New firewall style, 'emulab', for elab in elab experiments

sql/GNUmakefile

@@ -40,6 +40,7 @@ sitevars:
 	@mysqldump -t tbdb sitevariables > sitevars-create.sql 
 
 fwrules:
-	@mysqldump -t tbdb default_firewall_rules > fwrules-create.sql
+	@echo "DELETE FROM default_firewall_rules;" > fwrules-create.sql
+	@mysqldump -t tbdb default_firewall_rules >> fwrules-create.sql
 
 dist:	db-fill-dist

sql/database-create.sql

@@ -57,7 +57,7 @@ CREATE TABLE current_reloads (
 
 CREATE TABLE default_firewall_rules (
   type enum('ipfw','ipfw2','ipchains','ipfw2-vlan') NOT NULL default 'ipfw',
-  style enum('open','closed','basic') NOT NULL default 'basic',
+  style enum('open','closed','basic','emulab') NOT NULL default 'basic',
   enabled tinyint(4) NOT NULL default '0',
   ruleno int(10) unsigned NOT NULL default '0',
   rule text NOT NULL,
@@ -414,7 +414,7 @@ CREATE TABLE firewalls (
   eid varchar(32) NOT NULL default '',
   fwname varchar(32) NOT NULL default '',
   type enum('ipfw','ipfw2','ipchains','ipfw2-vlan') NOT NULL default 'ipfw',
-  style enum('open','closed','basic') NOT NULL default 'basic',
+  style enum('open','closed','basic','emulab') NOT NULL default 'basic',
   vlan int(11) default NULL,
   vlanid int(11) default NULL,
   PRIMARY KEY  (pid,eid,fwname),

sql/database-migrate.txt

@@ -2172,3 +2172,13 @@ last_net_act,last_cpu_act,last_ext_act);
          alter table node_types add (isrebootable tinyint(1) default '1');
 	
 
+1.288: Add "emulab" style of firewall for elabinelab
+
+       ALTER table firewalls MODIFY style \
+	 enum('open','closed','basic','emulab') not NULL default 'basic';
+       ALTER table default_firewall_rules MODIFY style \
+	 enum('open','closed','basic','emulab') not NULL default 'basic';
+
+       and update the default rules:
+
+       mysql tbdb < fwrules-create.sql

sql/fwrules-create.sql

+DELETE FROM default_firewall_rules;
 -- MySQL dump 8.23
 --
 -- Host: localhost    Database: tbdb
@@ -55,7 +56,6 @@ INSERT INTO default_firewall_rules VALUES ('ipfw2-vlan','closed',1,55110,'check-
 INSERT INTO default_firewall_rules VALUES ('ipfw2-vlan','closed',1,55120,'allow tcp from any to any established');
 INSERT INTO default_firewall_rules VALUES ('ipfw2-vlan','closed',1,55001,'deny all from any to me via vlan0');
 INSERT INTO default_firewall_rules VALUES ('ipfw2-vlan','closed',1,55000,'allow all from me to me');
-INSERT INTO default_firewall_rules VALUES ('ipfw2-vlan','closed',1,65534,'deny all from any to any');
 INSERT INTO default_firewall_rules VALUES ('ipfw2-vlan','basic',1,55321,'allow udp from any not 0-700 to fs keep-state');
 INSERT INTO default_firewall_rules VALUES ('ipfw2-vlan','basic',1,55320,'allow ip from any to fs 111 keep-state');
 INSERT INTO default_firewall_rules VALUES ('ipfw2-vlan','basic',1,55312,'allow udp from any not 0-1023 to 155.98.32.0/23 not 0-1023');
@@ -74,6 +74,7 @@ INSERT INTO default_firewall_rules VALUES ('ipfw2-vlan','basic',1,55130,'allow a
 INSERT INTO default_firewall_rules VALUES ('ipfw2-vlan','basic',1,55120,'allow tcp from any to any established');
 INSERT INTO default_firewall_rules VALUES ('ipfw2-vlan','basic',1,55110,'check-state');
 INSERT INTO default_firewall_rules VALUES ('ipfw2-vlan','basic',1,55100,'allow mac-type arp');
+INSERT INTO default_firewall_rules VALUES ('ipfw2-vlan','closed',1,65534,'deny all from any to any');
 INSERT INTO default_firewall_rules VALUES ('ipfw2-vlan','basic',1,55001,'deny all from any to me via vlan0');
 INSERT INTO default_firewall_rules VALUES ('ipfw2-vlan','basic',1,55000,'allow all from me to me');
 INSERT INTO default_firewall_rules VALUES ('ipfw2-vlan','basic',1,55322,'allow udp from any to fs 900 keep-state');
@@ -85,4 +86,35 @@ INSERT INTO default_firewall_rules VALUES ('ipfw2-vlan','basic',1,55402,'allow i
 INSERT INTO default_firewall_rules VALUES ('ipfw2-vlan','basic',1,55200,'allow tcp from any to any 22 setup');
 INSERT INTO default_firewall_rules VALUES ('ipfw2-vlan','basic',1,55500,'allow icmp from any to any');
 INSERT INTO default_firewall_rules VALUES ('ipfw2-vlan','basic',1,65534,'deny all from any to any');
+INSERT INTO default_firewall_rules VALUES ('ipfw2-vlan','emulab',1,55000,'allow all from me to me');
+INSERT INTO default_firewall_rules VALUES ('ipfw2-vlan','emulab',1,55001,'deny all from any to me via vlan0');
+INSERT INTO default_firewall_rules VALUES ('ipfw2-vlan','emulab',1,55100,'allow mac-type arp');
+INSERT INTO default_firewall_rules VALUES ('ipfw2-vlan','emulab',1,55110,'check-state');
+INSERT INTO default_firewall_rules VALUES ('ipfw2-vlan','emulab',1,55120,'allow tcp from any to any established');
+INSERT INTO default_firewall_rules VALUES ('ipfw2-vlan','emulab',1,55130,'allow all from any to any frag');
+INSERT INTO default_firewall_rules VALUES ('ipfw2-vlan','emulab',1,55201,'allow tcp from any to any 80,443 setup keep-state');
+INSERT INTO default_firewall_rules VALUES ('ipfw2-vlan','emulab',1,55210,'allow udp from any to boss 53 keep-state');
+INSERT INTO default_firewall_rules VALUES ('ipfw2-vlan','emulab',1,55220,'allow ip from any to boss 123 keep-state');
+INSERT INTO default_firewall_rules VALUES ('ipfw2-vlan','emulab',1,55230,'allow ip from any to ops 514 keep-state');
+INSERT INTO default_firewall_rules VALUES ('ipfw2-vlan','emulab',1,55240,'allow udp from fs 2049 to any');
+INSERT INTO default_firewall_rules VALUES ('ipfw2-vlan','emulab',1,55241,'allow udp from any to fs 2049');
+INSERT INTO default_firewall_rules VALUES ('ipfw2-vlan','emulab',1,55250,'allow ip from any to boss 5999 keep-state');
+INSERT INTO default_firewall_rules VALUES ('ipfw2-vlan','emulab',1,55260,'allow ip from any to ops 2917 keep-state');
+INSERT INTO default_firewall_rules VALUES ('ipfw2-vlan','emulab',1,55300,'allow udp from any 67 to any');
+INSERT INTO default_firewall_rules VALUES ('ipfw2-vlan','emulab',1,55301,'allow udp from any to any 67');
+INSERT INTO default_firewall_rules VALUES ('ipfw2-vlan','emulab',1,55310,'allow udp from 155.98.32.0/23 not 0-1023 to any');
+INSERT INTO default_firewall_rules VALUES ('ipfw2-vlan','emulab',1,55311,'allow udp from any to 155.98.32.0/23 69');
+INSERT INTO default_firewall_rules VALUES ('ipfw2-vlan','emulab',1,55312,'allow udp from any not 0-1023 to 155.98.32.0/23 not 0-1023');
+INSERT INTO default_firewall_rules VALUES ('ipfw2-vlan','emulab',1,55320,'allow ip from any to fs 111 keep-state');
+INSERT INTO default_firewall_rules VALUES ('ipfw2-vlan','emulab',1,55321,'allow udp from any not 0-700 to fs keep-state');
+INSERT INTO default_firewall_rules VALUES ('ipfw2-vlan','emulab',1,55322,'allow udp from any to fs 900 keep-state');
+INSERT INTO default_firewall_rules VALUES ('ipfw2-vlan','emulab',1,55330,'allow udp from any to boss 6969 keep-state');
+INSERT INTO default_firewall_rules VALUES ('ipfw2-vlan','emulab',1,55340,'allow ip from any to boss 7777 keep-state');
+INSERT INTO default_firewall_rules VALUES ('ipfw2-vlan','emulab',1,55400,'allow udp from any to 234.5.6.0/24');
+INSERT INTO default_firewall_rules VALUES ('ipfw2-vlan','emulab',1,55401,'allow udp from boss 3564-3820 to any 3564-3820');
+INSERT INTO default_firewall_rules VALUES ('ipfw2-vlan','emulab',1,55402,'allow igmp from any to any');
+INSERT INTO default_firewall_rules VALUES ('ipfw2-vlan','emulab',1,55200,'allow tcp from any to any 22 setup');
+INSERT INTO default_firewall_rules VALUES ('ipfw2-vlan','emulab',1,55500,'allow icmp from any to any');
+INSERT INTO default_firewall_rules VALUES ('ipfw2-vlan','emulab',1,65534,'deny all from any to any');
+INSERT INTO default_firewall_rules VALUES ('ipfw2-vlan','emulab',1,55202,'allow tcp from any to any 3069 setup keep-state');