RBdExLcwpsMWMxVExUVGtwZXNyK2YvS0RYenpHaWRaWXpEVXhLNW9XWVVwczZIcVBVRVh0c3Y2bU5nbWh4cEx5M2NoK2J4CjlWZ0daMm40NWhTU2NnQnNWay8rM0tEc3l5KzhlUHBrUGN4SS9nV3hCZkx1bWhMeGZSeTM5cy9yZUxla1hvdkkKNXp1Q0FYMEVRWithSHdhU2F\nyOEMwRkRzZ01xZFdyR2xpcVVmMWhCZlpYNm5pWkhITWw1MkRKNExUN0liR1p1LwpDNFhTSXVxdXBGMkVyZmxabkQ1WnByV1BYdEJVU3R2TDNBQUg2Vkl4d1FLQmdRRG9HcFVRZXZJUXZkRG1peldqCjgyZmE5bGxEazd6bzdKMVYreS92bWYrdTFrVUh4YUl5M2prbXVtTHpQMDIwTUJEVmtkSnh1TEVwQkVSVEdlSVcK\nTjJYYjRGZStRNkhQdDdlU3ZETC9EZGpHNjd5YW9EZEp3V1o3RkNjQ2hNTjVMYTREKzkzQk5meW5LUUFLQnRwYwpYZXQwVUVuanNHaUZNTEVCSU4yRnBwbklMUUtCZ1FEV0p0TFcxY2RMWGxvYi8xSXpLdDVMa29QNUdlN0grblpwCndLZVRhYjVQeWlFZnRjMHhyU0kzVURpRU5rSDFpZWtuZ1g0WWk4U200MlUyQW8vY\nXEvZjZpT0g2Q3A4c3BMTkQKU0dpNzh4cUFJYVFTT21oK0pPNlphL0NMemlzVFdUc1R6bHZsRGd1T3lLR2dmQ2pmeWh2OWpHV3Uwd0YxeURoego4VUdVT1pDZmpRS0JnQng4SHEwdUdZVWFkb2ZFcittV0ZyblZuL0RlTWNINFAvcnNYOTZzN0tjZFhzMXNZTktUCldUbzZoNmhJclpXZWpJSlphaFZRMEZVelU5dExBdW\nN0RjFBYndVajFiZWRiS2FsVmRZQzl4MHZxWkhRcGszOTIKdjhmOUdpaUIrS2RuaHNLd1oyK3QyM3I4V2lmZzNXMldqUzN5S0k5TCtCZlllUENsZ3VwREh2NWxBb0dCQU1EZQpsbVVHaEVkTTRycjBhSVBNeUFnb0hOUHNsekZrVWVGTXNhQUNUSFJ3QndVWUo0WGwrRHI0OU8yZU1DbUQyNGpKCkIxZjBDVmlFMUZLZ1h\nBOEZjb0VoWnVSYlRLQllkVnJUakFBNklsUGorSEN5U2duU0dWSHo5T0QwL2JhZlZxV3YKNVBPV2dySkYzOHM2QjFZR0lNOXA4dXBRLzYra2M3TjRSU2ZKOEliQkFvR0FFMmRMdG1aazZMOHFpZ2tKT0Y4TQpjN1Z4K2FHaXBiMXNWVURhcmRxdy9WWmdZOW9LUE8zOFNRT2JnWjNHQVc3UXpEUDdRYU14c2hvUk15ZmZS\nemFSCndVNi9BdTJFQU1vNHhZU2hYR1Z0M0gzUDE1TjlUTXN5UEltRXRTMmpEeER0d1lOSTBJUjhESGJQaEZUTG1lN2MKUE40T3BrYjUvd1B2QXoxVUExVWI1c2c9Ci0tLS0tRU5EIFBSSVZBVEUgS0VZLS0tLS0K \n 0 \n \n\t\n\t\t\n\t\t\twan \n\t\t\t192.168.1.220 \n\t\t\tGW_WAN \n\t\t\t1 \n\t\t\tinet \n\t\t\tInterface wan Gateway \n\t\t \n\t\t\n\t\t\tlan \n\t\t\t192.168.1.220 \n\t\t\tGW_LAN \n\t\t\t1 \n\t\t\tinet \n\t\t\tInterface lan Gateway \n\t\t \n\t\tGW_WAN \n\t \n\t\n\t\t\n\t\t\tnmap \n\t\t\tNMap is a utility for network exploration or security auditing.&amp;amp;amp;amp;amp;amp;amp;amp;amp;amp;lt;br/&amp;amp;amp;amp;amp;amp;amp;amp;amp;amp;gt;\n\t\t\tIt supports ping scanning (determine which hosts are up), many port scanning techniques (determine what services the hosts are offering), version detection (determine what application/service is running on a port), and TCP/IP fingerprinting (remote host OS or device identification).\n\t\t\tIt also offers flexible target and port specification, decoy/stealth scanning, SunRPC scanning, and more. \n\t\t\t1.4.4_1 \n\t\t\thttps://doc.pfsense.org/index.php/Nmap_package \n\t\t\tnmap.xml \n\t\t\t/usr/local/pkg/nmap.inc \n\t\t \n\t\t\n\t\t\tiftop \n\t\t\thttps://forum.pfsense.org/ \n\t\t\tRealtime interface monitor (console/shell only). \n\t\t\thttp://www.ex-parrot.com/~pdw/iftop/ \n\t\t\t0.17_2 \n\t\t\tiftop.xml \n\t\t \n\t\t\n\t\t\tOpen-VM-Tools \n\t\t\tVMware Tools is a suite of utilities that enhances the performance of the virtual machine's guest operating system and improves management of the virtual machine. \n\t\t\thttp://open-vm-tools.sourceforge.net/ \n\t\t\t10.1.0,1 \n\t\t\thttps://doc.pfsense.org/index.php/Open_VM_Tools_package \n\t\t\topen-vm-tools.xml \n\t\t\t/usr/local/pkg/open-vm-tools.inc \n\t\t \n\t\t\n\t\t\tsquid3 \n\t\t\tsquid \n\t\t\tHigh performance web proxy cache (3.4 branch). It combines Squid as a proxy server with its capabilities of acting as a HTTP / HTTPS reverse proxy.&amp;amp;amp;amp;amp;amp;amp;amp;amp;amp;lt;br /&amp;amp;amp;amp;amp;amp;amp;amp;amp;amp;gt;\n\t\t\tIt includes an Exchange-Web-Access (OWA) Assistant, SSL filtering and antivirus integration via C-ICAP. \n\t\t\thttps://forum.pfsense.org/index.php?board=60.0 \n\t\t\thttp://www.squid-cache.org/ \n\t\t\t0.4.44_7 \n\t\t\tsquid.xml \n\t\t\tsquid_generate_rules \n\t\t\t\n\t\t\t\t\n\t\t\t\t\tGeneral \n\t\t\t\t\t/pkg_edit.php?xml=squid.xml&id=0 \n\t\t\t\t\t \n\t\t\t\t\n\t\t\t\t\tRemote Cache \n\t\t\t\t\t/pkg.php?xml=squid_upstream.xml \n\t\t\t\t \n\t\t\t\t\n\t\t\t\t\tLocal Cache \n\t\t\t\t\t/pkg_edit.php?xml=squid_cache.xml&id=0 \n\t\t\t\t \n\t\t\t\t\n\t\t\t\t\tAntivirus \n\t\t\t\t\t/pkg_edit.php?xml=squid_antivirus.xml&id=0 \n\t\t\t\t \n\t\t\t\t\n\t\t\t\t\tACLs \n\t\t\t\t\t/pkg_edit.php?xml=squid_nac.xml&id=0 \n\t\t\t\t \n\t\t\t\t\n\t\t\t\t\tTraffic Mgmt \n\t\t\t\t\t/pkg_edit.php?xml=squid_traffic.xml&id=0 \n\t\t\t\t \n\t\t\t\t\n\t\t\t\t\tAuthentication \n\t\t\t\t\t/pkg_edit.php?xml=squid_auth.xml&id=0 \n\t\t\t\t \n\t\t\t\t\n\t\t\t\t\tUsers \n\t\t\t\t\t/pkg.php?xml=squid_users.xml \n\t\t\t\t \n\t\t\t\t\n\t\t\t\t\tReal Time \n\t\t\t\t\t/squid_monitor.php \n\t\t\t\t \n\t\t\t\t\n\t\t\t\t\tSync \n\t\t\t\t\t/pkg_edit.php?xml=squid_sync.xml \n\t\t\t\t \n\t\t\t \n\t\t\t/usr/local/pkg/squid.inc \n\t\t \n\t\t\n\t\t\tNMap \n\t\t\t\n\t\t\tnmap.xml \n\t\t \n\t\t\n\t\t\tSquid Proxy Server \n\t\t\tModify the proxy server settings \n\t\t\t\n\t\t\t/pkg_edit.php?xml=squid.xml&id=0 \n\t\t \n\t\t\n\t\t\tSquid Reverse Proxy \n\t\t\tModify the reverse proxy server settings \n\t\t\t\n\t\t\t/pkg_edit.php?xml=squid_reverse_general.xml&id=0 \n\t\t \n\t\t\n\t\t\tvmware-guestd \n\t\t\tvmware-guestd.sh \n\t\t\tmwexec(\"/usr/local/etc/rc.d/vmware-guestd status\") == 0; \n\t\t\tVMware Guest Daemon \n\t\t \n\t\t\n\t\t\tvmware-kmod \n\t\t\tvmware-kmod.sh \n\t\t\tmwexec(\"/usr/local/etc/rc.d/vmware-kmod status\") == 0; \n\t\t\tVMware Kernel Modules \n\t\t \n\t\t\n\t\t\tsquid \n\t\t\tsquid.sh \n\t\t\tsquid \n\t\t\tSquid Proxy Server Service \n\t\t \n\t\t\n\t\t\tclamd \n\t\t\tclamd.sh \n\t\t\tclamd \n\t\t\tClamAV Antivirus \n\t\t \n\t\t\n\t\t\tc-icap \n\t\t\tc-icap.sh \n\t\t\tc-icap \n\t\t\tICAP Inteface for Squid and ClamAV integration \n\t\t \n\t\t\n\t\t\t\n\t\t\t\theap LFUDA \n\t\t\t\t90 \n\t\t\t\t95 \n\t\t\t\t100 \n\t\t\t\tufs \n\t\t\t\t16 \n\t\t\t\t/var/squid/cache \n\t\t\t\t0 \n\t\t\t\t4 \n\t\t\t\t64 \n\t\t\t\t256 \n\t\t\t\theap GDSF \n\t\t\t\t \n\t\t \n\t\t\n\t\t\t\n\t\t\t\tnone \n\t\t\t \n\t\t \n\t\t\n\t\t\t\n\t\t\t\ton \n\t\t\t\ton \n\t\t\t\tlan \n\t\t\t\t3128 \n\t\t\t\ton \n\t\t\t\tlan \n\t\t\t\tsplicewhitelist \n\t\t\t\tlan \n\t\t\t\tmodern \n\t\t\t\t2048 \n\t\t\t\tnone \n\t\t\t\t/var/squid/logs \n\t\t\t\tlocalhost \n\t\t\t\tadmin@localhost \n\t\t\t\ten \n\t\t\t\ton \n\t\t\t\tstrip \n\t\t\t\t \n\t\t \n\t\t\n\t\t\t\n\t\t\t\tLg== \n\t\t\t\t \n\t\t \n\t \n\t\n\t \n\t\n\t\t\n\t\t\tipalias \n\t\t\tlan \n\t\t\t5c0a4b6139b05 \n\t\t\tsingle \n\t\t\t24 \n\t\t\t10.255.2.254 \n\t\t \n\t\t\n\t\t\tipalias \n\t\t\tlan \n\t\t\t5c0a4bd391375 \n\t\t\tsingle \n\t\t\t24 \n\t\t\t10.255.3.254 \n\t\t \n\t \n\t\n\t\t\n\t\t\tpfSense \n\t\t\tacme.com \n\t\t \n\t \n\t\n\t\t\n\t\t\tvmx1 \n\t\t\t100 \n\t\t\tvmx1.100 \n\t\t \n\t\t\n\t\t\tvmx1 \n\t\t\t1100 \n\t\t\tvmx1.1100 \n\t\t \n\t\t\n\t\t\tvmx2 \n\t\t\t1100 \n\t\t\tvmx2.1100 \n\t\t \n\t \n \n"
},
{
"path": "tests/unit/plugins/modules/fixtures/pfsense_nat_outbound.xml",
"content": "\n\t18.9 \n\t\n\t\tnormal \n\t\tpfSense \n\t\tacme.com \n\t\ton \n\t\t\n\t\t\tall \n\t\t\tAll Users \n\t\t\tsystem \n\t\t\t1998 \n\t\t \n\t\t\n\t\t\tadmins \n\t\t\tSystem Administrators \n\t\t\tsystem \n\t\t\t1999 \n\t\t\t0 \n\t\t\tpage-all \n\t\t \n\t\t\n\t\t\tsystem \n\t\t\ttest \n\t\t\t \n\t\t\n\t\t\tsystem \n\t\t\tgroupe1 \n\t\t\t \n\t\t\n\t\t\tsystem \n\t\t\tgroupe2 \n\t\t\t \n\t\t\n\t\t\tadmin \n\t\t\tSystem Administrator \n\t\t\tsystem \n\t\t\tadmins \n\t\t\t$2y$10$AMCpA.Z.RNaferLp1yzFq.BvaGgfqaJKtQug7OErbocyNagsEK6xW \n\t\t\t0 \n\t\t\tuser-shell-access \n\t\t\t2 \n\t\t\tpfSense.css \n\t\t \n\t\t2000 \n\t\t2000 \n\t\t0.pfsense.pool.ntp.org \n\t\t\n\t\t\thttp \n\t\t\t5c00e5f9029df \n\t\t\t2 \n\t\t \n\t\tyes \n\t\t400000 \n\t\thadp \n\t\thadp \n\t\thadp \n\t\t\n\t\t\tmonthly \n\t\t \n\t\t\n\t\t\tenabled \n\t\t \n\t\tEtc/UTC \n\t \n\t\n\t\t\n\t\t\tvmx0 \n\t\t\twan \n\t\t\t192.168.240.137 \n\t\t\t32 \n\t\t\tSavedCfg \n\t\t\t24 \n\t\t\t \n\t\t\n\t\t\tvmx1 \n\t\t\tlan \n\t\t\t192.168.1.242 \n\t\t\t24 \n\t\t\t \n\t\t\n\t\t\tvmx2 \n\t\t\tvpn \n\t\t\t10.0.0.1 \n\t\t\t24 \n\t\t \n\t\t\n\t\t\tvmx3 \n\t\t\tvt1 \n\t\t\t \n\t\t\n\t\t\tlan_100 \n\t\t\tvmx1.1100 \n\t\t\t172.16.151.210 \n\t\t\t24 \n\t\t \n\t \n\t\n\t\t\n\t\t\t\n\t\t\t\t192.168.1.100 \n\t\t\t\t192.168.1.199 \n\t\t\t \n\t\t \n\t \n\t\n\t\t\n\t\t\t\n\t\t\t\t::1000 \n\t\t\t\t::2000 \n\t\t\t \n\t\t\tassist \n\t\t\tmedium \n\t\t \n\t \n\t\n\t\tpublic \n\t \n\t\n\t\t\n\t\t\t \n\t \n\t\n\t\t1 \n\t\t50 \n\t\tipv4 \n\t \n\t\n\t\t\n\t\t\tadvanced \n\t\t\t\n\t\t\t\t\n\t\t\t\t\tany \n\t\t\t\t \n\t\t\t\tone rule \n\t\t\t\twan \n\t\t\t\t\n\t\t\t\t\t \n\t\t\t\t\n\t\t\t\t\t1544027052 \n\t\t\t\t\t \n\t\t\t\t\n\t\t\t\t\t1544027052 \n\t\t\t\t\t \n\t\t\t \n\t\t\t\n\t\t\t\t\n\t\t\t\t\tany \n\t\t\t\t \n\t\t\t\tanother rule \n\t\t\t\twan \n\t\t\t\t\n\t\t\t\t\t \n\t\t\t\t\n\t\t\t\t\t1544027052 \n\t\t\t\t\t \n\t\t\t\t\n\t\t\t\t\t1544027052 \n\t\t\t\t\t \n\t\t\t \n\t\t\t\n\t\t\t\t\n\t\t\t\t\tany \n\t\t\t\t \n\t\t\t\tthird rule \n\t\t\t\twan \n\t\t\t\t\n\t\t\t\t\t \n\t\t\t\t\n\t\t\t\t\t1544027052 \n\t\t\t\t\t \n\t\t\t\t\n\t\t\t\t\t1544027052 \n\t\t\t\t\t \n\t\t\t \n\t\t \n\t\t\n\t\t\t\n\t\t\t\t \n\t\t\t\n\t\t\t\twanip \n\t\t\t\t22022 \n\t\t\t \n\t\t\ttcp \n\t\t\t10.255.1.20 \n\t\t\t22 \n\t\t\twan \n\t\t\t\n\t\t\t\t1544085353 \n\t\t\t\t \n\t\t\t\n\t\t\t\t1544085353 \n\t\t\t\t \n\t\t \n\t \n\t\n\t\t\n\t\t\t\n\t\t\t\t\n\t\t\t\t\tfr1
\n\t\t\t\t\ttest_separator \n\t\t\t\t\tbg-info \n\t\t\t\t\tlan \n\t\t\t\t \n\t\t\t \n\t\t\t\n\t\t\t\t\t\t\t\n\t\t\t\t\t\t\t\t\t\t\tfr0
\n\t\t\t\t\t\t\t\t\t\t\tbg-info \n\t\t\t\t\t\t\t\t\t\t\topt2 \n\t\t\t\t\t\t\t \n\t\t\t\t\t\t\t\n\t\t\t\t\t\t\t\t\t\t\tfr3
\n\t\t\t\t\t\t\t\t\t\t\tbg-info \n\t\t\t\t\t\t\t\t\t\t\topt2 \n\t\t\t\t\t\t\t \n\t\t\t \n\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545574416 \n\t\t\t \n\t\t\ttcp \n\t\t\ttest_rule \n\t\t\t\n\t\t\t\t1545574416 \n\t\t\t \n\t\t\t\n\t\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\t \n\t\t\t1545574416 \n\t\t\twan \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545574416 \n\t\t\t \n\t\t\ttcp \n\t\t\ttest_rule_2 \n\t\t\t\n\t\t\t\t1545574416 \n\t\t\t \n\t\t\t\n\t\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\t \n\t\t\t1545574416 \n\t\t\twan \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545574416 \n\t\t\t \n\t\t\ttcp \n\t\t\ttest_lan_100_1 \n\t\t\t\n\t\t\t\t1545574416 \n\t\t\t \n\t\t\t\n\t\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\t \n\t\t\t1545574416 \n\t\t\topt3 \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545574416 \n\t\t\t \n\t\t\ttcp \n\t\t\ttest_lan_100_2 \n\t\t\t\n\t\t\t\t1545574416 \n\t\t\t \n\t\t\t\n\t\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\t \n\t\t\t1545574416 \n\t\t\topt3 \n\t\t\tinet \n\t\t\tpass \n\t\t\tone_queue \n\t\t\tanother_queue \n\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545574416 \n\t\t\t \n\t\t\ttcp \n\t\t\ttest_lan_100_3 \n\t\t\t\n\t\t\t\t1545574416 \n\t\t\t \n\t\t\t\n\t\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\t \n\t\t\t1545574416 \n\t\t\topt3 \n\t\t\tinet \n\t\t\tpass \n\t\t\tone_queue \n\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545574416 \n\t\t\t \n\t\t\ttcp \n\t\t\ttest_lan_100_4 \n\t\t\t\n\t\t\t\t1545574416 \n\t\t\t \n\t\t\t\n\t\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\t \n\t\t\t1545574416 \n\t\t\topt3 \n\t\t\tinet \n\t\t\tpass \n\t\t\tone_limiter \n\t\t\tanother_limiter \n\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545574416 \n\t\t\t \n\t\t\ttcp \n\t\t\ttest_lan_100_5 \n\t\t\t\n\t\t\t\t1545574416 \n\t\t\t \n\t\t\t\n\t\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\t \n\t\t\t1545574416 \n\t\t\topt3 \n\t\t\tinet \n\t\t\tpass \n\t\t\tone_limiter \n\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545574416 \n\t\t\t \n\t\t\ttcp \n\t\t\ttest_rule_3 \n\t\t\t\n\t\t\t\t1545574416 \n\t\t\t \n\t\t\t\n\t\t\t\tport_http \n\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\t \n\t\t\t1545574416 \n\t\t\twan \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545574416 \n\t\t\t \n\t\t\ttcp \n\t\t\tantilock_out_3 \n\t\t\t\n\t\t\t\t1545574416 \n\t\t\t \n\t\t\t\n\t\t\t\t443 \n\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\t \n\t\t\t1545574416 \n\t\t\twan \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\t \n\t\t\t\t\t\t fbor \n\t\t\t\t\t\t 1545907554 \n\t\t\t\t \n\t\t\t\t tcp \n\t\t\t\t test_rule_floating \n\t\t\t\t \n\t\t\t\t\t\t 1545574416 \n\t\t\t\t \n\t\t\t\t \n\t\t\t\t\t\t \n\t\t\t\t keep state \n\t\t\t\t \n\t\t\t\t\t\t \n\t\t\t\t 1545574416 \n\t\t\t\t wan \n\t\t\t\t inet \n\t\t\t\t pass \n\t\t\t\t any \n\t\t\t\t yes \n\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545574416 \n\t\t\t \n\t\t\ttcp \n\t\t\tantilock_out_1 \n\t\t\t\n\t\t\t\t1545574416 \n\t\t\t \n\t\t\t\n\t\t\t\tport_ssh \n\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\t \n\t\t\t1545574416 \n\t\t\tlan \n\t\t\tinet \n\t\t\tpass \n\t\t\tGW_LAN \n\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545574416 \n\t\t\t \n\t\t\ttcp \n\t\t\tnot_rule_dst \n\t\t\t\n\t\t\t\t1545574416 \n\t\t\t \n\t\t\t\n\t\t\t\tsrv_admin \n\t\t\t\tport_ssh \n\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\t \n\t\t\t1545574416 \n\t\t\tlan \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545574416 \n\t\t\t \n\t\t\ttcp \n\t\t\tnot_rule_src \n\t\t\t\n\t\t\t\t1545574416 \n\t\t\t \n\t\t\t\n\t\t\t\tport_ssh \n\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\tsrv_admin \n\t\t\t\t \n\t\t\t1545574416 \n\t\t\tlan \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545574416 \n\t\t\t \n\t\t\ttcp \n\t\t\tantilock_out_2 \n\t\t\t\n\t\t\t\t1545574416 \n\t\t\t \n\t\t\t\n\t\t\t\tport_http \n\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\t \n\t\t\t1545574416 \n\t\t\tlan \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545574416 \n\t\t\t \n\t\t\ttcp \n\t\t\tantilock_out_3 \n\t\t\t\n\t\t\t\t1545574416 \n\t\t\t \n\t\t\t\n\t\t\t\t443 \n\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\t \n\t\t\t1545574416 \n\t\t\tlan \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\ticmp \n\t\t\tping_from_poc3_1 \n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\t\n\t\t\t\tsrv_admin \n\t\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\tlan_data_poc3 \n\t\t\t\t \n\t\t\t1545602758 \n\t\t\tlan \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\tudp \n\t\t\tads_to_ads_udp_1_1 \n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\t\n\t\t\t\tport_dns \n\t\t\t\tad_poc2 \n\t\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\tad_poc3 \n\t\t\t\t \n\t\t\t1545602758 \n\t\t\tlan \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\tudp \n\t\t\tads_to_ads_udp_1_2 \n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\t\n\t\t\t\tport_ldap \n\t\t\t\tad_poc2 \n\t\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\tad_poc3 \n\t\t\t\t \n\t\t\t1545602758 \n\t\t\tlan \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\tudp \n\t\t\tads_to_ads_udp_2_1 \n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\t\n\t\t\t\tport_dns \n\t\t\t\tad_poc1 \n\t\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\tad_poc3 \n\t\t\t\t \n\t\t\t1545602758 \n\t\t\tlan \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\tudp \n\t\t\tads_to_ads_udp_2_2 \n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\t\n\t\t\t\tport_ldap \n\t\t\t\tad_poc1 \n\t\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\tad_poc3 \n\t\t\t\t \n\t\t\t1545602758 \n\t\t\tlan \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\ttcp \n\t\t\tads_to_ads_tcp_1_1 \n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\t\n\t\t\t\tport_dns \n\t\t\t\tad_poc2 \n\t\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\tad_poc3 \n\t\t\t\t \n\t\t\t1545602758 \n\t\t\tlan \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\ttcp \n\t\t\tads_to_ads_tcp_1_2 \n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\t\n\t\t\t\tport_ldap \n\t\t\t\tad_poc2 \n\t\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\tad_poc3 \n\t\t\t\t \n\t\t\t1545602758 \n\t\t\tlan \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\ttcp \n\t\t\tads_to_ads_tcp_1_3 \n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\t\n\t\t\t\tport_ldap_ssl \n\t\t\t\tad_poc2 \n\t\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\tad_poc3 \n\t\t\t\t \n\t\t\t1545602758 \n\t\t\tlan \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\ttcp \n\t\t\tads_to_ads_tcp_2_1 \n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\t\n\t\t\t\tport_dns \n\t\t\t\tad_poc1 \n\t\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\tad_poc3 \n\t\t\t\t \n\t\t\t1545602758 \n\t\t\tlan \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\ttcp \n\t\t\tads_to_ads_tcp_2_2 \n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\t\n\t\t\t\tport_ldap \n\t\t\t\tad_poc1 \n\t\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\tad_poc3 \n\t\t\t\t \n\t\t\t1545602758 \n\t\t\tlan \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\ttcp \n\t\t\tads_to_ads_tcp_2_3 \n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\t\n\t\t\t\tport_ldap_ssl \n\t\t\t\tad_poc1 \n\t\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\tport_ldap_ssl \n\t\t\t\tad_poc3 \n\t\t\t\t \n\t\t\t1545602758 \n\t\t\tlan \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545574416 \n\t\t\t \n\t\t\ttcp \n\t\t\tantilock_out_1 \n\t\t\t\n\t\t\t\t1545574416 \n\t\t\t \n\t\t\t\n\t\t\t\tport_ssh \n\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\t \n\t\t\t1545574416 \n\t\t\topt3 \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545574416 \n\t\t\t \n\t\t\ttcp \n\t\t\tantilock_out_2 \n\t\t\t\n\t\t\t\t1545574416 \n\t\t\t \n\t\t\t\n\t\t\t\tport_http \n\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\t \n\t\t\t1545574416 \n\t\t\topt3 \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545574416 \n\t\t\t \n\t\t\ttcp \n\t\t\tantilock_out_3 \n\t\t\t\n\t\t\t\t1545574416 \n\t\t\t \n\t\t\t\n\t\t\t\t443 \n\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\t \n\t\t\t1545574416 \n\t\t\topt3 \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\tudp \n\t\t\tvoid_conf_tftp_1 \n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\t\n\t\t\t\t69 \n\t\t\t\tlan_voip_poc2 \n\t\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\tipbx_poc3 \n\t\t\t\t \n\t\t\t1545602758 \n\t\t\topt3 \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\ticmp \n\t\t\tping_from_poc3_2 \n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\t\n\t\t\t\tsrv_admin \n\t\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\tlan_voip_poc3 \n\t\t\t\t \n\t\t\t1545602758 \n\t\t\topt3 \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\tudp \n\t\t\tvoid_conf_tftp_2 \n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\t\n\t\t\t\t69 \n\t\t\t\tlan_voip_poc1 \n\t\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\tipbx_poc3 \n\t\t\t\t \n\t\t\t1545602758 \n\t\t\topt3 \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545574416 \n\t\t\t \n\t\t\ttcp \n\t\t\tantilock_out_1 \n\t\t\t\n\t\t\t\t1545574416 \n\t\t\t \n\t\t\t\n\t\t\t\tport_ssh \n\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\t \n\t\t\t1545574416 \n\t\t\topt1 \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545574416 \n\t\t\t \n\t\t\ttcp \n\t\t\tantilock_out_2 \n\t\t\t\n\t\t\t\t1545574416 \n\t\t\t \n\t\t\t\n\t\t\t\tport_http \n\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\t \n\t\t\t1545574416 \n\t\t\topt1 \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545574416 \n\t\t\t \n\t\t\ttcp \n\t\t\tantilock_out_3 \n\t\t\t\n\t\t\t\t1545574416 \n\t\t\t \n\t\t\t\n\t\t\t\t443 \n\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\t \n\t\t\t1545574416 \n\t\t\topt1 \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\tudp \n\t\t\tvoid_conf_tftp_3 \n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\t\n\t\t\t\t69 \n\t\t\t\tlan_voip_poc3 \n\t\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\tipbx_poc2 \n\t\t\t\t \n\t\t\t1545602758 \n\t\t\topt1 \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\tudp \n\t\t\tads_to_ads_udp_3_1 \n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\t\n\t\t\t\tport_dns \n\t\t\t\tad_poc3 \n\t\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\tad_poc2 \n\t\t\t\t \n\t\t\t1545602758 \n\t\t\topt1 \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\tudp \n\t\t\tads_to_ads_udp_3_2 \n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\t\n\t\t\t\tport_ldap \n\t\t\t\tad_poc3 \n\t\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\tad_poc2 \n\t\t\t\t \n\t\t\t1545602758 \n\t\t\topt1 \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\tudp \n\t\t\tads_to_ads_udp_4_1 \n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\t\n\t\t\t\tport_dns \n\t\t\t\tad_poc3 \n\t\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\tad_poc1 \n\t\t\t\t \n\t\t\t1545602758 \n\t\t\topt1 \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\tudp \n\t\t\tads_to_ads_udp_4_2 \n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\t\n\t\t\t\tport_ldap \n\t\t\t\tad_poc3 \n\t\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\tad_poc1 \n\t\t\t\t \n\t\t\t1545602758 \n\t\t\topt1 \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\tudp \n\t\t\tvoid_conf_tftp_4 \n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\t\n\t\t\t\t69 \n\t\t\t\tlan_voip_poc3 \n\t\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\tipbx_poc1 \n\t\t\t\t \n\t\t\t1545602758 \n\t\t\topt1 \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\ttcp \n\t\t\tads_to_ads_tcp_4_1 \n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\t\n\t\t\t\tport_dns \n\t\t\t\tad_poc3 \n\t\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\tad_poc1 \n\t\t\t\t \n\t\t\t1545602758 \n\t\t\topt1 \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\ttcp \n\t\t\tads_to_ads_tcp_4_2 \n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\t\n\t\t\t\tport_ldap \n\t\t\t\tad_poc3 \n\t\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\tad_poc1 \n\t\t\t\t \n\t\t\t1545602758 \n\t\t\topt1 \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\ttcp \n\t\t\tads_to_ads_tcp_4_3 \n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\t\n\t\t\t\tport_ldap_ssl \n\t\t\t\tad_poc3 \n\t\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\tad_poc1 \n\t\t\t\t \n\t\t\t1545602758 \n\t\t\topt1 \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\tadmin_bypass \n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\t\n\t\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\tsrv_admin \n\t\t\t\t \n\t\t\t1545602758 \n\t\t\topt1 \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\ttcp \n\t\t\tads_to_ads_tcp_3_1 \n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\t\n\t\t\t\tport_dns \n\t\t\t\tad_poc3 \n\t\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\tad_poc2 \n\t\t\t\t \n\t\t\t1545602758 \n\t\t\topt1 \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\ttcp \n\t\t\tads_to_ads_tcp_3_2 \n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\t\n\t\t\t\tport_ldap \n\t\t\t\tad_poc3 \n\t\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\tad_poc2 \n\t\t\t\t \n\t\t\t1545602758 \n\t\t\topt1 \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\ttcp \n\t\t\tads_to_ads_tcp_3_3 \n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\t\n\t\t\t\tport_ldap_ssl \n\t\t\t\tad_poc3 \n\t\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\tad_poc2 \n\t\t\t\t \n\t\t\t1545602758 \n\t\t\topt1 \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\t\n\t\t\t\t\t\t\t1546111216 \n\t\t\t\t\t\t\tpass \n\t\t\t\t\t\t\topt2 \n\t\t\t\t\t\t\tinet \n\t\t\t\t\t\t\ttcp \n\t\t\t\t\t\t\t\n\t\t\t\t\t\t\t\t\t\t\t \n\t\t\t\t\t\t\t\n\t\t\t\t\t\t\t\t\t\t\t \n\t\t\t\t\t\t\t\n\t\t\t\t\t\t\t\t\t\t\t1546111216 \n\t\t\t\t\t\t\t\t\t\t\tadmin \n\t\t\t\t\t\t\t \n\t\t\t\t\t\t\t\n\t\t\t\t\t\t\t\t\t\t\t1546111216 \n\t\t\t\t\t\t\t\t\t\t\tadmin \n\t\t\t\t\t\t\t \n\t\t\t \n\t\t\t\n\t\t\t\t\t\t\t1546111271 \n\t\t\t\t\t\t\tpass \n\t\t\t\t\t\t\topt2 \n\t\t\t\t\t\t\tinet \n\t\t\t\t\t\t\ttcp \n\t\t\t\t\t\t\t\n\t\t\t\t\t\t\t\t\t\t\t \n\t\t\t\t\t\t\t\n\t\t\t\t\t\t\t\t\t\t\t \n\t\t\t\t\t\t\t\n\t\t\t\t\t\t\t\t\t\t\t1546111271 \n\t\t\t\t\t\t\t\t\t\t\tadmin \n\t\t\t\t\t\t\t \n\t\t\t\t\t\t\t\n\t\t\t\t\t\t\t\t\t\t\t1546111271 \n\t\t\t\t\t\t\t\t\t\t\tadmin \n\t\t\t\t\t\t\t \n\t\t\t \n\t\t\t\n\t\t\t\t\t\t\t1546111294 \n\t\t\t\t\t\t\tpass \n\t\t\t\t\t\t\topt2 \n\t\t\t\t\t\t\tinet \n\t\t\t\t\t\t\ttcp \n\t\t\t\t\t\t\t\n\t\t\t\t\t\t\t\t\t\t\t \n\t\t\t\t\t\t\t\n\t\t\t\t\t\t\t\t\t\t\t \n\t\t\t\t\t\t\t\n\t\t\t\t\t\t\t\t\t\t\t1546111294 \n\t\t\t\t\t\t\t\t\t\t\tadmin \n\t\t\t\t\t\t\t \n\t\t\t\t\t\t\t\n\t\t\t\t\t\t\t\t\t\t\t1546111294 \n\t\t\t\t\t\t\t\t\t\t\tadmin \n\t\t\t\t\t\t\t \n\t\t\t \n\t\t \n\t\n\t\t\n\t\t\t\t\t\topt2 \n\t\t\t\t\t\topt2 \n\t\t\t\t\t\tCBQ \n\t\t\t\t\t\t100 \n\t\t\t\t\t\tMb \n\t\t\t\t\t\t\n\t\t\t\t\t\t\t\t\t\topt2 \n\t\t\t\t\t\t\t\t\t\t10000 \n\t\t\t\t\t\t\t\t\t\t0 \n\t\t\t\t\t\t\t\t\t\tone_queue \n\t\t\t\t\t\t\t\t\t\t50 \n\t\t\t\t\t\t\t\t\t\tMb \n\t\t\t\t\t\t\t\t\t\ton \n\t\t\t\t\t\t \n\t\t\t\t\t\t\n\t\t\t\t\t\t\t\t\t\topt2 \n\t\t\t\t\t\t\t\t\t\t1000 \n\t\t\t\t\t\t\t\t\t\t1 \n\t\t\t\t\t\t\t\t\t\tanother_queue \n\t\t\t\t\t\t\t\t\t\t50 \n\t\t\t\t\t\t\t\t\t\tMb \n\t\t\t\t\t\t\t\t\t\ton \n\t\t\t\t\t\t \n\t\t\t\t\t\ton \n\t\t \n\t \n\t\n\t\t\n\t\t\tport \n\t\t\tport_ssh \n\t\t\t22 \n\t\t \n\t\t\n\t\t\tport \n\t\t\tport_http \n\t\t\t80 \n\t\t \n\t\t\n\t\t\thost \n\t\t\tsrv_admin \n\t\t\t192.168.1.165 \n\t\t \n\t\t\n\t\t\tport \n\t\t\tport_dns \n\t\t\t51 \n\t\t \n\t\t\n\t\t\tport \n\t\t\tport_ldap \n\t\t\t389 \n\t\t \n\t\t\n\t\t\tport \n\t\t\tport_ldap_ssl \n\t\t\t636 \n\t\t \n\t\n\t\t\tnetwork \n\t\t\tlan_voip_poc2 \n\t\t\t172.16.2.0/24 \n\t\t\t \n\t\t\n\t\t\tnetwork \n\t\t\tlan_voip_poc3 \n\t\t\t172.16.3.0/24 \n\t\t\t \n\t\t\n\t\t\tnetwork \n\t\t\tlan_voip_poc1 \n\t\t\t172.16.1.0/24 \n\t\t\t \n\t\t\n\t\t\thost \n\t\t\tad_poc3 \n\t\t\t192.168.3.3 \n\t\t\t \n\t\t\n\t\t\thost \n\t\t\tad_poc2 \n\t\t\t192.168.2.3 \n\t\t\t \n\t\t\n\t\t\thost \n\t\t\tad_poc1 \n\t\t\t192.168.1.3 \n\t\t\t \n\t\t\n\t\t\tnetwork \n\t\t\tlan_data_poc3 \n\t\t\t192.168.3.0/24 \n\t\t\t \n\t\t\n\t\t\thost \n\t\t\tipbx_poc3 \n\t\t\t172.16.3.3 \n\t\t\t \n\t\t\n\t\t\thost \n\t\t\tipbx_poc2 \n\t\t\t172.16.2.3 \n\t\t\t \n\t\t\n\t\t\thost \n\t\t\tipbx_poc1 \n\t\t\t172.16.1.3 \n\t\t\t \n\t\t\n\t\t\thttp://www.acme-corp.com \n\t\t\turltable \n\t\t\t10 \n\t\t\thttp://www.acme-corp.com \n\t\t\tacme_corp \n\t\t\t \n\t\t \n\t\n\t\t- \n\t\t\t
1,31 \n\t\t\t0-5 \n\t\t\t* \n\t\t\t* \n\t\t\t* \n\t\t\troot \n\t\t\t/usr/bin/nice -n20 adjkerntz -a \n\t\t \n\t\t- \n\t\t\t
1 \n\t\t\t3 \n\t\t\t1 \n\t\t\t* \n\t\t\t* \n\t\t\troot \n\t\t\t/usr/bin/nice -n20 /etc/rc.update_bogons.sh \n\t\t \n\t\t- \n\t\t\t
*/60 \n\t\t\t* \n\t\t\t* \n\t\t\t* \n\t\t\t* \n\t\t\troot \n\t\t\t/usr/bin/nice -n20 /usr/local/sbin/expiretable -v -t 3600 sshguard \n\t\t \n\t\t- \n\t\t\t
*/60 \n\t\t\t* \n\t\t\t* \n\t\t\t* \n\t\t\t* \n\t\t\troot \n\t\t\t/usr/bin/nice -n20 /usr/local/sbin/expiretable -v -t 3600 webConfiguratorlockout \n\t\t \n\t\t- \n\t\t\t
1 \n\t\t\t1 \n\t\t\t* \n\t\t\t* \n\t\t\t* \n\t\t\troot \n\t\t\t/usr/bin/nice -n20 /etc/rc.dyndns.update \n\t\t \n\t\t- \n\t\t\t
*/60 \n\t\t\t* \n\t\t\t* \n\t\t\t* \n\t\t\t* \n\t\t\troot \n\t\t\t/usr/bin/nice -n20 /usr/local/sbin/expiretable -v -t 3600 virusprot \n\t\t \n\t\t- \n\t\t\t
30 \n\t\t\t12 \n\t\t\t* \n\t\t\t* \n\t\t\t* \n\t\t\troot \n\t\t\t/usr/bin/nice -n20 /etc/rc.update_urltables \n\t\t \n\t\t- \n\t\t\t
1 \n\t\t\t0 \n\t\t\t* \n\t\t\t* \n\t\t\t* \n\t\t\troot \n\t\t\t/usr/bin/nice -n20 /etc/rc.update_pkg_metadata \n\t\t \n\t\t- \n\t\t\t
0 \n\t\t\t0 \n\t\t\t* \n\t\t\t* \n\t\t\t* \n\t\t\troot \n\t\t\t/usr/local/sbin/squid -k rotate -f /usr/local/etc/squid/squid.conf \n\t\t \n\t\t- \n\t\t\t
15 \n\t\t\t0 \n\t\t\t* \n\t\t\t* \n\t\t\t* \n\t\t\troot \n\t\t\t/usr/local/pkg/swapstate_check.php \n\t\t \n\t \n\t\n\t\t \n\t\n\t\t\n\t\t\tICMP \n\t\t\ticmp \n\t\t\tICMP \n\t\t\t \n\t\t\n\t\t\tTCP \n\t\t\ttcp \n\t\t\tGeneric TCP \n\t\t\t \n\t\t\n\t\t\tHTTP \n\t\t\thttp \n\t\t\tGeneric HTTP \n\t\t\t\n\t\t\t\t/ \n\t\t\t\t200\n\t\t\t \n\t\t \n\t\t\n\t\t\tHTTPS \n\t\t\thttps \n\t\t\tGeneric HTTPS \n\t\t\t\n\t\t\t\t/ \n\t\t\t\t200\n\t\t\t \n\t\t \n\t\t\n\t\t\tSMTP \n\t\t\tsend \n\t\t\tGeneric SMTP \n\t\t\t\n\t\t\t\t220 * \n\t\t\t \n\t\t \n\t \n\t\n\t\tsystem_information:col1:open:0,interfaces:col2:open:0 \n\t\t10 \n\t \n\t\n\t\t\n\t\t\t\t\t\tone_limiter \n\t\t\t\t\t\t1 \n\t\t\t\t\t\t\n\t\t\t\t\t\t\t\t\t\t- \n\t\t\t\t\t\t\t\t\t\t\t\t\t\t
100 \n\t\t\t\t\t\t\t\t\t\t\t\t\t\tMb \n\t\t\t\t\t\t\t\t\t\t\t\t\t\tnone \n\t\t\t\t\t\t\t\t\t\t \n\t\t\t\t\t\t \n\t\t\t\t\t\ton \n\t\t\t\t\t\tnone \n\t\t\t\t\t\t0 \n\t\t\t\t\t\twf2q+ \n\t\t\t\t\t\tdroptail \n\t\t\t\t\t\t \n\t\t\n\t\t\t\t\t\tanother_limiter \n\t\t\t\t\t\t2 \n\t\t\t\t\t\t\n\t\t\t\t\t\t\t\t\t\t- \n\t\t\t\t\t\t\t\t\t\t\t\t\t\t
1 \n\t\t\t\t\t\t\t\t\t\t\t\t\t\tMb \n\t\t\t\t\t\t\t\t\t\t\t\t\t\tnone \n\t\t\t\t\t\t\t\t\t\t \n\t\t\t\t\t\t \n\t\t\t\t\t\ton \n\t\t\t\t\t\tnone \n\t\t\t\t\t\t0 \n\t\t\t\t\t\twf2q+ \n\t\t\t\t\t\tdroptail \n\t\t\t\t\t\t \n\t\t\n\t\t\t\t\t\tdisabled_limiter \n\t\t\t\t\t\t3 \n\t\t\t\t\t\t\n\t\t\t\t\t\t\t\t\t\t- \n\t\t\t\t\t\t\t\t\t\t\t\t\t\t
1 \n\t\t\t\t\t\t\t\t\t\t\t\t\t\tKb \n\t\t\t\t\t\t\t\t\t\t\t\t\t\tnone \n\t\t\t\t\t\t\t\t\t\t \n\t\t\t\t\t\t \n\t\t\t\t\t\tnone \n\t\t\t\t\t\t0 \n\t\t\t\t\t\twf2q+ \n\t\t\t\t\t\tdroptail \n\t\t\t\t\t\t \n\t \n\t\n\t\t \n\t\n\t\t1545602758 \n\t\taggregated change \n\t\t \n\t\n\t\t5c00e5f9029df \n\t\twebConfigurator default (5c00e5f9029df) \n\t\tserver \n\t\tLS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUVlakNDQTJLZ0F3SUJBZ0lCQURBTkJna3Foa2lHOXcwQkFRc0ZBREJhTVRnd05nWURWUVFLRXk5d1psTmwKYm5ObElIZGxZa052Ym1acFozVnlZWFJ2Y2lCVFpXeG1MVk5wWjI1bFpDQkRaWEowYVdacFkyRjBaVEVlTUJ3RwpBMVVFQXhNVmNHWlRaVzV6WlMwMVl6QXdaVFZtT1RBeU9XUm1NQjRYRFRFNE1URXpNREEzTWpVME5Wb1hEVEkwCk1EVXlNakEzTWpVME5Wb3dXakU0TURZR0ExVUVDaE12Y0daVFpXNXpaU0IzWldKRGIyNW1hV2QxY21GMGIzSWcKVTJWc1ppMVRhV2R1WldRZ1EyVnlkR2xtYVdOaGRHVXhIakFjQmdOVkJBTVRGWEJtVTJWdWMyVXROV013TUdVMQpaamt3TWpsa1pqQ0NBU0l3RFFZSktvWklodmNOQVFFQkJRQURnZ0VQQURDQ0FRb0NnZ0VCQU9SRHNBV1hlMitrCmtuUFpBUGxBUG1QUUl6RVBDaXBQdXJ4dmE4c0psSCtiNitKRzl4bnpreXptaVR5SFc0M0tmZzVKNzhCdG1jTmQKWlgvZHlyckZ6dlNiQnZpa21lWk9MdGVaejVaaGFOdkxsbjBxRWZibEFwbWdkUS9Nck42eURoTWNZYWN6SEduTwpTaHdFRWZoMHhuOGo5VEFCMG9vT0JyU2dINnpkTjF2YVFIZzBJeDhIa0toUzY5eDRoV3g2WUUrRE9UQk00NUcwCkNVbitUVzNTSytQaU5QaFExT2tyRHlKL21ZLzdmVXpRZkg1bk5ZcEtNZUE2cVZxdUZTa1g0a0RVRlFwOHNoNG4KMXR5QmtJM2gvTFRpTW5uNjhBMXhKOFdrVW8yUWNxNmNuR0hqL0VGbkVKWWRraTVsYUtDWG5wS0Y0c2hrZHJaVgpRN21ybithUHg5OENBd0VBQWFPQ0FVa3dnZ0ZGTUFrR0ExVWRFd1FDTUFBd0VRWUpZSVpJQVliNFFnRUJCQVFECkFnWkFNQXNHQTFVZER3UUVBd0lGb0RBekJnbGdoa2dCaHZoQ0FRMEVKaFlrVDNCbGJsTlRUQ0JIWlc1bGNtRjAKWldRZ1UyVnlkbVZ5SUVObGNuUnBabWxqWVhSbE1CMEdBMVVkRGdRV0JCU3Qra3hud054UlFGT2pXVTljekRwegp4elRYd2pDQmdnWURWUjBqQkhzd2VZQVVyZnBNWjhEY1VVQlRvMWxQWE13NmM4YzAxOEtoWHFSY01Gb3hPREEyCkJnTlZCQW9UTDNCbVUyVnVjMlVnZDJWaVEyOXVabWxuZFhKaGRHOXlJRk5sYkdZdFUybG5ibVZrSUVObGNuUnAKWm1sallYUmxNUjR3SEFZRFZRUURFeFZ3WmxObGJuTmxMVFZqTURCbE5XWTVNREk1WkdhQ0FRQXdIUVlEVlIwbApCQll3RkFZSUt3WUJCUVVIQXdFR0NDc0dBUVVGQ0FJQ01DQUdBMVVkRVFRWk1CZUNGWEJtVTJWdWMyVXROV013Ck1HVTFaamt3TWpsa1pqQU5CZ2txaGtpRzl3MEJBUXNGQUFPQ0FRRUEzZHhIRWR5SkpWeC9od0t3WGlwcXYrY04KWFpSQ3Q1NUFHbnNGeXZIcG5Rb3pxYzV1ZFdKSTFUcGF1TGNaZjF6OFM1cXQyUDd3V1BndFhnZ3BIWmgydUlqagpha2ZpV0JIQnorS3Q2Qjl5K2hmVTVPRHUwSXMrcHJyWngyM0ZNNjVCOFNiMGlmUlMvZXFTTFpHTHcvLzdhRVJ2CnVpOUhKOXRuemhRYklMb1VwUUQ5MTRLNERldXdJYXZ4dldMTElwMGsreWNoSTczV2NGR1VZVlJpanFNekhlcUcKY2RLRDVtbXZQTk1OYXdESVhuU3pldVpQMTkvVmhuc0J0Y3hiYzNMQ2RSR1VJS0ZNN2syK0xoaEZrdks1NjhlNQozalpNZjNSVWhQaTlFeEF2Vmw3blVyd1l4UU45TXhHMUJzZmNrYldNd1dUL3lFMHFnRHcrT2M4b21SSW9tZz09Ci0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K \n\t\tLS0tLS1CRUdJTiBQUklWQVRFIEtFWS0tLS0tCk1JSUV2UUlCQURBTkJna3Foa2lHOXcwQkFRRUZBQVNDQktjd2dnU2pBZ0VBQW9JQkFRRGtRN0FGbDN0dnBKSnoKMlFENVFENWowQ014RHdvcVQ3cThiMnZMQ1pSL20rdmlSdmNaODVNczVvazhoMXVOeW40T1NlL0FiWm5EWFdWLwozY3E2eGM3MG13YjRwSm5tVGk3WG1jK1dZV2pieTVaOUtoSDI1UUtab0hVUHpLemVzZzRUSEdHbk14eHB6a29jCkJCSDRkTVovSS9Vd0FkS0tEZ2Ewb0IrczNUZGIya0I0TkNNZkI1Q29VdXZjZUlWc2VtQlBnemt3VE9PUnRBbEoKL2sxdDBpdmo0alQ0VU5UcEt3OGlmNW1QKzMxTTBIeCtaeldLU2pIZ09xbGFyaFVwRitKQTFCVUtmTEllSjliYwpnWkNONGZ5MDRqSjUrdkFOY1NmRnBGS05rSEt1bkp4aDQveEJaeENXSFpJdVpXaWdsNTZTaGVMSVpIYTJWVU81CnE1L21qOGZmQWdNQkFBRUNnZ0VCQUpmblI1TmhESjd1T1J2cEZKSEtvL3BPZjZ6ZElsbW45MUFCSWczYkVUeWUKcWFwS3FaUldtT0d2aFRLSHJYQzlpWWUrd2xNZlhNMDdNUm1Yb3BzS21rQURqdThXc3VnbHJWeURHamNzR2RqegpNZkdYZHA4RUplZlFkVGFQY1pjOWpNcEEvK2VCeHUzT2Yxa0hpR0g4YkVBZDBNUWk0bFpISVVWQXJmT2V2NEZhCmlaTEJGdTEzY0pCMEJNbzJUZU9JZDQ1R0p3OXVTQWd3Q1VuZWQ5WG42SlkremI3cVRKUE1qQkdlYWY0L0E5UnMKV29nWW85ZUtYaTF3YmFRcGthdUZINWx2U29jckRsQWRiaERiam00c0lIdzJtQUwwSUk0d1YzVTJLbUhFMEg3Nwp2b1M0dUdHNW1BZFZ0elRDTnZOa09YMC9WVWdNMTJ1eHllZVZ4c3FaTkxFQ2dZRUEvcFhJR2hDNlhkVkNNNDk1CkVsR1RENW4zUXdUOTZXZkNRQ0w2cXlaK1UwUHNla0dDV2pXTWt3R2tHbWl1ZkVKdFN2VFl2d1NzcUZpaTZsdlkKNXRKSkR3dEd4ZW0weEF0SWc3RlNuUVcvdDNWcExXOE9QVmFXQ0lOSXJKSHc3L2tOZ2RpVmNBWXpiN05DUGtjVgptTEs5aSt6bXpKMmkrbE9vaFVKRlE5aVZEQWNDZ1lFQTVZaDFHYWlGMUl6UzRVdE9pZklLcjZ3bW40MEQ3ZEVmClF5SXF5d3JSTVcya1BxVkViaVBCVkM3dUxUeUlKMWdwVDhPakl3WFlrOUlRdW01ZW42TTc2aXlxYmUrY3JhdE8KbEliK3pLL2RBNzZuUjBHOGJ2eVBmMS9FbU5vL0J1ZUZldWQyaWNacWhMd25HUkxUL0FPQktkMTZ4ZGtoSjdkVwo5WWRsbmliL0gya0NnWUJqaC8rQllVVGJab0xKVWJCTjN5S1ZtT1k0aDMwVmdZRktQZUt1Z3hBa1VZdmtpRFFFClBLZEcyZjlrYThTN3crU2l4M0x0eTFBTlNRbjRnZ3djd2QzYVNkaFRpL2ttSkJzbmtXM3hBY3hnVjBEVmlIT1MKdTRWUXNyTDQ5TjJ6bERVWnJLbFA4THl2VU8vM0ZTZDJXWHNOZDRNTVFCejFyVHRYVGY5eWRQeGdoUUtCZ0FzRgptWEhvK0x3ekl2RTBsNG5pT0ljbEFobkpRTFlMdzYrS2xYbDRoSUVXSGJ2d1hhL1lRYkZVSzVXNmdXTTZSWW1TCkFHUnZKRzQ4dVJicXM5cUFrU0Qya2h5RFZBZTI0U2dhcjJPTzBsTWF0WmVqWFhRSzVxMGNJU21oMlVMd25TVkEKdGgxNWpLWGhEeE9TSnVIRUhWQ3dWUFBwTUVGaStXY0M0R3RPdmhONUFvR0FKbXdFSkR2QkZtL0t0SXlZMDhuQgpJSExkc1dSWmRXOXpNbHBsMVk2OTV1b21qS1hVMEwva3VDZ1QwRFVVVG1VK0Q3aGFZL2FQajB6MWpqR0JGcEQ0ClJ3cVA2dVJQTVhRMExLSG5IbmFQclJzanM2Q2xicVQ4ZU93dTRkeVpmYUtTS3VvbVpDZ1pkV2ZxWThVL21tbWIKT21vckhNeWJzWG0wWnJNaTZOemlzam89Ci0tLS0tRU5EIFBSSVZBVEUgS0VZLS0tLS0K \n\t \n\t\n\t\t\n\t\t\twan \n\t\t\t192.168.1.220 \n\t\t\tGW_WAN \n\t\t\t1 \n\t\t\tinet \n\t\t\tInterface wan Gateway \n\t\t \n\t\t\n\t\t\tlan \n\t\t\t192.168.1.220 \n\t\t\tGW_LAN \n\t\t\t1 \n\t\t\tinet \n\t\t\tInterface lan Gateway \n\t\t \n\t\tGW_WAN \n\t\t\n\t\t\t\t\t\tGWGroup \n\t\t\t\t\t\t- GW_WAN|1|address
\n\t\t\t\t\t\t- GW_LAN|2|address
\n\t\t\t\t\t\tdown \n\t\t\t\t\t\tFailover group \n\t\t \n\t \n\t\n\t\t\n\t\t\tnmap \n\t\t\tNMap is a utility for network exploration or security auditing.&amp;amp;amp;amp;amp;amp;amp;amp;amp;amp;lt;br/&amp;amp;amp;amp;amp;amp;amp;amp;amp;amp;gt;\n\t\t\tIt supports ping scanning (determine which hosts are up), many port scanning techniques (determine what services the hosts are offering), version detection (determine what application/service is running on a port), and TCP/IP fingerprinting (remote host OS or device identification).\n\t\t\tIt also offers flexible target and port specification, decoy/stealth scanning, SunRPC scanning, and more. \n\t\t\t1.4.4_1 \n\t\t\thttps://doc.pfsense.org/index.php/Nmap_package \n\t\t\tnmap.xml \n\t\t\t/usr/local/pkg/nmap.inc \n\t\t \n\t\t\n\t\t\tiftop \n\t\t\thttps://forum.pfsense.org/ \n\t\t\tRealtime interface monitor (console/shell only). \n\t\t\thttp://www.ex-parrot.com/~pdw/iftop/ \n\t\t\t0.17_2 \n\t\t\tiftop.xml \n\t\t \n\t\t\n\t\t\tOpen-VM-Tools \n\t\t\tVMware Tools is a suite of utilities that enhances the performance of the virtual machine's guest operating system and improves management of the virtual machine. \n\t\t\thttp://open-vm-tools.sourceforge.net/ \n\t\t\t10.1.0,1 \n\t\t\thttps://doc.pfsense.org/index.php/Open_VM_Tools_package \n\t\t\topen-vm-tools.xml \n\t\t\t/usr/local/pkg/open-vm-tools.inc \n\t\t \n\t\t\n\t\t\tsquid3 \n\t\t\tsquid \n\t\t\tHigh performance web proxy cache (3.4 branch). It combines Squid as a proxy server with its capabilities of acting as a HTTP / HTTPS reverse proxy.&amp;amp;amp;amp;amp;amp;amp;amp;amp;amp;lt;br /&amp;amp;amp;amp;amp;amp;amp;amp;amp;amp;gt;\n\t\t\tIt includes an Exchange-Web-Access (OWA) Assistant, SSL filtering and antivirus integration via C-ICAP. \n\t\t\thttps://forum.pfsense.org/index.php?board=60.0 \n\t\t\thttp://www.squid-cache.org/ \n\t\t\t0.4.44_7 \n\t\t\tsquid.xml \n\t\t\tsquid_generate_rules \n\t\t\t\n\t\t\t\t\n\t\t\t\t\tGeneral \n\t\t\t\t\t/pkg_edit.php?xml=squid.xml&id=0 \n\t\t\t\t\t \n\t\t\t\t\n\t\t\t\t\tRemote Cache \n\t\t\t\t\t/pkg.php?xml=squid_upstream.xml \n\t\t\t\t \n\t\t\t\t\n\t\t\t\t\tLocal Cache \n\t\t\t\t\t/pkg_edit.php?xml=squid_cache.xml&id=0 \n\t\t\t\t \n\t\t\t\t\n\t\t\t\t\tAntivirus \n\t\t\t\t\t/pkg_edit.php?xml=squid_antivirus.xml&id=0 \n\t\t\t\t \n\t\t\t\t\n\t\t\t\t\tACLs \n\t\t\t\t\t/pkg_edit.php?xml=squid_nac.xml&id=0 \n\t\t\t\t \n\t\t\t\t\n\t\t\t\t\tTraffic Mgmt \n\t\t\t\t\t/pkg_edit.php?xml=squid_traffic.xml&id=0 \n\t\t\t\t \n\t\t\t\t\n\t\t\t\t\tAuthentication \n\t\t\t\t\t/pkg_edit.php?xml=squid_auth.xml&id=0 \n\t\t\t\t \n\t\t\t\t\n\t\t\t\t\tUsers \n\t\t\t\t\t/pkg.php?xml=squid_users.xml \n\t\t\t\t \n\t\t\t\t\n\t\t\t\t\tReal Time \n\t\t\t\t\t/squid_monitor.php \n\t\t\t\t \n\t\t\t\t\n\t\t\t\t\tSync \n\t\t\t\t\t/pkg_edit.php?xml=squid_sync.xml \n\t\t\t\t \n\t\t\t \n\t\t\t/usr/local/pkg/squid.inc \n\t\t \n\t\t\n\t\t\tNMap \n\t\t\t\n\t\t\tnmap.xml \n\t\t \n\t\t\n\t\t\tSquid Proxy Server \n\t\t\tModify the proxy server settings \n\t\t\t\n\t\t\t/pkg_edit.php?xml=squid.xml&id=0 \n\t\t \n\t\t\n\t\t\tSquid Reverse Proxy \n\t\t\tModify the reverse proxy server settings \n\t\t\t\n\t\t\t/pkg_edit.php?xml=squid_reverse_general.xml&id=0 \n\t\t \n\t\t\n\t\t\tvmware-guestd \n\t\t\tvmware-guestd.sh \n\t\t\tmwexec(\"/usr/local/etc/rc.d/vmware-guestd status\") == 0; \n\t\t\tVMware Guest Daemon \n\t\t \n\t\t\n\t\t\tvmware-kmod \n\t\t\tvmware-kmod.sh \n\t\t\tmwexec(\"/usr/local/etc/rc.d/vmware-kmod status\") == 0; \n\t\t\tVMware Kernel Modules \n\t\t \n\t\t\n\t\t\tsquid \n\t\t\tsquid.sh \n\t\t\tsquid \n\t\t\tSquid Proxy Server Service \n\t\t \n\t\t\n\t\t\tclamd \n\t\t\tclamd.sh \n\t\t\tclamd \n\t\t\tClamAV Antivirus \n\t\t \n\t\t\n\t\t\tc-icap \n\t\t\tc-icap.sh \n\t\t\tc-icap \n\t\t\tICAP Inteface for Squid and ClamAV integration \n\t\t \n\t\t\n\t\t\t\n\t\t\t\theap LFUDA \n\t\t\t\t90 \n\t\t\t\t95 \n\t\t\t\t100 \n\t\t\t\tufs \n\t\t\t\t16 \n\t\t\t\t/var/squid/cache \n\t\t\t\t0 \n\t\t\t\t4 \n\t\t\t\t64 \n\t\t\t\t256 \n\t\t\t\theap GDSF \n\t\t\t\t \n\t\t \n\t\t\n\t\t\t\n\t\t\t\tnone \n\t\t\t \n\t\t \n\t\t\n\t\t\t\n\t\t\t\ton \n\t\t\t\ton \n\t\t\t\tlan \n\t\t\t\t3128 \n\t\t\t\ton \n\t\t\t\tlan \n\t\t\t\tsplicewhitelist \n\t\t\t\tlan \n\t\t\t\tmodern \n\t\t\t\t2048 \n\t\t\t\tnone \n\t\t\t\t/var/squid/logs \n\t\t\t\tlocalhost \n\t\t\t\tadmin@localhost \n\t\t\t\ten \n\t\t\t\ton \n\t\t\t\tstrip \n\t\t\t\t \n\t\t \n\t\t\n\t\t\t\n\t\t\t\tLg== \n\t\t\t\t \n\t\t \n\t \n\t\n\t \n\t\n\t\t\n\t\t\tipalias \n\t\t\tlan \n\t\t\t5c0a4b6139b05 \n\t\t\tsingle \n\t\t\t24 \n\t\t\t10.255.2.254 \n\t\t \n\t\t\n\t\t\tipalias \n\t\t\tlan \n\t\t\t5c0a4bd391375 \n\t\t\tsingle \n\t\t\t24 \n\t\t\t10.255.3.254 \n\t\t \n\t \n\t\n\t\t\n\t\t\tpfSense \n\t\t\tacme.com \n\t\t \n\t \n\t\n\t\t\n\t\t\tvmx1 \n\t\t\t1100 \n\t\t\tvmx1.1100 \n\t\t \n\t \n \n"
},
{
"path": "tests/unit/plugins/modules/fixtures/pfsense_nat_port_forward_config.xml",
"content": "\n\t18.9 \n\t\n\t\tnormal \n\t\tpfSense \n\t\tacme.com \n\t\ton \n\t\t\n\t\t\tall \n\t\t\tAll Users \n\t\t\tsystem \n\t\t\t1998 \n\t\t \n\t\t\n\t\t\tadmins \n\t\t\tSystem Administrators \n\t\t\tsystem \n\t\t\t1999 \n\t\t\t0 \n\t\t\tpage-all \n\t\t \n\t\t\n\t\t\tsystem \n\t\t\ttest \n\t\t\t \n\t\t\n\t\t\tsystem \n\t\t\tgroupe1 \n\t\t\t \n\t\t\n\t\t\tsystem \n\t\t\tgroupe2 \n\t\t\t \n\t\t\n\t\t\tadmin \n\t\t\tSystem Administrator \n\t\t\tsystem \n\t\t\tadmins \n\t\t\t$2y$10$AMCpA.Z.RNaferLp1yzFq.BvaGgfqaJKtQug7OErbocyNagsEK6xW \n\t\t\t0 \n\t\t\tuser-shell-access \n\t\t\t2 \n\t\t\tpfSense.css \n\t\t \n\t\t2000 \n\t\t2000 \n\t\t0.pfsense.pool.ntp.org \n\t\t\n\t\t\thttp \n\t\t\t5c00e5f9029df \n\t\t\t2 \n\t\t \n\t\tyes \n\t\t400000 \n\t\thadp \n\t\thadp \n\t\thadp \n\t\t\n\t\t\tmonthly \n\t\t \n\t\t\n\t\t\tenabled \n\t\t \n\t\tEtc/UTC \n\t \n\t\n\t\t\n\t\t\tvmx0 \n\t\t\twan \n\t\t\t192.168.240.137 \n\t\t\t32 \n\t\t\tSavedCfg \n\t\t\t24 \n\t\t\t \n\t\t\n\t\t\tvmx1 \n\t\t\tlan \n\t\t\t192.168.1.242 \n\t\t\t24 \n\t\t\t \n\t\t\n\t\t\tvmx2 \n\t\t\tvpn \n\t\t\t10.0.0.1 \n\t\t\t24 \n\t\t \n\t\t\n\t\t\tvmx3 \n\t\t\tvt1 \n\t\t\t \n\t\t\n\t\t\tlan_100 \n\t\t\tvmx1.1100 \n\t\t\t172.16.151.210 \n\t\t\t24 \n\t\t \n\t \n\t\n\t\t\n\t\t\t\n\t\t\t\t192.168.1.100 \n\t\t\t\t192.168.1.199 \n\t\t\t \n\t\t \n\t \n\t\n\t\t\n\t\t\t\n\t\t\t\t::1000 \n\t\t\t\t::2000 \n\t\t\t \n\t\t\tassist \n\t\t\tmedium \n\t\t \n\t \n\t\n\t\tpublic \n\t \n\t\n\t\t\n\t\t\t \n\t \n\t\n\t\t1 \n\t\t50 \n\t\tipv4 \n\t \n\t\n\t\t\n\t\t\tadvanced \n\t\t\t\n\t\t\t\t\n\t\t\t\t\tany \n\t\t\t\t \n\t\t\t\tone rule \n\t\t\t\twan \n\t\t\t\t\n\t\t\t\t\t \n\t\t\t\t\n\t\t\t\t\t1544027052 \n\t\t\t\t\t \n\t\t\t\t\n\t\t\t\t\t1544027052 \n\t\t\t\t\t \n\t\t\t \n\t\t\t\n\t\t\t\t\n\t\t\t\t\tany \n\t\t\t\t \n\t\t\t\tanother rule \n\t\t\t\twan \n\t\t\t\t\n\t\t\t\t\t \n\t\t\t\t\n\t\t\t\t\t1544027052 \n\t\t\t\t\t \n\t\t\t\t\n\t\t\t\t\t1544027052 \n\t\t\t\t\t \n\t\t\t \n\t\t\t\n\t\t\t\t\n\t\t\t\t\tany \n\t\t\t\t \n\t\t\t\tthird rule \n\t\t\t\twan \n\t\t\t\t\n\t\t\t\t\t \n\t\t\t\t\n\t\t\t\t\t1544027052 \n\t\t\t\t\t \n\t\t\t\t\n\t\t\t\t\t1544027052 \n\t\t\t\t\t \n\t\t\t \n\t\t \n\t\t\n\t\t\t\n\t\t\t\t \n\t\t\t\n\t\t\t\twanip \n\t\t\t\t22022 \n\t\t\t \n\t\t\tinet \n\t\t\ttcp \n\t\t\t10.255.1.20 \n\t\t\t22 \n\t\t\twan \n\t\t\tone \n\t\t\t\n\t\t\t\t1544085353 \n\t\t\t\t \n\t\t\t\n\t\t\t\t1544085353 \n\t\t\t\t \n\t\t \n \n\t\t\t\n\t\t\t\t \n\t\t\t\n\t\t\t\twanip \n\t\t\t\t22022 \n\t\t\t \n\t\t\tinet \n\t\t\ttcp \n\t\t\t10.255.1.20 \n\t\t\t22 \n\t\t\twan \n\t\t\ttwo \n\t\t\tpass \n\t\t\t\n\t\t\t\t1544085353 \n\t\t\t\t \n\t\t\t\n\t\t\t\t1544085353 \n\t\t\t\t \n\t\t \n \n\t\t\t\n\t\t\t\t \n\t\t\t\n\t\t\t\twanip \n\t\t\t\t22022 \n\t\t\t \n\t\t\tinet \n\t\t\ttcp \n\t\t\t10.255.1.20 \n\t\t\t22 \n\t\t\twan \n\t\t\tlast \n\t\t\tnat_5e03858acc6b82.92150982 \n\t\t\t\n\t\t\t\t1544085353 \n\t\t\t\t \n\t\t\t\n\t\t\t\t1544085353 \n\t\t\t\t \n\t\t \n\t \n\t\n \n\t\t\t\n\t\t\t\t \n\t\t\t\n\t\t\t\twanip \n\t\t\t\t22022 \n\t\t\t \n\t\t\tinet \n\t\t\ttcp \n\t\t\twan \n\t\t\tNAT last \n\t\t\tnat_5e03858acc6b82.92150982 \n\t\t \n\t\t\n\t\t\t\n\t\t\t\t\n\t\t\t\t\tfr1
\n\t\t\t\t\ttest_separator \n\t\t\t\t\tbg-info \n\t\t\t\t\tlan \n\t\t\t\t \n\t\t\t \n\t\t\t\n\t\t\t\t\t\t\t\n\t\t\t\t\t\t\t\t\t\t\tfr0
\n\t\t\t\t\t\t\t\t\t\t\tbg-info \n\t\t\t\t\t\t\t\t\t\t\topt2 \n\t\t\t\t\t\t\t \n\t\t\t\t\t\t\t\n\t\t\t\t\t\t\t\t\t\t\tfr3
\n\t\t\t\t\t\t\t\t\t\t\tbg-info \n\t\t\t\t\t\t\t\t\t\t\topt2 \n\t\t\t\t\t\t\t \n\t\t\t \n\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545574416 \n\t\t\t \n\t\t\tinet \n\t\t\ttcp \n\t\t\ttest_rule \n\t\t\t\n\t\t\t\t1545574416 \n\t\t\t \n\t\t\t\n\t\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\t \n\t\t\t1545574416 \n\t\t\twan \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545574416 \n\t\t\t \n\t\t\tinet \n\t\t\ttcp \n\t\t\ttest_rule_2 \n\t\t\t\n\t\t\t\t1545574416 \n\t\t\t \n\t\t\t\n\t\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\t \n\t\t\t1545574416 \n\t\t\twan \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545574416 \n\t\t\t \n\t\t\tinet \n\t\t\ttcp \n\t\t\ttest_lan_100_1 \n\t\t\t\n\t\t\t\t1545574416 \n\t\t\t \n\t\t\t\n\t\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\t \n\t\t\t1545574416 \n\t\t\topt3 \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545574416 \n\t\t\t \n\t\t\tinet \n\t\t\ttcp \n\t\t\ttest_lan_100_2 \n\t\t\t\n\t\t\t\t1545574416 \n\t\t\t \n\t\t\t\n\t\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\t \n\t\t\t1545574416 \n\t\t\topt3 \n\t\t\tinet \n\t\t\tpass \n\t\t\tone_queue \n\t\t\tanother_queue \n\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545574416 \n\t\t\t \n\t\t\tinet \n\t\t\ttcp \n\t\t\ttest_lan_100_3 \n\t\t\t\n\t\t\t\t1545574416 \n\t\t\t \n\t\t\t\n\t\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\t \n\t\t\t1545574416 \n\t\t\topt3 \n\t\t\tinet \n\t\t\tpass \n\t\t\tone_queue \n\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545574416 \n\t\t\t \n\t\t\tinet \n\t\t\ttcp \n\t\t\ttest_lan_100_4 \n\t\t\t\n\t\t\t\t1545574416 \n\t\t\t \n\t\t\t\n\t\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\t \n\t\t\t1545574416 \n\t\t\topt3 \n\t\t\tinet \n\t\t\tpass \n\t\t\tone_limiter \n\t\t\tanother_limiter \n\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545574416 \n\t\t\t \n\t\t\tinet \n\t\t\ttcp \n\t\t\ttest_lan_100_5 \n\t\t\t\n\t\t\t\t1545574416 \n\t\t\t \n\t\t\t\n\t\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\t \n\t\t\t1545574416 \n\t\t\topt3 \n\t\t\tinet \n\t\t\tpass \n\t\t\tone_limiter \n\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545574416 \n\t\t\t \n\t\t\tinet \n\t\t\ttcp \n\t\t\ttest_rule_3 \n\t\t\t\n\t\t\t\t1545574416 \n\t\t\t \n\t\t\t\n\t\t\t\tport_http \n\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\t \n\t\t\t1545574416 \n\t\t\twan \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545574416 \n\t\t\t \n\t\t\tinet \n\t\t\ttcp \n\t\t\tantilock_out_3 \n\t\t\t\n\t\t\t\t1545574416 \n\t\t\t \n\t\t\t\n\t\t\t\t443 \n\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\t \n\t\t\t1545574416 \n\t\t\twan \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\t \n\t\t\t\t\t\t fbor \n\t\t\t\t\t\t 1545907554 \n\t\t\t\t \n\t\t\t\tinet \n\t\t\t\t tcp \n\t\t\t\t test_rule_floating \n\t\t\t\t \n\t\t\t\t\t\t 1545574416 \n\t\t\t\t \n\t\t\t\t \n\t\t\t\t\t\t \n\t\t\t\t keep state \n\t\t\t\t \n\t\t\t\t\t\t \n\t\t\t\t 1545574416 \n\t\t\t\t wan \n\t\t\t\t inet \n\t\t\t\t pass \n\t\t\t\t any \n\t\t\t\t yes \n\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545574416 \n\t\t\t \n\t\t\ttcp \n\t\t\tantilock_out_1 \n\t\t\t\n\t\t\t\t1545574416 \n\t\t\t \n\t\t\t\n\t\t\t\tport_ssh \n\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\t \n\t\t\t1545574416 \n\t\t\tlan \n\t\t\tinet \n\t\t\tpass \n\t\t\tGW_LAN \n\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545574416 \n\t\t\t \n\t\t\ttcp \n\t\t\tnot_rule_dst \n\t\t\t\n\t\t\t\t1545574416 \n\t\t\t \n\t\t\t\n\t\t\t\tsrv_admin \n\t\t\t\tport_ssh \n\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\t \n\t\t\t1545574416 \n\t\t\tlan \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545574416 \n\t\t\t \n\t\t\ttcp \n\t\t\tnot_rule_src \n\t\t\t\n\t\t\t\t1545574416 \n\t\t\t \n\t\t\t\n\t\t\t\tport_ssh \n\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\tsrv_admin \n\t\t\t\t \n\t\t\t1545574416 \n\t\t\tlan \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545574416 \n\t\t\t \n\t\t\ttcp \n\t\t\tantilock_out_2 \n\t\t\t\n\t\t\t\t1545574416 \n\t\t\t \n\t\t\t\n\t\t\t\tport_http \n\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\t \n\t\t\t1545574416 \n\t\t\tlan \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545574416 \n\t\t\t \n\t\t\ttcp \n\t\t\tantilock_out_3 \n\t\t\t\n\t\t\t\t1545574416 \n\t\t\t \n\t\t\t\n\t\t\t\t443 \n\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\t \n\t\t\t1545574416 \n\t\t\tlan \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\ticmp \n\t\t\tping_from_poc3_1 \n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\t\n\t\t\t\tsrv_admin \n\t\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\tlan_data_poc3 \n\t\t\t\t \n\t\t\t1545602758 \n\t\t\tlan \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\tudp \n\t\t\tads_to_ads_udp_1_1 \n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\t\n\t\t\t\tport_dns \n\t\t\t\tad_poc2 \n\t\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\tad_poc3 \n\t\t\t\t \n\t\t\t1545602758 \n\t\t\tlan \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\tudp \n\t\t\tads_to_ads_udp_1_2 \n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\t\n\t\t\t\tport_ldap \n\t\t\t\tad_poc2 \n\t\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\tad_poc3 \n\t\t\t\t \n\t\t\t1545602758 \n\t\t\tlan \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\tudp \n\t\t\tads_to_ads_udp_2_1 \n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\t\n\t\t\t\tport_dns \n\t\t\t\tad_poc1 \n\t\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\tad_poc3 \n\t\t\t\t \n\t\t\t1545602758 \n\t\t\tlan \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\tudp \n\t\t\tads_to_ads_udp_2_2 \n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\t\n\t\t\t\tport_ldap \n\t\t\t\tad_poc1 \n\t\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\tad_poc3 \n\t\t\t\t \n\t\t\t1545602758 \n\t\t\tlan \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\ttcp \n\t\t\tads_to_ads_tcp_1_1 \n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\t\n\t\t\t\tport_dns \n\t\t\t\tad_poc2 \n\t\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\tad_poc3 \n\t\t\t\t \n\t\t\t1545602758 \n\t\t\tlan \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\ttcp \n\t\t\tads_to_ads_tcp_1_2 \n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\t\n\t\t\t\tport_ldap \n\t\t\t\tad_poc2 \n\t\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\tad_poc3 \n\t\t\t\t \n\t\t\t1545602758 \n\t\t\tlan \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\ttcp \n\t\t\tads_to_ads_tcp_1_3 \n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\t\n\t\t\t\tport_ldap_ssl \n\t\t\t\tad_poc2 \n\t\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\tad_poc3 \n\t\t\t\t \n\t\t\t1545602758 \n\t\t\tlan \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\ttcp \n\t\t\tads_to_ads_tcp_2_1 \n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\t\n\t\t\t\tport_dns \n\t\t\t\tad_poc1 \n\t\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\tad_poc3 \n\t\t\t\t \n\t\t\t1545602758 \n\t\t\tlan \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\ttcp \n\t\t\tads_to_ads_tcp_2_2 \n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\t\n\t\t\t\tport_ldap \n\t\t\t\tad_poc1 \n\t\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\tad_poc3 \n\t\t\t\t \n\t\t\t1545602758 \n\t\t\tlan \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\ttcp \n\t\t\tads_to_ads_tcp_2_3 \n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\t\n\t\t\t\tport_ldap_ssl \n\t\t\t\tad_poc1 \n\t\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\tport_ldap_ssl \n\t\t\t\tad_poc3 \n\t\t\t\t \n\t\t\t1545602758 \n\t\t\tlan \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545574416 \n\t\t\t \n\t\t\ttcp \n\t\t\tantilock_out_1 \n\t\t\t\n\t\t\t\t1545574416 \n\t\t\t \n\t\t\t\n\t\t\t\tport_ssh \n\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\t \n\t\t\t1545574416 \n\t\t\topt3 \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545574416 \n\t\t\t \n\t\t\ttcp \n\t\t\tantilock_out_2 \n\t\t\t\n\t\t\t\t1545574416 \n\t\t\t \n\t\t\t\n\t\t\t\tport_http \n\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\t \n\t\t\t1545574416 \n\t\t\topt3 \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545574416 \n\t\t\t \n\t\t\ttcp \n\t\t\tantilock_out_3 \n\t\t\t\n\t\t\t\t1545574416 \n\t\t\t \n\t\t\t\n\t\t\t\t443 \n\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\t \n\t\t\t1545574416 \n\t\t\topt3 \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\tudp \n\t\t\tvoid_conf_tftp_1 \n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\t\n\t\t\t\t69 \n\t\t\t\tlan_voip_poc2 \n\t\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\tipbx_poc3 \n\t\t\t\t \n\t\t\t1545602758 \n\t\t\topt3 \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\ticmp \n\t\t\tping_from_poc3_2 \n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\t\n\t\t\t\tsrv_admin \n\t\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\tlan_voip_poc3 \n\t\t\t\t \n\t\t\t1545602758 \n\t\t\topt3 \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\tudp \n\t\t\tvoid_conf_tftp_2 \n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\t\n\t\t\t\t69 \n\t\t\t\tlan_voip_poc1 \n\t\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\tipbx_poc3 \n\t\t\t\t \n\t\t\t1545602758 \n\t\t\topt3 \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545574416 \n\t\t\t \n\t\t\ttcp \n\t\t\tantilock_out_1 \n\t\t\t\n\t\t\t\t1545574416 \n\t\t\t \n\t\t\t\n\t\t\t\tport_ssh \n\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\t \n\t\t\t1545574416 \n\t\t\topt1 \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545574416 \n\t\t\t \n\t\t\ttcp \n\t\t\tantilock_out_2 \n\t\t\t\n\t\t\t\t1545574416 \n\t\t\t \n\t\t\t\n\t\t\t\tport_http \n\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\t \n\t\t\t1545574416 \n\t\t\topt1 \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545574416 \n\t\t\t \n\t\t\ttcp \n\t\t\tantilock_out_3 \n\t\t\t\n\t\t\t\t1545574416 \n\t\t\t \n\t\t\t\n\t\t\t\t443 \n\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\t \n\t\t\t1545574416 \n\t\t\topt1 \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\tudp \n\t\t\tvoid_conf_tftp_3 \n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\t\n\t\t\t\t69 \n\t\t\t\tlan_voip_poc3 \n\t\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\tipbx_poc2 \n\t\t\t\t \n\t\t\t1545602758 \n\t\t\topt1 \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\tudp \n\t\t\tads_to_ads_udp_3_1 \n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\t\n\t\t\t\tport_dns \n\t\t\t\tad_poc3 \n\t\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\tad_poc2 \n\t\t\t\t \n\t\t\t1545602758 \n\t\t\topt1 \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\tudp \n\t\t\tads_to_ads_udp_3_2 \n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\t\n\t\t\t\tport_ldap \n\t\t\t\tad_poc3 \n\t\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\tad_poc2 \n\t\t\t\t \n\t\t\t1545602758 \n\t\t\topt1 \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\tudp \n\t\t\tads_to_ads_udp_4_1 \n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\t\n\t\t\t\tport_dns \n\t\t\t\tad_poc3 \n\t\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\tad_poc1 \n\t\t\t\t \n\t\t\t1545602758 \n\t\t\topt1 \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\tudp \n\t\t\tads_to_ads_udp_4_2 \n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\t\n\t\t\t\tport_ldap \n\t\t\t\tad_poc3 \n\t\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\tad_poc1 \n\t\t\t\t \n\t\t\t1545602758 \n\t\t\topt1 \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\tudp \n\t\t\tvoid_conf_tftp_4 \n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\t\n\t\t\t\t69 \n\t\t\t\tlan_voip_poc3 \n\t\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\tipbx_poc1 \n\t\t\t\t \n\t\t\t1545602758 \n\t\t\topt1 \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\ttcp \n\t\t\tads_to_ads_tcp_4_1 \n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\t\n\t\t\t\tport_dns \n\t\t\t\tad_poc3 \n\t\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\tad_poc1 \n\t\t\t\t \n\t\t\t1545602758 \n\t\t\topt1 \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\ttcp \n\t\t\tads_to_ads_tcp_4_2 \n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\t\n\t\t\t\tport_ldap \n\t\t\t\tad_poc3 \n\t\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\tad_poc1 \n\t\t\t\t \n\t\t\t1545602758 \n\t\t\topt1 \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\ttcp \n\t\t\tads_to_ads_tcp_4_3 \n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\t\n\t\t\t\tport_ldap_ssl \n\t\t\t\tad_poc3 \n\t\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\tad_poc1 \n\t\t\t\t \n\t\t\t1545602758 \n\t\t\topt1 \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\tadmin_bypass \n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\t\n\t\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\tsrv_admin \n\t\t\t\t \n\t\t\t1545602758 \n\t\t\topt1 \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\ttcp \n\t\t\tads_to_ads_tcp_3_1 \n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\t\n\t\t\t\tport_dns \n\t\t\t\tad_poc3 \n\t\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\tad_poc2 \n\t\t\t\t \n\t\t\t1545602758 \n\t\t\topt1 \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\ttcp \n\t\t\tads_to_ads_tcp_3_2 \n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\t\n\t\t\t\tport_ldap \n\t\t\t\tad_poc3 \n\t\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\tad_poc2 \n\t\t\t\t \n\t\t\t1545602758 \n\t\t\topt1 \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\ttcp \n\t\t\tads_to_ads_tcp_3_3 \n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\t\n\t\t\t\tport_ldap_ssl \n\t\t\t\tad_poc3 \n\t\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\tad_poc2 \n\t\t\t\t \n\t\t\t1545602758 \n\t\t\topt1 \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\t\n\t\t\t\t\t\t\t1546111216 \n\t\t\t\t\t\t\tpass \n\t\t\t\t\t\t\topt2 \n\t\t\t\t\t\t\tinet \n\t\t\t\t\t\t\ttcp \n\t\t\t\t\t\t\t\n\t\t\t\t\t\t\t\t\t\t\t \n\t\t\t\t\t\t\t\n\t\t\t\t\t\t\t\t\t\t\t \n\t\t\t\t\t\t\t\n\t\t\t\t\t\t\t\t\t\t\t1546111216 \n\t\t\t\t\t\t\t\t\t\t\tadmin \n\t\t\t\t\t\t\t \n\t\t\t\t\t\t\t\n\t\t\t\t\t\t\t\t\t\t\t1546111216 \n\t\t\t\t\t\t\t\t\t\t\tadmin \n\t\t\t\t\t\t\t \n\t\t\t \n\t\t\t\n\t\t\t\t\t\t\t1546111271 \n\t\t\t\t\t\t\tpass \n\t\t\t\t\t\t\topt2 \n\t\t\t\t\t\t\tinet \n\t\t\t\t\t\t\ttcp \n\t\t\t\t\t\t\t\n\t\t\t\t\t\t\t\t\t\t\t \n\t\t\t\t\t\t\t\n\t\t\t\t\t\t\t\t\t\t\t \n\t\t\t\t\t\t\t\n\t\t\t\t\t\t\t\t\t\t\t1546111271 \n\t\t\t\t\t\t\t\t\t\t\tadmin \n\t\t\t\t\t\t\t \n\t\t\t\t\t\t\t\n\t\t\t\t\t\t\t\t\t\t\t1546111271 \n\t\t\t\t\t\t\t\t\t\t\tadmin \n\t\t\t\t\t\t\t \n\t\t\t \n\t\t\t\n\t\t\t\t\t\t\t1546111294 \n\t\t\t\t\t\t\tpass \n\t\t\t\t\t\t\topt2 \n\t\t\t\t\t\t\tinet \n\t\t\t\t\t\t\ttcp \n\t\t\t\t\t\t\t\n\t\t\t\t\t\t\t\t\t\t\t \n\t\t\t\t\t\t\t\n\t\t\t\t\t\t\t\t\t\t\t \n\t\t\t\t\t\t\t\n\t\t\t\t\t\t\t\t\t\t\t1546111294 \n\t\t\t\t\t\t\t\t\t\t\tadmin \n\t\t\t\t\t\t\t \n\t\t\t\t\t\t\t\n\t\t\t\t\t\t\t\t\t\t\t1546111294 \n\t\t\t\t\t\t\t\t\t\t\tadmin \n\t\t\t\t\t\t\t \n\t\t\t \n\t\t \n\t\n\t\t\n\t\t\t\t\t\topt2 \n\t\t\t\t\t\topt2 \n\t\t\t\t\t\tCBQ \n\t\t\t\t\t\t100 \n\t\t\t\t\t\tMb \n\t\t\t\t\t\t\n\t\t\t\t\t\t\t\t\t\topt2 \n\t\t\t\t\t\t\t\t\t\t10000 \n\t\t\t\t\t\t\t\t\t\t0 \n\t\t\t\t\t\t\t\t\t\tone_queue \n\t\t\t\t\t\t\t\t\t\t50 \n\t\t\t\t\t\t\t\t\t\tMb \n\t\t\t\t\t\t\t\t\t\ton \n\t\t\t\t\t\t \n\t\t\t\t\t\t\n\t\t\t\t\t\t\t\t\t\topt2 \n\t\t\t\t\t\t\t\t\t\t1000 \n\t\t\t\t\t\t\t\t\t\t1 \n\t\t\t\t\t\t\t\t\t\tanother_queue \n\t\t\t\t\t\t\t\t\t\t50 \n\t\t\t\t\t\t\t\t\t\tMb \n\t\t\t\t\t\t\t\t\t\ton \n\t\t\t\t\t\t \n\t\t\t\t\t\ton \n\t\t \n\t \n\t\n\t\t\n\t\t\tport \n\t\t\tport_ssh \n\t\t\t22 \n\t\t \n\t\t\n\t\t\tport \n\t\t\tport_http \n\t\t\t80 \n\t\t \n\t\t\n\t\t\thost \n\t\t\tsrv_admin \n\t\t\t192.168.1.165 \n\t\t \n\t\t\n\t\t\tport \n\t\t\tport_dns \n\t\t\t51 \n\t\t \n\t\t\n\t\t\tport \n\t\t\tport_ldap \n\t\t\t389 \n\t\t \n\t\t\n\t\t\tport \n\t\t\tport_ldap_ssl \n\t\t\t636 \n\t\t \n\t\n\t\t\tnetwork \n\t\t\tlan_voip_poc2 \n\t\t\t172.16.2.0/24 \n\t\t\t \n\t\t\n\t\t\tnetwork \n\t\t\tlan_voip_poc3 \n\t\t\t172.16.3.0/24 \n\t\t\t \n\t\t\n\t\t\tnetwork \n\t\t\tlan_voip_poc1 \n\t\t\t172.16.1.0/24 \n\t\t\t \n\t\t\n\t\t\thost \n\t\t\tad_poc3 \n\t\t\t192.168.3.3 \n\t\t\t \n\t\t\n\t\t\thost \n\t\t\tad_poc2 \n\t\t\t192.168.2.3 \n\t\t\t \n\t\t\n\t\t\thost \n\t\t\tad_poc1 \n\t\t\t192.168.1.3 \n\t\t\t \n\t\t\n\t\t\tnetwork \n\t\t\tlan_data_poc3 \n\t\t\t192.168.3.0/24 \n\t\t\t \n\t\t\n\t\t\thost \n\t\t\tipbx_poc3 \n\t\t\t172.16.3.3 \n\t\t\t \n\t\t\n\t\t\thost \n\t\t\tipbx_poc2 \n\t\t\t172.16.2.3 \n\t\t\t \n\t\t\n\t\t\thost \n\t\t\tipbx_poc1 \n\t\t\t172.16.1.3 \n\t\t\t \n\t\t\n\t\t\thttp://www.acme-corp.com \n\t\t\turltable \n\t\t\t10 \n\t\t\thttp://www.acme-corp.com \n\t\t\tacme_corp \n\t\t\t \n\t\t \n\t\n\t\t- \n\t\t\t
1,31 \n\t\t\t0-5 \n\t\t\t* \n\t\t\t* \n\t\t\t* \n\t\t\troot \n\t\t\t/usr/bin/nice -n20 adjkerntz -a \n\t\t \n\t\t- \n\t\t\t
1 \n\t\t\t3 \n\t\t\t1 \n\t\t\t* \n\t\t\t* \n\t\t\troot \n\t\t\t/usr/bin/nice -n20 /etc/rc.update_bogons.sh \n\t\t \n\t\t- \n\t\t\t
*/60 \n\t\t\t* \n\t\t\t* \n\t\t\t* \n\t\t\t* \n\t\t\troot \n\t\t\t/usr/bin/nice -n20 /usr/local/sbin/expiretable -v -t 3600 sshguard \n\t\t \n\t\t- \n\t\t\t
*/60 \n\t\t\t* \n\t\t\t* \n\t\t\t* \n\t\t\t* \n\t\t\troot \n\t\t\t/usr/bin/nice -n20 /usr/local/sbin/expiretable -v -t 3600 webConfiguratorlockout \n\t\t \n\t\t- \n\t\t\t
1 \n\t\t\t1 \n\t\t\t* \n\t\t\t* \n\t\t\t* \n\t\t\troot \n\t\t\t/usr/bin/nice -n20 /etc/rc.dyndns.update \n\t\t \n\t\t- \n\t\t\t
*/60 \n\t\t\t* \n\t\t\t* \n\t\t\t* \n\t\t\t* \n\t\t\troot \n\t\t\t/usr/bin/nice -n20 /usr/local/sbin/expiretable -v -t 3600 virusprot \n\t\t \n\t\t- \n\t\t\t
30 \n\t\t\t12 \n\t\t\t* \n\t\t\t* \n\t\t\t* \n\t\t\troot \n\t\t\t/usr/bin/nice -n20 /etc/rc.update_urltables \n\t\t \n\t\t- \n\t\t\t
1 \n\t\t\t0 \n\t\t\t* \n\t\t\t* \n\t\t\t* \n\t\t\troot \n\t\t\t/usr/bin/nice -n20 /etc/rc.update_pkg_metadata \n\t\t \n\t\t- \n\t\t\t
0 \n\t\t\t0 \n\t\t\t* \n\t\t\t* \n\t\t\t* \n\t\t\troot \n\t\t\t/usr/local/sbin/squid -k rotate -f /usr/local/etc/squid/squid.conf \n\t\t \n\t\t- \n\t\t\t
15 \n\t\t\t0 \n\t\t\t* \n\t\t\t* \n\t\t\t* \n\t\t\troot \n\t\t\t/usr/local/pkg/swapstate_check.php \n\t\t \n\t \n\t\n\t\t \n\t\n\t\t\n\t\t\tICMP \n\t\t\ticmp \n\t\t\tICMP \n\t\t\t \n\t\t\n\t\t\tTCP \n\t\t\ttcp \n\t\t\tGeneric TCP \n\t\t\t \n\t\t\n\t\t\tHTTP \n\t\t\thttp \n\t\t\tGeneric HTTP \n\t\t\t\n\t\t\t\t/ \n\t\t\t\t200\n\t\t\t \n\t\t \n\t\t\n\t\t\tHTTPS \n\t\t\thttps \n\t\t\tGeneric HTTPS \n\t\t\t\n\t\t\t\t/ \n\t\t\t\t200\n\t\t\t \n\t\t \n\t\t\n\t\t\tSMTP \n\t\t\tsend \n\t\t\tGeneric SMTP \n\t\t\t\n\t\t\t\t220 * \n\t\t\t \n\t\t \n\t \n\t\n\t\tsystem_information:col1:open:0,interfaces:col2:open:0 \n\t\t10 \n\t \n\t\n\t\t\n\t\t\t\t\t\tone_limiter \n\t\t\t\t\t\t1 \n\t\t\t\t\t\t\n\t\t\t\t\t\t\t\t\t\t- \n\t\t\t\t\t\t\t\t\t\t\t\t\t\t
100 \n\t\t\t\t\t\t\t\t\t\t\t\t\t\tMb \n\t\t\t\t\t\t\t\t\t\t\t\t\t\tnone \n\t\t\t\t\t\t\t\t\t\t \n\t\t\t\t\t\t \n\t\t\t\t\t\ton \n\t\t\t\t\t\tnone \n\t\t\t\t\t\t0 \n\t\t\t\t\t\twf2q+ \n\t\t\t\t\t\tdroptail \n\t\t\t\t\t\t \n\t\t\n\t\t\t\t\t\tanother_limiter \n\t\t\t\t\t\t2 \n\t\t\t\t\t\t\n\t\t\t\t\t\t\t\t\t\t- \n\t\t\t\t\t\t\t\t\t\t\t\t\t\t
1 \n\t\t\t\t\t\t\t\t\t\t\t\t\t\tMb \n\t\t\t\t\t\t\t\t\t\t\t\t\t\tnone \n\t\t\t\t\t\t\t\t\t\t \n\t\t\t\t\t\t \n\t\t\t\t\t\ton \n\t\t\t\t\t\tnone \n\t\t\t\t\t\t0 \n\t\t\t\t\t\twf2q+ \n\t\t\t\t\t\tdroptail \n\t\t\t\t\t\t \n\t\t\n\t\t\t\t\t\tdisabled_limiter \n\t\t\t\t\t\t3 \n\t\t\t\t\t\t\n\t\t\t\t\t\t\t\t\t\t- \n\t\t\t\t\t\t\t\t\t\t\t\t\t\t
1 \n\t\t\t\t\t\t\t\t\t\t\t\t\t\tKb \n\t\t\t\t\t\t\t\t\t\t\t\t\t\tnone \n\t\t\t\t\t\t\t\t\t\t \n\t\t\t\t\t\t \n\t\t\t\t\t\tnone \n\t\t\t\t\t\t0 \n\t\t\t\t\t\twf2q+ \n\t\t\t\t\t\tdroptail \n\t\t\t\t\t\t \n\t \n\t\n\t\t \n\t\n\t\t1545602758 \n\t\taggregated change \n\t\t \n\t\n\t\t5c00e5f9029df \n\t\twebConfigurator default (5c00e5f9029df) \n\t\tserver \n\t\tLS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUVlakNDQTJLZ0F3SUJBZ0lCQURBTkJna3Foa2lHOXcwQkFRc0ZBREJhTVRnd05nWURWUVFLRXk5d1psTmwKYm5ObElIZGxZa052Ym1acFozVnlZWFJ2Y2lCVFpXeG1MVk5wWjI1bFpDQkRaWEowYVdacFkyRjBaVEVlTUJ3RwpBMVVFQXhNVmNHWlRaVzV6WlMwMVl6QXdaVFZtT1RBeU9XUm1NQjRYRFRFNE1URXpNREEzTWpVME5Wb1hEVEkwCk1EVXlNakEzTWpVME5Wb3dXakU0TURZR0ExVUVDaE12Y0daVFpXNXpaU0IzWldKRGIyNW1hV2QxY21GMGIzSWcKVTJWc1ppMVRhV2R1WldRZ1EyVnlkR2xtYVdOaGRHVXhIakFjQmdOVkJBTVRGWEJtVTJWdWMyVXROV013TUdVMQpaamt3TWpsa1pqQ0NBU0l3RFFZSktvWklodmNOQVFFQkJRQURnZ0VQQURDQ0FRb0NnZ0VCQU9SRHNBV1hlMitrCmtuUFpBUGxBUG1QUUl6RVBDaXBQdXJ4dmE4c0psSCtiNitKRzl4bnpreXptaVR5SFc0M0tmZzVKNzhCdG1jTmQKWlgvZHlyckZ6dlNiQnZpa21lWk9MdGVaejVaaGFOdkxsbjBxRWZibEFwbWdkUS9Nck42eURoTWNZYWN6SEduTwpTaHdFRWZoMHhuOGo5VEFCMG9vT0JyU2dINnpkTjF2YVFIZzBJeDhIa0toUzY5eDRoV3g2WUUrRE9UQk00NUcwCkNVbitUVzNTSytQaU5QaFExT2tyRHlKL21ZLzdmVXpRZkg1bk5ZcEtNZUE2cVZxdUZTa1g0a0RVRlFwOHNoNG4KMXR5QmtJM2gvTFRpTW5uNjhBMXhKOFdrVW8yUWNxNmNuR0hqL0VGbkVKWWRraTVsYUtDWG5wS0Y0c2hrZHJaVgpRN21ybithUHg5OENBd0VBQWFPQ0FVa3dnZ0ZGTUFrR0ExVWRFd1FDTUFBd0VRWUpZSVpJQVliNFFnRUJCQVFECkFnWkFNQXNHQTFVZER3UUVBd0lGb0RBekJnbGdoa2dCaHZoQ0FRMEVKaFlrVDNCbGJsTlRUQ0JIWlc1bGNtRjAKWldRZ1UyVnlkbVZ5SUVObGNuUnBabWxqWVhSbE1CMEdBMVVkRGdRV0JCU3Qra3hud054UlFGT2pXVTljekRwegp4elRYd2pDQmdnWURWUjBqQkhzd2VZQVVyZnBNWjhEY1VVQlRvMWxQWE13NmM4YzAxOEtoWHFSY01Gb3hPREEyCkJnTlZCQW9UTDNCbVUyVnVjMlVnZDJWaVEyOXVabWxuZFhKaGRHOXlJRk5sYkdZdFUybG5ibVZrSUVObGNuUnAKWm1sallYUmxNUjR3SEFZRFZRUURFeFZ3WmxObGJuTmxMVFZqTURCbE5XWTVNREk1WkdhQ0FRQXdIUVlEVlIwbApCQll3RkFZSUt3WUJCUVVIQXdFR0NDc0dBUVVGQ0FJQ01DQUdBMVVkRVFRWk1CZUNGWEJtVTJWdWMyVXROV013Ck1HVTFaamt3TWpsa1pqQU5CZ2txaGtpRzl3MEJBUXNGQUFPQ0FRRUEzZHhIRWR5SkpWeC9od0t3WGlwcXYrY04KWFpSQ3Q1NUFHbnNGeXZIcG5Rb3pxYzV1ZFdKSTFUcGF1TGNaZjF6OFM1cXQyUDd3V1BndFhnZ3BIWmgydUlqagpha2ZpV0JIQnorS3Q2Qjl5K2hmVTVPRHUwSXMrcHJyWngyM0ZNNjVCOFNiMGlmUlMvZXFTTFpHTHcvLzdhRVJ2CnVpOUhKOXRuemhRYklMb1VwUUQ5MTRLNERldXdJYXZ4dldMTElwMGsreWNoSTczV2NGR1VZVlJpanFNekhlcUcKY2RLRDVtbXZQTk1OYXdESVhuU3pldVpQMTkvVmhuc0J0Y3hiYzNMQ2RSR1VJS0ZNN2syK0xoaEZrdks1NjhlNQozalpNZjNSVWhQaTlFeEF2Vmw3blVyd1l4UU45TXhHMUJzZmNrYldNd1dUL3lFMHFnRHcrT2M4b21SSW9tZz09Ci0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K \n\t\tLS0tLS1CRUdJTiBQUklWQVRFIEtFWS0tLS0tCk1JSUV2UUlCQURBTkJna3Foa2lHOXcwQkFRRUZBQVNDQktjd2dnU2pBZ0VBQW9JQkFRRGtRN0FGbDN0dnBKSnoKMlFENVFENWowQ014RHdvcVQ3cThiMnZMQ1pSL20rdmlSdmNaODVNczVvazhoMXVOeW40T1NlL0FiWm5EWFdWLwozY3E2eGM3MG13YjRwSm5tVGk3WG1jK1dZV2pieTVaOUtoSDI1UUtab0hVUHpLemVzZzRUSEdHbk14eHB6a29jCkJCSDRkTVovSS9Vd0FkS0tEZ2Ewb0IrczNUZGIya0I0TkNNZkI1Q29VdXZjZUlWc2VtQlBnemt3VE9PUnRBbEoKL2sxdDBpdmo0alQ0VU5UcEt3OGlmNW1QKzMxTTBIeCtaeldLU2pIZ09xbGFyaFVwRitKQTFCVUtmTEllSjliYwpnWkNONGZ5MDRqSjUrdkFOY1NmRnBGS05rSEt1bkp4aDQveEJaeENXSFpJdVpXaWdsNTZTaGVMSVpIYTJWVU81CnE1L21qOGZmQWdNQkFBRUNnZ0VCQUpmblI1TmhESjd1T1J2cEZKSEtvL3BPZjZ6ZElsbW45MUFCSWczYkVUeWUKcWFwS3FaUldtT0d2aFRLSHJYQzlpWWUrd2xNZlhNMDdNUm1Yb3BzS21rQURqdThXc3VnbHJWeURHamNzR2RqegpNZkdYZHA4RUplZlFkVGFQY1pjOWpNcEEvK2VCeHUzT2Yxa0hpR0g4YkVBZDBNUWk0bFpISVVWQXJmT2V2NEZhCmlaTEJGdTEzY0pCMEJNbzJUZU9JZDQ1R0p3OXVTQWd3Q1VuZWQ5WG42SlkremI3cVRKUE1qQkdlYWY0L0E5UnMKV29nWW85ZUtYaTF3YmFRcGthdUZINWx2U29jckRsQWRiaERiam00c0lIdzJtQUwwSUk0d1YzVTJLbUhFMEg3Nwp2b1M0dUdHNW1BZFZ0elRDTnZOa09YMC9WVWdNMTJ1eHllZVZ4c3FaTkxFQ2dZRUEvcFhJR2hDNlhkVkNNNDk1CkVsR1RENW4zUXdUOTZXZkNRQ0w2cXlaK1UwUHNla0dDV2pXTWt3R2tHbWl1ZkVKdFN2VFl2d1NzcUZpaTZsdlkKNXRKSkR3dEd4ZW0weEF0SWc3RlNuUVcvdDNWcExXOE9QVmFXQ0lOSXJKSHc3L2tOZ2RpVmNBWXpiN05DUGtjVgptTEs5aSt6bXpKMmkrbE9vaFVKRlE5aVZEQWNDZ1lFQTVZaDFHYWlGMUl6UzRVdE9pZklLcjZ3bW40MEQ3ZEVmClF5SXF5d3JSTVcya1BxVkViaVBCVkM3dUxUeUlKMWdwVDhPakl3WFlrOUlRdW01ZW42TTc2aXlxYmUrY3JhdE8KbEliK3pLL2RBNzZuUjBHOGJ2eVBmMS9FbU5vL0J1ZUZldWQyaWNacWhMd25HUkxUL0FPQktkMTZ4ZGtoSjdkVwo5WWRsbmliL0gya0NnWUJqaC8rQllVVGJab0xKVWJCTjN5S1ZtT1k0aDMwVmdZRktQZUt1Z3hBa1VZdmtpRFFFClBLZEcyZjlrYThTN3crU2l4M0x0eTFBTlNRbjRnZ3djd2QzYVNkaFRpL2ttSkJzbmtXM3hBY3hnVjBEVmlIT1MKdTRWUXNyTDQ5TjJ6bERVWnJLbFA4THl2VU8vM0ZTZDJXWHNOZDRNTVFCejFyVHRYVGY5eWRQeGdoUUtCZ0FzRgptWEhvK0x3ekl2RTBsNG5pT0ljbEFobkpRTFlMdzYrS2xYbDRoSUVXSGJ2d1hhL1lRYkZVSzVXNmdXTTZSWW1TCkFHUnZKRzQ4dVJicXM5cUFrU0Qya2h5RFZBZTI0U2dhcjJPTzBsTWF0WmVqWFhRSzVxMGNJU21oMlVMd25TVkEKdGgxNWpLWGhEeE9TSnVIRUhWQ3dWUFBwTUVGaStXY0M0R3RPdmhONUFvR0FKbXdFSkR2QkZtL0t0SXlZMDhuQgpJSExkc1dSWmRXOXpNbHBsMVk2OTV1b21qS1hVMEwva3VDZ1QwRFVVVG1VK0Q3aGFZL2FQajB6MWpqR0JGcEQ0ClJ3cVA2dVJQTVhRMExLSG5IbmFQclJzanM2Q2xicVQ4ZU93dTRkeVpmYUtTS3VvbVpDZ1pkV2ZxWThVL21tbWIKT21vckhNeWJzWG0wWnJNaTZOemlzam89Ci0tLS0tRU5EIFBSSVZBVEUgS0VZLS0tLS0K \n\t \n\t\n\t\t\n\t\t\twan \n\t\t\t192.168.1.220 \n\t\t\tGW_WAN \n\t\t\t1 \n\t\t\tinet \n\t\t\tInterface wan Gateway \n\t\t \n\t\t\n\t\t\tlan \n\t\t\t192.168.1.220 \n\t\t\tGW_LAN \n\t\t\t1 \n\t\t\tinet \n\t\t\tInterface lan Gateway \n\t\t \n\t\tGW_WAN \n\t\t\n\t\t\t\t\t\tGWGroup \n\t\t\t\t\t\t- GW_WAN|1|address
\n\t\t\t\t\t\t- GW_LAN|2|address
\n\t\t\t\t\t\tdown \n\t\t\t\t\t\tFailover group \n\t\t \n\t \n\t\n\t\t\n\t\t\tnmap \n\t\t\tNMap is a utility for network exploration or security auditing.&amp;amp;amp;amp;amp;amp;amp;amp;amp;amp;lt;br/&amp;amp;amp;amp;amp;amp;amp;amp;amp;amp;gt;\n\t\t\tIt supports ping scanning (determine which hosts are up), many port scanning techniques (determine what services the hosts are offering), version detection (determine what application/service is running on a port), and TCP/IP fingerprinting (remote host OS or device identification).\n\t\t\tIt also offers flexible target and port specification, decoy/stealth scanning, SunRPC scanning, and more. \n\t\t\t1.4.4_1 \n\t\t\thttps://doc.pfsense.org/index.php/Nmap_package \n\t\t\tnmap.xml \n\t\t\t/usr/local/pkg/nmap.inc \n\t\t \n\t\t\n\t\t\tiftop \n\t\t\thttps://forum.pfsense.org/ \n\t\t\tRealtime interface monitor (console/shell only). \n\t\t\thttp://www.ex-parrot.com/~pdw/iftop/ \n\t\t\t0.17_2 \n\t\t\tiftop.xml \n\t\t \n\t\t\n\t\t\tOpen-VM-Tools \n\t\t\tVMware Tools is a suite of utilities that enhances the performance of the virtual machine's guest operating system and improves management of the virtual machine. \n\t\t\thttp://open-vm-tools.sourceforge.net/ \n\t\t\t10.1.0,1 \n\t\t\thttps://doc.pfsense.org/index.php/Open_VM_Tools_package \n\t\t\topen-vm-tools.xml \n\t\t\t/usr/local/pkg/open-vm-tools.inc \n\t\t \n\t\t\n\t\t\tsquid3 \n\t\t\tsquid \n\t\t\tHigh performance web proxy cache (3.4 branch). It combines Squid as a proxy server with its capabilities of acting as a HTTP / HTTPS reverse proxy.&amp;amp;amp;amp;amp;amp;amp;amp;amp;amp;lt;br /&amp;amp;amp;amp;amp;amp;amp;amp;amp;amp;gt;\n\t\t\tIt includes an Exchange-Web-Access (OWA) Assistant, SSL filtering and antivirus integration via C-ICAP. \n\t\t\thttps://forum.pfsense.org/index.php?board=60.0 \n\t\t\thttp://www.squid-cache.org/ \n\t\t\t0.4.44_7 \n\t\t\tsquid.xml \n\t\t\tsquid_generate_rules \n\t\t\t\n\t\t\t\t\n\t\t\t\t\tGeneral \n\t\t\t\t\t/pkg_edit.php?xml=squid.xml&id=0 \n\t\t\t\t\t \n\t\t\t\t\n\t\t\t\t\tRemote Cache \n\t\t\t\t\t/pkg.php?xml=squid_upstream.xml \n\t\t\t\t \n\t\t\t\t\n\t\t\t\t\tLocal Cache \n\t\t\t\t\t/pkg_edit.php?xml=squid_cache.xml&id=0 \n\t\t\t\t \n\t\t\t\t\n\t\t\t\t\tAntivirus \n\t\t\t\t\t/pkg_edit.php?xml=squid_antivirus.xml&id=0 \n\t\t\t\t \n\t\t\t\t\n\t\t\t\t\tACLs \n\t\t\t\t\t/pkg_edit.php?xml=squid_nac.xml&id=0 \n\t\t\t\t \n\t\t\t\t\n\t\t\t\t\tTraffic Mgmt \n\t\t\t\t\t/pkg_edit.php?xml=squid_traffic.xml&id=0 \n\t\t\t\t \n\t\t\t\t\n\t\t\t\t\tAuthentication \n\t\t\t\t\t/pkg_edit.php?xml=squid_auth.xml&id=0 \n\t\t\t\t \n\t\t\t\t\n\t\t\t\t\tUsers \n\t\t\t\t\t/pkg.php?xml=squid_users.xml \n\t\t\t\t \n\t\t\t\t\n\t\t\t\t\tReal Time \n\t\t\t\t\t/squid_monitor.php \n\t\t\t\t \n\t\t\t\t\n\t\t\t\t\tSync \n\t\t\t\t\t/pkg_edit.php?xml=squid_sync.xml \n\t\t\t\t \n\t\t\t \n\t\t\t/usr/local/pkg/squid.inc \n\t\t \n\t\t\n\t\t\tNMap \n\t\t\t\n\t\t\tnmap.xml \n\t\t \n\t\t\n\t\t\tSquid Proxy Server \n\t\t\tModify the proxy server settings \n\t\t\t\n\t\t\t/pkg_edit.php?xml=squid.xml&id=0 \n\t\t \n\t\t\n\t\t\tSquid Reverse Proxy \n\t\t\tModify the reverse proxy server settings \n\t\t\t\n\t\t\t/pkg_edit.php?xml=squid_reverse_general.xml&id=0 \n\t\t \n\t\t\n\t\t\tvmware-guestd \n\t\t\tvmware-guestd.sh \n\t\t\tmwexec(\"/usr/local/etc/rc.d/vmware-guestd status\") == 0; \n\t\t\tVMware Guest Daemon \n\t\t \n\t\t\n\t\t\tvmware-kmod \n\t\t\tvmware-kmod.sh \n\t\t\tmwexec(\"/usr/local/etc/rc.d/vmware-kmod status\") == 0; \n\t\t\tVMware Kernel Modules \n\t\t \n\t\t\n\t\t\tsquid \n\t\t\tsquid.sh \n\t\t\tsquid \n\t\t\tSquid Proxy Server Service \n\t\t \n\t\t\n\t\t\tclamd \n\t\t\tclamd.sh \n\t\t\tclamd \n\t\t\tClamAV Antivirus \n\t\t \n\t\t\n\t\t\tc-icap \n\t\t\tc-icap.sh \n\t\t\tc-icap \n\t\t\tICAP Inteface for Squid and ClamAV integration \n\t\t \n\t\t\n\t\t\t\n\t\t\t\theap LFUDA \n\t\t\t\t90 \n\t\t\t\t95 \n\t\t\t\t100 \n\t\t\t\tufs \n\t\t\t\t16 \n\t\t\t\t/var/squid/cache \n\t\t\t\t0 \n\t\t\t\t4 \n\t\t\t\t64 \n\t\t\t\t256 \n\t\t\t\theap GDSF \n\t\t\t\t \n\t\t \n\t\t\n\t\t\t\n\t\t\t\tnone \n\t\t\t \n\t\t \n\t\t\n\t\t\t\n\t\t\t\ton \n\t\t\t\ton \n\t\t\t\tlan \n\t\t\t\t3128 \n\t\t\t\ton \n\t\t\t\tlan \n\t\t\t\tsplicewhitelist \n\t\t\t\tlan \n\t\t\t\tmodern \n\t\t\t\t2048 \n\t\t\t\tnone \n\t\t\t\t/var/squid/logs \n\t\t\t\tlocalhost \n\t\t\t\tadmin@localhost \n\t\t\t\ten \n\t\t\t\ton \n\t\t\t\tstrip \n\t\t\t\t \n\t\t \n\t\t\n\t\t\t\n\t\t\t\tLg== \n\t\t\t\t \n\t\t \n\t \n\t\n\t \n\t\n\t\t\n\t\t\tipalias \n\t\t\tlan \n\t\t\t5c0a4b6139b05 \n\t\t\tsingle \n\t\t\t24 \n\t\t\t10.255.2.254 \n\t\t \n\t\t\n\t\t\tipalias \n\t\t\tlan \n\t\t\t5c0a4bd391375 \n\t\t\tsingle \n\t\t\t24 \n\t\t\t10.255.3.254 \n\t\t \n\t \n\t\n\t\t\n\t\t\tpfSense \n\t\t\tacme.com \n\t\t \n\t \n\t\n\t\t\n\t\t\tvmx1 \n\t\t\t1100 \n\t\t\tvmx1.1100 \n\t\t \n\t \n \n"
},
{
"path": "tests/unit/plugins/modules/fixtures/pfsense_openvpn_config.xml",
"content": "\n\n\t21.7 \n\t\n\t\tnormal \n\t\tpfSense \n\t\thome.arpa \n\t\t\n\t\t\tall \n\t\t\tsystem \n\t\t\t1998 \n\t\t\t0 \n\t\t \n\t\t\n\t\t\tadmins \n\t\t\tsystem \n\t\t\t1999 \n\t\t\t0 \n\t\t\tpage-all \n\t\t \n\t\t\n\t\t\tadmin \n\t\t\tsystem \n\t\t\tadmins \n\t\t\t$2b$10$13u6qwCOwODv34GyCMgdWub6oQF3RX0rG7c3d3X4JvzuEmAXLYDd2 \n\t\t\t0 \n\t\t\tuser-shell-access \n\t\t \n\t\t2000 \n\t\t2000 \n\t\t2.pfsense.pool.ntp.org \n\t\t\n\t\t\thttps \n\t\t\t62083679cd3d4 \n\t\t \n\t\tyes \n\t\t400000 \n\t\thadp \n\t\thadp \n\t\thadp \n\t\t\n\t\t\tmonthly \n\t\t \n\t\t \n\t\n\t\t\n\t\t\tre0 \n\t\t\tdhcp \n\t\t\tdhcp6 \n\t\t\t0 \n\t\t \n\t\t\n\t\t\tre1 \n\t\t\t192.168.100.2 \n\t\t\t24 \n\t\t\twan \n\t\t\t0 \n\t\t\t \n\t \n\t\n\t\t\n\t\t\t\n\t\t\t\t192.168.1.100 \n\t\t\t\t192.168.1.199 \n\t\t\t \n\t\t \n\t \n\t\n\t\t\n\t\t\t\n\t\t\t\t::1000 \n\t\t\t\t::2000 \n\t\t\t \n\t\t\tdisabled \n\t\t\tmedium \n\t\t \n\t \n\t\n\t\tpublic \n\t \n\t\n\t\t\n\t\t\t \n\t \n\t\n\t\t1 \n\t \n\t\n\t\t\n\t\t\tautomatic \n\t\t \n\t \n\t\n\t\t\n\t\t\tpass \n\t\t\tinet \n\t\t\tlan \n\t\t\t0100000101 \n\t\t\t\n\t\t\t\tlan \n\t\t\t \n\t\t\t\n\t\t\t\t \n\t\t \n\t\t\n\t\t\tpass \n\t\t\tinet6 \n\t\t\tlan \n\t\t\t0100000102 \n\t\t\t\n\t\t\t\tlan \n\t\t\t \n\t\t\t\n\t\t\t\t \n\t\t \n\t \n\t\n\t\t \n\t\n\t\t- \n\t\t\t
*/1 \n\t\t\t* \n\t\t\t* \n\t\t\t* \n\t\t\t* \n\t\t\troot \n\t\t\t/usr/sbin/newsyslog \n\t\t \n\t\t- \n\t\t\t
1 \n\t\t\t3 \n\t\t\t* \n\t\t\t* \n\t\t\t* \n\t\t\troot \n\t\t\t/etc/rc.periodic daily \n\t\t \n\t\t- \n\t\t\t
15 \n\t\t\t4 \n\t\t\t* \n\t\t\t* \n\t\t\t6 \n\t\t\troot \n\t\t\t/etc/rc.periodic weekly \n\t\t \n\t\t- \n\t\t\t
30 \n\t\t\t5 \n\t\t\t1 \n\t\t\t* \n\t\t\t* \n\t\t\troot \n\t\t\t/etc/rc.periodic monthly \n\t\t \n\t\t- \n\t\t\t
1,31 \n\t\t\t0-5 \n\t\t\t* \n\t\t\t* \n\t\t\t* \n\t\t\troot \n\t\t\t/usr/bin/nice -n20 adjkerntz -a \n\t\t \n\t\t- \n\t\t\t
1 \n\t\t\t3 \n\t\t\t1 \n\t\t\t* \n\t\t\t* \n\t\t\troot \n\t\t\t/usr/bin/nice -n20 /etc/rc.update_bogons.sh \n\t\t \n\t\t- \n\t\t\t
1 \n\t\t\t1 \n\t\t\t* \n\t\t\t* \n\t\t\t* \n\t\t\troot \n\t\t\t/usr/bin/nice -n20 /etc/rc.dyndns.update \n\t\t \n\t\t- \n\t\t\t
*/60 \n\t\t\t* \n\t\t\t* \n\t\t\t* \n\t\t\t* \n\t\t\troot \n\t\t\t/usr/bin/nice -n20 /usr/local/sbin/expiretable -v -t 3600 virusprot \n\t\t \n\t\t- \n\t\t\t
30 \n\t\t\t12 \n\t\t\t* \n\t\t\t* \n\t\t\t* \n\t\t\troot \n\t\t\t/usr/bin/nice -n20 /etc/rc.update_urltables \n\t\t \n\t\t- \n\t\t\t
1 \n\t\t\t0 \n\t\t\t* \n\t\t\t* \n\t\t\t* \n\t\t\troot \n\t\t\t/usr/bin/nice -n20 /etc/rc.update_pkg_metadata \n\t\t \n\t \n\t\n\t\t \n\t\n\t\tsystem_information:col1:show,netgate_services_and_support:col2:show,interfaces:col2:show \n\t\t10 \n\t \n\t\n\t\t \n\t\n\t\t1644705489 \n\t\t \n\t\n\t\t62083679cd3d4 \n\t\tserver \n\t\tLS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUVsRENDQTN5Z0F3SUJBZ0lJU2JlZ00zSWZSTEV3RFFZSktvWklodmNOQVFFTEJRQXdXakU0TURZR0ExVUUKQ2hNdmNHWlRaVzV6WlNCM1pXSkRiMjVtYVdkMWNtRjBiM0lnVTJWc1ppMVRhV2R1WldRZ1EyVnlkR2xtYVdOaApkR1V4SGpBY0JnTlZCQU1URlhCbVUyVnVjMlV0TmpJd09ETTJOemxqWkROa05EQWVGdzB5TWpBeU1USXlNak0yCk5ERmFGdzB5TXpBek1UY3lNak0yTkRGYU1Gb3hPREEyQmdOVkJBb1RMM0JtVTJWdWMyVWdkMlZpUTI5dVptbG4KZFhKaGRHOXlJRk5sYkdZdFUybG5ibVZrSUVObGNuUnBabWxqWVhSbE1SNHdIQVlEVlFRREV4VndabE5sYm5ObApMVFl5TURnek5qYzVZMlF6WkRRd2dnRWlNQTBHQ1NxR1NJYjNEUUVCQVFVQUE0SUJEd0F3Z2dFS0FvSUJBUURHCjkzVW5PMm1MbTRFVTRwOUtlMCtmbkZCQTZGV245eTBDcjhaY0dxVFZiN0E3ejY4Y1JBd0l4bEVDYmtWaUx1ejcKSnNUK2gwd1Jiclo3RWI1dkpvZ3JaUHZSV1ByeW9JQWwrT2w1b1dFbE0ycTBQMVJQdjZETndaYjFsUHgzNXdXOApBa1gxQkhLL3FEWWJibjVVRXdqOVdmaVpmcnNJeFBHM21ubmpHMHpiMktOaGJGNDM4Tk1xVTVadVRvQW5PYW9PCmJqb2tveWhNUUh1N0JGV2tQS25lTFJGN3lmN0Q3TVp1QnBBbWVCbnllYkl1ZkpzS1ViWGE3OTNFanVPcjN4disKb2J3QmhtMUN3NWRpc1o2SDZzS2ZudFJ6UWFUZXhZWEo3WGo2MDdtMWc2YkpqR2FweG9WTTlvU1VlUGlzVWNCOQpNbEp1WkpnVmVOYVlFQkJPbEgxWkFnTUJBQUdqZ2dGY01JSUJXREFKQmdOVkhSTUVBakFBTUJFR0NXQ0dTQUdHCitFSUJBUVFFQXdJR1FEQUxCZ05WSFE4RUJBTUNCYUF3TXdZSllJWklBWWI0UWdFTkJDWVdKRTl3Wlc1VFUwd2cKUjJWdVpYSmhkR1ZrSUZObGNuWmxjaUJEWlhKMGFXWnBZMkYwWlRBZEJnTlZIUTRFRmdRVWNHMlpNNHdKRlpQRQoxV1ZndXd0eFRUT0RhOGd3Z1lzR0ExVWRJd1NCZ3pDQmdJQVVjRzJaTTR3SkZaUEUxV1ZndXd0eFRUT0RhOGloClhxUmNNRm94T0RBMkJnTlZCQW9UTDNCbVUyVnVjMlVnZDJWaVEyOXVabWxuZFhKaGRHOXlJRk5sYkdZdFUybG4KYm1Wa0lFTmxjblJwWm1sallYUmxNUjR3SEFZRFZRUURFeFZ3WmxObGJuTmxMVFl5TURnek5qYzVZMlF6WkRTQwpDRW0zb0ROeUgwU3hNQ2NHQTFVZEpRUWdNQjRHQ0NzR0FRVUZCd01CQmdnckJnRUZCUWNEQWdZSUt3WUJCUVVJCkFnSXdJQVlEVlIwUkJCa3dGNElWY0daVFpXNXpaUzAyTWpBNE16WTNPV05rTTJRME1BMEdDU3FHU0liM0RRRUIKQ3dVQUE0SUJBUUFzazBrTU12dVR0T3c2Ymx5a1U5cWNkRnQvVDlGOFZBZ0taNHgzYXNxNlArRG96N1FGVFpKVwprdmlrQVVUekpMMys4c0NKRDdjV3BZa2ZpdDRBYndhWFIyRzVsczhjL0JRcUdmY1ZOUnJVdWRscG12UUYrYk5iClMxZ2xjS2hYYXZuYnlQdkRMem9CZGVlTmhqYXIzcWc1TTV6T3I0aXYyM0hCZVc2aEY2c0FrV3dpVkU5NEJmZ00KOS9qeW5GalVYTkJheStMODM2TXBpNDhpNnE4OHdlQ25UdDdaTFFjWlZXb0IwcWNQSS96SExTUFlTNlhhcmdvdgpva3E1M3ZQSG9HNnRGUHpFSkpFVmNmOTV1bVcwaUpFR3hCQ3dTeVlnd2xSY0pEeGJ1QklFY0xWb2JKclVveHNLClJXcW13SHdQYkFxRjBOMUZ0cFJ6K3Yvd0lQYWdSQ2lVCi0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K \n\t\tLS0tLS1CRUdJTiBQUklWQVRFIEtFWS0tLS0tCk1JSUV2d0lCQURBTkJna3Foa2lHOXcwQkFRRUZBQVNDQktrd2dnU2xBZ0VBQW9JQkFRREc5M1VuTzJtTG00RVUKNHA5S2UwK2ZuRkJBNkZXbjl5MENyOFpjR3FUVmI3QTd6NjhjUkF3SXhsRUNia1ZpTHV6N0pzVCtoMHdSYnJaNwpFYjV2Sm9nclpQdlJXUHJ5b0lBbCtPbDVvV0VsTTJxMFAxUlB2NkROd1piMWxQeDM1d1c4QWtYMUJISy9xRFliCmJuNVVFd2o5V2ZpWmZyc0l4UEczbW5uakcwemIyS05oYkY0MzhOTXFVNVp1VG9Bbk9hb09iam9rb3loTVFIdTcKQkZXa1BLbmVMUkY3eWY3RDdNWnVCcEFtZUJueWViSXVmSnNLVWJYYTc5M0VqdU9yM3h2K29id0JobTFDdzVkaQpzWjZINnNLZm50UnpRYVRleFlYSjdYajYwN20xZzZiSmpHYXB4b1ZNOW9TVWVQaXNVY0I5TWxKdVpKZ1ZlTmFZCkVCQk9sSDFaQWdNQkFBRUNnZ0VCQUxldGVIeVlUMjV2UnpIVnFFSGxKbk50cFhUV1IwVUJYWThPWUN0aytXaUUKYkFnN1NTZnA5Y1lmOW1jdEQyWjlkWTdCa3JoNmhKSFBTQ3pEQzYrbXZheDUxRExHVnh5bmFNWWxUTHhaYThvZwo5aytoNng2WUJFWU9nbU1DZ0RQY2xTR2tZNXEyMll2dktNd1lMQTFIYVZRaHUrdFA0REJQUitvOGRHdGhKNG9ICmlna3Z4OWhQOVAzc1VBZjFQQWtKMzkyYjZ6dGJOYkRWdXhGSTFVbklCKzF1c2s5VUduWlM5bUVXTkxDRTEwYngKT2U1YlVJaTlCWkkzM3pTamdra3ZFQVdJMlBzVWJDaEFqa0RPUStFT1V1dktyQVJoUnBXUDVWUmdxVUJpc0ZuaApmeWFFMUNtTTQ4RWZyVGZ4QklXaTA0cHZ2U0I3Zm4rbXN3RkRCcjcvUGtVQ2dZRUE3L05NcHlZdGw2dng5b043ClNWUmdIY01JZlVZR2xJSVNvTGNJbmRURGQ3K3krR0pvRkFBclhBcVMvR2dKUFgxZkMxbWVYZWJDY0dqeHVGZEgKTlNNbnMxVk1OVHlEdjNMWVhhV0lBSlVvMWtTMlVYaWZHcUN3WEpSckVmVE11U1NlRXpXOGJaNE5Cdmk1R1VsdQpyTnJWNnBqTFQ5eS85ZENUbitHeWthamNMZzhDZ1lFQTFFWmpZTldhTXltbHgydDlpS3hsVTR2SlcxVDMrbW1DCkhWRDM5bDlUSS9BWlQ4Ti9VVGRYVXhjdDN2MnA4OTdPRWJ6cThBRno1dFRrNUV6Y1dJZDcwRmYwRUYxTFpMaXkKME1NZlVLVUlBTExwekh4T294T3YxNVRJTzlXSVF4d2J2TWcxaDh2M2M1MkNCVEpsVzFUektJM3dKMWV2RXBrRwpzcDVqN1NMSUJoY0NnWUVBeTdqTHlkWldPMEhYU3k3U2k2M0JkVU5UZjlqbVdVd2VPS2x0L1dMWkdtQjl1UGtECjJJZFVTTzhKWUplTDBOTVMwUFlqeVNIVXo4K3ArcExQZUVRQ3Z2V2FvRkJpb3pjRWtHMnNES0tYYTJRblR3Q1UKUk8xTkR5MUx3cEVQQjlvWkE4SkoydCtudTlXTWdmV2dxODJZZFhlSWxxT2JyejZKTitOTjB2R0ZEdTBDZ1lCcQp5a1p3anNVV2ZCdEVhZFVyanQ4aTJxNGYzbTBxY3kzY0pjRzVGbGV6T3JUaEpjN0ZRdndSZHhYQ213YUhBMDNVCktxQmV3YnhYSWo5TWcwWk8yMG4wbEdyYVdMVDNKTndBbmtrQXZ5VjVoSWlPTVBNMm8wN1JPNjVJTzdKallKNnIKcUdVVnZnenRBdzVJSXdST29Edjc2UHdxTHJpS3VLVmY4c0wrcDRMTlhRS0JnUUNrbXlIR3dielVJLzN6Z1FNSApxY1RkMUttMDhxTXJjUzZXdU03RGJxTEpIQXdlcFRSYUpuVmVLcnRRS2t4SGRlcjZsK2VWUjNvWXArUE9EbTVECjBGSXMxbXd2RFp3TjI2RVhmZnZkWG9EK1luNnVEeGlvVU9QZ1A2U1hLT3dxcnBuenVFZTFBNFpDQTFnRXJhd2MKTTNmejdiV3d0a1JUUE5uaGxybkVJNXY5Qmc9PQotLS0tLUVORCBQUklWQVRFIEtFWS0tLS0tCg== \n\t \n \n 6209e3cef1e81 \n enabled \n enabled \n LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tDQpNSUlFQ0RDQ0F2Q2dBd0lCQWdJSUZqRk9oczFuTXpRd0RRWUpLb1pJaHZjTkFRRUxCUUF3WERFVE1CRUdBMVVFDQpBeE1LYjNCbGJuWndiaTFqWVRFTE1Ba0dBMVVFQmhNQ1ZWTXhFVEFQQmdOVkJBZ1RDRU52Ykc5eVlXUnZNUkF3DQpEZ1lEVlFRSEV3ZENiM1ZzWkdWeU1STXdFUVlEVlFRS0V3cHdabE5sYm5OcFlteGxNQjRYRFRJeU1ESXhOREExDQpNRGd6TVZvWERUTXlNREl4TWpBMU1EZ3pNVm93WERFVE1CRUdBMVVFQXhNS2IzQmxiblp3YmkxallURUxNQWtHDQpBMVVFQmhNQ1ZWTXhFVEFQQmdOVkJBZ1RDRU52Ykc5eVlXUnZNUkF3RGdZRFZRUUhFd2RDYjNWc1pHVnlNUk13DQpFUVlEVlFRS0V3cHdabE5sYm5OcFlteGxNSUlCSWpBTkJna3Foa2lHOXcwQkFRRUZBQU9DQVE4QU1JSUJDZ0tDDQpBUUVBbXN2aUpNRTFFVGVkNGZPdGJrSHBGM2Q5ZU0rNjQwOFhQbmE4dEpHZEJxM1VBQ3hFem9hQktSdDJ5MWN0DQo2elFEZTVGRjRBQXZ0VjF1Y1pwc2w1bzREUy9JR1NibjZkM1lNaytqOGpBUTNFbXpSOEdPb2huZ2YxUTlBWEM2DQpvaDRyQlA1c1g0WTh1WThrSjNZclg1cVRwRlk1S0hMVTFBb1BleVE3eXlNWkhMb2t0OW5jK0ZGWnd3VTdSQ0dTDQpjTkxaaVZ4Q1FRSzVwOGs5bUE4Ymd4bHFZa2YwbUF5Qk53OU1BZlBVY1VrcUY2UDBnV1BIbElySFovdWhnN2RVDQorMjJhb2NLVUVOaXY5bXFhK0I2Y1VnTFRGVDZzMFZTRXNYL2RBZWg2MllMZ2ZtWEpnNmROSFFJK01nNlNrZWxwDQprOVZSVGVqaUVUSUVWOEpnZHYyTjdSU201d0lEQVFBQm80SE5NSUhLTUIwR0ExVWREZ1FXQkJSazVvQS8wcWEyDQpLUHdnb1hKcUtNdCtBb0tKZ1RDQmpRWURWUjBqQklHRk1JR0NnQlJrNW9BLzBxYTJLUHdnb1hKcUtNdCtBb0tKDQpnYUZncEY0d1hERVRNQkVHQTFVRUF4TUtiM0JsYm5ad2JpMWpZVEVMTUFrR0ExVUVCaE1DVlZNeEVUQVBCZ05WDQpCQWdUQ0VOdmJHOXlZV1J2TVJBd0RnWURWUVFIRXdkQ2IzVnNaR1Z5TVJNd0VRWURWUVFLRXdwd1psTmxibk5wDQpZbXhsZ2dnV01VNkd6V2N6TkRBTUJnTlZIUk1FQlRBREFRSC9NQXNHQTFVZER3UUVBd0lCQmpBTkJna3Foa2lHDQo5dzBCQVFzRkFBT0NBUUVBVUg5S0NkbUpkb0FKbFUwd0JKSFl4akxyS2xsUFk2T05ienI1SmJoQ002OUh4eFlODQpCa2lpbXd1N09mRmFGZkZDT25NSjhvcStKVGxjMG9vREoxM2xCdHRONkdybnZrUTNQMXdZYkNFTmJuaWxPYVVCDQpUSXJpSHl0TkRRYW91TmEvS1dzN0ZhdW9iY3RCbDF3OWF0b0hac041b2VoVDNyQVR2MUNDQXRqcGFUSklmSlIzDQowSVFPWWtlNG9ZNkRrSXdIcDJ2UFBtb29HZ0l0YlR3M1UrRTQxWVplN3FDbUUvN3pMVFNaa0lNMmx4NnpENDZqDQpEZjRyZ044TVVMNnhpd09MbzlyQUp5ckRNM2JEeTJ1QjY0QkVzRFFMa2huUE92ZWtETjQ1NnV6TmpYS0E3VnE4DQpoMS9nekRaSURpK1dYQ1lBY2JnTGhaVkJxdG42MnVtRnBNUkl1dz09DQotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tDQo= \n LS0tLS1CRUdJTiBQUklWQVRFIEtFWS0tLS0tDQpNSUlFdlFJQkFEQU5CZ2txaGtpRzl3MEJBUUVGQUFTQ0JLY3dnZ1NqQWdFQUFvSUJBUUNheStJa3dUVVJONTNoDQo4NjF1UWVrWGQzMTR6N3JqVHhjK2RyeTBrWjBHcmRRQUxFVE9ob0VwRzNiTFZ5M3JOQU43a1VYZ0FDKzFYVzV4DQptbXlYbWpnTkw4Z1pKdWZwM2RneVQ2UHlNQkRjU2JOSHdZNmlHZUIvVkQwQmNMcWlIaXNFL214ZmhqeTVqeVFuDQpkaXRmbXBPa1Zqa29jdFRVQ2c5N0pEdkxJeGtjdWlTMzJkejRVVm5EQlR0RUlaSncwdG1KWEVKQkFybW55VDJZDQpEeHVER1dwaVIvU1lESUUzRDB3Qjg5UnhTU29Yby9TQlk4ZVVpc2RuKzZHRHQxVDdiWnFod3BRUTJLLzJhcHI0DQpIcHhTQXRNVlBxelJWSVN4ZjkwQjZIclpndUIrWmNtRHAwMGRBajR5RHBLUjZXbVQxVkZONk9JUk1nUlh3bUIyDQovWTN0RktibkFnTUJBQUVDZ2dFQUNYN0FIR2tOakVUUkZtOFFFRmRTcVBIWGJIV3hqUWZvOFJmdmMxUUxRY0dmDQo0M0xUdGFkaWZOY0dibXFta21yYVc5WUpaemdidFJCS0dnWFM2Mm0yVG5qRDJXY2RpcWJsQUJFS2lXeVJYREhaDQpJV21xQ2g5ME9kczg4cjJyZFE1TXJUMitBQTRINDRuNE9jTngzYWRwcndicThxUTRrZGtjSWYyUy9WN2x4M0U3DQpLWVNyVnNZT3hUS0dwQVl4MzVtU3oyckRadXFhcVhyRGtwSTYxa2tFVDluaGJzQStVZDE5aXZrZ3J1WlU3bVp3DQpmRzQ0V3JDeEhSNjdiYW1LQ3VPei81SnlKNUt5US9VaFkzak9lczkxZXRpeHJXUkRpaXRCVVIwc01kMXZuQ2cyDQpTSkpjQnAvYXRwbWNjMGY1OVZFSDRGOTNqY01jR3V5cE1mQmkwNExFd1FLQmdRRE1BUSsyVk5aQWJ5aVM0cWZqDQpXelE0UWl6MDNSdmUybVhaNHc1aEdKSmk0QnkvdmI4K2xoOE9acGFWSFBjRTVya0tBbExEaFRwUEl0dTFwNWZzDQpic05MTHpJYkIwUmVBdGUxc3JGOU9SRHp0VThKblhrNDEwcnFMbmdBZmhVTGUvSUttNjBtUG4vWWU0UnhVSVI3DQp2TjFNemJXMnlYdHJCSlZ5VG1jbFRkRDZ5UUtCZ1FEQ1FCa1B2NnFpYXZXaG1IRnBiZ3QvMklpSUlBUk5iSUJjDQpmVnVUYVFJbXlOZlVSVzlUVG10UHFiYXRuOGhaWFFaL1ZCbWdaMklPOCtCMXBFYW5zYjZCS2xJMXFUMFdMUzR4DQpaV0hLQ3hEdVFiMXNUYmNRMnd3NW5jbk50c1dlWlkxUlV1dlpYcVQwZFU4WUIwb2FsdGVYWTNVbDJrUWJuWUcvDQpINUpJeWJPOEx3S0JnUURKNE1zQnJoYVBrUERmMm5nMW4wMmYxcXpTYS9SbXBrMWdQemM5a3FsYU8xbDN6WGZ4DQpvWEYrT0xzUE9LaWlLd2cyQlhLTmxjdk1BRHpZR005WTQ0dFRYWk1CK0VFSm4xcURyaC9DUWJTcTEyTXRxcTRKDQpOOVFreG5OdVdWYk9GSXZEUDZjclQzSUljc0x2dDdSREZ2VVFTZ2xtcHlBQkdYb2lzYitVeE5ybk1RS0JnR09QDQpZc2oxbmNsOU5NUk1VK1NMcUkwd09Gbzh2cmZJSXNwRTNnamh5MTZCbGsyUUFRMGJwbGpBVFljVDNDWWhUZEU1DQpFNkZwRzVNNllCTXJ6YUxwc1JDVzFtZjJnLzYzelhNMzJUVXJFdFJyRVdGUE84TUI0blF0Y1Y5a2pFa3hGNHRWDQpDdGp3YjI5MEtNUFNDS00wS08vSTVDUXdpTFAydUtkeTBSRkpnRHUxQW9HQUxqSTdGZDl0ckFrY1dSenMyVHpRDQptaDRTZWxHRDFvdFAxRXpFa1hYVlZwK1lMNXlxOWM3V3hsa09RY1lFVmd1N2huNVFncnBRUFZPTFVmbkJoajdXDQo1MC9IVmR6V21wSXg5NUlqZXFDZklBV1U3N0I5cmJUR2hvWWMzbTdJcEdObzl2WlhHYWgrc2JHY3BEK1phV3UzDQp1Q25pTnJpZEhORGgzWHZQVFZkRTRlVT0NCi0tLS0tRU5EIFBSSVZBVEUgS0VZLS0tLS0NCg== \n 1 \n \n \n \n 1 \n server_tls_user \n RADIUS \n UDP4 \n tun \n wan \n 1194 \n tls-version-min 1.2; \n 6209e3cef1e81 \n 620c5a733ba1d \n 2048 \n none \n 1 \n AES-256-CBC \n SHA256 \n none \n 10.100.0.0/24 \n no \n yes \n subnet \n none \n example.com \n 10.10.10.10 \n 10.10.10.11 \n none \n 0 \n both \n 3 \n AES-256-GCM,AES-128-GCM,AES-256-CBC \n keepalive \n 10 \n 60 \n 10 \n ping_restart \n 60 \n 0 \n \n \n 2 \n p2p_tls \n UDP4 \n tun \n wan \n 1195 \n IwojIDIwNDggYml0IE9wZW5WUE4gc3RhdGljIGtleQojCi0tLS0tQkVHSU4gT3BlblZQTiBTdGF0aWMga2V5IFYxLS0tLS0KNjFiY2E4MDk0ZmM4YjA3ZTZlMjE3NzRmNTI0YTIyOWYKNGMzZGZhMDVjZTc2ODVlN2NkNDc1N2I0OGM3ZmMzZDcKYzQzMjhjYzBmMWQ4Yjc2OTk2MjVjNzAwYmVkNzNhNWYKY2RjMjYzMTY2YThlMzVmYTk4NGU0OWVkZDg5MDNkZmMKMDc1ZTQyY2ZlOTM5NzUwYzhmMjc1YTY3MTkzMGRmMzEKMDY2Mzk1MjM2ZWRkYWQ3NDc3YmVjZjJmNDgyNzBlMjUKODM1N2JlMGE1MGUzY2Y0ZjllZTEyZTdkMmM4YTY2YzEKODUwNjBlODM5ZWUyMzdjNTZkZmUzNjA4NjU0NDhhYzgKNjhmM2JhYWQ4ODNjNDU3NTdlZTVjMWQ4ZDk5ZjM4ZjcKZGNiZDAwZmI3Nzc2ZWFlYjQ1ZmQwOTBjNGNlYTNmMGMKMzgzNDE0ZTJlYmU4MWNiZGIxZmNlN2M2YmFhMDlkMWYKMTU4OGUzNGRkYzUxY2NjOTE5NDNjNTFhOTI2OTE3NWQKNzZiZjdhOWI1ZmM3NDAyNmE3MTVkNGVmODVkYzY2Y2UKMWE5MWQwNjNhODIwZDY4MTc0ODlmYjJkZjNmYzY2MmMKMmU2OWZiMzNiMzM5MjdjYjUyNThkZDQ4M2NkNDE0Y2QKMDJhZWE3ZjA3MmNhZmEwOTY5Yjg5NWVjYzNiYmExNGQKLS0tLS1FTkQgT3BlblZQTiBTdGF0aWMga2V5IFYxLS0tLS0K \n auth \n default \n 6209e3cef1e81 \n 620c5a733ba1d \n 2048 \n none \n 1 \n AES-256-CBC \n SHA256 \n none \n no \n subnet \n none \n none \n 0 \n both \n 1 \n AES-256-GCM,AES-128-GCM,CHACHA20-POLY1305 \n keepalive \n 10 \n 60 \n 10 \n ping_restart \n 60 \n 0 \n \n \n 1 \n ifconfig-push 10.8.0.1 255.255.255.0 \n yes \n 0 \n \n \n \n"
},
{
"path": "tests/unit/plugins/modules/fixtures/pfsense_route_config.xml",
"content": "\n\t18.9 \n\t\n\t\tnormal \n\t\tpfSense \n\t\tacme.com \n\t\ton \n\t\t\n\t\t\tall \n\t\t\tAll Users \n\t\t\tsystem \n\t\t\t1998 \n\t\t \n\t\t\n\t\t\tadmins \n\t\t\tSystem Administrators \n\t\t\tsystem \n\t\t\t1999 \n\t\t\t0 \n\t\t\tpage-all \n\t\t \n\t\t\n\t\t\tsystem \n\t\t\ttest \n\t\t\t \n\t\t\n\t\t\tsystem \n\t\t\tgroupe1 \n\t\t\t \n\t\t\n\t\t\tsystem \n\t\t\tgroupe2 \n\t\t\t \n\t\t\n\t\t\tadmin \n\t\t\tSystem Administrator \n\t\t\tsystem \n\t\t\tadmins \n\t\t\t$2y$10$AMCpA.Z.RNaferLp1yzFq.BvaGgfqaJKtQug7OErbocyNagsEK6xW \n\t\t\t0 \n\t\t\tuser-shell-access \n\t\t\t2 \n\t\t\tpfSense.css \n\t\t \n\t\t2000 \n\t\t2000 \n\t\t0.pfsense.pool.ntp.org \n\t\t\n\t\t\thttp \n\t\t\t5c00e5f9029df \n\t\t\t2 \n\t\t \n\t\tyes \n\t\t400000 \n\t\thadp \n\t\thadp \n\t\thadp \n\t\t\n\t\t\tmonthly \n\t\t \n\t\t\n\t\t\tenabled \n\t\t \n\t\tEtc/UTC \n\t \n\t\n\t\t\n\t\t\tvmx0 \n\t\t\twan \n\t\t\t192.168.240.137 \n\t\t\t32 \n\t\t\tSavedCfg \n\t\t\t24 \n\t\t\t2001:: \n\t\t\t64 \n\t\t\t \n\t\t\n\t\t\tvmx1 \n\t\t\tlan \n\t\t\t192.168.1.242 \n\t\t\t24 \n\t\t\t \n\t\t\n\t\t\tvmx2 \n\t\t\tvpn \n\t\t\tdhcp \n\t\t\tdhcp6 \n\t\t \n\t\t\n\t\t\tvmx3 \n\t\t\tvt1 \n\t\t\t \n\t\t\n\t\t\tlan_100 \n\t\t\tvmx1.1100 \n\t\t\t172.16.151.210 \n\t\t\t24 \n\t\t \n\t \n\t\n\t\t\n\t\t\t\t\t\t10.3.0.0/16 \n\t\t\t\t\t\tGW_WAN \n\t\t\t\t\t\tGW_WAN route \n\t\t \n\t\t\n\t\t\t\t\t\tservers \n\t\t\t\t\t\tGW_WAN \n\t\t\t\t\t\tGW_WAN alias \n\t\t \n\t \n\t\n\t\t\n\t\t\t\n\t\t\t\t192.168.1.100 \n\t\t\t\t192.168.1.199 \n\t\t\t \n\t\t \n\t \n\t\n\t\t\n\t\t\t\n\t\t\t\t::1000 \n\t\t\t\t::2000 \n\t\t\t \n\t\t\tassist \n\t\t\tmedium \n\t\t \n\t \n\t\n\t\tpublic \n\t \n\t\n\t\t\n\t\t\t \n\t \n\t\n\t\t1 \n\t\t50 \n\t\tipv4 \n\t \n\t\n\t\t\n\t\t\tadvanced \n\t\t\t\n\t\t\t\t\n\t\t\t\t\tany \n\t\t\t\t \n\t\t\t\tone rule \n\t\t\t\twan \n\t\t\t\t\n\t\t\t\t\t \n\t\t\t\t\n\t\t\t\t\t1544027052 \n\t\t\t\t\t \n\t\t\t\t\n\t\t\t\t\t1544027052 \n\t\t\t\t\t \n\t\t\t \n\t\t\t\n\t\t\t\t\n\t\t\t\t\tany \n\t\t\t\t \n\t\t\t\tanother rule \n\t\t\t\twan \n\t\t\t\t\n\t\t\t\t\t \n\t\t\t\t\n\t\t\t\t\t1544027052 \n\t\t\t\t\t \n\t\t\t\t\n\t\t\t\t\t1544027052 \n\t\t\t\t\t \n\t\t\t \n\t\t\t\n\t\t\t\t\n\t\t\t\t\tany \n\t\t\t\t \n\t\t\t\tthird rule \n\t\t\t\twan \n\t\t\t\t\n\t\t\t\t\t \n\t\t\t\t\n\t\t\t\t\t1544027052 \n\t\t\t\t\t \n\t\t\t\t\n\t\t\t\t\t1544027052 \n\t\t\t\t\t \n\t\t\t \n\t\t \n\t\t\n\t\t\t\n\t\t\t\t \n\t\t\t\n\t\t\t\twanip \n\t\t\t\t22022 \n\t\t\t \n\t\t\ttcp \n\t\t\t10.255.1.20 \n\t\t\t22 \n\t\t\twan \n\t\t\tone \n\t\t\t\n\t\t\t\t1544085353 \n\t\t\t\t \n\t\t\t\n\t\t\t\t1544085353 \n\t\t\t\t \n\t\t \n \n\t\t\t\n\t\t\t\t \n\t\t\t\n\t\t\t\twanip \n\t\t\t\t22022 \n\t\t\t \n\t\t\ttcp \n\t\t\t10.255.1.20 \n\t\t\t22 \n\t\t\twan \n\t\t\ttwo \n\t\t\tpass \n\t\t\t\n\t\t\t\t1544085353 \n\t\t\t\t \n\t\t\t\n\t\t\t\t1544085353 \n\t\t\t\t \n\t\t \n \n\t\t\t\n\t\t\t\t \n\t\t\t\n\t\t\t\twanip \n\t\t\t\t22022 \n\t\t\t \n\t\t\ttcp \n\t\t\t10.255.1.20 \n\t\t\t22 \n\t\t\twan \n\t\t\tlast \n\t\t\tnat_5e03858acc6b82.92150982 \n\t\t\t\n\t\t\t\t1544085353 \n\t\t\t\t \n\t\t\t\n\t\t\t\t1544085353 \n\t\t\t\t \n\t\t \n\t \n\t\n \n\t\t\t\n\t\t\t\t \n\t\t\t\n\t\t\t\twanip \n\t\t\t\t22022 \n\t\t\t \n\t\t\ttcp \n\t\t\twan \n\t\t\tNAT last \n\t\t\tnat_5e03858acc6b82.92150982 \n\t\t \n\t\t\n\t\t\t\n\t\t\t\t\n\t\t\t\t\tfr1
\n\t\t\t\t\ttest_separator \n\t\t\t\t\tbg-info \n\t\t\t\t\tlan \n\t\t\t\t \n\t\t\t \n\t\t\t\n\t\t\t\t\t\t\t\n\t\t\t\t\t\t\t\t\t\t\tfr0
\n\t\t\t\t\t\t\t\t\t\t\tbg-info \n\t\t\t\t\t\t\t\t\t\t\topt2 \n\t\t\t\t\t\t\t \n\t\t\t\t\t\t\t\n\t\t\t\t\t\t\t\t\t\t\tfr3
\n\t\t\t\t\t\t\t\t\t\t\tbg-info \n\t\t\t\t\t\t\t\t\t\t\topt2 \n\t\t\t\t\t\t\t \n\t\t\t \n\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545574416 \n\t\t\t \n\t\t\ttcp \n\t\t\ttest_rule \n\t\t\t\n\t\t\t\t1545574416 \n\t\t\t \n\t\t\t\n\t\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\t \n\t\t\t1545574416 \n\t\t\twan \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545574416 \n\t\t\t \n\t\t\ttcp \n\t\t\ttest_rule_2 \n\t\t\t\n\t\t\t\t1545574416 \n\t\t\t \n\t\t\t\n\t\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\t \n\t\t\t1545574416 \n\t\t\twan \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545574416 \n\t\t\t \n\t\t\ttcp \n\t\t\ttest_lan_100_1 \n\t\t\t\n\t\t\t\t1545574416 \n\t\t\t \n\t\t\t\n\t\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\t \n\t\t\t1545574416 \n\t\t\topt3 \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545574416 \n\t\t\t \n\t\t\ttcp \n\t\t\ttest_lan_100_2 \n\t\t\t\n\t\t\t\t1545574416 \n\t\t\t \n\t\t\t\n\t\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\t \n\t\t\t1545574416 \n\t\t\topt3 \n\t\t\tinet \n\t\t\tpass \n\t\t\tone_queue \n\t\t\tanother_queue \n\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545574416 \n\t\t\t \n\t\t\ttcp \n\t\t\ttest_lan_100_3 \n\t\t\t\n\t\t\t\t1545574416 \n\t\t\t \n\t\t\t\n\t\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\t \n\t\t\t1545574416 \n\t\t\topt3 \n\t\t\tinet \n\t\t\tpass \n\t\t\tone_queue \n\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545574416 \n\t\t\t \n\t\t\ttcp \n\t\t\ttest_lan_100_4 \n\t\t\t\n\t\t\t\t1545574416 \n\t\t\t \n\t\t\t\n\t\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\t \n\t\t\t1545574416 \n\t\t\topt3 \n\t\t\tinet \n\t\t\tpass \n\t\t\tone_limiter \n\t\t\tanother_limiter \n\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545574416 \n\t\t\t \n\t\t\ttcp \n\t\t\ttest_lan_100_5 \n\t\t\t\n\t\t\t\t1545574416 \n\t\t\t \n\t\t\t\n\t\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\t \n\t\t\t1545574416 \n\t\t\topt3 \n\t\t\tinet \n\t\t\tpass \n\t\t\tone_limiter \n\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545574416 \n\t\t\t \n\t\t\ttcp \n\t\t\ttest_rule_3 \n\t\t\t\n\t\t\t\t1545574416 \n\t\t\t \n\t\t\t\n\t\t\t\tport_http \n\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\t \n\t\t\t1545574416 \n\t\t\twan \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545574416 \n\t\t\t \n\t\t\ttcp \n\t\t\tantilock_out_3 \n\t\t\t\n\t\t\t\t1545574416 \n\t\t\t \n\t\t\t\n\t\t\t\t443 \n\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\t \n\t\t\t1545574416 \n\t\t\twan \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\t \n\t\t\t\t\t\t fbor \n\t\t\t\t\t\t 1545907554 \n\t\t\t\t \n\t\t\t\t tcp \n\t\t\t\t test_rule_floating \n\t\t\t\t \n\t\t\t\t\t\t 1545574416 \n\t\t\t\t \n\t\t\t\t \n\t\t\t\t\t\t \n\t\t\t\t keep state \n\t\t\t\t \n\t\t\t\t\t\t \n\t\t\t\t 1545574416 \n\t\t\t\t wan \n\t\t\t\t inet \n\t\t\t\t pass \n\t\t\t\t any \n\t\t\t\t yes \n\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545574416 \n\t\t\t \n\t\t\ttcp \n\t\t\tantilock_out_1 \n\t\t\t\n\t\t\t\t1545574416 \n\t\t\t \n\t\t\t\n\t\t\t\tport_ssh \n\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\t \n\t\t\t1545574416 \n\t\t\tlan \n\t\t\tinet \n\t\t\tpass \n\t\t\tGW_LAN \n\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545574416 \n\t\t\t \n\t\t\ttcp \n\t\t\tnot_rule_dst \n\t\t\t\n\t\t\t\t1545574416 \n\t\t\t \n\t\t\t\n\t\t\t\tsrv_admin \n\t\t\t\tport_ssh \n\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\t \n\t\t\t1545574416 \n\t\t\tlan \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545574416 \n\t\t\t \n\t\t\ttcp \n\t\t\tnot_rule_src \n\t\t\t\n\t\t\t\t1545574416 \n\t\t\t \n\t\t\t\n\t\t\t\tport_ssh \n\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\tsrv_admin \n\t\t\t\t \n\t\t\t1545574416 \n\t\t\tlan \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545574416 \n\t\t\t \n\t\t\ttcp \n\t\t\tantilock_out_2 \n\t\t\t\n\t\t\t\t1545574416 \n\t\t\t \n\t\t\t\n\t\t\t\tport_http \n\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\t \n\t\t\t1545574416 \n\t\t\tlan \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545574416 \n\t\t\t \n\t\t\ttcp \n\t\t\tantilock_out_3 \n\t\t\t\n\t\t\t\t1545574416 \n\t\t\t \n\t\t\t\n\t\t\t\t443 \n\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\t \n\t\t\t1545574416 \n\t\t\tlan \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\ticmp \n\t\t\tping_from_poc3_1 \n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\t\n\t\t\t\tsrv_admin \n\t\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\tlan_data_poc3 \n\t\t\t\t \n\t\t\t1545602758 \n\t\t\tlan \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\tudp \n\t\t\tads_to_ads_udp_1_1 \n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\t\n\t\t\t\tport_dns \n\t\t\t\tad_poc2 \n\t\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\tad_poc3 \n\t\t\t\t \n\t\t\t1545602758 \n\t\t\tlan \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\tudp \n\t\t\tads_to_ads_udp_1_2 \n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\t\n\t\t\t\tport_ldap \n\t\t\t\tad_poc2 \n\t\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\tad_poc3 \n\t\t\t\t \n\t\t\t1545602758 \n\t\t\tlan \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\tudp \n\t\t\tads_to_ads_udp_2_1 \n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\t\n\t\t\t\tport_dns \n\t\t\t\tad_poc1 \n\t\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\tad_poc3 \n\t\t\t\t \n\t\t\t1545602758 \n\t\t\tlan \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\tudp \n\t\t\tads_to_ads_udp_2_2 \n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\t\n\t\t\t\tport_ldap \n\t\t\t\tad_poc1 \n\t\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\tad_poc3 \n\t\t\t\t \n\t\t\t1545602758 \n\t\t\tlan \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\ttcp \n\t\t\tads_to_ads_tcp_1_1 \n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\t\n\t\t\t\tport_dns \n\t\t\t\tad_poc2 \n\t\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\tad_poc3 \n\t\t\t\t \n\t\t\t1545602758 \n\t\t\tlan \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\ttcp \n\t\t\tads_to_ads_tcp_1_2 \n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\t\n\t\t\t\tport_ldap \n\t\t\t\tad_poc2 \n\t\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\tad_poc3 \n\t\t\t\t \n\t\t\t1545602758 \n\t\t\tlan \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\ttcp \n\t\t\tads_to_ads_tcp_1_3 \n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\t\n\t\t\t\tport_ldap_ssl \n\t\t\t\tad_poc2 \n\t\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\tad_poc3 \n\t\t\t\t \n\t\t\t1545602758 \n\t\t\tlan \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\ttcp \n\t\t\tads_to_ads_tcp_2_1 \n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\t\n\t\t\t\tport_dns \n\t\t\t\tad_poc1 \n\t\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\tad_poc3 \n\t\t\t\t \n\t\t\t1545602758 \n\t\t\tlan \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\ttcp \n\t\t\tads_to_ads_tcp_2_2 \n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\t\n\t\t\t\tport_ldap \n\t\t\t\tad_poc1 \n\t\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\tad_poc3 \n\t\t\t\t \n\t\t\t1545602758 \n\t\t\tlan \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\ttcp \n\t\t\tads_to_ads_tcp_2_3 \n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\t\n\t\t\t\tport_ldap_ssl \n\t\t\t\tad_poc1 \n\t\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\tport_ldap_ssl \n\t\t\t\tad_poc3 \n\t\t\t\t \n\t\t\t1545602758 \n\t\t\tlan \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545574416 \n\t\t\t \n\t\t\ttcp \n\t\t\tantilock_out_1 \n\t\t\t\n\t\t\t\t1545574416 \n\t\t\t \n\t\t\t\n\t\t\t\tport_ssh \n\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\t \n\t\t\t1545574416 \n\t\t\topt3 \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545574416 \n\t\t\t \n\t\t\ttcp \n\t\t\tantilock_out_2 \n\t\t\t\n\t\t\t\t1545574416 \n\t\t\t \n\t\t\t\n\t\t\t\tport_http \n\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\t \n\t\t\t1545574416 \n\t\t\topt3 \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545574416 \n\t\t\t \n\t\t\ttcp \n\t\t\tantilock_out_3 \n\t\t\t\n\t\t\t\t1545574416 \n\t\t\t \n\t\t\t\n\t\t\t\t443 \n\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\t \n\t\t\t1545574416 \n\t\t\topt3 \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\tudp \n\t\t\tvoid_conf_tftp_1 \n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\t\n\t\t\t\t69 \n\t\t\t\tlan_voip_poc2 \n\t\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\tipbx_poc3 \n\t\t\t\t \n\t\t\t1545602758 \n\t\t\topt3 \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\ticmp \n\t\t\tping_from_poc3_2 \n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\t\n\t\t\t\tsrv_admin \n\t\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\tlan_voip_poc3 \n\t\t\t\t \n\t\t\t1545602758 \n\t\t\topt3 \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\tudp \n\t\t\tvoid_conf_tftp_2 \n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\t\n\t\t\t\t69 \n\t\t\t\tlan_voip_poc1 \n\t\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\tipbx_poc3 \n\t\t\t\t \n\t\t\t1545602758 \n\t\t\topt3 \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545574416 \n\t\t\t \n\t\t\ttcp \n\t\t\tantilock_out_1 \n\t\t\t\n\t\t\t\t1545574416 \n\t\t\t \n\t\t\t\n\t\t\t\tport_ssh \n\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\t \n\t\t\t1545574416 \n\t\t\topt1 \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545574416 \n\t\t\t \n\t\t\ttcp \n\t\t\tantilock_out_2 \n\t\t\t\n\t\t\t\t1545574416 \n\t\t\t \n\t\t\t\n\t\t\t\tport_http \n\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\t \n\t\t\t1545574416 \n\t\t\topt1 \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545574416 \n\t\t\t \n\t\t\ttcp \n\t\t\tantilock_out_3 \n\t\t\t\n\t\t\t\t1545574416 \n\t\t\t \n\t\t\t\n\t\t\t\t443 \n\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\t \n\t\t\t1545574416 \n\t\t\topt1 \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\tudp \n\t\t\tvoid_conf_tftp_3 \n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\t\n\t\t\t\t69 \n\t\t\t\tlan_voip_poc3 \n\t\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\tipbx_poc2 \n\t\t\t\t \n\t\t\t1545602758 \n\t\t\topt1 \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\tudp \n\t\t\tads_to_ads_udp_3_1 \n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\t\n\t\t\t\tport_dns \n\t\t\t\tad_poc3 \n\t\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\tad_poc2 \n\t\t\t\t \n\t\t\t1545602758 \n\t\t\topt1 \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\tudp \n\t\t\tads_to_ads_udp_3_2 \n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\t\n\t\t\t\tport_ldap \n\t\t\t\tad_poc3 \n\t\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\tad_poc2 \n\t\t\t\t \n\t\t\t1545602758 \n\t\t\topt1 \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\tudp \n\t\t\tads_to_ads_udp_4_1 \n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\t\n\t\t\t\tport_dns \n\t\t\t\tad_poc3 \n\t\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\tad_poc1 \n\t\t\t\t \n\t\t\t1545602758 \n\t\t\topt1 \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\tudp \n\t\t\tads_to_ads_udp_4_2 \n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\t\n\t\t\t\tport_ldap \n\t\t\t\tad_poc3 \n\t\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\tad_poc1 \n\t\t\t\t \n\t\t\t1545602758 \n\t\t\topt1 \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\tudp \n\t\t\tvoid_conf_tftp_4 \n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\t\n\t\t\t\t69 \n\t\t\t\tlan_voip_poc3 \n\t\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\tipbx_poc1 \n\t\t\t\t \n\t\t\t1545602758 \n\t\t\topt1 \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\ttcp \n\t\t\tads_to_ads_tcp_4_1 \n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\t\n\t\t\t\tport_dns \n\t\t\t\tad_poc3 \n\t\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\tad_poc1 \n\t\t\t\t \n\t\t\t1545602758 \n\t\t\topt1 \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\ttcp \n\t\t\tads_to_ads_tcp_4_2 \n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\t\n\t\t\t\tport_ldap \n\t\t\t\tad_poc3 \n\t\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\tad_poc1 \n\t\t\t\t \n\t\t\t1545602758 \n\t\t\topt1 \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\ttcp \n\t\t\tads_to_ads_tcp_4_3 \n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\t\n\t\t\t\tport_ldap_ssl \n\t\t\t\tad_poc3 \n\t\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\tad_poc1 \n\t\t\t\t \n\t\t\t1545602758 \n\t\t\topt1 \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\tadmin_bypass \n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\t\n\t\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\tsrv_admin \n\t\t\t\t \n\t\t\t1545602758 \n\t\t\topt1 \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\ttcp \n\t\t\tads_to_ads_tcp_3_1 \n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\t\n\t\t\t\tport_dns \n\t\t\t\tad_poc3 \n\t\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\tad_poc2 \n\t\t\t\t \n\t\t\t1545602758 \n\t\t\topt1 \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\ttcp \n\t\t\tads_to_ads_tcp_3_2 \n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\t\n\t\t\t\tport_ldap \n\t\t\t\tad_poc3 \n\t\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\tad_poc2 \n\t\t\t\t \n\t\t\t1545602758 \n\t\t\topt1 \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\ttcp \n\t\t\tads_to_ads_tcp_3_3 \n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\t\n\t\t\t\tport_ldap_ssl \n\t\t\t\tad_poc3 \n\t\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\tad_poc2 \n\t\t\t\t \n\t\t\t1545602758 \n\t\t\topt1 \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\t\n\t\t\t\t\t\t\t1546111216 \n\t\t\t\t\t\t\tpass \n\t\t\t\t\t\t\topt2 \n\t\t\t\t\t\t\tinet \n\t\t\t\t\t\t\ttcp \n\t\t\t\t\t\t\t\n\t\t\t\t\t\t\t\t\t\t\t \n\t\t\t\t\t\t\t\n\t\t\t\t\t\t\t\t\t\t\t \n\t\t\t\t\t\t\t\n\t\t\t\t\t\t\t\t\t\t\t1546111216 \n\t\t\t\t\t\t\t\t\t\t\tadmin \n\t\t\t\t\t\t\t \n\t\t\t\t\t\t\t\n\t\t\t\t\t\t\t\t\t\t\t1546111216 \n\t\t\t\t\t\t\t\t\t\t\tadmin \n\t\t\t\t\t\t\t \n\t\t\t \n\t\t\t\n\t\t\t\t\t\t\t1546111271 \n\t\t\t\t\t\t\tpass \n\t\t\t\t\t\t\topt2 \n\t\t\t\t\t\t\tinet \n\t\t\t\t\t\t\ttcp \n\t\t\t\t\t\t\t\n\t\t\t\t\t\t\t\t\t\t\t \n\t\t\t\t\t\t\t\n\t\t\t\t\t\t\t\t\t\t\t \n\t\t\t\t\t\t\t\n\t\t\t\t\t\t\t\t\t\t\t1546111271 \n\t\t\t\t\t\t\t\t\t\t\tadmin \n\t\t\t\t\t\t\t \n\t\t\t\t\t\t\t\n\t\t\t\t\t\t\t\t\t\t\t1546111271 \n\t\t\t\t\t\t\t\t\t\t\tadmin \n\t\t\t\t\t\t\t \n\t\t\t \n\t\t\t\n\t\t\t\t\t\t\t1546111294 \n\t\t\t\t\t\t\tpass \n\t\t\t\t\t\t\topt2 \n\t\t\t\t\t\t\tinet \n\t\t\t\t\t\t\ttcp \n\t\t\t\t\t\t\t\n\t\t\t\t\t\t\t\t\t\t\t \n\t\t\t\t\t\t\t\n\t\t\t\t\t\t\t\t\t\t\t \n\t\t\t\t\t\t\t\n\t\t\t\t\t\t\t\t\t\t\t1546111294 \n\t\t\t\t\t\t\t\t\t\t\tadmin \n\t\t\t\t\t\t\t \n\t\t\t\t\t\t\t\n\t\t\t\t\t\t\t\t\t\t\t1546111294 \n\t\t\t\t\t\t\t\t\t\t\tadmin \n\t\t\t\t\t\t\t \n\t\t\t \n\t\t \n\t\n\t\t\n\t\t\t\t\t\topt2 \n\t\t\t\t\t\topt2 \n\t\t\t\t\t\tCBQ \n\t\t\t\t\t\t100 \n\t\t\t\t\t\tMb \n\t\t\t\t\t\t\n\t\t\t\t\t\t\t\t\t\topt2 \n\t\t\t\t\t\t\t\t\t\t10000 \n\t\t\t\t\t\t\t\t\t\t0 \n\t\t\t\t\t\t\t\t\t\tone_queue \n\t\t\t\t\t\t\t\t\t\t50 \n\t\t\t\t\t\t\t\t\t\tMb \n\t\t\t\t\t\t\t\t\t\ton \n\t\t\t\t\t\t \n\t\t\t\t\t\t\n\t\t\t\t\t\t\t\t\t\topt2 \n\t\t\t\t\t\t\t\t\t\t1000 \n\t\t\t\t\t\t\t\t\t\t1 \n\t\t\t\t\t\t\t\t\t\tanother_queue \n\t\t\t\t\t\t\t\t\t\t50 \n\t\t\t\t\t\t\t\t\t\tMb \n\t\t\t\t\t\t\t\t\t\ton \n\t\t\t\t\t\t \n\t\t\t\t\t\ton \n\t\t \n\t \n\t\n\t\t\n\t\t\tport \n\t\t\tport_ssh \n\t\t\t22 \n\t\t \n\t\t\n\t\t\tport \n\t\t\tport_http \n\t\t\t80 \n\t\t \n\t\t\n\t\t\thost \n\t\t\tsrv_admin \n\t\t\t192.168.1.165 \n\t\t \n\t\t\n\t\t\tport \n\t\t\tport_dns \n\t\t\t51 \n\t\t \n\t\t\n\t\t\tport \n\t\t\tport_ldap \n\t\t\t389 \n\t\t \n\t\t\n\t\t\tport \n\t\t\tport_ldap_ssl \n\t\t\t636 \n\t\t \n\t\t\n\t\t\t\tnetwork \n\t\t\t\tservers \n\t\t\t\t172.16.2.0/24 lan_voip_poc3 ad_poc2 \n\t\t\t\t \n\t\n\t\t\tnetwork \n\t\t\tlan_voip_poc2 \n\t\t\t172.16.2.0/24 \n\t\t\t \n\t\t\n\t\t\tnetwork \n\t\t\tlan_voip_poc3 \n\t\t\t172.16.3.0/24 \n\t\t\t \n\t\t\n\t\t\tnetwork \n\t\t\tlan_voip_poc1 \n\t\t\t172.16.1.0/24 \n\t\t\t \n\t\t\n\t\t\thost \n\t\t\tad_poc3 \n\t\t\t192.168.3.3 \n\t\t\t \n\t\t\n\t\t\thost \n\t\t\tad_poc2 \n\t\t\t192.168.2.3 \n\t\t\t \n\t\t\n\t\t\thost \n\t\t\tad_poc1 \n\t\t\t192.168.1.3 \n\t\t\t \n\t\t\n\t\t\tnetwork \n\t\t\tlan_data_poc3 \n\t\t\t192.168.3.0/24 \n\t\t\t \n\t\t\n\t\t\thost \n\t\t\tipbx_poc3 \n\t\t\t172.16.3.3 \n\t\t\t \n\t\t\n\t\t\thost \n\t\t\tipbx_poc2 \n\t\t\t172.16.2.3 \n\t\t\t \n\t\t\n\t\t\thost \n\t\t\tipbx_poc1 \n\t\t\t172.16.1.3 \n\t\t\t \n\t\t\n\t\t\thttp://www.acme-corp.com \n\t\t\turltable \n\t\t\t10 \n\t\t\thttp://www.acme-corp.com \n\t\t\tacme_corp \n\t\t\t \n\t\t \n\t\n\t\t- \n\t\t\t
1,31 \n\t\t\t0-5 \n\t\t\t* \n\t\t\t* \n\t\t\t* \n\t\t\troot \n\t\t\t/usr/bin/nice -n20 adjkerntz -a \n\t\t \n\t\t- \n\t\t\t
1 \n\t\t\t3 \n\t\t\t1 \n\t\t\t* \n\t\t\t* \n\t\t\troot \n\t\t\t/usr/bin/nice -n20 /etc/rc.update_bogons.sh \n\t\t \n\t\t- \n\t\t\t
*/60 \n\t\t\t* \n\t\t\t* \n\t\t\t* \n\t\t\t* \n\t\t\troot \n\t\t\t/usr/bin/nice -n20 /usr/local/sbin/expiretable -v -t 3600 sshguard \n\t\t \n\t\t- \n\t\t\t
*/60 \n\t\t\t* \n\t\t\t* \n\t\t\t* \n\t\t\t* \n\t\t\troot \n\t\t\t/usr/bin/nice -n20 /usr/local/sbin/expiretable -v -t 3600 webConfiguratorlockout \n\t\t \n\t\t- \n\t\t\t
1 \n\t\t\t1 \n\t\t\t* \n\t\t\t* \n\t\t\t* \n\t\t\troot \n\t\t\t/usr/bin/nice -n20 /etc/rc.dyndns.update \n\t\t \n\t\t- \n\t\t\t
*/60 \n\t\t\t* \n\t\t\t* \n\t\t\t* \n\t\t\t* \n\t\t\troot \n\t\t\t/usr/bin/nice -n20 /usr/local/sbin/expiretable -v -t 3600 virusprot \n\t\t \n\t\t- \n\t\t\t
30 \n\t\t\t12 \n\t\t\t* \n\t\t\t* \n\t\t\t* \n\t\t\troot \n\t\t\t/usr/bin/nice -n20 /etc/rc.update_urltables \n\t\t \n\t\t- \n\t\t\t
1 \n\t\t\t0 \n\t\t\t* \n\t\t\t* \n\t\t\t* \n\t\t\troot \n\t\t\t/usr/bin/nice -n20 /etc/rc.update_pkg_metadata \n\t\t \n\t\t- \n\t\t\t
0 \n\t\t\t0 \n\t\t\t* \n\t\t\t* \n\t\t\t* \n\t\t\troot \n\t\t\t/usr/local/sbin/squid -k rotate -f /usr/local/etc/squid/squid.conf \n\t\t \n\t\t- \n\t\t\t
15 \n\t\t\t0 \n\t\t\t* \n\t\t\t* \n\t\t\t* \n\t\t\troot \n\t\t\t/usr/local/pkg/swapstate_check.php \n\t\t \n\t \n\t\n\t\t \n\t\n\t\t\n\t\t\tICMP \n\t\t\ticmp \n\t\t\tICMP \n\t\t\t \n\t\t\n\t\t\tTCP \n\t\t\ttcp \n\t\t\tGeneric TCP \n\t\t\t \n\t\t\n\t\t\tHTTP \n\t\t\thttp \n\t\t\tGeneric HTTP \n\t\t\t\n\t\t\t\t/ \n\t\t\t\t200\n\t\t\t \n\t\t \n\t\t\n\t\t\tHTTPS \n\t\t\thttps \n\t\t\tGeneric HTTPS \n\t\t\t\n\t\t\t\t/ \n\t\t\t\t200\n\t\t\t \n\t\t \n\t\t\n\t\t\tSMTP \n\t\t\tsend \n\t\t\tGeneric SMTP \n\t\t\t\n\t\t\t\t220 * \n\t\t\t \n\t\t \n\t \n\t\n\t\tsystem_information:col1:open:0,interfaces:col2:open:0 \n\t\t10 \n\t \n\t\n\t\t\n\t\t\t\t\t\tone_limiter \n\t\t\t\t\t\t1 \n\t\t\t\t\t\t\n\t\t\t\t\t\t\t\t\t\t- \n\t\t\t\t\t\t\t\t\t\t\t\t\t\t
100 \n\t\t\t\t\t\t\t\t\t\t\t\t\t\tMb \n\t\t\t\t\t\t\t\t\t\t\t\t\t\tnone \n\t\t\t\t\t\t\t\t\t\t \n\t\t\t\t\t\t \n\t\t\t\t\t\ton \n\t\t\t\t\t\tnone \n\t\t\t\t\t\t0 \n\t\t\t\t\t\twf2q+ \n\t\t\t\t\t\tdroptail \n\t\t\t\t\t\t \n\t\t\n\t\t\t\t\t\tanother_limiter \n\t\t\t\t\t\t2 \n\t\t\t\t\t\t\n\t\t\t\t\t\t\t\t\t\t- \n\t\t\t\t\t\t\t\t\t\t\t\t\t\t
1 \n\t\t\t\t\t\t\t\t\t\t\t\t\t\tMb \n\t\t\t\t\t\t\t\t\t\t\t\t\t\tnone \n\t\t\t\t\t\t\t\t\t\t \n\t\t\t\t\t\t \n\t\t\t\t\t\ton \n\t\t\t\t\t\tnone \n\t\t\t\t\t\t0 \n\t\t\t\t\t\twf2q+ \n\t\t\t\t\t\tdroptail \n\t\t\t\t\t\t \n\t\t\n\t\t\t\t\t\tdisabled_limiter \n\t\t\t\t\t\t3 \n\t\t\t\t\t\t\n\t\t\t\t\t\t\t\t\t\t- \n\t\t\t\t\t\t\t\t\t\t\t\t\t\t
1 \n\t\t\t\t\t\t\t\t\t\t\t\t\t\tKb \n\t\t\t\t\t\t\t\t\t\t\t\t\t\tnone \n\t\t\t\t\t\t\t\t\t\t \n\t\t\t\t\t\t \n\t\t\t\t\t\tnone \n\t\t\t\t\t\t0 \n\t\t\t\t\t\twf2q+ \n\t\t\t\t\t\tdroptail \n\t\t\t\t\t\t \n\t \n\t\n\t\t \n\t\n\t\t1545602758 \n\t\taggregated change \n\t\t \n\t\n\t\t5c00e5f9029df \n\t\twebConfigurator default (5c00e5f9029df) \n\t\tserver \n\t\tLS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUVlakNDQTJLZ0F3SUJBZ0lCQURBTkJna3Foa2lHOXcwQkFRc0ZBREJhTVRnd05nWURWUVFLRXk5d1psTmwKYm5ObElIZGxZa052Ym1acFozVnlZWFJ2Y2lCVFpXeG1MVk5wWjI1bFpDQkRaWEowYVdacFkyRjBaVEVlTUJ3RwpBMVVFQXhNVmNHWlRaVzV6WlMwMVl6QXdaVFZtT1RBeU9XUm1NQjRYRFRFNE1URXpNREEzTWpVME5Wb1hEVEkwCk1EVXlNakEzTWpVME5Wb3dXakU0TURZR0ExVUVDaE12Y0daVFpXNXpaU0IzWldKRGIyNW1hV2QxY21GMGIzSWcKVTJWc1ppMVRhV2R1WldRZ1EyVnlkR2xtYVdOaGRHVXhIakFjQmdOVkJBTVRGWEJtVTJWdWMyVXROV013TUdVMQpaamt3TWpsa1pqQ0NBU0l3RFFZSktvWklodmNOQVFFQkJRQURnZ0VQQURDQ0FRb0NnZ0VCQU9SRHNBV1hlMitrCmtuUFpBUGxBUG1QUUl6RVBDaXBQdXJ4dmE4c0psSCtiNitKRzl4bnpreXptaVR5SFc0M0tmZzVKNzhCdG1jTmQKWlgvZHlyckZ6dlNiQnZpa21lWk9MdGVaejVaaGFOdkxsbjBxRWZibEFwbWdkUS9Nck42eURoTWNZYWN6SEduTwpTaHdFRWZoMHhuOGo5VEFCMG9vT0JyU2dINnpkTjF2YVFIZzBJeDhIa0toUzY5eDRoV3g2WUUrRE9UQk00NUcwCkNVbitUVzNTSytQaU5QaFExT2tyRHlKL21ZLzdmVXpRZkg1bk5ZcEtNZUE2cVZxdUZTa1g0a0RVRlFwOHNoNG4KMXR5QmtJM2gvTFRpTW5uNjhBMXhKOFdrVW8yUWNxNmNuR0hqL0VGbkVKWWRraTVsYUtDWG5wS0Y0c2hrZHJaVgpRN21ybithUHg5OENBd0VBQWFPQ0FVa3dnZ0ZGTUFrR0ExVWRFd1FDTUFBd0VRWUpZSVpJQVliNFFnRUJCQVFECkFnWkFNQXNHQTFVZER3UUVBd0lGb0RBekJnbGdoa2dCaHZoQ0FRMEVKaFlrVDNCbGJsTlRUQ0JIWlc1bGNtRjAKWldRZ1UyVnlkbVZ5SUVObGNuUnBabWxqWVhSbE1CMEdBMVVkRGdRV0JCU3Qra3hud054UlFGT2pXVTljekRwegp4elRYd2pDQmdnWURWUjBqQkhzd2VZQVVyZnBNWjhEY1VVQlRvMWxQWE13NmM4YzAxOEtoWHFSY01Gb3hPREEyCkJnTlZCQW9UTDNCbVUyVnVjMlVnZDJWaVEyOXVabWxuZFhKaGRHOXlJRk5sYkdZdFUybG5ibVZrSUVObGNuUnAKWm1sallYUmxNUjR3SEFZRFZRUURFeFZ3WmxObGJuTmxMVFZqTURCbE5XWTVNREk1WkdhQ0FRQXdIUVlEVlIwbApCQll3RkFZSUt3WUJCUVVIQXdFR0NDc0dBUVVGQ0FJQ01DQUdBMVVkRVFRWk1CZUNGWEJtVTJWdWMyVXROV013Ck1HVTFaamt3TWpsa1pqQU5CZ2txaGtpRzl3MEJBUXNGQUFPQ0FRRUEzZHhIRWR5SkpWeC9od0t3WGlwcXYrY04KWFpSQ3Q1NUFHbnNGeXZIcG5Rb3pxYzV1ZFdKSTFUcGF1TGNaZjF6OFM1cXQyUDd3V1BndFhnZ3BIWmgydUlqagpha2ZpV0JIQnorS3Q2Qjl5K2hmVTVPRHUwSXMrcHJyWngyM0ZNNjVCOFNiMGlmUlMvZXFTTFpHTHcvLzdhRVJ2CnVpOUhKOXRuemhRYklMb1VwUUQ5MTRLNERldXdJYXZ4dldMTElwMGsreWNoSTczV2NGR1VZVlJpanFNekhlcUcKY2RLRDVtbXZQTk1OYXdESVhuU3pldVpQMTkvVmhuc0J0Y3hiYzNMQ2RSR1VJS0ZNN2syK0xoaEZrdks1NjhlNQozalpNZjNSVWhQaTlFeEF2Vmw3blVyd1l4UU45TXhHMUJzZmNrYldNd1dUL3lFMHFnRHcrT2M4b21SSW9tZz09Ci0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K \n\t\tLS0tLS1CRUdJTiBQUklWQVRFIEtFWS0tLS0tCk1JSUV2UUlCQURBTkJna3Foa2lHOXcwQkFRRUZBQVNDQktjd2dnU2pBZ0VBQW9JQkFRRGtRN0FGbDN0dnBKSnoKMlFENVFENWowQ014RHdvcVQ3cThiMnZMQ1pSL20rdmlSdmNaODVNczVvazhoMXVOeW40T1NlL0FiWm5EWFdWLwozY3E2eGM3MG13YjRwSm5tVGk3WG1jK1dZV2pieTVaOUtoSDI1UUtab0hVUHpLemVzZzRUSEdHbk14eHB6a29jCkJCSDRkTVovSS9Vd0FkS0tEZ2Ewb0IrczNUZGIya0I0TkNNZkI1Q29VdXZjZUlWc2VtQlBnemt3VE9PUnRBbEoKL2sxdDBpdmo0alQ0VU5UcEt3OGlmNW1QKzMxTTBIeCtaeldLU2pIZ09xbGFyaFVwRitKQTFCVUtmTEllSjliYwpnWkNONGZ5MDRqSjUrdkFOY1NmRnBGS05rSEt1bkp4aDQveEJaeENXSFpJdVpXaWdsNTZTaGVMSVpIYTJWVU81CnE1L21qOGZmQWdNQkFBRUNnZ0VCQUpmblI1TmhESjd1T1J2cEZKSEtvL3BPZjZ6ZElsbW45MUFCSWczYkVUeWUKcWFwS3FaUldtT0d2aFRLSHJYQzlpWWUrd2xNZlhNMDdNUm1Yb3BzS21rQURqdThXc3VnbHJWeURHamNzR2RqegpNZkdYZHA4RUplZlFkVGFQY1pjOWpNcEEvK2VCeHUzT2Yxa0hpR0g4YkVBZDBNUWk0bFpISVVWQXJmT2V2NEZhCmlaTEJGdTEzY0pCMEJNbzJUZU9JZDQ1R0p3OXVTQWd3Q1VuZWQ5WG42SlkremI3cVRKUE1qQkdlYWY0L0E5UnMKV29nWW85ZUtYaTF3YmFRcGthdUZINWx2U29jckRsQWRiaERiam00c0lIdzJtQUwwSUk0d1YzVTJLbUhFMEg3Nwp2b1M0dUdHNW1BZFZ0elRDTnZOa09YMC9WVWdNMTJ1eHllZVZ4c3FaTkxFQ2dZRUEvcFhJR2hDNlhkVkNNNDk1CkVsR1RENW4zUXdUOTZXZkNRQ0w2cXlaK1UwUHNla0dDV2pXTWt3R2tHbWl1ZkVKdFN2VFl2d1NzcUZpaTZsdlkKNXRKSkR3dEd4ZW0weEF0SWc3RlNuUVcvdDNWcExXOE9QVmFXQ0lOSXJKSHc3L2tOZ2RpVmNBWXpiN05DUGtjVgptTEs5aSt6bXpKMmkrbE9vaFVKRlE5aVZEQWNDZ1lFQTVZaDFHYWlGMUl6UzRVdE9pZklLcjZ3bW40MEQ3ZEVmClF5SXF5d3JSTVcya1BxVkViaVBCVkM3dUxUeUlKMWdwVDhPakl3WFlrOUlRdW01ZW42TTc2aXlxYmUrY3JhdE8KbEliK3pLL2RBNzZuUjBHOGJ2eVBmMS9FbU5vL0J1ZUZldWQyaWNacWhMd25HUkxUL0FPQktkMTZ4ZGtoSjdkVwo5WWRsbmliL0gya0NnWUJqaC8rQllVVGJab0xKVWJCTjN5S1ZtT1k0aDMwVmdZRktQZUt1Z3hBa1VZdmtpRFFFClBLZEcyZjlrYThTN3crU2l4M0x0eTFBTlNRbjRnZ3djd2QzYVNkaFRpL2ttSkJzbmtXM3hBY3hnVjBEVmlIT1MKdTRWUXNyTDQ5TjJ6bERVWnJLbFA4THl2VU8vM0ZTZDJXWHNOZDRNTVFCejFyVHRYVGY5eWRQeGdoUUtCZ0FzRgptWEhvK0x3ekl2RTBsNG5pT0ljbEFobkpRTFlMdzYrS2xYbDRoSUVXSGJ2d1hhL1lRYkZVSzVXNmdXTTZSWW1TCkFHUnZKRzQ4dVJicXM5cUFrU0Qya2h5RFZBZTI0U2dhcjJPTzBsTWF0WmVqWFhRSzVxMGNJU21oMlVMd25TVkEKdGgxNWpLWGhEeE9TSnVIRUhWQ3dWUFBwTUVGaStXY0M0R3RPdmhONUFvR0FKbXdFSkR2QkZtL0t0SXlZMDhuQgpJSExkc1dSWmRXOXpNbHBsMVk2OTV1b21qS1hVMEwva3VDZ1QwRFVVVG1VK0Q3aGFZL2FQajB6MWpqR0JGcEQ0ClJ3cVA2dVJQTVhRMExLSG5IbmFQclJzanM2Q2xicVQ4ZU93dTRkeVpmYUtTS3VvbVpDZ1pkV2ZxWThVL21tbWIKT21vckhNeWJzWG0wWnJNaTZOemlzam89Ci0tLS0tRU5EIFBSSVZBVEUgS0VZLS0tLS0K \n\t \n\t\n\t\t\n\t\t\twan \n\t\t\t192.168.240.1 \n\t\t\tGW_WAN \n\t\t\t1 \n\t\t\tinet \n\t\t\tInterface wan Gateway \n\t\t \n\t\t\n\t\t\twan \n\t\t\t192.168.240.1 \n\t\t\tGW_DEFAULT \n\t\t\t1 \n\t\t\tinet \n\t\t\tInterface wan Gateway \n\t\t \n\t\t\n\t\t\twan \n\t\t\t192.168.240.1 \n\t\t\tGW_WAN2 \n\t\t\t1 \n\t\t\tinet \n\t\t\tInterface wan Gateway \n\t\t \n\t\t\n\t\t\tlan \n\t\t\t192.168.1.1 \n\t\t\tGW_LAN \n\t\t\t1 \n\t\t\tinet \n\t\t\tInterface lan Gateway \n\t\t\t8.8.8.8 \n\t\t \n\t\t\n\t\t\tlan \n\t\t\t2002::1 \n\t\t\tGW_LAN_V6 \n\t\t\t1 \n\t\t\tinet6 \n\t\t\tInterface lan6 Gateway \n\t\t\t \n\t\t\n\t\t\topt3 \n\t\t\tdynamic \n\t\t\tOPT3_VTIV4 \n\t\t\t1 \n\t\t\tinet \n\t\t\t \n\t\tGW_DEFAULT \n\t\t\n\t\t\t\t\t\tGWGroup \n\t\t\t\t\t\t- OPT3_VTIV4|1|address
\n\t\t\t\t\t\t- GW_LAN|2|address
\n\t\t\t\t\t\tdown \n\t\t\t\t\t\tFailover group \n\t\t \n\t \n\t\n\t\t\n\t\t\tnmap \n\t\t\tNMap is a utility for network exploration or security auditing.&amp;amp;amp;amp;amp;amp;amp;amp;amp;amp;lt;br/&amp;amp;amp;amp;amp;amp;amp;amp;amp;amp;gt;\n\t\t\tIt supports ping scanning (determine which hosts are up), many port scanning techniques (determine what services the hosts are offering), version detection (determine what application/service is running on a port), and TCP/IP fingerprinting (remote host OS or device identification).\n\t\t\tIt also offers flexible target and port specification, decoy/stealth scanning, SunRPC scanning, and more. \n\t\t\t1.4.4_1 \n\t\t\thttps://doc.pfsense.org/index.php/Nmap_package \n\t\t\tnmap.xml \n\t\t\t/usr/local/pkg/nmap.inc \n\t\t \n\t\t\n\t\t\tiftop \n\t\t\thttps://forum.pfsense.org/ \n\t\t\tRealtime interface monitor (console/shell only). \n\t\t\thttp://www.ex-parrot.com/~pdw/iftop/ \n\t\t\t0.17_2 \n\t\t\tiftop.xml \n\t\t \n\t\t\n\t\t\tOpen-VM-Tools \n\t\t\tVMware Tools is a suite of utilities that enhances the performance of the virtual machine's guest operating system and improves management of the virtual machine. \n\t\t\thttp://open-vm-tools.sourceforge.net/ \n\t\t\t10.1.0,1 \n\t\t\thttps://doc.pfsense.org/index.php/Open_VM_Tools_package \n\t\t\topen-vm-tools.xml \n\t\t\t/usr/local/pkg/open-vm-tools.inc \n\t\t \n\t\t\n\t\t\tsquid3 \n\t\t\tsquid \n\t\t\tHigh performance web proxy cache (3.4 branch). It combines Squid as a proxy server with its capabilities of acting as a HTTP / HTTPS reverse proxy.&amp;amp;amp;amp;amp;amp;amp;amp;amp;amp;lt;br /&amp;amp;amp;amp;amp;amp;amp;amp;amp;amp;gt;\n\t\t\tIt includes an Exchange-Web-Access (OWA) Assistant, SSL filtering and antivirus integration via C-ICAP. \n\t\t\thttps://forum.pfsense.org/index.php?board=60.0 \n\t\t\thttp://www.squid-cache.org/ \n\t\t\t0.4.44_7 \n\t\t\tsquid.xml \n\t\t\tsquid_generate_rules \n\t\t\t\n\t\t\t\t\n\t\t\t\t\tGeneral \n\t\t\t\t\t/pkg_edit.php?xml=squid.xml&id=0 \n\t\t\t\t\t \n\t\t\t\t\n\t\t\t\t\tRemote Cache \n\t\t\t\t\t/pkg.php?xml=squid_upstream.xml \n\t\t\t\t \n\t\t\t\t\n\t\t\t\t\tLocal Cache \n\t\t\t\t\t/pkg_edit.php?xml=squid_cache.xml&id=0 \n\t\t\t\t \n\t\t\t\t\n\t\t\t\t\tAntivirus \n\t\t\t\t\t/pkg_edit.php?xml=squid_antivirus.xml&id=0 \n\t\t\t\t \n\t\t\t\t\n\t\t\t\t\tACLs \n\t\t\t\t\t/pkg_edit.php?xml=squid_nac.xml&id=0 \n\t\t\t\t \n\t\t\t\t\n\t\t\t\t\tTraffic Mgmt \n\t\t\t\t\t/pkg_edit.php?xml=squid_traffic.xml&id=0 \n\t\t\t\t \n\t\t\t\t\n\t\t\t\t\tAuthentication \n\t\t\t\t\t/pkg_edit.php?xml=squid_auth.xml&id=0 \n\t\t\t\t \n\t\t\t\t\n\t\t\t\t\tUsers \n\t\t\t\t\t/pkg.php?xml=squid_users.xml \n\t\t\t\t \n\t\t\t\t\n\t\t\t\t\tReal Time \n\t\t\t\t\t/squid_monitor.php \n\t\t\t\t \n\t\t\t\t\n\t\t\t\t\tSync \n\t\t\t\t\t/pkg_edit.php?xml=squid_sync.xml \n\t\t\t\t \n\t\t\t \n\t\t\t/usr/local/pkg/squid.inc \n\t\t \n\t\t\n\t\t\tNMap \n\t\t\t\n\t\t\tnmap.xml \n\t\t \n\t\t\n\t\t\tSquid Proxy Server \n\t\t\tModify the proxy server settings \n\t\t\t\n\t\t\t/pkg_edit.php?xml=squid.xml&id=0 \n\t\t \n\t\t\n\t\t\tSquid Reverse Proxy \n\t\t\tModify the reverse proxy server settings \n\t\t\t\n\t\t\t/pkg_edit.php?xml=squid_reverse_general.xml&id=0 \n\t\t \n\t\t\n\t\t\tvmware-guestd \n\t\t\tvmware-guestd.sh \n\t\t\tmwexec(\"/usr/local/etc/rc.d/vmware-guestd status\") == 0; \n\t\t\tVMware Guest Daemon \n\t\t \n\t\t\n\t\t\tvmware-kmod \n\t\t\tvmware-kmod.sh \n\t\t\tmwexec(\"/usr/local/etc/rc.d/vmware-kmod status\") == 0; \n\t\t\tVMware Kernel Modules \n\t\t \n\t\t\n\t\t\tsquid \n\t\t\tsquid.sh \n\t\t\tsquid \n\t\t\tSquid Proxy Server Service \n\t\t \n\t\t\n\t\t\tclamd \n\t\t\tclamd.sh \n\t\t\tclamd \n\t\t\tClamAV Antivirus \n\t\t \n\t\t\n\t\t\tc-icap \n\t\t\tc-icap.sh \n\t\t\tc-icap \n\t\t\tICAP Inteface for Squid and ClamAV integration \n\t\t \n\t\t\n\t\t\t\n\t\t\t\theap LFUDA \n\t\t\t\t90 \n\t\t\t\t95 \n\t\t\t\t100 \n\t\t\t\tufs \n\t\t\t\t16 \n\t\t\t\t/var/squid/cache \n\t\t\t\t0 \n\t\t\t\t4 \n\t\t\t\t64 \n\t\t\t\t256 \n\t\t\t\theap GDSF \n\t\t\t\t \n\t\t \n\t\t\n\t\t\t\n\t\t\t\tnone \n\t\t\t \n\t\t \n\t\t\n\t\t\t\n\t\t\t\ton \n\t\t\t\ton \n\t\t\t\tlan \n\t\t\t\t3128 \n\t\t\t\ton \n\t\t\t\tlan \n\t\t\t\tsplicewhitelist \n\t\t\t\tlan \n\t\t\t\tmodern \n\t\t\t\t2048 \n\t\t\t\tnone \n\t\t\t\t/var/squid/logs \n\t\t\t\tlocalhost \n\t\t\t\tadmin@localhost \n\t\t\t\ten \n\t\t\t\ton \n\t\t\t\tstrip \n\t\t\t\t \n\t\t \n\t\t\n\t\t\t\n\t\t\t\tLg== \n\t\t\t\t \n\t\t \n\t \n\t\n\t \n\t\n\t\t\n\t\t\tother \n\t\t\tlan \n\t\t\t5c0a4b6139b05 \n\t\t\tnetwork \n\t\t\t24 \n\t\t\t10.255.2.254 \n\t\t \n\t\t\n\t\t\tipalias \n\t\t\tlan \n\t\t\t5c0a4bd391375 \n\t\t\tsingle \n\t\t\t24 \n\t\t\t10.255.3.254 \n\t\t \n\t \n\t\n\t\t\n\t\t\tpfSense \n\t\t\tacme.com \n\t\t \n\t \n\t\n\t\t\n\t\t\tvmx1 \n\t\t\t1100 \n\t\t\tvmx1.1100 \n\t\t \n\t \n \n"
},
{
"path": "tests/unit/plugins/modules/fixtures/pfsense_rule_config.xml",
"content": "\n\t18.9 \n\t\n\t\tnormal \n\t\tpfSense \n\t\tacme.com \n\t\ton \n\t\t\n\t\t\tall \n\t\t\tAll Users \n\t\t\tsystem \n\t\t\t1998 \n\t\t \n\t\t\n\t\t\tadmins \n\t\t\tSystem Administrators \n\t\t\tsystem \n\t\t\t1999 \n\t\t\t0 \n\t\t\tpage-all \n\t\t \n\t\t\n\t\t\tsystem \n\t\t\ttest \n\t\t\t \n\t\t\n\t\t\tsystem \n\t\t\tgroupe1 \n\t\t\t \n\t\t\n\t\t\tsystem \n\t\t\tgroupe2 \n\t\t\t \n\t\t\n\t\t\tadmin \n\t\t\tSystem Administrator \n\t\t\tsystem \n\t\t\tadmins \n\t\t\t$2y$10$AMCpA.Z.RNaferLp1yzFq.BvaGgfqaJKtQug7OErbocyNagsEK6xW \n\t\t\t0 \n\t\t\tuser-shell-access \n\t\t\t2 \n\t\t\tpfSense.css \n\t\t \n\t\t2000 \n\t\t2000 \n\t\t0.pfsense.pool.ntp.org \n\t\t\n\t\t\thttp \n\t\t\t5c00e5f9029df \n\t\t\t2 \n\t\t \n\t\tyes \n\t\t400000 \n\t\thadp \n\t\thadp \n\t\thadp \n\t\t\n\t\t\tmonthly \n\t\t \n\t\t\n\t\t\tenabled \n\t\t \n\t\tEtc/UTC \n\t \n\t\n\t\t\n\t\t\tvmx0 \n\t\t\twan \n\t\t\t192.168.240.137 \n\t\t\t32 \n\t\t\tSavedCfg \n\t\t\t24 \n\t\t\t \n\t\t\n\t\t\tvmx1 \n\t\t\tlan \n\t\t\t192.168.1.242 \n\t\t\t24 \n\t\t\t \n\t\t\n\t\t\tvmx2 \n\t\t\tvpn \n\t\t\t10.0.0.1 \n\t\t\t24 \n\t\t \n\t\t\n\t\t\tvmx3 \n\t\t\tvt1 \n\t\t\t \n\t\t\n\t\t\tlan_100 \n\t\t\tvmx1.1100 \n\t\t\t172.16.151.210 \n\t\t\t24 \n\t\t \n\t \n\t\n\t\t\n\t\t\t\n\t\t\t\t192.168.1.100 \n\t\t\t\t192.168.1.199 \n\t\t\t \n\t\t \n\t \n\t\n\t\t\n\t\t\t\n\t\t\t\t::1000 \n\t\t\t\t::2000 \n\t\t\t \n\t\t\tassist \n\t\t\tmedium \n\t\t \n\t \n\t\n\t\tpublic \n\t \n\t\n\t\t\n\t\t\t \n\t \n\t\n\t\t1 \n\t\t50 \n\t\tipv4 \n\t \n\t\n\t\t\n\t\t\tadvanced \n\t\t\t\n\t\t\t\t\n\t\t\t\t\tany \n\t\t\t\t \n\t\t\t\twan \n\t\t\t\t\n\t\t\t\t\t \n\t\t\t\t\n\t\t\t\t\t1544027052 \n\t\t\t\t\t \n\t\t\t\t\n\t\t\t\t\t1544027052 \n\t\t\t\t\t \n\t\t\t \n\t\t \n\t\t\n\t\t\t\n\t\t\t\t \n\t\t\t\n\t\t\t\twanip \n\t\t\t\t22022 \n\t\t\t \n\t\t\ttcp \n\t\t\t10.255.1.20 \n\t\t\t22 \n\t\t\twan \n\t\t\t\n\t\t\t\t1544085353 \n\t\t\t\t \n\t\t\t\n\t\t\t\t1544085353 \n\t\t\t\t \n\t\t \n\t \n\t\n\t\t\n\t\t\t\n\t\t\t\t\n\t\t\t\t\tfr1
\n\t\t\t\t\ttest_separator \n\t\t\t\t\tbg-info \n\t\t\t\t\tlan \n\t\t\t\t \n\t\t\t \n\t\t\t\n\t\t\t\t\t\t\t\n\t\t\t\t\t\t\t\t\t\t\tfr0
\n\t\t\t\t\t\t\t\t\t\t\tbg-info \n\t\t\t\t\t\t\t\t\t\t\topt2 \n\t\t\t\t\t\t\t \n\t\t\t\t\t\t\t\n\t\t\t\t\t\t\t\t\t\t\tfr3
\n\t\t\t\t\t\t\t\t\t\t\tbg-info \n\t\t\t\t\t\t\t\t\t\t\topt2 \n\t\t\t\t\t\t\t \n\t\t\t \n\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545574416 \n\t\t\t \n\t\t\ttcp \n\t\t\ttest_rule \n\t\t\t\n\t\t\t\t1545574416 \n\t\t\t \n\t\t\t\n\t\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\t \n\t\t\t1545574416 \n\t\t\twan \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545574416 \n\t\t\t \n\t\t\ttcp \n\t\t\ttest_rule_sched \n\t\t\t\n\t\t\t\t1545574416 \n\t\t\t \n\t\t\t\n\t\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\t \n\t\t\t1545574419 \n\t\t\topt3 \n\t\t\tinet \n\t\t\tpass \n\t\t\tworkdays \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545574416 \n\t\t\t \n\t\t\ttcp \n\t\t\ttest_rule_2 \n\t\t\t\n\t\t\t\t1545574416 \n\t\t\t \n\t\t\t\n\t\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\t \n\t\t\t1545574416 \n\t\t\twan \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545574416 \n\t\t\t \n\t\t\ttcp \n\t\t\ttest_lan_100_1 \n\t\t\t\n\t\t\t\t1545574416 \n\t\t\t \n\t\t\t\n\t\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\t \n\t\t\t1545574416 \n\t\t\topt3 \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545574416 \n\t\t\t \n\t\t\ttcp \n\t\t\ttest_lan_100_2 \n\t\t\t\n\t\t\t\t1545574416 \n\t\t\t \n\t\t\t\n\t\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\t \n\t\t\t1545574416 \n\t\t\topt3 \n\t\t\tinet \n\t\t\tpass \n\t\t\tone_queue \n\t\t\tanother_queue \n\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545574416 \n\t\t\t \n\t\t\ttcp \n\t\t\ttest_lan_100_3 \n\t\t\t\n\t\t\t\t1545574416 \n\t\t\t \n\t\t\t\n\t\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\t \n\t\t\t1545574416 \n\t\t\topt3 \n\t\t\tinet \n\t\t\tpass \n\t\t\tone_queue \n\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545574416 \n\t\t\t \n\t\t\ttcp \n\t\t\ttest_lan_100_4 \n\t\t\t\n\t\t\t\t1545574416 \n\t\t\t \n\t\t\t\n\t\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\t \n\t\t\t1545574416 \n\t\t\topt3 \n\t\t\tinet \n\t\t\tpass \n\t\t\tone_limiter \n\t\t\tanother_limiter \n\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545574416 \n\t\t\t \n\t\t\ttcp \n\t\t\ttest_lan_100_5 \n\t\t\t\n\t\t\t\t1545574416 \n\t\t\t \n\t\t\t\n\t\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\t \n\t\t\t1545574416 \n\t\t\topt3 \n\t\t\tinet \n\t\t\tpass \n\t\t\tone_limiter \n\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545574416 \n\t\t\t \n\t\t\ttcp \n\t\t\ttest_rule_3 \n\t\t\t\n\t\t\t\t1545574416 \n\t\t\t \n\t\t\t\n\t\t\t\tport_http \n\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\t \n\t\t\t1545574416 \n\t\t\twan \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545574416 \n\t\t\t \n\t\t\ttest_rule_4 \n\t\t\t\n\t\t\t\t1545574416 \n\t\t\t \n\t\t\t\n\t\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\t \n\t\t\t1545574416 \n\t\t\topt3 \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545574416 \n\t\t\t \n\t\t\ttcp \n\t\t\tantilock_out_3 \n\t\t\t\n\t\t\t\t1545574416 \n\t\t\t \n\t\t\t\n\t\t\t\t443 \n\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\t \n\t\t\t1545574416 \n\t\t\twan \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\t \n\t\t\t\t\t\t fbor \n\t\t\t\t\t\t 1545907554 \n\t\t\t\t \n\t\t\t\t tcp \n\t\t\t\t test_rule_floating \n\t\t\t\t \n\t\t\t\t\t\t 1545574416 \n\t\t\t\t \n\t\t\t\t \n\t\t\t\t\t\t \n\t\t\t\t keep state \n\t\t\t\t \n\t\t\t\t\t\t \n\t\t\t\t 1545574416 \n\t\t\t\t wan \n\t\t\t\t inet \n\t\t\t\t pass \n\t\t\t\t any \n\t\t\t\t yes \n\t\t \n\t\t\n\t\t\t\t \n\t\t\t\t\t\t fbor \n\t\t\t\t\t\t 1545907554 \n\t\t\t\t \n\t\t\t\t tcp \n\t\t\t\t test_rule_floating_quick \n\t\t\t\t \n\t\t\t\t\t\t 1545574416 \n\t\t\t\t \n\t\t\t\t \n\t\t\t\t\t\t \n\t\t\t\t keep state \n\t\t\t\t \n\t\t\t\t\t\t \n\t\t\t\t 1545574416 \n\t\t\t\t wan \n\t\t\t\t inet \n\t\t\t\t pass \n\t\t\t\t any \n\t\t\t\t yes \n\t\t\t\t yes \n\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545574416 \n\t\t\t \n\t\t\ttcp \n\t\t\tantilock_out_1 \n\t\t\t\n\t\t\t\t1545574416 \n\t\t\t \n\t\t\t\n\t\t\t\tport_ssh \n\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\t \n\t\t\t1545574416 \n\t\t\tlan \n\t\t\tinet \n\t\t\tpass \n\t\t\tGW_LAN \n\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545574416 \n\t\t\t \n\t\t\ttcp \n\t\t\tnot_rule_dst \n\t\t\t\n\t\t\t\t1545574416 \n\t\t\t \n\t\t\t\n\t\t\t\tsrv_admin \n\t\t\t\tport_ssh \n\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\t \n\t\t\t1545574416 \n\t\t\tlan \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545574416 \n\t\t\t \n\t\t\ttcp \n\t\t\tnot_rule_src \n\t\t\t\n\t\t\t\t1545574416 \n\t\t\t \n\t\t\t\n\t\t\t\tport_ssh \n\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\tsrv_admin \n\t\t\t\t \n\t\t\t1545574416 \n\t\t\tlan \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545574416 \n\t\t\t \n\t\t\ttcp \n\t\t\tantilock_out_2 \n\t\t\t\n\t\t\t\t1545574416 \n\t\t\t \n\t\t\t\n\t\t\t\tport_http \n\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\t \n\t\t\t1545574416 \n\t\t\tlan \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545574416 \n\t\t\t \n\t\t\ttcp \n\t\t\tantilock_out_3 \n\t\t\t\n\t\t\t\t1545574416 \n\t\t\t \n\t\t\t\n\t\t\t\t443 \n\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\t \n\t\t\t1545574416 \n\t\t\tlan \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\ticmp \n\t\t\tping_from_poc3_1 \n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\t\n\t\t\t\tsrv_admin \n\t\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\tlan_data_poc3 \n\t\t\t\t \n\t\t\t1545602758 \n\t\t\tlan \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\tudp \n\t\t\tads_to_ads_udp_1_1 \n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\t\n\t\t\t\tport_dns \n\t\t\t\tad_poc2 \n\t\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\tad_poc3 \n\t\t\t\t \n\t\t\t1545602758 \n\t\t\tlan \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\tudp \n\t\t\tads_to_ads_udp_1_2 \n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\t\n\t\t\t\tport_ldap \n\t\t\t\tad_poc2 \n\t\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\tad_poc3 \n\t\t\t\t \n\t\t\t1545602758 \n\t\t\tlan \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\tudp \n\t\t\tads_to_ads_udp_2_1 \n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\t\n\t\t\t\tport_dns \n\t\t\t\tad_poc1 \n\t\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\tad_poc3 \n\t\t\t\t \n\t\t\t1545602758 \n\t\t\tlan \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\tudp \n\t\t\tads_to_ads_udp_2_2 \n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\t\n\t\t\t\tport_ldap \n\t\t\t\tad_poc1 \n\t\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\tad_poc3 \n\t\t\t\t \n\t\t\t1545602758 \n\t\t\tlan \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\ttcp \n\t\t\tads_to_ads_tcp_1_1 \n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\t\n\t\t\t\tport_dns \n\t\t\t\tad_poc2 \n\t\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\tad_poc3 \n\t\t\t\t \n\t\t\t1545602758 \n\t\t\tlan \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\ttcp \n\t\t\tads_to_ads_tcp_1_2 \n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\t\n\t\t\t\tport_ldap \n\t\t\t\tad_poc2 \n\t\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\tad_poc3 \n\t\t\t\t \n\t\t\t1545602758 \n\t\t\tlan \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\ttcp \n\t\t\tads_to_ads_tcp_1_3 \n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\t\n\t\t\t\tport_ldap_ssl \n\t\t\t\tad_poc2 \n\t\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\tad_poc3 \n\t\t\t\t \n\t\t\t1545602758 \n\t\t\tlan \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\ttcp \n\t\t\tads_to_ads_tcp_2_1 \n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\t\n\t\t\t\tport_dns \n\t\t\t\tad_poc1 \n\t\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\tad_poc3 \n\t\t\t\t \n\t\t\t1545602758 \n\t\t\tlan \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\ttcp \n\t\t\tads_to_ads_tcp_2_2 \n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\t\n\t\t\t\tport_ldap \n\t\t\t\tad_poc1 \n\t\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\tad_poc3 \n\t\t\t\t \n\t\t\t1545602758 \n\t\t\tlan \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\ttcp \n\t\t\tads_to_ads_tcp_2_3 \n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\t\n\t\t\t\tport_ldap_ssl \n\t\t\t\tad_poc1 \n\t\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\tport_ldap_ssl \n\t\t\t\tad_poc3 \n\t\t\t\t \n\t\t\t1545602758 \n\t\t\tlan \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545602800 \n\t\t\t \n\t\t\tblock_all_lan \n\t\t\t\n\t\t\t\t1545602800 \n\t\t\t \n\t\t\t\n\t\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\t \n\t\t\t1545602800 \n\t\t\tlan \n\t\t\tinet \n\t\t\tblock \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545602801 \n\t\t\t \n\t\t\treject_all_lan \n\t\t\t\n\t\t\t\t1545602801 \n\t\t\t \n\t\t\t\n\t\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\t \n\t\t\t1545602801 \n\t\t\tlan \n\t\t\tinet \n\t\t\treject \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545574416 \n\t\t\t \n\t\t\ttcp \n\t\t\tantilock_out_1 \n\t\t\t\n\t\t\t\t1545574416 \n\t\t\t \n\t\t\t\n\t\t\t\tport_ssh \n\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\t \n\t\t\t1545574416 \n\t\t\topt3 \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545574416 \n\t\t\t \n\t\t\ttcp \n\t\t\tantilock_out_2 \n\t\t\t\n\t\t\t\t1545574416 \n\t\t\t \n\t\t\t\n\t\t\t\tport_http \n\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\t \n\t\t\t1545574416 \n\t\t\topt3 \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545574416 \n\t\t\t \n\t\t\ttcp \n\t\t\tantilock_out_3 \n\t\t\t\n\t\t\t\t1545574416 \n\t\t\t \n\t\t\t\n\t\t\t\t443 \n\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\t \n\t\t\t1545574416 \n\t\t\topt3 \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\tudp \n\t\t\tvoid_conf_tftp_1 \n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\t\n\t\t\t\t69 \n\t\t\t\tlan_voip_poc2 \n\t\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\tipbx_poc3 \n\t\t\t\t \n\t\t\t1545602758 \n\t\t\topt3 \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\ticmp \n\t\t\tping_from_poc3_2 \n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\t\n\t\t\t\tsrv_admin \n\t\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\tlan_voip_poc3 \n\t\t\t\t \n\t\t\t1545602758 \n\t\t\topt3 \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\tudp \n\t\t\tvoid_conf_tftp_2 \n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\t\n\t\t\t\t69 \n\t\t\t\tlan_voip_poc1 \n\t\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\tipbx_poc3 \n\t\t\t\t \n\t\t\t1545602758 \n\t\t\topt3 \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545574416 \n\t\t\t \n\t\t\ttcp \n\t\t\tantilock_out_1 \n\t\t\t\n\t\t\t\t1545574416 \n\t\t\t \n\t\t\t\n\t\t\t\tport_ssh \n\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\t \n\t\t\t1545574416 \n\t\t\topt1 \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545574416 \n\t\t\t \n\t\t\ttcp \n\t\t\tantilock_out_2 \n\t\t\t\n\t\t\t\t1545574416 \n\t\t\t \n\t\t\t\n\t\t\t\tport_http \n\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\t \n\t\t\t1545574416 \n\t\t\topt1 \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545574416 \n\t\t\t \n\t\t\ttcp \n\t\t\tantilock_out_3 \n\t\t\t\n\t\t\t\t1545574416 \n\t\t\t \n\t\t\t\n\t\t\t\t443 \n\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\t \n\t\t\t1545574416 \n\t\t\topt1 \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\tudp \n\t\t\tvoid_conf_tftp_3 \n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\t\n\t\t\t\t69 \n\t\t\t\tlan_voip_poc3 \n\t\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\tipbx_poc2 \n\t\t\t\t \n\t\t\t1545602758 \n\t\t\topt1 \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\tudp \n\t\t\tads_to_ads_udp_3_1 \n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\t\n\t\t\t\tport_dns \n\t\t\t\tad_poc3 \n\t\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\tad_poc2 \n\t\t\t\t \n\t\t\t1545602758 \n\t\t\topt1 \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\tudp \n\t\t\tads_to_ads_udp_3_2 \n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\t\n\t\t\t\tport_ldap \n\t\t\t\tad_poc3 \n\t\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\tad_poc2 \n\t\t\t\t \n\t\t\t1545602758 \n\t\t\topt1 \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\tudp \n\t\t\tads_to_ads_udp_4_1 \n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\t\n\t\t\t\tport_dns \n\t\t\t\tad_poc3 \n\t\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\tad_poc1 \n\t\t\t\t \n\t\t\t1545602758 \n\t\t\topt1 \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\tudp \n\t\t\tads_to_ads_udp_4_2 \n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\t\n\t\t\t\tport_ldap \n\t\t\t\tad_poc3 \n\t\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\tad_poc1 \n\t\t\t\t \n\t\t\t1545602758 \n\t\t\topt1 \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\tudp \n\t\t\tvoid_conf_tftp_4 \n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\t\n\t\t\t\t69 \n\t\t\t\tlan_voip_poc3 \n\t\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\tipbx_poc1 \n\t\t\t\t \n\t\t\t1545602758 \n\t\t\topt1 \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\ttcp \n\t\t\tads_to_ads_tcp_4_1 \n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\t\n\t\t\t\tport_dns \n\t\t\t\tad_poc3 \n\t\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\tad_poc1 \n\t\t\t\t \n\t\t\t1545602758 \n\t\t\topt1 \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\ttcp \n\t\t\tads_to_ads_tcp_4_2 \n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\t\n\t\t\t\tport_ldap \n\t\t\t\tad_poc3 \n\t\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\tad_poc1 \n\t\t\t\t \n\t\t\t1545602758 \n\t\t\topt1 \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\ttcp \n\t\t\tads_to_ads_tcp_4_3 \n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\t\n\t\t\t\tport_ldap_ssl \n\t\t\t\tad_poc3 \n\t\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\tad_poc1 \n\t\t\t\t \n\t\t\t1545602758 \n\t\t\topt1 \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\tadmin_bypass \n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\t\n\t\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\tsrv_admin \n\t\t\t\t \n\t\t\t1545602758 \n\t\t\topt1 \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\ttcp \n\t\t\tads_to_ads_tcp_3_1 \n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\t\n\t\t\t\tport_dns \n\t\t\t\tad_poc3 \n\t\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\tad_poc2 \n\t\t\t\t \n\t\t\t1545602758 \n\t\t\topt1 \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\ttcp \n\t\t\tads_to_ads_tcp_3_2 \n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\t\n\t\t\t\tport_ldap \n\t\t\t\tad_poc3 \n\t\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\tad_poc2 \n\t\t\t\t \n\t\t\t1545602758 \n\t\t\topt1 \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\ttcp \n\t\t\tads_to_ads_tcp_3_3 \n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\t\n\t\t\t\tport_ldap_ssl \n\t\t\t\tad_poc3 \n\t\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\tad_poc2 \n\t\t\t\t \n\t\t\t1545602758 \n\t\t\topt1 \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\t\n\t\t\t\t\t\t\t1546111216 \n\t\t\t\t\t\t\tpass \n\t\t\t\t\t\t\topt2 \n\t\t\t\t\t\t\tinet \n\t\t\t\t\t\t\ttcp \n\t\t\t\t\t\t\t\n\t\t\t\t\t\t\t\t\t\t\t \n\t\t\t\t\t\t\t\n\t\t\t\t\t\t\t\t\t\t\t \n\t\t\t\t\t\t\t\n\t\t\t\t\t\t\t\t\t\t\t1546111216 \n\t\t\t\t\t\t\t\t\t\t\tadmin \n\t\t\t\t\t\t\t \n\t\t\t\t\t\t\t\n\t\t\t\t\t\t\t\t\t\t\t1546111216 \n\t\t\t\t\t\t\t\t\t\t\tadmin \n\t\t\t\t\t\t\t \n\t\t\t \n\t\t\t\n\t\t\t\t\t\t\t1546111271 \n\t\t\t\t\t\t\tpass \n\t\t\t\t\t\t\topt2 \n\t\t\t\t\t\t\tinet \n\t\t\t\t\t\t\ttcp \n\t\t\t\t\t\t\t\n\t\t\t\t\t\t\t\t\t\t\t \n\t\t\t\t\t\t\t\n\t\t\t\t\t\t\t\t\t\t\t \n\t\t\t\t\t\t\t\n\t\t\t\t\t\t\t\t\t\t\t1546111271 \n\t\t\t\t\t\t\t\t\t\t\tadmin \n\t\t\t\t\t\t\t \n\t\t\t\t\t\t\t\n\t\t\t\t\t\t\t\t\t\t\t1546111271 \n\t\t\t\t\t\t\t\t\t\t\tadmin \n\t\t\t\t\t\t\t \n\t\t\t \n\t\t\t\n\t\t\t\t\t\t\t1546111294 \n\t\t\t\t\t\t\tpass \n\t\t\t\t\t\t\topt2 \n\t\t\t\t\t\t\tinet \n\t\t\t\t\t\t\ttcp \n\t\t\t\t\t\t\t\n\t\t\t\t\t\t\t\t\t\t\t \n\t\t\t\t\t\t\t\n\t\t\t\t\t\t\t\t\t\t\t \n\t\t\t\t\t\t\t\n\t\t\t\t\t\t\t\t\t\t\t1546111294 \n\t\t\t\t\t\t\t\t\t\t\tadmin \n\t\t\t\t\t\t\t \n\t\t\t\t\t\t\t\n\t\t\t\t\t\t\t\t\t\t\t1546111294 \n\t\t\t\t\t\t\t\t\t\t\tadmin \n\t\t\t\t\t\t\t \n\t\t\t \n\t\t \n\t\n\t\t\n\t\t\t\t\t\topt2 \n\t\t\t\t\t\topt2 \n\t\t\t\t\t\tCBQ \n\t\t\t\t\t\t100 \n\t\t\t\t\t\tMb \n\t\t\t\t\t\t\n\t\t\t\t\t\t\t\t\t\topt2 \n\t\t\t\t\t\t\t\t\t\t10000 \n\t\t\t\t\t\t\t\t\t\t0 \n\t\t\t\t\t\t\t\t\t\tone_queue \n\t\t\t\t\t\t\t\t\t\t50 \n\t\t\t\t\t\t\t\t\t\tMb \n\t\t\t\t\t\t\t\t\t\ton \n\t\t\t\t\t\t \n\t\t\t\t\t\t\n\t\t\t\t\t\t\t\t\t\topt2 \n\t\t\t\t\t\t\t\t\t\t1000 \n\t\t\t\t\t\t\t\t\t\t1 \n\t\t\t\t\t\t\t\t\t\tanother_queue \n\t\t\t\t\t\t\t\t\t\t50 \n\t\t\t\t\t\t\t\t\t\tMb \n\t\t\t\t\t\t\t\t\t\ton \n\t\t\t\t\t\t \n\t\t\t\t\t\ton \n\t\t \n\t \n\t\n\t\t\n\t\t\tport \n\t\t\tport_ssh \n\t\t\t22 \n\t\t \n\t\t\n\t\t\tport \n\t\t\tport_http \n\t\t\t80 \n\t\t \n\t\t\n\t\t\thost \n\t\t\tsrv_admin \n\t\t\t192.168.1.165 \n\t\t \n\t\t\n\t\t\tport \n\t\t\tport_dns \n\t\t\t51 \n\t\t \n\t\t\n\t\t\tport \n\t\t\tport_ldap \n\t\t\t389 \n\t\t \n\t\t\n\t\t\tport \n\t\t\tport_ldap_ssl \n\t\t\t636 \n\t\t \n\t\n\t\t\tnetwork \n\t\t\tlan_voip_poc2 \n\t\t\t172.16.2.0/24 \n\t\t\t \n\t\t\n\t\t\tnetwork \n\t\t\tlan_voip_poc3 \n\t\t\t172.16.3.0/24 \n\t\t\t \n\t\t\n\t\t\tnetwork \n\t\t\tlan_voip_poc1 \n\t\t\t172.16.1.0/24 \n\t\t\t \n\t\t\n\t\t\thost \n\t\t\tad_poc3 \n\t\t\t192.168.3.3 \n\t\t\t \n\t\t\n\t\t\thost \n\t\t\tad_poc2 \n\t\t\t192.168.2.3 \n\t\t\t \n\t\t\n\t\t\thost \n\t\t\tad_poc1 \n\t\t\t192.168.1.3 \n\t\t\t \n\t\t\n\t\t\tnetwork \n\t\t\tlan_data_poc3 \n\t\t\t192.168.3.0/24 \n\t\t\t \n\t\t\n\t\t\thost \n\t\t\tipbx_poc3 \n\t\t\t172.16.3.3 \n\t\t\t \n\t\t\n\t\t\thost \n\t\t\tipbx_poc2 \n\t\t\t172.16.2.3 \n\t\t\t \n\t\t\n\t\t\thost \n\t\t\tipbx_poc1 \n\t\t\t172.16.1.3 \n\t\t\t \n\t\t\n\t\t\thttp://www.acme-corp.com \n\t\t\turltable \n\t\t\t10 \n\t\t\thttp://www.acme-corp.com \n\t\t\tacme_corp \n\t\t\t \n\t\t\n\t\t\thttp://www.acme-corp.com \n\t\t\turltable_ports \n\t\t\t10 \n\t\t\thttp://www.acme-corp.com \n\t\t\tacme_corp_ports \n\t\t\t \n\t\t \n\t\n\t\t- \n\t\t\t
1,31 \n\t\t\t0-5 \n\t\t\t* \n\t\t\t* \n\t\t\t* \n\t\t\troot \n\t\t\t/usr/bin/nice -n20 adjkerntz -a \n\t\t \n\t\t- \n\t\t\t
1 \n\t\t\t3 \n\t\t\t1 \n\t\t\t* \n\t\t\t* \n\t\t\troot \n\t\t\t/usr/bin/nice -n20 /etc/rc.update_bogons.sh \n\t\t \n\t\t- \n\t\t\t
*/60 \n\t\t\t* \n\t\t\t* \n\t\t\t* \n\t\t\t* \n\t\t\troot \n\t\t\t/usr/bin/nice -n20 /usr/local/sbin/expiretable -v -t 3600 sshguard \n\t\t \n\t\t- \n\t\t\t
*/60 \n\t\t\t* \n\t\t\t* \n\t\t\t* \n\t\t\t* \n\t\t\troot \n\t\t\t/usr/bin/nice -n20 /usr/local/sbin/expiretable -v -t 3600 webConfiguratorlockout \n\t\t \n\t\t- \n\t\t\t
1 \n\t\t\t1 \n\t\t\t* \n\t\t\t* \n\t\t\t* \n\t\t\troot \n\t\t\t/usr/bin/nice -n20 /etc/rc.dyndns.update \n\t\t \n\t\t- \n\t\t\t
*/60 \n\t\t\t* \n\t\t\t* \n\t\t\t* \n\t\t\t* \n\t\t\troot \n\t\t\t/usr/bin/nice -n20 /usr/local/sbin/expiretable -v -t 3600 virusprot \n\t\t \n\t\t- \n\t\t\t
30 \n\t\t\t12 \n\t\t\t* \n\t\t\t* \n\t\t\t* \n\t\t\troot \n\t\t\t/usr/bin/nice -n20 /etc/rc.update_urltables \n\t\t \n\t\t- \n\t\t\t
1 \n\t\t\t0 \n\t\t\t* \n\t\t\t* \n\t\t\t* \n\t\t\troot \n\t\t\t/usr/bin/nice -n20 /etc/rc.update_pkg_metadata \n\t\t \n\t\t- \n\t\t\t
0 \n\t\t\t0 \n\t\t\t* \n\t\t\t* \n\t\t\t* \n\t\t\troot \n\t\t\t/usr/local/sbin/squid -k rotate -f /usr/local/etc/squid/squid.conf \n\t\t \n\t\t- \n\t\t\t
15 \n\t\t\t0 \n\t\t\t* \n\t\t\t* \n\t\t\t* \n\t\t\troot \n\t\t\t/usr/local/pkg/swapstate_check.php \n\t\t \n\t \n\t\n\t\t \n\t\n\t\t\n\t\t\tICMP \n\t\t\ticmp \n\t\t\tICMP \n\t\t\t \n\t\t\n\t\t\tTCP \n\t\t\ttcp \n\t\t\tGeneric TCP \n\t\t\t \n\t\t\n\t\t\tHTTP \n\t\t\thttp \n\t\t\tGeneric HTTP \n\t\t\t\n\t\t\t\t/ \n\t\t\t\t200\n\t\t\t \n\t\t \n\t\t\n\t\t\tHTTPS \n\t\t\thttps \n\t\t\tGeneric HTTPS \n\t\t\t\n\t\t\t\t/ \n\t\t\t\t200\n\t\t\t \n\t\t \n\t\t\n\t\t\tSMTP \n\t\t\tsend \n\t\t\tGeneric SMTP \n\t\t\t\n\t\t\t\t220 * \n\t\t\t \n\t\t \n\t \n\t\n\t\tsystem_information:col1:open:0,interfaces:col2:open:0 \n\t\t10 \n\t \n\t\n\t\t\n\t\t\t\t\t\tone_limiter \n\t\t\t\t\t\t1 \n\t\t\t\t\t\t\n\t\t\t\t\t\t\t\t\t\t- \n\t\t\t\t\t\t\t\t\t\t\t\t\t\t
100 \n\t\t\t\t\t\t\t\t\t\t\t\t\t\tMb \n\t\t\t\t\t\t\t\t\t\t\t\t\t\tnone \n\t\t\t\t\t\t\t\t\t\t \n\t\t\t\t\t\t \n\t\t\t\t\t\ton \n\t\t\t\t\t\tnone \n\t\t\t\t\t\t0 \n\t\t\t\t\t\twf2q+ \n\t\t\t\t\t\tdroptail \n\t\t\t\t\t\t \n\t\t\n\t\t\t\t\t\tanother_limiter \n\t\t\t\t\t\t2 \n\t\t\t\t\t\t\n\t\t\t\t\t\t\t\t\t\t- \n\t\t\t\t\t\t\t\t\t\t\t\t\t\t
1 \n\t\t\t\t\t\t\t\t\t\t\t\t\t\tMb \n\t\t\t\t\t\t\t\t\t\t\t\t\t\tnone \n\t\t\t\t\t\t\t\t\t\t \n\t\t\t\t\t\t \n\t\t\t\t\t\ton \n\t\t\t\t\t\tnone \n\t\t\t\t\t\t0 \n\t\t\t\t\t\twf2q+ \n\t\t\t\t\t\tdroptail \n\t\t\t\t\t\t \n\t\t\n\t\t\t\t\t\tdisabled_limiter \n\t\t\t\t\t\t3 \n\t\t\t\t\t\t\n\t\t\t\t\t\t\t\t\t\t- \n\t\t\t\t\t\t\t\t\t\t\t\t\t\t
1 \n\t\t\t\t\t\t\t\t\t\t\t\t\t\tKb \n\t\t\t\t\t\t\t\t\t\t\t\t\t\tnone \n\t\t\t\t\t\t\t\t\t\t \n\t\t\t\t\t\t \n\t\t\t\t\t\tnone \n\t\t\t\t\t\t0 \n\t\t\t\t\t\twf2q+ \n\t\t\t\t\t\tdroptail \n\t\t\t\t\t\t \n\t \n\t\n\t\t \n\t\n\t\t1545602758 \n\t\taggregated change \n\t\t \n\t\n\t\t5c00e5f9029df \n\t\twebConfigurator default (5c00e5f9029df) \n\t\tserver \n\t\tLS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUVlakNDQTJLZ0F3SUJBZ0lCQURBTkJna3Foa2lHOXcwQkFRc0ZBREJhTVRnd05nWURWUVFLRXk5d1psTmwKYm5ObElIZGxZa052Ym1acFozVnlZWFJ2Y2lCVFpXeG1MVk5wWjI1bFpDQkRaWEowYVdacFkyRjBaVEVlTUJ3RwpBMVVFQXhNVmNHWlRaVzV6WlMwMVl6QXdaVFZtT1RBeU9XUm1NQjRYRFRFNE1URXpNREEzTWpVME5Wb1hEVEkwCk1EVXlNakEzTWpVME5Wb3dXakU0TURZR0ExVUVDaE12Y0daVFpXNXpaU0IzWldKRGIyNW1hV2QxY21GMGIzSWcKVTJWc1ppMVRhV2R1WldRZ1EyVnlkR2xtYVdOaGRHVXhIakFjQmdOVkJBTVRGWEJtVTJWdWMyVXROV013TUdVMQpaamt3TWpsa1pqQ0NBU0l3RFFZSktvWklodmNOQVFFQkJRQURnZ0VQQURDQ0FRb0NnZ0VCQU9SRHNBV1hlMitrCmtuUFpBUGxBUG1QUUl6RVBDaXBQdXJ4dmE4c0psSCtiNitKRzl4bnpreXptaVR5SFc0M0tmZzVKNzhCdG1jTmQKWlgvZHlyckZ6dlNiQnZpa21lWk9MdGVaejVaaGFOdkxsbjBxRWZibEFwbWdkUS9Nck42eURoTWNZYWN6SEduTwpTaHdFRWZoMHhuOGo5VEFCMG9vT0JyU2dINnpkTjF2YVFIZzBJeDhIa0toUzY5eDRoV3g2WUUrRE9UQk00NUcwCkNVbitUVzNTSytQaU5QaFExT2tyRHlKL21ZLzdmVXpRZkg1bk5ZcEtNZUE2cVZxdUZTa1g0a0RVRlFwOHNoNG4KMXR5QmtJM2gvTFRpTW5uNjhBMXhKOFdrVW8yUWNxNmNuR0hqL0VGbkVKWWRraTVsYUtDWG5wS0Y0c2hrZHJaVgpRN21ybithUHg5OENBd0VBQWFPQ0FVa3dnZ0ZGTUFrR0ExVWRFd1FDTUFBd0VRWUpZSVpJQVliNFFnRUJCQVFECkFnWkFNQXNHQTFVZER3UUVBd0lGb0RBekJnbGdoa2dCaHZoQ0FRMEVKaFlrVDNCbGJsTlRUQ0JIWlc1bGNtRjAKWldRZ1UyVnlkbVZ5SUVObGNuUnBabWxqWVhSbE1CMEdBMVVkRGdRV0JCU3Qra3hud054UlFGT2pXVTljekRwegp4elRYd2pDQmdnWURWUjBqQkhzd2VZQVVyZnBNWjhEY1VVQlRvMWxQWE13NmM4YzAxOEtoWHFSY01Gb3hPREEyCkJnTlZCQW9UTDNCbVUyVnVjMlVnZDJWaVEyOXVabWxuZFhKaGRHOXlJRk5sYkdZdFUybG5ibVZrSUVObGNuUnAKWm1sallYUmxNUjR3SEFZRFZRUURFeFZ3WmxObGJuTmxMVFZqTURCbE5XWTVNREk1WkdhQ0FRQXdIUVlEVlIwbApCQll3RkFZSUt3WUJCUVVIQXdFR0NDc0dBUVVGQ0FJQ01DQUdBMVVkRVFRWk1CZUNGWEJtVTJWdWMyVXROV013Ck1HVTFaamt3TWpsa1pqQU5CZ2txaGtpRzl3MEJBUXNGQUFPQ0FRRUEzZHhIRWR5SkpWeC9od0t3WGlwcXYrY04KWFpSQ3Q1NUFHbnNGeXZIcG5Rb3pxYzV1ZFdKSTFUcGF1TGNaZjF6OFM1cXQyUDd3V1BndFhnZ3BIWmgydUlqagpha2ZpV0JIQnorS3Q2Qjl5K2hmVTVPRHUwSXMrcHJyWngyM0ZNNjVCOFNiMGlmUlMvZXFTTFpHTHcvLzdhRVJ2CnVpOUhKOXRuemhRYklMb1VwUUQ5MTRLNERldXdJYXZ4dldMTElwMGsreWNoSTczV2NGR1VZVlJpanFNekhlcUcKY2RLRDVtbXZQTk1OYXdESVhuU3pldVpQMTkvVmhuc0J0Y3hiYzNMQ2RSR1VJS0ZNN2syK0xoaEZrdks1NjhlNQozalpNZjNSVWhQaTlFeEF2Vmw3blVyd1l4UU45TXhHMUJzZmNrYldNd1dUL3lFMHFnRHcrT2M4b21SSW9tZz09Ci0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K \n\t\tLS0tLS1CRUdJTiBQUklWQVRFIEtFWS0tLS0tCk1JSUV2UUlCQURBTkJna3Foa2lHOXcwQkFRRUZBQVNDQktjd2dnU2pBZ0VBQW9JQkFRRGtRN0FGbDN0dnBKSnoKMlFENVFENWowQ014RHdvcVQ3cThiMnZMQ1pSL20rdmlSdmNaODVNczVvazhoMXVOeW40T1NlL0FiWm5EWFdWLwozY3E2eGM3MG13YjRwSm5tVGk3WG1jK1dZV2pieTVaOUtoSDI1UUtab0hVUHpLemVzZzRUSEdHbk14eHB6a29jCkJCSDRkTVovSS9Vd0FkS0tEZ2Ewb0IrczNUZGIya0I0TkNNZkI1Q29VdXZjZUlWc2VtQlBnemt3VE9PUnRBbEoKL2sxdDBpdmo0alQ0VU5UcEt3OGlmNW1QKzMxTTBIeCtaeldLU2pIZ09xbGFyaFVwRitKQTFCVUtmTEllSjliYwpnWkNONGZ5MDRqSjUrdkFOY1NmRnBGS05rSEt1bkp4aDQveEJaeENXSFpJdVpXaWdsNTZTaGVMSVpIYTJWVU81CnE1L21qOGZmQWdNQkFBRUNnZ0VCQUpmblI1TmhESjd1T1J2cEZKSEtvL3BPZjZ6ZElsbW45MUFCSWczYkVUeWUKcWFwS3FaUldtT0d2aFRLSHJYQzlpWWUrd2xNZlhNMDdNUm1Yb3BzS21rQURqdThXc3VnbHJWeURHamNzR2RqegpNZkdYZHA4RUplZlFkVGFQY1pjOWpNcEEvK2VCeHUzT2Yxa0hpR0g4YkVBZDBNUWk0bFpISVVWQXJmT2V2NEZhCmlaTEJGdTEzY0pCMEJNbzJUZU9JZDQ1R0p3OXVTQWd3Q1VuZWQ5WG42SlkremI3cVRKUE1qQkdlYWY0L0E5UnMKV29nWW85ZUtYaTF3YmFRcGthdUZINWx2U29jckRsQWRiaERiam00c0lIdzJtQUwwSUk0d1YzVTJLbUhFMEg3Nwp2b1M0dUdHNW1BZFZ0elRDTnZOa09YMC9WVWdNMTJ1eHllZVZ4c3FaTkxFQ2dZRUEvcFhJR2hDNlhkVkNNNDk1CkVsR1RENW4zUXdUOTZXZkNRQ0w2cXlaK1UwUHNla0dDV2pXTWt3R2tHbWl1ZkVKdFN2VFl2d1NzcUZpaTZsdlkKNXRKSkR3dEd4ZW0weEF0SWc3RlNuUVcvdDNWcExXOE9QVmFXQ0lOSXJKSHc3L2tOZ2RpVmNBWXpiN05DUGtjVgptTEs5aSt6bXpKMmkrbE9vaFVKRlE5aVZEQWNDZ1lFQTVZaDFHYWlGMUl6UzRVdE9pZklLcjZ3bW40MEQ3ZEVmClF5SXF5d3JSTVcya1BxVkViaVBCVkM3dUxUeUlKMWdwVDhPakl3WFlrOUlRdW01ZW42TTc2aXlxYmUrY3JhdE8KbEliK3pLL2RBNzZuUjBHOGJ2eVBmMS9FbU5vL0J1ZUZldWQyaWNacWhMd25HUkxUL0FPQktkMTZ4ZGtoSjdkVwo5WWRsbmliL0gya0NnWUJqaC8rQllVVGJab0xKVWJCTjN5S1ZtT1k0aDMwVmdZRktQZUt1Z3hBa1VZdmtpRFFFClBLZEcyZjlrYThTN3crU2l4M0x0eTFBTlNRbjRnZ3djd2QzYVNkaFRpL2ttSkJzbmtXM3hBY3hnVjBEVmlIT1MKdTRWUXNyTDQ5TjJ6bERVWnJLbFA4THl2VU8vM0ZTZDJXWHNOZDRNTVFCejFyVHRYVGY5eWRQeGdoUUtCZ0FzRgptWEhvK0x3ekl2RTBsNG5pT0ljbEFobkpRTFlMdzYrS2xYbDRoSUVXSGJ2d1hhL1lRYkZVSzVXNmdXTTZSWW1TCkFHUnZKRzQ4dVJicXM5cUFrU0Qya2h5RFZBZTI0U2dhcjJPTzBsTWF0WmVqWFhRSzVxMGNJU21oMlVMd25TVkEKdGgxNWpLWGhEeE9TSnVIRUhWQ3dWUFBwTUVGaStXY0M0R3RPdmhONUFvR0FKbXdFSkR2QkZtL0t0SXlZMDhuQgpJSExkc1dSWmRXOXpNbHBsMVk2OTV1b21qS1hVMEwva3VDZ1QwRFVVVG1VK0Q3aGFZL2FQajB6MWpqR0JGcEQ0ClJ3cVA2dVJQTVhRMExLSG5IbmFQclJzanM2Q2xicVQ4ZU93dTRkeVpmYUtTS3VvbVpDZ1pkV2ZxWThVL21tbWIKT21vckhNeWJzWG0wWnJNaTZOemlzam89Ci0tLS0tRU5EIFBSSVZBVEUgS0VZLS0tLS0K \n\t \n\t\n\t\t\n\t\t\twan \n\t\t\t192.168.1.220 \n\t\t\tGW_BROKE \n\t\t\t1 \n\t\t\tBroken Gateway \n\t\t \n\t\t\n\t\t\twan \n\t\t\t192.168.1.220 \n\t\t\tGW_WAN \n\t\t\t1 \n\t\t\tinet \n\t\t\tInterface wan Gateway \n\t\t \n\t\t\n\t\t\tlan \n\t\t\t192.168.1.220 \n\t\t\tGW_LAN \n\t\t\t1 \n\t\t\tinet \n\t\t\tInterface lan Gateway \n\t\t \n\t\tGW_WAN \n\t\t\n\t\t\t\t\t\tGWGroup \n\t\t\t\t\t\t- GW_WAN|1|address
\n\t\t\t\t\t\t- GW_LAN|2|address
\n\t\t\t\t\t\tdown \n\t\t\t\t\t\tFailover group \n\t\t \n\t \n\t\n\t\t\n\t\t\tnmap \n\t\t\tNMap is a utility for network exploration or security auditing.&amp;amp;amp;amp;amp;amp;amp;amp;amp;amp;lt;br/&amp;amp;amp;amp;amp;amp;amp;amp;amp;amp;gt;\n\t\t\tIt supports ping scanning (determine which hosts are up), many port scanning techniques (determine what services the hosts are offering), version detection (determine what application/service is running on a port), and TCP/IP fingerprinting (remote host OS or device identification).\n\t\t\tIt also offers flexible target and port specification, decoy/stealth scanning, SunRPC scanning, and more. \n\t\t\t1.4.4_1 \n\t\t\thttps://doc.pfsense.org/index.php/Nmap_package \n\t\t\tnmap.xml \n\t\t\t/usr/local/pkg/nmap.inc \n\t\t \n\t\t\n\t\t\tiftop \n\t\t\thttps://forum.pfsense.org/ \n\t\t\tRealtime interface monitor (console/shell only). \n\t\t\thttp://www.ex-parrot.com/~pdw/iftop/ \n\t\t\t0.17_2 \n\t\t\tiftop.xml \n\t\t \n\t\t\n\t\t\tOpen-VM-Tools \n\t\t\tVMware Tools is a suite of utilities that enhances the performance of the virtual machine's guest operating system and improves management of the virtual machine. \n\t\t\thttp://open-vm-tools.sourceforge.net/ \n\t\t\t10.1.0,1 \n\t\t\thttps://doc.pfsense.org/index.php/Open_VM_Tools_package \n\t\t\topen-vm-tools.xml \n\t\t\t/usr/local/pkg/open-vm-tools.inc \n\t\t \n\t\t\n\t\t\tsquid3 \n\t\t\tsquid \n\t\t\tHigh performance web proxy cache (3.4 branch). It combines Squid as a proxy server with its capabilities of acting as a HTTP / HTTPS reverse proxy.&amp;amp;amp;amp;amp;amp;amp;amp;amp;amp;lt;br /&amp;amp;amp;amp;amp;amp;amp;amp;amp;amp;gt;\n\t\t\tIt includes an Exchange-Web-Access (OWA) Assistant, SSL filtering and antivirus integration via C-ICAP. \n\t\t\thttps://forum.pfsense.org/index.php?board=60.0 \n\t\t\thttp://www.squid-cache.org/ \n\t\t\t0.4.44_7 \n\t\t\tsquid.xml \n\t\t\tsquid_generate_rules \n\t\t\t\n\t\t\t\t\n\t\t\t\t\tGeneral \n\t\t\t\t\t/pkg_edit.php?xml=squid.xml&id=0 \n\t\t\t\t\t \n\t\t\t\t\n\t\t\t\t\tRemote Cache \n\t\t\t\t\t/pkg.php?xml=squid_upstream.xml \n\t\t\t\t \n\t\t\t\t\n\t\t\t\t\tLocal Cache \n\t\t\t\t\t/pkg_edit.php?xml=squid_cache.xml&id=0 \n\t\t\t\t \n\t\t\t\t\n\t\t\t\t\tAntivirus \n\t\t\t\t\t/pkg_edit.php?xml=squid_antivirus.xml&id=0 \n\t\t\t\t \n\t\t\t\t\n\t\t\t\t\tACLs \n\t\t\t\t\t/pkg_edit.php?xml=squid_nac.xml&id=0 \n\t\t\t\t \n\t\t\t\t\n\t\t\t\t\tTraffic Mgmt \n\t\t\t\t\t/pkg_edit.php?xml=squid_traffic.xml&id=0 \n\t\t\t\t \n\t\t\t\t\n\t\t\t\t\tAuthentication \n\t\t\t\t\t/pkg_edit.php?xml=squid_auth.xml&id=0 \n\t\t\t\t \n\t\t\t\t\n\t\t\t\t\tUsers \n\t\t\t\t\t/pkg.php?xml=squid_users.xml \n\t\t\t\t \n\t\t\t\t\n\t\t\t\t\tReal Time \n\t\t\t\t\t/squid_monitor.php \n\t\t\t\t \n\t\t\t\t\n\t\t\t\t\tSync \n\t\t\t\t\t/pkg_edit.php?xml=squid_sync.xml \n\t\t\t\t \n\t\t\t \n\t\t\t/usr/local/pkg/squid.inc \n\t\t \n\t\t\n\t\t\tNMap \n\t\t\t\n\t\t\tnmap.xml \n\t\t \n\t\t\n\t\t\tSquid Proxy Server \n\t\t\tModify the proxy server settings \n\t\t\t\n\t\t\t/pkg_edit.php?xml=squid.xml&id=0 \n\t\t \n\t\t\n\t\t\tSquid Reverse Proxy \n\t\t\tModify the reverse proxy server settings \n\t\t\t\n\t\t\t/pkg_edit.php?xml=squid_reverse_general.xml&id=0 \n\t\t \n\t\t\n\t\t\tvmware-guestd \n\t\t\tvmware-guestd.sh \n\t\t\tmwexec(\"/usr/local/etc/rc.d/vmware-guestd status\") == 0; \n\t\t\tVMware Guest Daemon \n\t\t \n\t\t\n\t\t\tvmware-kmod \n\t\t\tvmware-kmod.sh \n\t\t\tmwexec(\"/usr/local/etc/rc.d/vmware-kmod status\") == 0; \n\t\t\tVMware Kernel Modules \n\t\t \n\t\t\n\t\t\tsquid \n\t\t\tsquid.sh \n\t\t\tsquid \n\t\t\tSquid Proxy Server Service \n\t\t \n\t\t\n\t\t\tclamd \n\t\t\tclamd.sh \n\t\t\tclamd \n\t\t\tClamAV Antivirus \n\t\t \n\t\t\n\t\t\tc-icap \n\t\t\tc-icap.sh \n\t\t\tc-icap \n\t\t\tICAP Inteface for Squid and ClamAV integration \n\t\t \n\t\t\n\t\t\t\n\t\t\t\theap LFUDA \n\t\t\t\t90 \n\t\t\t\t95 \n\t\t\t\t100 \n\t\t\t\tufs \n\t\t\t\t16 \n\t\t\t\t/var/squid/cache \n\t\t\t\t0 \n\t\t\t\t4 \n\t\t\t\t64 \n\t\t\t\t256 \n\t\t\t\theap GDSF \n\t\t\t\t \n\t\t \n\t\t\n\t\t\t\n\t\t\t\tnone \n\t\t\t \n\t\t \n\t\t\n\t\t\t\n\t\t\t\ton \n\t\t\t\ton \n\t\t\t\tlan \n\t\t\t\t3128 \n\t\t\t\ton \n\t\t\t\tlan \n\t\t\t\tsplicewhitelist \n\t\t\t\tlan \n\t\t\t\tmodern \n\t\t\t\t2048 \n\t\t\t\tnone \n\t\t\t\t/var/squid/logs \n\t\t\t\tlocalhost \n\t\t\t\tadmin@localhost \n\t\t\t\ten \n\t\t\t\ton \n\t\t\t\tstrip \n\t\t\t\t \n\t\t \n\t\t\n\t\t\t\n\t\t\t\tLg== \n\t\t\t\t \n\t\t \n\t \n\t\n\t \n\t\n\t\t\n\t\t\tipalias \n\t\t\tlan \n\t\t\t5c0a4b6139b05 \n\t\t\tsingle \n\t\t\t24 \n\t\t\t10.255.2.254 \n\t\t \n\t\t\n\t\t\tipalias \n\t\t\tlan \n\t\t\t5c0a4bd391375 \n\t\t\tsingle \n\t\t\t24 \n\t\t\t10.255.3.254 \n\t\t \n\t \n\t\n\t\t\n\t\t\tpfSense \n\t\t\tacme.com \n\t\t \n\t \n\t\n\t\t\n\t\t\tvmx1 \n\t\t\t1100 \n\t\t\tvmx1.1100 \n\t\t \n\t \n\t\n \n workdays \n \n 1,2,3,4,5 \n 7:30-18:30 \n workdays \n \n 5e5e0fd3ddb8d \n \n \n \n"
},
{
"path": "tests/unit/plugins/modules/fixtures/pfsense_rule_separator_config.xml",
"content": "\n\t18.9 \n\t\n\t\tnormal \n\t\tpfSense \n\t\tacme.com \n\t\ton \n\t\t\n\t\t\tall \n\t\t\tAll Users \n\t\t\tsystem \n\t\t\t1998 \n\t\t \n\t\t\n\t\t\tadmins \n\t\t\tSystem Administrators \n\t\t\tsystem \n\t\t\t1999 \n\t\t\t0 \n\t\t\tpage-all \n\t\t \n\t\t\n\t\t\tsystem \n\t\t\ttest \n\t\t\t \n\t\t\n\t\t\tsystem \n\t\t\tgroupe1 \n\t\t\t \n\t\t\n\t\t\tsystem \n\t\t\tgroupe2 \n\t\t\t \n\t\t\n\t\t\tadmin \n\t\t\tSystem Administrator \n\t\t\tsystem \n\t\t\tadmins \n\t\t\t$2y$10$AMCpA.Z.RNaferLp1yzFq.BvaGgfqaJKtQug7OErbocyNagsEK6xW \n\t\t\t0 \n\t\t\tuser-shell-access \n\t\t\t2 \n\t\t\tpfSense.css \n\t\t \n\t\t2000 \n\t\t2000 \n\t\t0.pfsense.pool.ntp.org \n\t\t\n\t\t\thttp \n\t\t\t5c00e5f9029df \n\t\t\t2 \n\t\t \n\t\tyes \n\t\t400000 \n\t\thadp \n\t\thadp \n\t\thadp \n\t\t\n\t\t\tmonthly \n\t\t \n\t\t\n\t\t\tenabled \n\t\t \n\t\tEtc/UTC \n\t \n\t\n\t\t\n\t\t\tvmx0 \n\t\t\twan \n\t\t\t192.168.240.137 \n\t\t\t32 \n\t\t\tSavedCfg \n\t\t\t24 \n\t\t\t \n\t\t\n\t\t\tvmx1 \n\t\t\tlan \n\t\t\t192.168.1.242 \n\t\t\t24 \n\t\t\t \n\t\t\n\t\t\tvmx2 \n\t\t\tvpn \n\t\t\t10.0.0.1 \n\t\t\t24 \n\t\t \n\t\t\n\t\t\tvmx3 \n\t\t\tvt1 \n\t\t\t \n\t\t\n\t\t\tlan_100 \n\t\t\tvmx1.1100 \n\t\t\t172.16.151.210 \n\t\t\t24 \n\t\t \n\t \n\t\n\t\t\n\t\t\t\n\t\t\t\t192.168.1.100 \n\t\t\t\t192.168.1.199 \n\t\t\t \n\t\t \n\t \n\t\n\t\t\n\t\t\t\n\t\t\t\t::1000 \n\t\t\t\t::2000 \n\t\t\t \n\t\t\tassist \n\t\t\tmedium \n\t\t \n\t \n\t\n\t\tpublic \n\t \n\t\n\t\t\n\t\t\t \n\t \n\t\n\t\t1 \n\t\t50 \n\t\tipv4 \n\t \n\t\n\t\t\n\t\t\tadvanced \n\t\t\t\n\t\t\t\t\n\t\t\t\t\tany \n\t\t\t\t \n\t\t\t\twan \n\t\t\t\t\n\t\t\t\t\t \n\t\t\t\t\n\t\t\t\t\t1544027052 \n\t\t\t\t\t \n\t\t\t\t\n\t\t\t\t\t1544027052 \n\t\t\t\t\t \n\t\t\t \n\t\t \n\t\t\n\t\t\t\n\t\t\t\t \n\t\t\t\n\t\t\t\twanip \n\t\t\t\t22022 \n\t\t\t \n\t\t\ttcp \n\t\t\t10.255.1.20 \n\t\t\t22 \n\t\t\twan \n\t\t\t\n\t\t\t\t1544085353 \n\t\t\t\t \n\t\t\t\n\t\t\t\t1544085353 \n\t\t\t\t \n\t\t \n\t \n\t\n\t\t\n\t\t\t\n\t\t\t\t\n\t\t\t\t\tfr1
\n\t\t\t\t\ttest_separator \n\t\t\t\t\tbg-info \n\t\t\t\t\tlan \n\t\t\t\t \n\t\t\t \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545574416 \n\t\t\t \n\t\t\ttcp \n\t\t\tantilock_out_1 \n\t\t\t\n\t\t\t\t1545574416 \n\t\t\t \n\t\t\t\n\t\t\t\tport_ssh \n\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\t \n\t\t\t1545574416 \n\t\t\twan \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545574416 \n\t\t\t \n\t\t\ttcp \n\t\t\tantilock_out_2 \n\t\t\t\n\t\t\t\t1545574416 \n\t\t\t \n\t\t\t\n\t\t\t\tport_http \n\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\t \n\t\t\t1545574416 \n\t\t\twan \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545574416 \n\t\t\t \n\t\t\ttcp \n\t\t\tantilock_out_3 \n\t\t\t\n\t\t\t\t1545574416 \n\t\t\t \n\t\t\t\n\t\t\t\t443 \n\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\t \n\t\t\t1545574416 \n\t\t\twan \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545574416 \n\t\t\t \n\t\t\ttcp \n\t\t\tantilock_out_1 \n\t\t\t\n\t\t\t\t1545574416 \n\t\t\t \n\t\t\t\n\t\t\t\tport_ssh \n\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\t \n\t\t\t1545574416 \n\t\t\tlan \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545574416 \n\t\t\t \n\t\t\ttcp \n\t\t\tantilock_out_2 \n\t\t\t\n\t\t\t\t1545574416 \n\t\t\t \n\t\t\t\n\t\t\t\tport_http \n\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\t \n\t\t\t1545574416 \n\t\t\tlan \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545574416 \n\t\t\t \n\t\t\ttcp \n\t\t\tantilock_out_3 \n\t\t\t\n\t\t\t\t1545574416 \n\t\t\t \n\t\t\t\n\t\t\t\t443 \n\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\t \n\t\t\t1545574416 \n\t\t\tlan \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\ticmp \n\t\t\tping_from_poc3_1 \n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\t\n\t\t\t\tsrv_admin \n\t\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\tlan_data_poc3 \n\t\t\t\t \n\t\t\t1545602758 \n\t\t\tlan \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\tudp \n\t\t\tads_to_ads_udp_1_1 \n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\t\n\t\t\t\tport_dns \n\t\t\t\tad_poc2 \n\t\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\tad_poc3 \n\t\t\t\t \n\t\t\t1545602758 \n\t\t\tlan \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\tudp \n\t\t\tads_to_ads_udp_1_2 \n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\t\n\t\t\t\tport_ldap \n\t\t\t\tad_poc2 \n\t\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\tad_poc3 \n\t\t\t\t \n\t\t\t1545602758 \n\t\t\tlan \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\tudp \n\t\t\tads_to_ads_udp_2_1 \n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\t\n\t\t\t\tport_dns \n\t\t\t\tad_poc1 \n\t\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\tad_poc3 \n\t\t\t\t \n\t\t\t1545602758 \n\t\t\tlan \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\tudp \n\t\t\tads_to_ads_udp_2_2 \n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\t\n\t\t\t\tport_ldap \n\t\t\t\tad_poc1 \n\t\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\tad_poc3 \n\t\t\t\t \n\t\t\t1545602758 \n\t\t\tlan \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\ttcp \n\t\t\tads_to_ads_tcp_1_1 \n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\t\n\t\t\t\tport_dns \n\t\t\t\tad_poc2 \n\t\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\tad_poc3 \n\t\t\t\t \n\t\t\t1545602758 \n\t\t\tlan \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\ttcp \n\t\t\tads_to_ads_tcp_1_2 \n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\t\n\t\t\t\tport_ldap \n\t\t\t\tad_poc2 \n\t\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\tad_poc3 \n\t\t\t\t \n\t\t\t1545602758 \n\t\t\tlan \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\ttcp \n\t\t\tads_to_ads_tcp_1_3 \n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\t\n\t\t\t\tport_ldap_ssl \n\t\t\t\tad_poc2 \n\t\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\tad_poc3 \n\t\t\t\t \n\t\t\t1545602758 \n\t\t\tlan \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\ttcp \n\t\t\tads_to_ads_tcp_2_1 \n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\t\n\t\t\t\tport_dns \n\t\t\t\tad_poc1 \n\t\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\tad_poc3 \n\t\t\t\t \n\t\t\t1545602758 \n\t\t\tlan \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\ttcp \n\t\t\tads_to_ads_tcp_2_2 \n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\t\n\t\t\t\tport_ldap \n\t\t\t\tad_poc1 \n\t\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\tad_poc3 \n\t\t\t\t \n\t\t\t1545602758 \n\t\t\tlan \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\ttcp \n\t\t\tads_to_ads_tcp_2_3 \n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\t\n\t\t\t\tport_ldap_ssl \n\t\t\t\tad_poc1 \n\t\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\tad_poc3 \n\t\t\t\t \n\t\t\t1545602758 \n\t\t\tlan \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545574416 \n\t\t\t \n\t\t\ttcp \n\t\t\tantilock_out_1 \n\t\t\t\n\t\t\t\t1545574416 \n\t\t\t \n\t\t\t\n\t\t\t\tport_ssh \n\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\t \n\t\t\t1545574416 \n\t\t\topt3 \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545574416 \n\t\t\t \n\t\t\ttcp \n\t\t\tantilock_out_2 \n\t\t\t\n\t\t\t\t1545574416 \n\t\t\t \n\t\t\t\n\t\t\t\tport_http \n\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\t \n\t\t\t1545574416 \n\t\t\topt3 \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545574416 \n\t\t\t \n\t\t\ttcp \n\t\t\tantilock_out_3 \n\t\t\t\n\t\t\t\t1545574416 \n\t\t\t \n\t\t\t\n\t\t\t\t443 \n\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\t \n\t\t\t1545574416 \n\t\t\topt3 \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\tudp \n\t\t\tvoid_conf_tftp_1 \n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\t\n\t\t\t\t69 \n\t\t\t\tlan_voip_poc2 \n\t\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\tipbx_poc3 \n\t\t\t\t \n\t\t\t1545602758 \n\t\t\topt3 \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\ticmp \n\t\t\tping_from_poc3_2 \n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\t\n\t\t\t\tsrv_admin \n\t\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\tlan_voip_poc3 \n\t\t\t\t \n\t\t\t1545602758 \n\t\t\topt3 \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\tudp \n\t\t\tvoid_conf_tftp_2 \n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\t\n\t\t\t\t69 \n\t\t\t\tlan_voip_poc1 \n\t\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\tipbx_poc3 \n\t\t\t\t \n\t\t\t1545602758 \n\t\t\topt3 \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545574416 \n\t\t\t \n\t\t\ttcp \n\t\t\tantilock_out_1 \n\t\t\t\n\t\t\t\t1545574416 \n\t\t\t \n\t\t\t\n\t\t\t\tport_ssh \n\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\t \n\t\t\t1545574416 \n\t\t\topt1 \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545574416 \n\t\t\t \n\t\t\ttcp \n\t\t\tantilock_out_2 \n\t\t\t\n\t\t\t\t1545574416 \n\t\t\t \n\t\t\t\n\t\t\t\tport_http \n\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\t \n\t\t\t1545574416 \n\t\t\topt1 \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545574416 \n\t\t\t \n\t\t\ttcp \n\t\t\tantilock_out_3 \n\t\t\t\n\t\t\t\t1545574416 \n\t\t\t \n\t\t\t\n\t\t\t\t443 \n\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\t \n\t\t\t1545574416 \n\t\t\topt1 \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\tudp \n\t\t\tvoid_conf_tftp_3 \n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\t\n\t\t\t\t69 \n\t\t\t\tlan_voip_poc3 \n\t\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\tipbx_poc2 \n\t\t\t\t \n\t\t\t1545602758 \n\t\t\topt1 \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\tudp \n\t\t\tads_to_ads_udp_3_1 \n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\t\n\t\t\t\tport_dns \n\t\t\t\tad_poc3 \n\t\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\tad_poc2 \n\t\t\t\t \n\t\t\t1545602758 \n\t\t\topt1 \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\tudp \n\t\t\tads_to_ads_udp_3_2 \n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\t\n\t\t\t\tport_ldap \n\t\t\t\tad_poc3 \n\t\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\tad_poc2 \n\t\t\t\t \n\t\t\t1545602758 \n\t\t\topt1 \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\tudp \n\t\t\tads_to_ads_udp_4_1 \n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\t\n\t\t\t\tport_dns \n\t\t\t\tad_poc3 \n\t\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\tad_poc1 \n\t\t\t\t \n\t\t\t1545602758 \n\t\t\topt1 \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\tudp \n\t\t\tads_to_ads_udp_4_2 \n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\t\n\t\t\t\tport_ldap \n\t\t\t\tad_poc3 \n\t\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\tad_poc1 \n\t\t\t\t \n\t\t\t1545602758 \n\t\t\topt1 \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\tudp \n\t\t\tvoid_conf_tftp_4 \n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\t\n\t\t\t\t69 \n\t\t\t\tlan_voip_poc3 \n\t\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\tipbx_poc1 \n\t\t\t\t \n\t\t\t1545602758 \n\t\t\topt1 \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\ttcp \n\t\t\tads_to_ads_tcp_4_1 \n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\t\n\t\t\t\tport_dns \n\t\t\t\tad_poc3 \n\t\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\tad_poc1 \n\t\t\t\t \n\t\t\t1545602758 \n\t\t\topt1 \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\ttcp \n\t\t\tads_to_ads_tcp_4_2 \n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\t\n\t\t\t\tport_ldap \n\t\t\t\tad_poc3 \n\t\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\tad_poc1 \n\t\t\t\t \n\t\t\t1545602758 \n\t\t\topt1 \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\ttcp \n\t\t\tads_to_ads_tcp_4_3 \n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\t\n\t\t\t\tport_ldap_ssl \n\t\t\t\tad_poc3 \n\t\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\tad_poc1 \n\t\t\t\t \n\t\t\t1545602758 \n\t\t\topt1 \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\tadmin_bypass \n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\t\n\t\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\tsrv_admin \n\t\t\t\t \n\t\t\t1545602758 \n\t\t\topt1 \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\ttcp \n\t\t\tads_to_ads_tcp_3_1 \n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\t\n\t\t\t\tport_dns \n\t\t\t\tad_poc3 \n\t\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\tad_poc2 \n\t\t\t\t \n\t\t\t1545602758 \n\t\t\topt1 \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\ttcp \n\t\t\tads_to_ads_tcp_3_2 \n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\t\n\t\t\t\tport_ldap \n\t\t\t\tad_poc3 \n\t\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\tad_poc2 \n\t\t\t\t \n\t\t\t1545602758 \n\t\t\topt1 \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\ttcp \n\t\t\tads_to_ads_tcp_3_3 \n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\t\n\t\t\t\tport_ldap_ssl \n\t\t\t\tad_poc3 \n\t\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\tad_poc2 \n\t\t\t\t \n\t\t\t1545602758 \n\t\t\topt1 \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t \n\t\n\t\t\n\t\t\tport \n\t\t\tport_ssh \n\t\t\t22 \n\t\t \n\t\t\n\t\t\tport \n\t\t\tport_http \n\t\t\t80 \n\t\t \n\t\t\n\t\t\thost \n\t\t\tsrv_admin \n\t\t\t192.168.1.165 \n\t\t \n\t\t\n\t\t\tport \n\t\t\tport_dns \n\t\t\t51 \n\t\t \n\t\t\n\t\t\tport \n\t\t\tport_ldap \n\t\t\t389 \n\t\t \n\t\t\n\t\t\tport \n\t\t\tport_ldap_ssl \n\t\t\t636 \n\t\t \n\t\n\t\t\tnetwork \n\t\t\tlan_voip_poc2 \n\t\t\t172.16.2.0/24 \n\t\t\t \n\t\t\n\t\t\tnetwork \n\t\t\tlan_voip_poc3 \n\t\t\t172.16.3.0/24 \n\t\t\t \n\t\t\n\t\t\tnetwork \n\t\t\tlan_voip_poc1 \n\t\t\t172.16.1.0/24 \n\t\t\t \n\t\t\n\t\t\thost \n\t\t\tad_poc3 \n\t\t\t192.168.3.3 \n\t\t\t \n\t\t\n\t\t\thost \n\t\t\tad_poc2 \n\t\t\t192.168.2.3 \n\t\t\t \n\t\t\n\t\t\thost \n\t\t\tad_poc1 \n\t\t\t192.168.1.3 \n\t\t\t \n\t\t\n\t\t\tnetwork \n\t\t\tlan_data_poc3 \n\t\t\t192.168.3.0/24 \n\t\t\t \n\t\t\n\t\t\thost \n\t\t\tipbx_poc3 \n\t\t\t172.16.3.3 \n\t\t\t \n\t\t\n\t\t\thost \n\t\t\tipbx_poc2 \n\t\t\t172.16.2.3 \n\t\t\t \n\t\t\n\t\t\thost \n\t\t\tipbx_poc1 \n\t\t\t172.16.1.3 \n\t\t\t \n\t\t\n\t\t\thttp://www.acme-corp.com \n\t\t\turltable \n\t\t\t10 \n\t\t\thttp://www.acme-corp.com \n\t\t\tacme_corp \n\t\t\t \n\t\t \n\t\n\t\t- \n\t\t\t
1,31 \n\t\t\t0-5 \n\t\t\t* \n\t\t\t* \n\t\t\t* \n\t\t\troot \n\t\t\t/usr/bin/nice -n20 adjkerntz -a \n\t\t \n\t\t- \n\t\t\t
1 \n\t\t\t3 \n\t\t\t1 \n\t\t\t* \n\t\t\t* \n\t\t\troot \n\t\t\t/usr/bin/nice -n20 /etc/rc.update_bogons.sh \n\t\t \n\t\t- \n\t\t\t
*/60 \n\t\t\t* \n\t\t\t* \n\t\t\t* \n\t\t\t* \n\t\t\troot \n\t\t\t/usr/bin/nice -n20 /usr/local/sbin/expiretable -v -t 3600 sshguard \n\t\t \n\t\t- \n\t\t\t
*/60 \n\t\t\t* \n\t\t\t* \n\t\t\t* \n\t\t\t* \n\t\t\troot \n\t\t\t/usr/bin/nice -n20 /usr/local/sbin/expiretable -v -t 3600 webConfiguratorlockout \n\t\t \n\t\t- \n\t\t\t
1 \n\t\t\t1 \n\t\t\t* \n\t\t\t* \n\t\t\t* \n\t\t\troot \n\t\t\t/usr/bin/nice -n20 /etc/rc.dyndns.update \n\t\t \n\t\t- \n\t\t\t
*/60 \n\t\t\t* \n\t\t\t* \n\t\t\t* \n\t\t\t* \n\t\t\troot \n\t\t\t/usr/bin/nice -n20 /usr/local/sbin/expiretable -v -t 3600 virusprot \n\t\t \n\t\t- \n\t\t\t
30 \n\t\t\t12 \n\t\t\t* \n\t\t\t* \n\t\t\t* \n\t\t\troot \n\t\t\t/usr/bin/nice -n20 /etc/rc.update_urltables \n\t\t \n\t\t- \n\t\t\t
1 \n\t\t\t0 \n\t\t\t* \n\t\t\t* \n\t\t\t* \n\t\t\troot \n\t\t\t/usr/bin/nice -n20 /etc/rc.update_pkg_metadata \n\t\t \n\t\t- \n\t\t\t
0 \n\t\t\t0 \n\t\t\t* \n\t\t\t* \n\t\t\t* \n\t\t\troot \n\t\t\t/usr/local/sbin/squid -k rotate -f /usr/local/etc/squid/squid.conf \n\t\t \n\t\t- \n\t\t\t
15 \n\t\t\t0 \n\t\t\t* \n\t\t\t* \n\t\t\t* \n\t\t\troot \n\t\t\t/usr/local/pkg/swapstate_check.php \n\t\t \n\t \n\t\n\t\t \n\t\n\t\t\n\t\t\tICMP \n\t\t\ticmp \n\t\t\tICMP \n\t\t\t \n\t\t\n\t\t\tTCP \n\t\t\ttcp \n\t\t\tGeneric TCP \n\t\t\t \n\t\t\n\t\t\tHTTP \n\t\t\thttp \n\t\t\tGeneric HTTP \n\t\t\t\n\t\t\t\t/ \n\t\t\t\t200\n\t\t\t \n\t\t \n\t\t\n\t\t\tHTTPS \n\t\t\thttps \n\t\t\tGeneric HTTPS \n\t\t\t\n\t\t\t\t/ \n\t\t\t\t200\n\t\t\t \n\t\t \n\t\t\n\t\t\tSMTP \n\t\t\tsend \n\t\t\tGeneric SMTP \n\t\t\t\n\t\t\t\t220 * \n\t\t\t \n\t\t \n\t \n\t\n\t\tsystem_information:col1:open:0,interfaces:col2:open:0 \n\t\t10 \n\t \n\t\n\t\t \n\t\n\t\t1545602758 \n\t\taggregated change \n\t\t \n\t\n\t\t5c00e5f9029df \n\t\twebConfigurator default (5c00e5f9029df) \n\t\tserver \n\t\tLS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUVlakNDQTJLZ0F3SUJBZ0lCQURBTkJna3Foa2lHOXcwQkFRc0ZBREJhTVRnd05nWURWUVFLRXk5d1psTmwKYm5ObElIZGxZa052Ym1acFozVnlZWFJ2Y2lCVFpXeG1MVk5wWjI1bFpDQkRaWEowYVdacFkyRjBaVEVlTUJ3RwpBMVVFQXhNVmNHWlRaVzV6WlMwMVl6QXdaVFZtT1RBeU9XUm1NQjRYRFRFNE1URXpNREEzTWpVME5Wb1hEVEkwCk1EVXlNakEzTWpVME5Wb3dXakU0TURZR0ExVUVDaE12Y0daVFpXNXpaU0IzWldKRGIyNW1hV2QxY21GMGIzSWcKVTJWc1ppMVRhV2R1WldRZ1EyVnlkR2xtYVdOaGRHVXhIakFjQmdOVkJBTVRGWEJtVTJWdWMyVXROV013TUdVMQpaamt3TWpsa1pqQ0NBU0l3RFFZSktvWklodmNOQVFFQkJRQURnZ0VQQURDQ0FRb0NnZ0VCQU9SRHNBV1hlMitrCmtuUFpBUGxBUG1QUUl6RVBDaXBQdXJ4dmE4c0psSCtiNitKRzl4bnpreXptaVR5SFc0M0tmZzVKNzhCdG1jTmQKWlgvZHlyckZ6dlNiQnZpa21lWk9MdGVaejVaaGFOdkxsbjBxRWZibEFwbWdkUS9Nck42eURoTWNZYWN6SEduTwpTaHdFRWZoMHhuOGo5VEFCMG9vT0JyU2dINnpkTjF2YVFIZzBJeDhIa0toUzY5eDRoV3g2WUUrRE9UQk00NUcwCkNVbitUVzNTSytQaU5QaFExT2tyRHlKL21ZLzdmVXpRZkg1bk5ZcEtNZUE2cVZxdUZTa1g0a0RVRlFwOHNoNG4KMXR5QmtJM2gvTFRpTW5uNjhBMXhKOFdrVW8yUWNxNmNuR0hqL0VGbkVKWWRraTVsYUtDWG5wS0Y0c2hrZHJaVgpRN21ybithUHg5OENBd0VBQWFPQ0FVa3dnZ0ZGTUFrR0ExVWRFd1FDTUFBd0VRWUpZSVpJQVliNFFnRUJCQVFECkFnWkFNQXNHQTFVZER3UUVBd0lGb0RBekJnbGdoa2dCaHZoQ0FRMEVKaFlrVDNCbGJsTlRUQ0JIWlc1bGNtRjAKWldRZ1UyVnlkbVZ5SUVObGNuUnBabWxqWVhSbE1CMEdBMVVkRGdRV0JCU3Qra3hud054UlFGT2pXVTljekRwegp4elRYd2pDQmdnWURWUjBqQkhzd2VZQVVyZnBNWjhEY1VVQlRvMWxQWE13NmM4YzAxOEtoWHFSY01Gb3hPREEyCkJnTlZCQW9UTDNCbVUyVnVjMlVnZDJWaVEyOXVabWxuZFhKaGRHOXlJRk5sYkdZdFUybG5ibVZrSUVObGNuUnAKWm1sallYUmxNUjR3SEFZRFZRUURFeFZ3WmxObGJuTmxMVFZqTURCbE5XWTVNREk1WkdhQ0FRQXdIUVlEVlIwbApCQll3RkFZSUt3WUJCUVVIQXdFR0NDc0dBUVVGQ0FJQ01DQUdBMVVkRVFRWk1CZUNGWEJtVTJWdWMyVXROV013Ck1HVTFaamt3TWpsa1pqQU5CZ2txaGtpRzl3MEJBUXNGQUFPQ0FRRUEzZHhIRWR5SkpWeC9od0t3WGlwcXYrY04KWFpSQ3Q1NUFHbnNGeXZIcG5Rb3pxYzV1ZFdKSTFUcGF1TGNaZjF6OFM1cXQyUDd3V1BndFhnZ3BIWmgydUlqagpha2ZpV0JIQnorS3Q2Qjl5K2hmVTVPRHUwSXMrcHJyWngyM0ZNNjVCOFNiMGlmUlMvZXFTTFpHTHcvLzdhRVJ2CnVpOUhKOXRuemhRYklMb1VwUUQ5MTRLNERldXdJYXZ4dldMTElwMGsreWNoSTczV2NGR1VZVlJpanFNekhlcUcKY2RLRDVtbXZQTk1OYXdESVhuU3pldVpQMTkvVmhuc0J0Y3hiYzNMQ2RSR1VJS0ZNN2syK0xoaEZrdks1NjhlNQozalpNZjNSVWhQaTlFeEF2Vmw3blVyd1l4UU45TXhHMUJzZmNrYldNd1dUL3lFMHFnRHcrT2M4b21SSW9tZz09Ci0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K \n\t\tLS0tLS1CRUdJTiBQUklWQVRFIEtFWS0tLS0tCk1JSUV2UUlCQURBTkJna3Foa2lHOXcwQkFRRUZBQVNDQktjd2dnU2pBZ0VBQW9JQkFRRGtRN0FGbDN0dnBKSnoKMlFENVFENWowQ014RHdvcVQ3cThiMnZMQ1pSL20rdmlSdmNaODVNczVvazhoMXVOeW40T1NlL0FiWm5EWFdWLwozY3E2eGM3MG13YjRwSm5tVGk3WG1jK1dZV2pieTVaOUtoSDI1UUtab0hVUHpLemVzZzRUSEdHbk14eHB6a29jCkJCSDRkTVovSS9Vd0FkS0tEZ2Ewb0IrczNUZGIya0I0TkNNZkI1Q29VdXZjZUlWc2VtQlBnemt3VE9PUnRBbEoKL2sxdDBpdmo0alQ0VU5UcEt3OGlmNW1QKzMxTTBIeCtaeldLU2pIZ09xbGFyaFVwRitKQTFCVUtmTEllSjliYwpnWkNONGZ5MDRqSjUrdkFOY1NmRnBGS05rSEt1bkp4aDQveEJaeENXSFpJdVpXaWdsNTZTaGVMSVpIYTJWVU81CnE1L21qOGZmQWdNQkFBRUNnZ0VCQUpmblI1TmhESjd1T1J2cEZKSEtvL3BPZjZ6ZElsbW45MUFCSWczYkVUeWUKcWFwS3FaUldtT0d2aFRLSHJYQzlpWWUrd2xNZlhNMDdNUm1Yb3BzS21rQURqdThXc3VnbHJWeURHamNzR2RqegpNZkdYZHA4RUplZlFkVGFQY1pjOWpNcEEvK2VCeHUzT2Yxa0hpR0g4YkVBZDBNUWk0bFpISVVWQXJmT2V2NEZhCmlaTEJGdTEzY0pCMEJNbzJUZU9JZDQ1R0p3OXVTQWd3Q1VuZWQ5WG42SlkremI3cVRKUE1qQkdlYWY0L0E5UnMKV29nWW85ZUtYaTF3YmFRcGthdUZINWx2U29jckRsQWRiaERiam00c0lIdzJtQUwwSUk0d1YzVTJLbUhFMEg3Nwp2b1M0dUdHNW1BZFZ0elRDTnZOa09YMC9WVWdNMTJ1eHllZVZ4c3FaTkxFQ2dZRUEvcFhJR2hDNlhkVkNNNDk1CkVsR1RENW4zUXdUOTZXZkNRQ0w2cXlaK1UwUHNla0dDV2pXTWt3R2tHbWl1ZkVKdFN2VFl2d1NzcUZpaTZsdlkKNXRKSkR3dEd4ZW0weEF0SWc3RlNuUVcvdDNWcExXOE9QVmFXQ0lOSXJKSHc3L2tOZ2RpVmNBWXpiN05DUGtjVgptTEs5aSt6bXpKMmkrbE9vaFVKRlE5aVZEQWNDZ1lFQTVZaDFHYWlGMUl6UzRVdE9pZklLcjZ3bW40MEQ3ZEVmClF5SXF5d3JSTVcya1BxVkViaVBCVkM3dUxUeUlKMWdwVDhPakl3WFlrOUlRdW01ZW42TTc2aXlxYmUrY3JhdE8KbEliK3pLL2RBNzZuUjBHOGJ2eVBmMS9FbU5vL0J1ZUZldWQyaWNacWhMd25HUkxUL0FPQktkMTZ4ZGtoSjdkVwo5WWRsbmliL0gya0NnWUJqaC8rQllVVGJab0xKVWJCTjN5S1ZtT1k0aDMwVmdZRktQZUt1Z3hBa1VZdmtpRFFFClBLZEcyZjlrYThTN3crU2l4M0x0eTFBTlNRbjRnZ3djd2QzYVNkaFRpL2ttSkJzbmtXM3hBY3hnVjBEVmlIT1MKdTRWUXNyTDQ5TjJ6bERVWnJLbFA4THl2VU8vM0ZTZDJXWHNOZDRNTVFCejFyVHRYVGY5eWRQeGdoUUtCZ0FzRgptWEhvK0x3ekl2RTBsNG5pT0ljbEFobkpRTFlMdzYrS2xYbDRoSUVXSGJ2d1hhL1lRYkZVSzVXNmdXTTZSWW1TCkFHUnZKRzQ4dVJicXM5cUFrU0Qya2h5RFZBZTI0U2dhcjJPTzBsTWF0WmVqWFhRSzVxMGNJU21oMlVMd25TVkEKdGgxNWpLWGhEeE9TSnVIRUhWQ3dWUFBwTUVGaStXY0M0R3RPdmhONUFvR0FKbXdFSkR2QkZtL0t0SXlZMDhuQgpJSExkc1dSWmRXOXpNbHBsMVk2OTV1b21qS1hVMEwva3VDZ1QwRFVVVG1VK0Q3aGFZL2FQajB6MWpqR0JGcEQ0ClJ3cVA2dVJQTVhRMExLSG5IbmFQclJzanM2Q2xicVQ4ZU93dTRkeVpmYUtTS3VvbVpDZ1pkV2ZxWThVL21tbWIKT21vckhNeWJzWG0wWnJNaTZOemlzam89Ci0tLS0tRU5EIFBSSVZBVEUgS0VZLS0tLS0K \n\t \n\t\n\t\t\n\t\t\twan \n\t\t\t192.168.1.220 \n\t\t\tGW_WAN \n\t\t\t1 \n\t\t\tinet \n\t\t\tInterface wan Gateway \n\t\t \n\t\t\n\t\t\tlan \n\t\t\t192.168.1.220 \n\t\t\tGW_LAN \n\t\t\t1 \n\t\t\tinet \n\t\t\tInterface lan Gateway \n\t\t \n\t\tGW_WAN \n\t \n\t\n\t\t\n\t\t\tnmap \n\t\t\tNMap is a utility for network exploration or security auditing.&amp;amp;amp;amp;amp;amp;amp;amp;amp;amp;lt;br/&amp;amp;amp;amp;amp;amp;amp;amp;amp;amp;gt;\n\t\t\tIt supports ping scanning (determine which hosts are up), many port scanning techniques (determine what services the hosts are offering), version detection (determine what application/service is running on a port), and TCP/IP fingerprinting (remote host OS or device identification).\n\t\t\tIt also offers flexible target and port specification, decoy/stealth scanning, SunRPC scanning, and more. \n\t\t\t1.4.4_1 \n\t\t\thttps://doc.pfsense.org/index.php/Nmap_package \n\t\t\tnmap.xml \n\t\t\t/usr/local/pkg/nmap.inc \n\t\t \n\t\t\n\t\t\tiftop \n\t\t\thttps://forum.pfsense.org/ \n\t\t\tRealtime interface monitor (console/shell only). \n\t\t\thttp://www.ex-parrot.com/~pdw/iftop/ \n\t\t\t0.17_2 \n\t\t\tiftop.xml \n\t\t \n\t\t\n\t\t\tOpen-VM-Tools \n\t\t\tVMware Tools is a suite of utilities that enhances the performance of the virtual machine's guest operating system and improves management of the virtual machine. \n\t\t\thttp://open-vm-tools.sourceforge.net/ \n\t\t\t10.1.0,1 \n\t\t\thttps://doc.pfsense.org/index.php/Open_VM_Tools_package \n\t\t\topen-vm-tools.xml \n\t\t\t/usr/local/pkg/open-vm-tools.inc \n\t\t \n\t\t\n\t\t\tsquid3 \n\t\t\tsquid \n\t\t\tHigh performance web proxy cache (3.4 branch). It combines Squid as a proxy server with its capabilities of acting as a HTTP / HTTPS reverse proxy.&amp;amp;amp;amp;amp;amp;amp;amp;amp;amp;lt;br /&amp;amp;amp;amp;amp;amp;amp;amp;amp;amp;gt;\n\t\t\tIt includes an Exchange-Web-Access (OWA) Assistant, SSL filtering and antivirus integration via C-ICAP. \n\t\t\thttps://forum.pfsense.org/index.php?board=60.0 \n\t\t\thttp://www.squid-cache.org/ \n\t\t\t0.4.44_7 \n\t\t\tsquid.xml \n\t\t\tsquid_generate_rules \n\t\t\t\n\t\t\t\t\n\t\t\t\t\tGeneral \n\t\t\t\t\t/pkg_edit.php?xml=squid.xml&id=0 \n\t\t\t\t\t \n\t\t\t\t\n\t\t\t\t\tRemote Cache \n\t\t\t\t\t/pkg.php?xml=squid_upstream.xml \n\t\t\t\t \n\t\t\t\t\n\t\t\t\t\tLocal Cache \n\t\t\t\t\t/pkg_edit.php?xml=squid_cache.xml&id=0 \n\t\t\t\t \n\t\t\t\t\n\t\t\t\t\tAntivirus \n\t\t\t\t\t/pkg_edit.php?xml=squid_antivirus.xml&id=0 \n\t\t\t\t \n\t\t\t\t\n\t\t\t\t\tACLs \n\t\t\t\t\t/pkg_edit.php?xml=squid_nac.xml&id=0 \n\t\t\t\t \n\t\t\t\t\n\t\t\t\t\tTraffic Mgmt \n\t\t\t\t\t/pkg_edit.php?xml=squid_traffic.xml&id=0 \n\t\t\t\t \n\t\t\t\t\n\t\t\t\t\tAuthentication \n\t\t\t\t\t/pkg_edit.php?xml=squid_auth.xml&id=0 \n\t\t\t\t \n\t\t\t\t\n\t\t\t\t\tUsers \n\t\t\t\t\t/pkg.php?xml=squid_users.xml \n\t\t\t\t \n\t\t\t\t\n\t\t\t\t\tReal Time \n\t\t\t\t\t/squid_monitor.php \n\t\t\t\t \n\t\t\t\t\n\t\t\t\t\tSync \n\t\t\t\t\t/pkg_edit.php?xml=squid_sync.xml \n\t\t\t\t \n\t\t\t \n\t\t\t/usr/local/pkg/squid.inc \n\t\t \n\t\t\n\t\t\tNMap \n\t\t\t\n\t\t\tnmap.xml \n\t\t \n\t\t\n\t\t\tSquid Proxy Server \n\t\t\tModify the proxy server settings \n\t\t\t\n\t\t\t/pkg_edit.php?xml=squid.xml&id=0 \n\t\t \n\t\t\n\t\t\tSquid Reverse Proxy \n\t\t\tModify the reverse proxy server settings \n\t\t\t\n\t\t\t/pkg_edit.php?xml=squid_reverse_general.xml&id=0 \n\t\t \n\t\t\n\t\t\tvmware-guestd \n\t\t\tvmware-guestd.sh \n\t\t\tmwexec(\"/usr/local/etc/rc.d/vmware-guestd status\") == 0; \n\t\t\tVMware Guest Daemon \n\t\t \n\t\t\n\t\t\tvmware-kmod \n\t\t\tvmware-kmod.sh \n\t\t\tmwexec(\"/usr/local/etc/rc.d/vmware-kmod status\") == 0; \n\t\t\tVMware Kernel Modules \n\t\t \n\t\t\n\t\t\tsquid \n\t\t\tsquid.sh \n\t\t\tsquid \n\t\t\tSquid Proxy Server Service \n\t\t \n\t\t\n\t\t\tclamd \n\t\t\tclamd.sh \n\t\t\tclamd \n\t\t\tClamAV Antivirus \n\t\t \n\t\t\n\t\t\tc-icap \n\t\t\tc-icap.sh \n\t\t\tc-icap \n\t\t\tICAP Inteface for Squid and ClamAV integration \n\t\t \n\t\t\n\t\t\t\n\t\t\t\theap LFUDA \n\t\t\t\t90 \n\t\t\t\t95 \n\t\t\t\t100 \n\t\t\t\tufs \n\t\t\t\t16 \n\t\t\t\t/var/squid/cache \n\t\t\t\t0 \n\t\t\t\t4 \n\t\t\t\t64 \n\t\t\t\t256 \n\t\t\t\theap GDSF \n\t\t\t\t \n\t\t \n\t\t\n\t\t\t\n\t\t\t\tnone \n\t\t\t \n\t\t \n\t\t\n\t\t\t\n\t\t\t\ton \n\t\t\t\ton \n\t\t\t\tlan \n\t\t\t\t3128 \n\t\t\t\ton \n\t\t\t\tlan \n\t\t\t\tsplicewhitelist \n\t\t\t\tlan \n\t\t\t\tmodern \n\t\t\t\t2048 \n\t\t\t\tnone \n\t\t\t\t/var/squid/logs \n\t\t\t\tlocalhost \n\t\t\t\tadmin@localhost \n\t\t\t\ten \n\t\t\t\ton \n\t\t\t\tstrip \n\t\t\t\t \n\t\t \n\t\t\n\t\t\t\n\t\t\t\tLg== \n\t\t\t\t \n\t\t \n\t \n\t\n\t \n\t\n\t\t\n\t\t\tipalias \n\t\t\tlan \n\t\t\t5c0a4b6139b05 \n\t\t\tsingle \n\t\t\t24 \n\t\t\t10.255.2.254 \n\t\t \n\t\t\n\t\t\tipalias \n\t\t\tlan \n\t\t\t5c0a4bd391375 \n\t\t\tsingle \n\t\t\t24 \n\t\t\t10.255.3.254 \n\t\t \n\t \n\t\n\t\t\n\t\t\tpfSense \n\t\t\tacme.com \n\t\t \n\t \n\t\n\t\t\n\t\t\tvmx1 \n\t\t\t1100 \n\t\t\tvmx1.1100 \n\t\t \n\t \n \n"
},
{
"path": "tests/unit/plugins/modules/fixtures/pfsense_setup_config.xml",
"content": "\n\t18.9 \n\t\n\t\tnormal \n\t\tpfSense \n\t\tacme.com \n\t\ton \n\t\t\n\t\t\tall \n\t\t\tAll Users \n\t\t\tsystem \n\t\t\t1998 \n\t\t \n\t\t\n\t\t\tadmins \n\t\t\tSystem Administrators \n\t\t\tsystem \n\t\t\t1999 \n\t\t\t0 \n\t\t\tpage-all \n\t\t \n\t\t\n\t\t\tsystem \n\t\t\ttest \n\t\t\t \n\t\t\n\t\t\tsystem \n\t\t\tgroupe1 \n\t\t\t \n\t\t\n\t\t\tsystem \n\t\t\tgroupe2 \n\t\t\t \n\t\t\n\t\t\tadmin \n\t\t\tSystem Administrator \n\t\t\tsystem \n\t\t\tadmins \n\t\t\t$2y$10$AMCpA.Z.RNaferLp1yzFq.BvaGgfqaJKtQug7OErbocyNagsEK6xW \n\t\t\t0 \n\t\t\tuser-shell-access \n\t\t\t2 \n\t\t\tpfSense.css \n\t\t \n\t\t2000 \n\t\t2000 \n\t\t0.pfsense.pool.ntp.org \n\t\t\n\t\t\thttp \n\t\t\t5c00e5f9029df \n\t\t\t2 \n\t\t \n\t\tyes \n\t\t400000 \n\t\thadp \n\t\thadp \n\t\thadp \n\t\t\n\t\t\tmonthly \n\t\t \n\t\t\n\t\t\tenabled \n\t\t \n\t\tEtc/UTC \n\t \n\t\n\t\t\n\t\t\tvmx0 \n\t\t\twan \n\t\t\t192.168.240.137 \n\t\t\t32 \n\t\t\tSavedCfg \n\t\t\t24 \n\t\t\t \n\t\t\n\t\t\tvmx1 \n\t\t\tlan \n\t\t\t192.168.1.242 \n\t\t\t24 \n\t\t\t2001::2001:22 \n\t\t\t64 \n\t\t\t \n\t\t\n\t\t\tvmx2 \n\t\t\tvpn \n\t\t\t10.0.0.1 \n\t\t\t24 \n\t\t \n\t\t\n\t\t\tvmx3 \n\t\t\tvt1 \n\t\t\t \n\t\t\n\t\t\tlan_1100 \n\t\t\tvmx1.1100 \n\t\t\t172.16.151.210 \n\t\t\t24 \n\t\t \n\t\t\n\t\t\tvmx4 \n\t\t\tvt2 \n\t\t\tdhcp \n\t\t\t \n\t \n\t\n\t\t\n\t\t\t\n\t\t\t\t192.168.1.100 \n\t\t\t\t192.168.1.199 \n\t\t\t \n\t\t \n\t \n\t\n\t\t\n\t\t\t\n\t\t\t\t::1000 \n\t\t\t\t::2000 \n\t\t\t \n\t\t\tassist \n\t\t\tmedium \n\t\t \n\t \n\t\n\t\tpublic \n\t \n\t\n\t\t\n\t\t\t \n\t \n\t\n\t\t1 \n\t\t50 \n\t\tipv4 \n\t \n\t\n\t\t\n\t\t\tadvanced \n\t\t\t\n\t\t\t\t\n\t\t\t\t\tany \n\t\t\t\t \n\t\t\t\twan \n\t\t\t\t\n\t\t\t\t\t \n\t\t\t\t\n\t\t\t\t\t1544027052 \n\t\t\t\t\t \n\t\t\t\t\n\t\t\t\t\t1544027052 \n\t\t\t\t\t \n\t\t\t \n\t\t \n\t\t\n\t\t\t\n\t\t\t\t \n\t\t\t\n\t\t\t\twanip \n\t\t\t\t22022 \n\t\t\t \n\t\t\ttcp \n\t\t\t10.255.1.20 \n\t\t\t22 \n\t\t\twan \n\t\t\t\n\t\t\t\t1544085353 \n\t\t\t\t \n\t\t\t\n\t\t\t\t1544085353 \n\t\t\t\t \n\t\t \n\t \n\t\n\t\t\n\t\t\t\n\t\t\t\t\n\t\t\t\t\tfr1
\n\t\t\t\t\ttest_separator \n\t\t\t\t\tbg-info \n\t\t\t\t\tlan \n\t\t\t\t \n\t\t\t \n\t\t\t \n\t\t\n\t\t\t\t\t\t1560930241 \n\t\t\t\t\t\tmatch \n\t\t\t\t\t\tlan \n\t\t\t\t\t\tinet \n\t\t\t\t\t\tin \n\t\t\t\t\t\tyes \n\t\t\t\t\t\tyes \n\t\t\t\t\t\ttcp \n\t\t\t\t\t\t\n\t\t\t\t\t\t\tport_ssh \n\t\t\t\t\t\t \n\t\t\t\t\t\t\n\t\t\t\t\t\t\t \n\t\t\t\t\t\tfloating_rule_1 \n\t\t \n\t\t\n\t\t\t\t\t\t1560930241 \n\t\t\t\t\t\tmatch \n\t\t\t\t\t\tlan,wan,opt3 \n\t\t\t\t\t\tinet \n\t\t\t\t\t\tin \n\t\t\t\t\t\tyes \n\t\t\t\t\t\tyes \n\t\t\t\t\t\ttcp \n\t\t\t\t\t\t\n\t\t\t\t\t\t\t \n\t\t\t\t\t\t\n\t\t\t\t\t\t\tport_ssh \n\t\t\t\t\t\t \n\t\t\t\t\t\tfloating_rule_2 \n\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545574416 \n\t\t\t \n\t\t\ttcp \n\t\t\tantilock_out_1 \n\t\t\t\n\t\t\t\t1545574416 \n\t\t\t \n\t\t\t\n\t\t\t\tport_ssh \n\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\t \n\t\t\t1545574416 \n\t\t\twan \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545574416 \n\t\t\t \n\t\t\ttcp \n\t\t\tantilock_out_2 \n\t\t\t\n\t\t\t\t1545574416 \n\t\t\t \n\t\t\t\n\t\t\t\tport_http \n\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\t \n\t\t\t1545574416 \n\t\t\twan \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545574416 \n\t\t\t \n\t\t\ttcp \n\t\t\tantilock_out_3 \n\t\t\t\n\t\t\t\t1545574416 \n\t\t\t \n\t\t\t\n\t\t\t\t443 \n\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\t \n\t\t\t1545574416 \n\t\t\twan \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545574416 \n\t\t\t \n\t\t\ttcp \n\t\t\tantilock_out_1 \n\t\t\t\n\t\t\t\t1545574416 \n\t\t\t \n\t\t\t\n\t\t\t\tport_ssh \n\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\t \n\t\t\t1545574416 \n\t\t\tlan \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545574416 \n\t\t\t \n\t\t\ttcp \n\t\t\tantilock_out_2 \n\t\t\t\n\t\t\t\t1545574416 \n\t\t\t \n\t\t\t\n\t\t\t\tport_http \n\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\t \n\t\t\t1545574416 \n\t\t\tlan \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545574416 \n\t\t\t \n\t\t\ttcp \n\t\t\tantilock_out_3 \n\t\t\t\n\t\t\t\t1545574416 \n\t\t\t \n\t\t\t\n\t\t\t\t443 \n\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\t \n\t\t\t1545574416 \n\t\t\tlan \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545574416 \n\t\t\t \n\t\t\ttcp \n\t\t\tantilock_out_1 \n\t\t\t\n\t\t\t\t1545574416 \n\t\t\t \n\t\t\t\n\t\t\t\tport_ssh \n\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\t \n\t\t\t1545574416 \n\t\t\topt3 \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545574416 \n\t\t\t \n\t\t\ttcp \n\t\t\tantilock_out_2 \n\t\t\t\n\t\t\t\t1545574416 \n\t\t\t \n\t\t\t\n\t\t\t\tport_http \n\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\t \n\t\t\t1545574416 \n\t\t\topt3 \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545574416 \n\t\t\t \n\t\t\ttcp \n\t\t\tantilock_out_3 \n\t\t\t\n\t\t\t\t1545574416 \n\t\t\t \n\t\t\t\n\t\t\t\t443 \n\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\t \n\t\t\t1545574416 \n\t\t\topt3 \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\tudp \n\t\t\tvoid_conf_tftp_1 \n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\t\n\t\t\t\t69 \n\t\t\t\tlan_voip_poc2 \n\t\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\tipbx_poc3 \n\t\t\t\t \n\t\t\t1545602758 \n\t\t\topt3 \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\ticmp \n\t\t\tping_from_poc3_2 \n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\t\n\t\t\t\tsrv_admin \n\t\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\tlan_voip_poc3 \n\t\t\t\t \n\t\t\t1545602758 \n\t\t\topt3 \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\tudp \n\t\t\tvoid_conf_tftp_2 \n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\t\n\t\t\t\t69 \n\t\t\t\tlan_voip_poc1 \n\t\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\tipbx_poc3 \n\t\t\t\t \n\t\t\t1545602758 \n\t\t\topt3 \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545574416 \n\t\t\t \n\t\t\ttcp \n\t\t\tantilock_out_1 \n\t\t\t\n\t\t\t\t1545574416 \n\t\t\t \n\t\t\t\n\t\t\t\tport_ssh \n\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\t \n\t\t\t1545574416 \n\t\t\topt1 \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545574416 \n\t\t\t \n\t\t\ttcp \n\t\t\tantilock_out_2 \n\t\t\t\n\t\t\t\t1545574416 \n\t\t\t \n\t\t\t\n\t\t\t\tport_http \n\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\t \n\t\t\t1545574416 \n\t\t\topt1 \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545574416 \n\t\t\t \n\t\t\ttcp \n\t\t\tantilock_out_3 \n\t\t\t\n\t\t\t\t1545574416 \n\t\t\t \n\t\t\t\n\t\t\t\t443 \n\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\t \n\t\t\t1545574416 \n\t\t\topt1 \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\tudp \n\t\t\tvoid_conf_tftp_3 \n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\t\n\t\t\t\t69 \n\t\t\t\tlan_voip_poc3 \n\t\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\tipbx_poc2 \n\t\t\t\t \n\t\t\t1545602758 \n\t\t\topt1 \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\tudp \n\t\t\tads_to_ads_udp_3_1 \n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\t\n\t\t\t\tport_dns \n\t\t\t\tad_poc3 \n\t\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\tad_poc2 \n\t\t\t\t \n\t\t\t1545602758 \n\t\t\topt1 \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\tudp \n\t\t\tads_to_ads_udp_3_2 \n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\t\n\t\t\t\tport_ldap \n\t\t\t\tad_poc3 \n\t\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\tad_poc2 \n\t\t\t\t \n\t\t\t1545602758 \n\t\t\topt1 \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\tudp \n\t\t\tads_to_ads_udp_4_1 \n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\t\n\t\t\t\tport_dns \n\t\t\t\tad_poc3 \n\t\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\tad_poc1 \n\t\t\t\t \n\t\t\t1545602758 \n\t\t\topt1 \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\tudp \n\t\t\tads_to_ads_udp_4_2 \n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\t\n\t\t\t\tport_ldap \n\t\t\t\tad_poc3 \n\t\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\tad_poc1 \n\t\t\t\t \n\t\t\t1545602758 \n\t\t\topt1 \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\tudp \n\t\t\tvoid_conf_tftp_4 \n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\t\n\t\t\t\t69 \n\t\t\t\tlan_voip_poc3 \n\t\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\tipbx_poc1 \n\t\t\t\t \n\t\t\t1545602758 \n\t\t\topt1 \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\ttcp \n\t\t\tads_to_ads_tcp_4_1 \n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\t\n\t\t\t\tport_dns \n\t\t\t\tad_poc3 \n\t\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\tad_poc1 \n\t\t\t\t \n\t\t\t1545602758 \n\t\t\topt1 \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\ttcp \n\t\t\tads_to_ads_tcp_4_2 \n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\t\n\t\t\t\tport_ldap \n\t\t\t\tad_poc3 \n\t\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\tad_poc1 \n\t\t\t\t \n\t\t\t1545602758 \n\t\t\topt1 \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\ttcp \n\t\t\tads_to_ads_tcp_4_3 \n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\t\n\t\t\t\tport_ldap_ssl \n\t\t\t\tad_poc3 \n\t\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\tad_poc1 \n\t\t\t\t \n\t\t\t1545602758 \n\t\t\topt1 \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\tadmin_bypass \n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\t\n\t\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\tsrv_admin \n\t\t\t\t \n\t\t\t1545602758 \n\t\t\topt1 \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\ttcp \n\t\t\tads_to_ads_tcp_3_1 \n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\t\n\t\t\t\tport_dns \n\t\t\t\tad_poc3 \n\t\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\tad_poc2 \n\t\t\t\t \n\t\t\t1545602758 \n\t\t\topt1 \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\ttcp \n\t\t\tads_to_ads_tcp_3_2 \n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\t\n\t\t\t\tport_ldap \n\t\t\t\tad_poc3 \n\t\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\tad_poc2 \n\t\t\t\t \n\t\t\t1545602758 \n\t\t\topt1 \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\ttcp \n\t\t\tads_to_ads_tcp_3_3 \n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\t\n\t\t\t\tport_ldap_ssl \n\t\t\t\tad_poc3 \n\t\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\tad_poc2 \n\t\t\t\t \n\t\t\t1545602758 \n\t\t\topt1 \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t \n\t\n\t\t\n\t\t\tport \n\t\t\tport_ssh \n\t\t\t22 \n\t\t \n\t\t\n\t\t\tport \n\t\t\tport_http \n\t\t\t80 \n\t\t \n\t\t\n\t\t\thost \n\t\t\tsrv_admin \n\t\t\t192.168.1.165 \n\t\t \n\t\t\n\t\t\tport \n\t\t\tport_dns \n\t\t\t51 \n\t\t \n\t\t\n\t\t\tport \n\t\t\tport_ldap \n\t\t\t389 \n\t\t \n\t\t\n\t\t\tport \n\t\t\tport_ldap_ssl \n\t\t\t636 \n\t\t \n\t\n\t\t\tnetwork \n\t\t\tlan_voip_poc2 \n\t\t\t172.16.2.0/24 \n\t\t\t \n\t\t\n\t\t\tnetwork \n\t\t\tlan_voip_poc3 \n\t\t\t172.16.3.0/24 \n\t\t\t \n\t\t\n\t\t\tnetwork \n\t\t\tlan_voip_poc1 \n\t\t\t172.16.1.0/24 \n\t\t\t \n\t\t\n\t\t\thost \n\t\t\tad_poc3 \n\t\t\t192.168.3.3 \n\t\t\t \n\t\t\n\t\t\thost \n\t\t\tad_poc2 \n\t\t\t192.168.2.3 \n\t\t\t \n\t\t\n\t\t\thost \n\t\t\tad_poc1 \n\t\t\t192.168.1.3 \n\t\t\t \n\t\t\n\t\t\tnetwork \n\t\t\tlan_data_poc3 \n\t\t\t192.168.3.0/24 \n\t\t\t \n\t\t\n\t\t\thost \n\t\t\tipbx_poc3 \n\t\t\t172.16.3.3 \n\t\t\t \n\t\t\n\t\t\thost \n\t\t\tipbx_poc2 \n\t\t\t172.16.2.3 \n\t\t\t \n\t\t\n\t\t\thost \n\t\t\tipbx_poc1 \n\t\t\t172.16.1.3 \n\t\t\t \n\t\t\n\t\t\thttp://www.acme-corp.com \n\t\t\turltable \n\t\t\t10 \n\t\t\thttp://www.acme-corp.com \n\t\t\tacme_corp \n\t\t\t \n\t\t \n\t\n\t\t- \n\t\t\t
1,31 \n\t\t\t0-5 \n\t\t\t* \n\t\t\t* \n\t\t\t* \n\t\t\troot \n\t\t\t/usr/bin/nice -n20 adjkerntz -a \n\t\t \n\t\t- \n\t\t\t
1 \n\t\t\t3 \n\t\t\t1 \n\t\t\t* \n\t\t\t* \n\t\t\troot \n\t\t\t/usr/bin/nice -n20 /etc/rc.update_bogons.sh \n\t\t \n\t\t- \n\t\t\t
*/60 \n\t\t\t* \n\t\t\t* \n\t\t\t* \n\t\t\t* \n\t\t\troot \n\t\t\t/usr/bin/nice -n20 /usr/local/sbin/expiretable -v -t 3600 sshguard \n\t\t \n\t\t- \n\t\t\t
*/60 \n\t\t\t* \n\t\t\t* \n\t\t\t* \n\t\t\t* \n\t\t\troot \n\t\t\t/usr/bin/nice -n20 /usr/local/sbin/expiretable -v -t 3600 webConfiguratorlockout \n\t\t \n\t\t- \n\t\t\t
1 \n\t\t\t1 \n\t\t\t* \n\t\t\t* \n\t\t\t* \n\t\t\troot \n\t\t\t/usr/bin/nice -n20 /etc/rc.dyndns.update \n\t\t \n\t\t- \n\t\t\t
*/60 \n\t\t\t* \n\t\t\t* \n\t\t\t* \n\t\t\t* \n\t\t\troot \n\t\t\t/usr/bin/nice -n20 /usr/local/sbin/expiretable -v -t 3600 virusprot \n\t\t \n\t\t- \n\t\t\t
30 \n\t\t\t12 \n\t\t\t* \n\t\t\t* \n\t\t\t* \n\t\t\troot \n\t\t\t/usr/bin/nice -n20 /etc/rc.update_urltables \n\t\t \n\t\t- \n\t\t\t
1 \n\t\t\t0 \n\t\t\t* \n\t\t\t* \n\t\t\t* \n\t\t\troot \n\t\t\t/usr/bin/nice -n20 /etc/rc.update_pkg_metadata \n\t\t \n\t\t- \n\t\t\t
0 \n\t\t\t0 \n\t\t\t* \n\t\t\t* \n\t\t\t* \n\t\t\troot \n\t\t\t/usr/local/sbin/squid -k rotate -f /usr/local/etc/squid/squid.conf \n\t\t \n\t\t- \n\t\t\t
15 \n\t\t\t0 \n\t\t\t* \n\t\t\t* \n\t\t\t* \n\t\t\troot \n\t\t\t/usr/local/pkg/swapstate_check.php \n\t\t \n\t \n\t\n\t\t \n\t\n\t\t\n\t\t\tICMP \n\t\t\ticmp \n\t\t\tICMP \n\t\t\t \n\t\t\n\t\t\tTCP \n\t\t\ttcp \n\t\t\tGeneric TCP \n\t\t\t \n\t\t\n\t\t\tHTTP \n\t\t\thttp \n\t\t\tGeneric HTTP \n\t\t\t\n\t\t\t\t/ \n\t\t\t\t200\n\t\t\t \n\t\t \n\t\t\n\t\t\tHTTPS \n\t\t\thttps \n\t\t\tGeneric HTTPS \n\t\t\t\n\t\t\t\t/ \n\t\t\t\t200\n\t\t\t \n\t\t \n\t\t\n\t\t\tSMTP \n\t\t\tsend \n\t\t\tGeneric SMTP \n\t\t\t\n\t\t\t\t220 * \n\t\t\t \n\t\t \n\t \n\t\n\t\tsystem_information:col1:open:0,interfaces:col2:open:0 \n\t\t10 \n\t \n\t\n\t\t \n\t\n\t\t1545602758 \n\t\taggregated change \n\t\t \n\t\n\t\t5c00e5f9029df \n\t\twebConfigurator default (5c00e5f9029df) \n\t\tserver \n\t\tLS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUVlakNDQTJLZ0F3SUJBZ0lCQURBTkJna3Foa2lHOXcwQkFRc0ZBREJhTVRnd05nWURWUVFLRXk5d1psTmwKYm5ObElIZGxZa052Ym1acFozVnlZWFJ2Y2lCVFpXeG1MVk5wWjI1bFpDQkRaWEowYVdacFkyRjBaVEVlTUJ3RwpBMVVFQXhNVmNHWlRaVzV6WlMwMVl6QXdaVFZtT1RBeU9XUm1NQjRYRFRFNE1URXpNREEzTWpVME5Wb1hEVEkwCk1EVXlNakEzTWpVME5Wb3dXakU0TURZR0ExVUVDaE12Y0daVFpXNXpaU0IzWldKRGIyNW1hV2QxY21GMGIzSWcKVTJWc1ppMVRhV2R1WldRZ1EyVnlkR2xtYVdOaGRHVXhIakFjQmdOVkJBTVRGWEJtVTJWdWMyVXROV013TUdVMQpaamt3TWpsa1pqQ0NBU0l3RFFZSktvWklodmNOQVFFQkJRQURnZ0VQQURDQ0FRb0NnZ0VCQU9SRHNBV1hlMitrCmtuUFpBUGxBUG1QUUl6RVBDaXBQdXJ4dmE4c0psSCtiNitKRzl4bnpreXptaVR5SFc0M0tmZzVKNzhCdG1jTmQKWlgvZHlyckZ6dlNiQnZpa21lWk9MdGVaejVaaGFOdkxsbjBxRWZibEFwbWdkUS9Nck42eURoTWNZYWN6SEduTwpTaHdFRWZoMHhuOGo5VEFCMG9vT0JyU2dINnpkTjF2YVFIZzBJeDhIa0toUzY5eDRoV3g2WUUrRE9UQk00NUcwCkNVbitUVzNTSytQaU5QaFExT2tyRHlKL21ZLzdmVXpRZkg1bk5ZcEtNZUE2cVZxdUZTa1g0a0RVRlFwOHNoNG4KMXR5QmtJM2gvTFRpTW5uNjhBMXhKOFdrVW8yUWNxNmNuR0hqL0VGbkVKWWRraTVsYUtDWG5wS0Y0c2hrZHJaVgpRN21ybithUHg5OENBd0VBQWFPQ0FVa3dnZ0ZGTUFrR0ExVWRFd1FDTUFBd0VRWUpZSVpJQVliNFFnRUJCQVFECkFnWkFNQXNHQTFVZER3UUVBd0lGb0RBekJnbGdoa2dCaHZoQ0FRMEVKaFlrVDNCbGJsTlRUQ0JIWlc1bGNtRjAKWldRZ1UyVnlkbVZ5SUVObGNuUnBabWxqWVhSbE1CMEdBMVVkRGdRV0JCU3Qra3hud054UlFGT2pXVTljekRwegp4elRYd2pDQmdnWURWUjBqQkhzd2VZQVVyZnBNWjhEY1VVQlRvMWxQWE13NmM4YzAxOEtoWHFSY01Gb3hPREEyCkJnTlZCQW9UTDNCbVUyVnVjMlVnZDJWaVEyOXVabWxuZFhKaGRHOXlJRk5sYkdZdFUybG5ibVZrSUVObGNuUnAKWm1sallYUmxNUjR3SEFZRFZRUURFeFZ3WmxObGJuTmxMVFZqTURCbE5XWTVNREk1WkdhQ0FRQXdIUVlEVlIwbApCQll3RkFZSUt3WUJCUVVIQXdFR0NDc0dBUVVGQ0FJQ01DQUdBMVVkRVFRWk1CZUNGWEJtVTJWdWMyVXROV013Ck1HVTFaamt3TWpsa1pqQU5CZ2txaGtpRzl3MEJBUXNGQUFPQ0FRRUEzZHhIRWR5SkpWeC9od0t3WGlwcXYrY04KWFpSQ3Q1NUFHbnNGeXZIcG5Rb3pxYzV1ZFdKSTFUcGF1TGNaZjF6OFM1cXQyUDd3V1BndFhnZ3BIWmgydUlqagpha2ZpV0JIQnorS3Q2Qjl5K2hmVTVPRHUwSXMrcHJyWngyM0ZNNjVCOFNiMGlmUlMvZXFTTFpHTHcvLzdhRVJ2CnVpOUhKOXRuemhRYklMb1VwUUQ5MTRLNERldXdJYXZ4dldMTElwMGsreWNoSTczV2NGR1VZVlJpanFNekhlcUcKY2RLRDVtbXZQTk1OYXdESVhuU3pldVpQMTkvVmhuc0J0Y3hiYzNMQ2RSR1VJS0ZNN2syK0xoaEZrdks1NjhlNQozalpNZjNSVWhQaTlFeEF2Vmw3blVyd1l4UU45TXhHMUJzZmNrYldNd1dUL3lFMHFnRHcrT2M4b21SSW9tZz09Ci0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K \n\t\tLS0tLS1CRUdJTiBQUklWQVRFIEtFWS0tLS0tCk1JSUV2UUlCQURBTkJna3Foa2lHOXcwQkFRRUZBQVNDQktjd2dnU2pBZ0VBQW9JQkFRRGtRN0FGbDN0dnBKSnoKMlFENVFENWowQ014RHdvcVQ3cThiMnZMQ1pSL20rdmlSdmNaODVNczVvazhoMXVOeW40T1NlL0FiWm5EWFdWLwozY3E2eGM3MG13YjRwSm5tVGk3WG1jK1dZV2pieTVaOUtoSDI1UUtab0hVUHpLemVzZzRUSEdHbk14eHB6a29jCkJCSDRkTVovSS9Vd0FkS0tEZ2Ewb0IrczNUZGIya0I0TkNNZkI1Q29VdXZjZUlWc2VtQlBnemt3VE9PUnRBbEoKL2sxdDBpdmo0alQ0VU5UcEt3OGlmNW1QKzMxTTBIeCtaeldLU2pIZ09xbGFyaFVwRitKQTFCVUtmTEllSjliYwpnWkNONGZ5MDRqSjUrdkFOY1NmRnBGS05rSEt1bkp4aDQveEJaeENXSFpJdVpXaWdsNTZTaGVMSVpIYTJWVU81CnE1L21qOGZmQWdNQkFBRUNnZ0VCQUpmblI1TmhESjd1T1J2cEZKSEtvL3BPZjZ6ZElsbW45MUFCSWczYkVUeWUKcWFwS3FaUldtT0d2aFRLSHJYQzlpWWUrd2xNZlhNMDdNUm1Yb3BzS21rQURqdThXc3VnbHJWeURHamNzR2RqegpNZkdYZHA4RUplZlFkVGFQY1pjOWpNcEEvK2VCeHUzT2Yxa0hpR0g4YkVBZDBNUWk0bFpISVVWQXJmT2V2NEZhCmlaTEJGdTEzY0pCMEJNbzJUZU9JZDQ1R0p3OXVTQWd3Q1VuZWQ5WG42SlkremI3cVRKUE1qQkdlYWY0L0E5UnMKV29nWW85ZUtYaTF3YmFRcGthdUZINWx2U29jckRsQWRiaERiam00c0lIdzJtQUwwSUk0d1YzVTJLbUhFMEg3Nwp2b1M0dUdHNW1BZFZ0elRDTnZOa09YMC9WVWdNMTJ1eHllZVZ4c3FaTkxFQ2dZRUEvcFhJR2hDNlhkVkNNNDk1CkVsR1RENW4zUXdUOTZXZkNRQ0w2cXlaK1UwUHNla0dDV2pXTWt3R2tHbWl1ZkVKdFN2VFl2d1NzcUZpaTZsdlkKNXRKSkR3dEd4ZW0weEF0SWc3RlNuUVcvdDNWcExXOE9QVmFXQ0lOSXJKSHc3L2tOZ2RpVmNBWXpiN05DUGtjVgptTEs5aSt6bXpKMmkrbE9vaFVKRlE5aVZEQWNDZ1lFQTVZaDFHYWlGMUl6UzRVdE9pZklLcjZ3bW40MEQ3ZEVmClF5SXF5d3JSTVcya1BxVkViaVBCVkM3dUxUeUlKMWdwVDhPakl3WFlrOUlRdW01ZW42TTc2aXlxYmUrY3JhdE8KbEliK3pLL2RBNzZuUjBHOGJ2eVBmMS9FbU5vL0J1ZUZldWQyaWNacWhMd25HUkxUL0FPQktkMTZ4ZGtoSjdkVwo5WWRsbmliL0gya0NnWUJqaC8rQllVVGJab0xKVWJCTjN5S1ZtT1k0aDMwVmdZRktQZUt1Z3hBa1VZdmtpRFFFClBLZEcyZjlrYThTN3crU2l4M0x0eTFBTlNRbjRnZ3djd2QzYVNkaFRpL2ttSkJzbmtXM3hBY3hnVjBEVmlIT1MKdTRWUXNyTDQ5TjJ6bERVWnJLbFA4THl2VU8vM0ZTZDJXWHNOZDRNTVFCejFyVHRYVGY5eWRQeGdoUUtCZ0FzRgptWEhvK0x3ekl2RTBsNG5pT0ljbEFobkpRTFlMdzYrS2xYbDRoSUVXSGJ2d1hhL1lRYkZVSzVXNmdXTTZSWW1TCkFHUnZKRzQ4dVJicXM5cUFrU0Qya2h5RFZBZTI0U2dhcjJPTzBsTWF0WmVqWFhRSzVxMGNJU21oMlVMd25TVkEKdGgxNWpLWGhEeE9TSnVIRUhWQ3dWUFBwTUVGaStXY0M0R3RPdmhONUFvR0FKbXdFSkR2QkZtL0t0SXlZMDhuQgpJSExkc1dSWmRXOXpNbHBsMVk2OTV1b21qS1hVMEwva3VDZ1QwRFVVVG1VK0Q3aGFZL2FQajB6MWpqR0JGcEQ0ClJ3cVA2dVJQTVhRMExLSG5IbmFQclJzanM2Q2xicVQ4ZU93dTRkeVpmYUtTS3VvbVpDZ1pkV2ZxWThVL21tbWIKT21vckhNeWJzWG0wWnJNaTZOemlzam89Ci0tLS0tRU5EIFBSSVZBVEUgS0VZLS0tLS0K \n\t \n\t\n\t\t\n\t\t\twan \n\t\t\t192.168.1.220 \n\t\t\tGW_WAN \n\t\t\t1 \n\t\t\tinet \n\t\t\tInterface wan Gateway \n\t\t \n\t\t\n\t\t\tlan \n\t\t\t192.168.1.220 \n\t\t\tGW_LAN \n\t\t\t1 \n\t\t\tinet \n\t\t\tInterface lan Gateway \n\t\t \n\t\t\n\t\t\tlan \n\t\t\t2001::1 \n\t\t\tGW_LAN6 \n\t\t\t1 \n\t\t\tinet6 \n\t\t\tInterface lan Gateway \n\t\t \n\t\tGW_WAN \n\t \n\t\n\t\t\n\t\t\tnmap \n\t\t\tNMap is a utility for network exploration or security auditing.&amp;amp;amp;amp;amp;amp;amp;amp;amp;amp;lt;br/&amp;amp;amp;amp;amp;amp;amp;amp;amp;amp;gt;\n\t\t\tIt supports ping scanning (determine which hosts are up), many port scanning techniques (determine what services the hosts are offering), version detection (determine what application/service is running on a port), and TCP/IP fingerprinting (remote host OS or device identification).\n\t\t\tIt also offers flexible target and port specification, decoy/stealth scanning, SunRPC scanning, and more. \n\t\t\t1.4.4_1 \n\t\t\thttps://doc.pfsense.org/index.php/Nmap_package \n\t\t\tnmap.xml \n\t\t\t/usr/local/pkg/nmap.inc \n\t\t \n\t\t\n\t\t\tiftop \n\t\t\thttps://forum.pfsense.org/ \n\t\t\tRealtime interface monitor (console/shell only). \n\t\t\thttp://www.ex-parrot.com/~pdw/iftop/ \n\t\t\t0.17_2 \n\t\t\tiftop.xml \n\t\t \n\t\t\n\t\t\tOpen-VM-Tools \n\t\t\tVMware Tools is a suite of utilities that enhances the performance of the virtual machine's guest operating system and improves management of the virtual machine. \n\t\t\thttp://open-vm-tools.sourceforge.net/ \n\t\t\t10.1.0,1 \n\t\t\thttps://doc.pfsense.org/index.php/Open_VM_Tools_package \n\t\t\topen-vm-tools.xml \n\t\t\t/usr/local/pkg/open-vm-tools.inc \n\t\t \n\t\t\n\t\t\tsquid3 \n\t\t\tsquid \n\t\t\tHigh performance web proxy cache (3.4 branch). It combines Squid as a proxy server with its capabilities of acting as a HTTP / HTTPS reverse proxy.&amp;amp;amp;amp;amp;amp;amp;amp;amp;amp;lt;br /&amp;amp;amp;amp;amp;amp;amp;amp;amp;amp;gt;\n\t\t\tIt includes an Exchange-Web-Access (OWA) Assistant, SSL filtering and antivirus integration via C-ICAP. \n\t\t\thttps://forum.pfsense.org/index.php?board=60.0 \n\t\t\thttp://www.squid-cache.org/ \n\t\t\t0.4.44_7 \n\t\t\tsquid.xml \n\t\t\tsquid_generate_rules \n\t\t\t\n\t\t\t\t\n\t\t\t\t\tGeneral \n\t\t\t\t\t/pkg_edit.php?xml=squid.xml&id=0 \n\t\t\t\t\t \n\t\t\t\t\n\t\t\t\t\tRemote Cache \n\t\t\t\t\t/pkg.php?xml=squid_upstream.xml \n\t\t\t\t \n\t\t\t\t\n\t\t\t\t\tLocal Cache \n\t\t\t\t\t/pkg_edit.php?xml=squid_cache.xml&id=0 \n\t\t\t\t \n\t\t\t\t\n\t\t\t\t\tAntivirus \n\t\t\t\t\t/pkg_edit.php?xml=squid_antivirus.xml&id=0 \n\t\t\t\t \n\t\t\t\t\n\t\t\t\t\tACLs \n\t\t\t\t\t/pkg_edit.php?xml=squid_nac.xml&id=0 \n\t\t\t\t \n\t\t\t\t\n\t\t\t\t\tTraffic Mgmt \n\t\t\t\t\t/pkg_edit.php?xml=squid_traffic.xml&id=0 \n\t\t\t\t \n\t\t\t\t\n\t\t\t\t\tAuthentication \n\t\t\t\t\t/pkg_edit.php?xml=squid_auth.xml&id=0 \n\t\t\t\t \n\t\t\t\t\n\t\t\t\t\tUsers \n\t\t\t\t\t/pkg.php?xml=squid_users.xml \n\t\t\t\t \n\t\t\t\t\n\t\t\t\t\tReal Time \n\t\t\t\t\t/squid_monitor.php \n\t\t\t\t \n\t\t\t\t\n\t\t\t\t\tSync \n\t\t\t\t\t/pkg_edit.php?xml=squid_sync.xml \n\t\t\t\t \n\t\t\t \n\t\t\t/usr/local/pkg/squid.inc \n\t\t \n\t\t\n\t\t\tNMap \n\t\t\t\n\t\t\tnmap.xml \n\t\t \n\t\t\n\t\t\tSquid Proxy Server \n\t\t\tModify the proxy server settings \n\t\t\t\n\t\t\t/pkg_edit.php?xml=squid.xml&id=0 \n\t\t \n\t\t\n\t\t\tSquid Reverse Proxy \n\t\t\tModify the reverse proxy server settings \n\t\t\t\n\t\t\t/pkg_edit.php?xml=squid_reverse_general.xml&id=0 \n\t\t \n\t\t\n\t\t\tvmware-guestd \n\t\t\tvmware-guestd.sh \n\t\t\tmwexec(\"/usr/local/etc/rc.d/vmware-guestd status\") == 0; \n\t\t\tVMware Guest Daemon \n\t\t \n\t\t\n\t\t\tvmware-kmod \n\t\t\tvmware-kmod.sh \n\t\t\tmwexec(\"/usr/local/etc/rc.d/vmware-kmod status\") == 0; \n\t\t\tVMware Kernel Modules \n\t\t \n\t\t\n\t\t\tsquid \n\t\t\tsquid.sh \n\t\t\tsquid \n\t\t\tSquid Proxy Server Service \n\t\t \n\t\t\n\t\t\tclamd \n\t\t\tclamd.sh \n\t\t\tclamd \n\t\t\tClamAV Antivirus \n\t\t \n\t\t\n\t\t\tc-icap \n\t\t\tc-icap.sh \n\t\t\tc-icap \n\t\t\tICAP Inteface for Squid and ClamAV integration \n\t\t \n\t\t\n\t\t\t\n\t\t\t\theap LFUDA \n\t\t\t\t90 \n\t\t\t\t95 \n\t\t\t\t100 \n\t\t\t\tufs \n\t\t\t\t16 \n\t\t\t\t/var/squid/cache \n\t\t\t\t0 \n\t\t\t\t4 \n\t\t\t\t64 \n\t\t\t\t256 \n\t\t\t\theap GDSF \n\t\t\t\t \n\t\t \n\t\t\n\t\t\t\n\t\t\t\tnone \n\t\t\t \n\t\t \n\t\t\n\t\t\t\n\t\t\t\ton \n\t\t\t\ton \n\t\t\t\tlan \n\t\t\t\t3128 \n\t\t\t\ton \n\t\t\t\tlan \n\t\t\t\tsplicewhitelist \n\t\t\t\tlan \n\t\t\t\tmodern \n\t\t\t\t2048 \n\t\t\t\tnone \n\t\t\t\t/var/squid/logs \n\t\t\t\tlocalhost \n\t\t\t\tadmin@localhost \n\t\t\t\ten \n\t\t\t\ton \n\t\t\t\tstrip \n\t\t\t\t \n\t\t \n\t\t\n\t\t\t\n\t\t\t\tLg== \n\t\t\t\t \n\t\t \n\t \n\t\n\t \n\t\n\t\t\n\t\t\tipalias \n\t\t\tlan \n\t\t\t5c0a4b6139b05 \n\t\t\tsingle \n\t\t\t24 \n\t\t\t10.255.2.254 \n\t\t \n\t\t\n\t\t\tipalias \n\t\t\tlan \n\t\t\t5c0a4bd391375 \n\t\t\tsingle \n\t\t\t24 \n\t\t\t10.255.3.254 \n\t\t \n\t \n\t\n\t\t\n\t\t\tpfSense \n\t\t\tacme.com \n\t\t \n\t \n\t\n\t\t\n\t\t\tvmx0 \n\t\t\t100 \n\t\t\tvmx0.100 \n\t\t \n\t\t\n\t\t\tvmx1 \n\t\t\t100 \n\t\t\tvmx1.100 \n\t\t \n\t\t\n\t\t\tvmx1 \n\t\t\t1100 \n\t\t\tvmx1.1100 \n\t\t \n\t\t\n\t\t\tvmx2 \n\t\t\t1100 \n\t\t\tvmx2.1100 \n\t\t \n\t \n \n"
},
{
"path": "tests/unit/plugins/modules/fixtures/pfsense_syslog_config.xml",
"content": "\n\t18.9 \n\t\n\t\t1545602758 \n\t\taggregated change \n\t\t \n\t\n\t\t\n\t\t\tvmx0 \n\t\t\twan \n\t\t\t192.168.240.137 \n\t\t\t24 \n\t\t\t \n\t\t\n\t\t\tvmx1 \n\t\t\tlan \n\t\t\t192.168.1.242 \n\t\t\t24 \n\t\t\t2001::2001:22 \n\t\t\t64 \n\t\t\t \n\t\t\n\t\t\tvmx2 \n\t\t\tvpn \n\t\t\t10.0.0.1 \n\t\t\t24 \n\t\t \n\t\t\n\t\t\tvmx3 \n\t\t\tvt1 \n\t\t\t \n\t\t\n\t\t\tlan_1100 \n\t\t\tvmx1.1100 \n\t\t\t172.16.151.210 \n\t\t\t24 \n\t\t \n\t\t\n\t\t\tvmx4 \n\t\t\tvt2 \n\t\t\tdhcp \n\t\t\t \n\t \n\t\n\t\t1 \n\t\t50 \n\t\tipv4 \n\t \n\t\n\t\t\n\t\t\tipalias \n\t\t\tlan \n\t\t\t5c0a4b6139b05 \n\t\t\tsingle \n\t\t\t24 \n\t\t\t10.255.2.254 \n\t\t \n\t\t\n\t\t\tipalias \n\t\t\tlan \n\t\t\t5c0a4bd391375 \n\t\t\tsingle \n\t\t\t24 \n\t\t\t10.255.3.254 \n\t\t \n\t \n \n"
},
{
"path": "tests/unit/plugins/modules/fixtures/pfsense_user_config.xml",
"content": "\n\n\t19.1 \n\t\n\t\tnormal \n\t\tpfSense \n\t\tlocaldomain \n\t\t\n\t\t\tall \n\t\t\tsystem \n\t\t\t1998 \n\t\t\t0 \n\t\t \n\t\t\n\t\t\tadmins \n\t\t\tsystem \n\t\t\t1999 \n\t\t\t0 \n\t\t\tpage-all \n\t\t \n\t\t\n\t\t\tadmin \n\t\t\tsystem \n\t\t\tadmins \n\t\t\t$2b$10$13u6qwCOwODv34GyCMgdWub6oQF3RX0rG7c3d3X4JvzuEmAXLYDd2 \n\t\t\t0 \n\t\t\tuser-shell-access \n\t\t \n\t\t\n\t\t\ttestdel \n\t\t\tall \n\t\t\t2000 \n\t\t\tuser \n\t\t\t$2b$12$D2jkq4Iut3ODUBN0BCrDk.bV3J5N.MrY5YEnGvTXwxeNBkyxjbbtW \n\t\t\tpage-dashboard-all \n\t\t \n\t\t2001 \n\t\t2000 \n\t\t0.pfsense.pool.ntp.org \n\t\t\n\t\t\thttps \n\t\t\t5cf09a99bf5fe \n\t\t \n\t\tyes \n\t\t400000 \n\t\thadp \n\t\thadp \n\t\thadp \n\t\t\n\t\t\tmonthly \n\t\t \n\t\t\n\t\t\tenabled \n\t\t \n\t \n\t\n\t\t\n\t\t\tre0 \n\t\t\tdhcp \n\t\t\tdhcp6 \n\t\t\t0 \n\t\t \n\t\t\n\t\t\tre1 \n\t\t\t192.168.100.2 \n\t\t\t24 \n\t\t\twan \n\t\t\t0 \n\t\t\t \n\t \n\t\n\t\t\n\t\t\t\n\t\t\t\t192.168.1.100 \n\t\t\t\t192.168.1.199 \n\t\t\t \n\t\t \n\t \n\t\n\t\t\n\t\t\t\n\t\t\t\t::1000 \n\t\t\t\t::2000 \n\t\t\t \n\t\t\tassist \n\t\t\tmedium \n\t\t \n\t \n\t\n\t\tpublic \n\t \n\t\n\t\t\n\t\t\t \n\t \n\t\n\t\t1 \n\t \n\t\n\t\t\n\t\t\tautomatic \n\t\t \n\t \n\t\n\t\t\n\t\t\tpass \n\t\t\tinet \n\t\t\tlan \n\t\t\t0100000101 \n\t\t\t\n\t\t\t\tlan \n\t\t\t \n\t\t\t\n\t\t\t\t \n\t\t \n\t\t\n\t\t\tpass \n\t\t\tinet6 \n\t\t\tlan \n\t\t\t0100000102 \n\t\t\t\n\t\t\t\tlan \n\t\t\t \n\t\t\t\n\t\t\t\t \n\t\t \n\t \n\t\n\t\t- \n\t\t\t
1,31 \n\t\t\t0-5 \n\t\t\t* \n\t\t\t* \n\t\t\t* \n\t\t\troot \n\t\t\t/usr/bin/nice -n20 adjkerntz -a \n\t\t \n\t\t- \n\t\t\t
1 \n\t\t\t3 \n\t\t\t1 \n\t\t\t* \n\t\t\t* \n\t\t\troot \n\t\t\t/usr/bin/nice -n20 /etc/rc.update_bogons.sh \n\t\t \n\t\t- \n\t\t\t
1 \n\t\t\t1 \n\t\t\t* \n\t\t\t* \n\t\t\t* \n\t\t\troot \n\t\t\t/usr/bin/nice -n20 /etc/rc.dyndns.update \n\t\t \n\t\t- \n\t\t\t
*/60 \n\t\t\t* \n\t\t\t* \n\t\t\t* \n\t\t\t* \n\t\t\troot \n\t\t\t/usr/bin/nice -n20 /usr/local/sbin/expiretable -v -t 3600 virusprot \n\t\t \n\t\t- \n\t\t\t
30 \n\t\t\t12 \n\t\t\t* \n\t\t\t* \n\t\t\t* \n\t\t\troot \n\t\t\t/usr/bin/nice -n20 /etc/rc.update_urltables \n\t\t \n\t\t- \n\t\t\t
1 \n\t\t\t0 \n\t\t\t* \n\t\t\t* \n\t\t\t* \n\t\t\troot \n\t\t\t/usr/bin/nice -n20 /etc/rc.update_pkg_metadata \n\t\t \n\t \n\t\n\t\t \n\t\n\t\t\n\t\t\tICMP \n\t\t\ticmp \n\t\t\t \n\t\t\n\t\t\tTCP \n\t\t\ttcp \n\t\t\t \n\t\t\n\t\t\tHTTP \n\t\t\thttp \n\t\t\t\n\t\t\t\t/ \n\t\t\t\t200\n\t\t\t \n\t\t \n\t\t\n\t\t\tHTTPS \n\t\t\thttps \n\t\t\t\n\t\t\t\t/ \n\t\t\t\t200\n\t\t\t \n\t\t \n\t\t\n\t\t\tSMTP \n\t\t\tsend \n\t\t\t\n\t\t\t\t220 * \n\t\t\t \n\t\t \n\t \n\t\n\t\tsystem_information:col1:show,netgate_services_and_support:col2:show,interfaces:col2:show \n\t\t10 \n\t \n\t\n\t\t \n\t\n\t\t1559272298 \n\t\t(system) \n\t \n\t\n\t\t5cf09a99bf5fe \n\t\tserver \n\t\tLS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUVlakNDQTJLZ0F3SUJBZ0lCQURBTkJna3Foa2lHOXcwQkFRc0ZBREJhTVRnd05nWURWUVFLRXk5d1psTmwKYm5ObElIZGxZa052Ym1acFozVnlZWFJ2Y2lCVFpXeG1MVk5wWjI1bFpDQkRaWEowYVdacFkyRjBaVEVlTUJ3RwpBMVVFQXhNVmNHWlRaVzV6WlMwMVkyWXdPV0U1T1dKbU5XWmxNQjRYRFRFNU1EVXpNVEF6TURnd09Wb1hEVEkwCk1URXlNREF6TURnd09Wb3dXakU0TURZR0ExVUVDaE12Y0daVFpXNXpaU0IzWldKRGIyNW1hV2QxY21GMGIzSWcKVTJWc1ppMVRhV2R1WldRZ1EyVnlkR2xtYVdOaGRHVXhIakFjQmdOVkJBTVRGWEJtVTJWdWMyVXROV05tTURsaApPVGxpWmpWbVpUQ0NBU0l3RFFZSktvWklodmNOQVFFQkJRQURnZ0VQQURDQ0FRb0NnZ0VCQUt6QW91N1I0TW5VCjlWUlhQYkZyK2NRVXhtdGNKdDNpbjAvbFppRGh6ZjNVV0hnTHVRdHBoL2NMMUZIdlFwdzZzazlFRzY5RjREdTUKL2IweElnS1B2YlVFcVpJeit0aEkvZ09LZ29GRTJ1dERxcW8xSnh6SzliVzdVdHVnZWlxUnEyT1hLaGh5ZUNKcQo5OEEwL3l4VitqNkJDbmpNeVVGS2krQjJpcVNnSG1JQVkySHVRcklsb3ZwMGZuTUpkeWRjOGNzVHh0aUJUODh4Cko3K0locDJrSGNDcUtIRGg0bjVYOEdUek54YmxreTJERXBkYkdsUWcyRE1JQm9hTmRnMXpVdUx1cnV2LzVoWkIKQ2JyWjBRNXpRaWVGdU13ZnMrNEdPVW9kS201ZFJJM3YwT0NRd05JUnZVZVpDTUFhTFJVNVdvT0hzMUUzb3RjaAorNlZ3RnVaNndrOENBd0VBQWFPQ0FVa3dnZ0ZGTUFrR0ExVWRFd1FDTUFBd0VRWUpZSVpJQVliNFFnRUJCQVFECkFnWkFNQXNHQTFVZER3UUVBd0lGb0RBekJnbGdoa2dCaHZoQ0FRMEVKaFlrVDNCbGJsTlRUQ0JIWlc1bGNtRjAKWldRZ1UyVnlkbVZ5SUVObGNuUnBabWxqWVhSbE1CMEdBMVVkRGdRV0JCUUd2bSs0NWxFUW5oSDVOaHhFRk9YWQpxWVZ1ZnpDQmdnWURWUjBqQkhzd2VZQVVCcjV2dU9aUkVKNFIrVFljUkJUbDJLbUZibitoWHFSY01Gb3hPREEyCkJnTlZCQW9UTDNCbVUyVnVjMlVnZDJWaVEyOXVabWxuZFhKaGRHOXlJRk5sYkdZdFUybG5ibVZrSUVObGNuUnAKWm1sallYUmxNUjR3SEFZRFZRUURFeFZ3WmxObGJuTmxMVFZqWmpBNVlUazVZbVkxWm1XQ0FRQXdIUVlEVlIwbApCQll3RkFZSUt3WUJCUVVIQXdFR0NDc0dBUVVGQ0FJQ01DQUdBMVVkRVFRWk1CZUNGWEJtVTJWdWMyVXROV05tCk1EbGhPVGxpWmpWbVpUQU5CZ2txaGtpRzl3MEJBUXNGQUFPQ0FRRUFiTjJPL2hwcjU5bC9XclJIQlhvTjJDSFYKQi9ra0VwUVVuRXhrSzVNUkJGYTV5ODVLSk5Eb09HL0R5UlVNRFR4VENkVnQrdlpQS0ZveUJXRFdDdGt3YTJScgo1Z1BDb21TUk5mUWhyV1ZtYkhSd0VNTyt6OXkxS1AzU3JhZ0tIeVdTM3lFY25wU1NRY1B1M3hhaERDNERtclJzCjMvNytBMTk2SEJxRjlBc25oUjFDZWpBcm4rSFR5dUdOQk5udGtqUktPN01NcDVxaHlZbkV3SVk5SVQ0TzFIeHYKOEtFTTdBUGRmRS93VUFvZGxET0F5RFRIRFpid2Z1eCtoOURRTGNBRE1sRi9IdzF0Y2UvcHJLek9LT3h6YmdlQQpWZ2pQVmxNbVJqQ2lJa2JNL3BPeWNObENDTzAxczQzbFJzcU5VRzFaLzBjakFzeEw0c0ltUlErQkI2dXdDUT09Ci0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K \n\t\tLS0tLS1CRUdJTiBQUklWQVRFIEtFWS0tLS0tCk1JSUV2d0lCQURBTkJna3Foa2lHOXcwQkFRRUZBQVNDQktrd2dnU2xBZ0VBQW9JQkFRQ3N3S0x1MGVESjFQVlUKVnoyeGEvbkVGTVpyWENiZDRwOVA1V1lnNGMzOTFGaDRDN2tMYVlmM0M5UlI3MEtjT3JKUFJCdXZSZUE3dWYyOQpNU0lDajcyMUJLbVNNL3JZU1A0RGlvS0JSTnJyUTZxcU5TY2N5dlcxdTFMYm9Ib3FrYXRqbHlvWWNuZ2lhdmZBCk5QOHNWZm8rZ1FwNHpNbEJTb3ZnZG9xa29CNWlBR05oN2tLeUphTDZkSDV6Q1hjblhQSExFOGJZZ1UvUE1TZS8KaUlhZHBCM0FxaWh3NGVKK1YvQms4emNXNVpNdGd4S1hXeHBVSU5nekNBYUdqWFlOYzFMaTdxN3IvK1lXUVFtNgoyZEVPYzBJbmhiak1IN1B1QmpsS0hTcHVYVVNONzlEZ2tNRFNFYjFIbVFqQUdpMFZPVnFEaDdOUk42TFhJZnVsCmNCYm1lc0pQQWdNQkFBRUNnZ0VCQUtzVzFjY0VZVVpDL1AyY3NXTG45eU4xRjlYNEhCNGdkWHRoVERaQXJBdzUKbzZ5d240Rm44TnFCQXJScTYyTmkxbm1la0hTVUZiSFJVRFZ4VmFlSHlIQmd2N2dtZHNhQjgrQjU2eW92a1VqegphVERORjRGeW1NcDFUV2hxbE5OWUZZKzZoRnhWOGhqVUs2NVdUbW9RZEpnMm9MSm16dU0wK3pkQTc2cC9VZGZuCnZkSzZVbDFWSi9WcEhFaEhSS1duSk9uTE1nRU1KS1oxT0NjRTFXOExHU08zY3QvM0VkWi9IRWU2TkZqOXArZTgKTmplTWNpSVduaTE1aTM3ai9LL1FBcFJQcUh5cDBhdUUzR0ZQckhPWjdsUHhlYlZjTExwSEFINWNuc0VyWkJXTApnSWlQcGkxTytrL01wb0h0RklHK25aSXpVdjFzeldrVjg4TjhtcHMrd2FFQ2dZRUExLzZXYVJlVk1GbnFPd0YvCm9UbUJNVTl0TnQ5U1NacTF2RlpNcFVkZk5wMmY0c0ZZNFE2U1gzeFptUEFHQkMyMDBWQWoxbmVlNlBOUTBuclgKSVIvSFJjelNpQXA3R3ZqakRjcGdQaWc2SHdpZHVVM1lvelhKSFdzaHFIVVMrTlo4b0VmUFBld0tvK3hTMmwxdwo2NG5ZR09RcHc0ZTFibURqbEJYOC9CcTBlcGtDZ1lFQXpMKzVDN1EwQmVKZExzOWZOQmFvWFhVRUlHNXhjZmNTCmJHbDFjbzNDN3h2WCtWQXNZYkVWV0hiYk40TVdmVWpSMGhuYStRM2dyaVZvdmZ5K0FqNWovMkFMM2dIY0U1UmMKU2Q0VVA4aG5YdmhST3M5cTNMblZUYVFaZktKY09KTm82VGtMeXZacVJjdmNTWHJDK21tQXc5a0c4SUNFeWZ4VApBV2lmTHk0VzNTY0NnWUVBbWtGRGdnSkpsYUpoV1lxVWI3djF2QldSVmVMZmpabGp1UUdZODJDcGF3UGZMNzROCmo0MHNrK3ptd0FhTEJXanUvWjFTT3RSck5NcXdLZUY0eWpzN3dXbXA0V1k2ek9SNm8xcW9xVHRwWnNoc2UrNVEKalI3WVpwNGdCNEswN2VtZ1Q0ZDVSaXZRM1lqbEV2WXdzc1piQWt2UVY4Z1BscWl6WHdybEJkYThsZUVDZ1lBbgpSVmFlc2crUVdWeDZEL2c0cTJmYmxRZ1htRmRWL29lZ0Y1SVpTS3RzNVRCRmQyVXJ6NlZDZEhtVGFpYzBISFZ5CkVOZDVFWHBZcklBc2dIK0pPcUkvWnhLZm9FZXYwYkxwMEJpZUt6ZjRkVFJQVFYwM3ZNVDJ3VlRLSFBJSFArN04KWE0yd1BoY2dEL3ZPZENkVmxFcklSYVlaRnUxaE9HNUxSTi9UVXNtNzNRS0JnUUNVeFFmY2RyZnZwL0ZSanlkUQpPaUJWWm1JOGFsVXg5SklhZlBjaU5WWlZBZFJnamVEVlVFUTljTklxcDlnd0F4cVVVQ1U3OW9wNWtwbzJoMkZaClBIaFRZaHlpanRxQ09hNWxHdnZTYjg4aWE1Z2xleE1zL2M1bmc0d3RlWHVpSWtqd0lTUmhMWGxCOTU3a2hvSEkKczFnbEp2YTM4MEM0Yk0rcFJhbWdqVlY4blE9PQotLS0tLUVORCBQUklWQVRFIEtFWS0tLS0tCg== \n\t \n \n"
},
{
"path": "tests/unit/plugins/modules/fixtures/pfsense_vlan_config.xml",
"content": "\n\t18.9 \n\t\n\t\tnormal \n\t\tpfSense \n\t\tacme.com \n\t\ton \n\t\t\n\t\t\tall \n\t\t\tAll Users \n\t\t\tsystem \n\t\t\t1998 \n\t\t \n\t\t\n\t\t\tadmins \n\t\t\tSystem Administrators \n\t\t\tsystem \n\t\t\t1999 \n\t\t\t0 \n\t\t\tpage-all \n\t\t \n\t\t\n\t\t\tsystem \n\t\t\ttest \n\t\t\t \n\t\t\n\t\t\tsystem \n\t\t\tgroupe1 \n\t\t\t \n\t\t\n\t\t\tsystem \n\t\t\tgroupe2 \n\t\t\t \n\t\t\n\t\t\tadmin \n\t\t\tSystem Administrator \n\t\t\tsystem \n\t\t\tadmins \n\t\t\t$2y$10$AMCpA.Z.RNaferLp1yzFq.BvaGgfqaJKtQug7OErbocyNagsEK6xW \n\t\t\t0 \n\t\t\tuser-shell-access \n\t\t\t2 \n\t\t\tpfSense.css \n\t\t \n\t\t2000 \n\t\t2000 \n\t\t0.pfsense.pool.ntp.org \n\t\t\n\t\t\thttp \n\t\t\t5c00e5f9029df \n\t\t\t2 \n\t\t \n\t\tyes \n\t\t400000 \n\t\thadp \n\t\thadp \n\t\thadp \n\t\t\n\t\t\tmonthly \n\t\t \n\t\t\n\t\t\tenabled \n\t\t \n\t\tEtc/UTC \n\t \n\t\n\t\t\n\t\t\tvmx0 \n\t\t\twan \n\t\t\t192.168.240.137 \n\t\t\t32 \n\t\t\tSavedCfg \n\t\t\t24 \n\t\t\t \n\t\t\n\t\t\tvmx1 \n\t\t\tlan \n\t\t\t192.168.1.242 \n\t\t\t24 \n\t\t\t \n\t\t\n\t\t\tvmx2 \n\t\t\tvpn \n\t\t\t10.0.0.1 \n\t\t\t24 \n\t\t \n\t\t\n\t\t\tvmx3 \n\t\t\tvt1 \n\t\t\t \n\t\t\n\t\t\tlan_100 \n\t\t\tvmx1.1100 \n\t\t\t172.16.151.210 \n\t\t\t24 \n\t\t \n\t \n\t\n\t\t\n\t\t\t\n\t\t\t\t192.168.1.100 \n\t\t\t\t192.168.1.199 \n\t\t\t \n\t\t \n\t \n\t\n\t\t\n\t\t\t\n\t\t\t\t::1000 \n\t\t\t\t::2000 \n\t\t\t \n\t\t\tassist \n\t\t\tmedium \n\t\t \n\t \n\t\n\t\tpublic \n\t \n\t\n\t\t\n\t\t\t \n\t \n\t\n\t\t1 \n\t\t50 \n\t\tipv4 \n\t \n\t\n\t\t\n\t\t\tadvanced \n\t\t\t\n\t\t\t\t\n\t\t\t\t\tany \n\t\t\t\t \n\t\t\t\twan \n\t\t\t\t\n\t\t\t\t\t \n\t\t\t\t\n\t\t\t\t\t1544027052 \n\t\t\t\t\t \n\t\t\t\t\n\t\t\t\t\t1544027052 \n\t\t\t\t\t \n\t\t\t \n\t\t \n\t\t\n\t\t\t\n\t\t\t\t \n\t\t\t\n\t\t\t\twanip \n\t\t\t\t22022 \n\t\t\t \n\t\t\ttcp \n\t\t\t10.255.1.20 \n\t\t\t22 \n\t\t\twan \n\t\t\t\n\t\t\t\t1544085353 \n\t\t\t\t \n\t\t\t\n\t\t\t\t1544085353 \n\t\t\t\t \n\t\t \n\t \n\t\n\t\t\n\t\t\t\n\t\t\t\t\n\t\t\t\t\tfr1
\n\t\t\t\t\ttest_separator \n\t\t\t\t\tbg-info \n\t\t\t\t\tlan \n\t\t\t\t \n\t\t\t \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545574416 \n\t\t\t \n\t\t\ttcp \n\t\t\tantilock_out_1 \n\t\t\t\n\t\t\t\t1545574416 \n\t\t\t \n\t\t\t\n\t\t\t\tport_ssh \n\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\t \n\t\t\t1545574416 \n\t\t\twan \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545574416 \n\t\t\t \n\t\t\ttcp \n\t\t\tantilock_out_2 \n\t\t\t\n\t\t\t\t1545574416 \n\t\t\t \n\t\t\t\n\t\t\t\tport_http \n\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\t \n\t\t\t1545574416 \n\t\t\twan \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545574416 \n\t\t\t \n\t\t\ttcp \n\t\t\tantilock_out_3 \n\t\t\t\n\t\t\t\t1545574416 \n\t\t\t \n\t\t\t\n\t\t\t\t443 \n\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\t \n\t\t\t1545574416 \n\t\t\twan \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545574416 \n\t\t\t \n\t\t\ttcp \n\t\t\tantilock_out_1 \n\t\t\t\n\t\t\t\t1545574416 \n\t\t\t \n\t\t\t\n\t\t\t\tport_ssh \n\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\t \n\t\t\t1545574416 \n\t\t\tlan \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545574416 \n\t\t\t \n\t\t\ttcp \n\t\t\tantilock_out_2 \n\t\t\t\n\t\t\t\t1545574416 \n\t\t\t \n\t\t\t\n\t\t\t\tport_http \n\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\t \n\t\t\t1545574416 \n\t\t\tlan \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545574416 \n\t\t\t \n\t\t\ttcp \n\t\t\tantilock_out_3 \n\t\t\t\n\t\t\t\t1545574416 \n\t\t\t \n\t\t\t\n\t\t\t\t443 \n\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\t \n\t\t\t1545574416 \n\t\t\tlan \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\ticmp \n\t\t\tping_from_poc3_1 \n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\t\n\t\t\t\tsrv_admin \n\t\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\tlan_data_poc3 \n\t\t\t\t \n\t\t\t1545602758 \n\t\t\tlan \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\tudp \n\t\t\tads_to_ads_udp_1_1 \n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\t\n\t\t\t\tport_dns \n\t\t\t\tad_poc2 \n\t\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\tad_poc3 \n\t\t\t\t \n\t\t\t1545602758 \n\t\t\tlan \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\tudp \n\t\t\tads_to_ads_udp_1_2 \n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\t\n\t\t\t\tport_ldap \n\t\t\t\tad_poc2 \n\t\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\tad_poc3 \n\t\t\t\t \n\t\t\t1545602758 \n\t\t\tlan \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\tudp \n\t\t\tads_to_ads_udp_2_1 \n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\t\n\t\t\t\tport_dns \n\t\t\t\tad_poc1 \n\t\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\tad_poc3 \n\t\t\t\t \n\t\t\t1545602758 \n\t\t\tlan \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\tudp \n\t\t\tads_to_ads_udp_2_2 \n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\t\n\t\t\t\tport_ldap \n\t\t\t\tad_poc1 \n\t\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\tad_poc3 \n\t\t\t\t \n\t\t\t1545602758 \n\t\t\tlan \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\ttcp \n\t\t\tads_to_ads_tcp_1_1 \n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\t\n\t\t\t\tport_dns \n\t\t\t\tad_poc2 \n\t\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\tad_poc3 \n\t\t\t\t \n\t\t\t1545602758 \n\t\t\tlan \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\ttcp \n\t\t\tads_to_ads_tcp_1_2 \n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\t\n\t\t\t\tport_ldap \n\t\t\t\tad_poc2 \n\t\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\tad_poc3 \n\t\t\t\t \n\t\t\t1545602758 \n\t\t\tlan \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\ttcp \n\t\t\tads_to_ads_tcp_1_3 \n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\t\n\t\t\t\tport_ldap_ssl \n\t\t\t\tad_poc2 \n\t\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\tad_poc3 \n\t\t\t\t \n\t\t\t1545602758 \n\t\t\tlan \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\ttcp \n\t\t\tads_to_ads_tcp_2_1 \n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\t\n\t\t\t\tport_dns \n\t\t\t\tad_poc1 \n\t\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\tad_poc3 \n\t\t\t\t \n\t\t\t1545602758 \n\t\t\tlan \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\ttcp \n\t\t\tads_to_ads_tcp_2_2 \n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\t\n\t\t\t\tport_ldap \n\t\t\t\tad_poc1 \n\t\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\tad_poc3 \n\t\t\t\t \n\t\t\t1545602758 \n\t\t\tlan \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\ttcp \n\t\t\tads_to_ads_tcp_2_3 \n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\t\n\t\t\t\tport_ldap_ssl \n\t\t\t\tad_poc1 \n\t\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\tad_poc3 \n\t\t\t\t \n\t\t\t1545602758 \n\t\t\tlan \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545574416 \n\t\t\t \n\t\t\ttcp \n\t\t\tantilock_out_1 \n\t\t\t\n\t\t\t\t1545574416 \n\t\t\t \n\t\t\t\n\t\t\t\tport_ssh \n\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\t \n\t\t\t1545574416 \n\t\t\topt3 \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545574416 \n\t\t\t \n\t\t\ttcp \n\t\t\tantilock_out_2 \n\t\t\t\n\t\t\t\t1545574416 \n\t\t\t \n\t\t\t\n\t\t\t\tport_http \n\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\t \n\t\t\t1545574416 \n\t\t\topt3 \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545574416 \n\t\t\t \n\t\t\ttcp \n\t\t\tantilock_out_3 \n\t\t\t\n\t\t\t\t1545574416 \n\t\t\t \n\t\t\t\n\t\t\t\t443 \n\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\t \n\t\t\t1545574416 \n\t\t\topt3 \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\tudp \n\t\t\tvoid_conf_tftp_1 \n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\t\n\t\t\t\t69 \n\t\t\t\tlan_voip_poc2 \n\t\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\tipbx_poc3 \n\t\t\t\t \n\t\t\t1545602758 \n\t\t\topt3 \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\ticmp \n\t\t\tping_from_poc3_2 \n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\t\n\t\t\t\tsrv_admin \n\t\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\tlan_voip_poc3 \n\t\t\t\t \n\t\t\t1545602758 \n\t\t\topt3 \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\tudp \n\t\t\tvoid_conf_tftp_2 \n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\t\n\t\t\t\t69 \n\t\t\t\tlan_voip_poc1 \n\t\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\tipbx_poc3 \n\t\t\t\t \n\t\t\t1545602758 \n\t\t\topt3 \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545574416 \n\t\t\t \n\t\t\ttcp \n\t\t\tantilock_out_1 \n\t\t\t\n\t\t\t\t1545574416 \n\t\t\t \n\t\t\t\n\t\t\t\tport_ssh \n\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\t \n\t\t\t1545574416 \n\t\t\topt1 \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545574416 \n\t\t\t \n\t\t\ttcp \n\t\t\tantilock_out_2 \n\t\t\t\n\t\t\t\t1545574416 \n\t\t\t \n\t\t\t\n\t\t\t\tport_http \n\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\t \n\t\t\t1545574416 \n\t\t\topt1 \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545574416 \n\t\t\t \n\t\t\ttcp \n\t\t\tantilock_out_3 \n\t\t\t\n\t\t\t\t1545574416 \n\t\t\t \n\t\t\t\n\t\t\t\t443 \n\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\t \n\t\t\t1545574416 \n\t\t\topt1 \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\tudp \n\t\t\tvoid_conf_tftp_3 \n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\t\n\t\t\t\t69 \n\t\t\t\tlan_voip_poc3 \n\t\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\tipbx_poc2 \n\t\t\t\t \n\t\t\t1545602758 \n\t\t\topt1 \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\tudp \n\t\t\tads_to_ads_udp_3_1 \n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\t\n\t\t\t\tport_dns \n\t\t\t\tad_poc3 \n\t\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\tad_poc2 \n\t\t\t\t \n\t\t\t1545602758 \n\t\t\topt1 \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\tudp \n\t\t\tads_to_ads_udp_3_2 \n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\t\n\t\t\t\tport_ldap \n\t\t\t\tad_poc3 \n\t\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\tad_poc2 \n\t\t\t\t \n\t\t\t1545602758 \n\t\t\topt1 \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\tudp \n\t\t\tads_to_ads_udp_4_1 \n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\t\n\t\t\t\tport_dns \n\t\t\t\tad_poc3 \n\t\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\tad_poc1 \n\t\t\t\t \n\t\t\t1545602758 \n\t\t\topt1 \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\tudp \n\t\t\tads_to_ads_udp_4_2 \n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\t\n\t\t\t\tport_ldap \n\t\t\t\tad_poc3 \n\t\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\tad_poc1 \n\t\t\t\t \n\t\t\t1545602758 \n\t\t\topt1 \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\tudp \n\t\t\tvoid_conf_tftp_4 \n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\t\n\t\t\t\t69 \n\t\t\t\tlan_voip_poc3 \n\t\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\tipbx_poc1 \n\t\t\t\t \n\t\t\t1545602758 \n\t\t\topt1 \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\ttcp \n\t\t\tads_to_ads_tcp_4_1 \n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\t\n\t\t\t\tport_dns \n\t\t\t\tad_poc3 \n\t\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\tad_poc1 \n\t\t\t\t \n\t\t\t1545602758 \n\t\t\topt1 \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\ttcp \n\t\t\tads_to_ads_tcp_4_2 \n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\t\n\t\t\t\tport_ldap \n\t\t\t\tad_poc3 \n\t\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\tad_poc1 \n\t\t\t\t \n\t\t\t1545602758 \n\t\t\topt1 \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\ttcp \n\t\t\tads_to_ads_tcp_4_3 \n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\t\n\t\t\t\tport_ldap_ssl \n\t\t\t\tad_poc3 \n\t\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\tad_poc1 \n\t\t\t\t \n\t\t\t1545602758 \n\t\t\topt1 \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\tadmin_bypass \n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\t\n\t\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\tsrv_admin \n\t\t\t\t \n\t\t\t1545602758 \n\t\t\topt1 \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\ttcp \n\t\t\tads_to_ads_tcp_3_1 \n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\t\n\t\t\t\tport_dns \n\t\t\t\tad_poc3 \n\t\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\tad_poc2 \n\t\t\t\t \n\t\t\t1545602758 \n\t\t\topt1 \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\ttcp \n\t\t\tads_to_ads_tcp_3_2 \n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\t\n\t\t\t\tport_ldap \n\t\t\t\tad_poc3 \n\t\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\tad_poc2 \n\t\t\t\t \n\t\t\t1545602758 \n\t\t\topt1 \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t\n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\ttcp \n\t\t\tads_to_ads_tcp_3_3 \n\t\t\t\n\t\t\t\t1545602758 \n\t\t\t\t \n\t\t\t\n\t\t\t\tport_ldap_ssl \n\t\t\t\tad_poc3 \n\t\t\t\t \n\t\t\tkeep state \n\t\t\t\n\t\t\t\tad_poc2 \n\t\t\t\t \n\t\t\t1545602758 \n\t\t\topt1 \n\t\t\tinet \n\t\t\tpass \n\t\t\t \n\t\t \n\t\n\t\t\n\t\t\tport \n\t\t\tport_ssh \n\t\t\t22 \n\t\t \n\t\t\n\t\t\tport \n\t\t\tport_http \n\t\t\t80 \n\t\t \n\t\t\n\t\t\thost \n\t\t\tsrv_admin \n\t\t\t192.168.1.165 \n\t\t \n\t\t\n\t\t\tport \n\t\t\tport_dns \n\t\t\t51 \n\t\t \n\t\t\n\t\t\tport \n\t\t\tport_ldap \n\t\t\t389 \n\t\t \n\t\t\n\t\t\tport \n\t\t\tport_ldap_ssl \n\t\t\t636 \n\t\t \n\t\n\t\t\tnetwork \n\t\t\tlan_voip_poc2 \n\t\t\t172.16.2.0/24 \n\t\t\t \n\t\t\n\t\t\tnetwork \n\t\t\tlan_voip_poc3 \n\t\t\t172.16.3.0/24 \n\t\t\t \n\t\t\n\t\t\tnetwork \n\t\t\tlan_voip_poc1 \n\t\t\t172.16.1.0/24 \n\t\t\t \n\t\t\n\t\t\thost \n\t\t\tad_poc3 \n\t\t\t192.168.3.3 \n\t\t\t \n\t\t\n\t\t\thost \n\t\t\tad_poc2 \n\t\t\t192.168.2.3 \n\t\t\t \n\t\t\n\t\t\thost \n\t\t\tad_poc1 \n\t\t\t192.168.1.3 \n\t\t\t \n\t\t\n\t\t\tnetwork \n\t\t\tlan_data_poc3 \n\t\t\t192.168.3.0/24 \n\t\t\t \n\t\t\n\t\t\thost \n\t\t\tipbx_poc3 \n\t\t\t172.16.3.3 \n\t\t\t \n\t\t\n\t\t\thost \n\t\t\tipbx_poc2 \n\t\t\t172.16.2.3 \n\t\t\t \n\t\t\n\t\t\thost \n\t\t\tipbx_poc1 \n\t\t\t172.16.1.3 \n\t\t\t \n\t\t\n\t\t\thttp://www.acme-corp.com \n\t\t\turltable \n\t\t\t10 \n\t\t\thttp://www.acme-corp.com \n\t\t\tacme_corp \n\t\t\t \n\t\t \n\t\n\t\t- \n\t\t\t
1,31 \n\t\t\t0-5 \n\t\t\t* \n\t\t\t* \n\t\t\t* \n\t\t\troot \n\t\t\t/usr/bin/nice -n20 adjkerntz -a \n\t\t \n\t\t- \n\t\t\t
1 \n\t\t\t3 \n\t\t\t1 \n\t\t\t* \n\t\t\t* \n\t\t\troot \n\t\t\t/usr/bin/nice -n20 /etc/rc.update_bogons.sh \n\t\t \n\t\t- \n\t\t\t
*/60 \n\t\t\t* \n\t\t\t* \n\t\t\t* \n\t\t\t* \n\t\t\troot \n\t\t\t/usr/bin/nice -n20 /usr/local/sbin/expiretable -v -t 3600 sshguard \n\t\t \n\t\t- \n\t\t\t
*/60 \n\t\t\t* \n\t\t\t* \n\t\t\t* \n\t\t\t* \n\t\t\troot \n\t\t\t/usr/bin/nice -n20 /usr/local/sbin/expiretable -v -t 3600 webConfiguratorlockout \n\t\t \n\t\t- \n\t\t\t
1 \n\t\t\t1 \n\t\t\t* \n\t\t\t* \n\t\t\t* \n\t\t\troot \n\t\t\t/usr/bin/nice -n20 /etc/rc.dyndns.update \n\t\t \n\t\t- \n\t\t\t
*/60 \n\t\t\t* \n\t\t\t* \n\t\t\t* \n\t\t\t* \n\t\t\troot \n\t\t\t/usr/bin/nice -n20 /usr/local/sbin/expiretable -v -t 3600 virusprot \n\t\t \n\t\t- \n\t\t\t
30 \n\t\t\t12 \n\t\t\t* \n\t\t\t* \n\t\t\t* \n\t\t\troot \n\t\t\t/usr/bin/nice -n20 /etc/rc.update_urltables \n\t\t \n\t\t- \n\t\t\t
1 \n\t\t\t0 \n\t\t\t* \n\t\t\t* \n\t\t\t* \n\t\t\troot \n\t\t\t/usr/bin/nice -n20 /etc/rc.update_pkg_metadata \n\t\t \n\t\t- \n\t\t\t
0 \n\t\t\t0 \n\t\t\t* \n\t\t\t* \n\t\t\t* \n\t\t\troot \n\t\t\t/usr/local/sbin/squid -k rotate -f /usr/local/etc/squid/squid.conf \n\t\t \n\t\t- \n\t\t\t
15 \n\t\t\t0 \n\t\t\t* \n\t\t\t* \n\t\t\t* \n\t\t\troot \n\t\t\t/usr/local/pkg/swapstate_check.php \n\t\t \n\t \n\t\n\t\t \n\t\n\t\t\n\t\t\tICMP \n\t\t\ticmp \n\t\t\tICMP \n\t\t\t \n\t\t\n\t\t\tTCP \n\t\t\ttcp \n\t\t\tGeneric TCP \n\t\t\t \n\t\t\n\t\t\tHTTP \n\t\t\thttp \n\t\t\tGeneric HTTP \n\t\t\t\n\t\t\t\t/ \n\t\t\t\t200\n\t\t\t \n\t\t \n\t\t\n\t\t\tHTTPS \n\t\t\thttps \n\t\t\tGeneric HTTPS \n\t\t\t\n\t\t\t\t/ \n\t\t\t\t200\n\t\t\t \n\t\t \n\t\t\n\t\t\tSMTP \n\t\t\tsend \n\t\t\tGeneric SMTP \n\t\t\t\n\t\t\t\t220 * \n\t\t\t \n\t\t \n\t \n\t\n\t\tsystem_information:col1:open:0,interfaces:col2:open:0 \n\t\t10 \n\t \n\t\n\t\t \n\t\n\t\t1545602758 \n\t\taggregated change \n\t\t \n\t\n\t\t5c00e5f9029df \n\t\twebConfigurator default (5c00e5f9029df) \n\t\tserver \n\t\tLS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUVlakNDQTJLZ0F3SUJBZ0lCQURBTkJna3Foa2lHOXcwQkFRc0ZBREJhTVRnd05nWURWUVFLRXk5d1psTmwKYm5ObElIZGxZa052Ym1acFozVnlZWFJ2Y2lCVFpXeG1MVk5wWjI1bFpDQkRaWEowYVdacFkyRjBaVEVlTUJ3RwpBMVVFQXhNVmNHWlRaVzV6WlMwMVl6QXdaVFZtT1RBeU9XUm1NQjRYRFRFNE1URXpNREEzTWpVME5Wb1hEVEkwCk1EVXlNakEzTWpVME5Wb3dXakU0TURZR0ExVUVDaE12Y0daVFpXNXpaU0IzWldKRGIyNW1hV2QxY21GMGIzSWcKVTJWc1ppMVRhV2R1WldRZ1EyVnlkR2xtYVdOaGRHVXhIakFjQmdOVkJBTVRGWEJtVTJWdWMyVXROV013TUdVMQpaamt3TWpsa1pqQ0NBU0l3RFFZSktvWklodmNOQVFFQkJRQURnZ0VQQURDQ0FRb0NnZ0VCQU9SRHNBV1hlMitrCmtuUFpBUGxBUG1QUUl6RVBDaXBQdXJ4dmE4c0psSCtiNitKRzl4bnpreXptaVR5SFc0M0tmZzVKNzhCdG1jTmQKWlgvZHlyckZ6dlNiQnZpa21lWk9MdGVaejVaaGFOdkxsbjBxRWZibEFwbWdkUS9Nck42eURoTWNZYWN6SEduTwpTaHdFRWZoMHhuOGo5VEFCMG9vT0JyU2dINnpkTjF2YVFIZzBJeDhIa0toUzY5eDRoV3g2WUUrRE9UQk00NUcwCkNVbitUVzNTSytQaU5QaFExT2tyRHlKL21ZLzdmVXpRZkg1bk5ZcEtNZUE2cVZxdUZTa1g0a0RVRlFwOHNoNG4KMXR5QmtJM2gvTFRpTW5uNjhBMXhKOFdrVW8yUWNxNmNuR0hqL0VGbkVKWWRraTVsYUtDWG5wS0Y0c2hrZHJaVgpRN21ybithUHg5OENBd0VBQWFPQ0FVa3dnZ0ZGTUFrR0ExVWRFd1FDTUFBd0VRWUpZSVpJQVliNFFnRUJCQVFECkFnWkFNQXNHQTFVZER3UUVBd0lGb0RBekJnbGdoa2dCaHZoQ0FRMEVKaFlrVDNCbGJsTlRUQ0JIWlc1bGNtRjAKWldRZ1UyVnlkbVZ5SUVObGNuUnBabWxqWVhSbE1CMEdBMVVkRGdRV0JCU3Qra3hud054UlFGT2pXVTljekRwegp4elRYd2pDQmdnWURWUjBqQkhzd2VZQVVyZnBNWjhEY1VVQlRvMWxQWE13NmM4YzAxOEtoWHFSY01Gb3hPREEyCkJnTlZCQW9UTDNCbVUyVnVjMlVnZDJWaVEyOXVabWxuZFhKaGRHOXlJRk5sYkdZdFUybG5ibVZrSUVObGNuUnAKWm1sallYUmxNUjR3SEFZRFZRUURFeFZ3WmxObGJuTmxMVFZqTURCbE5XWTVNREk1WkdhQ0FRQXdIUVlEVlIwbApCQll3RkFZSUt3WUJCUVVIQXdFR0NDc0dBUVVGQ0FJQ01DQUdBMVVkRVFRWk1CZUNGWEJtVTJWdWMyVXROV013Ck1HVTFaamt3TWpsa1pqQU5CZ2txaGtpRzl3MEJBUXNGQUFPQ0FRRUEzZHhIRWR5SkpWeC9od0t3WGlwcXYrY04KWFpSQ3Q1NUFHbnNGeXZIcG5Rb3pxYzV1ZFdKSTFUcGF1TGNaZjF6OFM1cXQyUDd3V1BndFhnZ3BIWmgydUlqagpha2ZpV0JIQnorS3Q2Qjl5K2hmVTVPRHUwSXMrcHJyWngyM0ZNNjVCOFNiMGlmUlMvZXFTTFpHTHcvLzdhRVJ2CnVpOUhKOXRuemhRYklMb1VwUUQ5MTRLNERldXdJYXZ4dldMTElwMGsreWNoSTczV2NGR1VZVlJpanFNekhlcUcKY2RLRDVtbXZQTk1OYXdESVhuU3pldVpQMTkvVmhuc0J0Y3hiYzNMQ2RSR1VJS0ZNN2syK0xoaEZrdks1NjhlNQozalpNZjNSVWhQaTlFeEF2Vmw3blVyd1l4UU45TXhHMUJzZmNrYldNd1dUL3lFMHFnRHcrT2M4b21SSW9tZz09Ci0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K \n\t\tLS0tLS1CRUdJTiBQUklWQVRFIEtFWS0tLS0tCk1JSUV2UUlCQURBTkJna3Foa2lHOXcwQkFRRUZBQVNDQktjd2dnU2pBZ0VBQW9JQkFRRGtRN0FGbDN0dnBKSnoKMlFENVFENWowQ014RHdvcVQ3cThiMnZMQ1pSL20rdmlSdmNaODVNczVvazhoMXVOeW40T1NlL0FiWm5EWFdWLwozY3E2eGM3MG13YjRwSm5tVGk3WG1jK1dZV2pieTVaOUtoSDI1UUtab0hVUHpLemVzZzRUSEdHbk14eHB6a29jCkJCSDRkTVovSS9Vd0FkS0tEZ2Ewb0IrczNUZGIya0I0TkNNZkI1Q29VdXZjZUlWc2VtQlBnemt3VE9PUnRBbEoKL2sxdDBpdmo0alQ0VU5UcEt3OGlmNW1QKzMxTTBIeCtaeldLU2pIZ09xbGFyaFVwRitKQTFCVUtmTEllSjliYwpnWkNONGZ5MDRqSjUrdkFOY1NmRnBGS05rSEt1bkp4aDQveEJaeENXSFpJdVpXaWdsNTZTaGVMSVpIYTJWVU81CnE1L21qOGZmQWdNQkFBRUNnZ0VCQUpmblI1TmhESjd1T1J2cEZKSEtvL3BPZjZ6ZElsbW45MUFCSWczYkVUeWUKcWFwS3FaUldtT0d2aFRLSHJYQzlpWWUrd2xNZlhNMDdNUm1Yb3BzS21rQURqdThXc3VnbHJWeURHamNzR2RqegpNZkdYZHA4RUplZlFkVGFQY1pjOWpNcEEvK2VCeHUzT2Yxa0hpR0g4YkVBZDBNUWk0bFpISVVWQXJmT2V2NEZhCmlaTEJGdTEzY0pCMEJNbzJUZU9JZDQ1R0p3OXVTQWd3Q1VuZWQ5WG42SlkremI3cVRKUE1qQkdlYWY0L0E5UnMKV29nWW85ZUtYaTF3YmFRcGthdUZINWx2U29jckRsQWRiaERiam00c0lIdzJtQUwwSUk0d1YzVTJLbUhFMEg3Nwp2b1M0dUdHNW1BZFZ0elRDTnZOa09YMC9WVWdNMTJ1eHllZVZ4c3FaTkxFQ2dZRUEvcFhJR2hDNlhkVkNNNDk1CkVsR1RENW4zUXdUOTZXZkNRQ0w2cXlaK1UwUHNla0dDV2pXTWt3R2tHbWl1ZkVKdFN2VFl2d1NzcUZpaTZsdlkKNXRKSkR3dEd4ZW0weEF0SWc3RlNuUVcvdDNWcExXOE9QVmFXQ0lOSXJKSHc3L2tOZ2RpVmNBWXpiN05DUGtjVgptTEs5aSt6bXpKMmkrbE9vaFVKRlE5aVZEQWNDZ1lFQTVZaDFHYWlGMUl6UzRVdE9pZklLcjZ3bW40MEQ3ZEVmClF5SXF5d3JSTVcya1BxVkViaVBCVkM3dUxUeUlKMWdwVDhPakl3WFlrOUlRdW01ZW42TTc2aXlxYmUrY3JhdE8KbEliK3pLL2RBNzZuUjBHOGJ2eVBmMS9FbU5vL0J1ZUZldWQyaWNacWhMd25HUkxUL0FPQktkMTZ4ZGtoSjdkVwo5WWRsbmliL0gya0NnWUJqaC8rQllVVGJab0xKVWJCTjN5S1ZtT1k0aDMwVmdZRktQZUt1Z3hBa1VZdmtpRFFFClBLZEcyZjlrYThTN3crU2l4M0x0eTFBTlNRbjRnZ3djd2QzYVNkaFRpL2ttSkJzbmtXM3hBY3hnVjBEVmlIT1MKdTRWUXNyTDQ5TjJ6bERVWnJLbFA4THl2VU8vM0ZTZDJXWHNOZDRNTVFCejFyVHRYVGY5eWRQeGdoUUtCZ0FzRgptWEhvK0x3ekl2RTBsNG5pT0ljbEFobkpRTFlMdzYrS2xYbDRoSUVXSGJ2d1hhL1lRYkZVSzVXNmdXTTZSWW1TCkFHUnZKRzQ4dVJicXM5cUFrU0Qya2h5RFZBZTI0U2dhcjJPTzBsTWF0WmVqWFhRSzVxMGNJU21oMlVMd25TVkEKdGgxNWpLWGhEeE9TSnVIRUhWQ3dWUFBwTUVGaStXY0M0R3RPdmhONUFvR0FKbXdFSkR2QkZtL0t0SXlZMDhuQgpJSExkc1dSWmRXOXpNbHBsMVk2OTV1b21qS1hVMEwva3VDZ1QwRFVVVG1VK0Q3aGFZL2FQajB6MWpqR0JGcEQ0ClJ3cVA2dVJQTVhRMExLSG5IbmFQclJzanM2Q2xicVQ4ZU93dTRkeVpmYUtTS3VvbVpDZ1pkV2ZxWThVL21tbWIKT21vckhNeWJzWG0wWnJNaTZOemlzam89Ci0tLS0tRU5EIFBSSVZBVEUgS0VZLS0tLS0K \n\t \n\t\n\t\t\n\t\t\twan \n\t\t\t192.168.1.220 \n\t\t\tGW_WAN \n\t\t\t1 \n\t\t\tinet \n\t\t\tInterface wan Gateway \n\t\t \n\t\t\n\t\t\tlan \n\t\t\t192.168.1.220 \n\t\t\tGW_LAN \n\t\t\t1 \n\t\t\tinet \n\t\t\tInterface lan Gateway \n\t\t \n\t\tGW_WAN \n\t \n\t\n\t\t\n\t\t\tnmap \n\t\t\tNMap is a utility for network exploration or security auditing.&amp;amp;amp;amp;amp;amp;amp;amp;amp;amp;lt;br/&amp;amp;amp;amp;amp;amp;amp;amp;amp;amp;gt;\n\t\t\tIt supports ping scanning (determine which hosts are up), many port scanning techniques (determine what services the hosts are offering), version detection (determine what application/service is running on a port), and TCP/IP fingerprinting (remote host OS or device identification).\n\t\t\tIt also offers flexible target and port specification, decoy/stealth scanning, SunRPC scanning, and more. \n\t\t\t1.4.4_1 \n\t\t\thttps://doc.pfsense.org/index.php/Nmap_package \n\t\t\tnmap.xml \n\t\t\t/usr/local/pkg/nmap.inc \n\t\t \n\t\t\n\t\t\tiftop \n\t\t\thttps://forum.pfsense.org/ \n\t\t\tRealtime interface monitor (console/shell only). \n\t\t\thttp://www.ex-parrot.com/~pdw/iftop/ \n\t\t\t0.17_2 \n\t\t\tiftop.xml \n\t\t \n\t\t\n\t\t\tOpen-VM-Tools \n\t\t\tVMware Tools is a suite of utilities that enhances the performance of the virtual machine's guest operating system and improves management of the virtual machine. \n\t\t\thttp://open-vm-tools.sourceforge.net/ \n\t\t\t10.1.0,1 \n\t\t\thttps://doc.pfsense.org/index.php/Open_VM_Tools_package \n\t\t\topen-vm-tools.xml \n\t\t\t/usr/local/pkg/open-vm-tools.inc \n\t\t \n\t\t\n\t\t\tsquid3 \n\t\t\tsquid \n\t\t\tHigh performance web proxy cache (3.4 branch). It combines Squid as a proxy server with its capabilities of acting as a HTTP / HTTPS reverse proxy.&amp;amp;amp;amp;amp;amp;amp;amp;amp;amp;lt;br /&amp;amp;amp;amp;amp;amp;amp;amp;amp;amp;gt;\n\t\t\tIt includes an Exchange-Web-Access (OWA) Assistant, SSL filtering and antivirus integration via C-ICAP. \n\t\t\thttps://forum.pfsense.org/index.php?board=60.0 \n\t\t\thttp://www.squid-cache.org/ \n\t\t\t0.4.44_7 \n\t\t\tsquid.xml \n\t\t\tsquid_generate_rules \n\t\t\t\n\t\t\t\t\n\t\t\t\t\tGeneral \n\t\t\t\t\t/pkg_edit.php?xml=squid.xml&id=0 \n\t\t\t\t\t \n\t\t\t\t\n\t\t\t\t\tRemote Cache \n\t\t\t\t\t/pkg.php?xml=squid_upstream.xml \n\t\t\t\t \n\t\t\t\t\n\t\t\t\t\tLocal Cache \n\t\t\t\t\t/pkg_edit.php?xml=squid_cache.xml&id=0 \n\t\t\t\t \n\t\t\t\t\n\t\t\t\t\tAntivirus \n\t\t\t\t\t/pkg_edit.php?xml=squid_antivirus.xml&id=0 \n\t\t\t\t \n\t\t\t\t\n\t\t\t\t\tACLs \n\t\t\t\t\t/pkg_edit.php?xml=squid_nac.xml&id=0 \n\t\t\t\t \n\t\t\t\t\n\t\t\t\t\tTraffic Mgmt \n\t\t\t\t\t/pkg_edit.php?xml=squid_traffic.xml&id=0 \n\t\t\t\t \n\t\t\t\t\n\t\t\t\t\tAuthentication \n\t\t\t\t\t/pkg_edit.php?xml=squid_auth.xml&id=0 \n\t\t\t\t \n\t\t\t\t\n\t\t\t\t\tUsers \n\t\t\t\t\t/pkg.php?xml=squid_users.xml \n\t\t\t\t \n\t\t\t\t\n\t\t\t\t\tReal Time \n\t\t\t\t\t/squid_monitor.php \n\t\t\t\t \n\t\t\t\t\n\t\t\t\t\tSync \n\t\t\t\t\t/pkg_edit.php?xml=squid_sync.xml \n\t\t\t\t \n\t\t\t \n\t\t\t/usr/local/pkg/squid.inc \n\t\t \n\t\t\n\t\t\tNMap \n\t\t\t\n\t\t\tnmap.xml \n\t\t \n\t\t\n\t\t\tSquid Proxy Server \n\t\t\tModify the proxy server settings \n\t\t\t\n\t\t\t/pkg_edit.php?xml=squid.xml&id=0 \n\t\t \n\t\t\n\t\t\tSquid Reverse Proxy \n\t\t\tModify the reverse proxy server settings \n\t\t\t\n\t\t\t/pkg_edit.php?xml=squid_reverse_general.xml&id=0 \n\t\t \n\t\t\n\t\t\tvmware-guestd \n\t\t\tvmware-guestd.sh \n\t\t\tmwexec(\"/usr/local/etc/rc.d/vmware-guestd status\") == 0; \n\t\t\tVMware Guest Daemon \n\t\t \n\t\t\n\t\t\tvmware-kmod \n\t\t\tvmware-kmod.sh \n\t\t\tmwexec(\"/usr/local/etc/rc.d/vmware-kmod status\") == 0; \n\t\t\tVMware Kernel Modules \n\t\t \n\t\t\n\t\t\tsquid \n\t\t\tsquid.sh \n\t\t\tsquid \n\t\t\tSquid Proxy Server Service \n\t\t \n\t\t\n\t\t\tclamd \n\t\t\tclamd.sh \n\t\t\tclamd \n\t\t\tClamAV Antivirus \n\t\t \n\t\t\n\t\t\tc-icap \n\t\t\tc-icap.sh \n\t\t\tc-icap \n\t\t\tICAP Inteface for Squid and ClamAV integration \n\t\t \n\t\t\n\t\t\t\n\t\t\t\theap LFUDA \n\t\t\t\t90 \n\t\t\t\t95 \n\t\t\t\t100 \n\t\t\t\tufs \n\t\t\t\t16 \n\t\t\t\t/var/squid/cache \n\t\t\t\t0 \n\t\t\t\t4 \n\t\t\t\t64 \n\t\t\t\t256 \n\t\t\t\theap GDSF \n\t\t\t\t \n\t\t \n\t\t\n\t\t\t\n\t\t\t\tnone \n\t\t\t \n\t\t \n\t\t\n\t\t\t\n\t\t\t\ton \n\t\t\t\ton \n\t\t\t\tlan \n\t\t\t\t3128 \n\t\t\t\ton \n\t\t\t\tlan \n\t\t\t\tsplicewhitelist \n\t\t\t\tlan \n\t\t\t\tmodern \n\t\t\t\t2048 \n\t\t\t\tnone \n\t\t\t\t/var/squid/logs \n\t\t\t\tlocalhost \n\t\t\t\tadmin@localhost \n\t\t\t\ten \n\t\t\t\ton \n\t\t\t\tstrip \n\t\t\t\t \n\t\t \n\t\t\n\t\t\t\n\t\t\t\tLg== \n\t\t\t\t \n\t\t \n\t \n\t\n\t \n\t\n\t\t\n\t\t\tipalias \n\t\t\tlan \n\t\t\t5c0a4b6139b05 \n\t\t\tsingle \n\t\t\t24 \n\t\t\t10.255.2.254 \n\t\t \n\t\t\n\t\t\tipalias \n\t\t\tlan \n\t\t\t5c0a4bd391375 \n\t\t\tsingle \n\t\t\t24 \n\t\t\t10.255.3.254 \n\t\t \n\t \n\t\n\t\t\n\t\t\tpfSense \n\t\t\tacme.com \n\t\t \n\t \n\t\n\t\t\n\t\t\tvmx1 \n\t\t\t100 \n\t\t\tvmx1.100 \n\t\t \n\t\t\n\t\t\tvmx1 \n\t\t\t1100 \n\t\t\tvmx1.1100 \n\t\t \n\t\t\n\t\t\tvmx2 \n\t\t\t1100 \n\t\t\tvmx2.1100 \n\t\t \n\t \n \n"
},
{
"path": "tests/unit/plugins/modules/pfsense_module.py",
"content": "# Copyright: (c) 2018 Red Hat Inc.\n# Copyright: (c) 2018, Frederic Bor \n# Copyright: (c) 2024, Orion Poplawski \n# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)\n\nfrom __future__ import (absolute_import, division, print_function)\n__metaclass__ = type\n\nimport os\nimport errno\nimport json\nimport re\n\nfrom ansible_collections.community.internal_test_tools.tests.unit.compat.mock import patch\nfrom ansible_collections.community.internal_test_tools.tests.unit.plugins.modules.utils import AnsibleExitJson, AnsibleFailJson, ModuleTestCase\nfrom ansible_collections.community.internal_test_tools.tests.unit.plugins.modules.utils import set_module_args\nfrom tempfile import mkstemp\nimport xml.etree.ElementTree as ET\nfrom xml.etree.ElementTree import fromstring, ElementTree\n\n\nfixture_path = os.path.join(os.path.dirname(__file__), 'fixtures')\nfixture_data = {}\n\n\ndef load_fixture(name):\n path = os.path.join(fixture_path, name)\n\n if path in fixture_data:\n return fixture_data[path]\n\n with open(path) as f:\n data = f.read()\n\n try:\n data = json.loads(data)\n except ValueError:\n pass\n\n fixture_data[path] = data\n return data\n\n\nclass TestPFSenseModule(ModuleTestCase):\n ##############################\n # init\n #\n def __init__(self, *args, **kwargs):\n super(TestPFSenseModule, self).__init__(*args, **kwargs)\n self.xml_result = None\n self.tmp_file = None\n self.config_file = None\n self.pfmodule = None\n\n def setUp(self):\n \"\"\" mocking up \"\"\"\n super(TestPFSenseModule, self).setUp()\n\n self.mock_parse = patch('ansible_collections.pfsensible.core.plugins.module_utils.pfsense.ET.parse')\n self.parse = self.mock_parse.start()\n\n self.mock_shutil_move = patch('ansible_collections.pfsensible.core.plugins.module_utils.pfsense.shutil.move')\n self.shutil_move = self.mock_shutil_move.start()\n\n self.mock_php = patch('ansible_collections.pfsensible.core.plugins.module_utils.pfsense.PFSenseModule.php')\n self.php = self.mock_php.start()\n self.php.return_value = ['vmx0', 'vmx1', 'vmx2', 'vmx3']\n\n self.mock_phpshell = patch('ansible_collections.pfsensible.core.plugins.module_utils.pfsense.PFSenseModule.phpshell')\n self.phpshell = self.mock_phpshell.start()\n self.phpshell.return_value = (0, '', '')\n\n self.mock_mkstemp = patch('ansible_collections.pfsensible.core.plugins.module_utils.pfsense.mkstemp')\n self.mkstemp = self.mock_mkstemp.start()\n self.mkstemp.return_value = mkstemp()\n self.tmp_file = self.mkstemp.return_value[1]\n\n self.mock_chmod = patch('ansible_collections.pfsensible.core.plugins.module_utils.pfsense.os.chmod')\n self.chmod = self.mock_chmod.start()\n\n self.mock_get_version = patch('ansible_collections.pfsensible.core.plugins.module_utils.pfsense.PFSenseModule.get_version')\n self.get_version = self.mock_get_version.start()\n self.get_version.return_value = \"2.5.2\"\n\n self.maxDiff = None\n\n def tearDown(self):\n \"\"\" mocking down \"\"\"\n super(TestPFSenseModule, self).tearDown()\n\n self.mock_parse.stop()\n self.mock_shutil_move.stop()\n self.mock_php.stop()\n self.mock_phpshell.stop()\n self.mock_mkstemp.stop()\n self.mock_chmod.stop()\n self.mock_get_version.stop()\n\n try:\n if self.tmp_file is not None:\n os.remove(self.tmp_file)\n except OSError as exception:\n if exception.errno != errno.ENOENT:\n raise\n\n def get_args_fields(self):\n \"\"\" return params fields \"\"\"\n try:\n return self.pfmodule.get_argument_spec().keys()\n except AttributeError:\n raise NotImplementedError()\n\n def get_target_elt(self, obj, absent=False, module_result=None):\n \"\"\" return target elt from XML \"\"\"\n raise NotImplementedError()\n\n def check_target_elt(self, obj, target_elt):\n \"\"\" check XML definition of target elt \"\"\"\n raise NotImplementedError()\n\n def check_target_elt_direct(self, target_elt, expected_elt_string):\n \"\"\" check XML definition of target elt against expected XML \"\"\"\n target_elt_string = ET.tostring(target_elt, encoding=\"unicode\", short_empty_elements=False)\n self.assertEqual(target_elt_string, expected_elt_string)\n\n def args_from_var(self, var, state='present', **kwargs):\n \"\"\" return arguments for module from var \"\"\"\n args = {}\n\n fields = self.get_args_fields()\n for field in fields:\n if field in var:\n args[field] = var[field]\n\n if state is not None:\n args['state'] = state\n for key, value in kwargs.items():\n args[key] = value\n\n return args\n\n def execute_module(self, failed=False, changed=False, commands=None, sort=True, defaults=False, msg=''):\n self.load_fixtures()\n\n if failed:\n result = self.failed()\n self.assertTrue(result['failed'], result)\n else:\n result = self.changed(changed)\n\n if not failed:\n self.assertEqual(result['changed'], changed, result)\n else:\n self.assertEqual(result['msg'], msg)\n\n if commands is not None:\n if sort:\n self.assertEqual(sorted(commands), sorted(result['commands']), result['commands'])\n else:\n self.assertEqual(commands, result['commands'], result['commands'])\n\n return result\n\n def do_module_test(self, obj, command=None, changed=True, failed=False, msg=None, delete=False, state='present', expected_elt_string=None, **kwargs):\n \"\"\" run test \"\"\"\n if command is not None:\n command = self.strip_commands(command)\n\n obj = self.strip_params(obj)\n\n if delete:\n state = 'absent'\n\n with set_module_args(self.args_from_var(obj, state=state)):\n result = self.execute_module(changed=changed, failed=failed, msg=msg)\n\n if not isinstance(command, list):\n command = [command]\n\n if failed:\n self.assertFalse(self.load_xml_result())\n elif not changed:\n self.assertFalse(self.load_xml_result())\n self.assertEqual(result['commands'], [], result)\n elif delete:\n self.assertTrue(self.load_xml_result())\n target_elt = self.get_target_elt(obj, absent=True, module_result=result)\n self.assertIsNone(target_elt)\n self.assertEqual(result['commands'], command, result)\n else:\n self.assertTrue(self.load_xml_result())\n target_elt = self.get_target_elt(obj, module_result=result)\n self.assertIsNotNone(target_elt)\n self.assertEqual(result['commands'], command, result)\n if expected_elt_string is not None:\n self.check_target_elt_direct(target_elt, expected_elt_string)\n else:\n self.check_target_elt(obj, target_elt, **kwargs)\n\n def failed(self):\n with self.assertRaises(AnsibleFailJson) as exc:\n self.module.main()\n\n result = exc.exception.args[0]\n self.assertTrue(result['failed'], result)\n return result\n\n def changed(self, changed=False):\n with self.assertRaises(AnsibleExitJson) as exc:\n self.module.main()\n\n result = exc.exception.args[0]\n\n if 'diff' in result:\n changes = dict()\n after = dict(result['diff']['after'])\n before = dict(result['diff']['before'])\n for item in after:\n if item in before:\n if after[item] != before[item]:\n changes[item] = str(before[item]) + ' -> ' + str(after[item])\n del before[item]\n else:\n changes[item] = 'None -> ' + str(after[item])\n for item in before:\n changes[item] = str(before[item]) + ' -> None'\n if changes:\n result['changes'] = changes\n\n self.assertEqual(result['changed'], changed, result)\n return result\n\n def strip_commands(self, commands):\n \"\"\" remove old or new parameters \"\"\"\n return commands\n\n def strip_params(self, params):\n \"\"\" remove old or new parameters \"\"\"\n return params\n\n def get_config_file(self):\n \"\"\" get config file \"\"\"\n return self.config_file\n\n def load_fixtures(self):\n \"\"\" loading data \"\"\"\n self.parse.return_value = ElementTree(fromstring(load_fixture(self.get_config_file())))\n\n def load_xml_result(self):\n \"\"\" load the resulting xml if not already loaded \"\"\"\n if self.xml_result is None and os.path.getsize(self.tmp_file) > 0:\n self.xml_result = ET.parse(self.tmp_file)\n return self.xml_result is not None\n\n @staticmethod\n def find_xml_tag(parent_tag, elt_filter):\n \"\"\" return alias named name, having type aliastype \"\"\"\n for tag in parent_tag:\n found = True\n for key, value in elt_filter.items():\n elt = tag.find(key)\n if elt is not None:\n if elt.text is None and value is None:\n continue\n if elt.text is not None and elt.text == value:\n continue\n found = False\n break\n if found:\n return tag\n return None\n\n def assert_xml_elt_value(self, parent_tag_name, elt_filter, elt_name, elt_value):\n \"\"\" check the xml elt exist and has the exact value given \"\"\"\n self.load_xml_result()\n parent_tag = self.xml_result.find(parent_tag_name)\n if parent_tag is None:\n self.fail('Unable to find tag ' + parent_tag_name)\n\n tag = self.find_xml_tag(parent_tag, elt_filter)\n if tag is None:\n self.fail('Tag not found: ' + json.dumps(elt_filter))\n\n self.assert_xml_elt_equal(tag, elt_name, elt_value)\n\n def assert_xml_elt_dict(self, parent_tag_name, elt_filter, elts):\n \"\"\" check all the xml elt in elts exist and have the exact value given \"\"\"\n self.load_xml_result()\n parent_tag = self.xml_result.find(parent_tag_name)\n if parent_tag is None:\n self.fail('Unable to find tag ' + parent_tag_name)\n\n tag = self.find_xml_tag(parent_tag, elt_filter)\n if tag is None:\n self.fail('Tag not found: ' + json.dumps(elt_filter))\n\n for elt_name, elt_value in elts.items():\n self.assert_xml_elt_equal(tag, elt_name, elt_value)\n\n def assert_has_xml_tag(self, parent_tag_name, elt_filter, absent=False):\n \"\"\" check the xml elt exist (or not if absent is True) \"\"\"\n self.load_xml_result()\n parent_tag = self.xml_result.find(parent_tag_name)\n if parent_tag is None:\n self.fail('Unable to find tag ' + parent_tag_name)\n\n tag = self.find_xml_tag(parent_tag, elt_filter)\n if absent and tag is not None:\n self.fail('Tag found: ' + json.dumps(elt_filter))\n elif not absent and tag is None:\n self.fail('Tag not found: ' + json.dumps(elt_filter))\n return tag\n\n def assert_find_xml_elt(self, tag, elt_name):\n elt = tag.find(elt_name)\n if elt is None:\n self.fail('Element not found: ' + elt_name)\n return elt\n\n def assert_not_find_xml_elt(self, tag, elt_name):\n elt = tag.find(elt_name)\n if elt is not None:\n self.fail('Element found: ' + elt_name)\n return elt\n\n def assert_xml_elt_equal(self, tag, elt_name, elt_value):\n elt = tag.find(elt_name)\n if elt is None:\n self.fail('Element not found: ' + elt_name + ' in tag:' + tag)\n\n if isinstance(elt_value, int):\n value = str(elt_value)\n else:\n value = elt_value\n\n if elt.text != value:\n if elt.text is None:\n self.fail('Element <' + elt_name + '> differs. Expected: \\'' + str(value) + '\\' result: None')\n else:\n self.fail('Element <' + elt_name + '> differs. Expected: \\'' + str(value) + '\\' result: \\'' + elt.text + '\\'')\n return elt\n\n def assert_xml_elt_match(self, tag, elt_name, elt_regex):\n elt = tag.find(elt_name)\n if elt is None:\n self.fail('Element not found: ' + elt_name)\n\n if re.fullmatch(elt_regex, elt.text) is None:\n if elt.text is None:\n self.fail('Element <' + elt_name + '> does not match \\'' + elt_regex + '\\' result: None')\n else:\n self.fail('Element <' + elt_name + '> does not match \\'' + elt_regex + '\\' result: \\'' + elt.text + '\\'')\n return elt\n\n def assert_xml_elt_is_none_or_empty(self, tag, elt_name):\n elt = tag.find(elt_name)\n if elt is None:\n return elt\n if elt.text is not None and elt.text:\n self.fail('Element <' + elt_name + '> differs. Expected: NoneType result: \\'' + elt.text + '\\'')\n return elt\n\n def assert_list_xml_elt_equal(self, tag, elt_name, elt_value):\n elts = tag.findall(elt_name)\n if elts is None:\n self.fail('Element not found: ' + elt_name)\n elt_value_copy = list(elt_value)\n elt_texts = []\n for elt in elts:\n if elt.text not in elt_value_copy:\n if elt.text is None:\n self.fail('Element <' + elt_name + '> differs. Expected: \\'' + str(elt_value) + '\\' result: None')\n else:\n self.fail('Element <' + elt_name + '> differs. Expected: \\'' + str(elt_value) + '\\' result: \\'' + elt.text + '\\'')\n elt_value_copy.remove(elt.text)\n elt_texts.append(elt.text)\n if len(elt_value_copy):\n self.fail('Element <' + elt_name + '> differs. Expected: \\'' + str(elt_value) + '\\' result: \\'' + str(elt_texts) + '\\'')\n return elts\n\n @staticmethod\n def unalias_interface(interface, physical=False):\n \"\"\" return real alias name if required \"\"\"\n res = []\n if physical:\n interfaces = dict(lan='vmx1', wan='vmx0', opt1='vmx2', vpn='vmx2', opt2='vmx3', vt1='vmx3', opt3='vmx3.100', lan_100='vmx3.100')\n else:\n interfaces = dict(lan='lan', wan='wan', vpn='opt1', vt1='opt2', lan_100='opt3')\n if interface.startswith('vip:'):\n return '_vip602874de0ff00'\n for iface in interface.split(','):\n if interface in interfaces:\n res.append(interfaces[iface])\n else:\n res.append(iface)\n return ','.join(res)\n\n def check_param_equal(self, params, target_elt, param, default=None, xml_field=None, not_find_val=None):\n \"\"\" if param is defined, check if target_elt has the right value, otherwise that it does not exist in XML \"\"\"\n if xml_field is None:\n xml_field = param\n\n value = default\n if param in params:\n value = params[param]\n\n if value is not None:\n if not_find_val is not None and not_find_val == default:\n self.assert_not_find_xml_elt(target_elt, xml_field)\n else:\n self.assert_xml_elt_equal(target_elt, xml_field, value)\n else:\n self.assert_xml_elt_is_none_or_empty(target_elt, xml_field)\n\n def check_param_bool(self, params, target_elt, param, default=False, value_true=None, value_false=None, xml_field=None):\n \"\"\" if param is defined, check the elt exist and text equals value_true, otherwise that it does not exist in XML or\n is empty if value_true is not None or equals value_false if set \"\"\"\n if xml_field is None:\n xml_field = param\n\n if (param in params and params[param]) or default:\n if value_true is None:\n self.assert_xml_elt_is_none_or_empty(target_elt, xml_field)\n else:\n self.assert_xml_elt_equal(target_elt, xml_field, value_true)\n else:\n if value_true is None:\n self.assert_not_find_xml_elt(target_elt, xml_field)\n else:\n if value_false is not None:\n self.assert_xml_elt_equal(target_elt, xml_field, value_false)\n else:\n self.assert_xml_elt_is_none_or_empty(target_elt, xml_field)\n\n def check_value_equal(self, target_elt, xml_field, value, empty=True):\n \"\"\" if value is defined, check if target_elt has the right value, otherwise that it does not exist in XML \"\"\"\n if value is None:\n if empty:\n self.assert_xml_elt_is_none_or_empty(target_elt, xml_field)\n else:\n self.assert_not_find_xml_elt(target_elt, xml_field)\n else:\n self.assert_xml_elt_equal(target_elt, xml_field, value)\n\n def check_param_equal_or_not_find(self, params, target_elt, param, xml_field=None, not_find_val=None, empty=False):\n \"\"\" if param is defined, check if target_elt has the right value, otherwise that it does not exist in XML \"\"\"\n if xml_field is None:\n xml_field = param\n if param in params:\n if not_find_val is not None and not_find_val == params[param]:\n self.assert_not_find_xml_elt(target_elt, xml_field)\n elif empty and params[param]:\n self.assert_xml_elt_is_none_or_empty(target_elt, xml_field)\n else:\n self.assert_xml_elt_equal(target_elt, xml_field, params[param])\n else:\n self.assert_not_find_xml_elt(target_elt, xml_field)\n\n def check_param_equal_or_present(self, params, target_elt, param, xml_field=None):\n \"\"\" if param is defined, check if target_elt has the right value, otherwise that it is present in XML \"\"\"\n if xml_field is None:\n xml_field = param\n if param in params:\n self.assert_xml_elt_equal(target_elt, xml_field, params[param])\n else:\n self.assert_find_xml_elt(target_elt, xml_field)\n\n def check_list_param_equal(self, params, target_elt, param, default=None, xml_field=None, not_find_val=None):\n \"\"\" if param is defined, check if target_elt has the right value, otherwise that it does not exist in XML \"\"\"\n if xml_field is None:\n xml_field = param\n\n value = default\n if param in params:\n value = params[param]\n\n if value is not None:\n if not_find_val is not None and not_find_val == default:\n self.assert_not_find_xml_elt(target_elt, xml_field)\n else:\n self.assert_list_xml_elt_equal(target_elt, xml_field, value)\n else:\n self.assert_xml_elt_is_none_or_empty(target_elt, xml_field)\n\n def check_list_param_equal_or_not_find(self, params, target_elt, param, xml_field=None, not_find_val=None, empty=False):\n \"\"\" if param is defined, check if target_elt has the right value, otherwise that it does not exist in XML \"\"\"\n if xml_field is None:\n xml_field = param\n if param in params:\n if not_find_val is not None and not_find_val == params[param]:\n self.assert_not_find_xml_elt(target_elt, xml_field)\n elif empty and params[param]:\n self.assert_xml_elt_is_none_or_empty(target_elt, xml_field)\n else:\n self.assert_list_xml_elt_equal(target_elt, xml_field, params[param])\n else:\n self.assert_not_find_xml_elt(target_elt, xml_field)\n"
},
{
"path": "tests/unit/plugins/modules/test_pfsense_aggregate.py",
"content": "# Copyright: (c) 2018, Frederic Bor \n# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)\n\nfrom __future__ import (absolute_import, division, print_function)\n__metaclass__ = type\n\nimport pytest\nimport sys\n\nif sys.version_info < (2, 7):\n pytestmark = pytest.mark.skip(\"pfSense Ansible modules require Python >= 2.7\")\n\nfrom ansible_collections.community.internal_test_tools.tests.unit.plugins.modules.utils import set_module_args\nfrom ansible_collections.pfsensible.core.plugins.modules import pfsense_aggregate\nfrom .pfsense_module import TestPFSenseModule\n\n\nclass TestPFSenseAggregateModule(TestPFSenseModule):\n\n module = pfsense_aggregate\n\n def __init__(self, *args, **kwargs):\n super(TestPFSenseAggregateModule, self).__init__(*args, **kwargs)\n self.config_file = 'pfsense_aggregate_config.xml'\n\n def assert_find_alias(self, alias):\n \"\"\" test if an alias exist \"\"\"\n self.load_xml_result()\n parent_tag = self.xml_result.find('aliases')\n if parent_tag is None:\n self.fail('Unable to find tag aliases')\n\n tag = self.find_xml_tag(parent_tag, dict(name=alias))\n if tag is None:\n self.fail('Alias not found: ' + alias)\n\n def assert_not_find_alias(self, alias):\n \"\"\" test if an alias does not exist \"\"\"\n self.load_xml_result()\n parent_tag = self.xml_result.find('aliases')\n if parent_tag is None:\n self.fail('Unable to find tag aliases')\n\n tag = self.find_xml_tag(parent_tag, dict(name=alias))\n if tag is not None:\n self.fail('Alias found: ' + alias)\n\n def assert_find_rule(self, rule, interface):\n \"\"\" test if a rule exist on interface \"\"\"\n self.load_xml_result()\n parent_tag = self.xml_result.find('filter')\n if parent_tag is None:\n self.fail('Unable to find tag filter')\n\n tag = self.find_xml_tag(parent_tag, dict(descr=rule, interface=interface))\n if tag is None:\n self.fail('Rule not found: ' + rule)\n\n def assert_not_find_rule(self, rule, interface):\n \"\"\" test if a rule does not exist on interface \"\"\"\n self.load_xml_result()\n parent_tag = self.xml_result.find('filter')\n if parent_tag is None:\n self.fail('Unable to find tag filter')\n\n tag = self.find_xml_tag(parent_tag, dict(descr=rule, interface=interface))\n if tag is not None:\n self.fail('Rule found: ' + rule + ' on ' + interface)\n\n def assert_find_rule_separator(self, separator, interface):\n \"\"\" test if a rule separator exist on interface \"\"\"\n self.load_xml_result()\n interface = self.unalias_interface(interface)\n parent_tag = self.xml_result.find('filter')\n if parent_tag is None:\n self.fail('Unable to find tag filter')\n\n separators_elt = parent_tag.find('separator')\n if parent_tag is None:\n self.fail('Unable to find tag separator')\n\n interface_elt = separators_elt.find(interface)\n if parent_tag is None:\n self.fail('Unable to find tag ' + interface)\n\n tag = self.find_xml_tag(interface_elt, dict(text=separator))\n if tag is None:\n self.fail('Separator not found: ' + separator)\n\n def assert_not_find_rule_separator(self, separator, interface):\n \"\"\" test if a rule separator dost exist on interface \"\"\"\n self.load_xml_result()\n interface = self.unalias_interface(interface)\n parent_tag = self.xml_result.find('filter')\n if parent_tag is None:\n self.fail('Unable to find tag filter')\n\n separators_elt = parent_tag.find('separator')\n if parent_tag is None:\n self.fail('Unable to find tag separator')\n\n interface_elt = separators_elt.find(interface)\n if parent_tag is None:\n self.fail('Unable to find tag ' + interface)\n\n tag = self.find_xml_tag(interface_elt, dict(text=separator))\n if tag is not None:\n self.fail('Separator found: ' + separator)\n\n def assert_find_vlan(self, interface, vlan_id):\n \"\"\" test if a vlan exist \"\"\"\n self.load_xml_result()\n parent_tag = self.xml_result.find('vlans')\n if parent_tag is None:\n self.fail('Unable to find tag vlans')\n\n elt_filter = {}\n elt_filter['if'] = interface\n elt_filter['tag'] = vlan_id\n tag = self.find_xml_tag(parent_tag, elt_filter)\n if tag is None:\n self.fail('Vlan not found: {0}.{1}'.format(interface, vlan_id))\n\n def assert_not_find_vlan(self, interface, vlan_id):\n \"\"\" test if an vlan does not exist \"\"\"\n self.load_xml_result()\n parent_tag = self.xml_result.find('vlans')\n if parent_tag is None:\n self.fail('Unable to find tag vlans')\n\n elt_filter = {}\n elt_filter['if'] = interface\n elt_filter['vlan_id'] = vlan_id\n tag = self.find_xml_tag(parent_tag, elt_filter)\n if tag is not None:\n self.fail('Vlan found: {0}.{1}'.format(interface, vlan_id))\n\n ############\n # as we rely on sub modules for modifying the xml\n # we dont perform extensive checks on the xml modifications\n # we just test if elements are created or deleted, and the respective output\n def test_aggregate_aliases(self):\n \"\"\" test creation of a some aliases \"\"\"\n args = dict(\n purge_aliases=False,\n aggregated_aliases=[\n dict(name='one_host', type='host', address='10.9.8.7'),\n dict(name='another_host', type='host', address='10.9.8.6'),\n dict(name='one_server', type='host', address='192.168.1.165', descr='', detail=''),\n dict(name='port_ssh', type='port', address='2222'),\n dict(name='port_http', state='absent'),\n ]\n )\n with set_module_args(args):\n result = self.execute_module(changed=True)\n result_aliases = []\n result_aliases.append(\"create alias 'one_host', type='host', address='10.9.8.7'\")\n result_aliases.append(\"create alias 'another_host', type='host', address='10.9.8.6'\")\n result_aliases.append(\"update alias 'port_ssh' set address='2222'\")\n result_aliases.append(\"delete alias 'port_http'\")\n\n self.assertEqual(result['result_aliases'], result_aliases)\n self.assert_find_alias('one_host')\n self.assert_find_alias('another_host')\n self.assert_find_alias('one_server')\n self.assert_find_alias('port_ssh')\n self.assert_not_find_alias('port_http')\n self.assert_find_alias('port_dns')\n\n def test_aggregate_aliases_checkmode(self):\n \"\"\" test creation of a some aliases with check_mode \"\"\"\n args = dict(\n purge_aliases=False,\n aggregated_aliases=[\n dict(name='one_host', type='host', address='10.9.8.7'),\n dict(name='another_host', type='host', address='10.9.8.6'),\n dict(name='one_server', type='host', address='192.168.1.165', descr='', detail=''),\n dict(name='port_ssh', type='port', address='2222'),\n dict(name='port_http', state='absent'),\n ],\n _ansible_check_mode=True,\n )\n with set_module_args(args):\n result = self.execute_module(changed=True)\n result_aliases = []\n result_aliases.append(\"create alias 'one_host', type='host', address='10.9.8.7'\")\n result_aliases.append(\"create alias 'another_host', type='host', address='10.9.8.6'\")\n result_aliases.append(\"update alias 'port_ssh' set address='2222'\")\n result_aliases.append(\"delete alias 'port_http'\")\n\n self.assertEqual(result['result_aliases'], result_aliases)\n self.assertFalse(self.load_xml_result())\n\n def test_aggregate_aliases_purge(self):\n \"\"\" test creation of a some aliases with purge \"\"\"\n args = dict(\n purge_aliases=True,\n purge_rules=False,\n aggregated_aliases=[\n dict(name='one_host', type='host', address='10.9.8.7'),\n dict(name='another_host', type='host', address='10.9.8.6'),\n dict(name='one_server', type='host', address='192.168.1.165', descr='', detail=''),\n dict(name='port_ssh', type='port', address='2222'),\n dict(name='port_http', state='absent'),\n ]\n )\n with set_module_args(args):\n result = self.execute_module(changed=True)\n result_aliases = []\n result_aliases.append(\"create alias 'one_host', type='host', address='10.9.8.7'\")\n result_aliases.append(\"create alias 'another_host', type='host', address='10.9.8.6'\")\n result_aliases.append(\"update alias 'port_ssh' set address='2222'\")\n result_aliases.append(\"delete alias 'port_http'\")\n result_aliases.append(\"delete alias 'port_dns'\")\n\n self.assertEqual(result['result_aliases'], result_aliases)\n self.assert_find_alias('one_host')\n self.assert_find_alias('another_host')\n self.assert_find_alias('one_server')\n self.assert_find_alias('port_ssh')\n self.assert_not_find_alias('port_http')\n self.assert_not_find_alias('port_dns')\n\n def test_aggregate_rules(self):\n \"\"\" test creation of a some rules \"\"\"\n args = dict(\n purge_rules=False,\n aggregated_rules=[\n dict(name='one_rule', source='any', destination='any', interface='lan'),\n dict(name='any2any_ssh', source='any', destination='any:2222', interface='lan', protocol='tcp'),\n dict(name='any2any_http', source='any', destination='any:8080', interface='vpn', protocol='tcp'),\n dict(name='any2any_ssh', state='absent', interface='vpn'),\n ]\n )\n with set_module_args(args):\n self.execute_module(changed=True)\n self.assert_find_rule('one_rule', 'lan')\n self.assert_find_rule('any2any_ssh', 'lan')\n self.assert_find_rule('any2any_http', 'lan')\n self.assert_find_rule('any2any_https', 'lan')\n self.assert_not_find_rule('any2any_ssh', 'opt1')\n self.assert_find_rule('any2any_http', 'opt1')\n self.assert_find_rule('any2any_https', 'opt1')\n\n def test_aggregate_rules_purge(self):\n \"\"\" test creation of a some rules with purge \"\"\"\n args = dict(\n purge_rules=True,\n aggregated_rules=[\n dict(name='one_rule', source='any', destination='any', interface='lan'),\n dict(name='any2any_ssh', source='any', destination='any:2222', interface='lan', protocol='tcp'),\n dict(name='any2any_http', source='any', destination='any:8080', interface='vpn', protocol='tcp'),\n dict(name='any2any_ssh', state='absent', interface='vpn'),\n ]\n )\n with set_module_args(args):\n self.execute_module(changed=True)\n self.assert_find_rule('one_rule', 'lan')\n self.assert_find_rule('any2any_ssh', 'lan')\n self.assert_not_find_rule('any2any_http', 'lan')\n self.assert_not_find_rule('any2any_https', 'lan')\n self.assert_not_find_rule('any2any_ssh', 'opt1')\n self.assert_find_rule('any2any_http', 'opt1')\n self.assert_not_find_rule('any2any_https', 'opt1')\n\n def test_aggregate_separators(self):\n \"\"\" test creation of a some separators \"\"\"\n args = dict(\n purge_rule_separators=False,\n aggregated_rule_separators=[\n dict(name='one_separator', interface='lan'),\n dict(name='another_separator', interface='lan_100'),\n dict(name='another_test_separator', interface='lan', state='absent'),\n dict(name='test_separator', interface='lan', before='bottom', color='warning'),\n ]\n )\n with set_module_args(args):\n result = self.execute_module(changed=True)\n result_separators = []\n result_separators.append(\"create rule_separator 'one_separator' on 'lan', color='info'\")\n result_separators.append(\"create rule_separator 'another_separator' on 'lan_100', color='info'\")\n result_separators.append(\"delete rule_separator 'another_test_separator' on 'lan'\")\n result_separators.append(\"update rule_separator 'test_separator' on 'lan' set color='warning', before='bottom'\")\n\n self.assertEqual(result['result_rule_separators'], result_separators)\n self.assert_find_rule_separator('one_separator', 'lan')\n self.assert_find_rule_separator('another_separator', 'lan_100')\n self.assert_not_find_rule_separator('another_test_separator', 'lan')\n self.assert_find_rule_separator('test_separator', 'lan')\n\n def test_aggregate_separators_purge(self):\n \"\"\" test creation of a some separators with purge \"\"\"\n args = dict(\n purge_rule_separators=True,\n aggregated_rule_separators=[\n dict(name='one_separator', interface='lan'),\n dict(name='another_separator', interface='lan_100'),\n dict(name='another_test_separator', interface='lan', state='absent'),\n dict(name='test_separator', interface='lan', before='bottom', color='warning'),\n ]\n )\n with set_module_args(args):\n result = self.execute_module(changed=True)\n result_separators = []\n result_separators.append(\"create rule_separator 'one_separator' on 'lan', color='info'\")\n result_separators.append(\"create rule_separator 'another_separator' on 'lan_100', color='info'\")\n result_separators.append(\"delete rule_separator 'another_test_separator' on 'lan'\")\n result_separators.append(\"update rule_separator 'test_separator' on 'lan' set color='warning', before='bottom'\")\n result_separators.append(\"delete rule_separator 'test_separator' on 'wan'\")\n result_separators.append(\"delete rule_separator 'last_test_separator' on 'lan'\")\n result_separators.append(\"delete rule_separator 'test_sep_floating' on 'floating'\")\n\n self.assertEqual(result['result_rule_separators'], result_separators)\n self.assert_find_rule_separator('one_separator', 'lan')\n self.assert_find_rule_separator('another_separator', 'lan_100')\n self.assert_not_find_rule_separator('another_test_separator', 'lan')\n self.assert_find_rule_separator('test_separator', 'lan')\n self.assert_not_find_rule_separator('last_test_separator', 'lan')\n self.assert_not_find_rule_separator('test_sep_floating', 'floatingrules')\n\n def test_aggregate_nat_outbound(self):\n \"\"\" test creation of some nat outbound \"\"\"\n args = dict(\n purge_nat_outbounds=True,\n aggregated_nat_outbounds=[\n dict(descr='snat 1', source='192.168.100.0/24', destination='1.1.1.0/24', interface='lan', staticnatport=True),\n ]\n )\n with set_module_args(args):\n result = self.execute_module(changed=True)\n result_nat_outbounds = []\n result_nat_outbounds.append(\"delete nat_outbound 'None'\")\n result_nat_outbounds.append(\n \"create nat_outbound 'snat 1', interface='lan', source='192.168.100.0/24', destination='1.1.1.0/24', staticnatport=True\")\n\n self.assertEqual(result['result_nat_outbounds'], result_nat_outbounds)\n\n def test_aggregate_vlans(self):\n \"\"\" test creation of some vlans \"\"\"\n args = dict(\n purge_vlans=False,\n aggregated_vlans=[\n dict(vlan_id=100, interface='vmx0', descr='voice'),\n dict(vlan_id=1200, interface='vmx1', state='absent'),\n dict(vlan_id=101, interface='vmx1', descr='printers'),\n dict(vlan_id=102, interface='vmx2', descr='users'),\n ]\n )\n with set_module_args(args):\n result = self.execute_module(changed=True)\n result_aliases = []\n result_aliases.append(\"update vlan 'vmx0.100' set descr='voice'\")\n result_aliases.append(\"delete vlan 'vmx1.1200'\")\n result_aliases.append(\"create vlan 'vmx1.101', descr='printers', priority=''\")\n result_aliases.append(\"create vlan 'vmx2.102', descr='users', priority=''\")\n\n self.assertEqual(result['result_vlans'], result_aliases)\n self.assert_find_vlan('vmx0', '100')\n self.assert_not_find_vlan('vmx1', '1200')\n self.assert_find_vlan('vmx1', '101')\n self.assert_find_vlan('vmx2', '102')\n\n def test_aggregate_vlans_with_purge(self):\n \"\"\" test creation of some vlans with purge\"\"\"\n args = dict(\n purge_vlans=True,\n aggregated_vlans=[\n dict(vlan_id=1100, interface='vmx1'),\n dict(vlan_id=1200, interface='vmx1', state='absent'),\n dict(vlan_id=101, interface='vmx1', descr='printers'),\n dict(vlan_id=102, interface='vmx2', descr='users'),\n ]\n )\n with set_module_args(args):\n result = self.execute_module(changed=True)\n result_aliases = []\n result_aliases.append(\"delete vlan 'vmx1.1200'\")\n result_aliases.append(\"create vlan 'vmx1.101', descr='printers', priority=''\")\n result_aliases.append(\"create vlan 'vmx2.102', descr='users', priority=''\")\n result_aliases.append(\"delete vlan 'vmx0.100'\")\n\n self.assertEqual(result['result_vlans'], result_aliases)\n self.assert_not_find_vlan('vmx1', '1200')\n self.assert_find_vlan('vmx1', '101')\n self.assert_find_vlan('vmx2', '102')\n self.assert_not_find_vlan('vmx0', '100')\n"
},
{
"path": "tests/unit/plugins/modules/test_pfsense_alias.py",
"content": "# Copyright: (c) 2018, Frederic Bor \n# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)\n\nfrom __future__ import (absolute_import, division, print_function)\n__metaclass__ = type\n\nfrom copy import copy\nimport pytest\nimport sys\n\nif sys.version_info < (2, 7):\n pytestmark = pytest.mark.skip(\"pfSense Ansible modules require Python >= 2.7\")\n\nfrom ansible_collections.community.internal_test_tools.tests.unit.plugins.modules.utils import set_module_args\nfrom ansible_collections.pfsensible.core.plugins.modules import pfsense_alias\nfrom ansible_collections.pfsensible.core.plugins.module_utils.alias import PFSenseAliasModule\n\nfrom .pfsense_module import TestPFSenseModule\n\n\nclass TestPFSenseAliasModule(TestPFSenseModule):\n\n module = pfsense_alias\n\n def __init__(self, *args, **kwargs):\n super(TestPFSenseAliasModule, self).__init__(*args, **kwargs)\n self.config_file = 'pfsense_alias_config.xml'\n self.pfmodule = PFSenseAliasModule\n\n ########################################################\n # Generic set of funcs used for testing aliases\n # First we run the module\n # Then, we check return values\n # Finally, we check the xml\n def do_alias_creation_test(self, alias, set_after=None, unset_after=None, failed=False, msg='', command=None):\n \"\"\" test creation of a new alias \"\"\"\n with set_module_args(self.args_from_var(alias)):\n result = self.execute_module(changed=True, failed=failed, msg=msg)\n\n if not failed:\n diff = dict(before={}, after=alias)\n if set_after is not None:\n diff['after'].update(set_after)\n if unset_after is not None:\n for n in unset_after:\n del diff['after'][n]\n self.assertEqual(result['diff'], diff)\n self.assert_xml_elt_dict('aliases', dict(name=alias['name'], type=alias['type']), diff['after'])\n self.assertEqual(result['commands'], [command])\n else:\n self.assertFalse(self.load_xml_result())\n\n def do_alias_deletion_test(self, alias, command=None):\n \"\"\" test deletion of an alias \"\"\"\n with set_module_args(self.args_from_var(alias, 'absent')):\n result = self.execute_module(changed=True)\n\n diff = dict(before=alias, after={})\n self.assertEqual(result['diff'], diff)\n self.assert_has_xml_tag('aliases', dict(name=alias['name'], type=alias['type']), absent=True)\n self.assertEqual(result['commands'], [command])\n\n def do_alias_update_noop_test(self, alias):\n \"\"\" test not updating an alias \"\"\"\n with set_module_args(self.args_from_var(alias)):\n result = self.execute_module(changed=False)\n\n diff = dict(before=alias, after=alias)\n self.assertEqual(result['diff'], diff)\n self.assertFalse(self.load_xml_result())\n self.assertEqual(result['commands'], [])\n\n def do_alias_update_field(self, alias, set_after=None, command=None, **kwargs):\n \"\"\" test updating field of an host alias \"\"\"\n target = copy(alias)\n target.update(kwargs)\n with set_module_args(self.args_from_var(target)):\n result = self.execute_module(changed=True)\n\n diff = dict(before=alias, after=copy(target))\n if set_after is not None:\n diff['after'].update(set_after)\n self.assertEqual(result['diff'], diff)\n if alias['type'] in ['host', 'port', 'network']:\n self.assert_xml_elt_value('aliases', dict(name=alias['name'], type=alias['type']), 'address', diff['after']['address'])\n else:\n self.assert_xml_elt_value('aliases', dict(name=alias['name'], type=alias['type']), 'url', diff['after']['url'])\n self.assertEqual(result['commands'], [command])\n\n ##############\n # hosts\n #\n def test_host_create(self):\n \"\"\" test creation of a new host alias \"\"\"\n alias = dict(name='adservers', address='10.0.0.1 10.0.0.2', descr='', type='host', detail='')\n command = \"create alias 'adservers', type='host', address='10.0.0.1 10.0.0.2', descr='', detail=''\"\n self.do_alias_creation_test(alias, command=command)\n\n def test_host_delete(self):\n \"\"\" test deletion of an host alias \"\"\"\n alias = dict(name='ad_poc1', address='192.168.1.3', descr='', type='host', detail='')\n command = \"delete alias 'ad_poc1'\"\n self.do_alias_deletion_test(alias, command=command)\n\n def test_host_update_noop(self):\n \"\"\" test not updating an host alias \"\"\"\n alias = dict(name='ad_poc1', address='192.168.1.3', descr='', type='host', detail='')\n self.do_alias_update_noop_test(alias)\n\n def test_host_update_ip(self):\n \"\"\" test updating address of an host alias \"\"\"\n alias = dict(name='ad_poc1', address='192.168.1.3', descr='', type='host', detail='')\n command = \"update alias 'ad_poc1' set address='192.168.1.4'\"\n self.do_alias_update_field(alias, address='192.168.1.4', command=command)\n\n def test_host_update_descr(self):\n \"\"\" test updating descr of an host alias \"\"\"\n alias = dict(name='ad_poc1', address='192.168.1.3', descr='', type='host', detail='')\n command = \"update alias 'ad_poc1' set descr='ad server'\"\n self.do_alias_update_field(alias, descr='ad server', command=command)\n\n ##############\n # ports\n #\n def test_port_create(self):\n \"\"\" test creation of a new port alias \"\"\"\n alias = dict(name='port_proxy', address='8080 8443', descr='', type='port', detail='')\n command = \"create alias 'port_proxy', type='port', address='8080 8443', descr='', detail=''\"\n self.do_alias_creation_test(alias, command=command)\n\n def test_port_delete(self):\n \"\"\" test deletion of a port alias \"\"\"\n alias = dict(name='port_ssh', address='22', descr='', type='port', detail='')\n command = \"delete alias 'port_ssh'\"\n self.do_alias_deletion_test(alias, command=command)\n\n def test_port_update_noop(self):\n \"\"\" test not updating a port alias \"\"\"\n alias = dict(name='port_ssh', address='22', descr='', type='port', detail='')\n self.do_alias_update_noop_test(alias)\n\n def test_port_update_port(self):\n \"\"\" test updating port of a port alias \"\"\"\n alias = dict(name='port_ssh', address='22', descr='', type='port', detail='')\n command = \"update alias 'port_ssh' set address='2222'\"\n self.do_alias_update_field(alias, address='2222', command=command)\n\n def test_port_update_descr(self):\n \"\"\" test updating descr of a port alias \"\"\"\n alias = dict(name='port_ssh', address='22', descr='', type='port', detail='')\n command = \"update alias 'port_ssh' set descr='ssh port'\"\n self.do_alias_update_field(alias, descr='ssh port', command=command)\n\n ##############\n # networks\n #\n def test_network_create(self):\n \"\"\" test creation of a new network alias \"\"\"\n alias = dict(name='data_networks', address='192.168.1.0/24 192.168.2.0/24', descr='', type='network', detail='')\n command = \"create alias 'data_networks', type='network', address='192.168.1.0/24 192.168.2.0/24', descr='', detail=''\"\n self.do_alias_creation_test(alias, command=command)\n\n def test_network_delete(self):\n \"\"\" test deletion of a network alias \"\"\"\n alias = dict(name='lan_data_poc3', address='192.168.3.0/24', descr='', type='network', detail='')\n command = \"delete alias 'lan_data_poc3'\"\n self.do_alias_deletion_test(alias, command=command)\n\n def test_network_update_noop(self):\n \"\"\" test not updating a network alias \"\"\"\n alias = dict(name='lan_data_poc3', address='192.168.3.0/24', descr='', type='network', detail='')\n self.do_alias_update_noop_test(alias)\n\n def test_network_update_network(self):\n \"\"\" test updating address of a network alias \"\"\"\n alias = dict(name='lan_data_poc3', address='192.168.3.0/24', descr='', type='network', detail='')\n command = \"update alias 'lan_data_poc3' set address='192.168.2.0/24'\"\n self.do_alias_update_field(alias, address='192.168.2.0/24', command=command)\n\n def test_network_update_descr(self):\n \"\"\" test updating descr of a network alias \"\"\"\n alias = dict(name='lan_data_poc3', address='192.168.3.0/24', descr='', type='network', detail='')\n command = \"update alias 'lan_data_poc3' set descr='data network'\"\n self.do_alias_update_field(alias, descr='data network', command=command)\n\n ##############\n # urltables\n #\n def test_urltable_create(self):\n \"\"\" test creation of a new urltable alias \"\"\"\n alias = dict(name='acme_table', address='http://www.acme.com', descr='', type='urltable', updatefreq='10', detail='')\n command = \"create alias 'acme_table', type='urltable', url='http://www.acme.com', descr='', detail='', updatefreq='10'\"\n self.do_alias_creation_test(alias, command=command, set_after=dict(url='http://www.acme.com'), unset_after=['address'])\n\n def test_urltable_create_url(self):\n \"\"\" test creation of a new urltable alias \"\"\"\n alias = dict(name='acme_table', url='http://www.acme.com', descr='', type='urltable', updatefreq='10', detail='')\n command = \"create alias 'acme_table', type='urltable', url='http://www.acme.com', descr='', detail='', updatefreq='10'\"\n self.do_alias_creation_test(alias, command=command)\n\n def test_urltable_create_exclusive(self):\n \"\"\" test creattion of a urltable alias with both address and url - fails \"\"\"\n alias = dict(\n name='acme_corp', address='http://www.acme-corp.com', url='http://www.acme-corp.com', descr='', type='urltable', updatefreq='10', detail='')\n self.do_alias_creation_test(alias, failed=True, msg='parameters are mutually exclusive: address|url')\n\n def test_urltable_delete(self):\n \"\"\" test deletion of a urltable alias \"\"\"\n alias = dict(\n name='acme_corp', url='http://www.acme-corp.com', descr='', type='urltable', updatefreq='10', detail='')\n command = \"delete alias 'acme_corp'\"\n self.do_alias_deletion_test(alias, command=command)\n\n def test_urltable_update_noop(self):\n \"\"\" test not updating a urltable alias \"\"\"\n alias = dict(\n name='acme_corp', url='http://www.acme-corp.com', descr='', type='urltable', updatefreq='10', detail='')\n self.do_alias_update_noop_test(alias)\n\n def test_urltable_update_url(self):\n \"\"\" test updating url of a urltable alias \"\"\"\n alias = dict(\n name='acme_corp', url='http://www.acme-corp.com', descr='', type='urltable', updatefreq='10', detail='')\n command = \"update alias 'acme_corp' set url='http://www.new-acme-corp.com'\"\n self.do_alias_update_field(alias, url='http://www.new-acme-corp.com', set_after=dict(url='http://www.new-acme-corp.com'), command=command)\n\n def test_urltable_update_descr(self):\n \"\"\" test updating descr of a urltable alias \"\"\"\n alias = dict(\n name='acme_corp', url='http://www.acme-corp.com', descr='', type='urltable', updatefreq='10', detail='')\n command = \"update alias 'acme_corp' set descr='acme corp urls'\"\n self.do_alias_update_field(alias, descr='acme corp urls', command=command)\n\n def test_urltable_update_freq(self):\n \"\"\" test updating updatefreq of a urltable alias \"\"\"\n alias = dict(\n name='acme_corp', url='http://www.acme-corp.com', descr='', type='urltable', updatefreq='10', detail='')\n command = \"update alias 'acme_corp' set updatefreq='20'\"\n self.do_alias_update_field(alias, updatefreq='20', command=command)\n\n def test_urltable_ports_create(self):\n \"\"\" test creation of a new urltable_ports alias \"\"\"\n alias = dict(name='acme_table', url='http://www.acme.com', descr='', type='urltable_ports', updatefreq='10', detail='')\n command = \"create alias 'acme_table', type='urltable_ports', url='http://www.acme.com', descr='', detail='', updatefreq='10'\"\n self.do_alias_creation_test(alias, command=command)\n\n ##############\n # misc\n #\n def test_create_alias_duplicate(self):\n \"\"\" test creation of a duplicate alias \"\"\"\n alias = dict(name='port_ssh', address='10.0.0.1 10.0.0.2', type='host')\n self.do_alias_creation_test(alias, failed=True, msg=\"An alias with this name and a different type already exists: 'port_ssh'\")\n\n def test_create_alias_invalid_name(self):\n \"\"\" test creation of a new alias with invalid name \"\"\"\n alias = dict(name='ads-ervers', address='10.0.0.1 10.0.0.2', type='host')\n msg = \"The alias name 'ads-ervers' must be less than 32 characters long, may not consist of only numbers, may not consist of only underscores, \"\n msg += \"and may only contain the following characters: a-z, A-Z, 0-9, _\"\n self.do_alias_creation_test(alias, failed=True, msg=msg)\n\n def test_create_alias_invalid_name_interface(self):\n \"\"\" test creation of a new alias with invalid name \"\"\"\n alias = dict(name='lan_100', address='10.0.0.1 10.0.0.2', type='host')\n self.do_alias_creation_test(alias, failed=True, msg=\"An interface description with this name already exists: 'lan_100'\")\n\n def test_create_alias_invalid_updatefreq(self):\n \"\"\" test creation of a new host alias with incoherent params \"\"\"\n alias = dict(name='adservers', address='10.0.0.1 10.0.0.2', type='host', updatefreq=10)\n self.do_alias_creation_test(alias, failed=True, msg='updatefreq is only valid with type urltable or urltable_ports')\n\n def test_create_alias_without_type(self):\n \"\"\" test creation of a new host alias without type \"\"\"\n alias = dict(name='adservers', address='10.0.0.1 10.0.0.2')\n self.do_alias_creation_test(alias, failed=True, msg='state is present but all of the following are missing: type')\n\n def test_create_alias_without_address(self):\n \"\"\" test creation of a new host alias without address \"\"\"\n alias = dict(name='adservers', type='host')\n self.do_alias_creation_test(alias, failed=True, msg='type is host but all of the following are missing: address')\n\n def test_create_alias_invalid_details(self):\n \"\"\" test creation of a new host alias with invalid details \"\"\"\n alias = dict(name='adservers', address='10.0.0.1 10.0.0.2', type='host', detail='ad1||ad2||ad3')\n self.do_alias_creation_test(alias, failed=True, msg='Too many details in relation to addresses')\n\n def test_create_alias_invalid_details2(self):\n \"\"\" test creation of a new host alias with invalid details \"\"\"\n alias = dict(name='adservers', address='10.0.0.1 10.0.0.2', type='host', detail='|ad1||ad2')\n self.do_alias_creation_test(alias, failed=True, msg='Vertical bars (|) at start or end of descriptions not allowed')\n\n def test_delete_inexistent_alias(self):\n \"\"\" test deletion of an inexistent alias \"\"\"\n alias = dict(name='ad_poc12', address='192.168.1.3', descr='', type='host', detail='')\n with set_module_args(self.args_from_var(alias, 'absent')):\n result = self.execute_module(changed=False)\n\n diff = dict(before={}, after={})\n self.assertEqual(result['diff'], diff)\n self.assertEqual(result['commands'], [])\n\n def test_check_mode(self):\n \"\"\" test updating an host alias without generating result \"\"\"\n alias = dict(name='ad_poc1', address='192.168.1.3', descr='', type='host', detail='')\n with set_module_args(self.args_from_var(alias, address='192.168.1.4', _ansible_check_mode=True)):\n result = self.execute_module(changed=True)\n\n diff = dict(before=alias, after=copy(alias))\n diff['after']['address'] = '192.168.1.4'\n self.assertEqual(result['diff'], diff)\n self.assertFalse(self.load_xml_result())\n self.assertEqual(result['commands'], [\"update alias 'ad_poc1' set address='192.168.1.4'\"])\n\n def test_urltable_required_if(self):\n \"\"\" test creation of a new urltable alias without giving updatefreq (should fail) \"\"\"\n alias = dict(name='acme_table', address='http://www.acme.com', descr='', type='urltable', detail='')\n with set_module_args(self.args_from_var(alias)):\n self.execute_module(failed=True, msg='type is urltable but all of the following are missing: updatefreq')\n\n def test_urltable_ports_required_if(self):\n \"\"\" test creation of a new urltable_ports alias without giving updatefreq (should fail) \"\"\"\n alias = dict(name='acme_table', address='http://www.acme.com', descr='', type='urltable_ports', detail='')\n with set_module_args(self.args_from_var(alias)):\n self.execute_module(failed=True, msg='type is urltable_ports but all of the following are missing: updatefreq')\n"
},
{
"path": "tests/unit/plugins/modules/test_pfsense_alias_null.py",
"content": "# Copyright: (c) 2018, Frederic Bor \n# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)\n\nfrom __future__ import (absolute_import, division, print_function)\n__metaclass__ = type\n\nimport pytest\nimport sys\n\nif sys.version_info < (2, 7):\n pytestmark = pytest.mark.skip(\"pfSense Ansible modules require Python >= 2.7\")\n\nfrom ansible_collections.community.internal_test_tools.tests.unit.plugins.modules.utils import set_module_args\nfrom ansible_collections.pfsensible.core.plugins.modules import pfsense_alias\nfrom ansible_collections.pfsensible.core.plugins.module_utils.alias import PFSenseAliasModule\n\nfrom .pfsense_module import TestPFSenseModule\n\n\n# Test alias creation starting without an initial element\nclass TestPFSenseAliasNullModule(TestPFSenseModule):\n\n module = pfsense_alias\n\n def __init__(self, *args, **kwargs):\n super(TestPFSenseAliasNullModule, self).__init__(*args, **kwargs)\n self.config_file = 'pfsense_alias_null_config.xml'\n self.pfmodule = PFSenseAliasModule\n\n ########################################################\n # Generic set of funcs used for testing aliases\n # First we run the module\n # Then, we check return values\n # Finally, we check the xml\n def do_alias_creation_test(self, alias, failed=False, msg='', command=None):\n \"\"\" test creation of a new alias \"\"\"\n with set_module_args(self.args_from_var(alias)):\n result = self.execute_module(changed=True, failed=failed, msg=msg)\n\n if not failed:\n diff = dict(before={}, after=alias)\n self.assertEqual(result['diff'], diff)\n self.assert_xml_elt_dict('aliases', dict(name=alias['name'], type=alias['type']), diff['after'])\n self.assertEqual(result['commands'], [command])\n else:\n self.assertFalse(self.load_xml_result())\n\n ##############\n # hosts\n #\n def test_host_create(self):\n \"\"\" test creation of a new host alias \"\"\"\n alias = dict(name='adservers', address='10.0.0.1 10.0.0.2', descr='', type='host', detail='')\n command = \"create alias 'adservers', type='host', address='10.0.0.1 10.0.0.2', descr='', detail=''\"\n self.do_alias_creation_test(alias, command=command)\n"
},
{
"path": "tests/unit/plugins/modules/test_pfsense_authserver_ldap.py",
"content": "# Copyright: (c) 2022, Orion Poplawski \n# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)\n\nfrom __future__ import (absolute_import, division, print_function)\n__metaclass__ = type\n\nimport pytest\nimport sys\n\nif sys.version_info < (2, 7):\n pytestmark = pytest.mark.skip(\"pfSense Ansible modules require Python >= 2.7\")\n\nfrom ansible_collections.pfsensible.core.plugins.modules import pfsense_authserver_ldap\nfrom .pfsense_module import TestPFSenseModule\n\n\nclass TestPFSenseAuthserverLDAPModule(TestPFSenseModule):\n\n module = pfsense_authserver_ldap\n\n def __init__(self, *args, **kwargs):\n super(TestPFSenseAuthserverLDAPModule, self).__init__(*args, **kwargs)\n self.config_file = 'pfsense_authserver_config.xml'\n self.pfmodule = pfsense_authserver_ldap.PFSenseAuthserverLDAPModule\n\n @staticmethod\n def runTest():\n \"\"\" dummy function needed to instantiate this test module from another in python 2.7 \"\"\"\n pass\n\n def get_target_elt(self, obj, absent=False, module_result=None):\n \"\"\" return target elt from XML \"\"\"\n root_elt = self.assert_find_xml_elt(self.xml_result, 'system')\n result = root_elt.findall(\"authserver[name='{0}']\".format(obj['name']))\n if len(result) == 1:\n return result[0]\n elif len(result) > 1:\n self.fail('Found multiple authservers for name {0}.'.format(obj['name']))\n else:\n return None\n\n def check_target_elt(self, obj, target_elt):\n \"\"\" check XML definition of target elt \"\"\"\n\n urltype = dict({'tcp': 'Standard TCP', 'starttls': 'STARTTLS Encrypted', 'ssl': 'SSL/TLS Encrypted'})\n self.check_param_equal(obj, target_elt, 'name')\n self.assert_xml_elt_match(target_elt, 'refid', r'[0-9a-f]{13}')\n self.assert_xml_elt_equal(target_elt, 'type', 'ldap')\n self.check_param_equal(obj, target_elt, 'ldap_caref', default='global')\n self.check_param_equal(obj, target_elt, 'host')\n self.check_param_equal(obj, target_elt, 'port', xml_field='ldap_port', default=389)\n self.assert_xml_elt_equal(target_elt, 'ldap_urltype', urltype[obj['transport']])\n self.check_param_equal(obj, target_elt, 'protover', xml_field='ldap_protver', default=3)\n self.check_param_equal(obj, target_elt, 'scope', xml_field='ldap_scope', default='one')\n self.check_param_equal(obj, target_elt, 'basedn', xml_field='ldap_basedn', default=None)\n self.check_param_equal(obj, target_elt, 'authcn', xml_field='ldap_authcn')\n self.check_param_bool(obj, target_elt, 'extended_enabled', xml_field='ldap_extended_enabled', value_true='yes')\n self.check_param_equal(obj, target_elt, 'extended_query', xml_field='ldap_extended_query')\n self.check_param_equal(obj, target_elt, 'attr_user', xml_field='ldap_attr_user', default='cn')\n self.check_param_equal(obj, target_elt, 'attr_group', xml_field='ldap_attr_group', default='cn')\n self.check_param_equal(obj, target_elt, 'attr_member', xml_field='ldap_attr_member', default='member')\n self.check_param_equal(obj, target_elt, 'attr_groupobj', xml_field='ldap_attr_groupobj', default='posixGroup')\n self.check_param_equal(obj, target_elt, 'pam_groupdn', xml_field='ldap_pam_groupdn', default=None)\n self.check_param_bool(obj, target_elt, 'ldap_allow_unauthenticated', xml_field='ldap_allow_unauthenticated', default=True)\n self.check_param_equal(obj, target_elt, 'timeout', xml_field='ldap_timeout', default=25)\n\n ##############\n # tests\n #\n def test_authserver_create(self):\n \"\"\" test creation of a new authserver \"\"\"\n obj = dict(name='authserver1', host='ldap.example.com', transport='tcp', scope='one', authcn='CN=Users')\n self.do_module_test(obj, command=\"create authserver_ldap 'authserver1', host='ldap.example.com'\")\n\n def test_authserver_delete(self):\n \"\"\" test deletion of a authserver \"\"\"\n obj = dict(name='DELLDAP')\n self.do_module_test(obj, command=\"delete authserver_ldap 'DELLDAP'\", delete=True)\n\n def test_authserver_update_noop(self):\n \"\"\" test not updating a authserver \"\"\"\n obj = dict(name='DELLDAP', host='ldap.example.com', transport='tcp', scope='one', authcn='CN=Users', timeout=25)\n self.do_module_test(obj, command=\"delete authserver_ldap 'DELLDAP'\", changed=False)\n\n def test_authserver_update_host(self):\n \"\"\" test updating host of a authserver \"\"\"\n obj = dict(name='DELLDAP', ldap_timeout=5, host='ldap2.blah.com', transport='tcp', scope='one', authcn='CN=Users')\n self.do_module_test(obj, command=\"update authserver_ldap 'DELLDAP' set host='ldap2.blah.com'\")\n\n def test_authserver_disable_allow_unauthenticated(self):\n \"\"\" test disabling ldap_allow_unauthenticated \"\"\"\n obj = dict(name='DELLDAP', host='ldap.example.com', transport='tcp', scope='one', authcn='CN=Users', ldap_allow_unauthenticated=False)\n self.do_module_test(obj, command=\"update authserver_ldap 'DELLDAP' set ldap_allow_unauthenticated=False\")\n\n ##############\n # misc\n #\n def test_create_authserver_invalid_timeout(self):\n \"\"\" test creation of a new authserver with invalid timeout \"\"\"\n obj = dict(name='DELLDAP', host='ldap.example.com', transport='tcp', scope='one', authcn='CN=Users', timeout=0)\n self.do_module_test(obj, command=\"update authserver_ldap 'DELLDAP'\", failed=True, msg='timeout 0 must be greater than 1')\n\n def test_delete_inexistent_authserver(self):\n \"\"\" test deletion of an inexistent authserver \"\"\"\n obj = dict(name='noauthserver')\n self.do_module_test(obj, state='absent', changed=False)\n"
},
{
"path": "tests/unit/plugins/modules/test_pfsense_authserver_radius.py",
"content": "# Copyright: (c) 2022, Orion Poplawski \n# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)\n\nfrom __future__ import (absolute_import, division, print_function)\n__metaclass__ = type\n\nimport pytest\nimport sys\n\nif sys.version_info < (2, 7):\n pytestmark = pytest.mark.skip(\"pfSense Ansible modules require Python >= 2.7\")\n\nfrom ansible_collections.pfsensible.core.plugins.modules import pfsense_authserver_radius\nfrom .pfsense_module import TestPFSenseModule\n\n\nclass TestPFSenseAuthserverRADIUSModule(TestPFSenseModule):\n\n module = pfsense_authserver_radius\n\n def __init__(self, *args, **kwargs):\n super(TestPFSenseAuthserverRADIUSModule, self).__init__(*args, **kwargs)\n self.config_file = 'pfsense_authserver_config.xml'\n self.pfmodule = pfsense_authserver_radius.PFSenseAuthserverRADIUSModule\n\n @staticmethod\n def runTest():\n \"\"\" dummy function needed to instantiate this test module from another in python 2.7 \"\"\"\n pass\n\n def get_target_elt(self, obj, absent=False, module_result=None):\n \"\"\" return target elt from XML \"\"\"\n root_elt = self.assert_find_xml_elt(self.xml_result, 'system')\n result = root_elt.findall(\"authserver[name='{0}']\".format(obj['name']))\n if len(result) == 1:\n return result[0]\n elif len(result) > 1:\n self.fail('Found multiple authservers for name {0}.'.format(obj['name']))\n else:\n return None\n\n def check_target_elt(self, obj, target_elt):\n \"\"\" check XML definition of target elt \"\"\"\n\n urltype = dict({'tcp': 'Standard TCP', 'starttls': 'STARTTLS Encrypted', 'ssl': 'SSL/TLS Encrypted'})\n self.check_param_equal(obj, target_elt, 'name')\n self.assert_xml_elt_match(target_elt, 'refid', r'[0-9a-f]{13}')\n self.assert_xml_elt_equal(target_elt, 'type', 'radius')\n self.check_param_equal(obj, target_elt, 'host')\n self.check_param_equal(obj, target_elt, 'auth_port', xml_field='radius_auth_port', default=1812)\n self.check_param_equal(obj, target_elt, 'acct_port', xml_field='radius_acct_port', default=1813)\n self.check_param_equal(obj, target_elt, 'protocol', xml_field='radius_protocol', default='MSCHAPv2')\n self.check_param_equal(obj, target_elt, 'secret', xml_field='radius_secret')\n self.check_param_equal(obj, target_elt, 'timeout', xml_field='radius_timeout', default=5)\n self.check_param_equal(obj, target_elt, 'nasip_attribute', xml_field='radius_nasip_attribute', default='lan')\n\n ##############\n # tests\n #\n def test_authserver_create(self):\n \"\"\" test creation of a new authserver \"\"\"\n obj = dict(name='authserver1', host='radius.example.com', secret='password1')\n self.do_module_test(obj, command=\"create authserver_radius 'authserver1'\")\n\n def test_authserver_delete(self):\n \"\"\" test deletion of a authserver \"\"\"\n obj = dict(name='DELRADIUS')\n self.do_module_test(obj, command=\"delete authserver_radius 'DELRADIUS'\", delete=True)\n\n def test_authserver_update_noop(self):\n \"\"\" test not updating a authserver \"\"\"\n obj = dict(name='DELRADIUS', host='radius.example.com', secret='password1', auth_port=1812)\n self.do_module_test(obj, changed=False)\n\n def test_authserver_update_host(self):\n \"\"\" test updating host of a authserver \"\"\"\n obj = dict(name='DELRADIUS', radius_timeout=25, host='radius2.blah.com', secret='password2')\n self.do_module_test(obj, command=\"update authserver_radius 'DELRADIUS' set \")\n\n ##############\n # misc\n #\n def test_create_authserver_invalid_timeout(self):\n \"\"\" test creation of a new authserver with invalid timeout \"\"\"\n obj = dict(name='DELRADIUS', host='radius.example.com', secret='password1', timeout=0)\n self.do_module_test(obj, command=\"update authserver_radius 'DELRADIUS'\", failed=True, msg='timeout 0 must be greater than 1')\n\n def test_delete_inexistent_authserver(self):\n \"\"\" test deletion of an inexistent authserver \"\"\"\n obj = dict(name='noauthserver')\n self.do_module_test(obj, state='absent', changed=False)\n"
},
{
"path": "tests/unit/plugins/modules/test_pfsense_ca.py",
"content": "# Copyright: (c) 2022, Orion Poplawski \n# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)\n\nfrom __future__ import (absolute_import, division, print_function)\n__metaclass__ = type\n\nimport pytest\nimport sys\n\nif sys.version_info < (2, 7):\n pytestmark = pytest.mark.skip(\"pfSense Ansible modules require Python >= 2.7\")\n\nfrom ansible_collections.pfsensible.core.plugins.modules import pfsense_ca\nfrom .pfsense_module import TestPFSenseModule\nfrom ansible_collections.community.internal_test_tools.tests.unit.compat.mock import patch\n\nCERTIFICATE = (\n \"LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUVDRENDQXZDZ0F3SUJBZ0lJRmpGT2hzMW5NelF3RFFZSktvWklodmNOQVFFTEJRQXdYREVUTUJFR0ExVUUKQXhNS2IzQmxiblp3YmkxallURUxN\"\n \"QWtHQTFVRUJoTUNWVk14RVRBUEJnTlZCQWdUQ0VOdmJHOXlZV1J2TVJBdwpEZ1lEVlFRSEV3ZENiM1ZzWkdWeU1STXdFUVlEVlFRS0V3cHdabE5sYm5OcFlteGxNQjRYRFRJeU1ESXhOREExCk1EZ3pN\"\n \"Vm9YRFRNeU1ESXhNakExTURnek1Wb3dYREVUTUJFR0ExVUVBeE1LYjNCbGJuWndiaTFqWVRFTE1Ba0cKQTFVRUJoTUNWVk14RVRBUEJnTlZCQWdUQ0VOdmJHOXlZV1J2TVJBd0RnWURWUVFIRXdkQ2Iz\"\n \"VnNaR1Z5TVJNdwpFUVlEVlFRS0V3cHdabE5sYm5OcFlteGxNSUlCSWpBTkJna3Foa2lHOXcwQkFRRUZBQU9DQVE4QU1JSUJDZ0tDCkFRRUFtc3ZpSk1FMUVUZWQ0Zk90YmtIcEYzZDllTSs2NDA4WFBu\"\n \"YTh0SkdkQnEzVUFDeEV6b2FCS1J0MnkxY3QKNnpRRGU1RkY0QUF2dFYxdWNacHNsNW80RFMvSUdTYm42ZDNZTWsrajhqQVEzRW16UjhHT29obmdmMVE5QVhDNgpvaDRyQlA1c1g0WTh1WThrSjNZclg1\"\n \"cVRwRlk1S0hMVTFBb1BleVE3eXlNWkhMb2t0OW5jK0ZGWnd3VTdSQ0dTCmNOTFppVnhDUVFLNXA4azltQThiZ3hscVlrZjBtQXlCTnc5TUFmUFVjVWtxRjZQMGdXUEhsSXJIWi91aGc3ZFUKKzIyYW9j\"\n \"S1VFTml2OW1xYStCNmNVZ0xURlQ2czBWU0VzWC9kQWVoNjJZTGdmbVhKZzZkTkhRSStNZzZTa2VscAprOVZSVGVqaUVUSUVWOEpnZHYyTjdSU201d0lEQVFBQm80SE5NSUhLTUIwR0ExVWREZ1FXQkJS\"\n \"azVvQS8wcWEyCktQd2dvWEpxS010K0FvS0pnVENCalFZRFZSMGpCSUdGTUlHQ2dCUms1b0EvMHFhMktQd2dvWEpxS010K0FvS0oKZ2FGZ3BGNHdYREVUTUJFR0ExVUVBeE1LYjNCbGJuWndiaTFqWVRF\"\n \"TE1Ba0dBMVVFQmhNQ1ZWTXhFVEFQQmdOVgpCQWdUQ0VOdmJHOXlZV1J2TVJBd0RnWURWUVFIRXdkQ2IzVnNaR1Z5TVJNd0VRWURWUVFLRXdwd1psTmxibk5wCllteGxnZ2dXTVU2R3pXY3pOREFNQmdO\"\n \"VkhSTUVCVEFEQVFIL01Bc0dBMVVkRHdRRUF3SUJCakFOQmdrcWhraUcKOXcwQkFRc0ZBQU9DQVFFQVVIOUtDZG1KZG9BSmxVMHdCSkhZeGpMcktsbFBZNk9OYnpyNUpiaENNNjlIeHhZTgpCa2lpbXd1\"\n \"N09mRmFGZkZDT25NSjhvcStKVGxjMG9vREoxM2xCdHRONkdybnZrUTNQMXdZYkNFTmJuaWxPYVVCClRJcmlIeXRORFFhb3VOYS9LV3M3RmF1b2JjdEJsMXc5YXRvSFpzTjVvZWhUM3JBVHYxQ0NBdGpw\"\n \"YVRKSWZKUjMKMElRT1lrZTRvWTZEa0l3SHAydlBQbW9vR2dJdGJUdzNVK0U0MVlaZTdxQ21FLzd6TFRTWmtJTTJseDZ6RDQ2agpEZjRyZ044TVVMNnhpd09MbzlyQUp5ckRNM2JEeTJ1QjY0QkVzRFFM\"\n \"a2huUE92ZWtETjQ1NnV6TmpYS0E3VnE4CmgxL2d6RFpJRGkrV1hDWUFjYmdMaFpWQnF0bjYydW1GcE1SSXV3PT0KLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQo=\")\nCRL1 = (\n \"LS0tLS1CRUdJTiBYNTA5IENSTC0tLS0tCk1JSUNkRENDQVZ3Q0FRRXdEUVlKS29aSWh2Y05BUUVGQlFBd1hERVRNQkVHQTFVRUF4TUtiM0JsYm5ad2JpMWoKWVRFTE1Ba0dBMVVFQmhNQ1ZWTXhFVEFQ\"\n \"QmdOVkJBZ1RDRU52Ykc5eVlXUnZNUkF3RGdZRFZRUUhFd2RDYjNWcwpaR1Z5TVJNd0VRWURWUVFLRXdwd1psTmxibk5wWW14bEZ3MHlNakF5TVRrd05UVXhNRFphRncwME9UQTNNRFl3Ck5UVXhNRFph\"\n \"TUNrd0p3SUlMdnhrNzExMkdwUVhEVEl5TURJeE9UQTFOVEV3TWxvd0REQUtCZ05WSFJVRUF3b0IKQmFDQm9EQ0JuVENCalFZRFZSMGpCSUdGTUlHQ2dCUms1b0EvMHFhMktQd2dvWEpxS010K0FvS0pn\"\n \"YUZncEY0dwpYREVUTUJFR0ExVUVBeE1LYjNCbGJuWndiaTFqWVRFTE1Ba0dBMVVFQmhNQ1ZWTXhFVEFQQmdOVkJBZ1RDRU52CmJHOXlZV1J2TVJBd0RnWURWUVFIRXdkQ2IzVnNaR1Z5TVJNd0VRWURW\"\n \"UVFLRXdwd1psTmxibk5wWW14bGdnZ1cKTVU2R3pXY3pOREFMQmdOVkhSUUVCQUlDSnhFd0RRWUpLb1pJaHZjTkFRRUZCUUFEZ2dFQkFGbXJ5cFUxU3p5dApNUUZCRWFZZk9waVpqRVhVajE5MVZuWENl\"\n \"b0tNMk83bVUzYW5HVXRZQUJMcG15dmN2YnU2ZkJCVEtYSTFEb0VvClJkV1VDTVMxbk5BTWwyU0N0ZmJ5RHNHNjZHczRiNnRZeXE1SW5LVFJJdldUeU5vS0JiUHc1OHZYV0ljNmVmUXgKSTYvZSt4U3di\"\n \"eE9MSFlRdGd4WTJOdk9xVGVnVE0rTHpIcmNJWmFPS09NbHNodTA4ajgzSnUxR0ttYlBKME1jZwpyVXNiYXRKcURUdWtQMi9VbmI0N1hwN21qUHVTY0Z5MjN2RGl2OHdvcjBYOEFSQW1ibTN4N2ZKeTlt\"\n \"V2d1OVhMCmpNV1lxN1BEaXhwWElqTVdhZzN2bVYxOC9IdDIybW1xS1RPM3prVnJLUDA1TEhCNVloM2ZZcEpWdEhkeENlTzUKdmlvbU53SzA3QUE9Ci0tLS0tRU5EIFg1MDkgQ1JMLS0tLS0=\")\nCRL2 = (\n \"-----BEGIN X509 CRL-----\\n\"\n \"MIICSDCCATACAQEwDQYJKoZIhvcNAQEFBQAwXDETMBEGA1UEAxMKb3BlbnZwbi1j\\n\"\n \"YTELMAkGA1UEBhMCVVMxETAPBgNVBAgTCENvbG9yYWRvMRAwDgYDVQQHEwdCb3Vs\\n\"\n \"ZGVyMRMwEQYDVQQKEwpwZlNlbnNpYmxlFw0yMzAxMDcyMzIzMDNaFw01MDA1MjQy\\n\"\n \"MzIzMDNaoIGfMIGcMIGNBgNVHSMEgYUwgYKAFGTmgD/SprYo/CChcmooy34CgomB\\n\"\n \"oWCkXjBcMRMwEQYDVQQDEwpvcGVudnBuLWNhMQswCQYDVQQGEwJVUzERMA8GA1UE\\n\"\n \"CBMIQ29sb3JhZG8xEDAOBgNVBAcTB0JvdWxkZXIxEzARBgNVBAoTCnBmU2Vuc2li\\n\"\n \"bGWCCBYxTobNZzM0MAoGA1UdFAQDAgECMA0GCSqGSIb3DQEBBQUAA4IBAQAxhuDn\\n\"\n \"A7SJl760tXhQFSWMKTn7VndhiR86GRJzS8H3uyfRqesGrUIcVFlN+z6XqHsJsann\\n\"\n \"+/fPvCf5Oo0+R5o4NDpByx5CO0mAy0WReds4bykoSKVUJXEVFXNHl14+Emh6mJtP\\n\"\n \"m/Uzzq4cKEtAxZdqd9tbaTwTh4NbH1C7RmbUgRKjWma4CiC1Sofo5mIhx5cCv+ng\\n\"\n \"Ny5w9dLF4s+6qFXjvfYmQ0FyeRcltUoF3kTabS1WCdkGjsUSeGHBFLM4NH2mJPMR\\n\"\n \"0yfIGdipSonSTF51ICqgoUGAYPqObvlQZDMjFF+GFL3LNQ7gO+1R1OMMKAZ+96nX\\n\"\n \"gwt+00UVYhQCCZ3k\\n\"\n \"-----END X509 CRL-----\\n\")\n\n\nclass TestPFSenseCAModule(TestPFSenseModule):\n\n module = pfsense_ca\n\n def __init__(self, *args, **kwargs):\n super(TestPFSenseCAModule, self).__init__(*args, **kwargs)\n self.config_file = 'pfsense_ca_config.xml'\n self.pfmodule = pfsense_ca.PFSenseCAModule\n\n def setUp(self):\n \"\"\" mocking up \"\"\"\n\n super(TestPFSenseCAModule, self).setUp()\n\n self.mock_php = patch('ansible_collections.pfsensible.core.plugins.module_utils.pfsense.PFSenseModule.php')\n self.php = self.mock_php.start()\n self.php.return_value = '12000'\n\n @staticmethod\n def runTest():\n \"\"\" dummy function needed to instantiate this test module from another in python 2.7 \"\"\"\n pass\n\n def get_target_elt(self, obj, absent=False, module_result=None):\n \"\"\" return target elt from XML \"\"\"\n root_elt = self.xml_result.getroot()\n result = root_elt.findall(\"ca[descr='{0}']\".format(obj['name']))\n if len(result) == 1:\n return result[0]\n elif len(result) > 1:\n self.fail('Found multiple CAs for name {0}.'.format(obj['name']))\n else:\n return None\n\n def check_target_elt(self, obj, target_elt):\n \"\"\" check XML definition of target elt \"\"\"\n\n self.check_param_equal(obj, target_elt, 'name', xml_field='descr')\n if 'trust' in obj:\n self.check_param_bool(obj, target_elt, 'trust', value_true='enabled', value_false='disabled')\n if 'randomserial' in obj:\n self.check_param_bool(obj, target_elt, 'randomserial', value_true='enabled', value_false='disabled')\n self.check_param_equal_or_present(obj, target_elt, 'serial')\n self.check_param_equal(obj, target_elt, 'certificate', xml_field='crt')\n\n ##############\n # tests\n #\n def test_ca_create(self):\n \"\"\" test creation of a new ca \"\"\"\n obj = dict(name='ca1', certificate=CERTIFICATE)\n self.do_module_test(obj, command=\"create ca 'ca1'\")\n\n def test_ca_add_crl(self):\n \"\"\" test adding a CRL \"\"\"\n obj = dict(name='ca1', certificate=CERTIFICATE, crl=CRL1)\n self.do_module_test(obj, command=\"create ca 'ca1'\")\n\n def test_ca_change_crl(self):\n \"\"\" test adding a CRL \"\"\"\n obj = dict(name='ca1', certificate=CERTIFICATE, crl=CRL2)\n self.do_module_test(obj, command=\"create ca 'ca1'\")\n\n def test_ca_delete(self):\n \"\"\" test deletion of a ca \"\"\"\n obj = dict(name='testdel')\n self.do_module_test(obj, command=\"delete ca 'testdel'\", delete=True)\n\n def test_ca_update_noop(self):\n \"\"\" test not updating a ca \"\"\"\n obj = dict(name='testdel', certificate=CERTIFICATE)\n self.do_module_test(obj, changed=False)\n\n def test_ca_update_serial(self):\n \"\"\" test updating serial of a ca \"\"\"\n obj = dict(name='testdel', certificate=CERTIFICATE, serial=10)\n self.do_module_test(obj, command=\"update ca 'testdel' set serial='10'\")\n\n def test_ca_update_trust(self):\n \"\"\" test updating trust of a ca \"\"\"\n obj = dict(name='testdel', certificate=CERTIFICATE, trust=False)\n self.do_module_test(obj, command=\"update ca 'testdel' set \")\n\n ##############\n # misc\n #\n def test_create_ca_invalid_serial(self):\n \"\"\" test creation of a new ca with invalid serial \"\"\"\n obj = dict(name='ca1', certificate=CERTIFICATE, serial=-1)\n self.do_module_test(obj, failed=True, msg='serial must be greater than 0')\n\n def test_delete_nonexistent_ca(self):\n \"\"\" test deletion of an nonexistent ca \"\"\"\n obj = dict(name='noca')\n self.do_module_test(obj, commmand=None, state='absent', changed=False)\n"
},
{
"path": "tests/unit/plugins/modules/test_pfsense_cert.py",
"content": "# Copyright: (c) 2025, Orion Poplawski \n# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)\n\nfrom __future__ import (absolute_import, division, print_function)\n__metaclass__ = type\n\nimport pytest\nimport sys\n\nif sys.version_info < (2, 7):\n pytestmark = pytest.mark.skip(\"pfSense Ansible modules require Python >= 2.7\")\n\nfrom ansible_collections.pfsensible.core.plugins.modules import pfsense_cert\nfrom .pfsense_module import TestPFSenseModule\n\nTESTDEL_CRT = (\n \"LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUVDRENDQXZDZ0F3SUJBZ0lJRmpGT2hzMW5NelF3RFFZSktvWklodmNOQVFFTEJRQXdYREVUTUJFR0ExVUUKQXhNS2IzQmxiblp3YmkxallURUxN\"\n \"QWtHQTFVRUJoTUNWVk14RVRBUEJnTlZCQWdUQ0VOdmJHOXlZV1J2TVJBdwpEZ1lEVlFRSEV3ZENiM1ZzWkdWeU1STXdFUVlEVlFRS0V3cHdabE5sYm5OcFlteGxNQjRYRFRJeU1ESXhOREExCk1EZ3pN\"\n \"Vm9YRFRNeU1ESXhNakExTURnek1Wb3dYREVUTUJFR0ExVUVBeE1LYjNCbGJuWndiaTFqWVRFTE1Ba0cKQTFVRUJoTUNWVk14RVRBUEJnTlZCQWdUQ0VOdmJHOXlZV1J2TVJBd0RnWURWUVFIRXdkQ2Iz\"\n \"VnNaR1Z5TVJNdwpFUVlEVlFRS0V3cHdabE5sYm5OcFlteGxNSUlCSWpBTkJna3Foa2lHOXcwQkFRRUZBQU9DQVE4QU1JSUJDZ0tDCkFRRUFtc3ZpSk1FMUVUZWQ0Zk90YmtIcEYzZDllTSs2NDA4WFBu\"\n \"YTh0SkdkQnEzVUFDeEV6b2FCS1J0MnkxY3QKNnpRRGU1RkY0QUF2dFYxdWNacHNsNW80RFMvSUdTYm42ZDNZTWsrajhqQVEzRW16UjhHT29obmdmMVE5QVhDNgpvaDRyQlA1c1g0WTh1WThrSjNZclg1\"\n \"cVRwRlk1S0hMVTFBb1BleVE3eXlNWkhMb2t0OW5jK0ZGWnd3VTdSQ0dTCmNOTFppVnhDUVFLNXA4azltQThiZ3hscVlrZjBtQXlCTnc5TUFmUFVjVWtxRjZQMGdXUEhsSXJIWi91aGc3ZFUKKzIyYW9j\"\n \"S1VFTml2OW1xYStCNmNVZ0xURlQ2czBWU0VzWC9kQWVoNjJZTGdmbVhKZzZkTkhRSStNZzZTa2VscAprOVZSVGVqaUVUSUVWOEpnZHYyTjdSU201d0lEQVFBQm80SE5NSUhLTUIwR0ExVWREZ1FXQkJS\"\n \"azVvQS8wcWEyCktQd2dvWEpxS010K0FvS0pnVENCalFZRFZSMGpCSUdGTUlHQ2dCUms1b0EvMHFhMktQd2dvWEpxS010K0FvS0oKZ2FGZ3BGNHdYREVUTUJFR0ExVUVBeE1LYjNCbGJuWndiaTFqWVRF\"\n \"TE1Ba0dBMVVFQmhNQ1ZWTXhFVEFQQmdOVgpCQWdUQ0VOdmJHOXlZV1J2TVJBd0RnWURWUVFIRXdkQ2IzVnNaR1Z5TVJNd0VRWURWUVFLRXdwd1psTmxibk5wCllteGxnZ2dXTVU2R3pXY3pOREFNQmdO\"\n \"VkhSTUVCVEFEQVFIL01Bc0dBMVVkRHdRRUF3SUJCakFOQmdrcWhraUcKOXcwQkFRc0ZBQU9DQVFFQVVIOUtDZG1KZG9BSmxVMHdCSkhZeGpMcktsbFBZNk9OYnpyNUpiaENNNjlIeHhZTgpCa2lpbXd1\"\n \"N09mRmFGZkZDT25NSjhvcStKVGxjMG9vREoxM2xCdHRONkdybnZrUTNQMXdZYkNFTmJuaWxPYVVCClRJcmlIeXRORFFhb3VOYS9LV3M3RmF1b2JjdEJsMXc5YXRvSFpzTjVvZWhUM3JBVHYxQ0NBdGpw\"\n \"YVRKSWZKUjMKMElRT1lrZTRvWTZEa0l3SHAydlBQbW9vR2dJdGJUdzNVK0U0MVlaZTdxQ21FLzd6TFRTWmtJTTJseDZ6RDQ2agpEZjRyZ044TVVMNnhpd09MbzlyQUp5ckRNM2JEeTJ1QjY0QkVzRFFM\"\n \"a2huUE92ZWtETjQ1NnV6TmpYS0E3VnE4CmgxL2d6RFpJRGkrV1hDWUFjYmdMaFpWQnF0bjYydW1GcE1SSXV3PT0KLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQo=\")\nTESTDEL_KEY = (\n \"LS0tLS1CRUdJTiBQUklWQVRFIEtFWS0tLS0tDQpNSUlFdlFJQkFEQU5CZ2txaGtpRzl3MEJBUUVGQUFTQ0JLY3dnZ1NqQWdFQUFvSUJBUUNheStJa3dUVVJONTNoDQo4NjF1UWVrWGQzMTR6N3JqVHhj\"\n \"K2RyeTBrWjBHcmRRQUxFVE9ob0VwRzNiTFZ5M3JOQU43a1VYZ0FDKzFYVzV4DQptbXlYbWpnTkw4Z1pKdWZwM2RneVQ2UHlNQkRjU2JOSHdZNmlHZUIvVkQwQmNMcWlIaXNFL214ZmhqeTVqeVFuDQpk\"\n \"aXRmbXBPa1Zqa29jdFRVQ2c5N0pEdkxJeGtjdWlTMzJkejRVVm5EQlR0RUlaSncwdG1KWEVKQkFybW55VDJZDQpEeHVER1dwaVIvU1lESUUzRDB3Qjg5UnhTU29Yby9TQlk4ZVVpc2RuKzZHRHQxVDdi\"\n \"WnFod3BRUTJLLzJhcHI0DQpIcHhTQXRNVlBxelJWSVN4ZjkwQjZIclpndUIrWmNtRHAwMGRBajR5RHBLUjZXbVQxVkZONk9JUk1nUlh3bUIyDQovWTN0RktibkFnTUJBQUVDZ2dFQUNYN0FIR2tOakVU\"\n \"UkZtOFFFRmRTcVBIWGJIV3hqUWZvOFJmdmMxUUxRY0dmDQo0M0xUdGFkaWZOY0dibXFta21yYVc5WUpaemdidFJCS0dnWFM2Mm0yVG5qRDJXY2RpcWJsQUJFS2lXeVJYREhaDQpJV21xQ2g5ME9kczg4\"\n \"cjJyZFE1TXJUMitBQTRINDRuNE9jTngzYWRwcndicThxUTRrZGtjSWYyUy9WN2x4M0U3DQpLWVNyVnNZT3hUS0dwQVl4MzVtU3oyckRadXFhcVhyRGtwSTYxa2tFVDluaGJzQStVZDE5aXZrZ3J1WlU3\"\n \"bVp3DQpmRzQ0V3JDeEhSNjdiYW1LQ3VPei81SnlKNUt5US9VaFkzak9lczkxZXRpeHJXUkRpaXRCVVIwc01kMXZuQ2cyDQpTSkpjQnAvYXRwbWNjMGY1OVZFSDRGOTNqY01jR3V5cE1mQmkwNExFd1FL\"\n \"QmdRRE1BUSsyVk5aQWJ5aVM0cWZqDQpXelE0UWl6MDNSdmUybVhaNHc1aEdKSmk0QnkvdmI4K2xoOE9acGFWSFBjRTVya0tBbExEaFRwUEl0dTFwNWZzDQpic05MTHpJYkIwUmVBdGUxc3JGOU9SRHp0\"\n \"VThKblhrNDEwcnFMbmdBZmhVTGUvSUttNjBtUG4vWWU0UnhVSVI3DQp2TjFNemJXMnlYdHJCSlZ5VG1jbFRkRDZ5UUtCZ1FEQ1FCa1B2NnFpYXZXaG1IRnBiZ3QvMklpSUlBUk5iSUJjDQpmVnVUYVFJ\"\n \"bXlOZlVSVzlUVG10UHFiYXRuOGhaWFFaL1ZCbWdaMklPOCtCMXBFYW5zYjZCS2xJMXFUMFdMUzR4DQpaV0hLQ3hEdVFiMXNUYmNRMnd3NW5jbk50c1dlWlkxUlV1dlpYcVQwZFU4WUIwb2FsdGVYWTNV\"\n \"bDJrUWJuWUcvDQpINUpJeWJPOEx3S0JnUURKNE1zQnJoYVBrUERmMm5nMW4wMmYxcXpTYS9SbXBrMWdQemM5a3FsYU8xbDN6WGZ4DQpvWEYrT0xzUE9LaWlLd2cyQlhLTmxjdk1BRHpZR005WTQ0dFRY\"\n \"Wk1CK0VFSm4xcURyaC9DUWJTcTEyTXRxcTRKDQpOOVFreG5OdVdWYk9GSXZEUDZjclQzSUljc0x2dDdSREZ2VVFTZ2xtcHlBQkdYb2lzYitVeE5ybk1RS0JnR09QDQpZc2oxbmNsOU5NUk1VK1NMcUkw\"\n \"d09Gbzh2cmZJSXNwRTNnamh5MTZCbGsyUUFRMGJwbGpBVFljVDNDWWhUZEU1DQpFNkZwRzVNNllCTXJ6YUxwc1JDVzFtZjJnLzYzelhNMzJUVXJFdFJyRVdGUE84TUI0blF0Y1Y5a2pFa3hGNHRWDQpD\"\n \"dGp3YjI5MEtNUFNDS00wS08vSTVDUXdpTFAydUtkeTBSRkpnRHUxQW9HQUxqSTdGZDl0ckFrY1dSenMyVHpRDQptaDRTZWxHRDFvdFAxRXpFa1hYVlZwK1lMNXlxOWM3V3hsa09RY1lFVmd1N2huNVFn\"\n \"cnBRUFZPTFVmbkJoajdXDQo1MC9IVmR6V21wSXg5NUlqZXFDZklBV1U3N0I5cmJUR2hvWWMzbTdJcEdObzl2WlhHYWgrc2JHY3BEK1phV3UzDQp1Q25pTnJpZEhORGgzWHZQVFZkRTRlVT0NCi0tLS0t\"\n \"RU5EIFBSSVZBVEUgS0VZLS0tLS0NCg==\")\nWEB_CRT = (\n \"LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUVsRENDQTN5Z0F3SUJBZ0lJU2JlZ00zSWZSTEV3RFFZSktvWklodmNOQVFFTEJRQXdXakU0TURZR0ExVUUKQ2hNdmNHWlRaVzV6WlNCM1pXSkRi\"\n \"MjVtYVdkMWNtRjBiM0lnVTJWc1ppMVRhV2R1WldRZ1EyVnlkR2xtYVdOaApkR1V4SGpBY0JnTlZCQU1URlhCbVUyVnVjMlV0TmpJd09ETTJOemxqWkROa05EQWVGdzB5TWpBeU1USXlNak0yCk5ERmFG\"\n \"dzB5TXpBek1UY3lNak0yTkRGYU1Gb3hPREEyQmdOVkJBb1RMM0JtVTJWdWMyVWdkMlZpUTI5dVptbG4KZFhKaGRHOXlJRk5sYkdZdFUybG5ibVZrSUVObGNuUnBabWxqWVhSbE1SNHdIQVlEVlFRREV4\"\n \"VndabE5sYm5ObApMVFl5TURnek5qYzVZMlF6WkRRd2dnRWlNQTBHQ1NxR1NJYjNEUUVCQVFVQUE0SUJEd0F3Z2dFS0FvSUJBUURHCjkzVW5PMm1MbTRFVTRwOUtlMCtmbkZCQTZGV245eTBDcjhaY0dx\"\n \"VFZiN0E3ejY4Y1JBd0l4bEVDYmtWaUx1ejcKSnNUK2gwd1Jiclo3RWI1dkpvZ3JaUHZSV1ByeW9JQWwrT2w1b1dFbE0ycTBQMVJQdjZETndaYjFsUHgzNXdXOApBa1gxQkhLL3FEWWJibjVVRXdqOVdm\"\n \"aVpmcnNJeFBHM21ubmpHMHpiMktOaGJGNDM4Tk1xVTVadVRvQW5PYW9PCmJqb2tveWhNUUh1N0JGV2tQS25lTFJGN3lmN0Q3TVp1QnBBbWVCbnllYkl1ZkpzS1ViWGE3OTNFanVPcjN4disKb2J3Qmht\"\n \"MUN3NWRpc1o2SDZzS2ZudFJ6UWFUZXhZWEo3WGo2MDdtMWc2YkpqR2FweG9WTTlvU1VlUGlzVWNCOQpNbEp1WkpnVmVOYVlFQkJPbEgxWkFnTUJBQUdqZ2dGY01JSUJXREFKQmdOVkhSTUVBakFBTUJF\"\n \"R0NXQ0dTQUdHCitFSUJBUVFFQXdJR1FEQUxCZ05WSFE4RUJBTUNCYUF3TXdZSllJWklBWWI0UWdFTkJDWVdKRTl3Wlc1VFUwd2cKUjJWdVpYSmhkR1ZrSUZObGNuWmxjaUJEWlhKMGFXWnBZMkYwWlRB\"\n \"ZEJnTlZIUTRFRmdRVWNHMlpNNHdKRlpQRQoxV1ZndXd0eFRUT0RhOGd3Z1lzR0ExVWRJd1NCZ3pDQmdJQVVjRzJaTTR3SkZaUEUxV1ZndXd0eFRUT0RhOGloClhxUmNNRm94T0RBMkJnTlZCQW9UTDNC\"\n \"bVUyVnVjMlVnZDJWaVEyOXVabWxuZFhKaGRHOXlJRk5sYkdZdFUybG4KYm1Wa0lFTmxjblJwWm1sallYUmxNUjR3SEFZRFZRUURFeFZ3WmxObGJuTmxMVFl5TURnek5qYzVZMlF6WkRTQwpDRW0zb0RO\"\n \"eUgwU3hNQ2NHQTFVZEpRUWdNQjRHQ0NzR0FRVUZCd01CQmdnckJnRUZCUWNEQWdZSUt3WUJCUVVJCkFnSXdJQVlEVlIwUkJCa3dGNElWY0daVFpXNXpaUzAyTWpBNE16WTNPV05rTTJRME1BMEdDU3FH\"\n \"U0liM0RRRUIKQ3dVQUE0SUJBUUFzazBrTU12dVR0T3c2Ymx5a1U5cWNkRnQvVDlGOFZBZ0taNHgzYXNxNlArRG96N1FGVFpKVwprdmlrQVVUekpMMys4c0NKRDdjV3BZa2ZpdDRBYndhWFIyRzVsczhj\"\n \"L0JRcUdmY1ZOUnJVdWRscG12UUYrYk5iClMxZ2xjS2hYYXZuYnlQdkRMem9CZGVlTmhqYXIzcWc1TTV6T3I0aXYyM0hCZVc2aEY2c0FrV3dpVkU5NEJmZ00KOS9qeW5GalVYTkJheStMODM2TXBpNDhp\"\n \"NnE4OHdlQ25UdDdaTFFjWlZXb0IwcWNQSS96SExTUFlTNlhhcmdvdgpva3E1M3ZQSG9HNnRGUHpFSkpFVmNmOTV1bVcwaUpFR3hCQ3dTeVlnd2xSY0pEeGJ1QklFY0xWb2JKclVveHNLClJXcW13SHdQ\"\n \"YkFxRjBOMUZ0cFJ6K3Yvd0lQYWdSQ2lVCi0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K\")\nWEB_KEY = (\n \"LS0tLS1CRUdJTiBQUklWQVRFIEtFWS0tLS0tCk1JSUV2d0lCQURBTkJna3Foa2lHOXcwQkFRRUZBQVNDQktrd2dnU2xBZ0VBQW9JQkFRREc5M1VuTzJtTG00RVUKNHA5S2UwK2ZuRkJBNkZXbjl5MENy\"\n \"FpjR3FUVmI3QTd6NjhjUkF3SXhsRUNia1ZpTHV6N0pzVCtoMHdSYnJaNwpFYjV2Sm9nclpQdlJXUHJ5b0lBbCtPbDVvV0VsTTJxMFAxUlB2NkROd1piMWxQeDM1d1c4QWtYMUJISy9xRFliCmJuNVVFd\"\n \"2o5V2ZpWmZyc0l4UEczbW5uakcwemIyS05oYkY0MzhOTXFVNVp1VG9Bbk9hb09iam9rb3loTVFIdTcKQkZXa1BLbmVMUkY3eWY3RDdNWnVCcEFtZUJueWViSXVmSnNLVWJYYTc5M0VqdU9yM3h2K29id\"\n \"0JobTFDdzVkaQpzWjZINnNLZm50UnpRYVRleFlYSjdYajYwN20xZzZiSmpHYXB4b1ZNOW9TVWVQaXNVY0I5TWxKdVpKZ1ZlTmFZCkVCQk9sSDFaQWdNQkFBRUNnZ0VCQUxldGVIeVlUMjV2UnpIVnFFS\"\n \"GxKbk50cFhUV1IwVUJYWThPWUN0aytXaUUKYkFnN1NTZnA5Y1lmOW1jdEQyWjlkWTdCa3JoNmhKSFBTQ3pEQzYrbXZheDUxRExHVnh5bmFNWWxUTHhaYThvZwo5aytoNng2WUJFWU9nbU1DZ0RQY2xTR\"\n \"2tZNXEyMll2dktNd1lMQTFIYVZRaHUrdFA0REJQUitvOGRHdGhKNG9ICmlna3Z4OWhQOVAzc1VBZjFQQWtKMzkyYjZ6dGJOYkRWdXhGSTFVbklCKzF1c2s5VUduWlM5bUVXTkxDRTEwYngKT2U1YlVJa\"\n \"TlCWkkzM3pTamdra3ZFQVdJMlBzVWJDaEFqa0RPUStFT1V1dktyQVJoUnBXUDVWUmdxVUJpc0ZuaApmeWFFMUNtTTQ4RWZyVGZ4QklXaTA0cHZ2U0I3Zm4rbXN3RkRCcjcvUGtVQ2dZRUE3L05NcHlZd\"\n \"Gw2dng5b043ClNWUmdIY01JZlVZR2xJSVNvTGNJbmRURGQ3K3krR0pvRkFBclhBcVMvR2dKUFgxZkMxbWVYZWJDY0dqeHVGZEgKTlNNbnMxVk1OVHlEdjNMWVhhV0lBSlVvMWtTMlVYaWZHcUN3WEpSc\"\n \"kVmVE11U1NlRXpXOGJaNE5Cdmk1R1VsdQpyTnJWNnBqTFQ5eS85ZENUbitHeWthamNMZzhDZ1lFQTFFWmpZTldhTXltbHgydDlpS3hsVTR2SlcxVDMrbW1DCkhWRDM5bDlUSS9BWlQ4Ti9VVGRYVXhjd\"\n \"DN2MnA4OTdPRWJ6cThBRno1dFRrNUV6Y1dJZDcwRmYwRUYxTFpMaXkKME1NZlVLVUlBTExwekh4T294T3YxNVRJTzlXSVF4d2J2TWcxaDh2M2M1MkNCVEpsVzFUektJM3dKMWV2RXBrRwpzcDVqN1NMS\"\n \"UJoY0NnWUVBeTdqTHlkWldPMEhYU3k3U2k2M0JkVU5UZjlqbVdVd2VPS2x0L1dMWkdtQjl1UGtECjJJZFVTTzhKWUplTDBOTVMwUFlqeVNIVXo4K3ArcExQZUVRQ3Z2V2FvRkJpb3pjRWtHMnNES0tYY\"\n \"TJRblR3Q1UKUk8xTkR5MUx3cEVQQjlvWkE4SkoydCtudTlXTWdmV2dxODJZZFhlSWxxT2JyejZKTitOTjB2R0ZEdTBDZ1lCcQp5a1p3anNVV2ZCdEVhZFVyanQ4aTJxNGYzbTBxY3kzY0pjRzVGbGV6T\"\n \"3JUaEpjN0ZRdndSZHhYQ213YUhBMDNVCktxQmV3YnhYSWo5TWcwWk8yMG4wbEdyYVdMVDNKTndBbmtrQXZ5VjVoSWlPTVBNMm8wN1JPNjVJTzdKallKNnIKcUdVVnZnenRBdzVJSXdST29Edjc2UHdxT\"\n \"HJpS3VLVmY4c0wrcDRMTlhRS0JnUUNrbXlIR3dielVJLzN6Z1FNSApxY1RkMUttMDhxTXJjUzZXdU03RGJxTEpIQXdlcFRSYUpuVmVLcnRRS2t4SGRlcjZsK2VWUjNvWXArUE9EbTVECjBGSXMxbXd2R\"\n \"Fp3TjI2RVhmZnZkWG9EK1luNnVEeGlvVU9QZ1A2U1hLT3dxcnBuenVFZTFBNFpDQTFnRXJhd2MKTTNmejdiV3d0a1JUUE5uaGxybkVJNXY5Qmc9PQotLS0tLUVORCBQUklWQVRFIEtFWS0tLS0tCg==\")\nRSA_KEY = (\n \"LS0tLS1CRUdJTiBSU0EgUFJJVkFURSBLRVktLS0tLQpNSUlCUFFJQkFBSkJBTmNObWdtNFlsU1VBcjJ4ZFdlaTVhUlUvRGJXdHNRNDdnamt2MjhFa2plM29iKzZxME0rCkQ1cGh3WURjdjl5Z1ltdUo1\"\n \"d09pMWNQcHJzV2RGV212U3VzQ0F3RUFBUUpCQUtRQ3paM29MNllOaytHVU85UWsKV2p0d1RVS05rcW9vT1BJemN3UjZXZ0YrOXEydlNIaTQxLzZmdjFOaDJQZU91ZDcvZHFxTklLbGxGZXdIYnJsbApp\"\n \"dUVDSVFENHZvZUZqSEdMMzllcGVXVlRpYnF6UWdQTFYzWmlmbHYzMEdkb3ZqTGhVd0loQU4xVGZNOFNxdlBiCjJtelVzL2pITDJQMjl1U1B1bHd3b3lOQ052dFk3a1VKQWlFQTI5YUFMYzYzRjVrSW9G\"\n \"YVM3K2JjNDhyblVaS0cKSlh4cHliWWRmcHdDbWRNQ0lRREhGbnFHcW53c3IrOWpSbEk5enE3S2RUVFJsSmhHcFZtYU5jM1Blc2VhUVFJaApBTzl6UUUralBYK2pXbGhpTWMzZnM5amNiVWJKMWpTUDYv\"\n \"aDBXd3Iyb1dJRwotLS0tLUVORCBSU0EgUFJJVkFURSBLRVktLS0tLQ==\")\n\n\nclass TestPFSenseCertModule(TestPFSenseModule):\n\n module = pfsense_cert\n\n def __init__(self, *args, **kwargs):\n super(TestPFSenseCertModule, self).__init__(*args, **kwargs)\n self.config_file = 'pfsense_cert_config.xml'\n self.pfmodule = pfsense_cert.PFSenseCertModule\n\n @staticmethod\n def runTest():\n \"\"\" dummy function needed to instantiate this test module from another in python 2.7 \"\"\"\n pass\n\n def get_target_elt(self, obj, absent=False, module_result=None):\n \"\"\" return target elt from XML \"\"\"\n root_elt = self.xml_result.getroot()\n result = root_elt.findall(\"cert[descr='{0}']\".format(obj['name']))\n if len(result) == 1:\n return result[0]\n elif len(result) > 1:\n self.fail('Found multiple certs for name {0}.'.format(obj['name']))\n else:\n return None\n\n def check_target_elt(self, obj, target_elt):\n \"\"\" check XML definition of target elt \"\"\"\n\n self.check_param_equal(obj, target_elt, 'name', xml_field='descr')\n self.check_param_equal(obj, target_elt, 'certificate', xml_field='crt')\n if 'key' in obj:\n self.check_param_equal_or_present(obj, target_elt, 'prv')\n\n ##############\n # tests\n #\n def test_cert_create(self):\n \"\"\" test creation of a new cert \"\"\"\n obj = dict(name='cert1', ca='testdel')\n self.do_module_test(obj, command=\"create cert 'cert1'\")\n\n def test_cert_import(self):\n \"\"\" test import of a new cert \"\"\"\n obj = dict(name='cert1', method='import', certificate=WEB_CRT, key=RSA_KEY)\n self.do_module_test(obj, command=\"create cert 'cert1'\")\n\n def test_cert_delete(self):\n \"\"\" test deletion of a cert \"\"\"\n obj = dict(name='webConfigurator default (62083679cd3d4)')\n self.do_module_test(obj, command=\"delete cert 'webConfigurator default (62083679cd3d4)'\", delete=True)\n\n def test_cert_update_noop(self):\n \"\"\" test not updating a cert \"\"\"\n obj = dict(name='webConfigurator default (62083679cd3d4)', method='import', certificate=WEB_CRT)\n self.do_module_test(obj, changed=False)\n\n ##############\n # misc\n #\n def test_add_invalid_key(self):\n \"\"\" test adding an invalid key \"\"\"\n key = 'blah'\n obj = dict(name='invalid', method='import', certificate=WEB_CRT, key=key)\n msg = 'Could not recognize key format: %s' % (key)\n self.do_module_test(obj, failed=True, msg=msg)\n"
},
{
"path": "tests/unit/plugins/modules/test_pfsense_dhcp_server.py",
"content": "# Copyright: (c) 2024, David Rosado \n# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)\n\nfrom __future__ import (absolute_import, division, print_function)\n__metaclass__ = type\n\nimport pytest\nimport sys\n\nif sys.version_info < (2, 7):\n pytestmark = pytest.mark.skip(\"pfSense Ansible modules require Python >= 2.7\")\n\nfrom ansible_collections.pfsensible.core.plugins.modules import pfsense_dhcp_server\nfrom ansible_collections.pfsensible.core.plugins.modules.pfsense_dhcp_server import PFSenseDHCPServerModule\nfrom .pfsense_module import TestPFSenseModule\n\n\nclass TestPFSenseDHCPServerModule(TestPFSenseModule):\n\n module = pfsense_dhcp_server\n\n def __init__(self, *args, **kwargs):\n super(TestPFSenseDHCPServerModule, self).__init__(*args, **kwargs)\n self.config_file = 'pfsense_dhcp_server_config.xml'\n self.pfmodule = PFSenseDHCPServerModule\n\n def check_target_elt(self, obj, target_elt, target_idx=-1):\n \"\"\" test the xml definition \"\"\"\n # self.check_param_equal(obj, target_elt, 'interface')\n self.check_param_bool(obj, target_elt, 'enable')\n self.check_param_equal(obj, target_elt, 'range_from', xml_field='range/from')\n self.check_param_equal(obj, target_elt, 'range_to', xml_field='range/to')\n self.check_param_equal(obj, target_elt, 'failover_peerip')\n self.check_param_equal(obj, target_elt, 'defaultleasetime')\n self.check_param_equal(obj, target_elt, 'maxleasetime')\n self.check_param_equal(obj, target_elt, 'netmask')\n self.check_param_equal(obj, target_elt, 'gateway')\n self.check_param_equal(obj, target_elt, 'domain')\n self.check_param_equal(obj, target_elt, 'domainsearchlist')\n self.check_param_equal(obj, target_elt, 'ddnsdomain')\n self.check_param_equal(obj, target_elt, 'ddnsdomainprimary')\n self.check_param_equal(obj, target_elt, 'ddnsdomainkeyname')\n self.check_param_equal(obj, target_elt, 'ddnsdomainkeyalgorithm', default='hmac-md5')\n self.check_param_equal(obj, target_elt, 'ddnsdomainkey')\n self.check_param_equal(obj, target_elt, 'mac_allow')\n self.check_param_equal(obj, target_elt, 'mac_deny')\n self.check_param_equal(obj, target_elt, 'tftp')\n self.check_param_equal(obj, target_elt, 'ldap')\n self.check_param_equal(obj, target_elt, 'nextserver')\n self.check_param_equal(obj, target_elt, 'filename')\n self.check_param_equal(obj, target_elt, 'filename32')\n self.check_param_equal(obj, target_elt, 'filename64')\n self.check_param_equal(obj, target_elt, 'rootpath')\n self.check_param_equal(obj, target_elt, 'numberoptions')\n\n def get_target_elt(self, obj, absent=False, module_result=None):\n \"\"\" get the generated xml definition \"\"\"\n root_elt = self.assert_find_xml_elt(self.xml_result, 'dhcpd')\n return root_elt.find(obj['interface'])\n\n ##############\n # tests\n #\n def test_dhcp_server_create(self):\n \"\"\" test creation of a new DHCP server \"\"\"\n obj = dict(\n interface='opt2',\n enable=True,\n range_from='172.16.0.100',\n range_to='172.16.0.199',\n defaultleasetime=86400,\n maxleasetime=172800,\n domain='opt2.example.com'\n )\n command_as_list = [\"create dhcp_server 'opt2', enable=True, range_from='172.16.0.100', \",\n \"range_to='172.16.0.199', failover_peerip='', defaultleasetime='86400', \",\n \"maxleasetime='172800', netmask='', gateway='', domain='opt2.example.com', \",\n \"domainsearchlist='', ddnsdomain='', ddnsdomainprimary='', ddnsdomainkeyname='', \",\n \"ddnsdomainkeyalgorithm='hmac-md5', ddnsdomainkey='', mac_allow='', mac_deny='', \",\n \"ddnsclientupdates='allow', tftp='', ldap='', nextserver='', filename='', filename32='', \",\n \"filename64='', rootpath='', numberoptions=''\"]\n command = \"\".join(command_as_list)\n self.do_module_test(obj, command=command)\n\n def test_dhcp_server_update(self):\n \"\"\" test updating an existing DHCP server \"\"\"\n obj = dict(\n interface='lan',\n enable=True,\n range_from='192.168.1.50',\n range_to='192.168.1.150',\n domain='updated.example.com'\n )\n command_as_list = [\"update dhcp_server 'lan' set , range_from='192.168.1.50', range_to='192.168.1.150', \",\n \"defaultleasetime='', maxleasetime='', domain='updated.example.com'\"]\n command = \"\".join(command_as_list)\n self.do_module_test(obj, command=command)\n\n def test_dhcp_server_update_disable_denyunknown(self):\n \"\"\" test disabling denyunknown from an existing DHCP server \"\"\"\n obj = dict(\n interface='opt1',\n enable=True,\n range_from='10.0.0.100',\n range_to='10.0.0.199',\n denyunknown='disabled',\n )\n command_as_list = [\"update dhcp_server 'opt1' set , \",\n \"defaultleasetime='', maxleasetime='', domain='', denyunknown=none\"]\n command = \"\".join(command_as_list)\n self.do_module_test(obj, command=command)\n\n def test_dhcp_server_delete(self):\n \"\"\" test deletion of a DHCP server \"\"\"\n obj = dict(interface='opt1', state='absent')\n command = \"delete dhcp_server 'opt1'\"\n self.do_module_test(obj, command=command, delete=True)\n\n def test_dhcp_server_create_invalid_interface(self):\n \"\"\" test creation with an invalid interface \"\"\"\n obj = dict(interface='invalid_interface', enable=True, range_from='192.168.1.100', range_to='192.168.1.200')\n self.do_module_test(obj, failed=True, msg='The specified interface invalid_interface is not a valid logical interface or cannot be mapped to one')\n\n def test_dhcp_server_create_invalid_range(self):\n \"\"\" test creation with an invalid IP range \"\"\"\n interface = 'lan'\n obj = dict(interface=interface, enable=True, range_from='192.168.1.200', range_to='192.168.1.100')\n self.do_module_test(obj, failed=True, msg=f'The interface {interface} must have a valid IP range pool')\n\n def test_dhcp_server_create_with_options(self):\n \"\"\" test creation with additional DHCP options \"\"\"\n obj = dict(\n interface='opt2',\n enable=True,\n range_from='172.16.0.50',\n range_to='172.16.0.150',\n defaultleasetime=43200,\n maxleasetime=86400,\n domain='opt1.example.com',\n ddnsdomain='ddns.example.com',\n ddnsdomainprimary='172.16.0.60',\n tftp='172.16.0.63',\n disablepingcheck=True,\n winsserver=['172.16.0.80', '172.16.0.90']\n )\n command_as_list = [\"create dhcp_server 'opt2', enable=True, range_from='172.16.0.50', \",\n \"range_to='172.16.0.150', failover_peerip='', defaultleasetime='43200', \",\n \"maxleasetime='86400', netmask='', gateway='', domain='opt1.example.com', \",\n \"domainsearchlist='', ddnsdomain='ddns.example.com', ddnsdomainprimary='172.16.0.60', \",\n \"ddnsdomainkeyname='', ddnsdomainkeyalgorithm='hmac-md5', ddnsdomainkey='', \",\n \"mac_allow='', mac_deny='', ddnsclientupdates='allow', tftp='172.16.0.63', ldap='', \",\n \"nextserver='', filename='', filename32='', filename64='', rootpath='', numberoptions=''\"]\n command = \"\".join(command_as_list)\n self.do_module_test(obj, command=command)\n"
},
{
"path": "tests/unit/plugins/modules/test_pfsense_dhcp_static.py",
"content": "# Copyright: (c) 2023 Orion Poplawski \n# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)\n\nfrom __future__ import (absolute_import, division, print_function)\n__metaclass__ = type\n\nimport pytest\nimport sys\n\nif sys.version_info < (2, 7):\n pytestmark = pytest.mark.skip(\"pfSense Ansible modules require Python >= 2.7\")\n\nfrom ansible_collections.pfsensible.core.plugins.modules import pfsense_dhcp_static\nfrom ansible_collections.pfsensible.core.plugins.modules.pfsense_dhcp_static import PFSenseDHCPStaticModule\nfrom .pfsense_module import TestPFSenseModule\n\n\nclass TestPFSenseDHCPStaticModule(TestPFSenseModule):\n\n module = pfsense_dhcp_static\n\n def __init__(self, *args, **kwargs):\n super(TestPFSenseDHCPStaticModule, self).__init__(*args, **kwargs)\n self.config_file = 'pfsense_dhcp_static_config.xml'\n self.pfmodule = PFSenseDHCPStaticModule\n\n def check_target_elt(self, obj, target_elt, target_idx=-1):\n \"\"\" test the xml definition \"\"\"\n # checking destination address and ports\n self.check_param_equal(obj, target_elt, 'name', xml_field='cid')\n self.check_param_equal(obj, target_elt, 'macaddr', xml_field='mac')\n # Forced options\n for option in ['ipaddr', 'hostname', 'descr', 'filename',\n 'rootpath', 'defaultleasetime', 'maxleasetime',\n 'gateway', 'domain', 'domainsearchlist',\n 'ddnsdomain', 'ddnsdomainprimary', 'ddnsdomainsecondary',\n 'ddnsdomainkeyname', 'ddnsdomainkeyalgorithm', 'ddnsdomainkey',\n 'tftp', 'ldap', 'nextserver', 'filename32', 'filename64',\n 'filename32arm', 'filename64arm', 'uefihttpboot', 'numberoptions']:\n self.check_param_equal_or_present(obj, target_elt, option)\n # Non-forced options\n for option in ['winsserver', 'dnsserver', 'ntpserver']:\n self.check_param_equal(obj, target_elt, option)\n # Defaulted options\n self.check_param_equal(obj, target_elt, 'ddnsdomainkeyalgorithm', default='hmac-md5')\n\n def get_target_elt(self, obj, absent=False, module_result=None):\n \"\"\" get the generated xml definition \"\"\"\n dhcpd_elt = self.assert_find_xml_elt(self.xml_result, 'dhcpd')\n root_elt = None\n for e in dhcpd_elt:\n if 'netif' not in obj or (module_result is not None and e.tag == module_result['netif']):\n if e.find('enable') is not None:\n root_elt = e\n break\n\n result = []\n if root_elt is not None:\n if 'name' in obj and 'macaddr' in obj:\n result = root_elt.findall(\"staticmap[cid='{0}'][mac='{1}']\".format(obj['name'], obj['macaddr']))\n elif 'name' in obj:\n result = root_elt.findall(\"staticmap[cid='{0}']\".format(obj['name']))\n else:\n result = root_elt.findall(\"staticmap[mac='{0}']\".format(obj['macaddr']))\n\n if len(result) == 1:\n return result[0]\n elif len(result) > 1:\n self.fail('Found multiple static maps for cid {0}.'.format(obj['name']))\n else:\n return None\n\n ##############\n # tests\n #\n def test_dhcp_static_create(self):\n \"\"\" test \"\"\"\n obj = dict(name='test_entry', macaddr='ab:ab:ab:ab:ab:ac', ipaddr='10.0.0.101', netif='opt1')\n command = (\n \"create dhcp_static 'test_entry', macaddr='ab:ab:ab:ab:ab:ac', ipaddr='10.0.0.101'\"\n )\n self.do_module_test(obj, command=command)\n\n def test_dhcp_static_create_empty(self):\n \"\"\" test \"\"\"\n obj = dict(name='test_entry', macaddr='ab:ab:ab:ab:ab:ac', ipaddr='10.10.0.101', netif='opt2')\n command = (\n \"create dhcp_static 'test_entry', macaddr='ab:ab:ab:ab:ab:ac', ipaddr='10.10.0.101'\"\n )\n self.do_module_test(obj, command=command)\n\n def test_dhcp_static_create_display(self):\n \"\"\" test create with netif display name \"\"\"\n obj = dict(name='test_entry', macaddr='ab:ab:ab:ab:ab:ac', ipaddr='10.0.0.101', netif='pub')\n command = (\n \"create dhcp_static 'test_entry', macaddr='ab:ab:ab:ab:ab:ac', ipaddr='10.0.0.101'\"\n )\n self.do_module_test(obj, command=command)\n\n def test_dhcp_static_create_arp_table_static_entry(self):\n \"\"\" test create with arp_table_static_entry \"\"\"\n obj = dict(name='test_entry', macaddr='ab:ab:ab:ab:ab:ab', ipaddr='10.0.0.101', netif='opt1', arp_table_static_entry=True)\n command = (\n \"create dhcp_static 'test_entry', macaddr='ab:ab:ab:ab:ab:ab', ipaddr='10.0.0.101', arp_table_static_entry=True\"\n )\n self.do_module_test(obj, command=command)\n\n def test_dhcp_static_create_wrong_subnet(self):\n \"\"\" test create with IP address in the wrong subnet \"\"\"\n obj = dict(name='test_entry', macaddr='ab:ab:ab:ab:ab:ab', ipaddr='1.2.3.4', netif='opt1')\n self.do_module_test(obj, failed=True, msg='The IP address must lie in the opt1 subnet.')\n\n def test_dhcp_static_create_no_netif(self):\n \"\"\" test create with no netif \"\"\"\n obj = dict(name='test_entry', macaddr='ab:ab:ab:ab:ab:ab', ipaddr='1.2.3.4')\n self.do_module_test(obj, failed=True, msg='Multiple DHCP servers enabled and no netif specified')\n\n def test_dhcp_static_create_ifgroup(self):\n \"\"\" test create with interface group \"\"\"\n obj = dict(name='test_entry', macaddr='ab:ab:ab:ab:ab:ab', ipaddr='1.2.3.4', netif='IFGROUP1')\n self.do_module_test(obj, failed=True, msg='DHCP cannot be configured for interface groups')\n\n def test_dhcp_static_create_invalid_macaddr(self):\n \"\"\" test create with invalid macaddr \"\"\"\n msg = 'A valid MAC address must be specified.'\n obj = dict(name='test_entry', macaddr='ab:ab:ab:ab:ab:ab:ab', ipaddr='10.10.0.101', netif='opt2')\n self.do_module_test(obj, failed=True, msg=msg)\n obj = dict(name='test_entry', macaddr='ab:ab:ab:ab:ab:hh', ipaddr='10.10.0.101', netif='opt2')\n self.do_module_test(obj, failed=True, msg=msg)\n\n def test_dhcp_static_delete_macaddr(self):\n \"\"\" test \"\"\"\n obj = dict(macaddr='ab:ab:ab:ab:ab:ab', netif='opt1', state='absent')\n command = \"delete dhcp_static ''\"\n\n def test_dhcp_static_delete_name(self):\n \"\"\" test \"\"\"\n obj = dict(name='dhcphostid', netif='opt1', state='absent')\n command = \"delete dhcp_static 'dhcphostid'\"\n self.do_module_test(obj, command=command, delete=True)\n"
},
{
"path": "tests/unit/plugins/modules/test_pfsense_dns_resolver.py",
"content": "# Copyright: (c) 2024, David Rosado \n# Copyright: (c) 2025, Orion Poplawski \n# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)\n\nfrom __future__ import (absolute_import, division, print_function)\n__metaclass__ = type\n\nfrom ansible_collections.pfsensible.core.plugins.modules import pfsense_dns_resolver\nfrom ansible_collections.pfsensible.core.plugins.modules.pfsense_dns_resolver import PFSenseDNSResolverModule\nfrom .pfsense_module import TestPFSenseModule\nfrom ansible_collections.community.internal_test_tools.tests.unit.compat.mock import patch\n\n\nclass TestPFSenseDNSResolverModule(TestPFSenseModule):\n\n module = pfsense_dns_resolver\n\n def __init__(self, *args, **kwargs):\n super(TestPFSenseDNSResolverModule, self).__init__(*args, **kwargs)\n self.config_file = 'pfsense_dns_resolver_config_full.xml'\n self.pfmodule = PFSenseDNSResolverModule\n\n def setUp(self):\n \"\"\" mocking up \"\"\"\n\n super(TestPFSenseDNSResolverModule, self).setUp()\n\n self.mock_php = patch('ansible_collections.pfsensible.core.plugins.module_utils.pfsense.PFSenseModule.php')\n self.php = self.mock_php.start()\n self.php.return_value = {'wan': 'WAN', 'lan': 'LAN', '_llocwan': 'WAN IPv6 Link-Local', '_lloclan': 'LAN IPv6 Link-Local', 'lo0': 'Localhost'}\n\n def check_target_elt(self, obj, target_elt, target_idx=-1):\n \"\"\" test the xml definition \"\"\"\n self.check_param_equal(obj, target_elt, 'port')\n self.check_param_bool(obj, target_elt, 'enablessl')\n self.check_param_equal(obj, target_elt, 'sslcert')\n self.check_param_equal(obj, target_elt, 'tlsport')\n # TODO - figure out how these parameters work\n # self.check_param_equal(obj, target_elt, 'active_interface')\n # self.check_param_equal(obj, target_elt, 'outgoing_interface')\n # self.check_param_equal(obj, target_elt, 'system_domain_local_zone_type')\n self.check_param_bool(obj, target_elt, 'dnssec', default=True)\n self.check_param_bool(obj, target_elt, 'forwarding')\n self.check_param_bool(obj, target_elt, 'forward_tls_upstream')\n self.check_param_bool(obj, target_elt, 'regdhcp')\n self.check_param_bool(obj, target_elt, 'regdhcpstatic')\n self.check_param_bool(obj, target_elt, 'regovpnclients')\n self.check_param_equal(obj, target_elt, 'custom_options')\n self.check_param_equal(obj, target_elt, 'hosts')\n self.check_param_equal(obj, target_elt, 'domainoverrides')\n self.check_param_bool(obj, target_elt, 'hideidentity', default=True)\n self.check_param_bool(obj, target_elt, 'hideversions', default=True)\n self.check_param_bool(obj, target_elt, 'prefetch')\n self.check_param_bool(obj, target_elt, 'prefetchkey')\n self.check_param_bool(obj, target_elt, 'dnssecstripped', default=True)\n self.check_param_equal(obj, target_elt, 'msgcachesize', default=4)\n self.check_param_equal(obj, target_elt, 'outgoing_num_tcp', default=10)\n self.check_param_equal(obj, target_elt, 'incoming_num_tcp', default=10)\n self.check_param_equal(obj, target_elt, 'edns_buffer_size', default=\"auto\")\n self.check_param_equal(obj, target_elt, 'num_queries_per_thread', default=512)\n self.check_param_equal(obj, target_elt, 'jostle_timeout', default=200)\n self.check_param_equal(obj, target_elt, 'cache_max_ttl', default=86400)\n self.check_param_equal(obj, target_elt, 'cache_min_ttl', default=0)\n self.check_param_equal(obj, target_elt, 'infra_host_ttl', default=900)\n self.check_param_equal(obj, target_elt, 'infra_cache_numhosts', default=10000)\n self.check_param_equal(obj, target_elt, 'unwanted_reply_threshold', default=\"disabled\")\n self.check_param_equal(obj, target_elt, 'log_verbosity', default=1)\n\n def get_target_elt(self, obj, absent=False, module_result=None):\n \"\"\" get the generated xml definition \"\"\"\n return self.assert_find_xml_elt(self.xml_result, 'unbound')\n\n ##############\n # tests\n #\n def test_dns_resolver_init(self):\n \"\"\" test init of the DNS Resolver \"\"\"\n obj = dict()\n command_as_list = [\"update dns_resolver pfsense_dns_resolver set active_interface='all', \"\n \"outgoing_interface='all', system_domain_local_zone_type='transparent', \"\n \"msgcachesize='4', outgoing_num_tcp='10', incoming_num_tcp='10', \"\n \"edns_buffer_size='auto', num_queries_per_thread='512', jostle_timeout='200', \"\n \"cache_max_ttl='86400', cache_min_ttl='0', infra_host_ttl='900', \"\n \"infra_cache_numhosts='10000', unwanted_reply_threshold='disabled', \"\n \"log_verbosity='1'\"]\n command = \"\".join(command_as_list)\n self.config_file = 'pfsense_dns_resolver_config_init.xml'\n self.do_module_test(obj, command=command)\n\n def test_dns_resolver_change(self):\n \"\"\" test initialization of the DNS Resolver \"\"\"\n obj = dict(\n active_interface=['lan', 'lo0'],\n outgoing_interface=['wan']\n )\n command_as_list = [\"update dns_resolver pfsense_dns_resolver set active_interface='lan,lo0', outgoing_interface='wan'\"]\n command = \"\".join(command_as_list)\n self.do_module_test(obj, command=command)\n\n def test_dns_resolver_noop(self):\n \"\"\" test noop of the DNS Resolver \"\"\"\n obj = dict()\n self.do_module_test(obj, changed=False)\n\n def test_dns_resolver_domainoverrides_forward_tls_upstream(self):\n \"\"\" test initialization of the DNS Resolver \"\"\"\n obj = dict(\n domainoverrides=[dict(domain=\"test.example.com\", descr=\"A description\", forward_tls_upstream=False, ip=\"10.0.0.3\", tls_hostname='')]\n )\n command_as_list = [\"update dns_resolver pfsense_dns_resolver set \"]\n command = \"\".join(command_as_list)\n expected_elt_string = \"\"\"\n\t\tall \n\t\tall \n\t\ttransparent \n\t\t4 \n\t\t10 \n\t\t10 \n\t\tauto \n\t\t512 \n\t\t200 \n\t\t86400 \n\t\t0 \n\t\t900 \n\t\t10000 \n\t\tdisabled \n\t\t1 \n\t\t\n\t\t\ttest.example.com \n\t\t\tA description \n\t\t\t10.0.0.3 \n\t\t\t \n\t \n\t\"\"\" # noqa: E101,W191\n self.do_module_test(obj, command=command, expected_elt_string=expected_elt_string)\n"
},
{
"path": "tests/unit/plugins/modules/test_pfsense_gateway.py",
"content": "# Copyright: (c) 2018, Frederic Bor \n# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)\n\nfrom __future__ import (absolute_import, division, print_function)\n__metaclass__ = type\n\nimport pytest\nimport sys\n\nif sys.version_info < (2, 7):\n pytestmark = pytest.mark.skip(\"pfSense Ansible modules require Python >= 2.7\")\n\nfrom ansible_collections.pfsensible.core.plugins.modules import pfsense_gateway\nfrom ansible_collections.pfsensible.core.plugins.module_utils.gateway import PFSenseGatewayModule\nfrom .pfsense_module import TestPFSenseModule\n\n\nclass TestPFSenseGatewayModule(TestPFSenseModule):\n\n module = pfsense_gateway\n\n def __init__(self, *args, **kwargs):\n super(TestPFSenseGatewayModule, self).__init__(*args, **kwargs)\n self.config_file = 'pfsense_gateway_config.xml'\n self.pfmodule = PFSenseGatewayModule\n\n def check_target_elt(self, obj, target_elt):\n \"\"\" test the xml definition \"\"\"\n\n self.check_param_equal_or_not_find(obj, target_elt, 'monitor')\n\n self.check_param_equal_or_not_find(obj, target_elt, 'disabled', empty=True)\n self.check_param_equal_or_not_find(obj, target_elt, 'monitor_disable', empty=True)\n self.check_param_equal_or_not_find(obj, target_elt, 'action_disable', empty=True)\n self.check_param_equal_or_not_find(obj, target_elt, 'force_down', empty=True)\n self.check_param_equal_or_not_find(obj, target_elt, 'nonlocalgateway', empty=True)\n\n self.check_value_equal(target_elt, 'interface', self.unalias_interface(obj['interface']))\n self.check_param_equal(obj, target_elt, 'descr')\n self.check_param_equal(obj, target_elt, 'weight', '1')\n self.check_param_equal(obj, target_elt, 'gateway')\n self.check_param_equal(obj, target_elt, 'ipprotocol', 'inet')\n\n def get_target_elt(self, obj, absent=False, module_result=None):\n \"\"\" get the generated xml definition \"\"\"\n rules_elt = self.assert_find_xml_elt(self.xml_result, 'gateways')\n\n for item in rules_elt:\n name_elt = item.find('name')\n if name_elt is not None and name_elt.text == obj['name']:\n return item\n\n return None\n\n ##############\n # tests\n #\n def test_gateway_create(self):\n \"\"\" test \"\"\"\n obj = dict(name='test_gw', interface='lan', gateway='192.168.1.1')\n command = \"create gateway 'test_gw', interface='lan', gateway='192.168.1.1'\"\n self.do_module_test(obj, command=command)\n\n def test_gateway_create_with_params(self):\n \"\"\" test \"\"\"\n obj = dict(name='test_gw', interface='lan', gateway='192.168.1.1', descr='a test gw', monitor='8.8.8.8', weight=10)\n command = \"create gateway 'test_gw', interface='lan', gateway='192.168.1.1', descr='a test gw', monitor='8.8.8.8', weight='10'\"\n self.do_module_test(obj, command=command)\n\n def test_gateway_create_ipv6(self):\n \"\"\" test \"\"\"\n obj = dict(name='test_gw', interface='wan', ipprotocol='inet6', gateway='2001::1')\n command = \"create gateway 'test_gw', interface='wan', ipprotocol='inet6', gateway='2001::1'\"\n self.do_module_test(obj, command=command)\n\n def test_gateway_create_in_vip(self):\n \"\"\" test \"\"\"\n obj = dict(name='test_gw', interface='lan', gateway='10.255.2.1')\n command = \"create gateway 'test_gw', interface='lan', gateway='10.255.2.1'\"\n self.do_module_test(obj, command=command)\n\n def test_gateway_create_invalid_name(self):\n \"\"\" test \"\"\"\n obj = dict(name='___', interface='lan', gateway='192.168.1.1')\n msg = \"The gateway name '___' must be less than 32 characters long, may not consist of only numbers, \"\n msg += \"may not consist of only underscores, and may only contain the following characters: a-z, A-Z, 0-9, _\"\n self.do_module_test(obj, msg=msg, failed=True)\n\n def test_gateway_create_invalid_interface(self):\n \"\"\" test \"\"\"\n obj = dict(name='test_gw', interface='lan_232', gateway='192.168.1.1')\n msg = 'lan_232 is not a valid interface'\n self.do_module_test(obj, msg=msg, failed=True)\n\n def test_gateway_create_nonlocal(self):\n \"\"\" test \"\"\"\n obj = dict(name='test_gw', interface='lan', gateway='1.2.3.4', nonlocalgateway=True)\n command = \"create gateway 'test_gw', interface='lan', gateway='1.2.3.4', nonlocalgateway=True\"\n self.do_module_test(obj, command=command)\n\n def test_gateway_create_invalid_ip(self):\n \"\"\" test \"\"\"\n obj = dict(name='test_gw', interface='lan', gateway='acme.dyndns.org')\n msg = 'gateway must use an IPv4 address'\n self.do_module_test(obj, msg=msg, failed=True)\n\n def test_gateway_create_invalid_ip2(self):\n \"\"\" test \"\"\"\n obj = dict(name='test_gw', interface='lan', gateway='1.2.3.4')\n msg = \"The gateway address 1.2.3.4 does not lie within one of the chosen interface's subnets.\"\n self.do_module_test(obj, msg=msg, failed=True)\n\n def test_gateway_create_invalid_ip3(self):\n \"\"\" test \"\"\"\n obj = dict(name='test_gw', interface='lan', gateway='2001::1')\n msg = 'gateway must use an IPv4 address'\n self.do_module_test(obj, msg=msg, failed=True)\n\n def test_gateway_create_invalid_ip4(self):\n \"\"\" test \"\"\"\n obj = dict(name='test_gw', interface='vt1', gateway='192.168.1.1')\n msg = 'Cannot add IPv4 Gateway Address because no IPv4 address could be found on the interface.'\n self.do_module_test(obj, msg=msg, failed=True)\n\n def test_gateway_create_invalid_monitor(self):\n \"\"\" test \"\"\"\n obj = dict(name='test_gw', interface='lan', gateway='192.168.1.1', monitor='2001::1')\n msg = 'monitor must use an IPv4 address'\n self.do_module_test(obj, msg=msg, failed=True)\n\n def test_gateway_create_invalid_ipv6(self):\n \"\"\" test \"\"\"\n obj = dict(name='test_gw', interface='lan', gateway='2001::1', ipprotocol='inet6')\n msg = \"Cannot add IPv6 Gateway Address because no IPv6 address could be found on the interface.\"\n self.do_module_test(obj, msg=msg, failed=True)\n\n def test_gateway_create_invalid_ipv6_2(self):\n \"\"\" test \"\"\"\n obj = dict(name='test_gw', interface='wan', gateway='192.168.1.2', ipprotocol='inet6')\n msg = \"gateway must use an IPv6 address\"\n self.do_module_test(obj, msg=msg, failed=True)\n\n def test_gateway_create_invalid_ipv6_monitor(self):\n \"\"\" test \"\"\"\n obj = dict(name='test_gw', interface='wan', ipprotocol='inet6', gateway='2001::1', monitor='192.168.1.1')\n msg = 'monitor must use an IPv6 address'\n self.do_module_test(obj, msg=msg, failed=True)\n\n def test_gateway_create_invalid_weight(self):\n \"\"\" test \"\"\"\n obj = dict(name='test_gw', interface='lan', gateway='192.168.1.1', weight='40')\n msg = 'weight must be between 1 and 30'\n self.do_module_test(obj, msg=msg, failed=True)\n\n def test_gateway_update_noop(self):\n \"\"\" test \"\"\"\n obj = dict(name='GW_WAN', interface='wan', gateway='192.168.240.1', descr='Interface wan Gateway')\n self.do_module_test(obj, changed=False)\n\n def test_gateway_update_dynamic(self):\n \"\"\" test \"\"\"\n obj = dict(name='OPT3_VTIV4', interface='lan', gateway='dynamic')\n msg = \"The gateway use 'dynamic' as a target. You can not change the interface\"\n self.do_module_test(obj, msg=msg, failed=True)\n\n def test_gateway_update_dynamic2(self):\n \"\"\" test \"\"\"\n obj = dict(name='OPT3_VTIV4', interface='lan_100', gateway='1.2.3.4')\n msg = \"The gateway use 'dynamic' as a target. This is read-only, so you must set gateway as dynamic too\"\n self.do_module_test(obj, msg=msg, failed=True)\n\n def test_gateway_update_dynamic3(self):\n \"\"\" test \"\"\"\n obj = dict(name='OPT3_VTIV4', interface='lan_100', gateway='dynamic', ipprotocol='inet6')\n msg = \"The gateway use 'dynamic' as a target. You can not change ipprotocol\"\n self.do_module_test(obj, msg=msg, failed=True)\n\n def test_gateway_update_dynamic4(self):\n \"\"\" test \"\"\"\n obj = dict(name='OPT3_VTIV4', interface='lan_100', gateway='dynamic', weight=2)\n command = \"update gateway 'OPT3_VTIV4' set weight='2'\"\n self.do_module_test(obj, command=command)\n\n def test_gateway_update_interface(self):\n \"\"\" test \"\"\"\n obj = dict(name='GW_WAN', interface='lan', gateway='192.168.1.1', descr='Interface wan Gateway')\n command = \"update gateway 'GW_WAN' set interface='lan', gateway='192.168.1.1'\"\n self.do_module_test(obj, command=command)\n\n def test_gateway_update_bools_and_monitor(self):\n \"\"\" test \"\"\"\n obj = dict(name='GW_LAN', interface='lan', gateway='192.168.1.1', descr='Interface lan Gateway')\n command = \"update gateway 'GW_LAN' set disabled=False, monitor=none, monitor_disable=False, action_disable=False, force_down=False\"\n self.do_module_test(obj, command=command)\n\n def test_gateway_delete(self):\n \"\"\" test \"\"\"\n obj = dict(name='GW_WAN2')\n command = \"delete gateway 'GW_WAN2'\"\n self.do_module_test(obj, command=command, delete=True)\n\n def test_gateway_delete_static(self):\n \"\"\" test \"\"\"\n obj = dict(name='OPT3_VTIV4')\n msg = \"The gateway use 'dynamic' as a target. You can not delete it\"\n self.do_module_test(obj, msg=msg, delete=True, failed=True)\n\n def test_gateway_delete_default(self):\n \"\"\" test \"\"\"\n obj = dict(name='GW_DEFAULT')\n msg = \"The gateway is still in use. You can not delete it\"\n self.do_module_test(obj, msg=msg, delete=True, failed=True)\n\n def test_gateway_delete_in_group(self):\n \"\"\" test \"\"\"\n obj = dict(name='GW_LAN')\n msg = \"The gateway is still in use. You can not delete it\"\n self.do_module_test(obj, msg=msg, delete=True, failed=True)\n\n def test_gateway_delete_in_route(self):\n \"\"\" test \"\"\"\n obj = dict(name='GW_WAN')\n msg = \"The gateway is still in use. You can not delete it\"\n self.do_module_test(obj, msg=msg, delete=True, failed=True)\n"
},
{
"path": "tests/unit/plugins/modules/test_pfsense_haproxy_backend.py",
"content": "# Copyright: (c) 2018, Frederic Bor \n# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)\n\nfrom __future__ import (absolute_import, division, print_function)\n__metaclass__ = type\n\nimport pytest\nimport sys\n\nif sys.version_info < (2, 7):\n pytestmark = pytest.mark.skip(\"pfSense Ansible modules require Python >= 2.7\")\n\nfrom ansible_collections.pfsensible.core.plugins.modules import pfsense_haproxy_backend\nfrom ansible_collections.pfsensible.core.plugins.module_utils.haproxy_backend import PFSenseHaproxyBackendModule\nfrom .pfsense_module import TestPFSenseModule\n\n\nclass TestPFSenseHaproxyBackendModule(TestPFSenseModule):\n\n module = pfsense_haproxy_backend\n\n def __init__(self, *args, **kwargs):\n super(TestPFSenseHaproxyBackendModule, self).__init__(*args, **kwargs)\n self.config_file = 'pfsense_haproxy_backend_config.xml'\n self.pfmodule = PFSenseHaproxyBackendModule\n\n ##############\n # tests utils\n #\n def get_target_elt(self, obj, absent=False, module_result=None):\n \"\"\" get the generated backend xml definition \"\"\"\n pkgs_elt = self.assert_find_xml_elt(self.xml_result, 'installedpackages')\n hap_elt = self.assert_find_xml_elt(pkgs_elt, 'haproxy')\n backends_elt = self.assert_find_xml_elt(hap_elt, 'ha_pools')\n\n for item in backends_elt:\n name_elt = item.find('name')\n if name_elt is not None and name_elt.text == obj['name']:\n return item\n\n if not absent:\n self.fail('haproxy_backend ' + obj['name'] + ' not found.')\n return None\n\n def check_target_elt(self, obj, target_elt, backend_id=100):\n \"\"\" test the xml definition of backend \"\"\"\n def _check_elt(name, fname=None, default=None):\n if fname is None:\n fname = name\n\n if name in obj and obj[name] is not None:\n self.assert_xml_elt_equal(target_elt, fname, str(obj[name]))\n elif default is not None:\n self.assert_xml_elt_equal(target_elt, fname, default)\n else:\n self.assert_xml_elt_is_none_or_empty(target_elt, fname)\n\n def _check_bool_elt(name, fname=None):\n if fname is None:\n fname = name\n\n if obj.get(name):\n self.assert_xml_elt_equal(target_elt, fname, 'yes')\n else:\n self.assert_xml_elt_is_none_or_empty(target_elt, fname)\n\n self.assert_xml_elt_equal(target_elt, 'id', str(backend_id))\n\n # checking balance\n if 'balance' in obj and obj['balance'] != 'none':\n self.assert_xml_elt_equal(target_elt, 'balance', obj['balance'])\n else:\n self.assert_xml_elt_is_none_or_empty(target_elt, 'balance')\n\n # check everything else\n _check_elt('balance_urilen')\n _check_elt('balance_uridepth')\n _check_bool_elt('balance_uriwhole')\n _check_elt('connection_timeout')\n _check_elt('server_timeout')\n _check_elt('check_type', default='none')\n _check_elt('check_frequency', 'checkinter')\n _check_elt('retries')\n _check_bool_elt('log_checks', 'log-health-checks')\n _check_elt('httpcheck_method')\n _check_elt('monitor_uri')\n _check_elt('monitor_httpversion')\n _check_elt('monitor_username')\n _check_elt('monitor_domain')\n\n ##############\n # tests\n #\n def test_haproxy_backend_create(self):\n \"\"\" test creation of a new backend \"\"\"\n backend = dict(name='exchange')\n command = \"create haproxy_backend 'exchange', balance='none', check_type='none'\"\n self.do_module_test(backend, command=command, backend_id=102)\n\n def test_haproxy_backend_create2(self):\n \"\"\" test creation of a new backend with some parameters\"\"\"\n backend = dict(name='exchange', balance='roundrobin', check_type='HTTP')\n command = \"create haproxy_backend 'exchange', balance='roundrobin', check_type='HTTP'\"\n self.do_module_test(backend, command=command, backend_id=102)\n\n def test_haproxy_backend_create_invalid_name(self):\n \"\"\" test creation of a new backend \"\"\"\n backend = dict(name='exchange test')\n msg = \"The field 'name' contains invalid characters.\"\n self.do_module_test(backend, msg=msg, failed=True)\n\n def test_haproxy_backend_delete(self):\n \"\"\" test deletion of a backend \"\"\"\n backend = dict(name='test-backend')\n command = \"delete haproxy_backend 'test-backend'\"\n self.do_module_test(backend, delete=True, command=command)\n\n def test_haproxy_backend_update_noop(self):\n \"\"\" test not updating a backend \"\"\"\n backend = dict(\n name='test-backend', balance='uri', balance_uriwhole=True, log_checks=True, check_type='SSL', check_frequency=123456, httpcheck_method='OPTIONS'\n )\n self.do_module_test(backend, changed=False)\n\n def test_haproxy_backend_update_bools(self):\n \"\"\" test updating bools \"\"\"\n backend = dict(name='test-backend', balance='uri', check_type='SSL', check_frequency=123456, httpcheck_method='OPTIONS')\n command = \"update haproxy_backend 'test-backend' set balance_uriwhole=False, log_checks=False\"\n self.do_module_test(backend, changed=True, command=command)\n"
},
{
"path": "tests/unit/plugins/modules/test_pfsense_haproxy_backend_server.py",
"content": "# Copyright: (c) 2018, Frederic Bor \n# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)\n\nfrom __future__ import (absolute_import, division, print_function)\n__metaclass__ = type\n\nimport pytest\nimport sys\n\nif sys.version_info < (2, 7):\n pytestmark = pytest.mark.skip(\"pfSense Ansible modules require Python >= 2.7\")\n\nfrom ansible_collections.pfsensible.core.plugins.modules import pfsense_haproxy_backend_server\nfrom ansible_collections.pfsensible.core.plugins.module_utils.haproxy_backend_server import PFSenseHaproxyBackendServerModule\nfrom .pfsense_module import TestPFSenseModule\n\n\nclass TestPFSenseHaproxyBackendServerModule(TestPFSenseModule):\n\n module = pfsense_haproxy_backend_server\n\n def __init__(self, *args, **kwargs):\n super(TestPFSenseHaproxyBackendServerModule, self).__init__(*args, **kwargs)\n self.config_file = 'pfsense_haproxy_backend_server_config.xml'\n self.pfmodule = PFSenseHaproxyBackendServerModule\n\n ##############\n # tests utils\n #\n def get_target_elt(self, obj, absent=False, module_result=None):\n \"\"\" get the generated backend server xml definition \"\"\"\n pkgs_elt = self.assert_find_xml_elt(self.xml_result, 'installedpackages')\n hap_elt = self.assert_find_xml_elt(pkgs_elt, 'haproxy')\n backends_elt = self.assert_find_xml_elt(hap_elt, 'ha_pools')\n\n for item in backends_elt:\n name_elt = item.find('name')\n if name_elt is not None and name_elt.text == obj['backend']:\n backend_elt = item\n break\n\n if backend_elt is None:\n self.fail('haproxy backend ' + obj['backend'] + ' not found.')\n\n servers_elt = self.assert_find_xml_elt(backend_elt, 'ha_servers')\n for item in servers_elt:\n name_elt = item.find('name')\n if name_elt is not None and name_elt.text == obj['name']:\n return item\n\n if not absent:\n self.fail('haproxy backend server ' + obj['name'] + ' not found.')\n return None\n\n @staticmethod\n def caref(descr):\n \"\"\" return refid for ca \"\"\"\n if descr == 'test ca':\n return '5d85d3071588f'\n if descr == 'test ca2':\n return '5df5ec5668d9f'\n return ''\n\n @staticmethod\n def crlref(descr):\n \"\"\" return refid for crl \"\"\"\n if descr == 'test crl':\n return '5df5edf6cae0f'\n if descr == 'test crl2':\n return '5df5ee048c106'\n return ''\n\n @staticmethod\n def certref(descr):\n \"\"\" return refid for cert \"\"\"\n if descr == 'test cert':\n return '5df5ec78b3048'\n if descr == 'test cert2':\n return '5df5ec97dfd07'\n return ''\n\n @staticmethod\n def idem(descr):\n \"\"\" return value passed \"\"\"\n return descr\n\n def check_target_elt(self, obj, target_elt, server_id):\n \"\"\" test the xml definition of server \"\"\"\n def _check_elt(name, fname=None, default=None, fvalue=self.idem):\n if fname is None:\n fname = name\n\n if name in obj and obj[name] is not None:\n self.assert_xml_elt_equal(target_elt, fname, fvalue(str(obj[name])))\n elif default is not None:\n self.assert_xml_elt_equal(target_elt, fname, fvalue(default))\n elif name in obj:\n self.assert_xml_elt_is_none_or_empty(target_elt, fname)\n else:\n self.assert_not_find_xml_elt(target_elt, fname)\n\n def _check_bool_elt(name, fname=None, false_exists=False):\n if fname is None:\n fname = name\n\n if obj.get(name):\n self.assert_xml_elt_equal(target_elt, fname, 'yes')\n elif name in obj and false_exists:\n self.assert_xml_elt_is_none_or_empty(target_elt, fname)\n else:\n self.assert_not_find_xml_elt(target_elt, fname)\n\n self.assert_xml_elt_equal(target_elt, 'id', str(server_id))\n\n _check_elt('mode', fname='status', default='active')\n _check_elt('forwardto')\n _check_elt('address')\n _check_elt('port')\n _check_elt('weight')\n _check_elt('verifyhost')\n _check_elt('ca', fname='ssl-server-ca', fvalue=self.caref)\n _check_elt('crl', fname='ssl-server-crl', fvalue=self.crlref)\n _check_elt('clientcert', fname='ssl-server-clientcert', fvalue=self.certref)\n _check_elt('cookie')\n _check_elt('maxconn')\n _check_elt('advanced')\n _check_elt('istemplate')\n\n _check_bool_elt('ssl')\n _check_bool_elt('checkssl')\n _check_bool_elt('sslserververify')\n\n ##############\n # tests\n #\n def test_haproxy_backend_server_create(self):\n \"\"\" test creation of a new backend server \"\"\"\n server = dict(backend='test-backend', name='exchange', address='exchange.acme.org', port=443)\n command = \"create haproxy_backend_server 'exchange' on 'test-backend', status='active', address='exchange.acme.org', port=443\"\n self.do_module_test(server, command=command, server_id=103)\n\n def test_haproxy_backend_server_create2(self):\n \"\"\" test creation of a new backend server with some parameters\"\"\"\n server = dict(\n backend='test-backend', name='exchange', address='exchange.acme.org', port=443, ssl=True, ca='test ca', clientcert='test cert', crl='test crl'\n )\n command = (\n \"create haproxy_backend_server 'exchange' on 'test-backend', status='active', address='exchange.acme.org', port=443, \"\n \"ssl=True, ca='test ca', crl='test crl', clientcert='test cert'\"\n )\n self.do_module_test(server, command=command, server_id=103)\n\n def test_haproxy_backend_server_create_invalid_backend(self):\n \"\"\" test creation of a new backend server \"\"\"\n server = dict(backend='test.backend', name='exchange', address='exchange.acme.org', port=443)\n msg = \"The backend named 'test.backend' does not exist\"\n self.do_module_test(server, msg=msg, failed=True)\n\n def test_haproxy_backend_server_create_invalid_name(self):\n \"\"\" test creation of a new backend server \"\"\"\n server = dict(backend='test-backend', name='test exchange', address='exchange.acme.org', port=443)\n msg = \"The field 'name' contains invalid characters\"\n self.do_module_test(server, msg=msg, failed=True)\n\n def test_haproxy_backend_server_delete(self):\n \"\"\" test deletion of a backend server \"\"\"\n server = dict(backend='test-backend', name='exchange.acme.org')\n command = \"delete haproxy_backend_server 'exchange.acme.org' on 'test-backend'\"\n self.do_module_test(server, delete=True, command=command)\n\n def test_haproxy_backend_server_update_noop(self):\n \"\"\" test not updating a backend server \"\"\"\n server = dict(backend='test-backend', name='exchange.acme.org', address='exchange.acme.org', port=443)\n self.do_module_test(server, changed=False)\n\n def test_haproxy_backend_server_update_frontend(self):\n \"\"\" test updating a backend server \"\"\"\n server = dict(backend='test-backend', name='exchange.acme.org', forwardto='test-frontend')\n command = \"update haproxy_backend_server 'exchange.acme.org' on 'test-backend' set forwardto='test-frontend', address=none, port=none\"\n self.do_module_test(server, changed=True, command=command, server_id=101)\n\n def test_haproxy_backend_server_update_certs(self):\n \"\"\" test updating certs \"\"\"\n server = dict(\n backend='test-backend', name='exchange2.acme.org', address='exchange2.acme.org', port=443, ca='test ca2', clientcert='test cert2', crl='test crl2'\n )\n command = \"update haproxy_backend_server 'exchange2.acme.org' on 'test-backend' set ca='test ca2', crl='test crl2', clientcert='test cert2'\"\n self.do_module_test(server, changed=True, command=command, server_id=102)\n\n def test_haproxy_backend_server_update_certs2(self):\n \"\"\" test updating certs \"\"\"\n server = dict(\n backend='test-backend', name='exchange2.acme.org', address='exchange2.acme.org', port=443\n )\n command = \"update haproxy_backend_server 'exchange2.acme.org' on 'test-backend' set ca=none, crl=none, clientcert=none\"\n self.do_module_test(server, changed=True, command=command, server_id=102)\n\n def test_haproxy_backend_server_update_certs3(self):\n \"\"\" test updating certs \"\"\"\n server = dict(\n backend='test-backend', name='exchange.acme.org', address='exchange.acme.org', port=443, ca='test ca2', clientcert='test cert2', crl='test crl2'\n )\n command = \"update haproxy_backend_server 'exchange.acme.org' on 'test-backend' set ca='test ca2', crl='test crl2', clientcert='test cert2'\"\n self.do_module_test(server, changed=True, command=command, server_id=101)\n\n def test_haproxy_backend_server_invalid_ca(self):\n \"\"\" test updating certs \"\"\"\n server = dict(backend='test-backend', name='exchange', address='exchange.acme.org', port=443, ca='test ca3')\n msg = \"test ca3 is not a valid certificate authority\"\n self.do_module_test(server, msg=msg, failed=True)\n\n def test_haproxy_backend_server_invalid_crl(self):\n \"\"\" test updating certs \"\"\"\n server = dict(backend='test-backend', name='exchange', address='exchange.acme.org', port=443, crl='test crl3')\n msg = \"test crl3 is not a valid certificate revocation list\"\n self.do_module_test(server, msg=msg, failed=True)\n\n def test_haproxy_backend_server_invalid_cert(self):\n \"\"\" test updating certs \"\"\"\n server = dict(backend='test-backend', name='exchange', address='exchange.acme.org', port=443, clientcert='test cert3')\n msg = \"test cert3 is not a valid certificate\"\n self.do_module_test(server, msg=msg, failed=True)\n\n def test_haproxy_backend_server_invalid_frontend(self):\n \"\"\" test updating certs \"\"\"\n server = dict(backend='test-backend', name='exchange', forwardto='test frontend')\n msg = \"The frontend named 'test frontend' does not exist\"\n self.do_module_test(server, msg=msg, failed=True)\n"
},
{
"path": "tests/unit/plugins/modules/test_pfsense_interface.py",
"content": "# Copyright: (c) 2018, Frederic Bor \n# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)\n\nfrom __future__ import (absolute_import, division, print_function)\n__metaclass__ = type\n\nimport pytest\nimport sys\n\nif sys.version_info < (2, 7):\n pytestmark = pytest.mark.skip(\"pfSense Ansible modules require Python >= 2.7\")\n\nfrom ansible_collections.pfsensible.core.plugins.modules import pfsense_interface\nfrom ansible_collections.pfsensible.core.plugins.module_utils.interface import PFSenseInterfaceModule\nfrom .pfsense_module import TestPFSenseModule\n\n\nclass TestPFSenseInterfaceModule(TestPFSenseModule):\n\n module = pfsense_interface\n\n def __init__(self, *args, **kwargs):\n super(TestPFSenseInterfaceModule, self).__init__(*args, **kwargs)\n self.config_file = 'pfsense_interface_config.xml'\n self.pfmodule = PFSenseInterfaceModule\n\n def setUp(self):\n \"\"\" mocking up \"\"\"\n\n def php_mock(command):\n if 'get_interface_list' in command:\n interfaces = dict()\n interfaces['vmx0'] = dict()\n interfaces['vmx1'] = dict(descr='notuniq')\n interfaces['vmx2'] = dict(descr='notuniq')\n interfaces['vmx3'] = dict()\n interfaces['vmx0.100'] = dict(descr='uniq')\n interfaces['vmx1.1100'] = dict()\n return interfaces\n return ['autoselect']\n\n super(TestPFSenseInterfaceModule, self).setUp()\n\n self.php.return_value = None\n self.php.side_effect = php_mock\n\n def tearDown(self):\n \"\"\" mocking down \"\"\"\n super(TestPFSenseInterfaceModule, self).tearDown()\n\n self.php.stop()\n\n ##############\n # tests utils\n #\n def get_target_elt(self, obj, absent=False, module_result=None):\n \"\"\" get the generated interface xml definition \"\"\"\n elt_filter = {}\n elt_filter['descr'] = obj['descr']\n\n return self.assert_has_xml_tag('interfaces', elt_filter, absent=absent)\n\n def check_target_elt(self, obj, target_elt):\n \"\"\" test the xml definition of interface \"\"\"\n if 'interface_descr' in obj and obj['interface_descr'] == 'uniq':\n obj['interface'] = 'vmx0.100'\n self.assert_xml_elt_equal(target_elt, 'if', self.unalias_interface(obj['interface'], physical=True))\n\n # bools\n if obj.get('enable'):\n self.assert_xml_elt_is_none_or_empty(target_elt, 'enable')\n else:\n self.assert_not_find_xml_elt(target_elt, 'enable')\n\n if obj.get('blockpriv'):\n self.assert_xml_elt_equal(target_elt, 'blockpriv', '')\n else:\n self.assert_not_find_xml_elt(target_elt, 'blockpriv')\n\n if obj.get('blockbogons'):\n self.assert_xml_elt_equal(target_elt, 'blockbogons', '')\n else:\n self.assert_not_find_xml_elt(target_elt, 'blockbogons')\n\n # ipv4 type related\n if obj.get('ipv4_type') is None or obj.get('ipv4_type') == 'none':\n self.assert_not_find_xml_elt(target_elt, 'ipaddr')\n self.assert_not_find_xml_elt(target_elt, 'subnet')\n self.assert_not_find_xml_elt(target_elt, 'gateway')\n elif obj.get('ipv4_type') == 'static':\n if obj.get('ipv4_address'):\n self.assert_xml_elt_equal(target_elt, 'ipaddr', obj['ipv4_address'])\n if obj.get('ipv4_prefixlen'):\n self.assert_xml_elt_equal(target_elt, 'subnet', str(obj['ipv4_prefixlen']))\n if obj.get('ipv4_gateway'):\n self.assert_xml_elt_equal(target_elt, 'gateway', obj['ipv4_gateway'])\n\n # ipv6 type related\n if obj.get('ipv6_type') is None or obj.get('ipv6_type') in ['none']:\n self.assert_not_find_xml_elt(target_elt, 'ipaddrv6')\n self.assert_not_find_xml_elt(target_elt, 'subnetv6')\n self.assert_not_find_xml_elt(target_elt, 'gatewayv6')\n elif obj.get('ipv6_type') == 'slaac':\n self.assert_xml_elt_equal(target_elt, 'ipaddrv6', 'slaac')\n self.assert_not_find_xml_elt(target_elt, 'subnetv6')\n self.assert_not_find_xml_elt(target_elt, 'gatewayv6')\n elif obj.get('ipv6_type') == 'static':\n if obj.get('ipv6_address'):\n self.assert_xml_elt_equal(target_elt, 'ipaddrv6', obj['ipv6_address'])\n if obj.get('ipv6_prefixlen'):\n self.assert_xml_elt_equal(target_elt, 'subnetv6', str(obj['ipv6_prefixlen']))\n if obj.get('ipv6_gateway'):\n self.assert_xml_elt_equal(target_elt, 'gatewayv6', obj['ipv6_gateway'])\n\n # mac, mss, mtu\n if obj.get('mac'):\n self.assert_xml_elt_equal(target_elt, 'spoofmac', obj['mac'])\n else:\n self.assert_xml_elt_is_none_or_empty(target_elt, 'spoofmac')\n\n if obj.get('mtu'):\n self.assert_xml_elt_equal(target_elt, 'mtu', str(obj['mtu']))\n else:\n self.assert_not_find_xml_elt(target_elt, 'mtu')\n\n if obj.get('mss'):\n self.assert_xml_elt_equal(target_elt, 'mss', str(obj['mss']))\n else:\n self.assert_not_find_xml_elt(target_elt, 'mss')\n\n ##############\n # tests\n #\n def test_interface_create_no_address(self):\n \"\"\" test creation of a new interface with no address \"\"\"\n interface = dict(descr='VOICE', interface='vmx0.100')\n command = \"create interface 'VOICE', port='vmx0.100'\"\n self.do_module_test(interface, command=command)\n\n def test_interface_create_by_descr(self):\n \"\"\" test creation of a new interface with interface_descr \"\"\"\n interface = dict(descr='VOICE', interface_descr='uniq')\n command = \"create interface 'VOICE', port='vmx0.100'\"\n self.do_module_test(interface, command=command)\n\n def test_interface_create_static(self):\n \"\"\" test creation of a new interface with a static ip \"\"\"\n interface = dict(descr='VOICE', interface='vmx0.100', ipv4_type='static', ipv4_address='10.20.30.40', ipv4_prefixlen=24)\n command = \"create interface 'VOICE', port='vmx0.100', ipv4_type='static', ipv4_address='10.20.30.40', ipv4_prefixlen='24'\"\n self.do_module_test(interface, command=command)\n\n def test_interface_create_static_ipv6(self):\n \"\"\" test creation of a new interface with a static ipv6 \"\"\"\n interface = dict(descr='VOICE', interface='vmx0.100', ipv6_type='static', ipv6_address='3001::2001:22', ipv6_prefixlen=56)\n command = \"create interface 'VOICE', port='vmx0.100', ipv6_type='static', ipv6_address='3001::2001:22', ipv6_prefixlen='56'\"\n self.do_module_test(interface, command=command)\n\n def test_interface_create_slaac(self):\n \"\"\" test creation of a new interface with slaac \"\"\"\n interface = dict(descr='VOICE', interface='vmx0.100', ipv6_type='slaac')\n command = \"create interface 'VOICE', port='vmx0.100', ipv6_type='slaac'\"\n self.do_module_test(interface, command=command)\n\n def test_interface_create_none_mac_mtu_mss(self):\n \"\"\" test creation of a new interface \"\"\"\n interface = dict(descr='VOICE', interface='vmx0.100', mac='00:11:22:33:44:55', mtu=1500, mss=1100)\n command = \"create interface 'VOICE', port='vmx0.100', mac='00:11:22:33:44:55', mtu='1500', mss='1100'\"\n self.do_module_test(interface, command=command)\n\n def test_interface_delete(self):\n \"\"\" test deletion of an interface \"\"\"\n interface = dict(descr='vt1')\n command = \"delete interface 'vt1'\"\n self.do_module_test(interface, delete=True, command=command)\n\n def test_interface_delete_lan(self):\n \"\"\" test deletion of an interface \"\"\"\n interface = dict(descr='lan')\n commands = [\n \"delete rule_separator 'test_separator', interface='lan'\",\n \"update rule 'floating_rule_2' on 'floating(lan,wan,lan_1100)' set interface='wan,lan_1100'\",\n \"delete rule 'floating_rule_1' on 'floating(lan)'\",\n \"delete rule 'antilock_out_1' on 'lan'\",\n \"delete rule 'antilock_out_2' on 'lan'\",\n \"delete rule 'antilock_out_3' on 'lan'\",\n \"delete interface 'lan'\"\n ]\n self.do_module_test(interface, delete=True, command=commands)\n\n def test_interface_delete_fails(self):\n \"\"\" test deletion of an interface that is part of a group \"\"\"\n interface = dict(descr='lan_1100')\n msg = \"The interface is part of the group IFGROUP1. Please remove it from the group first.\"\n self.do_module_test(interface, delete=True, failed=True, msg=msg)\n\n def test_interface_update_noop(self):\n \"\"\" test not updating a interface \"\"\"\n interface = dict(descr='lan_1100', interface='vmx1.1100', enable=True, ipv4_type='static', ipv4_address='172.16.151.210', ipv4_prefixlen=24)\n self.do_module_test(interface, changed=False)\n\n def test_interface_update_name(self):\n \"\"\" test updating interface name \"\"\"\n interface = dict(descr='wlan_1100', interface='vmx1.1100', enable=True, ipv4_type='static', ipv4_address='172.16.151.210', ipv4_prefixlen=24)\n command = \"update interface 'lan_1100' set interface='wlan_1100'\"\n self.do_module_test(interface, changed=True, command=command)\n\n def test_interface_update_enable(self):\n \"\"\" test disabling interface \"\"\"\n interface = dict(descr='lan_1100', interface='vmx1.1100', enable=False, ipv4_type='static', ipv4_address='172.16.151.210', ipv4_prefixlen=24)\n command = \"update interface 'lan_1100' set enable=False\"\n self.do_module_test(interface, changed=True, command=command)\n\n def test_interface_update_enable2(self):\n \"\"\" test enabling interface \"\"\"\n interface = dict(descr='vt1', interface='vmx3', enable=True)\n command = \"update interface 'vt1' set enable=True\"\n self.do_module_test(interface, changed=True, command=command)\n\n def test_interface_update_mac(self):\n \"\"\" test updating mac \"\"\"\n interface = dict(descr='lan_1100', interface='vmx1.1100', enable=True, ipv4_type='static',\n ipv4_address='172.16.151.210', ipv4_prefixlen=24, mac='00:11:22:33:44:55', )\n command = \"update interface 'lan_1100' set mac='00:11:22:33:44:55'\"\n self.do_module_test(interface, changed=True, command=command)\n\n def test_interface_update_blocks(self):\n \"\"\" test updating block fields \"\"\"\n interface = dict(descr='lan_1100', interface='vmx1.1100', enable=True, ipv4_type='static',\n ipv4_address='172.16.151.210', ipv4_prefixlen=24, blockpriv=True, blockbogons=True)\n command = \"update interface 'lan_1100' set blockpriv=True, blockbogons=True\"\n self.do_module_test(interface, changed=True, command=command)\n\n def test_interface_error_used(self):\n \"\"\" test error already used \"\"\"\n interface = dict(descr='lan_1100', interface='vmx1', enable=True, ipv4_type='static', ipv4_address='172.16.151.210', ipv4_prefixlen=24)\n msg = \"Port vmx1 is already in use on interface lan\"\n self.do_module_test(interface, failed=True, msg=msg)\n\n def test_interface_error_gw(self):\n \"\"\" test error no such gateway \"\"\"\n interface = dict(descr='lan_1100', interface='vmx1.1100', enable=True, ipv4_type='static',\n ipv4_address='172.16.151.210', ipv4_prefixlen=24, ipv4_gateway='voice_gw')\n msg = \"Gateway voice_gw does not exist on lan_1100\"\n self.do_module_test(interface, failed=True, msg=msg)\n\n def test_interface_error_if(self):\n \"\"\" test error no such interface \"\"\"\n interface = dict(descr='wlan_1100', interface='vmx1.1200', enable=True, ipv4_type='static',\n ipv4_address='172.16.151.210', ipv4_prefixlen=24, ipv4_gateway='voice_gw')\n msg = \"vmx1.1200 can't be assigned. Interface may only be one the following: ['vmx0', 'vmx1', 'vmx2', 'vmx3', 'vmx0.100', 'vmx1.1100']\"\n self.do_module_test(interface, failed=True, msg=msg)\n\n def test_interface_error_eq(self):\n \"\"\" test error same ipv4 address \"\"\"\n interface = dict(descr='VOICE', interface='vmx0.100', ipv4_type='static', ipv4_address='192.168.1.242', ipv4_prefixlen=32)\n msg = \"IP address 192.168.1.242/32 is being used by or overlaps with: lan (192.168.1.242/24)\"\n self.do_module_test(interface, failed=True, msg=msg)\n\n def test_interface_error_overlaps1(self):\n \"\"\" test error same ipv4 address \"\"\"\n interface = dict(descr='VOICE', interface='vmx0.100', ipv4_type='static', ipv4_address='192.168.1.1', ipv4_prefixlen=30)\n msg = \"IP address 192.168.1.1/30 is being used by or overlaps with: lan (192.168.1.242/24)\"\n self.do_module_test(interface, failed=True, msg=msg)\n\n def test_interface_error_overlaps2(self):\n \"\"\" test error same ipv4 address \"\"\"\n interface = dict(descr='VOICE', interface='vmx0.100', ipv4_type='static', ipv4_address='192.168.1.1', ipv4_prefixlen=22)\n msg = \"IP address 192.168.1.1/22 is being used by or overlaps with: lan (192.168.1.242/24)\"\n self.do_module_test(interface, failed=True, msg=msg)\n\n def test_interface_error_inet6_eq(self):\n \"\"\" test error same ipv6 address \"\"\"\n interface = dict(descr='VOICE', interface='vmx0.100', ipv6_type='static', ipv6_address='2001::2001:22', ipv6_prefixlen=127)\n msg = \"IP address 2001::2001:22/127 is being used by or overlaps with: lan (2001::2001:22/64)\"\n self.do_module_test(interface, failed=True, msg=msg)\n\n def test_interface_error_inet6_overlaps1(self):\n \"\"\" test error same ipv6 address \"\"\"\n interface = dict(descr='VOICE', interface='vmx0.100', ipv6_type='static', ipv6_address='2001::2001:1', ipv6_prefixlen=64)\n msg = \"IP address 2001::2001:1/64 is being used by or overlaps with: lan (2001::2001:22/64)\"\n self.do_module_test(interface, failed=True, msg=msg)\n\n def test_interface_error_inet6_overlaps2(self):\n \"\"\" test error same ipv6 address \"\"\"\n interface = dict(descr='VOICE', interface='vmx0.100', ipv6_type='static', ipv6_address='2001::2001', ipv6_prefixlen=56)\n msg = \"IP address 2001::2001/56 is being used by or overlaps with: lan (2001::2001:22/64)\"\n self.do_module_test(interface, failed=True, msg=msg)\n\n def test_interface_delete_sub(self):\n \"\"\" test delete sub interface \"\"\"\n interface = dict(descr='lan_1200', interface='vmx1.1200')\n command = \"delete interface 'lan_1200'\"\n self.do_module_test(interface, delete=True, command=command)\n\n def test_interface_error_not_uniq(self):\n \"\"\" test creation of a new interface with interface_descr \"\"\"\n interface = dict(descr='VOICE', interface_descr='notuniq')\n msg = 'Multiple interfaces found for \"notuniq\"'\n self.do_module_test(interface, failed=True, msg=msg)\n"
},
{
"path": "tests/unit/plugins/modules/test_pfsense_interface_group.py",
"content": "# Copyright: (c) 2018, Frederic Bor \n# Copyright: (c) 2024, Orioni Poplawski \n# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)\n\nfrom __future__ import (absolute_import, division, print_function)\n__metaclass__ = type\n\nimport pytest\nimport sys\n\nif sys.version_info < (2, 7):\n pytestmark = pytest.mark.skip(\"pfSense Ansible modules require Python >= 2.7\")\n\nfrom ansible_collections.pfsensible.core.plugins.modules import pfsense_interface_group\nfrom ansible_collections.pfsensible.core.plugins.module_utils.interface_group import PFSenseInterfaceGroupModule\nfrom .pfsense_module import TestPFSenseModule\n\n\nclass TestPFSenseInterfaceGroupModule(TestPFSenseModule):\n\n module = pfsense_interface_group\n\n def __init__(self, *args, **kwargs):\n super(TestPFSenseInterfaceGroupModule, self).__init__(*args, **kwargs)\n self.config_file = 'pfsense_interface_config.xml'\n self.pfmodule = PFSenseInterfaceGroupModule\n\n def setUp(self):\n \"\"\" mocking up \"\"\"\n\n def php_mock(command):\n if 'get_interface_list' in command:\n interfaces = dict()\n interfaces['vmx0'] = dict()\n interfaces['vmx1'] = dict(descr='notuniq')\n interfaces['vmx2'] = dict(descr='notuniq')\n interfaces['vmx3'] = dict()\n interfaces['vmx0.100'] = dict(descr='uniq')\n interfaces['vmx1.1100'] = dict()\n return interfaces\n return ['autoselect']\n\n super(TestPFSenseInterfaceGroupModule, self).setUp()\n\n self.php.return_value = None\n self.php.side_effect = php_mock\n\n def tearDown(self):\n \"\"\" mocking down \"\"\"\n super(TestPFSenseInterfaceGroupModule, self).tearDown()\n\n self.php.stop()\n\n ##############\n # tests utils\n #\n def get_target_elt(self, obj, absent=False, module_result=None):\n \"\"\" get the generated interface group xml definition \"\"\"\n elt_filter = {}\n elt_filter['ifname'] = obj['name']\n\n return self.assert_has_xml_tag('ifgroups', elt_filter, absent=absent)\n\n def check_target_elt(self, obj, target_elt):\n \"\"\" test the xml definition of interface group \"\"\"\n\n # descr, members\n if obj.get('descr'):\n self.assert_xml_elt_equal(target_elt, 'descr', obj['descr'])\n else:\n self.assert_xml_elt_is_none_or_empty(target_elt, 'descr')\n\n if obj.get('members'):\n self.assert_xml_elt_equal(target_elt, 'members', ' '.join(obj['members']))\n else:\n self.assert_not_find_xml_elt(target_elt, 'members')\n\n ##############\n # tests\n #\n def test_interface_group_create(self):\n \"\"\" test creation of a new interface group \"\"\"\n interface_group = dict(name='IFGROUP2', members=['wan', 'lan'])\n command = \"create interface_group 'IFGROUP2', members='wan lan'\"\n self.do_module_test(interface_group, command=command)\n\n def test_interface_group_create_with_descr(self):\n \"\"\" test creation of a new interface group with a description \"\"\"\n interface_group = dict(name='IFGROUP2', members=['wan', 'lan'], descr='Primary interfaces')\n command = \"create interface_group 'IFGROUP2', descr='Primary interfaces', members='wan lan'\"\n self.do_module_test(interface_group, command=command)\n\n def test_interface_group_delete(self):\n \"\"\" test deletion of an interface group \"\"\"\n interface_group = dict(name='IFGROUP1', state='absent')\n command = \"delete interface_group 'IFGROUP1'\"\n self.do_module_test(interface_group, delete=True, command=command)\n\n def test_interface_group_update_noop(self):\n \"\"\" test not updating a interface group \"\"\"\n interface_group = dict(name='IFGROUP1', members=['opt1', 'opt3'])\n self.do_module_test(interface_group, changed=False)\n\n def test_interface_group_update_descr(self):\n \"\"\" test updating interface group description \"\"\"\n interface_group = dict(name='IFGROUP1', members=['opt1', 'opt3'], descr='Opt Interfaces')\n command = \"update interface_group 'IFGROUP1' set descr='Opt Interfaces'\"\n self.do_module_test(interface_group, changed=True, command=command)\n\n def test_interface_group_update_members(self):\n \"\"\" test updating interface group members \"\"\"\n interface_group = dict(name='IFGROUP1', members=['opt1', 'opt2'])\n command = \"update interface_group 'IFGROUP1' set members='opt1 opt2'\"\n self.do_module_test(interface_group, changed=True, command=command)\n\n def test_interface_group_error_no_members(self):\n \"\"\" test error no members specified \"\"\"\n interface_group = dict(name='IFGROUP2', descr='Primary interfaces')\n msg = \"state is present but all of the following are missing: members\"\n self.do_module_test(interface_group, failed=True, msg=msg)\n\n def test_interface_group_error_member_does_not_exist(self):\n \"\"\" test error member does not exist \"\"\"\n interface_group = dict(name='IFGROUP2', members=['blah'], descr='Primary interfaces')\n msg = 'Unknown interface name \"blah\".'\n self.do_module_test(interface_group, failed=True, msg=msg)\n\n def test_interface_group_error_members_not_uniq(self):\n \"\"\" test error member does not exist \"\"\"\n interface_group = dict(name='IFGROUP2', members=['opt1', 'opt1'], descr='Primary interfaces')\n msg = 'List of members is not unique.'\n self.do_module_test(interface_group, failed=True, msg=msg)\n"
},
{
"path": "tests/unit/plugins/modules/test_pfsense_ipsec.py",
"content": "# Copyright: (c) 2018, Frederic Bor \n# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)\n\nfrom __future__ import (absolute_import, division, print_function)\n__metaclass__ = type\n\nimport pytest\nimport sys\n\nif sys.version_info < (2, 7):\n pytestmark = pytest.mark.skip(\"pfSense Ansible modules require Python >= 2.7\")\n\nfrom ansible_collections.pfsensible.core.plugins.modules import pfsense_ipsec\nfrom ansible_collections.pfsensible.core.plugins.module_utils.ipsec import PFSenseIpsecModule\nfrom .pfsense_module import TestPFSenseModule\n\n\nclass TestPFSenseIpsecModule(TestPFSenseModule):\n\n module = pfsense_ipsec\n\n def __init__(self, *args, **kwargs):\n super(TestPFSenseIpsecModule, self).__init__(*args, **kwargs)\n self.pfmodule = PFSenseIpsecModule\n\n def get_config_file(self):\n \"\"\" get config file \"\"\"\n\n return 'pfsense_ipsec_config.xml'\n\n ##############\n # tests utils\n #\n def get_target_elt(self, obj, absent=False, module_result=None):\n \"\"\" get the generated ipsec xml definition \"\"\"\n elt_filter = {}\n elt_filter['descr'] = obj['descr']\n\n return self.assert_has_xml_tag('ipsec', elt_filter, absent=absent)\n\n @staticmethod\n def caref(descr):\n \"\"\" return refid for ca \"\"\"\n if descr == 'test ca':\n return '5db509cfed87d'\n if descr == 'test ca copy':\n return '5db509cfed87e'\n return ''\n\n @staticmethod\n def certref(descr):\n \"\"\" return refid for cert \"\"\"\n if descr == 'webConfigurator default (5c00e5f9029df)':\n return '5c00e5f9029df'\n if descr == 'webConfigurator default copy':\n return '5c00e5f9029de'\n return ''\n\n def check_target_elt(self, obj, target_elt):\n \"\"\" test the xml definition of ipsec elt \"\"\"\n\n # bools\n if obj.get('disabled'):\n self.assert_xml_elt_is_none_or_empty(target_elt, 'disabled')\n else:\n self.assert_not_find_xml_elt(target_elt, 'disabled')\n\n self.check_param_bool(obj, target_elt, 'gw_duplicates')\n self.check_param_equal_or_not_find(obj, target_elt, 'nattport')\n for param in ['rand_time', 'reauth_time', 'rekey_time']:\n if obj.get(param):\n self.check_param_equal(obj, target_elt, 'rekey_time')\n self.check_param_equal(obj, target_elt, 'reauth_time')\n self.check_param_equal(obj, target_elt, 'rand_time')\n\n # Added in 2.5.2\n if obj.get('startaction'):\n self.assert_xml_elt_equal(target_elt, 'startaction', obj['startaction'])\n if obj.get('closeaction'):\n self.assert_xml_elt_equal(target_elt, 'closeaction', obj['closeaction'])\n\n if obj.get('disable_reauth'):\n self.assert_xml_elt_is_none_or_empty(target_elt, 'reauth_enable')\n else:\n self.assert_not_find_xml_elt(target_elt, 'reauth_enable')\n\n if obj.get('splitconn'):\n self.assert_xml_elt_is_none_or_empty(target_elt, 'splitconn')\n else:\n self.assert_not_find_xml_elt(target_elt, 'splitconn')\n\n if obj.get('enable_dpd') is None or obj.get('enable_dpd'):\n if obj.get('dpd_delay') is not None:\n self.assert_xml_elt_equal(target_elt, 'dpd_delay', obj['dpd_delay'])\n else:\n self.assert_xml_elt_equal(target_elt, 'dpd_delay', '10')\n\n if obj.get('dpd_maxfail') is not None:\n self.assert_xml_elt_equal(target_elt, 'dpd_maxfail', obj['dpd_maxfail'])\n else:\n self.assert_xml_elt_equal(target_elt, 'dpd_maxfail', '5')\n else:\n self.assert_not_find_xml_elt(target_elt, 'dpd_delay')\n self.assert_not_find_xml_elt(target_elt, 'dpd_maxfail')\n\n if obj.get('mobike'):\n self.assert_xml_elt_equal(target_elt, 'mobike', obj['mobike'])\n\n # iketype & mode\n self.assert_xml_elt_equal(target_elt, 'iketype', obj['iketype'])\n if obj.get('mode') is not None:\n self.assert_xml_elt_equal(target_elt, 'mode', obj['mode'])\n\n if obj.get('nat_traversal') is not None:\n self.assert_xml_elt_equal(target_elt, 'nat_traversal', obj['nat_traversal'])\n else:\n self.assert_xml_elt_equal(target_elt, 'nat_traversal', 'on')\n\n # auth\n self.assert_xml_elt_equal(target_elt, 'authentication_method', obj['authentication_method'])\n if obj['authentication_method'] == 'rsasig':\n self.assert_xml_elt_equal(target_elt, 'certref', self.certref(obj['certificate']))\n self.assert_xml_elt_equal(target_elt, 'caref', self.caref(obj['certificate_authority']))\n self.assert_xml_elt_is_none_or_empty(target_elt, 'pre-shared-key')\n else:\n self.assert_xml_elt_is_none_or_empty(target_elt, 'certref')\n self.assert_xml_elt_is_none_or_empty(target_elt, 'caref')\n self.assert_xml_elt_equal(target_elt, 'pre-shared-key', obj['preshared_key'])\n\n # ids\n if obj.get('myid_type') is not None:\n self.assert_xml_elt_equal(target_elt, 'myid_type', obj['myid_type'])\n else:\n self.assert_xml_elt_equal(target_elt, 'myid_type', 'myaddress')\n if obj.get('myid_data') is not None:\n self.assert_xml_elt_equal(target_elt, 'myid_data', obj['myid_data'])\n\n if obj.get('peerid_type') is not None:\n self.assert_xml_elt_equal(target_elt, 'peerid_type', obj['peerid_type'])\n else:\n self.assert_xml_elt_equal(target_elt, 'peerid_type', 'peeraddress')\n if obj.get('peerid_data') is not None:\n self.assert_xml_elt_equal(target_elt, 'peerid_data', obj['peerid_data'])\n\n # misc\n self.assert_xml_elt_equal(target_elt, 'interface', self.unalias_interface(obj['interface']))\n\n if obj.get('protocol') is not None:\n self.assert_xml_elt_equal(target_elt, 'protocol', obj['protocol'])\n else:\n self.assert_xml_elt_equal(target_elt, 'protocol', 'inet')\n self.assert_xml_elt_equal(target_elt, 'remote-gateway', obj['remote_gateway'])\n\n if obj.get('lifetime') is not None:\n self.assert_xml_elt_equal(target_elt, 'lifetime', obj['lifetime'])\n else:\n self.assert_xml_elt_equal(target_elt, 'lifetime', '28800')\n\n def strip_commands(self, commands):\n commands = commands.replace(\"margintime='', \", \"\")\n commands = commands.replace(\"disable_rekey=False, \", \"\")\n\n return commands\n\n ##############\n # tests\n #\n def test_ipsec_create_ikev2(self):\n \"\"\" test creation of a new ipsec tunnel with 2.5.2 params \"\"\"\n ipsec = dict(\n descr='new_tunnel', interface='lan_100', remote_gateway='1.2.3.4', nattport=4501, iketype='ikev2',\n authentication_method='pre_shared_key', preshared_key='1234', gw_duplicates=True, rekey_time=2500, reauth_time=2600, rand_time=2700)\n command = (\n \"create ipsec 'new_tunnel', iketype='ikev2', protocol='inet', interface='lan_100', remote_gateway='1.2.3.4', nattport='4501', \"\n \"authentication_method='pre_shared_key', preshared_key='1234', myid_type='myaddress', peerid_type='peeraddress', lifetime='28800', \"\n \"rekey_time='2500', reauth_time='2600', rand_time='2700', \"\n \"mobike='off', gw_duplicates=True, startaction='', closeaction='', nat_traversal='on', enable_dpd=True, dpd_delay='10', dpd_maxfail='5'\")\n self.do_module_test(ipsec, command=command)\n\n def test_ipsec_create_ikev1(self):\n \"\"\" test creation of a new ipsec tunnel \"\"\"\n ipsec = dict(\n descr='new_tunnel', interface='lan_100', remote_gateway='1.2.3.4', iketype='ikev1',\n authentication_method='pre_shared_key', preshared_key='1234', mode='main', startaction='none', closeaction='none')\n command = (\n \"create ipsec 'new_tunnel', iketype='ikev1', mode='main', protocol='inet', interface='lan_100', remote_gateway='1.2.3.4', \"\n \"authentication_method='pre_shared_key', preshared_key='1234', myid_type='myaddress', peerid_type='peeraddress', lifetime='28800', \"\n \"disable_rekey=False, margintime='', startaction='none', closeaction='none', nat_traversal='on', enable_dpd=True, dpd_delay='10', dpd_maxfail='5'\")\n self.do_module_test(ipsec, command=command)\n\n def test_ipsec_create_vip_descr(self):\n \"\"\" test creation of a new ipsec tunnel with vip: interface name \"\"\"\n ipsec = dict(\n descr='new_tunnel', interface='vip:WAN CARP', remote_gateway='1.2.3.4', iketype='ikev1',\n authentication_method='pre_shared_key', preshared_key='1234', mode='main', startaction='start', closeaction='start')\n command = (\n \"create ipsec 'new_tunnel', iketype='ikev1', mode='main', protocol='inet', interface='vip:WAN CARP', remote_gateway='1.2.3.4', \"\n \"authentication_method='pre_shared_key', preshared_key='1234', myid_type='myaddress', peerid_type='peeraddress', lifetime='28800', \"\n \"disable_rekey=False, margintime='', startaction='start', closeaction='start', \"\n \"nat_traversal='on', enable_dpd=True, dpd_delay='10', dpd_maxfail='5'\")\n self.do_module_test(ipsec, command=command)\n\n def test_ipsec_create_vip_subnet(self):\n \"\"\" test creation of a new ipsec tunnel with vip: interface address \"\"\"\n ipsec = dict(\n descr='new_tunnel', interface='vip:151.25.19.11', remote_gateway='1.2.3.4', iketype='ikev1',\n authentication_method='pre_shared_key', preshared_key='1234', mode='main', startaction='trap', closeaction='trap')\n command = (\n \"create ipsec 'new_tunnel', iketype='ikev1', mode='main', protocol='inet', interface='vip:151.25.19.11', remote_gateway='1.2.3.4', \"\n \"authentication_method='pre_shared_key', preshared_key='1234', myid_type='myaddress', peerid_type='peeraddress', lifetime='28800', \"\n \"disable_rekey=False, margintime='', startaction='trap', closeaction='trap', nat_traversal='on', enable_dpd=True, dpd_delay='10', dpd_maxfail='5'\")\n self.do_module_test(ipsec, command=command)\n\n def test_ipsec_create_auto(self):\n \"\"\" test creation of a new ipsec tunnel \"\"\"\n ipsec = dict(\n descr='new_tunnel', interface='lan_100', remote_gateway='1.2.3.4', iketype='auto',\n authentication_method='pre_shared_key', preshared_key='1234', mode='main')\n command = (\n \"create ipsec 'new_tunnel', iketype='auto', mode='main', protocol='inet', interface='lan_100', remote_gateway='1.2.3.4', \"\n \"authentication_method='pre_shared_key', preshared_key='1234', myid_type='myaddress', peerid_type='peeraddress', lifetime='28800', \"\n \"disable_rekey=False, margintime='', startaction='', closeaction='', nat_traversal='on', enable_dpd=True, dpd_delay='10', dpd_maxfail='5'\")\n self.do_module_test(ipsec, command=command)\n\n def test_ipsec_delete(self):\n \"\"\" test deletion of an ipsec \"\"\"\n ipsec = dict(descr='test_tunnel', state='absent')\n command = \"delete ipsec 'test_tunnel'\"\n self.do_module_test(ipsec, delete=True, command=command)\n\n def test_ipsec_update_noop(self):\n \"\"\" test not updating a ipsec \"\"\"\n ipsec = dict(\n descr='test_tunnel', interface='lan_100', remote_gateway='1.2.4.8', iketype='ikev2',\n authentication_method='pre_shared_key', preshared_key='1234')\n self.do_module_test(ipsec, changed=False)\n\n def test_ipsec_update_ike(self):\n \"\"\" test updating ike \"\"\"\n ipsec = dict(\n descr='test_tunnel', interface='lan_100', remote_gateway='1.2.4.8', iketype='ikev1',\n authentication_method='pre_shared_key', preshared_key='1234', mode='main')\n command = \"update ipsec 'test_tunnel' set iketype='ikev1', mode='main'\"\n self.do_module_test(ipsec, command=command)\n\n def test_ipsec_update_gw(self):\n \"\"\" test updating gw \"\"\"\n ipsec = dict(\n descr='test_tunnel', interface='lan_100', remote_gateway='1.2.3.5', iketype='ikev2',\n authentication_method='pre_shared_key', preshared_key='1234')\n command = \"update ipsec 'test_tunnel' set remote_gateway='1.2.3.5'\"\n self.do_module_test(ipsec, command=command)\n\n def test_ipsec_update_auth(self):\n \"\"\" test updating auth \"\"\"\n ipsec = dict(\n descr='test_tunnel', interface='lan_100', remote_gateway='1.2.4.8', iketype='ikev2',\n authentication_method='rsasig', certificate='webConfigurator default (5c00e5f9029df)', certificate_authority='test ca')\n command = (\n \"update ipsec 'test_tunnel' set authentication_method='rsasig', \"\n \"certificate='webConfigurator default (5c00e5f9029df)', certificate_authority='test ca'\")\n self.do_module_test(ipsec, command=command)\n\n def test_ipsec_update_cert(self):\n \"\"\" test updating certificates \"\"\"\n ipsec = dict(\n descr='test_tunnel2', interface='lan_100', remote_gateway='1.2.3.6', iketype='ikev2',\n authentication_method='rsasig', certificate='webConfigurator default copy', certificate_authority='test ca copy')\n command = \"update ipsec 'test_tunnel2' set certificate='webConfigurator default copy', certificate_authority='test ca copy'\"\n self.do_module_test(ipsec, command=command)\n\n def test_ipsec_duplicate_gw(self):\n \"\"\" test using a duplicate gw \"\"\"\n ipsec = dict(\n descr='new_tunnel', interface='lan_100', remote_gateway='1.2.4.8', iketype='ikev1',\n authentication_method='pre_shared_key', preshared_key='1234', mode='main')\n msg = 'The remote gateway \"1.2.4.8\" is already used by phase1 \"test_tunnel\".'\n self.do_module_test(ipsec, msg=msg, failed=True)\n"
},
{
"path": "tests/unit/plugins/modules/test_pfsense_ipsec_aggregate.py",
"content": "# Copyright: (c) 2018, Frederic Bor \n# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)\n\nfrom __future__ import (absolute_import, division, print_function)\n__metaclass__ = type\n\nimport pytest\nimport sys\n\nif sys.version_info < (2, 7):\n pytestmark = pytest.mark.skip(\"pfSense Ansible modules require Python >= 2.7\")\n\nfrom ansible_collections.community.internal_test_tools.tests.unit.plugins.modules.utils import set_module_args\nfrom ansible_collections.pfsensible.core.plugins.modules import pfsense_ipsec_aggregate\nfrom parameterized import parameterized\n\nfrom .pfsense_module import TestPFSenseModule\n\n\nclass TestPFSenseIpsecAggregateModule(TestPFSenseModule):\n\n module = pfsense_ipsec_aggregate\n\n def __init__(self, *args, **kwargs):\n super(TestPFSenseIpsecAggregateModule, self).__init__(*args, **kwargs)\n\n def get_config_file(self):\n \"\"\" get config file \"\"\"\n\n return 'pfsense_ipsec_aggregate_config.xml'\n\n def assert_find_ipsec(self, ipsec):\n \"\"\" test if an ipsec tunnel exist \"\"\"\n self.load_xml_result()\n parent_tag = self.xml_result.find('ipsec')\n if parent_tag is None:\n self.fail('Unable to find tag ipsec')\n\n found = False\n for ipsec_elt in parent_tag:\n if ipsec_elt.tag != 'phase1':\n continue\n\n if ipsec_elt.find('descr').text == ipsec:\n found = True\n break\n\n if not found:\n self.fail('Ipsec tunnel not found: ' + ipsec)\n\n def assert_not_find_ipsec(self, ipsec):\n \"\"\" test if an ipsec tunnel does not exist \"\"\"\n self.load_xml_result()\n parent_tag = self.xml_result.find('ipsec')\n if parent_tag is None:\n self.fail('Unable to find tag ipsec')\n\n found = False\n for ipsec_elt in parent_tag:\n if ipsec_elt.tag != 'phase1':\n continue\n\n if ipsec_elt.find('descr').text == ipsec:\n found = True\n break\n\n if found:\n self.fail('Ipsec tunnel found: ' + ipsec)\n\n def strip_commands(self, commands):\n \"\"\" remove old or new parameters \"\"\"\n def strip_command(command):\n command = command.replace(\"margintime='', \", \"\")\n command = command.replace(\"disable_rekey=False, \", \"\")\n return command\n\n if isinstance(commands, str):\n return strip_command(commands)\n\n cmds = []\n for cmd in commands:\n cmd = strip_command(cmd)\n cmds.append(cmd)\n return cmds\n\n ############\n # as we rely on sub modules for modifying the xml\n # we dont perform checks on the xml modifications\n # we just test the output\n @parameterized.expand([[\"2.5.2\"]])\n def test_ipsec_aggregate_ipsecs(self, pfsense_version):\n \"\"\" test creation of a some tunnels \"\"\"\n self.get_version.return_value = pfsense_version\n args = dict(\n purge_ipsecs=False,\n aggregated_ipsecs=[\n dict(descr='t1', interface='wan', remote_gateway='1.3.3.1', iketype='ikev2', authentication_method='pre_shared_key', preshared_key='azerty123'),\n dict(descr='t2', interface='wan', remote_gateway='1.3.3.2', iketype='ikev2', authentication_method='pre_shared_key', preshared_key='qwerty123'),\n dict(descr='test_tunnel2', state='absent'),\n dict(\n descr='test_tunnel', interface='lan_100', remote_gateway='1.2.4.8', iketype='ikev2',\n authentication_method='pre_shared_key', preshared_key='0123456789'\n ),\n ]\n )\n with set_module_args(args):\n result = self.execute_module(changed=True)\n result_ipsecs = []\n result_ipsecs.append(\n \"create ipsec 't1', iketype='ikev2', protocol='inet', interface='wan', remote_gateway='1.3.3.1', authentication_method='pre_shared_key', \"\n \"preshared_key='azerty123', myid_type='myaddress', peerid_type='peeraddress', lifetime='28800', \"\n \"disable_rekey=False, margintime='', \"\n \"mobike='off', startaction='', closeaction='', nat_traversal='on', enable_dpd=True, dpd_delay='10', dpd_maxfail='5'\"\n )\n result_ipsecs.append(\n \"create ipsec 't2', iketype='ikev2', protocol='inet', interface='wan', remote_gateway='1.3.3.2', authentication_method='pre_shared_key', \"\n \"preshared_key='qwerty123', myid_type='myaddress', peerid_type='peeraddress', lifetime='28800', \"\n \"disable_rekey=False, margintime='', \"\n \"mobike='off', startaction='', closeaction='', nat_traversal='on', enable_dpd=True, dpd_delay='10', dpd_maxfail='5'\"\n )\n result_ipsecs.append(\"delete ipsec 'test_tunnel2'\")\n result_ipsecs.append(\"update ipsec 'test_tunnel' set preshared_key='0123456789'\")\n result_ipsecs = self.strip_commands(result_ipsecs)\n\n self.assertEqual(result['result_ipsecs'], result_ipsecs)\n self.assert_find_ipsec('t1')\n self.assert_find_ipsec('t2')\n self.assert_not_find_ipsec('test_tunnel2')\n self.assert_find_ipsec('test_tunnel')\n\n @parameterized.expand([[\"2.5.2\"]])\n def test_ipsec_aggregate_ipsecs_purge(self, pfsense_version):\n \"\"\" test creation of a some tunnels with purge \"\"\"\n self.get_version.return_value = pfsense_version\n args = dict(\n purge_ipsecs=True,\n aggregated_ipsecs=[\n dict(descr='t1', interface='wan', remote_gateway='1.3.3.1', iketype='ikev2', authentication_method='pre_shared_key', preshared_key='azerty123'),\n dict(descr='t2', interface='wan', remote_gateway='1.3.3.2', iketype='ikev2', authentication_method='pre_shared_key', preshared_key='qwerty123'),\n ]\n )\n with set_module_args(args):\n result = self.execute_module(changed=True)\n result_ipsecs = []\n result_ipsecs.append(\n \"create ipsec 't1', iketype='ikev2', protocol='inet', interface='wan', remote_gateway='1.3.3.1', authentication_method='pre_shared_key', \"\n \"preshared_key='azerty123', myid_type='myaddress', peerid_type='peeraddress', lifetime='28800', \"\n \"disable_rekey=False, margintime='', \"\n \"mobike='off', startaction='', closeaction='', nat_traversal='on', enable_dpd=True, dpd_delay='10', dpd_maxfail='5'\"\n )\n result_ipsecs.append(\n \"create ipsec 't2', iketype='ikev2', protocol='inet', interface='wan', remote_gateway='1.3.3.2', authentication_method='pre_shared_key', \"\n \"preshared_key='qwerty123', myid_type='myaddress', peerid_type='peeraddress', lifetime='28800', \"\n \"disable_rekey=False, margintime='', \"\n \"mobike='off', startaction='', closeaction='', nat_traversal='on', enable_dpd=True, dpd_delay='10', dpd_maxfail='5'\"\n )\n result_ipsecs.append(\"delete ipsec 'test_tunnel'\")\n result_ipsecs.append(\"delete ipsec 'test_tunnel2'\")\n result_ipsecs = self.strip_commands(result_ipsecs)\n\n self.assertEqual(result['result_ipsecs'], result_ipsecs)\n self.assert_find_ipsec('t1')\n self.assert_find_ipsec('t2')\n self.assert_not_find_ipsec('test_tunnel')\n self.assert_not_find_ipsec('test_tunnel2')\n\n @parameterized.expand([[\"2.5.2\"]])\n def test_ipsec_aggregate_proposals(self, pfsense_version):\n \"\"\" test creation of a some proposals \"\"\"\n self.get_version.return_value = pfsense_version\n args = dict(\n purge_ipsec_proposals=False,\n aggregated_ipsec_proposals=[\n dict(descr='test_tunnel', encryption='aes', key_length=128, hash='md5', dhgroup=14),\n dict(descr='test_tunnel2', encryption='cast128', hash='sha512', dhgroup=14),\n dict(descr='test_tunnel', encryption='aes', key_length=128, hash='sha256', dhgroup=14, state='absent'),\n dict(descr='test_tunnel2', encryption='blowfish', key_length=256, hash='aesxcbc', dhgroup=14, state='absent'),\n ]\n )\n with set_module_args(args):\n self.execute_module(changed=True)\n result = self.execute_module(changed=True)\n result_ipsec_proposals = []\n result_ipsec_proposals.append(\"create ipsec_proposal 'test_tunnel', encryption='aes', key_length=128, hash='md5', dhgroup='14', prf='sha256'\")\n result_ipsec_proposals.append(\"create ipsec_proposal 'test_tunnel2', encryption='cast128', hash='sha512', dhgroup='14', prf='sha256'\")\n result_ipsec_proposals.append(\"delete ipsec_proposal 'test_tunnel', encryption='aes', key_length=128, hash='sha256', dhgroup='14', prf='sha256'\")\n result_ipsec_proposals.append(\n \"delete ipsec_proposal 'test_tunnel2', encryption='blowfish', key_length=256, hash='aesxcbc', dhgroup='14', prf='sha256'\"\n )\n result_ipsec_proposals = self.strip_commands(result_ipsec_proposals)\n\n self.assertEqual(result['result_ipsec_proposals'], result_ipsec_proposals)\n\n @parameterized.expand([[\"2.5.2\"]])\n def test_ipsec_aggregate_proposals_purge(self, pfsense_version):\n \"\"\" test creation of a some proposals with purge \"\"\"\n self.get_version.return_value = pfsense_version\n args = dict(\n purge_ipsec_proposals=True,\n aggregated_ipsec_proposals=[\n dict(descr='test_tunnel', encryption='aes', key_length=128, hash='md5', dhgroup=14),\n dict(descr='test_tunnel2', encryption='cast128', hash='sha512', dhgroup=14),\n ]\n )\n with set_module_args(args):\n self.execute_module(changed=True)\n result = self.execute_module(changed=True)\n result_ipsec_proposals = []\n result_ipsec_proposals.append(\"create ipsec_proposal 'test_tunnel', encryption='aes', key_length=128, hash='md5', dhgroup='14', prf='sha256'\")\n result_ipsec_proposals.append(\"create ipsec_proposal 'test_tunnel2', encryption='cast128', hash='sha512', dhgroup='14', prf='sha256'\")\n result_ipsec_proposals.append(\"delete ipsec_proposal 'test_tunnel', encryption='aes', key_length=128, hash='sha256', dhgroup='14', prf='sha256'\")\n result_ipsec_proposals.append(\"delete ipsec_proposal 'test_tunnel', encryption='aes', key_length=256, hash='sha256', dhgroup='14', prf='sha256'\")\n result_ipsec_proposals.append(\n \"delete ipsec_proposal 'test_tunnel', encryption='aes128gcm', key_length=128, hash='sha256', dhgroup='14', prf='sha256'\"\n )\n result_ipsec_proposals.append(\n \"delete ipsec_proposal 'test_tunnel', encryption='blowfish', key_length=256, hash='aesxcbc', dhgroup='14', prf='sha256'\"\n )\n\n result_ipsec_proposals.append(\"delete ipsec_proposal 'test_tunnel2', encryption='aes', key_length=128, hash='sha256', dhgroup='14', prf='sha256'\")\n result_ipsec_proposals.append(\"delete ipsec_proposal 'test_tunnel2', encryption='aes', key_length=256, hash='sha256', dhgroup='14', prf='sha256'\")\n result_ipsec_proposals.append(\n \"delete ipsec_proposal 'test_tunnel2', encryption='aes128gcm', key_length=128, hash='sha256', dhgroup='14', prf='sha256'\"\n )\n result_ipsec_proposals.append(\n \"delete ipsec_proposal 'test_tunnel2', encryption='blowfish', key_length=256, hash='aesxcbc', dhgroup='14', prf='sha256'\"\n )\n result_ipsec_proposals = self.strip_commands(result_ipsec_proposals)\n\n self.assertEqual(result['result_ipsec_proposals'], result_ipsec_proposals)\n\n def test_ipsec_aggregate_p2s(self):\n \"\"\" test creation of a some p2s \"\"\"\n args = dict(\n purge_ipsec_p2s=False,\n aggregated_ipsec_p2s=[\n dict(descr='p2_1', p1_descr='test_tunnel', mode='tunnel', local='1.2.3.4/24', remote='10.20.30.40/24', aes=True, aes_len='auto', sha256=True),\n dict(descr='p2_2', p1_descr='test_tunnel', mode='tunnel', local='1.2.3.4/24', remote='10.20.30.50/24', aes=True, aes_len='auto', sha256=True),\n dict(\n descr='one_p2', p1_descr='test_tunnel', mode='tunnel', local='lan', remote='10.20.30.60/24',\n aes='True', aes_len='128', aes128gcm=True, aes128gcm_len='128', sha256='True'\n ),\n dict(descr='another_p2', p1_descr='test_tunnel', state='absent')\n ]\n )\n with set_module_args(args):\n result = self.execute_module(changed=True)\n result_ipsec_p2s = []\n result_ipsec_p2s.append(\n \"create ipsec_p2 'p2_1' on 'test_tunnel', disabled=False, mode='tunnel', local='1.2.3.4/24', remote='10.20.30.40/24', \"\n \"aes=True, aes_len='auto', sha256=True, pfsgroup='14', lifetime=3600\"\n )\n result_ipsec_p2s.append(\n \"create ipsec_p2 'p2_2' on 'test_tunnel', disabled=False, mode='tunnel', local='1.2.3.4/24', remote='10.20.30.50/24', \"\n \"aes=True, aes_len='auto', sha256=True, pfsgroup='14', lifetime=3600\"\n )\n result_ipsec_p2s.append(\"update ipsec_p2 'one_p2' on 'test_tunnel' set remote='10.20.30.60/24'\")\n result_ipsec_p2s.append(\"delete ipsec_p2 'another_p2' on 'test_tunnel'\")\n\n self.assertEqual(result['result_ipsec_p2s'], result_ipsec_p2s)\n\n def test_ipsec_aggregate_p2s_purge(self):\n \"\"\" test creation of a some p2s with purge \"\"\"\n args = dict(\n purge_ipsec_p2s=True,\n aggregated_ipsec_p2s=[\n dict(descr='p2_1', p1_descr='test_tunnel', mode='tunnel', local='1.2.3.4/24', remote='10.20.30.40/24', aes=True, aes_len='auto', sha256=True),\n dict(descr='p2_2', p1_descr='test_tunnel', mode='tunnel', local='1.2.3.4/24', remote='10.20.30.50/24', aes=True, aes_len='auto', sha256=True),\n ]\n )\n with set_module_args(args):\n result = self.execute_module(changed=True)\n result_ipsec_p2s = []\n result_ipsec_p2s.append(\n \"create ipsec_p2 'p2_1' on 'test_tunnel', disabled=False, mode='tunnel', local='1.2.3.4/24', remote='10.20.30.40/24', \"\n \"aes=True, aes_len='auto', sha256=True, pfsgroup='14', lifetime=3600\"\n )\n result_ipsec_p2s.append(\n \"create ipsec_p2 'p2_2' on 'test_tunnel', disabled=False, mode='tunnel', local='1.2.3.4/24', remote='10.20.30.50/24', \"\n \"aes=True, aes_len='auto', sha256=True, pfsgroup='14', lifetime=3600\"\n )\n result_ipsec_p2s.append(\"delete ipsec_p2 'one_p2' on 'test_tunnel'\")\n result_ipsec_p2s.append(\"delete ipsec_p2 'another_p2' on 'test_tunnel'\")\n result_ipsec_p2s.append(\"delete ipsec_p2 'third_p2' on 'test_tunnel'\")\n result_ipsec_p2s.append(\"delete ipsec_p2 'nat_p2' on 'test_tunnel'\")\n\n self.assertEqual(result['result_ipsec_p2s'], result_ipsec_p2s)\n"
},
{
"path": "tests/unit/plugins/modules/test_pfsense_ipsec_p2.py",
"content": "# Copyright: (c) 2018, Frederic Bor \n# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)\n\nfrom __future__ import (absolute_import, division, print_function)\n__metaclass__ = type\n\nimport pytest\nimport sys\n\nif sys.version_info < (2, 7):\n pytestmark = pytest.mark.skip(\"pfSense Ansible modules require Python >= 2.7\")\n\nfrom ansible_collections.pfsensible.core.plugins.modules import pfsense_ipsec_p2\nfrom ansible_collections.pfsensible.core.plugins.module_utils.ipsec_p2 import PFSenseIpsecP2Module\nfrom .pfsense_module import TestPFSenseModule\n\n\nclass TestPFSenseIpsecP2Module(TestPFSenseModule):\n\n module = pfsense_ipsec_p2\n\n def __init__(self, *args, **kwargs):\n super(TestPFSenseIpsecP2Module, self).__init__(*args, **kwargs)\n self.config_file = 'pfsense_ipsec_p2_config.xml'\n self.pfmodule = PFSenseIpsecP2Module\n\n ##############\n # tests utils\n #\n def get_phase1_elt(self, descr, absent=False):\n \"\"\" get phase1 \"\"\"\n elt_filter = {}\n elt_filter['descr'] = descr\n return self.assert_has_xml_tag('ipsec', elt_filter, absent=absent)\n\n def get_target_elt(self, obj, absent=False, module_result=None):\n \"\"\" get the generated phase2 xml definition \"\"\"\n phase1_elt = self.get_phase1_elt(obj['p1_descr'])\n\n elt_filter = {}\n elt_filter['descr'] = obj['descr']\n elt_filter['ikeid'] = phase1_elt.find('ikeid').text\n return self.assert_has_xml_tag('ipsec', elt_filter, absent=absent)\n\n @staticmethod\n def get_enc_elt(phase2_elt, enc_name):\n \"\"\" get encryption \"\"\"\n for elt in phase2_elt:\n if elt.tag != 'encryption-algorithm-option':\n continue\n if elt.find('name').text == enc_name:\n return elt\n return None\n\n def check_enc(self, phase2, phase2_elt, enc_name, param_name):\n \"\"\" check encryption \"\"\"\n enc_elt = self.get_enc_elt(phase2_elt, enc_name)\n if phase2.get(param_name):\n if enc_elt is None:\n self.fail('Encryption named {0} not found'.format(enc_name))\n if phase2.get(param_name + '_len') is not None:\n keylen_elt = enc_elt.find('keylen')\n if keylen_elt is None:\n self.fail('Key length not found for encryption named {0}'.format(enc_name))\n self.assertEqual(keylen_elt.text, phase2[param_name + '_len'])\n else:\n if enc_elt is not None:\n self.fail('Encryption named {0} found'.format(enc_name))\n\n @staticmethod\n def get_hash_elt(phase2_elt, hash_name):\n \"\"\" get hash \"\"\"\n for elt in phase2_elt:\n if elt.tag != 'hash-algorithm-option':\n continue\n if elt.text == hash_name:\n return elt\n return None\n\n def check_hash(self, phase2, phase2_elt, hash_name, param_name):\n \"\"\" check hash \"\"\"\n hash_elt = self.get_hash_elt(phase2_elt, hash_name)\n if phase2.get(param_name):\n if hash_elt is None:\n self.fail('Hash algorithm named {0} not found'.format(hash_name))\n else:\n if hash_elt is not None:\n self.fail('Hash algorithm named {0} found'.format(hash_name))\n\n def param_to_address(self, address):\n \"\"\" hardcoded addresses \"\"\"\n ret = dict()\n if address in ['1.2.3.1', '1.2.3.2']:\n ret['type'] = 'address'\n ret['address'] = address\n ret['type'] = 'address'\n ret['address'] = address\n elif address == '1.2.3.4/24':\n ret['type'] = 'network'\n ret['address'] = '1.2.3.4'\n ret['netbits'] = '24'\n elif address == '10.20.30.40/24':\n ret['type'] = 'network'\n ret['address'] = '10.20.30.40'\n ret['netbits'] = '24'\n elif address == '10.20.30.50/24':\n ret['type'] = 'network'\n ret['address'] = '10.20.30.50'\n ret['netbits'] = '24'\n elif address in ['lan_100', 'lan']:\n ret['type'] = self.unalias_interface(address)\n else:\n self.fail('Please add address {0} to param_to_address'.format(address))\n return ret\n\n def check_address(self, phase2, phase2_elt, elt_name, param_name):\n \"\"\" check address \"\"\"\n if phase2.get(param_name) is None:\n if phase2_elt.find(elt_name) is not None:\n self.fail('Address type {0} found'.format(elt_name))\n else:\n addr_elt = phase2_elt.find(elt_name)\n if addr_elt is None:\n self.fail('Address type {0} not found'.format(elt_name))\n\n address = self.param_to_address(phase2[param_name])\n for param in address.keys():\n elt = addr_elt.find(param)\n if elt is None:\n self.fail('Address param {0} not found'.format(param))\n self.assertEqual(elt.text, address[param])\n\n params = address.keys()\n for elt in addr_elt:\n if elt.tag not in params:\n self.fail('Address param{0} found'.format(elt.tag))\n\n def check_target_elt(self, obj, target_elt):\n \"\"\" test the xml definition of phase2 elt \"\"\"\n # bools\n if obj.get('disabled'):\n self.assert_xml_elt_is_none_or_empty(target_elt, 'disabled')\n else:\n self.assert_not_find_xml_elt(target_elt, 'disabled')\n\n self.assert_xml_elt_equal(target_elt, 'mode', obj['mode'])\n if obj.get('procotol') is not None:\n self.assert_xml_elt_equal(target_elt, 'protocol', obj['protocol'])\n else:\n self.assert_xml_elt_equal(target_elt, 'protocol', 'esp')\n if obj.get('pfsgroup') is not None:\n self.assert_xml_elt_equal(target_elt, 'pfsgroup', obj['pfsgroup'])\n else:\n self.assert_xml_elt_equal(target_elt, 'pfsgroup', '14')\n\n if obj.get('lifetime') is not None:\n if obj['lifetime'] == 0:\n self.assert_xml_elt_is_none_or_empty(target_elt, 'lifetime')\n else:\n self.assert_xml_elt_equal(target_elt, 'lifetime', str(obj['lifetime']))\n else:\n self.assert_xml_elt_equal(target_elt, 'lifetime', '3600')\n\n if obj.get('pinghost') is not None:\n self.assert_xml_elt_equal(target_elt, 'pinghost', str(obj['pinghost']))\n else:\n self.assert_xml_elt_is_none_or_empty(target_elt, 'pinghost')\n\n # encryptions\n self.check_enc(obj, target_elt, 'aes', 'aes')\n self.check_enc(obj, target_elt, 'aes128gcm', 'aes128gcm')\n self.check_enc(obj, target_elt, 'aes192gcm', 'aes192gcm')\n self.check_enc(obj, target_elt, 'aes256gcm', 'aes256gcm')\n self.check_enc(obj, target_elt, 'blowfish', 'blowfish')\n self.check_enc(obj, target_elt, '3des', 'des')\n self.check_enc(obj, target_elt, 'cast128', 'cast128')\n\n # hashes\n self.check_hash(obj, target_elt, 'hmac_sha1', 'sha1')\n self.check_hash(obj, target_elt, 'hmac_sha256', 'sha256')\n self.check_hash(obj, target_elt, 'hmac_sha384', 'sha384')\n self.check_hash(obj, target_elt, 'hmac_sha512', 'sha512')\n self.check_hash(obj, target_elt, 'aesxcbc', 'aesxcbc')\n\n self.check_address(obj, target_elt, 'localid', 'local')\n self.check_address(obj, target_elt, 'remoteid', 'remote')\n self.check_address(obj, target_elt, 'natlocalid', 'nat')\n\n ##############\n # tests\n #\n def test_phase2_create_vti(self):\n \"\"\" test creation of a new phase2 in vti mode \"\"\"\n phase2 = dict(p1_descr='test_tunnel', descr='test_p2', mode='vti', local='1.2.3.1', remote='1.2.3.2', aes='True', aes_len='auto', sha256='True')\n command = (\n \"create ipsec_p2 'test_p2' on 'test_tunnel', disabled=False, mode='vti', local='1.2.3.1', remote='1.2.3.2', \"\n \"aes=True, aes_len='auto', sha256=True, pfsgroup='14', lifetime=3600\"\n )\n self.do_module_test(phase2, command=command)\n\n def test_phase2_create_tunnel(self):\n \"\"\" test creation of a new phase2 in tunnel mode \"\"\"\n phase2 = dict(p1_descr='test_tunnel', descr='test_p2', mode='tunnel', local='lan_100', remote='1.2.3.4/24', aes='True', aes_len='auto', sha256='True')\n command = (\n \"create ipsec_p2 'test_p2' on 'test_tunnel', disabled=False, mode='tunnel', local='lan_100', remote='1.2.3.4/24', \"\n \"aes=True, aes_len='auto', sha256=True, pfsgroup='14', lifetime=3600\"\n )\n self.do_module_test(phase2, command=command)\n\n def test_phase2_delete(self):\n \"\"\" test deletion of a phase2 \"\"\"\n phase2 = dict(p1_descr='test_tunnel', descr='one_p2', state='absent')\n command = \"delete ipsec_p2 'one_p2' on 'test_tunnel'\"\n self.do_module_test(phase2, delete=True, command=command)\n\n def test_phase2_update_noop(self):\n \"\"\" test not updating a phase2 \"\"\"\n phase2 = dict(\n p1_descr='test_tunnel', descr='one_p2', mode='tunnel', local='lan', remote='10.20.30.40/24',\n aes='True', aes_len='128', aes128gcm=True, aes128gcm_len='128', sha256='True')\n self.do_module_test(phase2, changed=False)\n\n def test_phase2_update_aes_len(self):\n \"\"\" test update aes \"\"\"\n phase2 = dict(\n p1_descr='test_tunnel', descr='one_p2', mode='tunnel', local='lan', remote='10.20.30.40/24',\n aes='True', aes_len='auto', aes128gcm=True, aes128gcm_len='128', sha256='True')\n command = \"update ipsec_p2 'one_p2' on 'test_tunnel' set aes_len='auto'\"\n self.do_module_test(phase2, command=command)\n\n def test_phase2_update_disable_aes(self):\n \"\"\" test removing aes \"\"\"\n phase2 = dict(\n p1_descr='test_tunnel', descr='one_p2', mode='tunnel', local='lan', remote='10.20.30.40/24',\n aes128gcm=True, aes128gcm_len='128', sha256='True')\n command = \"update ipsec_p2 'one_p2' on 'test_tunnel' set aes=False, aes_len=none\"\n self.do_module_test(phase2, command=command)\n\n def test_phase2_update_set_3des(self):\n \"\"\" test enabling 3des \"\"\"\n phase2 = dict(\n p1_descr='test_tunnel', descr='one_p2', mode='tunnel', local='lan', remote='10.20.30.40/24',\n aes='True', aes_len='128', aes128gcm=True, aes128gcm_len='128', des=True, sha256='True')\n command = \"update ipsec_p2 'one_p2' on 'test_tunnel' set des=True\"\n self.do_module_test(phase2, command=command)\n\n def test_phase2_update_remove_3des(self):\n \"\"\" test disabling 3des \"\"\"\n phase2 = dict(\n p1_descr='test_tunnel', descr='another_p2', mode='tunnel', local='lan', remote='10.20.30.50/24',\n aes='True', aes_len='128', aes128gcm=True, aes128gcm_len='128', des=False, sha256='True')\n command = \"update ipsec_p2 'another_p2' on 'test_tunnel' set des=False\"\n self.do_module_test(phase2, command=command)\n\n def test_phase2_update_remove_sha256(self):\n \"\"\" test disabling sha256 \"\"\"\n phase2 = dict(\n p1_descr='test_tunnel', descr='another_p2', mode='tunnel', local='lan', remote='10.20.30.50/24',\n aes='True', aes_len='128', aes128gcm=True, aes128gcm_len='128', des=True, sha512='True')\n command = \"update ipsec_p2 'another_p2' on 'test_tunnel' set sha256=False, sha512=True\"\n self.do_module_test(phase2, command=command)\n\n def test_phase2_update_change_address(self):\n \"\"\" test changing address \"\"\"\n phase2 = dict(\n p1_descr='test_tunnel', descr='third_p2', mode='tunnel', local='lan_100', remote='10.20.30.50/24',\n aes='True', aes_len='128', aes128gcm=True, aes128gcm_len='128', des=True, sha256='True')\n command = \"update ipsec_p2 'third_p2' on 'test_tunnel' set local='lan_100'\"\n self.do_module_test(phase2, command=command)\n\n def test_phase2_update_set_nat(self):\n \"\"\" test setting nat \"\"\"\n phase2 = dict(\n p1_descr='test_tunnel', descr='one_p2', mode='tunnel', local='lan', remote='10.20.30.40/24', nat='1.2.3.4/24',\n aes='True', aes_len='128', aes128gcm=True, aes128gcm_len='128', sha256='True')\n command = \"update ipsec_p2 'one_p2' on 'test_tunnel' set nat='1.2.3.4/24'\"\n self.do_module_test(phase2, command=command)\n\n def test_phase2_update_remove_nat(self):\n \"\"\" test removing nat \"\"\"\n phase2 = dict(\n p1_descr='test_tunnel', descr='nat_p2', mode='tunnel', local='lan', remote='1.2.3.4/24',\n aes='True', aes_len='128', aes128gcm=True, aes128gcm_len='128', sha256='True')\n command = \"update ipsec_p2 'nat_p2' on 'test_tunnel' set nat=none\"\n self.do_module_test(phase2, command=command)\n\n def test_phase2_inexistent_tunnel(self):\n \"\"\" test error with inexistent tunnel \"\"\"\n ipsec = dict(\n p1_descr='inexistent_tunnel', descr='nat_p2', mode='tunnel', local='lan', remote='1.2.3.4/24',\n aes='True', aes_len='128', aes128gcm=True, aes128gcm_len='128', sha256='True')\n msg = 'No ipsec tunnel named inexistent_tunnel'\n self.do_module_test(ipsec, msg=msg, failed=True)\n\n def test_phase2_no_encryption(self):\n \"\"\" test error with no encryption \"\"\"\n ipsec = dict(\n p1_descr='test_tunnel', descr='nat_p2', mode='tunnel', local='lan', remote='1.2.3.4/24', sha256='True')\n msg = 'At least one encryption algorithm must be selected.'\n self.do_module_test(ipsec, msg=msg, failed=True)\n\n def test_phase2_no_hash(self):\n \"\"\" test error with no hash \"\"\"\n ipsec = dict(\n p1_descr='test_tunnel', descr='nat_p2', mode='tunnel', local='lan', remote='1.2.3.4/24', cast128='True')\n msg = 'At least one hashing algorithm needs to be selected.'\n self.do_module_test(ipsec, msg=msg, failed=True)\n\n def test_phase2_vti_lan(self):\n \"\"\" test error on vti address \"\"\"\n ipsec = dict(\n p1_descr='test_tunnel', descr='nat_p2', mode='vti', local='lan', remote='1.2.3.4', cast128='True', sha256='True')\n msg = 'VTI requires a valid local network or IP address for its endpoint address.'\n self.do_module_test(ipsec, msg=msg, failed=True)\n\n def test_phase2_vti_lan2(self):\n \"\"\" test error on vti address \"\"\"\n ipsec = dict(\n p1_descr='test_tunnel', descr='nat_p2', mode='vti', local='1.2.3.4', remote='lan', cast128='True', sha256='True')\n msg = 'VTI requires a valid remote IP address for its endpoint address.'\n self.do_module_test(ipsec, msg=msg, failed=True)\n\n def test_phase2_tunnel6_remote(self):\n \"\"\" test error on tunnel6 address \"\"\"\n ipsec = dict(\n p1_descr='test_tunnel', descr='one_p2', mode='tunnel6', local='lan', remote='10.20.30.40/24',\n aes='True', aes_len='128', aes128gcm=True, aes128gcm_len='128', sha256='True')\n msg = 'A valid IPv6 address or network must be specified in remote with tunnel6.'\n self.do_module_test(ipsec, msg=msg, failed=True)\n\n def test_phase2_tunnel6_remote2(self):\n \"\"\" test error on tunnel6 address \"\"\"\n ipsec = dict(\n p1_descr='test_tunnel', descr='one_p2', mode='tunnel6', local='lan', remote='1.2.3.4',\n aes='True', aes_len='128', aes128gcm=True, aes128gcm_len='128', sha256='True')\n msg = 'A valid IPv6 address or network must be specified in remote with tunnel6.'\n self.do_module_test(ipsec, msg=msg, failed=True)\n\n def test_phase2_tunnel6_local(self):\n \"\"\" test error on tunnel6 address \"\"\"\n ipsec = dict(\n p1_descr='test_tunnel', descr='one_p2', mode='tunnel6', local='1.2.3.4/24', remote='10.20.30.40/24',\n aes='True', aes_len='128', aes128gcm=True, aes128gcm_len='128', sha256='True')\n msg = 'A valid IPv6 address or network must be specified in local with tunnel6.'\n self.do_module_test(ipsec, msg=msg, failed=True)\n\n def test_phase2_tunnel_remote(self):\n \"\"\" test error on tunnel address \"\"\"\n ipsec = dict(\n p1_descr='test_tunnel', descr='one_p2', mode='tunnel', local='lan', remote='fd69:81a5:a5:7396:0:0:0:0',\n aes='True', aes_len='128', aes128gcm=True, aes128gcm_len='128', sha256='True')\n msg = 'A valid IPv4 address or network must be specified in remote with tunnel.'\n self.do_module_test(ipsec, msg=msg, failed=True)\n\n def test_phase2_tunnel_remote2(self):\n \"\"\" test error on tunnel address \"\"\"\n ipsec = dict(\n p1_descr='test_tunnel', descr='one_p2', mode='tunnel', local='lan', remote='fd69:81a5:a5:7396:0:0:0:0/64',\n aes='True', aes_len='128', aes128gcm=True, aes128gcm_len='128', sha256='True')\n msg = 'A valid IPv4 address or network must be specified in remote with tunnel.'\n self.do_module_test(ipsec, msg=msg, failed=True)\n\n def test_phase2_tunnel_local(self):\n \"\"\" test error on tunnel address \"\"\"\n ipsec = dict(\n p1_descr='test_tunnel', descr='one_p2', mode='tunnel', local='fd69:81a5:a5:7396:0:0:0:0', remote='10.20.30.40/24',\n aes='True', aes_len='128', aes128gcm=True, aes128gcm_len='128', sha256='True')\n msg = 'A valid IPv4 address or network must be specified in local with tunnel.'\n self.do_module_test(ipsec, msg=msg, failed=True)\n\n def test_phase2_duplicate(self):\n \"\"\" test error duplicate local/remote definition \"\"\"\n phase2 = dict(\n p1_descr='test_tunnel', descr='duplicate_p2', mode='tunnel', local='lan', remote='10.20.30.40/24',\n aes='True', aes_len='128', aes128gcm=True, aes128gcm_len='128', sha256='True')\n msg = 'Phase2 with this Local/Remote networks combination is already defined for this Phase1.'\n self.do_module_test(phase2, msg=msg, failed=True)\n"
},
{
"path": "tests/unit/plugins/modules/test_pfsense_ipsec_proposal.py",
"content": "# Copyright: (c) 2018, Frederic Bor \n# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)\n\nfrom __future__ import (absolute_import, division, print_function)\n__metaclass__ = type\n\nimport pytest\nimport sys\n\nif sys.version_info < (2, 7):\n pytestmark = pytest.mark.skip(\"pfSense Ansible modules require Python >= 2.7\")\n\nfrom ansible_collections.pfsensible.core.plugins.modules import pfsense_ipsec_proposal\nfrom ansible_collections.pfsensible.core.plugins.module_utils.ipsec_proposal import PFSenseIpsecProposalModule\nfrom .pfsense_module import TestPFSenseModule\nfrom parameterized import parameterized\n\n\nclass TestPFSenseIpsecProposalModule(TestPFSenseModule):\n\n module = pfsense_ipsec_proposal\n\n def __init__(self, *args, **kwargs):\n super(TestPFSenseIpsecProposalModule, self).__init__(*args, **kwargs)\n self.pfmodule = PFSenseIpsecProposalModule\n\n def get_config_file(self):\n \"\"\" get config file \"\"\"\n if self.get_version.return_value.startswith(\"2.4.\"):\n return '2.4/pfsense_ipsec_proposal_config.xml'\n\n return 'pfsense_ipsec_proposal_config.xml'\n\n ##############\n # tests utils\n #\n def get_target_elt(self, obj, absent=False, module_result=None):\n \"\"\" get the generated proposal xml definition \"\"\"\n elt_filter = {}\n elt_filter['descr'] = obj['descr']\n\n ipsec_elt = self.assert_has_xml_tag('ipsec', elt_filter)\n if ipsec_elt is None:\n return None\n\n encryption_elt = ipsec_elt.find('encryption')\n if encryption_elt is None:\n return None\n\n for item_elt in encryption_elt:\n elt = item_elt.find('dhgroup')\n if elt is None or elt.text != str(obj['dhgroup']):\n continue\n\n elt = item_elt.find('hash-algorithm')\n if elt is None or elt.text != obj['hash']:\n continue\n\n if not self.get_version.return_value.startswith(\"2.4.\"):\n elt = item_elt.find('prf-algorithm')\n if elt is None or 'prf' not in obj and elt.text != 'sha256' and elt.text != obj['prf']:\n continue\n\n encalg_elt = item_elt.find('encryption-algorithm')\n if encalg_elt is None:\n continue\n\n elt = encalg_elt.find('name')\n if elt is None or elt.text != obj['encryption']:\n continue\n\n elt = encalg_elt.find('keylen')\n if (elt is None or elt.text == '') and obj.get('key_length') is None:\n return item_elt\n if elt is not None and elt.text == str(obj.get('key_length')):\n return item_elt\n return None\n\n def check_target_elt(self, obj, target_elt):\n \"\"\" test the xml definition of proposal elt \"\"\"\n if target_elt is None:\n self.fail('Unable to find proposal on ' + obj['descr'])\n\n def strip_commands(self, commands):\n \"\"\" remove old or new parameters \"\"\"\n if self.get_version.return_value.startswith(\"2.4.\"):\n commands = commands.replace(\", prf='sha256'\", \"\")\n return commands\n\n ##############\n # tests\n #\n @parameterized.expand([[\"2.4.4\"], [\"2.5.0\"], [\"2.5.2\"]])\n def test_ipsec_proposal_create(self, pfsense_version):\n \"\"\" test creation of a new proposal \"\"\"\n self.get_version.return_value = pfsense_version\n proposal = dict(descr='test_tunnel', encryption='aes128gcm', key_length=128, hash='sha256', dhgroup=21)\n command = \"create ipsec_proposal 'test_tunnel', encryption='aes128gcm', key_length=128, hash='sha256', dhgroup='21', prf='sha256'\"\n self.do_module_test(proposal, command=command)\n\n @parameterized.expand([[\"2.4.4\"], [\"2.5.0\"], [\"2.5.2\"]])\n def test_ipsec_proposal_create_nokeylen(self, pfsense_version):\n \"\"\" test creation of a new proposal \"\"\"\n self.get_version.return_value = pfsense_version\n proposal = dict(descr='test_tunnel2', encryption='cast128', hash='sha256', dhgroup=21)\n command = \"create ipsec_proposal 'test_tunnel2', encryption='cast128', hash='sha256', dhgroup='21', prf='sha256'\"\n self.do_module_test(proposal, command=command)\n\n @parameterized.expand([[\"2.4.4\"], [\"2.5.0\"], [\"2.5.2\"]])\n def test_ipsec_proposal_delete(self, pfsense_version):\n \"\"\" test deletion of an ipsec proposal \"\"\"\n self.get_version.return_value = pfsense_version\n proposal = dict(descr='test_tunnel', encryption='aes128gcm', key_length=128, hash='sha256', dhgroup=14, state='absent')\n command = \"delete ipsec_proposal 'test_tunnel', encryption='aes128gcm', key_length=128, hash='sha256', dhgroup='14', prf='sha256'\"\n self.do_module_test(proposal, delete=True, command=command)\n\n @parameterized.expand([[\"2.4.4\"], [\"2.5.0\"], [\"2.5.2\"]])\n def test_ipsec_proposal_update_noop(self, pfsense_version):\n \"\"\" test not updating a ipsec proposal \"\"\"\n self.get_version.return_value = pfsense_version\n proposal = dict(descr='test_tunnel', encryption='aes128gcm', key_length=128, hash='sha256', dhgroup=14)\n self.do_module_test(proposal, changed=False)\n\n def test_ipsec_proposal_wrong_keylen(self):\n \"\"\" test using a wrong key_length \"\"\"\n proposal = dict(descr='test_tunnel', encryption='aes128gcm', key_length=256, hash='sha256', dhgroup=14)\n msg = 'key_length for encryption aes128gcm must be one of: 64, 96, 128.'\n self.do_module_test(proposal, msg=msg, failed=True)\n\n def test_ipsec_proposal_wrong_tunnel(self):\n \"\"\" test using a wrong tunnel \"\"\"\n proposal = dict(descr='test_tunnel3', encryption='aes128gcm', key_length=128, hash='sha256', dhgroup=14)\n msg = 'No ipsec tunnel named test_tunnel3'\n self.do_module_test(proposal, msg=msg, failed=True)\n\n def test_ipsec_proposal_wrong_encryption(self):\n \"\"\" test using a wrong encryption \"\"\"\n proposal = dict(descr='test_tunnel2', encryption='aes128gcm', key_length=128, hash='sha256', dhgroup=14)\n msg = 'Encryption Algorithm AES-GCM can only be used with IKEv2'\n self.do_module_test(proposal, msg=msg, failed=True)\n"
},
{
"path": "tests/unit/plugins/modules/test_pfsense_log_settings.py",
"content": "# Copyright: (c) 2018, Frederic Bor \n# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)\n\nfrom __future__ import (absolute_import, division, print_function)\n__metaclass__ = type\n\nimport pytest\nimport sys\n\nif sys.version_info < (2, 7):\n pytestmark = pytest.mark.skip(\"pfSense Ansible modules require Python >= 2.7\")\n\nfrom ansible_collections.pfsensible.core.plugins.modules import pfsense_log_settings\n\nfrom .pfsense_module import TestPFSenseModule\n\n\nclass TestPFSenseLogSettingsModule(TestPFSenseModule):\n\n module = pfsense_log_settings\n\n def __init__(self, *args, **kwargs):\n super(TestPFSenseLogSettingsModule, self).__init__(*args, **kwargs)\n self.config_file = 'pfsense_syslog_config.xml'\n self.pfmodule = pfsense_log_settings.PFSenseLogSettingsModule\n self.defaults = {\n 'filterdescriptions': 1,\n 'reverse': True,\n 'nentries': 50,\n 'sourceip': None,\n 'ipproto': 'ipv4',\n }\n\n ##############\n # tests utils\n #\n def get_target_elt(self, obj, absent=False, module_result=None):\n \"\"\" get the generated xml definition \"\"\"\n return self.assert_find_xml_elt(self.xml_result, 'syslog')\n\n def check_target_elt(self, obj, target_elt):\n \"\"\" test the xml definition of target elt \"\"\"\n def check_param(param, xml_field=None):\n if obj is not None:\n if xml_field is None:\n xml_field = param\n\n if param in obj:\n # Special handling for sourceip\n # Given as ip or descr but set as internal interface id\n interface_map = {\n '192.168.240.137': 'wan',\n 'wan': 'wan',\n '192.168.1.242': 'lan',\n '10.255.2.254': '_vip5c0a4b6139b05',\n '127.0.0.1': 'lo0',\n 'Localhost': 'lo0',\n }\n if param == 'sourceip':\n self.assert_xml_elt_equal(target_elt, xml_field, interface_map.get(obj[param], obj[param]))\n else:\n self.assert_xml_elt_equal(target_elt, xml_field, obj[param])\n else:\n if param in self.defaults:\n self.assert_xml_elt_equal(target_elt, xml_field, self.defaults[param])\n else:\n self.assert_not_find_xml_elt(target_elt, xml_field)\n\n def check_bool_param(param, xml_field=None):\n if obj is not None:\n if xml_field is None:\n xml_field = param\n\n if param in obj:\n # Special handling for inverted field\n # When nologdefaultpass is present in xml, value is False\n if param == 'nologdefaultpass':\n if obj[param]:\n self.assert_not_find_xml_elt(target_elt, param)\n else:\n self.assert_xml_elt_equal(target_elt, xml_field, '')\n else:\n self.check_param_bool(obj, target_elt, param, xml_field=xml_field)\n else:\n if param in self.defaults:\n if self.defaults[param]:\n self.assert_xml_elt_equal(target_elt, xml_field, None)\n else:\n self.assert_xml_elt_is_none_or_empty(target_elt, xml_field)\n else:\n self.assert_not_find_xml_elt(target_elt, xml_field)\n\n check_param('logformat', xml_field='format')\n check_bool_param('reverse')\n check_param('nentries')\n check_bool_param('nologdefaultblock')\n check_bool_param('nologdefaultpass')\n check_bool_param('nologbogons')\n check_bool_param('nologprivatenets')\n check_bool_param('nolognginx')\n check_bool_param('rawfilter')\n check_param('filterdescriptions')\n check_bool_param('disablelocallogging')\n check_param('logfilesize')\n check_param('logcompressiontype')\n check_param('rotatecount')\n check_bool_param('enable')\n check_param('sourceip')\n check_param('ipproto')\n check_param('remoteserver')\n check_param('remoteserver2')\n check_param('remoteserver3')\n check_bool_param('logall')\n check_bool_param('system')\n check_bool_param('logfilter', xml_field='filter')\n check_bool_param('resolver')\n check_bool_param('dhcp')\n check_bool_param('ppp')\n check_bool_param('auth')\n check_bool_param('portalauth')\n check_bool_param('vpn')\n check_bool_param('dpinger')\n check_bool_param('routing')\n check_bool_param('ntpd')\n check_bool_param('hostapd')\n\n def test_syslog_logformat_rfc5424(self):\n \"\"\" test syslog format rfc5424 \"\"\"\n syslog = dict(logformat='rfc5424')\n command = \"update log_settings syslog set format='rfc5424'\"\n self.do_module_test(syslog, command=command, state=None)\n\n def test_syslog_logformat_rfc3164(self):\n \"\"\" test syslog format rfc3164 \"\"\"\n syslog = dict(logformat='rfc3164')\n command = \"update log_settings syslog set format='rfc3164'\"\n self.do_module_test(syslog, command=command, state=None)\n\n def test_syslog_logformat_invalid(self):\n \"\"\" test syslog format invalid \"\"\"\n syslog = dict(logformat='rfc1149')\n msg = 'value of logformat must be one of: rfc3164, rfc5424, got: rfc1149'\n self.do_module_test(syslog, msg=msg, state=None, failed=True)\n\n def test_syslog_reverse(self):\n \"\"\" test log_settings reverse=False \"\"\"\n syslog = dict(reverse=False)\n command = \"update log_settings syslog set reverse=False\"\n self.do_module_test(syslog, command=command, state=None)\n\n def test_syslog_reverse_true(self):\n \"\"\" test log_settings reverse=True \"\"\"\n syslog = dict(reverse=True)\n self.do_module_test(syslog, changed=False, state=None)\n\n def test_syslog_nentries_valid(self):\n \"\"\" test log_settings nentries \"\"\"\n syslog = dict(nentries='5')\n command = \"update log_settings syslog set nentries='5'\"\n self.do_module_test(syslog, command=command, state=None)\n\n def test_syslog_nentries_valid2(self):\n \"\"\" test log_settings nentries \"\"\"\n syslog = dict(nentries='500')\n command = \"update log_settings syslog set nentries='500'\"\n self.do_module_test(syslog, command=command, state=None)\n\n def test_syslog_nentries_valid3(self):\n \"\"\" test log_settings nentries \"\"\"\n syslog = dict(nentries='200000')\n command = \"update log_settings syslog set nentries='200000'\"\n self.do_module_test(syslog, command=command, state=None)\n\n def test_syslog_nentries_invalid1(self):\n \"\"\" test log_settings nentries \"\"\"\n syslog = dict(nentries='-1')\n msg = 'nentries must be an integer from 5 to 200000'\n self.do_module_test(syslog, msg=msg, state=None, failed=True)\n\n def test_syslog_nentries_invalid2(self):\n \"\"\" test log_settings nentries \"\"\"\n syslog = dict(nentries='4')\n msg = 'nentries must be an integer from 5 to 200000'\n self.do_module_test(syslog, msg=msg, state=None, failed=True)\n\n def test_syslog_nentries_invalid3(self):\n \"\"\" test log_settings nentries \"\"\"\n syslog = dict(nentries='200001')\n msg = 'nentries must be an integer from 5 to 200000'\n self.do_module_test(syslog, msg=msg, state=None, failed=True)\n\n def test_syslog_nologdefaultblock_false(self):\n \"\"\" test log_settings nologdefaultblock=False \"\"\"\n syslog = dict(nologdefaultblock=False)\n self.do_module_test(syslog, changed=False, state=None)\n\n def test_syslog_nologdefaultblock_true(self):\n \"\"\" test log_settings nologdefaultblock=True \"\"\"\n syslog = dict(nologdefaultblock=True)\n command = \"update log_settings syslog set nologdefaultblock=True\"\n self.do_module_test(syslog, command=command, state=None)\n\n def test_syslog_nologdefaultpass_false(self):\n \"\"\" test log_settings nologdefaultpass=False \"\"\"\n syslog = dict(nologdefaultpass=False)\n # different bool values are correct, logic is inverted\n command = \"update log_settings syslog set nologdefaultpass=True\"\n self.do_module_test(syslog, command=command, state=None)\n\n def test_syslog_nologdefaultpass_true(self):\n \"\"\" test log_settings nologdefaultpass=True \"\"\"\n syslog = dict(nologdefaultpass=True)\n self.do_module_test(syslog, changed=False, state=None)\n\n def test_syslog_nologbogons_false(self):\n \"\"\" test log_settings nologbogons=False \"\"\"\n syslog = dict(nologbogons=False)\n self.do_module_test(syslog, changed=False, state=None)\n\n def test_syslog_nologbogons_true(self):\n \"\"\" test log_settings nologbogons=True \"\"\"\n syslog = dict(nologbogons=True)\n command = \"update log_settings syslog set nologbogons=True\"\n self.do_module_test(syslog, command=command, state=None)\n\n def test_syslog_nologprivatenets_false(self):\n \"\"\" test log_settings nologprivatenets=False \"\"\"\n syslog = dict(nologprivatenets=False)\n self.do_module_test(syslog, changed=False, state=None)\n\n def test_syslog_nologprivatenets_true(self):\n \"\"\" test log_settings nologprivatenets=True \"\"\"\n syslog = dict(nologprivatenets=True)\n command = \"update log_settings syslog set nologprivatenets=True\"\n self.do_module_test(syslog, command=command, state=None)\n\n def test_syslog_nolognginx_false(self):\n \"\"\" test log_settings nolognginx=False \"\"\"\n syslog = dict(nolognginx=False)\n self.do_module_test(syslog, changed=False, state=None)\n\n def test_syslog_nolognginx_true(self):\n \"\"\" test log_settings nolognginx=True \"\"\"\n syslog = dict(nolognginx=True)\n command = \"update log_settings syslog set nolognginx=True\"\n self.do_module_test(syslog, command=command, state=None)\n\n def test_syslog_rawfilter_false(self):\n \"\"\" test log_settings rawfilter=False \"\"\"\n syslog = dict(rawfilter=False)\n self.do_module_test(syslog, changed=False, state=None)\n\n def test_syslog_rawfilter_true(self):\n \"\"\" test log_settings rawfilter=True \"\"\"\n syslog = dict(rawfilter=True)\n command = \"update log_settings syslog set rawfilter=True\"\n self.do_module_test(syslog, command=command, state=None)\n\n def test_syslog_filterdescriptions_valid0(self):\n \"\"\" test log_settings filterdescriptions = 0 \"\"\"\n syslog = dict(filterdescriptions='0')\n command = \"update log_settings syslog set filterdescriptions='0'\"\n self.do_module_test(syslog, command=command, state=None)\n\n def test_syslog_filterdescriptions_valid1(self):\n \"\"\" test log_settings filterdescriptions = 1 \"\"\"\n syslog = dict(filterdescriptions='1')\n self.do_module_test(syslog, changed=False, state=None)\n\n def test_syslog_filterdescriptions_valid2(self):\n \"\"\" test log_settings filterdescriptions = 2 \"\"\"\n syslog = dict(filterdescriptions='2')\n command = \"update log_settings syslog set filterdescriptions='2'\"\n self.do_module_test(syslog, command=command, state=None)\n\n def test_syslog_filterdescriptions_invalid3(self):\n \"\"\" test log_settings filterdescriptions = 3 \"\"\"\n syslog = dict(filterdescriptions='3')\n msg = \"value of filterdescriptions must be one of: 0, 1, 2, got: 3\"\n self.do_module_test(syslog, msg=msg, state=None, failed=True)\n\n def test_syslog_disablelocallogging_false(self):\n \"\"\" test log_settings disablelocallogging=False \"\"\"\n syslog = dict(disablelocallogging=False)\n self.do_module_test(syslog, changed=False, state=None)\n\n def test_syslog_disablelocallogging_true(self):\n \"\"\" test log_settings disablelocallogging=True \"\"\"\n syslog = dict(disablelocallogging=True)\n command = \"update log_settings syslog set disablelocallogging=True\"\n self.do_module_test(syslog, command=command, state=None)\n\n def test_syslog_logfilesize_valid1(self):\n \"\"\" test log_settings logfilesize \"\"\"\n syslog = dict(logfilesize='512000')\n command = \"update log_settings syslog set logfilesize='512000'\"\n self.do_module_test(syslog, command=command, state=None)\n\n def test_syslog_logfilesize_valid2(self):\n \"\"\" test log_settings logfilesize \"\"\"\n syslog = dict(logfilesize='100000')\n command = \"update log_settings syslog set logfilesize='100000'\"\n self.do_module_test(syslog, command=command, state=None)\n\n def test_syslog_logfilesize_valid3(self):\n \"\"\" test log_settings logfilesize \"\"\"\n syslog = dict(logfilesize=int((2**32) / 2) - 1)\n command = \"update log_settings syslog set logfilesize='2147483647'\"\n self.do_module_test(syslog, command=command, state=None)\n\n def test_syslog_logfilesize_invalid1(self):\n \"\"\" test log_settings logfilesize \"\"\"\n syslog = dict(logfilesize='-1')\n msg = 'logfilesize must be an integer greater or equal than 100000'\n self.do_module_test(syslog, msg=msg, state=None, failed=True)\n\n def test_syslog_logfilesize_invalid2(self):\n \"\"\" test log_settings logfilesize \"\"\"\n syslog = dict(logfilesize='99999')\n msg = 'logfilesize must be an integer greater or equal than 100000'\n self.do_module_test(syslog, msg=msg, state=None, failed=True)\n\n def test_syslog_logfilesize_invalid3(self):\n \"\"\" test log_settings logfilesize \"\"\"\n syslog = dict(logfilesize='0')\n msg = 'logfilesize must be an integer greater or equal than 100000'\n self.do_module_test(syslog, msg=msg, state=None, failed=True)\n\n def test_syslog_logfilesize_invalid4(self):\n \"\"\" test log_settings logfilesize \"\"\"\n syslog = dict(logfilesize=int(((2**32) / 2) + 1))\n msg = 'logfilesize is too large: 2147483649'\n self.do_module_test(syslog, msg=msg, state=None, failed=True)\n\n def test_syslog_logcompressiontype_valid_xz(self):\n \"\"\" test syslog logcompression = xz \"\"\"\n syslog = dict(logcompressiontype='xz')\n command = \"update log_settings syslog set logcompressiontype='xz'\"\n self.do_module_test(syslog, command=command, state=None)\n\n def test_syslog_logcompressiontype_valid_gzip(self):\n \"\"\" test syslog logcompression = gzip \"\"\"\n syslog = dict(logcompressiontype='gzip')\n command = \"update log_settings syslog set logcompressiontype='gzip'\"\n self.do_module_test(syslog, command=command, state=None)\n\n def test_syslog_rotatecount_valid0(self):\n \"\"\" test log_settings rotatecount \"\"\"\n syslog = dict(rotatecount='0')\n command = \"update log_settings syslog set rotatecount='0'\"\n self.do_module_test(syslog, command=command, state=None)\n\n def test_syslog_rotatecount_valid1(self):\n \"\"\" test log_settings rotatecount \"\"\"\n syslog = dict(rotatecount='7')\n command = \"update log_settings syslog set rotatecount='7'\"\n self.do_module_test(syslog, command=command, state=None)\n\n def test_syslog_rotatecount_valid2(self):\n \"\"\" test log_settings rotatecount \"\"\"\n syslog = dict(rotatecount='31')\n command = \"update log_settings syslog set rotatecount='31'\"\n self.do_module_test(syslog, command=command, state=None)\n\n def test_syslog_rotatecount_valid3(self):\n \"\"\" test log_settings rotatecount \"\"\"\n syslog = dict(rotatecount='99')\n command = \"update log_settings syslog set rotatecount='99'\"\n self.do_module_test(syslog, command=command, state=None)\n\n def test_syslog_rotatecount_invalid1(self):\n \"\"\" test log_settings rotatecount \"\"\"\n syslog = dict(rotatecount='-1')\n msg = 'rotatecount must be an integer from 0 to 99'\n self.do_module_test(syslog, msg=msg, state=None, failed=True)\n\n def test_syslog_rotatecount_invalid2(self):\n \"\"\" test log_settings rotatecount \"\"\"\n syslog = dict(rotatecount='100')\n msg = 'rotatecount must be an integer from 0 to 99'\n self.do_module_test(syslog, msg=msg, state=None, failed=True)\n\n def test_syslog_enable_true(self):\n \"\"\" test syslog format enable=true \"\"\"\n syslog = dict(enable=True, remoteserver='1.2.3.4', logall=True)\n command = \"update log_settings syslog set enable=True, remoteserver='1.2.3.4', logall=True\"\n self.do_module_test(syslog, command=command, state=None)\n\n def test_syslog_enable_false(self):\n \"\"\" test syslog format logall=false \"\"\"\n syslog = dict(enable=False)\n self.do_module_test(syslog, changed=False, state=None)\n\n def test_syslog_ipproto_ipv4(self):\n \"\"\" test syslog ipproto ipv4 \"\"\"\n syslog = dict(ipproto='ipv4')\n command = \"update log_settings syslog set ipproto='ipv4'\"\n self.do_module_test(syslog, command=command, state=None, changed=False)\n\n def test_syslog_ipproto_ipv6(self):\n \"\"\" test syslog ipproto ipv6 \"\"\"\n syslog = dict(ipproto='ipv6')\n command = \"update log_settings syslog set ipproto='ipv6'\"\n self.do_module_test(syslog, command=command, state=None)\n\n def test_syslog_sourceip_wan_ip(self):\n \"\"\" test log_settings sourceip=wan \"\"\"\n syslog = dict(enable=True, remoteserver='1.2.3.4', logall=True, sourceip='192.168.240.137')\n command = \"update log_settings syslog set enable=True, sourceip='wan', remoteserver='1.2.3.4', logall=True\"\n self.do_module_test(syslog, command=command, state=None)\n\n def test_syslog_sourceip_wan_descr(self):\n \"\"\" test log_settings sourceip=wan \"\"\"\n syslog = dict(enable=True, remoteserver='1.2.3.4', logall=True, sourceip='wan')\n command = \"update log_settings syslog set enable=True, sourceip='wan', remoteserver='1.2.3.4', logall=True\"\n self.do_module_test(syslog, command=command, state=None)\n\n def test_syslog_sourceip_lan(self):\n \"\"\" test log_settings sourceip=lan \"\"\"\n syslog = dict(enable=True, remoteserver='1.2.3.4', logall=True, sourceip='192.168.1.242')\n command = \"update log_settings syslog set enable=True, sourceip='lan', remoteserver='1.2.3.4', logall=True\"\n self.do_module_test(syslog, command=command, state=None)\n\n def test_syslog_sourceip_lo0(self):\n \"\"\" test log_settings sourceip=lan \"\"\"\n syslog = dict(enable=True, remoteserver='1.2.3.4', logall=True, sourceip='127.0.0.1')\n command = \"update log_settings syslog set enable=True, sourceip='lo0', remoteserver='1.2.3.4', logall=True\"\n self.do_module_test(syslog, command=command, state=None)\n\n def test_syslog_sourceip_descr(self):\n \"\"\" test log_settings sourceip=lan \"\"\"\n syslog = dict(enable=True, remoteserver='1.2.3.4', logall=True, sourceip='Localhost')\n command = \"update log_settings syslog set enable=True, sourceip='lo0', remoteserver='1.2.3.4', logall=True\"\n self.do_module_test(syslog, command=command, state=None)\n\n def test_syslog_sourceip_valid_empty(self):\n \"\"\" test log_settings sourceip='' \"\"\"\n syslog = dict(enable=True, remoteserver='1.2.3.4', logall=True, sourceip=None)\n command = \"update log_settings syslog set enable=True, remoteserver='1.2.3.4', logall=True\"\n self.do_module_test(syslog, command=command, state=None)\n\n def test_syslog_sourceip_valid_vip_ip(self):\n \"\"\" test log_settings sourceip=_vip5c0a4b6139b05 \"\"\"\n syslog = dict(enable=True, remoteserver='1.2.3.4', logall=True, sourceip='10.255.2.254')\n command = \"update log_settings syslog set enable=True, sourceip='_vip5c0a4b6139b05', remoteserver='1.2.3.4', logall=True\"\n self.do_module_test(syslog, command=command, state=None)\n\n def test_syslog_sourceip_invalid_vip(self):\n \"\"\" test log_settings sourceip=_vip5c0a4b6139b06 \"\"\"\n syslog = dict(enable=True, remoteserver='1.2.3.4', logall=True, sourceip='_vip5c0a4b6139b05')\n msg = \"sourceip: Invalid address _vip5c0a4b6139b05!\"\n self.do_module_test(syslog, msg=msg, state=None, failed=True)\n\n def test_syslog_sourceip_invalid_opt4(self):\n \"\"\" test log_settings sourceip=opt4 \"\"\"\n syslog = dict(enable=True, remoteserver='1.2.3.4', logall=True, sourceip='opt4')\n msg = \"sourceip: Invalid address opt4!\"\n self.do_module_test(syslog, msg=msg, state=None, failed=True)\n\n def test_syslog_remoteserver_hostname(self):\n \"\"\" test log_settings remoteserver_hostname \"\"\"\n syslog = dict(enable=True, remoteserver='2001:0db8:cafe:affe:0000:0000:0000:0001', logall=True)\n command = \"update log_settings syslog set enable=True, remoteserver='2001:0db8:cafe:affe:0000:0000:0000:0001', logall=True\"\n self.do_module_test(syslog, command=command, state=None)\n\n def test_syslog_remoteserver_fqdn(self):\n \"\"\" test log_settings remoteserver_fqdn \"\"\"\n syslog = dict(enable=True, remoteserver='logserver.example.com', logall=True)\n command = \"update log_settings syslog set enable=True, remoteserver='logserver.example.com', logall=True\"\n self.do_module_test(syslog, command=command, state=None)\n\n def test_syslog_remoteserver_fqdn_port(self):\n \"\"\" test log_settings remoteserver_fqdn_port \"\"\"\n syslog = dict(enable=True, remoteserver='logserver.example.com:514', logall=True)\n command = \"update log_settings syslog set enable=True, remoteserver='logserver.example.com:514', logall=True\"\n self.do_module_test(syslog, command=command, state=None)\n\n def test_syslog_remoteserver_ipv6(self):\n \"\"\" test log_settings remoteserver_ipv6 \"\"\"\n syslog = dict(enable=True, remoteserver='2001:0db8:cafe:affe:0000:0000:0000:0001', logall=True)\n command = \"update log_settings syslog set enable=True, remoteserver='2001:0db8:cafe:affe:0000:0000:0000:0001', logall=True\"\n self.do_module_test(syslog, command=command, state=None)\n\n def test_syslog_remoteserver_ipv6_port(self):\n \"\"\" test log_settings remoteserver_ipv6 \"\"\"\n syslog = dict(enable=True, remoteserver='[2001:0db8:cafe:affe:0000:0000:0000:0001]:514', logall=True)\n command = \"update log_settings syslog set enable=True, remoteserver='[2001:0db8:cafe:affe:0000:0000:0000:0001]:514', logall=True\"\n self.do_module_test(syslog, command=command, state=None)\n\n def test_syslog_remoteserver_ipv4_invalid_port1(self):\n \"\"\" test log_settings remoteserver_ipv4_invalid_port1 \"\"\"\n syslog = dict(enable=True, remoteserver='1234:0', logall=True)\n msg = \"Invalid port 0\"\n self.do_module_test(syslog, msg=msg, state=None, failed=True)\n\n def test_syslog_remoteserver_ipv4_invalid_port2(self):\n \"\"\" test log_settings remoteserver_ipv4_invalid_port1 \"\"\"\n syslog = dict(enable=True, remoteserver='1234:65536', logall=True)\n msg = \"Invalid port 65536\"\n self.do_module_test(syslog, msg=msg, state=None, failed=True)\n\n def test_syslog_ipproto_invalid(self):\n \"\"\" test syslog ipproto invalid \"\"\"\n syslog = dict(ipproto='ipv5')\n msg = 'value of ipproto must be one of: ipv4, ipv6, got: ipv5'\n self.do_module_test(syslog, msg=msg, state=None, failed=True)\n\n def test_syslog_logall_true(self):\n \"\"\" test syslog format logall=true \"\"\"\n syslog = dict(enable=True, remoteserver='1.2.3.4', logall=True)\n command = \"update log_settings syslog set enable=True, remoteserver='1.2.3.4', logall=True\"\n self.do_module_test(syslog, command=command, state=None)\n\n def test_syslog_logall_false(self):\n \"\"\" test syslog format logall=false \"\"\"\n syslog = dict(enable=True, remoteserver='1.2.3.4', logall=False)\n command = \"update log_settings syslog set enable=True, remoteserver='1.2.3.4'\"\n self.do_module_test(syslog, command=command, state=None)\n\n def test_syslog_system_true(self):\n \"\"\" test syslog format system=true \"\"\"\n syslog = dict(enable=True, remoteserver='1.2.3.4', system=True)\n command = \"update log_settings syslog set enable=True, remoteserver='1.2.3.4', system=True\"\n self.do_module_test(syslog, command=command, state=None)\n\n def test_syslog_system_false(self):\n \"\"\" test syslog format system=false \"\"\"\n syslog = dict(enable=True, remoteserver='1.2.3.4', system=False)\n command = \"update log_settings syslog set enable=True, remoteserver='1.2.3.4'\"\n self.do_module_test(syslog, command=command, state=None)\n\n def test_syslog_system_invalid_with_logall(self):\n \"\"\" test syslog format system=true, logall=true \"\"\"\n syslog = dict(enable=True, remoteserver='1.2.3.4', logall=True, system=True)\n msg = 'system = True is invalid when logall is True'\n self.do_module_test(syslog, msg=msg, state=None, failed=True)\n\n def test_syslog_system_valid_with_logall(self):\n \"\"\" test syslog format system=true, logall=false \"\"\"\n syslog = dict(enable=True, remoteserver='1.2.3.4', logall=False, system=True)\n command = \"update log_settings syslog set enable=True, remoteserver='1.2.3.4', system=True\"\n self.do_module_test(syslog, command=command, state=None)\n\n def test_syslog_logfilter_true(self):\n \"\"\" test syslog format logfilter=true \"\"\"\n syslog = dict(enable=True, remoteserver='1.2.3.4', logfilter=True)\n command = \"update log_settings syslog set enable=True, remoteserver='1.2.3.4', filter=True\"\n self.do_module_test(syslog, command=command, state=None)\n\n def test_syslog_logfilter_false(self):\n \"\"\" test syslog format logfilter=false \"\"\"\n syslog = dict(enable=True, remoteserver='1.2.3.4', logfilter=False)\n command = \"update log_settings syslog set enable=True, remoteserver='1.2.3.4'\"\n self.do_module_test(syslog, command=command, state=None)\n\n def test_syslog_logfilter_invalid_with_logall(self):\n \"\"\" test syslog format logfilter=true, logall=true \"\"\"\n syslog = dict(enable=True, remoteserver='1.2.3.4', logall=True, logfilter=True)\n msg = 'logfilter = True is invalid when logall is True'\n self.do_module_test(syslog, msg=msg, state=None, failed=True)\n\n def test_syslog_logfilter_valid_with_logall(self):\n \"\"\" test syslog format logfilter=true, logall=false \"\"\"\n syslog = dict(enable=True, remoteserver='1.2.3.4', logall=False, logfilter=True)\n command = \"update log_settings syslog set enable=True, remoteserver='1.2.3.4', filter=True\"\n self.do_module_test(syslog, command=command, state=None)\n\n def test_syslog_resolver_true(self):\n \"\"\" test syslog format resolver=true \"\"\"\n syslog = dict(enable=True, remoteserver='1.2.3.4', resolver=True)\n command = \"update log_settings syslog set enable=True, remoteserver='1.2.3.4', resolver=True\"\n self.do_module_test(syslog, command=command, state=None)\n\n def test_syslog_resolver_false(self):\n \"\"\" test syslog format resolver=false \"\"\"\n syslog = dict(enable=True, remoteserver='1.2.3.4', resolver=False)\n command = \"update log_settings syslog set enable=True, remoteserver='1.2.3.4'\"\n self.do_module_test(syslog, command=command, state=None)\n\n def test_syslog_resolver_invalid_with_logall(self):\n \"\"\" test syslog format resolver=true, logall=true \"\"\"\n syslog = dict(enable=True, remoteserver='1.2.3.4', logall=True, resolver=True)\n msg = 'resolver = True is invalid when logall is True'\n self.do_module_test(syslog, msg=msg, state=None, failed=True)\n\n def test_syslog_resolver_valid_with_logall(self):\n \"\"\" test syslog format resolver=true, logall=false \"\"\"\n syslog = dict(enable=True, remoteserver='1.2.3.4', logall=False, resolver=True)\n command = \"update log_settings syslog set enable=True, remoteserver='1.2.3.4', resolver=True\"\n self.do_module_test(syslog, command=command, state=None)\n\n def test_syslog_dhcp_true(self):\n \"\"\" test syslog format dhcp=true \"\"\"\n syslog = dict(enable=True, remoteserver='1.2.3.4', dhcp=True)\n command = \"update log_settings syslog set enable=True, remoteserver='1.2.3.4', dhcp=True\"\n self.do_module_test(syslog, command=command, state=None)\n\n def test_syslog_dhcp_false(self):\n \"\"\" test syslog format dhcp=false \"\"\"\n syslog = dict(enable=True, remoteserver='1.2.3.4', dhcp=False)\n command = \"update log_settings syslog set enable=True, remoteserver='1.2.3.4'\"\n self.do_module_test(syslog, command=command, state=None)\n\n def test_syslog_dhcp_invalid_with_logall(self):\n \"\"\" test syslog format dhcp=true, logall=true \"\"\"\n syslog = dict(enable=True, remoteserver='1.2.3.4', logall=True, dhcp=True)\n msg = 'dhcp = True is invalid when logall is True'\n self.do_module_test(syslog, msg=msg, state=None, failed=True)\n\n def test_syslog_dhcp_valid_with_logall(self):\n \"\"\" test syslog format dhcp=true, logall=false \"\"\"\n syslog = dict(enable=True, remoteserver='1.2.3.4', logall=False, dhcp=True)\n command = \"update log_settings syslog set enable=True, remoteserver='1.2.3.4', dhcp=True\"\n self.do_module_test(syslog, command=command, state=None)\n\n def test_syslog_ppp_true(self):\n \"\"\" test syslog format ppp=true \"\"\"\n syslog = dict(enable=True, remoteserver='1.2.3.4', ppp=True)\n command = \"update log_settings syslog set enable=True, remoteserver='1.2.3.4', ppp=True\"\n self.do_module_test(syslog, command=command, state=None)\n\n def test_syslog_ppp_false(self):\n \"\"\" test syslog format ppp=false \"\"\"\n syslog = dict(enable=True, remoteserver='1.2.3.4', ppp=False)\n command = \"update log_settings syslog set enable=True, remoteserver='1.2.3.4'\"\n self.do_module_test(syslog, command=command, state=None)\n\n def test_syslog_ppp_invalid_with_logall(self):\n \"\"\" test syslog format ppp=true, logall=true \"\"\"\n syslog = dict(enable=True, remoteserver='1.2.3.4', logall=True, ppp=True)\n msg = 'ppp = True is invalid when logall is True'\n self.do_module_test(syslog, msg=msg, state=None, failed=True)\n\n def test_syslog_ppp_valid_with_logall(self):\n \"\"\" test syslog format ppp=true, logall=false \"\"\"\n syslog = dict(enable=True, remoteserver='1.2.3.4', logall=False, ppp=True)\n command = \"update log_settings syslog set enable=True, remoteserver='1.2.3.4', ppp=True\"\n self.do_module_test(syslog, command=command, state=None)\n\n def test_syslog_auth_true(self):\n \"\"\" test syslog format auth=true \"\"\"\n syslog = dict(enable=True, remoteserver='1.2.3.4', auth=True)\n command = \"update log_settings syslog set enable=True, remoteserver='1.2.3.4', auth=True\"\n self.do_module_test(syslog, command=command, state=None)\n\n def test_syslog_auth_false(self):\n \"\"\" test syslog format auth=false \"\"\"\n syslog = dict(enable=True, remoteserver='1.2.3.4', auth=False)\n command = \"update log_settings syslog set enable=True, remoteserver='1.2.3.4'\"\n self.do_module_test(syslog, command=command, state=None)\n\n def test_syslog_auth_invalid_with_logall(self):\n \"\"\" test syslog format auth=true, logall=true \"\"\"\n syslog = dict(enable=True, remoteserver='1.2.3.4', logall=True, auth=True)\n msg = 'auth = True is invalid when logall is True'\n self.do_module_test(syslog, msg=msg, state=None, failed=True)\n\n def test_syslog_auth_valid_with_logall(self):\n \"\"\" test syslog format auth=true, logall=false \"\"\"\n syslog = dict(enable=True, remoteserver='1.2.3.4', logall=False, auth=True)\n command = \"update log_settings syslog set enable=True, remoteserver='1.2.3.4', auth=True\"\n self.do_module_test(syslog, command=command, state=None)\n\n def test_syslog_portalauth_true(self):\n \"\"\" test syslog format portalauth=true \"\"\"\n syslog = dict(enable=True, remoteserver='1.2.3.4', portalauth=True)\n command = \"update log_settings syslog set enable=True, remoteserver='1.2.3.4', portalauth=True\"\n self.do_module_test(syslog, command=command, state=None)\n\n def test_syslog_portalauth_false(self):\n \"\"\" test syslog format portalauth=false \"\"\"\n syslog = dict(enable=True, remoteserver='1.2.3.4', portalauth=False)\n command = \"update log_settings syslog set enable=True, remoteserver='1.2.3.4'\"\n self.do_module_test(syslog, command=command, state=None)\n\n def test_syslog_portalauth_invalid_with_logall(self):\n \"\"\" test syslog format portalauth=true, logall=true \"\"\"\n syslog = dict(enable=True, remoteserver='1.2.3.4', logall=True, portalauth=True)\n msg = 'portalauth = True is invalid when logall is True'\n self.do_module_test(syslog, msg=msg, state=None, failed=True)\n\n def test_syslog_portalauth_valid_with_logall(self):\n \"\"\" test syslog format portalauth=true, logall=false \"\"\"\n syslog = dict(enable=True, remoteserver='1.2.3.4', logall=False, portalauth=True)\n command = \"update log_settings syslog set enable=True, remoteserver='1.2.3.4', portalauth=True\"\n self.do_module_test(syslog, command=command, state=None)\n\n def test_syslog_vpn_true(self):\n \"\"\" test syslog format vpn=true \"\"\"\n syslog = dict(enable=True, remoteserver='1.2.3.4', vpn=True)\n command = \"update log_settings syslog set enable=True, remoteserver='1.2.3.4', vpn=True\"\n self.do_module_test(syslog, command=command, state=None)\n\n def test_syslog_vpn_false(self):\n \"\"\" test syslog format vpn=false \"\"\"\n syslog = dict(enable=True, remoteserver='1.2.3.4', vpn=False)\n command = \"update log_settings syslog set enable=True, remoteserver='1.2.3.4'\"\n self.do_module_test(syslog, command=command, state=None)\n\n def test_syslog_vpn_invalid_with_logall(self):\n \"\"\" test syslog format vpn=true, logall=true \"\"\"\n syslog = dict(enable=True, remoteserver='1.2.3.4', logall=True, vpn=True)\n msg = 'vpn = True is invalid when logall is True'\n self.do_module_test(syslog, msg=msg, state=None, failed=True)\n\n def test_syslog_vpn_valid_with_logall(self):\n \"\"\" test syslog format vpn=true, logall=false \"\"\"\n syslog = dict(enable=True, remoteserver='1.2.3.4', logall=False, vpn=True)\n command = \"update log_settings syslog set enable=True, remoteserver='1.2.3.4', vpn=True\"\n self.do_module_test(syslog, command=command, state=None)\n\n def test_syslog_dpinger_true(self):\n \"\"\" test syslog format dpinger=true \"\"\"\n syslog = dict(enable=True, remoteserver='1.2.3.4', dpinger=True)\n command = \"update log_settings syslog set enable=True, remoteserver='1.2.3.4', dpinger=True\"\n self.do_module_test(syslog, command=command, state=None)\n\n def test_syslog_dpinger_false(self):\n \"\"\" test syslog format dpinger=false \"\"\"\n syslog = dict(enable=True, remoteserver='1.2.3.4', dpinger=False)\n command = \"update log_settings syslog set enable=True, remoteserver='1.2.3.4'\"\n self.do_module_test(syslog, command=command, state=None)\n\n def test_syslog_dpinger_invalid_with_logall(self):\n \"\"\" test syslog format dpinger=true, logall=true \"\"\"\n syslog = dict(enable=True, remoteserver='1.2.3.4', logall=True, dpinger=True)\n msg = 'dpinger = True is invalid when logall is True'\n self.do_module_test(syslog, msg=msg, state=None, failed=True)\n\n def test_syslog_dpinger_valid_with_logall(self):\n \"\"\" test syslog format dpinger=true, logall=false \"\"\"\n syslog = dict(enable=True, remoteserver='1.2.3.4', logall=False, dpinger=True)\n command = \"update log_settings syslog set enable=True, remoteserver='1.2.3.4', dpinger=True\"\n self.do_module_test(syslog, command=command, state=None)\n\n def test_syslog_routing_true(self):\n \"\"\" test syslog format routing=true \"\"\"\n syslog = dict(enable=True, remoteserver='1.2.3.4', routing=True)\n command = \"update log_settings syslog set enable=True, remoteserver='1.2.3.4', routing=True\"\n self.do_module_test(syslog, command=command, state=None)\n\n def test_syslog_routing_false(self):\n \"\"\" test syslog format routing=false \"\"\"\n syslog = dict(enable=True, remoteserver='1.2.3.4', routing=False)\n command = \"update log_settings syslog set enable=True, remoteserver='1.2.3.4'\"\n self.do_module_test(syslog, command=command, state=None)\n\n def test_syslog_routing_invalid_with_logall(self):\n \"\"\" test syslog format routing=true, logall=true \"\"\"\n syslog = dict(enable=True, remoteserver='1.2.3.4', logall=True, routing=True)\n msg = 'routing = True is invalid when logall is True'\n self.do_module_test(syslog, msg=msg, state=None, failed=True)\n\n def test_syslog_routing_valid_with_logall(self):\n \"\"\" test syslog format routing=true, logall=false \"\"\"\n syslog = dict(enable=True, remoteserver='1.2.3.4', logall=False, routing=True)\n command = \"update log_settings syslog set enable=True, remoteserver='1.2.3.4', routing=True\"\n self.do_module_test(syslog, command=command, state=None)\n\n def test_syslog_ntpd_true(self):\n \"\"\" test syslog format ntpd=true \"\"\"\n syslog = dict(enable=True, remoteserver='1.2.3.4', ntpd=True)\n command = \"update log_settings syslog set enable=True, remoteserver='1.2.3.4', ntpd=True\"\n self.do_module_test(syslog, command=command, state=None)\n\n def test_syslog_ntpd_false(self):\n \"\"\" test syslog format ntpd=false \"\"\"\n syslog = dict(enable=True, remoteserver='1.2.3.4', ntpd=False)\n command = \"update log_settings syslog set enable=True, remoteserver='1.2.3.4'\"\n self.do_module_test(syslog, command=command, state=None)\n\n def test_syslog_ntpd_invalid_with_logall(self):\n \"\"\" test syslog format ntpd=true, logall=true \"\"\"\n syslog = dict(enable=True, remoteserver='1.2.3.4', logall=True, ntpd=True)\n msg = 'ntpd = True is invalid when logall is True'\n self.do_module_test(syslog, msg=msg, state=None, failed=True)\n\n def test_syslog_ntpd_valid_with_logall(self):\n \"\"\" test syslog format ntpd=true, logall=false \"\"\"\n syslog = dict(enable=True, remoteserver='1.2.3.4', logall=False, ntpd=True)\n command = \"update log_settings syslog set enable=True, remoteserver='1.2.3.4', ntpd=True\"\n self.do_module_test(syslog, command=command, state=None)\n\n def test_syslog_hostapd_true(self):\n \"\"\" test syslog format hostapd=true \"\"\"\n syslog = dict(enable=True, remoteserver='1.2.3.4', hostapd=True)\n command = \"update log_settings syslog set enable=True, remoteserver='1.2.3.4', hostapd=True\"\n self.do_module_test(syslog, command=command, state=None)\n\n def test_syslog_hostapd_false(self):\n \"\"\" test syslog format hostapd=false \"\"\"\n syslog = dict(enable=True, remoteserver='1.2.3.4', hostapd=False)\n command = \"update log_settings syslog set enable=True, remoteserver='1.2.3.4'\"\n self.do_module_test(syslog, command=command, state=None)\n\n def test_syslog_hostapd_invalid_with_logall(self):\n \"\"\" test syslog format hostapd=true, logall=true \"\"\"\n syslog = dict(enable=True, remoteserver='1.2.3.4', logall=True, hostapd=True)\n msg = 'hostapd = True is invalid when logall is True'\n self.do_module_test(syslog, msg=msg, state=None, failed=True)\n\n def test_syslog_hostapd_valid_with_logall(self):\n \"\"\" test syslog format hostapd=true, logall=false \"\"\"\n syslog = dict(enable=True, remoteserver='1.2.3.4', logall=False, hostapd=True)\n command = \"update log_settings syslog set enable=True, remoteserver='1.2.3.4', hostapd=True\"\n self.do_module_test(syslog, command=command, state=None)\n"
},
{
"path": "tests/unit/plugins/modules/test_pfsense_nat_outbound.py",
"content": "# Copyright: (c) 2018, Frederic Bor \n# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)\n\nfrom __future__ import (absolute_import, division, print_function)\n__metaclass__ = type\n\nimport pytest\nimport sys\n\nif sys.version_info < (2, 7):\n pytestmark = pytest.mark.skip(\"pfSense Ansible modules require Python >= 2.7\")\n\nfrom ansible_collections.pfsensible.core.plugins.modules import pfsense_nat_outbound\nfrom ansible_collections.pfsensible.core.plugins.module_utils.nat_outbound import PFSenseNatOutboundModule\nfrom .pfsense_module import TestPFSenseModule\nfrom ipaddress import ip_address, IPv4Address\n\n\nclass TestPFSenseNatOutboundModule(TestPFSenseModule):\n\n module = pfsense_nat_outbound\n\n def __init__(self, *args, **kwargs):\n super(TestPFSenseNatOutboundModule, self).__init__(*args, **kwargs)\n self.config_file = 'pfsense_nat_outbound.xml'\n self.pfmodule = PFSenseNatOutboundModule\n\n @staticmethod\n def is_ipv4_address(address):\n \"\"\" test if address is a valid ipv4 address \"\"\"\n try:\n addr = ip_address(u'{0}'.format(address))\n return isinstance(addr, IPv4Address)\n except ValueError:\n pass\n return False\n\n def parse_address(self, name, addr, field, invert=False):\n \"\"\" return address parsed in dict \"\"\"\n parts = addr.split(':')\n res = {}\n port = None\n if parts[0] == 'NET':\n res[field] = parts[1]\n if len(parts) > 2:\n port = parts[2].replace('-', ':')\n else:\n if parts[0] == 'any':\n if name == 'source':\n res[field] = 'any'\n else:\n res['any'] = None\n elif parts[0] == '(self)':\n res[field] = '(self)'\n elif parts[0] in ['lan', 'vpn', 'vt1', 'lan_100']:\n res[field] = self.unalias_interface(parts[0])\n else:\n res[field] = parts[0]\n\n if field in res and self.is_ipv4_address(res[field]) and res[field].find('/') == -1:\n res[field] += '/32'\n\n if len(parts) > 1:\n port = parts[1].replace('-', ':')\n if invert:\n res['not'] = None\n\n return (res, port)\n\n @staticmethod\n def reparse_network(value):\n if value == '1.2.3.4/24':\n return '1.2.3.0/24'\n elif value == '2.3.4.5/24':\n return '2.3.4.0/24'\n return value\n\n def check_addr(self, params, target_elt, addr, field, port, invert=False):\n \"\"\" test the addresses definition \"\"\"\n (addr_dict, port_value) = self.parse_address(addr, params[addr], field, invert=invert)\n addr_elt = self.assert_find_xml_elt(target_elt, addr)\n for key, value in addr_dict.items():\n self.check_value_equal(addr_elt, key, self.reparse_network(value))\n # self.assert_xml_elt_equal(addr_elt, key, value)\n for item_elt in addr_elt:\n self.assertTrue(item_elt.tag in addr_dict)\n\n self.check_value_equal(target_elt, port, port_value, port == 'sourceport')\n\n def check_target_addr(self, params, target_elt):\n \"\"\" test the addresses definition \"\"\"\n if 'address' not in params or params['address'] == '':\n self.assert_xml_elt_is_none_or_empty(target_elt, 'target')\n self.assert_xml_elt_is_none_or_empty(target_elt, 'target_subnet')\n self.assert_not_find_xml_elt(target_elt, 'natport')\n elif params['address'] == '4.5.6.7:888-999':\n self.assert_xml_elt_equal(target_elt, 'target', '4.5.6.7')\n self.assert_xml_elt_equal(target_elt, 'target_subnet', '32')\n self.assert_xml_elt_equal(target_elt, 'natport', '888:999')\n elif params['address'] == '4.5.6.7/24:888-999':\n self.assert_xml_elt_equal(target_elt, 'target', '4.5.6.0')\n self.assert_xml_elt_equal(target_elt, 'target_subnet', '24')\n self.assert_xml_elt_equal(target_elt, 'natport', '888:999')\n\n @staticmethod\n def md5(value):\n if value == 'acme_key':\n return '0xfdc529cc680c4e8c74efbf114ec436fb'\n return value\n\n def check_target_elt(self, obj, target_elt, target_idx=-1):\n \"\"\" test the xml definition \"\"\"\n self.check_addr(obj, target_elt, 'source', 'network', 'sourceport')\n self.check_addr(obj, target_elt, 'destination', 'network', 'dstport', invert=obj.get('invert'))\n self.check_target_addr(obj, target_elt)\n\n self.check_param_equal_or_not_find(obj, target_elt, 'disabled')\n self.check_param_equal_or_not_find(obj, target_elt, 'nonat')\n self.check_param_equal_or_not_find(obj, target_elt, 'staticnatport')\n self.check_param_equal_or_not_find(obj, target_elt, 'nosync')\n self.check_param_equal_or_not_find(obj, target_elt, 'nonat')\n\n self.check_value_equal(target_elt, 'interface', self.unalias_interface(obj['interface']))\n self.check_param_equal(obj, target_elt, 'ipprotocol', not_find_val='inet46')\n self.check_param_equal(obj, target_elt, 'protocol', not_find_val='any')\n self.check_param_equal(obj, target_elt, 'poolopts')\n self.check_value_equal(target_elt, 'source_hash_key', self.md5(obj.get('source_hash_key')))\n\n self.check_rule_idx(obj, target_idx)\n\n def check_rule_idx(self, params, target_idx):\n \"\"\" test the xml position \"\"\"\n nat_elt = self.assert_find_xml_elt(self.xml_result, 'nat')\n rules_elt = self.assert_find_xml_elt(nat_elt, 'outbound')\n\n idx = -1\n for rule_elt in rules_elt:\n if rule_elt.tag != 'rule':\n continue\n idx += 1\n descr_elt = rule_elt.find('descr')\n self.assertIsNotNone(descr_elt)\n self.assertIsNotNone(descr_elt.text)\n if descr_elt.text == params['descr']:\n self.assertEqual(idx, target_idx)\n return\n self.fail('rule not found ' + str(idx))\n\n def get_target_elt(self, obj, absent=False, module_result=None):\n \"\"\" get the generated xml definition \"\"\"\n nat_elt = self.assert_find_xml_elt(self.xml_result, 'nat')\n outbount_elt = self.assert_find_xml_elt(nat_elt, 'outbound')\n\n for item in outbount_elt:\n descr_elt = item.find('descr')\n if descr_elt is not None and descr_elt.text == obj['descr']:\n return item\n\n return None\n\n ##############\n # tests\n #\n def test_nat_outbound_create(self):\n \"\"\" test \"\"\"\n obj = dict(descr='https-source-rewriting', interface='lan', source='any', destination='1.2.3.4:443')\n command = \"create nat_outbound 'https-source-rewriting', interface='lan', source='any', destination='1.2.3.4:443'\"\n self.do_module_test(obj, command=command, target_idx=3)\n\n def test_nat_outbound_create_aliases(self):\n \"\"\" test \"\"\"\n obj = dict(descr='https-source-rewriting', interface='lan', source='srv_admin:port_ssh', destination='srv_admin:port_ssh', address='srv_admin:port_ssh')\n command = (\n \"create nat_outbound 'https-source-rewriting', interface='lan', source='srv_admin:port_ssh', \"\n \"destination='srv_admin:port_ssh', address='srv_admin:port_ssh'\"\n )\n self.do_module_test(obj, command=command, target_idx=3)\n\n def test_nat_outbound_create_address(self):\n \"\"\" test \"\"\"\n obj = dict(descr='https-source-rewriting', interface='lan', source='any', destination='1.2.3.4:443', address='4.5.6.7:888-999')\n command = \"create nat_outbound 'https-source-rewriting', interface='lan', source='any', destination='1.2.3.4:443', address='4.5.6.7/32:888-999'\"\n self.do_module_test(obj, command=command, target_idx=3)\n\n def test_nat_outbound_create_address_net(self):\n \"\"\" test \"\"\"\n obj = dict(descr='https-source-rewriting', interface='lan', source='any', destination='1.2.3.4:443', address='4.5.6.7/24:888-999')\n command = \"create nat_outbound 'https-source-rewriting', interface='lan', source='any', destination='1.2.3.4:443', address='4.5.6.0/24:888-999'\"\n self.do_module_test(obj, command=command, target_idx=3)\n\n def test_nat_outbound_create_networks(self):\n \"\"\" test \"\"\"\n obj = dict(descr='https-source-rewriting', interface='lan', source='1.2.3.4/24', destination='2.3.4.5/24:443')\n command = \"create nat_outbound 'https-source-rewriting', interface='lan', source='1.2.3.4/24', destination='2.3.4.5/24:443'\"\n self.do_module_test(obj, command=command, target_idx=3)\n\n def test_nat_outbound_ipprotocol(self):\n \"\"\" test \"\"\"\n obj = dict(descr='https-source-rewriting', interface='lan', ipprotocol='inet', source='any', destination='1.2.3.4:443')\n command = \"create nat_outbound 'https-source-rewriting', interface='lan', ipprotocol='inet', source='any', destination='1.2.3.4:443'\"\n self.do_module_test(obj, command=command, target_idx=3)\n\n def test_nat_outbound_protocol(self):\n \"\"\" test \"\"\"\n obj = dict(descr='https-source-rewriting', interface='lan', protocol='tcp', source='any', destination='1.2.3.4:443')\n command = \"create nat_outbound 'https-source-rewriting', interface='lan', protocol='tcp', source='any', destination='1.2.3.4:443'\"\n self.do_module_test(obj, command=command, target_idx=3)\n\n def test_nat_outbound_create_networks_invert(self):\n \"\"\" test \"\"\"\n obj = dict(descr='https-source-rewriting', interface='lan', source='1.2.3.4/24', destination='2.3.4.5/24:443', invert=True)\n command = \"create nat_outbound 'https-source-rewriting', interface='lan', source='1.2.3.4/24', destination='2.3.4.5/24:443', invert=True\"\n self.do_module_test(obj, command=command, target_idx=3)\n\n def test_nat_outbound_create_interface_destination_network(self):\n \"\"\" test \"\"\"\n obj = dict(descr='https-source-rewriting', interface='lan', source='1.2.3.4/24', destination='NET:lan:443')\n command = \"create nat_outbound 'https-source-rewriting', interface='lan', source='1.2.3.4/24', destination='NET:lan:443'\"\n self.do_module_test(obj, command=command, target_idx=3)\n\n def test_nat_outbound_create_interface_source_network(self):\n \"\"\" test \"\"\"\n obj = dict(descr='https-source-rewriting', interface='lan', source='NET:lan', destination='2.3.4.5/24:443')\n command = \"create nat_outbound 'https-source-rewriting', interface='lan', source='NET:lan', destination='2.3.4.5/24:443'\"\n self.do_module_test(obj, command=command, target_idx=3)\n\n def test_nat_outbound_create_top(self):\n \"\"\" test \"\"\"\n obj = dict(descr='https-source-rewriting', interface='lan', source='any', destination='1.2.3.4:443', after='top')\n command = \"create nat_outbound 'https-source-rewriting', interface='lan', source='any', destination='1.2.3.4:443', after='top'\"\n self.do_module_test(obj, command=command, target_idx=0)\n\n def test_nat_outbound_create_after(self):\n \"\"\" test \"\"\"\n obj = dict(descr='https-source-rewriting', interface='lan', source='any', destination='1.2.3.4:443', after='one rule')\n command = \"create nat_outbound 'https-source-rewriting', interface='lan', source='any', destination='1.2.3.4:443', after='one rule'\"\n self.do_module_test(obj, command=command, target_idx=1)\n\n def test_nat_outbound_create_before(self):\n \"\"\" test \"\"\"\n obj = dict(descr='https-source-rewriting', interface='lan', source='any', destination='1.2.3.4:443', before='another rule')\n command = \"create nat_outbound 'https-source-rewriting', interface='lan', source='any', destination='1.2.3.4:443', before='another rule'\"\n self.do_module_test(obj, command=command, target_idx=1)\n\n def test_nat_outbound_create_with_sourcehashkey(self):\n \"\"\" test \"\"\"\n obj = dict(descr='valid', interface='lan', source='any', destination='1.2.3.4:443', source_hash_key='0x12345678901234567890123456789012')\n command = \"create nat_outbound 'valid', interface='lan', source='any', destination='1.2.3.4:443', source_hash_key='0x12345678901234567890123456789012'\"\n self.do_module_test(obj, command=command, target_idx=3)\n\n def test_nat_outbound_create_with_sourcehashkey_str(self):\n \"\"\" test \"\"\"\n obj = dict(descr='valid', interface='lan', source='any', destination='1.2.3.4:443', source_hash_key='acme_key')\n command = \"create nat_outbound 'valid', interface='lan', source='any', destination='1.2.3.4:443', source_hash_key='0xfdc529cc680c4e8c74efbf114ec436fb'\"\n self.do_module_test(obj, command=command, target_idx=3)\n\n def test_nat_outbound_update_noop(self):\n \"\"\" test \"\"\"\n obj = dict(descr='one rule', interface='wan', source='any', destination='any')\n self.do_module_test(obj, target_idx=0, changed=False)\n\n def test_nat_outbound_update_bottom(self):\n \"\"\" test \"\"\"\n obj = dict(descr='one rule', interface='wan', source='any', destination='any', before='bottom')\n command = \"update nat_outbound 'one rule' set before='bottom'\"\n self.do_module_test(obj, command=command, target_idx=2)\n\n def test_nat_outbound_update_top(self):\n \"\"\" test \"\"\"\n obj = dict(descr='another rule', interface='wan', source='any', destination='any', after='top')\n command = \"update nat_outbound 'another rule' set after='top'\"\n self.do_module_test(obj, command=command, target_idx=0)\n\n def test_nat_outbound_update_source(self):\n \"\"\" test \"\"\"\n obj = dict(descr='one rule', interface='wan', source='(self):123', destination='any')\n command = \"update nat_outbound 'one rule' set source='(self):123'\"\n self.do_module_test(obj, command=command, target_idx=0)\n\n def test_nat_outbound_update_destination(self):\n \"\"\" test \"\"\"\n obj = dict(descr='one rule', interface='wan', source='any', destination='1.2.3.4:555')\n command = \"update nat_outbound 'one rule' set destination='1.2.3.4/32:555'\"\n self.do_module_test(obj, command=command, target_idx=0)\n\n def test_nat_outbound_update_interface(self):\n \"\"\" test \"\"\"\n obj = dict(descr='one rule', interface='lan_100', source='any', destination='any')\n command = \"update nat_outbound 'one rule' set interface='lan_100'\"\n self.do_module_test(obj, command=command, target_idx=0)\n\n def test_nat_outbound_delete(self):\n \"\"\" test \"\"\"\n obj = dict(descr='one rule')\n command = \"delete nat_outbound 'one rule'\"\n self.do_module_test(obj, command=command, delete=True)\n\n def test_nat_outbound_invalid_sourcehashkey_hex(self):\n \"\"\" test \"\"\"\n obj = dict(descr='invalid', interface='lan', source='any', destination='1.2.3.4:443', source_hash_key='0xg2345678901234567890123456789012')\n msg = 'Incorrect format for source-hash key, \"0x\" must be followed by exactly 32 hexadecimal characters.'\n self.do_module_test(obj, msg=msg, failed=True)\n\n def test_nat_outbound_invalid_sourcehashkey_len(self):\n \"\"\" test \"\"\"\n obj = dict(descr='invalid', interface='lan', source='any', destination='1.2.3.4:443', source_hash_key='0x1234567890123456789012345678901')\n msg = 'Incorrect format for source-hash key, \"0x\" must be followed by exactly 32 hexadecimal characters.'\n self.do_module_test(obj, msg=msg, failed=True)\n"
},
{
"path": "tests/unit/plugins/modules/test_pfsense_nat_port_forward.py",
"content": "# Copyright: (c) 2018, Frederic Bor \n# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)\n\nfrom __future__ import (absolute_import, division, print_function)\n__metaclass__ = type\n\nimport pytest\nimport sys\n\nif sys.version_info < (2, 7):\n pytestmark = pytest.mark.skip(\"pfSense Ansible modules require Python >= 2.7\")\n\nfrom ansible_collections.pfsensible.core.plugins.modules import pfsense_nat_port_forward\nfrom ansible_collections.pfsensible.core.plugins.module_utils.nat_port_forward import PFSenseNatPortForwardModule\nfrom .pfsense_module import TestPFSenseModule\nfrom .test_pfsense_rule import TestPFSenseRuleModule\n\n\nclass TestPFSenseNatPortForwardModule(TestPFSenseModule):\n\n module = pfsense_nat_port_forward\n\n def __init__(self, *args, **kwargs):\n super(TestPFSenseNatPortForwardModule, self).__init__(*args, **kwargs)\n self.config_file = 'pfsense_nat_port_forward_config.xml'\n self.pfmodule = PFSenseNatPortForwardModule\n\n def check_target_addr(self, params, target_elt):\n \"\"\" test the addresses definition \"\"\"\n if params['target'] == '2.3.4.5:443':\n self.assert_xml_elt_equal(target_elt, 'target', '2.3.4.5')\n self.assert_xml_elt_equal(target_elt, 'local-port', '443')\n\n def get_associated_rule_elt(self, params, ruleid):\n \"\"\" check the associated rule \"\"\"\n filters = dict()\n filters['interface'] = self.unalias_interface(params['interface'])\n filters['associated-rule-id'] = ruleid\n return self.assert_has_xml_tag('filter', filters)\n\n def check_target_elt(self, obj, target_elt, target_idx=-1):\n \"\"\" test the xml definition \"\"\"\n rules_tester = TestPFSenseRuleModule()\n rules_tester.check_rule_elt_addr(obj, target_elt, 'source')\n\n # checking destination address and ports\n rules_tester.check_rule_elt_addr(obj, target_elt, 'destination')\n self.check_target_addr(obj, target_elt)\n self.check_param_equal_or_not_find(obj, target_elt, 'disabled')\n self.check_param_equal_or_not_find(obj, target_elt, 'nordr')\n self.check_param_equal_or_not_find(obj, target_elt, 'nosync')\n self.check_param_equal_or_not_find(obj, target_elt, 'natreflection', not_find_val='system-default')\n\n self.check_value_equal(target_elt, 'interface', self.unalias_interface(obj['interface']))\n self.check_param_equal(obj, target_elt, 'ipprotocol', 'inet')\n self.check_param_equal(obj, target_elt, 'protocol', 'tcp')\n self.check_param_equal_or_present(obj, target_elt, 'local-port')\n\n self.check_rule_idx(obj, target_idx)\n if 'associated_rule' not in obj:\n obj['associated_rule'] = 'associated'\n\n if obj['associated_rule'] == 'none' or obj['associated_rule'] == 'unassociated':\n self.assert_xml_elt_is_none_or_empty(target_elt, 'associated-rule-id')\n elif obj['associated_rule'] == 'pass':\n self.check_value_equal(target_elt, 'associated-rule-id', 'pass')\n else:\n ruleid_elt = self.assert_find_xml_elt(target_elt, 'associated-rule-id')\n self.assertTrue(ruleid_elt.text.startswith('nat_'))\n\n rule_elt = self.get_associated_rule_elt(obj, ruleid_elt.text)\n self.assertEqual(rule_elt.find('descr').text, 'NAT ' + obj['descr'])\n\n def check_rule_idx(self, params, target_idx):\n \"\"\" test the xml position \"\"\"\n rules_elt = self.assert_find_xml_elt(self.xml_result, 'nat')\n\n idx = -1\n for rule_elt in rules_elt:\n if rule_elt.tag != 'rule':\n continue\n idx += 1\n descr_elt = rule_elt.find('descr')\n self.assertIsNotNone(descr_elt)\n self.assertIsNotNone(descr_elt.text)\n if descr_elt.text == params['descr']:\n self.assertEqual(idx, target_idx)\n return\n self.fail('rule not found ' + str(idx))\n\n def get_target_elt(self, obj, absent=False, module_result=None):\n \"\"\" get the generated xml definition \"\"\"\n rules_elt = self.assert_find_xml_elt(self.xml_result, 'nat')\n\n for item in rules_elt:\n descr_elt = item.find('descr')\n if descr_elt is not None and descr_elt.text == obj['descr']:\n return item\n\n return None\n\n ##############\n # tests\n #\n def test_nat_port_forward_create(self):\n \"\"\" test \"\"\"\n obj = dict(descr='test_pf', interface='lan', source='any:443', destination='1.2.3.4:443', target='2.3.4.5:443', associated_rule='pass')\n command = (\n \"create nat_port_forward 'test_pf', interface='lan', source='any:443', destination='1.2.3.4:443', target='2.3.4.5:443', associated_rule='pass'\"\n )\n self.do_module_test(obj, command=command, target_idx=3)\n\n def test_nat_port_forward_create_range(self):\n \"\"\" test \"\"\"\n obj = dict(descr='test_pf', interface='lan', source='any:9000-10000', destination='1.2.3.4:9000-10000', target='2.3.4.5:9000', associated_rule='none')\n command = (\n \"create nat_port_forward 'test_pf', interface='lan', source='any:9000-10000', destination='1.2.3.4:9000-10000', \"\n \"target='2.3.4.5:9000', associated_rule='none'\"\n )\n self.do_module_test(obj, command=command, target_idx=3)\n\n def test_nat_port_forward_create_associated(self):\n \"\"\" test \"\"\"\n obj = dict(descr='test_pf', interface='lan', source='any:443', destination='1.2.3.4:443', target='2.3.4.5:443', associated_rule='associated')\n cmd1 = \"create rule 'NAT test_pf' on 'lan', source='any:443', destination='2.3.4.5:443', protocol='tcp'\"\n cmd2 = \"create nat_port_forward 'test_pf', interface='lan', source='any:443', destination='1.2.3.4:443', target='2.3.4.5:443'\"\n self.do_module_test(obj, command=[cmd1, cmd2], target_idx=3)\n\n def test_nat_port_forward_create_unassociated(self):\n \"\"\" test \"\"\"\n obj = dict(descr='test_pf', interface='lan', source='any:443', destination='1.2.3.4:443', target='2.3.4.5:443', associated_rule='unassociated')\n cmd1 = \"create rule 'NAT test_pf' on 'lan', source='any:443', destination='2.3.4.5:443', protocol='tcp'\"\n cmd2 = (\n \"create nat_port_forward 'test_pf', interface='lan', source='any:443', destination='1.2.3.4:443', target='2.3.4.5:443', \"\n \"associated_rule='unassociated'\"\n )\n self.do_module_test(obj, command=[cmd1, cmd2], target_idx=3)\n\n def test_nat_port_forward_create_top(self):\n \"\"\" test \"\"\"\n obj = dict(descr='test_pf', interface='lan', source='any:443', destination='1.2.3.4:443', target='2.3.4.5:443', associated_rule='pass', after='top')\n command = (\n \"create nat_port_forward 'test_pf', interface='lan', source='any:443', destination='1.2.3.4:443', target='2.3.4.5:443', \"\n \"associated_rule='pass', after='top'\"\n )\n self.do_module_test(obj, command=command, target_idx=0)\n\n def test_nat_port_forward_create_after(self):\n \"\"\" test \"\"\"\n obj = dict(descr='test_pf', interface='lan', source='any:443', destination='1.2.3.4:443', target='2.3.4.5:443', associated_rule='pass', after='one')\n command = (\n \"create nat_port_forward 'test_pf', interface='lan', source='any:443', destination='1.2.3.4:443', target='2.3.4.5:443', \"\n \"associated_rule='pass', after='one'\"\n )\n self.do_module_test(obj, command=command, target_idx=1)\n\n def test_nat_port_forward_create_before(self):\n \"\"\" test \"\"\"\n obj = dict(descr='test_pf', interface='lan', source='any:443', destination='1.2.3.4:443', target='2.3.4.5:443', associated_rule='pass', before='two')\n command = (\n \"create nat_port_forward 'test_pf', interface='lan', source='any:443', destination='1.2.3.4:443', target='2.3.4.5:443', \"\n \"associated_rule='pass', before='two'\"\n )\n self.do_module_test(obj, command=command, target_idx=1)\n\n def test_nat_port_forward_create_icmp(self):\n \"\"\" test \"\"\"\n obj = dict(descr='test_pf', interface='wan', protocol='icmp', source='any', destination='1.2.3.4', target='2.3.4.5', associated_rule='associated')\n command = [\n \"create rule 'NAT test_pf' on 'wan', source='any', destination='2.3.4.5', protocol='icmp'\",\n \"create nat_port_forward 'test_pf', interface='wan', protocol='icmp', source='any', destination='1.2.3.4', target='2.3.4.5'\"\n ]\n self.do_module_test(obj, command=command, target_idx=3)\n\n def test_nat_port_forward_create_tcp_fail_no_port(self):\n \"\"\" test \"\"\"\n obj = dict(descr='test_pf', interface='wan', source='any', destination='1.2.3.4', target='2.3.4.5', associated_rule='associated')\n msg = 'Must specify a target port with protocol \"tcp\".'\n self.do_module_test(obj, failed=True, msg=msg)\n\n def test_nat_port_forward_create_icmp_fail_port(self):\n \"\"\" test \"\"\"\n obj = dict(descr='test_pf', interface='wan', protocol='icmp', source='any', destination='1.2.3.4', target='2.3.4.5:443', associated_rule='associated')\n msg = 'Cannot specify a target port with protocol \"icmp\".'\n self.do_module_test(obj, failed=True, msg=msg)\n\n def test_nat_port_forward_update_noop(self):\n \"\"\" test \"\"\"\n obj = dict(descr='one', interface='wan', source='any', destination='IP:wan:22022', target='10.255.1.20:22', associated_rule='none')\n self.do_module_test(obj, target_idx=0, changed=False)\n\n def test_nat_port_forward_update_bottom(self):\n \"\"\" test \"\"\"\n obj = dict(descr='one', interface='wan', source='any', destination='IP:wan:22022', target='10.255.1.20:22', associated_rule='none', before='bottom')\n command = \"update nat_port_forward 'one' set before='bottom'\"\n self.do_module_test(obj, command=command, target_idx=2)\n\n def test_nat_port_forward_update_top(self):\n \"\"\" test \"\"\"\n obj = dict(descr='last', interface='wan', source='any', destination='IP:wan:22022', target='10.255.1.20:22', associated_rule='associated', after='top')\n command = \"update nat_port_forward 'last' set after='top'\"\n self.do_module_test(obj, command=command, target_idx=0)\n\n def test_nat_port_forward_update_source(self):\n \"\"\" test \"\"\"\n obj = dict(descr='one', interface='wan', source='1.2.3.4', destination='IP:wan:22022', target='10.255.1.20:22', associated_rule='none')\n command = \"update nat_port_forward 'one' set source='1.2.3.4'\"\n self.do_module_test(obj, command=command, target_idx=0)\n\n def test_nat_port_forward_update_destination(self):\n \"\"\" test \"\"\"\n obj = dict(descr='one', interface='wan', source='any', destination='1.2.3.4:22022', target='10.255.1.20:22', associated_rule='none')\n command = \"update nat_port_forward 'one' set destination='1.2.3.4:22022'\"\n self.do_module_test(obj, command=command, target_idx=0)\n\n def test_nat_port_forward_update_interface(self):\n \"\"\" test \"\"\"\n obj = dict(descr='one', interface='vpn', source='any', destination='IP:wan:22022', target='10.255.1.20:22', associated_rule='none')\n command = \"update nat_port_forward 'one' set interface='vpn'\"\n self.do_module_test(obj, command=command, target_idx=0)\n\n def test_nat_port_forward_update_interface_associated(self):\n \"\"\" test \"\"\"\n obj = dict(descr='last', interface='lan_100', source='any', destination='IP:wan:22022', target='10.255.1.20:22', associated_rule='associated')\n cmd1 = \"delete rule 'NAT last' on 'wan'\"\n cmd2 = \"create rule 'NAT last' on 'lan_100', source='any', destination='10.255.1.20:22', protocol='tcp'\"\n cmd3 = \"update nat_port_forward 'last' set interface='lan_100'\"\n self.do_module_test(obj, command=[cmd1, cmd2, cmd3], target_idx=2)\n\n def test_nat_port_forward_delete(self):\n \"\"\" test \"\"\"\n obj = dict(descr='one')\n command = \"delete nat_port_forward 'one'\"\n self.do_module_test(obj, command=command, delete=True)\n"
},
{
"path": "tests/unit/plugins/modules/test_pfsense_openvpn_override.py",
"content": "# Copyright: (c) 2022, Orion Poplawski \n# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)\n\nfrom __future__ import (absolute_import, division, print_function)\n__metaclass__ = type\n\nimport pytest\nimport sys\n\nif sys.version_info < (2, 7):\n pytestmark = pytest.mark.skip(\"pfSense Ansible modules require Python >= 2.7\")\n\nfrom ansible_collections.pfsensible.core.plugins.modules import pfsense_openvpn_override\nfrom .pfsense_module import TestPFSenseModule\n\n\nclass TestPFSenseOpenVPNOverrideModule(TestPFSenseModule):\n\n module = pfsense_openvpn_override\n\n def __init__(self, *args, **kwargs):\n super(TestPFSenseOpenVPNOverrideModule, self).__init__(*args, **kwargs)\n self.config_file = 'pfsense_openvpn_config.xml'\n self.pfmodule = pfsense_openvpn_override.PFSenseOpenVPNOverrideModule\n\n @staticmethod\n def runTest():\n \"\"\" dummy function needed to instantiate this test module from another in python 2.7 \"\"\"\n pass\n\n def get_target_elt(self, obj, absent=False, module_result=None):\n \"\"\" return target elt from XML \"\"\"\n root_elt = self.xml_result.getroot().find('openvpn')\n result = root_elt.findall(\"openvpn-csc[common_name='{0}']\".format(obj['name']))\n if len(result) == 1:\n return result[0]\n elif len(result) > 1:\n self.fail('Found multiple OpenVPN overrides for name {0}.'.format(obj['name']))\n else:\n return None\n\n def check_target_elt(self, obj, target_elt):\n \"\"\" check XML definition of target elt \"\"\"\n\n self.check_param_equal(obj, target_elt, 'name', xml_field='common_name')\n self.check_param_bool(obj, target_elt, 'disable')\n self.check_param_bool(obj, target_elt, 'block', default=False, value_true='yes')\n self.check_param_equal(obj, target_elt, 'tunnel_network')\n self.check_param_equal(obj, target_elt, 'tunnel_networkv6')\n self.check_param_equal(obj, target_elt, 'local_network')\n self.check_param_equal(obj, target_elt, 'local_networkv6')\n self.check_param_equal(obj, target_elt, 'remote_network')\n self.check_param_equal(obj, target_elt, 'remote_networkv6')\n self.check_param_bool(obj, target_elt, 'gwredir', default=False, value_true='yes')\n self.check_param_bool(obj, target_elt, 'push_reset', default=False, value_true='yes')\n\n ##############\n # tests\n #\n def test_openvpn_override_create(self):\n \"\"\" test creation of a new OpenVPN override \"\"\"\n obj = dict(name='vpnuser1', block=True)\n self.do_module_test(obj, command=\"create openvpn_override 'vpnuser1', common_name='vpnuser1'\")\n\n def test_openvpn_override_delete(self):\n \"\"\" test deletion of a OpenVPN override \"\"\"\n obj = dict(name='delvpnuser')\n self.do_module_test(obj, command=\"delete openvpn_override 'delvpnuser'\", delete=True)\n\n def test_openvpn_override_update_noop(self):\n \"\"\" test not updating a OpenVPN override \"\"\"\n obj = dict(name='delvpnuser', gwredir=True, server_list=1, custom_options='ifconfig-push 10.8.0.1 255.255.255.0')\n self.do_module_test(obj, changed=False)\n\n def test_openvpn_override_update_network(self):\n \"\"\" test updating network of a OpenVPN override \"\"\"\n obj = dict(name='delvpnuser', gwredir=True, server_list=1, custom_options='ifconfig-push 10.8.0.1 255.255.255.0', tunnel_network='10.10.10.10/24')\n self.do_module_test(obj, command=\"update openvpn_override 'delvpnuser' set \")\n\n ##############\n # misc\n #\n def test_create_openvpn_override_invalid_network(self):\n \"\"\" test creation of a new OpenVPN override with invalid network \"\"\"\n obj = dict(name='delvpnuser', remote_network='30.4.3.3/24')\n self.do_module_test(obj, failed=True, msg='A valid IPv4 network must be specified for remote_network.')\n\n def test_delete_nonexistent_openvpn_override(self):\n \"\"\" test deletion of an nonexistent OpenVPN override \"\"\"\n obj = dict(name='novpnuser')\n self.do_module_test(obj, commmand=None, state='absent', changed=False)\n"
},
{
"path": "tests/unit/plugins/modules/test_pfsense_openvpn_server.py",
"content": "# Copyright: (c) 2022, Orion Poplawski \n# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)\n\nfrom __future__ import (absolute_import, division, print_function)\n__metaclass__ = type\n\nimport base64\nimport pytest\nimport sys\n\nif sys.version_info < (2, 7):\n pytestmark = pytest.mark.skip(\"pfSense Ansible modules require Python >= 2.7\")\n\nfrom ansible_collections.pfsensible.core.plugins.modules import pfsense_openvpn_server\nfrom .pfsense_module import TestPFSenseModule\nfrom ansible_collections.community.internal_test_tools.tests.unit.compat.mock import patch\n\nCERTIFICATE = (\n \"LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tDQpNSUlFQ0RDQ0F2Q2dBd0lCQWdJSUZqRk9oczFuTXpRd0RRWUpLb1pJaHZjTkFRRUxCUUF3WERFVE1CRUdBMVVFDQpBeE1LYjNCbGJuWndiaTFqWVRF\"\n \"TE1Ba0dBMVVFQmhNQ1ZWTXhFVEFQQmdOVkJBZ1RDRU52Ykc5eVlXUnZNUkF3DQpEZ1lEVlFRSEV3ZENiM1ZzWkdWeU1STXdFUVlEVlFRS0V3cHdabE5sYm5OcFlteGxNQjRYRFRJeU1ESXhOREExDQpN\"\n \"RGd6TVZvWERUTXlNREl4TWpBMU1EZ3pNVm93WERFVE1CRUdBMVVFQXhNS2IzQmxiblp3YmkxallURUxNQWtHDQpBMVVFQmhNQ1ZWTXhFVEFQQmdOVkJBZ1RDRU52Ykc5eVlXUnZNUkF3RGdZRFZRUUhF\"\n \"d2RDYjNWc1pHVnlNUk13DQpFUVlEVlFRS0V3cHdabE5sYm5OcFlteGxNSUlCSWpBTkJna3Foa2lHOXcwQkFRRUZBQU9DQVE4QU1JSUJDZ0tDDQpBUUVBbXN2aUpNRTFFVGVkNGZPdGJrSHBGM2Q5ZU0r\"\n \"NjQwOFhQbmE4dEpHZEJxM1VBQ3hFem9hQktSdDJ5MWN0DQo2elFEZTVGRjRBQXZ0VjF1Y1pwc2w1bzREUy9JR1NibjZkM1lNaytqOGpBUTNFbXpSOEdPb2huZ2YxUTlBWEM2DQpvaDRyQlA1c1g0WTh1\"\n \"WThrSjNZclg1cVRwRlk1S0hMVTFBb1BleVE3eXlNWkhMb2t0OW5jK0ZGWnd3VTdSQ0dTDQpjTkxaaVZ4Q1FRSzVwOGs5bUE4Ymd4bHFZa2YwbUF5Qk53OU1BZlBVY1VrcUY2UDBnV1BIbElySFovdWhn\"\n \"N2RVDQorMjJhb2NLVUVOaXY5bXFhK0I2Y1VnTFRGVDZzMFZTRXNYL2RBZWg2MllMZ2ZtWEpnNmROSFFJK01nNlNrZWxwDQprOVZSVGVqaUVUSUVWOEpnZHYyTjdSU201d0lEQVFBQm80SE5NSUhLTUIw\"\n \"R0ExVWREZ1FXQkJSazVvQS8wcWEyDQpLUHdnb1hKcUtNdCtBb0tKZ1RDQmpRWURWUjBqQklHRk1JR0NnQlJrNW9BLzBxYTJLUHdnb1hKcUtNdCtBb0tKDQpnYUZncEY0d1hERVRNQkVHQTFVRUF4TUti\"\n \"M0JsYm5ad2JpMWpZVEVMTUFrR0ExVUVCaE1DVlZNeEVUQVBCZ05WDQpCQWdUQ0VOdmJHOXlZV1J2TVJBd0RnWURWUVFIRXdkQ2IzVnNaR1Z5TVJNd0VRWURWUVFLRXdwd1psTmxibk5wDQpZbXhsZ2dn\"\n \"V01VNkd6V2N6TkRBTUJnTlZIUk1FQlRBREFRSC9NQXNHQTFVZER3UUVBd0lCQmpBTkJna3Foa2lHDQo5dzBCQVFzRkFBT0NBUUVBVUg5S0NkbUpkb0FKbFUwd0JKSFl4akxyS2xsUFk2T05ienI1SmJo\"\n \"Q002OUh4eFlODQpCa2lpbXd1N09mRmFGZkZDT25NSjhvcStKVGxjMG9vREoxM2xCdHRONkdybnZrUTNQMXdZYkNFTmJuaWxPYVVCDQpUSXJpSHl0TkRRYW91TmEvS1dzN0ZhdW9iY3RCbDF3OWF0b0ha\"\n \"c041b2VoVDNyQVR2MUNDQXRqcGFUSklmSlIzDQowSVFPWWtlNG9ZNkRrSXdIcDJ2UFBtb29HZ0l0YlR3M1UrRTQxWVplN3FDbUUvN3pMVFNaa0lNMmx4NnpENDZqDQpEZjRyZ044TVVMNnhpd09Mbzly\"\n \"QUp5ckRNM2JEeTJ1QjY0QkVzRFFMa2huUE92ZWtETjQ1NnV6TmpYS0E3VnE4DQpoMS9nekRaSURpK1dYQ1lBY2JnTGhaVkJxdG42MnVtRnBNUkl1dz09DQotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0t\"\n \"DQo=\")\n\nTLSKEY = (\n \"IwojIDIwNDggYml0IE9wZW5WUE4gc3RhdGljIGtleQojCi0tLS0tQkVHSU4gT3BlblZQTiBTdGF0aWMga2V5IFYxLS0tLS0KNjFiY2E4MDk0ZmM4YjA3ZTZlMjE3NzRmNTI0YTIyOWYKNGMzZGZhMDVjZ\"\n \"Tc2ODVlN2NkNDc1N2I0OGM3ZmMzZDcKYzQzMjhjYzBmMWQ4Yjc2OTk2MjVjNzAwYmVkNzNhNWYKY2RjMjYzMTY2YThlMzVmYTk4NGU0OWVkZDg5MDNkZmMKMDc1ZTQyY2ZlOTM5NzUwYzhmMjc1YTY3MT\"\n \"kzMGRmMzEKMDY2Mzk1MjM2ZWRkYWQ3NDc3YmVjZjJmNDgyNzBlMjUKODM1N2JlMGE1MGUzY2Y0ZjllZTEyZTdkMmM4YTY2YzEKODUwNjBlODM5ZWUyMzdjNTZkZmUzNjA4NjU0NDhhYzgKNjhmM2JhYWQ\"\n \"4ODNjNDU3NTdlZTVjMWQ4ZDk5ZjM4ZjcKZGNiZDAwZmI3Nzc2ZWFlYjQ1ZmQwOTBjNGNlYTNmMGMKMzgzNDE0ZTJlYmU4MWNiZGIxZmNlN2M2YmFhMDlkMWYKMTU4OGUzNGRkYzUxY2NjOTE5NDNjNTFh\"\n \"OTI2OTE3NWQKNzZiZjdhOWI1ZmM3NDAyNmE3MTVkNGVmODVkYzY2Y2UKMWE5MWQwNjNhODIwZDY4MTc0ODlmYjJkZjNmYzY2MmMKMmU2OWZiMzNiMzM5MjdjYjUyNThkZDQ4M2NkNDE0Y2QKMDJhZWE3Z\"\n \"jA3MmNhZmEwOTY5Yjg5NWVjYzNiYmExNGQKLS0tLS1FTkQgT3BlblZQTiBTdGF0aWMga2V5IFYxLS0tLS0K\")\n\n\nclass TestPFSenseOpenVPNServerModule(TestPFSenseModule):\n\n module = pfsense_openvpn_server\n\n def __init__(self, *args, **kwargs):\n super(TestPFSenseOpenVPNServerModule, self).__init__(*args, **kwargs)\n self.config_file = 'pfsense_openvpn_config.xml'\n self.pfmodule = pfsense_openvpn_server.PFSenseOpenVPNServerModule\n\n def setUp(self):\n \"\"\" mocking up \"\"\"\n\n super(TestPFSenseOpenVPNServerModule, self).setUp()\n\n self.mock_run_command = patch('ansible.module_utils.basic.AnsibleModule.run_command')\n self.run_command = self.mock_run_command.start()\n self.run_command.return_value = (0, base64.b64decode(TLSKEY.encode()).decode(), '')\n\n self.mock_php = patch('ansible_collections.pfsensible.core.plugins.module_utils.pfsense.PFSenseModule.php')\n self.php = self.mock_php.start()\n self.php.return_value = {'SHA256': 'SHA256 (256-bit)'}\n\n def tearDown(self):\n \"\"\" mocking down \"\"\"\n super(TestPFSenseOpenVPNServerModule, self).tearDown()\n\n self.run_command.stop()\n\n @staticmethod\n def runTest():\n \"\"\" dummy function needed to instantiate this test module from another in python 2.7 \"\"\"\n pass\n\n def get_target_elt(self, obj, absent=False, module_result=None):\n \"\"\" return target elt from XML \"\"\"\n root_elt = self.xml_result.getroot().find('openvpn')\n result = root_elt.findall(\"openvpn-server[description='{0}']\".format(obj['name']))\n if len(result) == 1:\n return result[0]\n elif len(result) > 1:\n self.fail('Found multiple OpenVPN servers for name {0}.'.format(obj['name']))\n else:\n return None\n\n @staticmethod\n def caref(descr):\n \"\"\" return refid for ca \"\"\"\n if descr == 'OpenVPN CA':\n return '6209e3cef1e81'\n return ''\n\n @staticmethod\n def crlref(descr):\n \"\"\" return refid for crl \"\"\"\n if descr == 'OpenVPN CRL':\n return '6209e3cef1e81'\n return None\n\n @staticmethod\n def certref(descr):\n \"\"\" return refid for cert \"\"\"\n if descr == 'OpenVPN CERT':\n return '6209e3cef1e81'\n return None\n\n def check_target_elt(self, obj, target_elt):\n \"\"\" check XML definition of target elt \"\"\"\n\n # Use \"generated\" key\n if 'shared_key' in obj and obj['shared_key'] == 'generate':\n obj['shared_key'] = TLSKEY\n if 'tls' in obj and obj['tls'] == 'generate':\n obj['tls'] = TLSKEY\n obj['tls_type'] = 'auth'\n\n self.check_param_equal(obj, target_elt, 'name', xml_field='description')\n self.check_param_equal(obj, target_elt, 'custom_options')\n self.check_param_equal(obj, target_elt, 'mode', default='ptp_tls')\n if obj['mode'] == 'server_tls_user':\n self.check_list_param_equal(obj, target_elt, 'authmode')\n if obj['mode'] == 'p2p_shared_key':\n self.check_param_equal(obj, target_elt, 'shared_key')\n self.check_param_equal(obj, target_elt, 'dev_mode', default='tun')\n self.check_param_bool(obj, target_elt, 'disabled')\n self.check_param_equal(obj, target_elt, 'interface', default='wan')\n self.check_param_equal(obj, target_elt, 'local_port', default=1194)\n self.check_param_equal(obj, target_elt, 'protocol', default='UDP4')\n if 'tls' in obj['mode']:\n self.check_param_equal(obj, target_elt, 'tls')\n self.check_param_equal(obj, target_elt, 'tls')\n self.check_param_equal(obj, target_elt, 'tls_type')\n self.assert_xml_elt_equal(target_elt, 'caref', self.caref(obj['ca']))\n if 'crl' in obj:\n self.assert_xml_elt_equal(target_elt, 'crlref', self.crlref(obj['crl']))\n if 'cert' in obj:\n self.assert_xml_elt_equal(target_elt, 'certref', self.certref(obj['cert']))\n self.check_param_equal(obj, target_elt, 'cert_depth', default=1)\n else:\n self.assert_not_find_xml_elt('tls')\n self.assert_not_find_xml_elt('tls_type')\n self.check_param_bool(obj, target_elt, 'strictusercn')\n self.check_param_equal(obj, target_elt, 'dh_length', default=2048)\n self.check_param_equal(obj, target_elt, 'ecdh_curve', default='none')\n self.check_param_equal(obj, target_elt, 'data_ciphers_fallback', default='AES-256-CBC')\n self.check_param_equal(obj, target_elt, 'data_ciphers', default='AES-256-GCM,AES-128-GCM,CHACHA20-POLY1305')\n self.check_param_equal(obj, target_elt, 'digest', default='SHA256')\n self.check_param_equal(obj, target_elt, 'ecdh_curve', default='none')\n self.check_param_equal(obj, target_elt, 'allow_compression', default='no')\n self.check_param_equal(obj, target_elt, 'compression', default=None)\n self.check_param_bool(obj, target_elt, 'compression_push', default=False, value_true='yes')\n self.check_param_equal(obj, target_elt, 'ecdh_curve', default='none')\n self.check_param_equal(obj, target_elt, 'tunnel_network')\n self.check_param_equal(obj, target_elt, 'tunnel_networkv6')\n self.check_param_equal(obj, target_elt, 'local_network')\n self.check_param_equal(obj, target_elt, 'local_networkv6')\n self.check_param_equal(obj, target_elt, 'remote_network')\n self.check_param_equal(obj, target_elt, 'remote_networkv6')\n self.check_param_bool(obj, target_elt, 'gwredir', default=False, value_true='yes')\n self.check_param_bool(obj, target_elt, 'gwredir6', default=False, value_true='yes')\n self.check_param_equal(obj, target_elt, 'maxclients')\n\n ##############\n # tests\n #\n def test_openvpn_server_create(self):\n \"\"\" test creation of a new OpenVPN server \"\"\"\n obj = dict(name='ovpns3', mode='p2p_tls', ca='OpenVPN CA', local_port=1196)\n self.do_module_test(obj, command=\"create openvpn_server 'ovpns3', description='ovpns3'\")\n\n def test_openvpn_server_create_generate(self):\n \"\"\" test creation of a new OpenVPN server \"\"\"\n obj = dict(name='ovpns3', mode='p2p_tls', ca='OpenVPN CA', local_port=1196, tls='generate')\n self.do_module_test(obj, command=\"create openvpn_server 'ovpns3', description='ovpns3'\")\n\n def test_openvpn_server_delete(self):\n \"\"\" test deletion of a OpenVPN server \"\"\"\n obj = dict(name='ovpns2')\n self.do_module_test(obj, command=\"delete openvpn_server 'ovpns2'\", delete=True)\n\n def test_openvpn_server_update_noop(self):\n \"\"\" test not updating a OpenVPN server \"\"\"\n obj = dict(name='ovpns2', mode='p2p_tls', ca='OpenVPN CA', local_port=1195, tls=TLSKEY, tls_type='auth')\n self.do_module_test(obj, changed=False)\n\n def test_openvpn_server_update_network(self):\n \"\"\" test updating network of a OpenVPN server \"\"\"\n obj = dict(name='ovpns2', mode='p2p_tls', ca='OpenVPN CA', local_port=1195, tls=TLSKEY, tls_type='auth', tunnel_network='10.10.10.10/24')\n self.do_module_test(obj, command=\"update openvpn_server 'ovpns2' set \")\n\n ##############\n # misc\n #\n def test_create_openvpn_server_duplicate_port(self):\n \"\"\" test creation of a new OpenVPN server with duplicate port \"\"\"\n obj = dict(name='ovpns3', mode='p2p_tls', ca='OpenVPN CA')\n self.do_module_test(obj, failed=True, msg='The specified local_port (1194) is in use by vpn ID 1')\n\n def test_create_openvpn_server_invalid_certificate(self):\n \"\"\" test creation of a new OpenVPN server with invalid certificate \"\"\"\n obj = dict(name='ovpns2', mode='p2p_tls', ca='OpenVPN CA', cert='blah')\n self.do_module_test(obj, failed=True, msg='blah is not a valid certificate')\n\n def test_delete_nonexistent_openvpn_server(self):\n \"\"\" test deletion of an nonexistent OpenVPN server \"\"\"\n obj = dict(name='novpn')\n self.do_module_test(obj, commmand=None, state='absent', changed=False)\n"
},
{
"path": "tests/unit/plugins/modules/test_pfsense_route.py",
"content": "# Copyright: (c) 2018, Frederic Bor \n# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)\n\nfrom __future__ import (absolute_import, division, print_function)\n__metaclass__ = type\n\nimport pytest\nimport sys\n\nif sys.version_info < (2, 7):\n pytestmark = pytest.mark.skip(\"pfSense Ansible modules require Python >= 2.7\")\n\nfrom ansible_collections.pfsensible.core.plugins.modules import pfsense_route\nfrom ansible_collections.pfsensible.core.plugins.module_utils.route import PFSenseRouteModule\nfrom .pfsense_module import TestPFSenseModule\nfrom ansible_collections.community.internal_test_tools.tests.unit.compat.mock import patch\n\n\nclass TestPFSenseRouteModule(TestPFSenseModule):\n\n module = pfsense_route\n\n def __init__(self, *args, **kwargs):\n super(TestPFSenseRouteModule, self).__init__(*args, **kwargs)\n self.config_file = 'pfsense_route_config.xml'\n self.pfmodule = PFSenseRouteModule\n\n def setUp(self):\n \"\"\" mocking up \"\"\"\n\n super(TestPFSenseRouteModule, self).setUp()\n\n self.mock_run_command = patch('ansible.module_utils.basic.AnsibleModule.run_command')\n self.run_command = self.mock_run_command.start()\n self.run_command.return_value = (0, '', '')\n\n def tearDown(self):\n \"\"\" mocking down \"\"\"\n super(TestPFSenseRouteModule, self).tearDown()\n\n self.run_command.stop()\n\n def check_target_elt(self, obj, target_elt):\n \"\"\" test the xml definition \"\"\"\n\n self.check_param_equal_or_not_find(obj, target_elt, 'disabled')\n self.check_param_equal(obj, target_elt, 'gateway')\n self.check_param_equal(obj, target_elt, 'network')\n\n def get_target_elt(self, obj, absent=False, module_result=None):\n \"\"\" get the generated xml definition \"\"\"\n root_elt = self.assert_find_xml_elt(self.xml_result, 'staticroutes')\n\n for item in root_elt:\n name_elt = item.find('descr')\n if name_elt is not None and name_elt.text == obj['descr']:\n return item\n\n return None\n\n ##############\n # tests\n #\n def test_route_create(self):\n \"\"\" test \"\"\"\n obj = dict(descr='test_route', network='1.2.3.4/24', gateway='GW_LAN')\n command = \"create route 'test_route', network='1.2.3.4/24', gateway='GW_LAN'\"\n self.do_module_test(obj, command=command)\n\n def test_route_create_invalid_gw(self):\n \"\"\" test \"\"\"\n obj = dict(descr='test_route', network='1.2.3.4/24', gateway='GW_INVALID')\n msg = \"The gateway GW_INVALID does not exist\"\n self.do_module_test(obj, msg=msg, failed=True)\n\n def test_route_create_invalid_ip(self):\n \"\"\" test \"\"\"\n obj = dict(descr='test_route', network='2001::1', gateway='GW_LAN')\n msg = 'The gateway \"192.168.1.1\" is a different Address Family than network \"2001::1\".'\n self.do_module_test(obj, msg=msg, failed=True)\n\n def test_route_create_invalid_ip2(self):\n \"\"\" test \"\"\"\n obj = dict(descr='test_route', network='1.2.3.4', gateway='GW_LAN_V6')\n msg = 'The gateway \"2002::1\" is a different Address Family than network \"1.2.3.4\".'\n self.do_module_test(obj, msg=msg, failed=True)\n\n def test_route_create_invalid_alias(self):\n \"\"\" test \"\"\"\n obj = dict(descr='test_route', network='invalid_alias', gateway='GW_LAN')\n msg = 'A valid IPv4 or IPv6 destination network or alias must be specified.'\n self.do_module_test(obj, msg=msg, failed=True)\n\n def test_route_update_noop(self):\n \"\"\" test \"\"\"\n obj = dict(descr='GW_WAN route', network='10.3.0.0/16', gateway='GW_WAN')\n self.do_module_test(obj, changed=False)\n\n def test_route_update_network(self):\n \"\"\" test \"\"\"\n obj = dict(descr='GW_WAN route', network='10.4.0.0/16', gateway='GW_WAN')\n command = \"update route 'GW_WAN route' set network='10.4.0.0/16'\"\n self.do_module_test(obj, command=command)\n\n def test_route_update_gateway(self):\n \"\"\" test \"\"\"\n obj = dict(descr='GW_WAN route', network='10.3.0.0/16', gateway='GW_LAN')\n command = \"update route 'GW_WAN route' set gateway='GW_LAN'\"\n self.do_module_test(obj, command=command)\n\n def test_route_delete(self):\n \"\"\" test \"\"\"\n obj = dict(descr='GW_WAN route')\n command = \"delete route 'GW_WAN route'\"\n self.do_module_test(obj, command=command, delete=True)\n\n def test_route_delete_alias(self):\n \"\"\" test \"\"\"\n obj = dict(descr='GW_WAN alias')\n command = \"delete route 'GW_WAN alias'\"\n self.do_module_test(obj, command=command, delete=True)\n\n def test_route_create_dhcp(self):\n \"\"\" test \"\"\"\n obj = dict(descr='test_route', network='1.2.3.4/24', gateway='VPN_DHCP')\n command = \"create route 'test_route', network='1.2.3.4/24', gateway='VPN_DHCP'\"\n self.do_module_test(obj, command=command)\n\n def test_route_create_dhcp6(self):\n \"\"\" test \"\"\"\n obj = dict(descr='test_route', network='2001::/56', gateway='VPN_DHCP6')\n command = \"create route 'test_route', network='2001::/56', gateway='VPN_DHCP6'\"\n self.do_module_test(obj, command=command)\n"
},
{
"path": "tests/unit/plugins/modules/test_pfsense_rule.py",
"content": "# Copyright: (c) 2018, Frederic Bor \n# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)\n\nfrom __future__ import (absolute_import, division, print_function)\n__metaclass__ = type\n\nimport pytest\nimport sys\n\nif sys.version_info < (2, 7):\n pytestmark = pytest.mark.skip(\"pfSense Ansible modules require Python >= 2.7\")\n\nfrom ansible_collections.pfsensible.core.plugins.modules import pfsense_rule\nfrom ansible_collections.pfsensible.core.plugins.module_utils.rule import PFSenseRuleModule\nfrom ansible_collections.pfsensible.core.plugins.module_utils.pfsense import PFSenseModule\nfrom .pfsense_module import TestPFSenseModule\n\n\nclass TestPFSenseRuleModule(TestPFSenseModule):\n\n module = pfsense_rule\n\n def __init__(self, *args, **kwargs):\n super(TestPFSenseRuleModule, self).__init__(*args, **kwargs)\n self.config_file = 'pfsense_rule_config.xml'\n self.pfmodule = PFSenseRuleModule\n\n @staticmethod\n def runTest():\n \"\"\" dummy function needed to instantiate this test module from another in python 2.7 \"\"\"\n pass\n\n def parse_address(self, addr):\n \"\"\" return address parsed in dict \"\"\"\n if PFSenseModule.is_ipv6_address(addr) or PFSenseModule.is_ipv6_network(addr):\n parts = [addr]\n else:\n parts = addr.split(':')\n res = {}\n if parts[0][0] == '!':\n res['not'] = None\n parts[0] = parts[0][1:]\n if parts[0] == 'any':\n res['any'] = None\n elif parts[0] == '(self)':\n res['network'] = '(self)'\n elif parts[0] == 'NET':\n res['network'] = self.unalias_interface(parts[1])\n del parts[1]\n elif parts[0] == 'IP':\n res['network'] = self.unalias_interface(parts[1]) + 'ip'\n del parts[1]\n elif parts[0] in ['lan', 'lan', 'vpn', 'vt1', 'lan_100']:\n res['network'] = self.unalias_interface(parts[0])\n else:\n res['address'] = parts[0]\n\n if len(parts) > 1:\n res['port'] = parts[1]\n\n return res\n\n def check_rule_elt_addr(self, rule, rule_elt, addr):\n \"\"\" test the addresses definition of rule \"\"\"\n addr_dict = self.parse_address(rule[addr])\n addr_elt = self.assert_find_xml_elt(rule_elt, addr)\n for key, value in addr_dict.items():\n self.assert_xml_elt_equal(addr_elt, key, value)\n if 'any' in addr_dict:\n self.assert_not_find_xml_elt(addr_elt, 'address')\n self.assert_not_find_xml_elt(addr_elt, 'network')\n if 'network' in addr_dict:\n self.assert_not_find_xml_elt(addr_elt, 'address')\n self.assert_not_find_xml_elt(addr_elt, 'any')\n if 'address' in addr_dict:\n self.assert_not_find_xml_elt(addr_elt, 'network')\n self.assert_not_find_xml_elt(addr_elt, 'any')\n\n if 'not' not in addr_dict:\n self.assert_not_find_xml_elt(addr_elt, 'not')\n\n def get_target_elt(self, obj, absent=False, module_result=None):\n \"\"\" return target elt from XML \"\"\"\n obj['interface'] = self.unalias_interface(obj['interface'])\n if 'floating' in obj and obj['floating'] == 'yes':\n return self.assert_has_xml_tag('filter', dict(descr=obj['name'], floating='yes'), absent=absent)\n return self.assert_has_xml_tag('filter', dict(descr=obj['name'], interface=obj['interface']), absent=absent)\n\n def check_target_elt(self, obj, target_elt):\n \"\"\" check XML definition of target elt \"\"\"\n\n # checking source address and ports\n self.check_rule_elt_addr(obj, target_elt, 'source')\n\n # checking destination address and ports\n self.check_rule_elt_addr(obj, target_elt, 'destination')\n\n # checking log option\n if 'log' in obj and obj['log'] == 'yes':\n self.assert_xml_elt_is_none_or_empty(target_elt, 'log')\n elif 'log' not in obj or obj['log'] == 'no':\n self.assert_not_find_xml_elt(target_elt, 'log')\n\n # checking action option\n if 'action' in obj:\n action = obj['action']\n else:\n action = 'pass'\n self.assert_xml_elt_equal(target_elt, 'type', action)\n\n # checking floating option\n if 'floating' in obj and obj['floating'] == 'yes':\n self.assert_xml_elt_equal(target_elt, 'floating', 'yes')\n if 'quick' in obj and obj['quick'] == 'yes':\n self.assert_xml_elt_equal(target_elt, 'quick', 'yes')\n else:\n self.assert_not_find_xml_elt(target_elt, 'quick')\n\n elif 'floating' not in obj or obj['floating'] == 'no':\n self.assert_not_find_xml_elt(target_elt, 'floating')\n self.assert_not_find_xml_elt(target_elt, 'quick')\n\n # checking direction option\n self.check_param_equal_or_not_find(obj, target_elt, 'direction')\n\n # checking default queue option\n self.check_param_equal_or_not_find(obj, target_elt, 'queue', 'defaultqueue')\n\n # checking acknowledge queue option\n self.check_param_equal_or_not_find(obj, target_elt, 'ackqueue')\n\n # limiters\n self.check_param_equal_or_not_find(obj, target_elt, 'in_queue', 'dnpipe')\n self.check_param_equal_or_not_find(obj, target_elt, 'out_queue', 'pdnpipe')\n\n # schedule\n self.check_param_equal_or_not_find(obj, target_elt, 'sched')\n\n # checking ipprotocol option\n if 'ipprotocol' in obj:\n action = obj['ipprotocol']\n else:\n action = 'inet'\n self.assert_xml_elt_equal(target_elt, 'ipprotocol', action)\n\n # checking protocol option\n if 'protocol' in obj and obj['protocol'] != 'any':\n self.assert_xml_elt_equal(target_elt, 'protocol', obj['protocol'])\n else:\n self.assert_not_find_xml_elt(target_elt, 'protocol')\n\n # checking tcpflags_any option\n if 'tcpflags_any' in obj and obj['tcpflags_any'] == 'yes':\n self.assert_xml_elt_is_none_or_empty(target_elt, 'tcpflags_any')\n elif 'tcpflags_any' not in obj or obj['tcpflags_any'] == 'no':\n self.assert_not_find_xml_elt(target_elt, 'tcpflags_any')\n\n # checking statetype option\n if 'statetype' in obj and obj['statetype'] != 'keep state':\n statetype = obj['statetype']\n else:\n statetype = 'keep state'\n self.assert_xml_elt_equal(target_elt, 'statetype', statetype)\n\n # checking disabled option\n if 'disabled' in obj and obj['disabled'] == 'yes':\n self.assert_xml_elt_is_none_or_empty(target_elt, 'disabled')\n elif 'disabled' not in obj or obj['disabled'] == 'no':\n self.assert_not_find_xml_elt(target_elt, 'disabled')\n\n # checking gateway option\n if 'gateway' in obj and obj['gateway'] != 'default':\n self.assert_xml_elt_equal(target_elt, 'gateway', obj['gateway'])\n else:\n self.assert_not_find_xml_elt(target_elt, 'gateway')\n\n # checking tracker\n if 'tracker' in obj:\n self.assert_xml_elt_equal(target_elt, 'tracker', obj['tracker'])\n\n # checking icmptype\n if 'icmptype' in obj:\n self.assert_xml_elt_equal(target_elt, 'icmptype', obj['icmptype'])\n\n def check_rule_idx(self, rule, target_idx):\n \"\"\" test the xml position of rule \"\"\"\n floating = 'floating' in rule and rule['floating'] == 'yes'\n rule['interface'] = self.unalias_interface(rule['interface'])\n rules_elt = self.assert_find_xml_elt(self.xml_result, 'filter')\n idx = -1\n for rule_elt in rules_elt:\n interface_elt = rule_elt.find('interface')\n floating_elt = rule_elt.find('floating')\n floating_rule = floating_elt is not None and floating_elt.text == 'yes'\n if floating and not floating_rule:\n continue\n if not floating:\n if floating_rule or interface_elt is None or interface_elt.text is None or interface_elt.text != rule['interface']:\n continue\n idx += 1\n descr_elt = rule_elt.find('descr')\n self.assertIsNotNone(descr_elt)\n self.assertIsNotNone(descr_elt.text)\n if descr_elt.text == rule['name']:\n self.assertEqual(idx, target_idx)\n return\n self.fail('rule not found ' + str(idx))\n\n def check_separator_idx(self, interface, sep_name, expected_idx):\n \"\"\" test the logical position of separator \"\"\"\n filter_elt = self.assert_find_xml_elt(self.xml_result, 'filter')\n separator_elt = self.assert_find_xml_elt(filter_elt, 'separator')\n iface_elt = self.assert_find_xml_elt(separator_elt, interface)\n for separator in iface_elt:\n text_elt = separator.find('text')\n if text_elt is not None and text_elt.text == sep_name:\n row_elt = self.assert_find_xml_elt(separator, 'row')\n idx = int(row_elt.text.replace('fr', ''))\n if idx != expected_idx:\n self.fail('Idx of separator ' + sep_name + ' if wrong: ' + str(idx) + ', expected: ' + str(expected_idx))\n return\n self.fail('Separator ' + sep_name + 'not found on interface ' + interface)\n"
},
{
"path": "tests/unit/plugins/modules/test_pfsense_rule_create.py",
"content": "# Copyright: (c) 2018, Frederic Bor \n# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)\n\nfrom __future__ import (absolute_import, division, print_function)\n__metaclass__ = type\n\nimport pytest\nimport sys\n\nif sys.version_info < (2, 7):\n pytestmark = pytest.mark.skip(\"pfSense Ansible modules require Python >= 2.7\")\n\nfrom .test_pfsense_rule import TestPFSenseRuleModule\n\n\nclass TestPFSenseRuleCreateModule(TestPFSenseRuleModule):\n\n ############################\n # rule creation tests\n #\n def test_rule_create_one_rule(self):\n \"\"\" test creation of a new rule \"\"\"\n obj = dict(name='one_rule', source='any', destination='any', interface='lan')\n command = \"create rule 'one_rule' on 'lan', source='any', destination='any'\"\n self.do_module_test(obj, command=command)\n\n def test_rule_create_log(self):\n \"\"\" test creation of a new rule with logging \"\"\"\n obj = dict(name='one_rule', source='any', destination='any', interface='lan', log='yes')\n command = \"create rule 'one_rule' on 'lan', source='any', destination='any', log=True\"\n self.do_module_test(obj, command=command)\n\n def test_rule_create_nolog(self):\n \"\"\" test creation of a new rule without logging \"\"\"\n obj = dict(name='one_rule', source='any', destination='any', interface='lan', log='no')\n command = \"create rule 'one_rule' on 'lan', source='any', destination='any'\"\n self.do_module_test(obj, command=command)\n\n def test_rule_create_pass(self):\n \"\"\" test creation of a new rule explictly passing \"\"\"\n obj = dict(name='one_rule', source='any', destination='any', interface='lan', action='pass')\n command = \"create rule 'one_rule' on 'lan', source='any', destination='any'\"\n self.do_module_test(obj, command=command)\n\n def test_rule_create_block(self):\n \"\"\" test creation of a new rule blocking \"\"\"\n obj = dict(name='one_rule', source='any', destination='any', interface='lan', action='block')\n command = \"create rule 'one_rule' on 'lan', source='any', destination='any', action='block'\"\n self.do_module_test(obj, command=command)\n\n def test_rule_create_reject(self):\n \"\"\" test creation of a new rule rejecting \"\"\"\n obj = dict(name='one_rule', source='any', destination='any', interface='lan', action='reject')\n command = \"create rule 'one_rule' on 'lan', source='any', destination='any', action='reject'\"\n self.do_module_test(obj, command=command)\n\n def test_rule_create_disabled(self):\n \"\"\" test creation of a new disabled rule \"\"\"\n obj = dict(name='one_rule', source='any', destination='any', interface='lan', disabled=True)\n command = \"create rule 'one_rule' on 'lan', source='any', destination='any', disabled=True\"\n self.do_module_test(obj, command=command)\n\n def test_rule_create_floating(self):\n \"\"\" test creation of a new floating rule \"\"\"\n obj = dict(name='one_rule', source='any', destination='any', interface='lan', floating='yes', direction='any')\n command = \"create rule 'one_rule' on 'floating(lan)', source='any', destination='any', direction='any'\"\n self.do_module_test(obj, command=command)\n\n def test_rule_create_floating_any(self):\n \"\"\" test creation of a new floating rule with any interface \"\"\"\n obj = dict(name='one_rule', source='any', destination='any', interface='any', floating='yes', direction='any')\n command = \"create rule 'one_rule' on 'floating(any)', source='any', destination='any', direction='any'\"\n\n def test_rule_create_non_floating_any(self):\n \"\"\" test creation of a new rule with any interface \"\"\"\n obj = dict(name='one_rule', source='any', destination='any', interface='any', floating='no', direction='any')\n msg = \"any is not a valid interface\"\n self.do_module_test(obj, failed=True, msg=msg)\n\n def test_rule_create_floating_quick(self):\n \"\"\" test creation of a new floating rule with quick match \"\"\"\n obj = dict(name='one_rule', source='any', destination='any', interface='lan', floating='yes', direction='any', quick='yes')\n command = \"create rule 'one_rule' on 'floating(lan)', source='any', destination='any', direction='any', quick=True\"\n self.do_module_test(obj, command=command)\n\n def test_rule_create_nofloating(self):\n \"\"\" test creation of a new non-floating rule \"\"\"\n obj = dict(name='one_rule', source='any', destination='any', interface='lan', floating='no')\n command = \"create rule 'one_rule' on 'lan', source='any', destination='any'\"\n self.do_module_test(obj, command=command)\n\n def test_rule_create_floating_interfaces(self):\n \"\"\" test creation of a floating rule on three interfaces \"\"\"\n obj = dict(name='one_rule', source='any', destination='any', interface='lan,wan,vt1', floating='yes', direction='any')\n command = \"create rule 'one_rule' on 'floating(lan,wan,vt1)', source='any', destination='any', direction='any'\"\n self.do_module_test(obj, command=command)\n\n def test_rule_create_inet46(self):\n \"\"\" test creation of a new rule using ipv4 and ipv6 \"\"\"\n obj = dict(name='one_rule', source='any', destination='any', interface='lan', ipprotocol='inet46')\n command = \"create rule 'one_rule' on 'lan', source='any', destination='any', ipprotocol='inet46'\"\n self.do_module_test(obj, command=command)\n\n def test_rule_create_inet6(self):\n \"\"\" test creation of a new rule using ipv6 \"\"\"\n obj = dict(name='one_rule', source='any', destination='any', interface='lan', ipprotocol='inet6')\n command = \"create rule 'one_rule' on 'lan', source='any', destination='any', ipprotocol='inet6'\"\n self.do_module_test(obj, command=command)\n\n def test_rule_create_tcp(self):\n \"\"\" test creation of a new rule for tcp protocol \"\"\"\n obj = dict(name='one_rule', source='any', destination='any', interface='lan', protocol='tcp')\n command = \"create rule 'one_rule' on 'lan', source='any', destination='any', protocol='tcp'\"\n self.do_module_test(obj, command=command)\n\n def test_rule_create_udp(self):\n \"\"\" test creation of a new rule for udp protocol \"\"\"\n obj = dict(name='one_rule', source='any', destination='any', interface='lan', protocol='udp')\n command = \"create rule 'one_rule' on 'lan', source='any', destination='any', protocol='udp'\"\n self.do_module_test(obj, command=command)\n\n def test_rule_create_tcp_udp(self):\n \"\"\" test creation of a new rule for tcp/udp protocols \"\"\"\n obj = dict(name='one_rule', source='any', destination='any', interface='lan', protocol='tcp/udp')\n command = \"create rule 'one_rule' on 'lan', source='any', destination='any', protocol='tcp/udp'\"\n self.do_module_test(obj, command=command)\n\n def test_rule_create_icmp(self):\n \"\"\" test creation of a new rule for icmp protocol \"\"\"\n obj = dict(name='one_rule', source='any', destination='any', interface='lan', protocol='icmp')\n command = \"create rule 'one_rule' on 'lan', source='any', destination='any', protocol='icmp'\"\n self.do_module_test(obj, command=command)\n\n def test_rule_create_icmp_redir(self):\n \"\"\" test creation of a new rule for icmp protocol \"\"\"\n obj = dict(name='one_rule', source='any', destination='any', interface='lan', protocol='icmp', icmptype='redir', action='block')\n command = \"create rule 'one_rule' on 'lan', source='any', destination='any', protocol='icmp', icmptype='redir', action='block'\"\n self.do_module_test(obj, command=command)\n\n def test_rule_create_icmp_invalid_inet(self):\n \"\"\" test creation of a new rule for icmp protocol \"\"\"\n obj = dict(name='one_rule', source='any', destination='any', interface='lan', protocol='icmp', icmptype='neighbradv')\n msg = 'ICMP types neighbradv are invalid with IP type inet'\n self.do_module_test(obj, failed=True, msg=msg)\n\n def test_rule_create_icmp_invalid_inet6(self):\n \"\"\" test creation of a new rule for icmp protocol \"\"\"\n obj = dict(name='one_rule', source='any', destination='any', interface='lan', protocol='icmp', ipprotocol='inet6', icmptype='trace')\n msg = 'ICMP types trace are invalid with IP type inet6'\n self.do_module_test(obj, failed=True, msg=msg)\n\n def test_rule_create_icmp_invalid_inet46(self):\n \"\"\" test creation of a new rule for icmp protocol \"\"\"\n obj = dict(name='one_rule', source='any', destination='any', interface='lan', protocol='icmp', ipprotocol='inet46', icmptype='trace')\n msg = 'ICMP types trace are invalid with IP type inet46'\n self.do_module_test(obj, failed=True, msg=msg)\n\n def test_rule_create_icmp_invalid_empty(self):\n \"\"\" test creation of a new rule for icmp protocol \"\"\"\n obj = dict(name='one_rule', source='any', destination='any', interface='lan', protocol='icmp', icmptype='')\n msg = 'You must specify at least one icmptype or any for all of them'\n self.do_module_test(obj, failed=True, msg=msg)\n\n def test_rule_create_esp(self):\n \"\"\" test creation of a new rule for esp protocol \"\"\"\n obj = dict(name='one_rule', source='any', destination='any', interface='lan', protocol='esp')\n command = \"create rule 'one_rule' on 'lan', source='any', destination='any', protocol='esp'\"\n self.do_module_test(obj, command=command)\n\n def test_rule_create_protocol_any(self):\n \"\"\" test creation of a new rule for (self) \"\"\"\n obj = dict(name='one_rule', source='any', destination='any', interface='lan', protocol='any')\n command = \"create rule 'one_rule' on 'lan', source='any', destination='any'\"\n self.do_module_test(obj, command=command)\n\n def test_rule_create_tcpflags_any(self):\n \"\"\" test creation of a new rule with tcpflags_any \"\"\"\n obj = dict(name='one_rule', source='any', destination='any', interface='lan', tcpflags_any='yes')\n command = \"create rule 'one_rule' on 'lan', source='any', destination='any', tcpflags_any=True\"\n self.do_module_test(obj, command=command)\n\n def test_rule_create_state_keep(self):\n \"\"\" test creation of a new rule with explicit keep state \"\"\"\n obj = dict(name='one_rule', source='any', destination='any', interface='lan', statetype='keep state')\n command = \"create rule 'one_rule' on 'lan', source='any', destination='any'\"\n self.do_module_test(obj, command=command)\n\n def test_rule_create_state_sloppy(self):\n \"\"\" test creation of a new rule with sloppy state \"\"\"\n obj = dict(name='one_rule', source='any', destination='any', interface='lan', statetype='sloppy state')\n command = \"create rule 'one_rule' on 'lan', source='any', destination='any', statetype='sloppy state'\"\n self.do_module_test(obj, command=command)\n\n def test_rule_create_state_synproxy(self):\n \"\"\" test creation of a new rule with synproxy state \"\"\"\n # todo: synproxy is only valid with tcp\n obj = dict(name='one_rule', source='any', destination='any', interface='lan', statetype='synproxy state')\n command = \"create rule 'one_rule' on 'lan', source='any', destination='any', statetype='synproxy state'\"\n self.do_module_test(obj, command=command)\n\n def test_rule_create_state_none(self):\n \"\"\" test creation of a new rule with no state \"\"\"\n obj = dict(name='one_rule', source='any', destination='any', interface='lan', statetype='none')\n command = \"create rule 'one_rule' on 'lan', source='any', destination='any', statetype='none'\"\n self.do_module_test(obj, command=command)\n\n def test_rule_create_state_invalid(self):\n \"\"\" test creation of a new rule with invalid state \"\"\"\n obj = dict(name='one_rule', source='any', destination='any', interface='lan', statetype='acme state')\n msg = \"value of statetype must be one of: keep state, sloppy state, synproxy state, none, got: acme state\"\n self.do_module_test(obj, failed=True, msg=msg)\n\n def test_rule_create_after(self):\n \"\"\" test creation of a new rule after another \"\"\"\n obj = dict(name='one_rule', source='any', destination='any', interface='vpn', after='admin_bypass')\n command = \"create rule 'one_rule' on 'vpn', source='any', destination='any', after='admin_bypass'\"\n self.do_module_test(obj, command=command)\n self.check_rule_idx(obj, 13)\n\n def test_rule_create_after_top(self):\n \"\"\" test creation of a new rule at top \"\"\"\n obj = dict(name='one_rule', source='any', destination='any', interface='wan', after='top')\n command = \"create rule 'one_rule' on 'wan', source='any', destination='any', after='top'\"\n self.do_module_test(obj, command=command)\n self.check_rule_idx(obj, 0)\n\n def test_rule_create_after_invalid(self):\n \"\"\" test creation of a new rule after an invalid rule \"\"\"\n obj = dict(name='one_rule', source='any', destination='any', interface='lan', after='admin_bypass')\n msg = \"Failed to insert after rule=admin_bypass interface=lan\"\n self.do_module_test(obj, failed=True, msg=msg)\n\n def test_rule_create_before(self):\n \"\"\" test creation of a new rule before another \"\"\"\n obj = dict(name='one_rule', source='any', destination='any', interface='vpn', before='admin_bypass')\n command = \"create rule 'one_rule' on 'vpn', source='any', destination='any', before='admin_bypass'\"\n self.do_module_test(obj, command=command)\n self.check_rule_idx(obj, 12)\n\n def test_rule_create_before_bottom(self):\n \"\"\" test creation of a new rule at bottom \"\"\"\n obj = dict(name='one_rule', source='any', destination='any', interface='wan', before='bottom')\n command = \"create rule 'one_rule' on 'wan', source='any', destination='any', before='bottom'\"\n self.do_module_test(obj, command=command)\n self.check_rule_idx(obj, 4)\n\n def test_rule_create_before_bottom_default(self):\n \"\"\" test creation of a new rule at bottom (default) \"\"\"\n obj = dict(name='one_rule', source='any', destination='any', interface='wan', action='pass')\n command = \"create rule 'one_rule' on 'wan', source='any', destination='any'\"\n self.do_module_test(obj, command=command)\n self.check_rule_idx(obj, 4)\n\n def test_rule_create_before_invalid(self):\n \"\"\" test creation of a new rule before an invalid rule \"\"\"\n obj = dict(name='one_rule', source='any', destination='any', interface='lan', before='admin_bypass')\n msg = \"Failed to insert before rule=admin_bypass interface=lan\"\n self.do_module_test(obj, failed=True, msg=msg)\n\n def test_rule_create_source_alias(self):\n \"\"\" test creation of a new rule with a valid source alias \"\"\"\n obj = dict(name='one_rule', source='srv_admin', destination='any', interface='lan')\n command = \"create rule 'one_rule' on 'lan', source='srv_admin', destination='any'\"\n self.do_module_test(obj, command=command)\n\n def test_rule_create_source_urltable_alias(self):\n \"\"\" test creation of a new rule with a valid source urltable alias \"\"\"\n obj = dict(name='one_rule', source='acme_corp', destination='any', interface='lan')\n command = \"create rule 'one_rule' on 'lan', source='acme_corp', destination='any'\"\n self.do_module_test(obj, command=command)\n\n def test_rule_create_source_alias_invalid(self):\n \"\"\" test creation of a new rule with an invalid source alias \"\"\"\n obj = dict(name='one_rule', source='acme', destination='any', interface='lan')\n msg = \"Cannot parse address acme, not IP or alias\"\n self.do_module_test(obj, failed=True, msg=msg)\n\n def test_rule_create_invalid_ports(self):\n \"\"\" test creation of a new rule with an invalid use of ports \"\"\"\n obj = dict(name='one_rule', source='192.193.194.195', destination='any:22', interface='lan', protocol='icmp')\n msg = \"'one_rule' on 'lan': you can't use ports on protocols other than tcp, udp, tcp/udp or any\"\n self.do_module_test(obj, failed=True, msg=msg)\n\n def test_rule_create_source_ip_invalid(self):\n \"\"\" test creation of a new rule with an invalid source ip \"\"\"\n obj = dict(name='one_rule', source='192.193.194.195.196', destination='any', interface='lan')\n msg = \"Cannot parse address 192.193.194.195.196, not IP or alias\"\n self.do_module_test(obj, failed=True, msg=msg)\n\n def test_rule_create_source_net_invalid(self):\n \"\"\" test creation of a new rule with an invalid source network \"\"\"\n obj = dict(name='one_rule', source='192.193.194.195/256', destination='any', interface='lan')\n msg = \"Cannot parse address 192.193.194.195/256, not IP or alias\"\n self.do_module_test(obj, failed=True, msg=msg)\n\n def test_rule_create_destination_alias(self):\n \"\"\" test creation of a new rule with a valid destination alias \"\"\"\n obj = dict(name='one_rule', source='any', destination='srv_admin', interface='lan')\n command = \"create rule 'one_rule' on 'lan', source='any', destination='srv_admin'\"\n self.do_module_test(obj, command=command)\n\n def test_rule_create_destination_alias_invalid(self):\n \"\"\" test creation of a new rule with an invalid destination alias \"\"\"\n obj = dict(name='one_rule', source='any', destination='acme', interface='lan')\n msg = \"Cannot parse address acme, not IP or alias\"\n self.do_module_test(obj, failed=True, msg=msg)\n\n def test_rule_create_destination_ip_invalid(self):\n \"\"\" test creation of a new rule with an invalid destination ip \"\"\"\n obj = dict(name='one_rule', source='any', destination='192.193.194.195.196', interface='lan')\n msg = \"Cannot parse address 192.193.194.195.196, not IP or alias\"\n self.do_module_test(obj, failed=True, msg=msg)\n\n def test_rule_create_destination_net_invalid(self):\n \"\"\" test creation of a new rule with an invalid destination network \"\"\"\n obj = dict(name='one_rule', source='any', destination='192.193.194.195/256', interface='lan')\n msg = \"Cannot parse address 192.193.194.195/256, not IP or alias\"\n self.do_module_test(obj, failed=True, msg=msg)\n\n def test_rule_create_source_self_lan(self):\n \"\"\" test creation of a new rule with self\"\"\"\n obj = dict(name='one_rule', source='(self)', destination='any', interface='lan')\n command = \"create rule 'one_rule' on 'lan', source='(self)', destination='any'\"\n self.do_module_test(obj, command=command)\n\n def test_rule_create_ip_to_ip(self):\n \"\"\" test creation of a new rule with valid ips \"\"\"\n obj = dict(name='one_rule', source='10.10.1.1', destination='10.10.10.1', interface='lan')\n command = \"create rule 'one_rule' on 'lan', source='10.10.1.1', destination='10.10.10.1'\"\n self.do_module_test(obj, command=command)\n\n def test_rule_create_ip6_to_ip6(self):\n \"\"\" test creation of a new rule with valid ips \"\"\"\n obj = dict(name='one_rule', source='2001:db8:1::1', destination='2001:db8:2::2', ipprotocol='inet6', interface='lan')\n command = \"create rule 'one_rule' on 'lan', source='2001:db8:1::1', destination='2001:db8:2::2', ipprotocol='inet6'\"\n self.do_module_test(obj, command=command)\n\n def test_rule_create_net_to_net(self):\n \"\"\" test creation of a new rule valid networks \"\"\"\n obj = dict(name='one_rule', source='10.10.1.0/24', destination='10.10.10.0/24', interface='lan')\n command = \"create rule 'one_rule' on 'lan', source='10.10.1.0/24', destination='10.10.10.0/24'\"\n self.do_module_test(obj, command=command)\n\n def test_rule_create_net6_to_net6(self):\n \"\"\" test creation of a new rule valid networks \"\"\"\n obj = dict(name='one_rule', source='2001:db8:1::/64', destination='2001:db8:2::/64', ipprotocol='inet6', interface='lan')\n command = \"create rule 'one_rule' on 'lan', source='2001:db8:1::/64', destination='2001:db8:2::/64', ipprotocol='inet6'\"\n self.do_module_test(obj, command=command)\n\n def test_rule_create_net_interface(self):\n \"\"\" test creation of a new rule with valid interface \"\"\"\n obj = dict(name='one_rule', source='NET:lan', destination='any', interface='lan')\n command = \"create rule 'one_rule' on 'lan', source='NET:lan', destination='any'\"\n self.do_module_test(obj, command=command)\n\n def test_rule_create_net_interface_invalid(self):\n \"\"\" test creation of a new rule with invalid interface \"\"\"\n obj = dict(name='one_rule', source='NET:invalid_lan', destination='any', interface='lan')\n msg = \"invalid_lan is not a valid interface\"\n self.do_module_test(obj, failed=True, msg=msg)\n\n def test_rule_create_net_interface_invalid2(self):\n \"\"\" test creation of a new rule with invalid interface \"\"\"\n obj = dict(name='one_rule', source='NET:', destination='any', interface='lan')\n msg = \"Cannot parse address NET:\"\n self.do_module_test(obj, failed=True, msg=msg)\n\n def test_rule_create_ip_interface(self):\n \"\"\" test creation of a new rule with valid interface \"\"\"\n obj = dict(name='one_rule', source='IP:vt1', destination='any', interface='lan')\n command = \"create rule 'one_rule' on 'lan', source='IP:vt1', destination='any'\"\n self.do_module_test(obj, command=command)\n\n def test_rule_create_ip_interface_with_port(self):\n \"\"\" test creation of a new rule with valid interface \"\"\"\n obj = dict(name='one_rule', source='IP:vt1:22', destination='any', interface='lan', protocol='tcp')\n command = \"create rule 'one_rule' on 'lan', source='IP:vt1:22', destination='any', protocol='tcp'\"\n self.do_module_test(obj, command=command)\n\n def test_rule_create_ip_interface_invalid(self):\n \"\"\" test creation of a new rule with invalid interface \"\"\"\n obj = dict(name='one_rule', source='IP:invalid_lan', destination='any', interface='lan')\n msg = \"invalid_lan is not a valid interface\"\n self.do_module_test(obj, failed=True, msg=msg)\n\n def test_rule_create_interface(self):\n \"\"\" test creation of a new rule with valid interface \"\"\"\n obj = dict(name='one_rule', source='vpn', destination='any', interface='lan')\n command = \"create rule 'one_rule' on 'lan', source='vpn', destination='any'\"\n self.do_module_test(obj, command=command)\n\n def test_rule_create_port_number(self):\n \"\"\" test creation of a new rule with port \"\"\"\n obj = dict(name='one_rule', source='10.10.1.1', destination='10.10.10.1:80', interface='lan', protocol='tcp')\n command = \"create rule 'one_rule' on 'lan', source='10.10.1.1', destination='10.10.10.1:80', protocol='tcp'\"\n self.do_module_test(obj, command=command)\n\n def test_rule_create_port_alias(self):\n \"\"\" test creation of a new rule with port alias \"\"\"\n obj = dict(name='one_rule', source='10.10.1.1', destination='10.10.10.1:port_http', interface='lan', protocol='tcp')\n command = \"create rule 'one_rule' on 'lan', source='10.10.1.1', destination='10.10.10.1:port_http', protocol='tcp'\"\n self.do_module_test(obj, command=command)\n\n def test_rule_create_urltable_port_alias(self):\n \"\"\" test creation of a new rule with urltable port alias \"\"\"\n obj = dict(name='one_rule', source='10.10.1.1', destination='10.10.10.1:acme_corp_ports', interface='lan', protocol='tcp')\n command = \"create rule 'one_rule' on 'lan', source='10.10.1.1', destination='10.10.10.1:acme_corp_ports', protocol='tcp'\"\n self.do_module_test(obj, command=command)\n\n def test_rule_create_port_range(self):\n \"\"\" test creation of a new rule with range of ports \"\"\"\n obj = dict(name='one_rule', source='10.10.1.1:30000-40000', destination='10.10.10.1', interface='lan', protocol='tcp')\n command = \"create rule 'one_rule' on 'lan', source='10.10.1.1:30000-40000', destination='10.10.10.1', protocol='tcp'\"\n self.do_module_test(obj, command=command)\n\n def test_rule_create_port_alias_range(self):\n \"\"\" test creation of a new rule with range of alias ports \"\"\"\n obj = dict(name='one_rule', source='10.10.1.1:port_ssh-port_http', destination='10.10.10.1', interface='lan', protocol='tcp')\n command = \"create rule 'one_rule' on 'lan', source='10.10.1.1:port_ssh-port_http', destination='10.10.10.1', protocol='tcp'\"\n self.do_module_test(obj, command=command)\n\n def test_rule_create_port_alias_range_invalid_1(self):\n \"\"\" test creation of a new rule with range of invalid alias ports \"\"\"\n obj = dict(name='one_rule', source='10.10.1.1:port_ssh-openvpn_port', destination='10.10.10.1', interface='lan')\n msg = \"Cannot parse port openvpn_port, not port number or alias\"\n self.do_module_test(obj, failed=True, msg=msg)\n\n def test_rule_create_port_alias_range_invalid_2(self):\n \"\"\" test creation of a new rule with range of invalid alias ports \"\"\"\n obj = dict(name='one_rule', source='10.10.1.1:-openvpn_port', destination='10.10.10.1', interface='lan')\n msg = \"Cannot parse port -openvpn_port\"\n self.do_module_test(obj, failed=True, msg=msg)\n\n def test_rule_create_port_alias_range_invalid_3(self):\n \"\"\" test creation of a new rule with range of invalid alias ports \"\"\"\n obj = dict(name='one_rule', source='10.10.1.1:port_ssh-65537', destination='10.10.10.1', interface='lan')\n msg = \"Cannot parse port 65537, not port number or alias\"\n self.do_module_test(obj, failed=True, msg=msg)\n\n def test_rule_create_port_number_invalid(self):\n \"\"\" test creation of a new rule with invalid port number \"\"\"\n obj = dict(name='one_rule', source='10.10.1.1:65536', destination='10.10.10.1', interface='lan', protocol='tcp')\n msg = \"Cannot parse port 65536, not port number or alias\"\n self.do_module_test(obj, failed=True, msg=msg)\n\n def test_rule_create_port_alias_invalid(self):\n \"\"\" test creation of a new rule with invalid port alias \"\"\"\n obj = dict(name='one_rule', source='10.10.1.1:openvpn_port', destination='10.10.10.1', interface='lan')\n msg = \"Cannot parse port openvpn_port, not port number or alias\"\n self.do_module_test(obj, failed=True, msg=msg)\n\n def test_rule_create_negate_source(self):\n \"\"\" test creation of a new rule with a not source \"\"\"\n obj = dict(name='one_rule', source='!srv_admin', destination='any', interface='lan')\n command = \"create rule 'one_rule' on 'lan', source='!srv_admin', destination='any'\"\n self.do_module_test(obj, command=command)\n\n def test_rule_create_negate_destination(self):\n \"\"\" test creation of a new rule with a not destination \"\"\"\n obj = dict(name='one_rule', source='any', destination='!srv_admin', interface='lan')\n command = \"create rule 'one_rule' on 'lan', source='any', destination='!srv_admin'\"\n self.do_module_test(obj, command=command)\n\n def test_rule_create_separator_top(self):\n \"\"\" test creation of a new rule at top \"\"\"\n obj = dict(name='one_rule', source='any', destination='any', interface='vt1', after='top')\n command = \"create rule 'one_rule' on 'vt1', source='any', destination='any', after='top'\"\n self.do_module_test(obj, command=command)\n self.check_rule_idx(obj, 0)\n self.check_separator_idx(obj['interface'], 'test_sep1', 1)\n self.check_separator_idx(obj['interface'], 'test_sep2', 4)\n\n def test_rule_create_separator_bottom(self):\n \"\"\" test creation of a new rule at bottom \"\"\"\n obj = dict(name='one_rule', source='any', destination='any', interface='vt1', before='bottom')\n command = \"create rule 'one_rule' on 'vt1', source='any', destination='any', before='bottom'\"\n self.do_module_test(obj, command=command)\n self.check_rule_idx(obj, 3)\n self.check_separator_idx(obj['interface'], 'test_sep1', 0)\n self.check_separator_idx(obj['interface'], 'test_sep2', 3)\n\n def test_rule_create_separator_before_first(self):\n \"\"\" test creation of a new rule before first rule \"\"\"\n obj = dict(name='one_rule', source='any', destination='any', interface='vt1', before='r1')\n command = \"create rule 'one_rule' on 'vt1', source='any', destination='any', before='r1'\"\n self.do_module_test(obj, command=command)\n self.check_rule_idx(obj, 0)\n self.check_separator_idx(obj['interface'], 'test_sep1', 0)\n self.check_separator_idx(obj['interface'], 'test_sep2', 4)\n\n def test_rule_create_separator_after_third(self):\n \"\"\" test creation of a new rule after third rule \"\"\"\n obj = dict(name='one_rule', source='any', destination='any', interface='vt1', after='r3')\n command = \"create rule 'one_rule' on 'vt1', source='any', destination='any', after='r3'\"\n self.do_module_test(obj, command=command)\n self.check_rule_idx(obj, 3)\n self.check_separator_idx(obj['interface'], 'test_sep1', 0)\n self.check_separator_idx(obj['interface'], 'test_sep2', 4)\n\n def test_rule_create_queue(self):\n \"\"\" test creation of a new rule with default queue \"\"\"\n obj = dict(name='one_rule', source='any', destination='any', interface='lan', queue='one_queue')\n command = \"create rule 'one_rule' on 'lan', source='any', destination='any', queue='one_queue'\"\n self.do_module_test(obj, command=command)\n\n def test_rule_create_queue_ack(self):\n \"\"\" test creation of a new rule with default queue and ack queue \"\"\"\n obj = dict(name='one_rule', source='any', destination='any', interface='lan', queue='one_queue', ackqueue='another_queue')\n command = \"create rule 'one_rule' on 'lan', source='any', destination='any', queue='one_queue', ackqueue='another_queue'\"\n self.do_module_test(obj, command=command)\n\n def test_rule_create_queue_ack_without_default(self):\n \"\"\" test creation of a new rule with ack queue and without default queue \"\"\"\n obj = dict(name='one_rule', source='any', destination='any', interface='lan', ackqueue='another_queue')\n msg = \"A default queue must be selected when an acknowledge queue is also selected\"\n self.do_module_test(obj, failed=True, msg=msg)\n\n def test_rule_create_queue_same(self):\n \"\"\" test creation of a new rule with same default queue and ack queue \"\"\"\n obj = dict(name='one_rule', source='any', destination='any', interface='lan', queue='one_queue', ackqueue='one_queue')\n msg = \"Acknowledge queue and default queue cannot be the same\"\n self.do_module_test(obj, failed=True, msg=msg)\n\n def test_rule_create_queue_invalid(self):\n \"\"\" test creation of a new rule with invalid default queue \"\"\"\n obj = dict(name='one_rule', source='any', destination='any', interface='lan', queue='acme_queue')\n msg = \"Failed to find enabled queue=acme_queue\"\n self.do_module_test(obj, failed=True, msg=msg)\n\n def test_rule_create_queue_invalid_ack(self):\n \"\"\" test creation of a new rule with default queue and invalid ack queue \"\"\"\n obj = dict(name='one_rule', source='any', destination='any', interface='lan', queue='one_queue', ackqueue='acme_queue')\n msg = \"Failed to find enabled ackqueue=acme_queue\"\n self.do_module_test(obj, failed=True, msg=msg)\n\n def test_rule_create_limiter(self):\n \"\"\" test creation of a new rule with in_queue \"\"\"\n obj = dict(name='one_rule', source='any', destination='any', interface='lan', in_queue='one_limiter')\n command = \"create rule 'one_rule' on 'lan', source='any', destination='any', in_queue='one_limiter'\"\n self.do_module_test(obj, command=command)\n\n def test_rule_create_limiter_out(self):\n \"\"\" test creation of a new rule with in_queue and out_queue \"\"\"\n obj = dict(name='one_rule', source='any', destination='any', interface='lan', in_queue='one_limiter', out_queue='another_limiter')\n command = \"create rule 'one_rule' on 'lan', source='any', destination='any', in_queue='one_limiter', out_queue='another_limiter'\"\n self.do_module_test(obj, command=command)\n\n def test_rule_create_limiter_disabled(self):\n \"\"\" test creation of a new rule with disabled in_queue \"\"\"\n obj = dict(name='one_rule', source='any', destination='any', interface='lan', in_queue='disabled_limiter')\n msg = \"Failed to find enabled in_queue=disabled_limiter\"\n self.do_module_test(obj, failed=True, msg=msg)\n\n def test_rule_create_limiter_out_without_in(self):\n \"\"\" test creation of a new rule with out_queue and without in_queue \"\"\"\n obj = dict(name='one_rule', source='any', destination='any', interface='lan', out_queue='another_limiter')\n msg = \"A queue must be selected for the In direction before selecting one for Out too\"\n self.do_module_test(obj, failed=True, msg=msg)\n\n def test_rule_create_limiter_same(self):\n \"\"\" test creation of a new rule with same in_queue and out_queue \"\"\"\n obj = dict(name='one_rule', source='any', destination='any', interface='lan', in_queue='one_limiter', out_queue='one_limiter')\n msg = \"In and Out Queue cannot be the same\"\n self.do_module_test(obj, failed=True, msg=msg)\n\n def test_rule_create_limiter_invalid(self):\n \"\"\" test creation of a new rule with invalid in_queue \"\"\"\n obj = dict(name='one_rule', source='any', destination='any', interface='lan', in_queue='acme_queue')\n msg = \"Failed to find enabled in_queue=acme_queue\"\n self.do_module_test(obj, failed=True, msg=msg)\n\n def test_rule_create_limiter_invalid_out(self):\n \"\"\" test creation of a new rule with in_queue and invalid out_queue \"\"\"\n obj = dict(name='one_rule', source='any', destination='any', interface='lan', in_queue='one_limiter', out_queue='acme_queue')\n msg = \"Failed to find enabled out_queue=acme_queue\"\n self.do_module_test(obj, failed=True, msg=msg)\n\n def test_rule_create_limiter_floating_any(self):\n \"\"\" test creation of a new rule with in_queue and invalid out_queue \"\"\"\n obj = dict(name='one_rule', source='any', destination='any', interface='lan', in_queue='one_limiter', floating='yes', direction='any')\n msg = \"Limiters can not be used in Floating rules without choosing a direction\"\n self.do_module_test(obj, failed=True, msg=msg)\n\n def test_rule_create_gateway(self):\n \"\"\" test creation of a new rule with gateway \"\"\"\n obj = dict(name='one_rule', source='any', destination='any', interface='lan', gateway='GW_LAN')\n command = \"create rule 'one_rule' on 'lan', source='any', destination='any', gateway='GW_LAN'\"\n self.do_module_test(obj, command=command)\n\n def test_rule_create_gateway_invalid(self):\n \"\"\" test creation of a new rule with invalid gateway \"\"\"\n obj = dict(name='one_rule', source='any', destination='any', interface='lan', gateway='GW_WLAN')\n msg = 'Gateway \"GW_WLAN\" does not exist or does not match target rule ip protocol.'\n self.do_module_test(obj, failed=True, msg=msg)\n\n def test_rule_create_gateway_invalid_ipprotocol(self):\n \"\"\" test creation of a new rule with gateway \"\"\"\n obj = dict(name='one_rule', source='any', destination='any', interface='lan', ipprotocol='inet6', gateway='GW_LAN')\n msg = 'Gateway \"GW_LAN\" does not exist or does not match target rule ip protocol.'\n self.do_module_test(obj, failed=True, msg=msg)\n\n def test_rule_create_gateway_floating(self):\n \"\"\" test creation of a new floating rule with gateway \"\"\"\n obj = dict(name='one_rule', source='any', destination='any', interface='lan', floating='yes', direction='in', gateway='GW_LAN')\n command = \"create rule 'one_rule' on 'floating(lan)', source='any', destination='any', direction='in', gateway='GW_LAN'\"\n self.do_module_test(obj, command=command)\n\n def test_rule_create_gateway_floating_any(self):\n \"\"\" test creation of a new floating rule with gateway \"\"\"\n obj = dict(name='one_rule', source='any', destination='any', interface='lan', floating='yes', direction='any', gateway='GW_LAN')\n msg = \"Gateways can not be used in Floating rules without choosing a direction\"\n self.do_module_test(obj, failed=True, msg=msg)\n\n def test_rule_create_gateway_group(self):\n \"\"\" test creation of a new rule with gateway group \"\"\"\n obj = dict(name='one_rule', source='any', destination='any', interface='lan', gateway='GWGroup')\n command = \"create rule 'one_rule' on 'lan', source='any', destination='any', gateway='GWGroup'\"\n self.do_module_test(obj, command=command)\n\n def test_rule_create_gateway_group_invalid_ipprotocol(self):\n \"\"\" test creation of a new rule with gateway group \"\"\"\n obj = dict(name='one_rule', source='any', destination='any', interface='lan', ipprotocol='inet6', gateway='GWGroup')\n msg = 'Gateway \"GWGroup\" does not exist or does not match target rule ip protocol.'\n self.do_module_test(obj, failed=True, msg=msg)\n\n def test_rule_create_tracker(self):\n \"\"\" test creation of a new rule with tracker \"\"\"\n obj = dict(name='one_rule', source='any', destination='any', interface='lan', tracker='1234')\n command = \"create rule 'one_rule' on 'lan', source='any', destination='any', tracker='1234'\"\n self.do_module_test(obj, command=command)\n\n def test_rule_create_tracker_leading0(self):\n \"\"\" test creation of a new rule with tracker with a leading 0 \"\"\"\n obj = dict(name='one_rule', source='any', destination='any', interface='lan', tracker='0100000101')\n command = \"create rule 'one_rule' on 'lan', source='any', destination='any', tracker='0100000101'\"\n self.do_module_test(obj, command=command)\n\n def test_rule_create_tracker_invalid(self):\n \"\"\" test creation of a new rule with invalid tracker \"\"\"\n obj = dict(name='one_rule', source='any', destination='any', interface='lan', tracker='-1234')\n msg = 'tracker -1234 must be a positive integer'\n self.do_module_test(obj, failed=True, msg=msg)\n\n def test_rule_create_schedule(self):\n \"\"\" test creation of a new rule with schedule \"\"\"\n obj = dict(name='one_rule', source='any', destination='any', interface='lan', sched='workdays')\n command = \"create rule 'one_rule' on 'lan', source='any', destination='any', sched='workdays'\"\n self.do_module_test(obj, command=command)\n\n def test_rule_create_schedule_invalid(self):\n \"\"\" test creation of a new rule with invalid schedule \"\"\"\n obj = dict(name='one_rule', source='any', destination='any', interface='lan', sched='acme')\n msg = 'Schedule acme does not exist'\n self.do_module_test(obj, failed=True, msg=msg)\n\n ##################################\n # protocol any with ports\n #\n def test_rule_create_protocol_any_with_dst_port(self):\n \"\"\" test creation of a rule with protocol any and destination port \"\"\"\n obj = dict(name='one_rule', source='any', destination='any:443', interface='lan', protocol='any')\n command = \"create rule 'one_rule' on 'lan', source='any', destination='any:443'\"\n self.do_module_test(obj, command=command)\n\n def test_rule_create_protocol_icmp_with_dst_port(self):\n \"\"\" test creation of a rule with protocol icmp and destination port should fail \"\"\"\n obj = dict(name='one_rule', source='any', destination='any:443', interface='lan', protocol='icmp')\n msg = \"'one_rule' on 'lan': you can't use ports on protocols other than tcp, udp, tcp/udp or any\"\n self.do_module_test(obj, failed=True, msg=msg)\n\n ##################################\n # pass rule ordering (insert before first block/reject)\n #\n def test_rule_create_pass_before_block(self):\n \"\"\" test that a new pass rule is inserted before the first block rule on the same interface \"\"\"\n obj = dict(name='new_pass_rule', source='any', destination='any', interface='lan')\n command = \"create rule 'new_pass_rule' on 'lan', source='any', destination='any'\"\n self.do_module_test(obj, command=command)\n # Verify the new pass rule appears before block_all_lan in the XML\n self.load_xml_result()\n filter_elt = self.xml_result.find('filter')\n rules = []\n for rule_elt in filter_elt.findall('rule'):\n iface_elt = rule_elt.find('interface')\n descr_elt = rule_elt.find('descr')\n if iface_elt is not None and iface_elt.text == 'lan' and descr_elt is not None:\n rules.append(descr_elt.text)\n self.assertIn('new_pass_rule', rules)\n self.assertIn('block_all_lan', rules)\n pass_idx = rules.index('new_pass_rule')\n block_idx = rules.index('block_all_lan')\n self.assertLess(pass_idx, block_idx, \"pass rule should be positioned before block rule\")\n\n def test_rule_create_block_appends_to_end(self):\n \"\"\" test that a new block rule appends to the end (after existing block rules) \"\"\"\n obj = dict(name='new_block_rule', source='any', destination='any', interface='lan', action='block')\n command = \"create rule 'new_block_rule' on 'lan', source='any', destination='any', action='block'\"\n self.do_module_test(obj, command=command)\n # Verify the new block rule appears after block_all_lan\n self.load_xml_result()\n filter_elt = self.xml_result.find('filter')\n rules = []\n for rule_elt in filter_elt.findall('rule'):\n iface_elt = rule_elt.find('interface')\n descr_elt = rule_elt.find('descr')\n if iface_elt is not None and iface_elt.text == 'lan' and descr_elt is not None:\n rules.append(descr_elt.text)\n self.assertIn('new_block_rule', rules)\n self.assertIn('block_all_lan', rules)\n new_idx = rules.index('new_block_rule')\n existing_idx = rules.index('block_all_lan')\n self.assertGreater(new_idx, existing_idx, \"new block rule should append after existing block rule\")\n\n def test_rule_create_pass_before_reject(self):\n \"\"\" test that a new pass rule is inserted before a reject rule, not just block \"\"\"\n # Fixture has both block_all_lan and reject_all_lan on lan.\n # A new pass rule should be inserted before both.\n obj = dict(name='new_pass_above_reject', source='any', destination='any:80', interface='lan', protocol='tcp')\n command = \"create rule 'new_pass_above_reject' on 'lan', source='any', destination='any:80', protocol='tcp'\"\n self.do_module_test(obj, command=command)\n self.load_xml_result()\n filter_elt = self.xml_result.find('filter')\n rules = []\n for rule_elt in filter_elt.findall('rule'):\n iface_elt = rule_elt.find('interface')\n descr_elt = rule_elt.find('descr')\n if iface_elt is not None and iface_elt.text == 'lan' and descr_elt is not None:\n rules.append(descr_elt.text)\n self.assertIn('new_pass_above_reject', rules)\n self.assertIn('block_all_lan', rules)\n self.assertIn('reject_all_lan', rules)\n pass_idx = rules.index('new_pass_above_reject')\n block_idx = rules.index('block_all_lan')\n reject_idx = rules.index('reject_all_lan')\n self.assertLess(pass_idx, block_idx, \"pass rule should be before block rule\")\n self.assertLess(pass_idx, reject_idx, \"pass rule should be before reject rule\")\n"
},
{
"path": "tests/unit/plugins/modules/test_pfsense_rule_misc.py",
"content": "# Copyright: (c) 2018, Frederic Bor \n# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)\n\nfrom __future__ import (absolute_import, division, print_function)\n__metaclass__ = type\n\nimport pytest\nimport sys\n\nif sys.version_info < (2, 7):\n pytestmark = pytest.mark.skip(\"pfSense Ansible modules require Python >= 2.7\")\n\nfrom ansible_collections.community.internal_test_tools.tests.unit.plugins.modules.utils import set_module_args\nfrom .test_pfsense_rule import TestPFSenseRuleModule\n\n\nclass TestPFSenseRuleMiscModule(TestPFSenseRuleModule):\n\n ##############\n # delete\n #\n def test_rule_delete(self):\n \"\"\" test deleting a rule \"\"\"\n obj = dict(name='test_rule_3', source='any', destination='any', interface='wan', protocol='tcp')\n command = \"delete rule 'test_rule_3' on 'wan'\"\n self.do_module_test(obj, command=command, delete=True)\n\n ##############\n # misc\n #\n def test_check_mode(self):\n \"\"\" test check mode \"\"\"\n obj = dict(name='one_rule', source='any', destination='any', interface='lan')\n with set_module_args(self.args_from_var(obj, _ansible_check_mode=True)):\n self.execute_module(changed=True)\n self.assertFalse(self.load_xml_result())\n"
},
{
"path": "tests/unit/plugins/modules/test_pfsense_rule_noop.py",
"content": "# Copyright: (c) 2018, Frederic Bor \n# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)\n\nfrom __future__ import (absolute_import, division, print_function)\n__metaclass__ = type\n\nimport pytest\nimport sys\n\nif sys.version_info < (2, 7):\n pytestmark = pytest.mark.skip(\"pfSense Ansible modules require Python >= 2.7\")\n\nfrom .test_pfsense_rule import TestPFSenseRuleModule\n\n\nclass TestPFSenseRuleNoopModule(TestPFSenseRuleModule):\n\n ############################\n # rule noop tests\n #\n def test_rule_noop_action(self):\n \"\"\" test not updating action of a rule to block \"\"\"\n obj = dict(name='test_rule', source='any', destination='any', interface='wan', action='pass', protocol='tcp')\n self.do_module_test(obj, changed=False)\n\n def test_rule_noop_disabled(self):\n \"\"\" test not updating disabled of a rule \"\"\"\n obj = dict(name='test_rule', source='any', destination='any', interface='wan', disabled='False', protocol='tcp')\n self.do_module_test(obj, changed=False)\n\n def test_rule_noop_enabled(self):\n \"\"\" test not updating disabled of a rule \"\"\"\n obj = dict(name='test_lan_100_1', source='any', destination='any', interface='lan_100', disabled='True', protocol='tcp')\n self.do_module_test(obj, changed=False)\n\n def test_rule_noop_disabled_default(self):\n \"\"\" test not updating disabled of a rule \"\"\"\n obj = dict(name='test_rule', source='any', destination='any', interface='wan', protocol='tcp')\n self.do_module_test(obj, changed=False)\n\n def test_rule_noop_floating_interface(self):\n \"\"\" test not updating interface of a floating rule \"\"\"\n obj = dict(name='test_rule_floating', source='any', destination='any', interface='wan', floating='yes', direction='any', protocol='tcp')\n self.do_module_test(obj, changed=False)\n\n def test_rule_noop_floating_direction(self):\n \"\"\" test not updating direction of a rule to out \"\"\"\n obj = dict(name='test_rule_floating', source='any', destination='any', interface='wan', floating='yes', direction='any', protocol='tcp')\n self.do_module_test(obj, changed=False)\n\n def test_rule_noop_inet(self):\n \"\"\" test not updating ippprotocol of a rule \"\"\"\n obj = dict(name='test_rule', source='any', destination='any', interface='wan', ipprotocol='inet', protocol='tcp')\n self.do_module_test(obj, changed=False)\n\n def test_rule_noop_protocol(self):\n \"\"\" test not updating protocol of a rule \"\"\"\n obj = dict(name='test_rule', source='any', destination='any', interface='wan', protocol='tcp')\n self.do_module_test(obj, changed=False)\n\n def test_rule_noop_log_no(self):\n \"\"\" test not updating log of a rule to no \"\"\"\n obj = dict(name='test_rule', source='any', destination='any', interface='wan', log='no', protocol='tcp')\n self.do_module_test(obj, changed=False)\n\n def test_rule_noop_log_yes(self):\n \"\"\" test not updating log of a rule to no \"\"\"\n obj = dict(name='test_rule_2', source='any', destination='any', interface='wan', log='yes', protocol='tcp')\n self.do_module_test(obj, changed=False)\n\n def test_rule_noop_log_default(self):\n \"\"\" test not updating log of a rule to default \"\"\"\n obj = dict(name='test_rule', source='any', destination='any', interface='wan', log='no', protocol='tcp')\n self.do_module_test(obj, changed=False)\n\n def test_rule_noop_source_and_destination(self):\n \"\"\" test not updating source and destination of a rule \"\"\"\n obj = dict(name='ads_to_ads_tcp_2_3', source='ad_poc3:port_ldap_ssl', destination='ad_poc1:port_ldap_ssl', interface='lan', protocol='tcp')\n self.do_module_test(obj, changed=False)\n\n def test_rule_noop_negate_source(self):\n \"\"\" test creation of a new rule with a not source \"\"\"\n obj = dict(name='not_rule_src', source='!srv_admin', destination='any:port_ssh', interface='lan', protocol='tcp')\n self.do_module_test(obj, changed=False)\n\n def test_rule_noop_negate_destination(self):\n \"\"\" test creation of a new rule with a not destination \"\"\"\n obj = dict(name='not_rule_dst', source='any', destination='!srv_admin:port_ssh', interface='lan', protocol='tcp')\n self.do_module_test(obj, changed=False)\n\n def test_rule_noop_before(self):\n \"\"\" test not updating position of a rule to before another \"\"\"\n obj = dict(name='test_rule_2', source='any', destination='any', interface='wan', log='yes', protocol='tcp', before='test_rule_3')\n self.do_module_test(obj, changed=False)\n\n def test_rule_noop_before_bottom(self):\n \"\"\" test not updating position of a rule to bottom \"\"\"\n obj = dict(name='antilock_out_3', source='any', destination='any:443', interface='wan', protocol='tcp', before='bottom')\n self.do_module_test(obj, changed=False)\n\n def test_rule_noop_position_bottom(self):\n \"\"\" test not updating position of a rule to bottom \"\"\"\n obj = dict(name='antilock_out_3', source='any', destination='any:443', interface='wan', protocol='tcp')\n self.do_module_test(obj, changed=False)\n\n def test_rule_noop_position_middle(self):\n \"\"\" test not updating position of a rule to before another \"\"\"\n obj = dict(name='test_rule_2', source='any', destination='any', interface='wan', log='yes', protocol='tcp')\n self.do_module_test(obj, changed=False)\n\n def test_rule_noop_after(self):\n \"\"\" test not updating position of a rule to after another rule \"\"\"\n obj = dict(name='test_rule_2', source='any', destination='any', interface='wan', log='yes', protocol='tcp', after='test_rule')\n self.do_module_test(obj, changed=False)\n\n def test_rule_noop_after_top(self):\n \"\"\" test not updating position of a rule to top \"\"\"\n obj = dict(name='test_rule', source='any', destination='any', interface='wan', log='no', protocol='tcp', after='top')\n self.do_module_test(obj, changed=False)\n\n def test_rule_noop_separator_top(self):\n \"\"\" test not updating position of a rule to top \"\"\"\n obj = dict(name='r1', source='any', destination='any', interface='vt1', protocol='tcp')\n self.do_module_test(obj, changed=False)\n\n def test_rule_noop_separator_bottom(self):\n \"\"\" test not updating position of a rule to bottom \"\"\"\n obj = dict(name='r3', source='any', destination='any', interface='vt1', protocol='tcp')\n self.do_module_test(obj, changed=False)\n\n def test_rule_noop_queue_ack(self):\n \"\"\" test updating queue of a rule \"\"\"\n obj = dict(name='test_lan_100_2', source='any', destination='any', interface='lan_100', queue='one_queue', ackqueue='another_queue', protocol='tcp')\n self.do_module_test(obj, changed=False)\n\n def test_rule_noop_queue(self):\n \"\"\" test updating queue and ackqueue of a rule \"\"\"\n obj = dict(name='test_lan_100_3', source='any', destination='any', interface='lan_100', queue='one_queue', protocol='tcp')\n self.do_module_test(obj, changed=False)\n\n def test_rule_noop_limiter_out(self):\n \"\"\" test updating queue of a rule \"\"\"\n obj = dict(\n name='test_lan_100_4', source='any', destination='any', interface='lan_100', in_queue='one_limiter', out_queue='another_limiter', protocol='tcp')\n self.do_module_test(obj, changed=False)\n\n def test_rule_noop_limiter_in(self):\n \"\"\" test updating queue and ackqueue of a rule \"\"\"\n obj = dict(name='test_lan_100_5', source='any', destination='any', interface='lan_100', in_queue='one_limiter', protocol='tcp')\n self.do_module_test(obj, changed=False)\n\n def test_rule_noop_tracker(self):\n \"\"\" test updating tracker of a rule \"\"\"\n obj = dict(name='test_lan_100_5', source='any', destination='any', interface='lan_100', in_queue='one_limiter', protocol='tcp', tracker=1545574416)\n self.do_module_test(obj, changed=False)\n\n def test_rule_noop_tracker(self):\n \"\"\" test updating tracker of a rule \"\"\"\n obj = dict(name='test_lan_100_5', source='any', destination='any', interface='lan_100', in_queue='one_limiter', protocol='tcp')\n self.do_module_test(obj, changed=False)\n\n def test_rule_noop_schedule(self):\n \"\"\" test updating scheduling of a rule \"\"\"\n obj = dict(name='test_rule_sched', source='any', destination='any', interface='lan_100', action='pass', protocol='tcp', sched='workdays')\n self.do_module_test(obj, changed=False)\n"
},
{
"path": "tests/unit/plugins/modules/test_pfsense_rule_separator.py",
"content": "# Copyright: (c) 2018, Frederic Bor \n# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)\n\nfrom __future__ import (absolute_import, division, print_function)\n__metaclass__ = type\n\nimport sys\nimport pytest\nfrom ansible_collections.pfsensible.core.plugins.modules import pfsense_rule_separator\nfrom ansible_collections.pfsensible.core.plugins.module_utils.rule_separator import PFSenseRuleSeparatorModule\nfrom .pfsense_module import TestPFSenseModule\n\nif sys.version_info < (2, 7):\n pytestmark = pytest.mark.skip(\"pfSense Ansible modules require Python >= 2.7\")\n\n\nclass TestPFSenseRuleSeparatorModule(TestPFSenseModule):\n\n module = pfsense_rule_separator\n\n def __init__(self, *args, **kwargs):\n super(TestPFSenseRuleSeparatorModule, self).__init__(*args, **kwargs)\n self.config_file = 'pfsense_rule_separator_config.xml'\n self.pfmodule = PFSenseRuleSeparatorModule\n\n def get_target_elt(self, obj, absent=False, module_result=None):\n \"\"\" get separator from XML \"\"\"\n if obj.get('floating'):\n interface = 'floatingrules'\n else:\n interface = self.unalias_interface(obj['interface'])\n\n filter_elt = self.assert_find_xml_elt(self.xml_result, 'filter')\n separator_elt = self.assert_find_xml_elt(filter_elt, 'separator')\n iface_elt = self.assert_find_xml_elt(separator_elt, interface)\n for separator_elt in iface_elt:\n text_elt = separator_elt.find('text')\n if text_elt is not None and text_elt.text == obj['name']:\n if absent:\n self.fail('Separator ' + obj['name'] + ' found on interface ' + interface)\n return separator_elt\n\n if not absent:\n self.fail('Separator ' + obj['name'] + ' not found on interface ' + interface)\n return None\n\n def check_target_elt(self, obj, target_elt):\n \"\"\" check XML separator definition \"\"\"\n if obj.get('floating'):\n interface = 'floatingrules'\n else:\n interface = self.unalias_interface(obj['interface'])\n\n self.assert_xml_elt_equal(target_elt, 'if', interface)\n\n if 'color' not in obj:\n self.assert_xml_elt_equal(target_elt, 'color', 'bg-info')\n else:\n self.assert_xml_elt_equal(target_elt, 'color', 'bg-' + obj['color'])\n\n def check_separator_idx(self, separator, expected_idx):\n \"\"\" test the logical position of separator \"\"\"\n separator_elt = self.get_target_elt(separator)\n row_elt = self.assert_find_xml_elt(separator_elt, 'row')\n idx = int(row_elt.text.replace('fr', ''))\n if idx != expected_idx:\n self.fail('Idx of separator ' + separator['name'] + ' if wrong: ' + str(idx) + ', expected: ' + str(expected_idx))\n\n ##############\n # hosts\n #\n def test_separator_create(self):\n \"\"\" test creation of a new separator \"\"\"\n separator = dict(name='voip', interface='lan_100')\n command = \"create rule_separator 'voip' on 'lan_100', color='info'\"\n self.do_module_test(separator, command=command)\n self.check_separator_idx(separator, 6)\n\n def test_separator_create_floating(self):\n \"\"\" test creation of a new separator \"\"\"\n separator = dict(name='voip', floating=True)\n command = \"create rule_separator 'voip' on 'floating', color='info'\"\n self.do_module_test(separator, command=command)\n self.check_separator_idx(separator, 0)\n\n def test_separator_create_top(self):\n \"\"\" test creation of a new separator at top \"\"\"\n separator = dict(name='voip', interface='lan_100', after='top')\n command = \"create rule_separator 'voip' on 'lan_100', color='info', after='top'\"\n self.do_module_test(separator, command=command)\n self.check_separator_idx(separator, 0)\n\n def test_separator_create_bottom(self):\n \"\"\" test creation of a new separator at bottom \"\"\"\n separator = dict(name='voip', interface='lan', before='bottom')\n command = \"create rule_separator 'voip' on 'lan', color='info', before='bottom'\"\n self.do_module_test(separator, command=command)\n self.check_separator_idx(separator, 14)\n\n def test_separator_create_after(self):\n \"\"\" test creation of a new separator at bottom \"\"\"\n separator = dict(name='voip', interface='lan', after='antilock_out_1')\n command = \"create rule_separator 'voip' on 'lan', color='info', after='antilock_out_1'\"\n self.do_module_test(separator, command=command)\n self.check_separator_idx(separator, 1)\n\n def test_separator_create_before(self):\n \"\"\" test creation of a new separator at bottom \"\"\"\n separator = dict(name='voip', interface='lan', before='antilock_out_2')\n command = \"create rule_separator 'voip' on 'lan', color='info', before='antilock_out_2'\"\n self.do_module_test(separator, command=command)\n self.check_separator_idx(separator, 1)\n\n def test_separator_delete(self):\n \"\"\" test deletion of a separator \"\"\"\n separator = dict(name='test_separator', interface='lan')\n command = \"delete rule_separator 'test_separator' on 'lan'\"\n self.do_module_test(separator, command=command, delete=True)\n\n def test_separator_delete_inexistent(self):\n \"\"\" test deletion of an inexistent separator \"\"\"\n separator = dict(name='test_separator', interface='wan')\n self.do_module_test(separator, command='', changed=False, delete=True)\n\n def test_separator_update_noop(self):\n \"\"\" test changing nothing to a separator \"\"\"\n separator = dict(name='test_separator', interface='lan', color='info')\n self.do_module_test(separator, changed=False)\n\n def test_separator_update_color(self):\n \"\"\" test updating color of a separator \"\"\"\n separator = dict(name='test_separator', interface='lan', color='warning')\n command = \"update rule_separator 'test_separator' on 'lan' set color='warning'\"\n self.do_module_test(separator, command=command)\n self.check_separator_idx(separator, 1)\n\n def test_separator_update_position(self):\n \"\"\" test updating position of a separator \"\"\"\n separator = dict(name='test_separator', interface='lan', after='top')\n command = \"update rule_separator 'test_separator' on 'lan' set color='info', after='top'\"\n self.do_module_test(separator, command=command)\n self.check_separator_idx(separator, 0)\n"
},
{
"path": "tests/unit/plugins/modules/test_pfsense_rule_update.py",
"content": "# Copyright: (c) 2018, Frederic Bor \n# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)\n\nfrom __future__ import (absolute_import, division, print_function)\n__metaclass__ = type\n\nimport pytest\nimport sys\n\nif sys.version_info < (2, 7):\n pytestmark = pytest.mark.skip(\"pfSense Ansible modules require Python >= 2.7\")\n\nfrom .test_pfsense_rule import TestPFSenseRuleModule\n\n\nclass TestPFSenseRuleUpdateModule(TestPFSenseRuleModule):\n\n ############################\n # rule update tests\n #\n def test_rule_update_action(self):\n \"\"\" test updating action of a rule to block \"\"\"\n obj = dict(name='test_rule', source='any', destination='any', interface='wan', action='block', protocol='tcp')\n command = \"update rule 'test_rule' on 'wan' set action='block'\"\n self.do_module_test(obj, command=command)\n\n def test_rule_update_disabled(self):\n \"\"\" test updating disabled of a rule to True \"\"\"\n obj = dict(name='test_rule', source='any', destination='any', interface='wan', disabled='True', protocol='tcp')\n command = \"update rule 'test_rule' on 'wan' set disabled=True\"\n self.do_module_test(obj, command=command)\n\n def test_rule_update_enabled(self):\n \"\"\" test updating disabled of a rule to False \"\"\"\n obj = dict(name='test_lan_100_1', source='any', destination='any', interface='lan_100', disabled='False', protocol='tcp')\n command = \"update rule 'test_lan_100_1' on 'lan_100' set disabled=False\"\n self.do_module_test(obj, command=command)\n\n def test_rule_update_enabled_default(self):\n \"\"\" test updating disabled of a rule to default \"\"\"\n obj = dict(name='test_lan_100_1', source='any', destination='any', interface='lan_100', protocol='tcp')\n command = \"update rule 'test_lan_100_1' on 'lan_100' set disabled=False\"\n self.do_module_test(obj, command=command)\n\n def test_rule_update_floating_interface(self):\n \"\"\" test updating interface of a floating rule \"\"\"\n obj = dict(name='test_rule_floating', source='any', destination='any', interface='lan', floating='yes', direction='any', protocol='tcp')\n command = \"update rule 'test_rule_floating' on 'floating(wan)' set interface='lan'\"\n self.do_module_test(obj, command=command)\n\n def test_rule_update_floating_interfaces(self):\n \"\"\" test updating interfaces of a floating rule \"\"\"\n obj = dict(name='test_rule_floating', source='any', destination='any', interface='lan,lan_100', floating='yes', direction='any', protocol='tcp')\n command = \"update rule 'test_rule_floating' on 'floating(wan)' set interface='lan,lan_100'\"\n self.do_module_test(obj, command=command)\n\n def test_rule_update_floating_direction(self):\n \"\"\" test updating direction of a rule to out \"\"\"\n obj = dict(name='test_rule_floating', source='any', destination='any', interface='wan', floating='yes', direction='out', protocol='tcp')\n command = \"update rule 'test_rule_floating' on 'floating(wan)' set direction='out'\"\n self.do_module_test(obj, command=command)\n\n def test_rule_update_floating_quick(self):\n \"\"\" test updating quick match of a floating rule \"\"\"\n obj = dict(name='test_rule_floating', source='any', destination='any', interface='wan', floating='yes', direction='any', protocol='tcp', quick='yes')\n command = \"update rule 'test_rule_floating' on 'floating(wan)' set quick=True\"\n self.do_module_test(obj, command=command)\n\n def test_rule_update_floating_remove_quick(self):\n \"\"\" test updating quick match of a floating rule \"\"\"\n obj = dict(name='test_rule_floating_quick', source='any', destination='any', interface='wan', floating='yes', direction='any', protocol='tcp')\n command = \"update rule 'test_rule_floating_quick' on 'floating(wan)' set quick=False\"\n self.do_module_test(obj, command=command)\n\n def test_rule_update_floating_yes(self):\n \"\"\" test updating floating of a rule to yes\n Since you can't change the floating mode of a rule, it should create a new rule\n \"\"\"\n obj = dict(name='test_rule', source='any', destination='any', interface='wan', floating='yes', direction='any', protocol='tcp')\n command = \"create rule 'test_rule' on 'floating(wan)', source='any', destination='any', protocol='tcp', direction='any'\"\n self.do_module_test(obj, command=command)\n\n other_rule = dict(name='test_rule', source='any', destination='any', interface='wan', floating='no', protocol='tcp')\n other_rule_elt = self.get_target_elt(other_rule)\n self.check_target_elt(other_rule, other_rule_elt)\n\n def test_rule_update_floating_no(self):\n \"\"\" test updating floating of a rule to no\n Since you can't change the floating mode of a rule, it should create a new rule\n \"\"\"\n obj = dict(name='test_rule_floating', source='any', destination='any', interface='wan', floating='no', direction='any', protocol='tcp')\n command = \"create rule 'test_rule_floating' on 'wan', source='any', destination='any', protocol='tcp', direction='any'\"\n self.do_module_test(obj, command=command)\n\n other_rule = dict(name='test_rule_floating', source='any', destination='any', interface='wan', floating='yes', direction='any', protocol='tcp')\n other_rule_elt = self.get_target_elt(other_rule)\n self.check_target_elt(other_rule, other_rule_elt)\n\n def test_rule_update_floating_default(self):\n \"\"\" test updating floating of a rule to default (no)\n Since you can't change the floating mode of a rule, it should create a new rule\n \"\"\"\n obj = dict(name='test_rule_floating', source='any', destination='any', interface='wan', protocol='tcp')\n command = \"create rule 'test_rule_floating' on 'wan', source='any', destination='any', protocol='tcp'\"\n self.do_module_test(obj, command=command)\n\n other_rule = dict(name='test_rule_floating', source='any', destination='any', interface='wan', floating='yes', direction='any', protocol='tcp')\n other_rule_elt = self.get_target_elt(other_rule)\n self.check_target_elt(other_rule, other_rule_elt)\n\n def test_rule_update_inet(self):\n \"\"\" test updating ippprotocol of a rule to ipv4 and ipv6 \"\"\"\n obj = dict(name='test_rule', source='any', destination='any', interface='wan', ipprotocol='inet46', protocol='tcp')\n command = \"update rule 'test_rule' on 'wan' set ipprotocol='inet46'\"\n self.do_module_test(obj, command=command)\n\n def test_rule_update_protocol_udp(self):\n \"\"\" test updating protocol of a rule to udp \"\"\"\n obj = dict(name='test_rule', source='any', destination='any', interface='wan', protocol='udp')\n command = \"update rule 'test_rule' on 'wan' set protocol='udp'\"\n self.do_module_test(obj, command=command)\n\n def test_rule_update_protocol_any(self):\n \"\"\" test updating protocol of a rule to udp \"\"\"\n obj = dict(name='r2', source='any', destination='any', interface='vt1', protocol='any')\n command = \"update rule 'r2' on 'vt1' set protocol='any'\"\n self.do_module_test(obj, command=command)\n\n def test_rule_update_protocol_tcp_udp(self):\n \"\"\" test updating protocol of a rule to tcp/udp \"\"\"\n obj = dict(name='test_rule', source='any', destination='any', interface='wan', protocol='tcp/udp')\n command = \"update rule 'test_rule' on 'wan' set protocol='tcp/udp'\"\n self.do_module_test(obj, command=command)\n\n def test_rule_update_log_yes(self):\n \"\"\" test updating log of a rule to yes \"\"\"\n obj = dict(name='test_rule', source='any', destination='any', interface='wan', log='yes', protocol='tcp')\n command = \"update rule 'test_rule' on 'wan' set log=True\"\n self.do_module_test(obj, command=command)\n\n def test_rule_update_log_no(self):\n \"\"\" test updating log of a rule to no \"\"\"\n obj = dict(name='test_rule_2', source='any', destination='any', interface='wan', log='no', protocol='tcp')\n command = \"update rule 'test_rule_2' on 'wan' set log=False\"\n self.do_module_test(obj, command=command)\n\n def test_rule_update_tcpflags_any_yes(self):\n \"\"\" test updating log of a rule to yes \"\"\"\n obj = dict(name='test_rule', source='any', destination='any', interface='wan', protocol='tcp', tcpflags_any='yes')\n command = \"update rule 'test_rule' on 'wan' set tcpflags_any=True\"\n self.do_module_test(obj, command=command)\n\n def test_rule_update_tcpflags_any_no(self):\n \"\"\" test updating log of a rule to no \"\"\"\n obj = dict(name='test_rule_4', source='any', destination='any', interface='lan_100', tcpflags_any='no')\n command = \"update rule 'test_rule_4' on 'lan_100' set tcpflags_any=False\"\n self.do_module_test(obj, command=command)\n\n def test_rule_update_log_default(self):\n \"\"\" test updating log of a rule to default \"\"\"\n obj = dict(name='test_rule_2', source='any', destination='any', interface='wan', protocol='tcp')\n command = \"update rule 'test_rule_2' on 'wan' set log=False\"\n self.do_module_test(obj, command=command)\n\n def test_rule_update_negate_add_source(self):\n \"\"\" test updating source of a rule with a not \"\"\"\n obj = dict(name='test_rule_2', source='!srv_admin', destination='any', interface='wan', protocol='tcp', log=True)\n command = \"update rule 'test_rule_2' on 'wan' set source='!srv_admin'\"\n self.do_module_test(obj, command=command)\n\n def test_rule_update_negate_add_destination(self):\n \"\"\" test updating destination of a rule with a not \"\"\"\n obj = dict(name='test_rule_2', source='any', destination='!srv_admin', interface='wan', protocol='tcp', log=True)\n command = \"update rule 'test_rule_2' on 'wan' set destination='!srv_admin'\"\n self.do_module_test(obj, command=command)\n\n def test_rule_update_negate_remove_source(self):\n \"\"\" test updating source of a rule remove the not \"\"\"\n obj = dict(name='not_rule_src', source='srv_admin', destination='any:port_ssh', interface='lan', protocol='tcp')\n command = \"update rule 'not_rule_src' on 'lan' set source='srv_admin'\"\n self.do_module_test(obj, command=command)\n\n def test_rule_update_negate_remove_destination(self):\n \"\"\" test updating destination of a rule remove the not \"\"\"\n obj = dict(name='not_rule_dst', source='any', destination='srv_admin:port_ssh', interface='lan', protocol='tcp')\n command = \"update rule 'not_rule_dst' on 'lan' set destination='srv_admin'\"\n self.do_module_test(obj, command=command)\n\n def test_rule_update_before(self):\n \"\"\" test updating position of a rule to before another \"\"\"\n obj = dict(name='test_rule_3', source='any', destination='any:port_http', interface='wan', protocol='tcp', before='test_rule')\n command = \"update rule 'test_rule_3' on 'wan' set before='test_rule'\"\n self.do_module_test(obj, command=command)\n self.check_rule_idx(obj, 0)\n\n def test_rule_update_before_bottom(self):\n \"\"\" test updating position of a rule to bottom \"\"\"\n obj = dict(name='test_rule_3', source='any', destination='any:port_http', interface='wan', protocol='tcp', before='bottom')\n command = \"update rule 'test_rule_3' on 'wan' set before='bottom'\"\n self.do_module_test(obj, command=command)\n self.check_rule_idx(obj, 3)\n\n def test_rule_update_after(self):\n \"\"\" test updating position of a rule to after another rule \"\"\"\n obj = dict(name='test_rule_3', source='any', destination='any:port_http', interface='wan', protocol='tcp', after='antilock_out_3')\n command = \"update rule 'test_rule_3' on 'wan' set after='antilock_out_3'\"\n self.do_module_test(obj, command=command)\n self.check_rule_idx(obj, 3)\n\n def test_rule_update_after_self(self):\n \"\"\" test updating position of a rule to after same rule \"\"\"\n obj = dict(name='test_rule_3', source='any', destination='any', interface='wan', protocol='tcp', after='test_rule_3')\n msg = 'Cannot specify the current rule in after'\n self.do_module_test(obj, failed=True, msg=msg)\n\n def test_rule_update_before_self(self):\n \"\"\" test updating position of a rule to before same rule \"\"\"\n obj = dict(name='test_rule_3', source='any', destination='any', interface='wan', protocol='tcp', before='test_rule_3')\n msg = 'Cannot specify the current rule in before'\n self.do_module_test(obj, failed=True, msg=msg)\n\n def test_rule_update_after_top(self):\n \"\"\" test updating position of a rule to top \"\"\"\n obj = dict(name='test_rule_3', source='any', destination='any:port_http', interface='wan', protocol='tcp', after='top')\n command = \"update rule 'test_rule_3' on 'wan' set after='top'\"\n self.do_module_test(obj, command=command)\n self.check_rule_idx(obj, 0)\n\n def test_rule_update_separator_top(self):\n \"\"\" test updating position of a rule to top \"\"\"\n obj = dict(name='r2', source='any', destination='any', interface='vt1', protocol='tcp', after='top')\n command = \"update rule 'r2' on 'vt1' set after='top'\"\n self.do_module_test(obj, command=command)\n self.check_rule_idx(obj, 0)\n self.check_separator_idx(obj['interface'], 'test_sep1', 1)\n self.check_separator_idx(obj['interface'], 'test_sep2', 3)\n\n def test_rule_update_separator_bottom(self):\n \"\"\" test updating position of a rule to bottom \"\"\"\n obj = dict(name='r1', source='any', destination='any', interface='vt1', protocol='tcp', before='bottom')\n command = \"update rule 'r1' on 'vt1' set before='bottom'\"\n self.do_module_test(obj, command=command)\n self.check_rule_idx(obj, 2)\n self.check_separator_idx(obj['interface'], 'test_sep1', 0)\n self.check_separator_idx(obj['interface'], 'test_sep2', 2)\n\n def test_rule_update_separator_before_first(self):\n \"\"\" test creation of a new rule at bottom \"\"\"\n obj = dict(name='r3', source='any', destination='any', interface='vt1', protocol='tcp', before='r1')\n command = \"update rule 'r3' on 'vt1' set before='r1'\"\n self.do_module_test(obj, command=command)\n self.check_rule_idx(obj, 0)\n self.check_separator_idx(obj['interface'], 'test_sep1', 0)\n self.check_separator_idx(obj['interface'], 'test_sep2', 3)\n\n def test_rule_update_separator_after_third(self):\n \"\"\" test creation of a new rule at bottom \"\"\"\n obj = dict(name='r1', source='any', destination='any', interface='vt1', protocol='tcp', after='r3')\n command = \"update rule 'r1' on 'vt1' set after='r3'\"\n self.do_module_test(obj, command=command)\n self.check_rule_idx(obj, 2)\n self.check_separator_idx(obj['interface'], 'test_sep1', 0)\n self.check_separator_idx(obj['interface'], 'test_sep2', 3)\n\n def test_rule_update_queue_set(self):\n \"\"\" test updating queue of a rule \"\"\"\n obj = dict(name='test_rule', source='any', destination='any', interface='wan', queue='one_queue', protocol='tcp')\n command = \"update rule 'test_rule' on 'wan' set queue='one_queue'\"\n self.do_module_test(obj, command=command)\n\n def test_rule_update_queue_set_ack(self):\n \"\"\" test updating queue and ackqueue of a rule \"\"\"\n obj = dict(name='test_rule', source='any', destination='any', interface='wan', queue='one_queue', ackqueue='another_queue', protocol='tcp')\n command = \"update rule 'test_rule' on 'wan' set queue='one_queue', ackqueue='another_queue'\"\n self.do_module_test(obj, command=command)\n\n def test_rule_update_queue_unset_ack(self):\n \"\"\" test updating ackqueue of a rule \"\"\"\n obj = dict(name='test_lan_100_2', source='any', destination='any', interface='lan_100', queue='one_queue', protocol='tcp')\n command = \"update rule 'test_lan_100_2' on 'lan_100' set ackqueue=none\"\n self.do_module_test(obj, command=command)\n\n def test_rule_update_queue_unset(self):\n \"\"\" test updating queue of a rule \"\"\"\n obj = dict(name='test_lan_100_3', source='any', destination='any', interface='lan_100', protocol='tcp')\n command = \"update rule 'test_lan_100_3' on 'lan_100' set queue=none\"\n self.do_module_test(obj, command=command)\n\n def test_rule_update_limiter_set(self):\n \"\"\" test updating limiter of a rule \"\"\"\n obj = dict(name='test_rule', source='any', destination='any', interface='wan', in_queue='one_limiter', protocol='tcp')\n command = \"update rule 'test_rule' on 'wan' set in_queue='one_limiter'\"\n self.do_module_test(obj, command=command)\n\n def test_rule_update_limiter_set_out(self):\n \"\"\" test updating limiter in and out of a rule \"\"\"\n obj = dict(name='test_rule', source='any', destination='any', interface='wan', in_queue='one_limiter', out_queue='another_limiter', protocol='tcp')\n command = \"update rule 'test_rule' on 'wan' set in_queue='one_limiter', out_queue='another_limiter'\"\n self.do_module_test(obj, command=command)\n\n def test_rule_update_limiter_unset_out(self):\n \"\"\" test updating limiter out of a rule \"\"\"\n obj = dict(name='test_lan_100_4', source='any', destination='any', interface='lan_100', in_queue='one_limiter', protocol='tcp')\n command = \"update rule 'test_lan_100_4' on 'lan_100' set out_queue=none\"\n self.do_module_test(obj, command=command)\n\n def test_rule_update_limiter_unset(self):\n \"\"\" test updating limiter of a rule \"\"\"\n obj = dict(name='test_lan_100_5', source='any', destination='any', interface='lan_100', protocol='tcp')\n command = \"update rule 'test_lan_100_5' on 'lan_100' set in_queue=none\"\n self.do_module_test(obj, command=command)\n\n def test_rule_update_gateway_set(self):\n \"\"\" test updating gateway of a rule \"\"\"\n obj = dict(name='test_rule_3', source='any', destination='any:port_http', interface='wan', protocol='tcp', gateway='GW_WAN')\n command = \"update rule 'test_rule_3' on 'wan' set gateway='GW_WAN'\"\n self.do_module_test(obj, command=command)\n\n def test_rule_update_gateway_unset(self):\n \"\"\" test updating gateway of a rule \"\"\"\n obj = dict(name='antilock_out_1', source='any', destination='any:port_ssh', interface='lan', protocol='tcp', log=True)\n command = \"update rule 'antilock_out_1' on 'lan' set gateway=none\"\n self.do_module_test(obj, command=command)\n\n def test_rule_update_tracker(self):\n \"\"\" test updating tracker of a rule \"\"\"\n obj = dict(name='test_lan_100_5', source='any', destination='any', interface='lan_100', in_queue='one_limiter', protocol='tcp', tracker='1234')\n command = \"update rule 'test_lan_100_5' on 'lan_100' set tracker='1234'\"\n self.do_module_test(obj, command=command)\n\n def test_rule_update_icmp(self):\n \"\"\" test updating ipprotocol to icmptype \"\"\"\n obj = dict(name='r1', source='any', destination='any', interface='vt1', protocol='icmp', icmptype='echorep,echoreq')\n command = \"update rule 'r1' on 'vt1' set protocol='icmp', icmptype='echorep,echoreq'\"\n self.do_module_test(obj, command=command)\n\n def test_rule_update_port_old_syntax(self):\n \"\"\" test updating gateway of a rule \"\"\"\n obj = dict(name='test_rule_3', source='any', destination='any:port_ssh', interface='wan', protocol='tcp')\n command = \"update rule 'test_rule_3' on 'wan' set destination_port='port_ssh'\"\n self.do_module_test(obj, command=command)\n\n def test_rule_update_port_new_syntax(self):\n \"\"\" test updating gateway of a rule \"\"\"\n obj = dict(name='test_rule_3', source='any', destination='any', destination_port='port_ssh', interface='wan', protocol='tcp')\n command = \"update rule 'test_rule_3' on 'wan' set destination_port='port_ssh'\"\n self.do_module_test(obj, command=command)\n\n def test_rule_update_schedule(self):\n \"\"\" test updating scheduling of a rule \"\"\"\n obj = dict(name='test_rule', source='any', destination='any', interface='wan', action='pass', protocol='tcp', sched='workdays')\n command = \"update rule 'test_rule' on 'wan' set sched='workdays'\"\n self.do_module_test(obj, command=command)\n\n def test_rule_update_remove_schedule(self):\n \"\"\" test updating scheduling of a rule \"\"\"\n obj = dict(name='test_rule_sched', source='any', destination='any', interface='lan_100', action='pass', protocol='tcp')\n command = \"update rule 'test_rule_sched' on 'lan_100' set sched=none\"\n self.do_module_test(obj, command=command)\n"
},
{
"path": "tests/unit/plugins/modules/test_pfsense_setup.py",
"content": "# Copyright: (c) 2018, Frederic Bor \n# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)\n\nfrom __future__ import (absolute_import, division, print_function)\n__metaclass__ = type\n\nimport pytest\nimport sys\n\nif sys.version_info < (2, 7):\n pytestmark = pytest.mark.skip(\"pfSense Ansible modules require Python >= 2.7\")\n\nfrom ansible_collections.pfsensible.core.plugins.modules import pfsense_setup\nfrom .pfsense_module import TestPFSenseModule\nfrom ansible_collections.community.internal_test_tools.tests.unit.compat.mock import patch\n\n\nclass TestPFSenseSetupModule(TestPFSenseModule):\n\n module = pfsense_setup\n\n def __init__(self, *args, **kwargs):\n super(TestPFSenseSetupModule, self).__init__(*args, **kwargs)\n self.config_file = 'pfsense_setup_config.xml'\n\n @staticmethod\n def get_args_fields():\n \"\"\" return params fields \"\"\"\n fields = ['hostname', 'domain', 'dns_addresses', 'dns_hostnames', 'dns_gateways', 'dnsallowoverride', 'dnslocalhost', 'timezone']\n fields += ['timeservers', 'language', 'webguicss', 'webguifixedmenu', 'webguihostnamemenu', 'dashboardcolumns', 'interfacessort']\n fields += ['dashboardavailablewidgetspanel', 'systemlogsfilterpanel', 'systemlogsmanagelogpanel', 'statusmonitoringsettingspanel']\n fields += ['requirestatefilter', 'webguileftcolumnhyper', 'disablealiaspopupdetail', 'roworderdragging', 'logincss', 'loginshowhost']\n return fields\n\n def setUp(self):\n \"\"\" mocking up \"\"\"\n\n super(TestPFSenseSetupModule, self).setUp()\n\n # Remove validate command for webguicss which references files on the pfSense instance\n self.mock_validate_webguicss = patch.dict('ansible_collections.pfsensible.core.plugins.modules.pfsense_setup.SETUP_ARG_ROUTE',\n dict(webguicss=dict(parse=pfsense_setup.p2o_webguicss)))\n self.mock_validate_webguicss.start()\n\n self.mock_run_command = patch('ansible.module_utils.basic.AnsibleModule.run_command')\n self.run_command = self.mock_run_command.start()\n self.run_command.return_value = (0, '', '')\n\n def tearDown(self):\n \"\"\" mocking down \"\"\"\n super(TestPFSenseSetupModule, self).tearDown()\n\n self.mock_validate_webguicss.stop()\n self.run_command.stop()\n\n ##############\n # tests utils\n #\n def get_target_elt(self, obj, absent=False, module_result=None):\n \"\"\" get the generated xml definition \"\"\"\n return self.assert_find_xml_elt(self.xml_result, 'system')\n\n def check_target_elt(self, obj, target_elt):\n \"\"\" test the xml definition of setup elt \"\"\"\n webgui_elt = self.assert_find_xml_elt(target_elt, 'webgui')\n\n def check_param(param, elt):\n if obj.get(param) is not None:\n self.assert_xml_elt_equal(elt, param, obj[param])\n\n def check_bool_param(param, elt):\n if obj.get(param) is not None:\n if obj[param]:\n self.assert_xml_elt_is_none_or_empty(elt, param)\n else:\n self.assert_not_find_xml_elt(elt, param)\n\n check_param('hostname', target_elt)\n check_param('domain', target_elt)\n check_bool_param('dnsallowoverride', target_elt)\n check_param('dnslocalhost', target_elt)\n check_param('timezone', target_elt)\n check_param('timeservers', target_elt)\n check_param('language', target_elt)\n\n if obj.get('webguicss') is not None:\n self.assert_xml_elt_equal(webgui_elt, 'webguicss', obj['webguicss'] + '.css')\n\n self.check_param_bool(obj, webgui_elt, 'webguifixedmenu', value_true='fixed')\n check_param('webguihostnamemenu', webgui_elt)\n check_param('dashboardcolumns', webgui_elt)\n check_bool_param('interfacessort', webgui_elt)\n check_bool_param('dashboardavailablewidgetspanel', webgui_elt)\n check_bool_param('systemlogsfilterpanel', webgui_elt)\n check_bool_param('systemlogsmanagelogpanel', webgui_elt)\n check_bool_param('statusmonitoringsettingspanel', webgui_elt)\n check_bool_param('requirestatefilter', webgui_elt)\n check_bool_param('webguileftcolumnhyper', webgui_elt)\n check_bool_param('disablealiaspopupdetail', webgui_elt)\n check_bool_param('roworderdragging', webgui_elt)\n check_bool_param('loginshowhost', webgui_elt)\n check_param('logincss', webgui_elt)\n\n # TODO: check dns_addresses, dns_hostnames, dns_gateways\n\n ##############\n # tests\n #\n def test_setup_hostname(self):\n \"\"\" test setup hostname \"\"\"\n setup = dict(hostname='acme')\n command = \"update setup general set hostname='acme'\"\n self.do_module_test(setup, command=command, state=None)\n\n def test_setup_hostname_invalid(self):\n \"\"\" test setup hostname \"\"\"\n setup = dict(hostname='acme.corp.com')\n msg = \"A valid hostname is specified, but the domain name part should be omitted\"\n self.do_module_test(setup, msg=msg, state=None, failed=True)\n\n def test_setup_hostname_invalid2(self):\n \"\"\" test setup hostname \"\"\"\n setup = dict(hostname='(invalid)')\n msg = \"The hostname can only contain the characters A-Z, 0-9 and '-'. It may not start or end with '-'\"\n self.do_module_test(setup, msg=msg, state=None, failed=True)\n\n def test_setup_domain(self):\n \"\"\" test setup domain \"\"\"\n setup = dict(domain='corp.com')\n command = \"update setup general set domain='corp.com'\"\n self.do_module_test(setup, command=command, state=None)\n\n def test_setup_domain_invalid(self):\n \"\"\" test setup domain \"\"\"\n setup = dict(domain='@invalid.com')\n msg = \"The domain may only contain the characters a-z, 0-9, '-' and '.'\"\n self.do_module_test(setup, msg=msg, state=None, failed=True)\n\n def test_setup_dnsallowoverride(self):\n \"\"\" test setup general \"\"\"\n setup = dict(dnsallowoverride=False)\n command = \"update setup general set dnsallowoverride=False\"\n self.do_module_test(setup, command=command, state=None)\n\n def test_setup_dnslocalhost(self):\n \"\"\" test setup dnslocalhost \"\"\"\n setup = dict(dnslocalhost='remote')\n command = \"update setup general set dnslocalhost='remote'\"\n self.do_module_test(setup, command=command, state=None)\n\n def test_setup_webguifixedmenu(self):\n \"\"\" test setup webguifixedmenu \"\"\"\n setup = dict(webguifixedmenu=True)\n command = \"update setup general set webguifixedmenu=True\"\n self.do_module_test(setup, command=command, state=None)\n\n def test_setup_interfacessort(self):\n \"\"\" test setup interfacessort \"\"\"\n setup = dict(interfacessort=True)\n command = \"update setup general set interfacessort=True\"\n self.do_module_test(setup, command=command, state=None)\n\n def test_setup_dashboardavailablewidgetspanel(self):\n \"\"\" test setup dashboardavailablewidgetspanel \"\"\"\n setup = dict(dashboardavailablewidgetspanel=True)\n command = \"update setup general set dashboardavailablewidgetspanel=True\"\n self.do_module_test(setup, command=command, state=None)\n\n def test_setup_systemlogsfilterpanel(self):\n \"\"\" test setup systemlogsfilterpanel \"\"\"\n setup = dict(systemlogsfilterpanel=True)\n command = \"update setup general set systemlogsfilterpanel=True\"\n self.do_module_test(setup, command=command, state=None)\n\n def test_setup_systemlogsmanagelogpanel(self):\n \"\"\" test setup systemlogsmanagelogpanel \"\"\"\n setup = dict(systemlogsmanagelogpanel=True)\n command = \"update setup general set systemlogsmanagelogpanel=True\"\n self.do_module_test(setup, command=command, state=None)\n\n def test_setup_statusmonitoringsettingspanel(self):\n \"\"\" test setup statusmonitoringsettingspanel \"\"\"\n setup = dict(statusmonitoringsettingspanel=True)\n command = \"update setup general set statusmonitoringsettingspanel=True\"\n self.do_module_test(setup, command=command, state=None)\n\n def test_setup_requirestatefilter(self):\n \"\"\" test setup requirestatefilter \"\"\"\n setup = dict(requirestatefilter=True)\n command = \"update setup general set requirestatefilter=True\"\n self.do_module_test(setup, command=command, state=None)\n\n def test_setup_webguileftcolumnhyper(self):\n \"\"\" test setup webguileftcolumnhyper \"\"\"\n setup = dict(webguileftcolumnhyper=True)\n command = \"update setup general set webguileftcolumnhyper=True\"\n self.do_module_test(setup, command=command, state=None)\n\n def test_setup_disablealiaspopupdetail(self):\n \"\"\" test setup disablealiaspopupdetail \"\"\"\n setup = dict(disablealiaspopupdetail=True)\n command = \"update setup general set disablealiaspopupdetail=True\"\n self.do_module_test(setup, command=command, state=None)\n\n def test_setup_roworderdragging(self):\n \"\"\" test setup roworderdragging \"\"\"\n setup = dict(roworderdragging=True)\n command = \"update setup general set roworderdragging=True\"\n self.do_module_test(setup, command=command, state=None)\n\n def test_setup_loginshowhost(self):\n \"\"\" test setup loginshowhost \"\"\"\n setup = dict(loginshowhost=True)\n command = \"update setup general set loginshowhost=True\"\n self.do_module_test(setup, command=command, state=None)\n\n def test_setup_language(self):\n \"\"\" test setup language \"\"\"\n setup = dict(language='fr_FR')\n command = \"update setup general set language='fr_FR'\"\n self.do_module_test(setup, command=command, state=None)\n\n def test_setup_timeservers(self):\n \"\"\" test setup timeservers \"\"\"\n setup = dict(timeservers='1.2.3.4 0.pool.ntp.org')\n command = \"update setup general set timeservers='1.2.3.4 0.pool.ntp.org'\"\n self.do_module_test(setup, command=command, state=None)\n\n def test_setup_timezone(self):\n \"\"\" test setup timezone \"\"\"\n setup = dict(timezone='Europe/Paris')\n command = \"update setup general set timezone='Europe/Paris'\"\n self.do_module_test(setup, command=command, state=None)\n\n def test_setup_webguicss(self):\n \"\"\" test setup webguicss \"\"\"\n setup = dict(webguicss='pfSense-dark')\n command = \"update setup general set webguicss='pfSense-dark'\"\n self.do_module_test(setup, command=command, state=None)\n\n def test_setup_webguihostnamemenu(self):\n \"\"\" test setup webguihostnamemenu \"\"\"\n setup = dict(webguihostnamemenu='fqdn')\n command = \"update setup general set webguihostnamemenu='fqdn'\"\n self.do_module_test(setup, command=command, state=None)\n\n def test_setup_dashboardcolumns(self):\n \"\"\" test setup dashboardcolumns \"\"\"\n setup = dict(dashboardcolumns='3')\n command = \"update setup general set dashboardcolumns='3'\"\n self.do_module_test(setup, command=command, state=None)\n\n def test_setup_dashboardcolumns_invalid(self):\n \"\"\" test setup dashboardcolumns \"\"\"\n setup = dict(dashboardcolumns='0')\n msg = \"The submitted Dashboard Columns value is invalid.\"\n self.do_module_test(setup, msg=msg, state=None, failed=True)\n\n def test_setup_logincss(self):\n \"\"\" test setup logincss \"\"\"\n setup = dict(logincss='ff0000')\n command = \"update setup general set logincss='ff0000'\"\n self.do_module_test(setup, command=command, state=None)\n\n def test_setup_logincss_invalid(self):\n \"\"\" test setup logincss \"\"\"\n setup = dict(logincss='gg0000')\n msg = \"logincss must be a six digits hexadecimal string.\"\n self.do_module_test(setup, msg=msg, state=None, failed=True)\n\n def test_setup_dns_addresses(self):\n \"\"\" test setup dns \"\"\"\n setup = dict(dns_addresses='8.8.4.4 8.8.8.8', dns_hostnames='acme1 acme2', dns_gateways='none GW_WAN')\n command = \"update setup general set dns_addresses='8.8.4.4 8.8.8.8', dns_hostnames='acme1 acme2', dns_gateways='none GW_WAN'\"\n self.do_module_test(setup, command=command, state=None)\n\n def test_setup_dns_addresses_invalid(self):\n \"\"\" test setup dns \"\"\"\n setup = dict(dns_addresses='8.8.4.4 8.8.8.8 256.255.254.253', dns_hostnames='acme1 acme2', dns_gateways='none GW_WAN')\n msg = 'A valid IP address must be specified for DNS server 256.255.254.253.'\n self.do_module_test(setup, msg=msg, state=None, failed=True)\n\n def test_setup_dns_addresses_ipv6(self):\n \"\"\" test setup dns \"\"\"\n setup = dict(dns_addresses='2001::8 8.8.4.4', dns_hostnames='acme1 acme2', dns_gateways='none GW_WAN')\n command = \"update setup general set dns_addresses='2001::8 8.8.4.4', dns_hostnames='acme1 acme2', dns_gateways='none GW_WAN'\"\n self.do_module_test(setup, command=command, state=None)\n\n def test_setup_dns_addresses_invalid_ipv4(self):\n \"\"\" test setup dns \"\"\"\n setup = dict(dns_addresses='8.8.4.4 8.8.8.8', dns_hostnames='acme1 acme2', dns_gateways='none GW_LAN6')\n msg = 'The IPv6 gateway \"GW_LAN6\" can not be specified for IPv4 DNS server \"8.8.8.8\".'\n self.do_module_test(setup, msg=msg, state=None, failed=True)\n\n def test_setup_dns_addresses_invalid_ipv6(self):\n \"\"\" test setup dns \"\"\"\n setup = dict(dns_addresses='8.8.4.4 2001::8', dns_hostnames='acme1 acme2', dns_gateways='none GW_WAN')\n msg = 'The IPv4 gateway \"GW_WAN\" can not be specified for IPv6 DNS server \"2001::8\".'\n self.do_module_test(setup, msg=msg, state=None, failed=True)\n\n def test_setup_dns_addresses_invalid_gw(self):\n \"\"\" test setup dns \"\"\"\n setup = dict(dns_addresses='8.8.4.4 8.8.8.8', dns_hostnames='acme1 acme2', dns_gateways='none GW_ACME')\n msg = 'The gateway \"GW_ACME\" does not exist.'\n self.do_module_test(setup, msg=msg, state=None, failed=True)\n\n def test_setup_dns_addresses_invalid_gw2(self):\n \"\"\" test setup dns \"\"\"\n setup = dict(dns_addresses='8.8.4.4 192.168.1.1', dns_hostnames='acme1 acme2', dns_gateways='none GW_WAN')\n msg = \"A gateway can not be assigned to DNS '192.168.1.1' server which is on a directly connected network.\"\n self.do_module_test(setup, msg=msg, state=None, failed=True)\n\n def test_setup_dns_addresses_duplicates(self):\n \"\"\" test setup dns \"\"\"\n setup = dict(dns_addresses='8.8.8.8 8.8.8.8', dns_hostnames='acme1 acme2', dns_gateways='none GW_WAN')\n msg = \"Each configured DNS server must have a unique IP address. Remove the duplicated IP.\"\n self.do_module_test(setup, msg=msg, state=None, failed=True)\n"
},
{
"path": "tests/unit/plugins/modules/test_pfsense_user.py",
"content": "# Copyright: (c) 2020, Orion Poplawski \n# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)\n\nfrom __future__ import (absolute_import, division, print_function)\n__metaclass__ = type\n\nimport pytest\nimport sys\n\nif sys.version_info < (2, 7):\n pytestmark = pytest.mark.skip(\"pfSense Ansible modules require Python >= 2.7\")\n\nfrom ansible_collections.pfsensible.core.plugins.modules import pfsense_user\nfrom .pfsense_module import TestPFSenseModule\n\n\nclass TestPFSenseUserModule(TestPFSenseModule):\n\n module = pfsense_user\n\n def __init__(self, *args, **kwargs):\n super(TestPFSenseUserModule, self).__init__(*args, **kwargs)\n self.config_file = 'pfsense_user_config.xml'\n self.pfmodule = pfsense_user.PFSenseUserModule\n\n @staticmethod\n def runTest():\n \"\"\" dummy function needed to instantiate this test module from another in python 2.7 \"\"\"\n pass\n\n def get_target_elt(self, obj, absent=False, module_result=None):\n \"\"\" return target elt from XML \"\"\"\n root_elt = self.assert_find_xml_elt(self.xml_result, 'system')\n result = root_elt.findall(\"user[name='{0}']\".format(obj['name']))\n if len(result) == 1:\n return result[0]\n elif len(result) > 1:\n self.fail('Found multiple users for name {0}.'.format(obj['name']))\n else:\n return None\n\n def check_target_elt(self, obj, target_elt):\n \"\"\" check XML definition of target elt \"\"\"\n\n self.check_param_equal(obj, target_elt, 'name')\n self.check_param_equal(obj, target_elt, 'descr')\n self.check_param_equal(obj, target_elt, 'scope', default='user')\n self.check_param_equal(obj, target_elt, 'uid', default='2001')\n # TODO - need to load groups\n # self.check_param_equal(obj, target_elt, 'groups')\n self.check_param_equal(obj, target_elt, 'password', xml_field='bcrypt-hash')\n self.check_list_param_equal_or_not_find(obj, target_elt, 'priv')\n self.check_param_equal_or_not_find(obj, target_elt, 'authorizedkeys')\n\n ##############\n # tests\n #\n def test_user_create(self):\n \"\"\" test creation of a new user \"\"\"\n obj = dict(name='user1', descr='User One', password='$2b$12$D2jkq4Iut3ODUBN0BCrDk.bV3J5N.MrY5YEnGvTXwxeNBkyxjbbtW')\n self.do_module_test(obj, command=\"create user 'user1', descr='User One', uid='2001'\")\n\n def test_user_delete(self):\n \"\"\" test deletion of a user \"\"\"\n obj = dict(name='testdel')\n self.do_module_test(obj, command=\"delete user 'testdel'\", delete=True)\n\n def test_user_update_noop(self):\n \"\"\" test not updating a user \"\"\"\n obj = dict(name='testdel', descr='Delete Me', uid='2000')\n self.do_module_test(obj, command=\"delete user 'testdel'\", changed=False)\n\n def test_user_update_descr(self):\n \"\"\" test updating descr of a user \"\"\"\n obj = dict(name='testdel', descr='Keep Me', uid='2000', password='$2b$12$D2jkq4Iut3ODUBN0BCrDk.bV3J5N.MrY5YEnGvTXwxeNBkyxjbbtW',\n priv=['page-dashboard-all'])\n self.do_module_test(obj, command=\"update user 'testdel' set descr='Keep Me'\")\n\n ##############\n # misc\n #\n def test_create_user_invalid_password(self):\n \"\"\" test creation of a new user with invalid password \"\"\"\n obj = dict(name='user1', descr='User One', password='password')\n self.do_module_test(obj, command=\"update user 'testdel'\", failed=True, msg='Password (password) does not appear to be a bcrypt hash')\n\n def test_delete_inexistent_user(self):\n \"\"\" test deletion of an inexistent user \"\"\"\n obj = dict(name='nouser')\n self.do_module_test(obj, state='absent', changed=False)\n"
},
{
"path": "tests/unit/plugins/modules/test_pfsense_vlan.py",
"content": "# Copyright: (c) 2018, Frederic Bor \n# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)\n\nfrom __future__ import (absolute_import, division, print_function)\n__metaclass__ = type\n\nimport pytest\nimport sys\n\nif sys.version_info < (2, 7):\n pytestmark = pytest.mark.skip(\"pfSense Ansible modules require Python >= 2.7\")\n\nfrom ansible_collections.pfsensible.core.plugins.modules import pfsense_vlan\nfrom ansible_collections.pfsensible.core.plugins.module_utils.vlan import PFSenseVlanModule\nfrom .pfsense_module import TestPFSenseModule\n\n\nclass TestPFSenseVlanModule(TestPFSenseModule):\n\n module = pfsense_vlan\n\n def __init__(self, *args, **kwargs):\n super(TestPFSenseVlanModule, self).__init__(*args, **kwargs)\n self.config_file = 'pfsense_vlan_config.xml'\n self.pfmodule = PFSenseVlanModule\n\n ##############\n # tests utils\n #\n\n def get_target_elt(self, obj, absent=False, module_result=None):\n \"\"\" get the generated vlan xml definition \"\"\"\n elt_filter = {}\n elt_filter['if'] = self.unalias_interface(obj['interface'], physical=True)\n elt_filter['tag'] = str(obj['vlan_id'])\n\n return self.assert_has_xml_tag('vlans', elt_filter, absent=absent)\n\n def check_target_elt(self, obj, target_elt):\n \"\"\" test the xml definition of vlan \"\"\"\n\n # checking vlanif\n self.assert_xml_elt_equal(target_elt, 'vlanif', '{0}.{1}'.format(self.unalias_interface(obj['interface'], physical=True), obj['vlan_id']))\n\n # checking descr\n if 'descr' in obj:\n self.assert_xml_elt_equal(target_elt, 'descr', obj['descr'])\n else:\n self.assert_xml_elt_is_none_or_empty(target_elt, 'descr')\n\n # checking priority\n if 'priority' in obj and obj['priority'] is not None:\n self.assert_xml_elt_equal(target_elt, 'pcp', str(obj['priority']))\n else:\n self.assert_xml_elt_is_none_or_empty(target_elt, 'pcp')\n\n ##############\n # tests\n #\n def test_vlan_create(self):\n \"\"\" test creation of a new vlan \"\"\"\n vlan = dict(vlan_id=100, interface='vmx0')\n command = \"create vlan 'vmx0.100', descr='', priority=''\"\n self.do_module_test(vlan, command=command)\n\n def test_vlan_create_with_assigned_name(self):\n \"\"\" test creation of a new vlan using assigned name \"\"\"\n vlan = dict(vlan_id=100, interface='vpn')\n command = \"create vlan 'vmx2.100', descr='', priority=''\"\n self.do_module_test(vlan, command=command)\n\n def test_vlan_create_with_friendly_name(self):\n \"\"\" test creation of a new vlan using friendly name \"\"\"\n vlan = dict(vlan_id=100, interface='opt2')\n command = \"create vlan 'vmx3.100', descr='', priority=''\"\n self.do_module_test(vlan, command=command)\n\n def test_vlan_create_with_wrong_inteface(self):\n \"\"\" test creation of a new vlan using wrong interface \"\"\"\n vlan = dict(vlan_id=100, interface='opt3')\n msg = \"Vlans can't be set on interface opt3\"\n self.do_module_test(vlan, failed=True, msg=msg)\n\n def test_vlan_create_with_wrong_vlan(self):\n \"\"\" test creation of a new vlan using wrong vlan_id \"\"\"\n vlan = dict(vlan_id=0, interface='opt2')\n msg = \"vlan_id must be between 1 and 4094 on interface opt2\"\n self.do_module_test(vlan, failed=True, msg=msg)\n\n def test_vlan_create_with_wrong_prioriy(self):\n \"\"\" test creation of a new vlan using wrong priority \"\"\"\n vlan = dict(vlan_id=100, interface='opt2', priority=8)\n msg = \"priority must be between 0 and 7 on interface opt2\"\n self.do_module_test(vlan, failed=True, msg=msg)\n\n def test_vlan_create_with_priority(self):\n \"\"\" test creation of a new vlan \"\"\"\n vlan = dict(vlan_id=100, interface='vmx0', descr='voice')\n command = \"create vlan 'vmx0.100', descr='voice', priority=''\"\n self.do_module_test(vlan, command=command)\n\n def test_vlan_create_with_descr(self):\n \"\"\" test creation of a new vlan \"\"\"\n vlan = dict(vlan_id=100, interface='vmx0', priority=5)\n command = \"create vlan 'vmx0.100', descr='', priority='5'\"\n self.do_module_test(vlan, command=command)\n\n def test_vlan_delete(self):\n \"\"\" test deletion of a vlan \"\"\"\n vlan = dict(vlan_id=100, interface='vmx1')\n command = \"delete vlan 'vmx1.100'\"\n self.do_module_test(vlan, delete=True, command=command)\n\n def test_vlan_delete_used(self):\n \"\"\" test deletion of a still used vlan \"\"\"\n vlan = dict(vlan_id=1100, interface='vmx1')\n self.do_module_test(vlan, delete=True, failed=True, msg='vlan 1100 on vmx1 cannot be deleted because it is still being used as an interface')\n\n def test_vlan_delete_unexistent(self):\n \"\"\" test deletion of a vlan \"\"\"\n vlan = dict(vlan_id=1200, interface='vmx1')\n self.do_module_test(vlan, delete=True, changed=False)\n\n def test_vlan_update_noop(self):\n \"\"\" test not updating a vlan \"\"\"\n vlan = dict(vlan_id=1100, interface='vmx1')\n self.do_module_test(vlan, changed=False)\n\n def test_vlan_update_priority(self):\n \"\"\" test updating priority \"\"\"\n vlan = dict(vlan_id=1100, interface='vmx1', priority=1)\n command = \"update vlan 'vmx1.1100' set priority='1'\"\n self.do_module_test(vlan, changed=True, command=command)\n\n def test_vlan_update_descr(self):\n \"\"\" test updating descr \"\"\"\n vlan = dict(vlan_id=1100, interface='vmx1', descr='test')\n command = \"update vlan 'vmx1.1100' set descr='test'\"\n self.do_module_test(vlan, changed=True, command=command)\n"
}
]