diff --git a/oval-schemas/unix-definitions-schema.xsd b/oval-schemas/unix-definitions-schema.xsd
index 903720e..7fd21a4 100644
--- a/oval-schemas/unix-definitions-schema.xsd
+++ b/oval-schemas/unix-definitions-schema.xsd
@@ -2691,6 +2691,164 @@
+
+
+
+
+
+ The networkfirewall_test is used to check the living filtering rules of the network firewall on a UNIX system. It extends the standard TestType as defined in the oval-definitions-schema and one should refer to the TestType description for more information. The required object element references a auditdline_object and the optional state element specifies the data to check.
+
+
+ networkfirewall_test
+ networkfirewall_object
+ networkfirewall_state
+ networkfirewall_item
+
+
+
+
+
+ - the object child element of a networkfirewall_test must reference a networkfirewall_object
+
+
+ - the state child element of a networkfirewall_test must reference a networkfirewall_state
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ The networkfirewall_object element is used by a networkfirewall_test to define the object to be evaluated. Each object extends the standard ObjectType as defined in the oval-definitions-schema and one should refer to the ObjectType description for more information. The common set element allows complex objects to be created using filters and set logic. Again, please refer to the description of the set element in the oval-definitions-schema.
+ A networkfirewall_object provides an abstration to check authorized and blocked packets based on network interfaces and direction of the trafic.
+
+
+
+
+
+
+
+
+
+ State referenced in filter for '' is of the wrong type.
+
+
+
+
+
+
+
+
+
+
+
+
+
+ The direction (incoming, outgoing or forwarding) of the network packets.
+
+
+
+
+ This is the name of the input interface (eth0, eth1, fw0, etc.).
+ The xsi:nil attribute must set to true only when the attribute packet_direction is set to outgoing.
+
+
+
+
+ This is the name of the output interface (eth0, eth1, fw0, etc.).
+ The xsi:nil attribute must set to true only when the attribute packet_direction is set to incoming.
+
+
+
+
+
+ Action that can be taken on a network packet by the network firewall based on its configuration.
+
+
+
+
+
+
+
+
+
+
+
+
+ The networkfirewall_state element defines the different information that can be used to evaluate the network firewall configuration. This includes the packet direction, the network interfaces, the filter action, the protocol, and pairs of address/port for both source and destination. Please refer to the individual elements in the schema for more details about what each represents.
+
+
+
+
+
+
+
+ The direction (incoming, outgoing or forwarding) of the network packets.
+
+
+
+
+ This is the name of the input interface (eth0, eth1, fw0, etc.).
+
+
+
+
+ This is the name of the output interface (eth0, eth1, fw0, etc.).
+
+
+
+
+ Action taken on a network packet by the network firewall based on its configuration.
+
+
+
+
+
+ The transport_protocol entity defines the specific transport-layer protocol, in lowercase: sctp, tcp or udp.
+
+
+
+
+ Source address of the packets. According to this OVAL datatype, it describes any IPv4/IPv6 address, address prefix, or its string representation. Note that the IP address can be IPv4 or IPv6.
+
+
+
+
+ Source port of the packets.
+
+
+
+
+ Destination address of the packets. According to this OVAL datatype, it describes any IPv4/IPv6 address, address prefix, or its string representation. Note that the IP address can be IPv4 or IPv6.
+
+
+
+
+ Destination port of the packets.
+
+
+
+
+
+
+
+
@@ -3344,4 +3502,110 @@ ACTIVE_DEAD_GATEWAY_DETECTION
+
+
+ The EntityObjectPacketDirectionType complex type restricts a string value to a specific set of values that specify the direction of network packets. The empty string is also allowed to support empty elements associated with variable references.
+
+
+
+
+
+ Incoming packets.
+
+
+
+
+ Outgoing packets.
+
+
+
+
+ Forwarding packets.
+
+
+
+
+ The empty string value is permitted here to allow for empty elements associated with variable references.
+
+
+
+
+
+
+
+ The EntityStatePacketDirectionType complex type restricts a string value to a specific set of values that specify the direction of network packets. The empty string is also allowed to support empty elements associated with variable references.
+
+
+
+
+
+ Incoming packets.
+
+
+
+
+ Outgoing packets.
+
+
+
+
+ Forwarding packets.
+
+
+
+
+ The empty string value is permitted here to allow for empty elements associated with variable references.
+
+
+
+
+
+
+
+ The EntityObjectFilteringActionType complex type restricts a string value to a specific set of values that specify the filtering action of the network firewall. The empty string is also allowed to support empty elements associated with variable references.
+
+
+
+
+
+ Network packets that are allowed by the firewall.
+
+
+
+
+ Network packets that are denied by the firewall.
+
+
+
+
+ The empty string value is permitted here to allow for empty elements associated with variable references.
+
+
+
+
+
+
+
+ The EntityStateFilteringActionType complex type restricts a string value to a specific set of values that specify the filtering action of the network firewall. The empty string is also allowed to support empty elements associated with variable references.
+
+
+
+
+
+ Network packets that are allowed by the firewall.
+
+
+
+
+ Network packets that are denied by the firewall.
+
+
+
+
+ The empty string value is permitted here to allow for empty elements associated with variable references.
+
+
+
+
+
diff --git a/oval-schemas/unix-system-characteristics-schema.xsd b/oval-schemas/unix-system-characteristics-schema.xsd
index ab7a428..a804eff 100644
--- a/oval-schemas/unix-system-characteristics-schema.xsd
+++ b/oval-schemas/unix-system-characteristics-schema.xsd
@@ -1212,6 +1212,68 @@
+
+
+
+
+
+ This item stores results from checking the living configuration of the network firewall on a UNIX system.
+
+
+
+
+
+
+
+ The direction (incoming, outgoing or forwarding) of the network packets.
+
+
+
+
+ This is the name of the input interface (eth0, eth1, fw0, etc.).
+
+
+
+
+ This is the name of the output interface (eth0, eth1, fw0, etc.).
+
+
+
+
+ Action taken on a network packet by the network firewall based on its configuration.
+
+
+
+
+ The transport_protocol entity defines the specific transport-layer protocol, in lowercase: sctp, tcp or udp.
+
+
+
+
+ Source address of the packets. According to this OVAL datatype, it describes any IPv4/IPv6 address, address prefix, or its string representation. Note that the IP address can be IPv4 or IPv6.
+
+
+
+
+ Source port of the packets.
+
+
+
+
+ Destination address of the packets. According to this OVAL datatype, it describes any IPv4/IPv6 address, address prefix, or its string representation. Note that the IP address can be IPv4 or IPv6.
+
+
+
+
+ Destination port of the packets.
+
+
+
+
+
+
+
+
@@ -1865,4 +1927,57 @@ ACTIVE_DEAD_GATEWAY_DETECTION
+
+
+ The EntityItemPacketDirectionType complex type restricts a string value to a specific set of values that specify the direction of network packets. The empty string is also allowed to support empty elements associated with variable references.
+
+
+
+
+
+ Incoming packets.
+
+
+
+
+ Outgoing packets.
+
+
+
+
+ Forwarding packets.
+
+
+
+
+ The empty string value is permitted here to allow for empty elements associated with variable references.
+
+
+
+
+
+
+
+ The EntityItemFilteringActionType complex type restricts a string value to a specific set of values that specify the filtering action of the network firewall. The empty string is also allowed to support empty elements associated with variable references.
+
+
+
+
+
+ Network packets that are allowed by the firewall.
+
+
+
+
+ Network packets that are denied by the firewall.
+
+
+
+
+ The empty string value is permitted here to allow for empty elements associated with variable references.
+
+
+
+
+