mirror of
https://github.com/fwbuilder/fwbuilder
synced 2026-03-20 18:27:16 +01:00
see #2252 compilers for iosacl and pix automatically increment/decrement port range boundaries to make tcp/udp port ranges defined in tcp/udp service objects inclusive
This commit is contained in:
Vadim Kurland
parent
63391fefda
commit
0e3bf10cb9
@ -1,3 +1,21 @@
|
||||
2011-03-21 vadim <vadim@netcitadel.com>
|
||||
|
||||
* PortRangeConverter.h (PortRangeConverter): see #2252 TCP and UDP
|
||||
service objects that define port ranges assume port ranges are
|
||||
inclusive, that is range boundaries are included in the
|
||||
match. This is the behavior of port range matches in iptables and
|
||||
PF, however policy compilers for Cisco IOS ACL and PIX used to
|
||||
convert these objects into ios and pix access list configurations
|
||||
that excluded port range boundaries from the match. This behavior
|
||||
made TCP and UDP service objects with port ranges incompatible
|
||||
between firewall platforms, that is, the same object could not be
|
||||
used in rules of firewall objects of different platforms because
|
||||
generated configurations would behave differently. This change
|
||||
makes port ranges inclusive in generated IOS and PIX
|
||||
configurations. Users should verify their configurations and
|
||||
adjust port range boundaries in TCP and UDP service objects if
|
||||
necessary.
|
||||
|
||||
2011-03-20 vadim <vadim@netcitadel.com>
|
||||
|
||||
* ImportFirewallConfigurationWizard.cpp (accept): see #2253
|
||||
|
||||
@ -6,8 +6,6 @@
|
||||
|
||||
Author: Vadim Kurland vadim@vk.crocodile.org
|
||||
|
||||
$Id$
|
||||
|
||||
This program is free software which we release under the GNU General Public
|
||||
License. You may redistribute and/or modify this program under the terms
|
||||
of that license as published by the Free Software Foundation; either
|
||||
@ -365,6 +363,9 @@ namespace fwcompiler
|
||||
|
||||
bool init;
|
||||
std::string current_rule_label;
|
||||
|
||||
std::string _printPortRangeOp(int rs, int re);
|
||||
|
||||
std::string _printSrcService(libfwbuilder::Service *srv);
|
||||
std::string _printDstService(libfwbuilder::Service *srv);
|
||||
virtual void _printPort(libfwbuilder::Service *srv);
|
||||
|
||||
@ -26,6 +26,7 @@
|
||||
#include "config.h"
|
||||
|
||||
#include "NATCompiler_pix.h"
|
||||
#include "PortRangeConverter.h"
|
||||
|
||||
#include "fwbuilder/FWObjectDatabase.h"
|
||||
#include "fwbuilder/RuleElement.h"
|
||||
@ -85,60 +86,44 @@ void NATCompiler_pix::PrintRule::_printPort(Service *srv)
|
||||
{
|
||||
if (TCPService::isA(srv) || UDPService::isA(srv))
|
||||
{
|
||||
int drs=TCPUDPService::cast(srv)->getDstRangeStart();
|
||||
int drs = TCPUDPService::cast(srv)->getDstRangeStart();
|
||||
|
||||
if (drs!=0) compiler->output << drs << " ";
|
||||
}
|
||||
}
|
||||
|
||||
string NATCompiler_pix::PrintRule::_printPortRangeOp(int rs, int re)
|
||||
{
|
||||
return PortRangeConverter(rs, re).toString();
|
||||
}
|
||||
|
||||
string NATCompiler_pix::PrintRule::_printSrcService(Service *srv)
|
||||
{
|
||||
ostringstream str;
|
||||
|
||||
if (TCPService::isA(srv) || UDPService::isA(srv))
|
||||
{
|
||||
int rs=TCPUDPService::cast(srv)->getSrcRangeStart();
|
||||
int re=TCPUDPService::cast(srv)->getSrcRangeEnd();
|
||||
|
||||
if (rs<0) rs=0;
|
||||
if (re<0) re=0;
|
||||
|
||||
if (rs>0 || re>0) {
|
||||
if (rs==re) str << "eq " << rs;
|
||||
else
|
||||
if (rs==0 && re!=0) str << "lt " << re;
|
||||
else
|
||||
if (rs!=0 && re==65535) str << "gt " << rs;
|
||||
else
|
||||
str << "range " << rs << " " << re;
|
||||
}
|
||||
int rs = TCPUDPService::cast(srv)->getSrcRangeStart();
|
||||
int re = TCPUDPService::cast(srv)->getSrcRangeEnd();
|
||||
return _printPortRangeOp(rs, re);
|
||||
}
|
||||
return str.str();
|
||||
return "";
|
||||
}
|
||||
|
||||
string NATCompiler_pix::PrintRule::_printDstService(Service *srv)
|
||||
{
|
||||
ostringstream str;
|
||||
|
||||
if (TCPService::isA(srv) || UDPService::isA(srv)) {
|
||||
int rs=TCPUDPService::cast(srv)->getDstRangeStart();
|
||||
int re=TCPUDPService::cast(srv)->getDstRangeEnd();
|
||||
|
||||
if (rs<0) rs=0;
|
||||
if (re<0) re=0;
|
||||
|
||||
if (rs>0 || re>0) {
|
||||
if (rs==re) str << "eq " << rs;
|
||||
else
|
||||
if (rs==0 && re!=0) str << "lt " << re;
|
||||
else
|
||||
if (rs!=0 && re==65535) str << "gt " << rs;
|
||||
else
|
||||
str << "range " << rs << " " << re;
|
||||
}
|
||||
if (TCPService::isA(srv) || UDPService::isA(srv))
|
||||
{
|
||||
int rs = TCPUDPService::cast(srv)->getDstRangeStart();
|
||||
int re = TCPUDPService::cast(srv)->getDstRangeEnd();
|
||||
str << _printPortRangeOp(rs, re);
|
||||
}
|
||||
|
||||
if (ICMPService::isA(srv) && srv->getInt("type")!=-1)
|
||||
str << srv->getStr("type") << " ";
|
||||
{
|
||||
str << srv->getStr("type") << " ";
|
||||
}
|
||||
|
||||
return str.str();
|
||||
}
|
||||
|
||||
|
||||
@ -212,6 +212,8 @@ namespace fwcompiler {
|
||||
std::map<std::string,std::string> current_rule_label2;
|
||||
int aclLineCounter;
|
||||
|
||||
std::string _printPortRangeOp(int rs, int re);
|
||||
|
||||
std::string getTcpFlagName(const libfwbuilder::TCPService::TCPFlag f);
|
||||
std::string _printSrcService(libfwbuilder::Service *srv);
|
||||
std::string _printDstService(libfwbuilder::Service *srv);
|
||||
|
||||
@ -26,6 +26,7 @@
|
||||
#include "PolicyCompiler_iosacl.h"
|
||||
#include "IOSObjectGroup.h"
|
||||
#include "NamedObjectsAndGroupsSupport.h"
|
||||
#include "PortRangeConverter.h"
|
||||
|
||||
#include "fwbuilder/Firewall.h"
|
||||
#include "fwbuilder/AddressRange.h"
|
||||
@ -346,30 +347,21 @@ string PolicyCompiler_iosacl::PrintRule::_printLog(PolicyRule *rule)
|
||||
return "";
|
||||
}
|
||||
|
||||
string PolicyCompiler_iosacl::PrintRule::_printPortRangeOp(int rs, int re)
|
||||
{
|
||||
return PortRangeConverter(rs, re).toString();
|
||||
}
|
||||
|
||||
string PolicyCompiler_iosacl::PrintRule::_printSrcService(Service *srv)
|
||||
{
|
||||
ostringstream str;
|
||||
|
||||
if (TCPService::isA(srv) || UDPService::isA(srv))
|
||||
{
|
||||
int rs=TCPUDPService::cast(srv)->getSrcRangeStart();
|
||||
int re=TCPUDPService::cast(srv)->getSrcRangeEnd();
|
||||
|
||||
if (rs<0) rs=0;
|
||||
if (re<0) re=0;
|
||||
|
||||
if (rs>0 || re>0) {
|
||||
if (rs==re) str << "eq " << rs << " ";
|
||||
else
|
||||
if (rs==0 && re!=0) str << "lt " << re << " ";
|
||||
else
|
||||
if (rs!=0 && re==65535) str << "gt " << rs << " ";
|
||||
else
|
||||
str << "range " << rs << " " << re << " ";
|
||||
}
|
||||
int rs = TCPUDPService::cast(srv)->getSrcRangeStart();
|
||||
int re = TCPUDPService::cast(srv)->getSrcRangeEnd();
|
||||
return _printPortRangeOp(rs, re);
|
||||
}
|
||||
|
||||
return str.str();
|
||||
return "";
|
||||
}
|
||||
|
||||
string PolicyCompiler_iosacl::PrintRule::_printIPServiceOptions(PolicyRule *r)
|
||||
@ -407,21 +399,9 @@ string PolicyCompiler_iosacl::PrintRule::_printDstService(Service *srv)
|
||||
|
||||
if (TCPService::isA(srv) || UDPService::isA(srv))
|
||||
{
|
||||
int rs=TCPUDPService::cast(srv)->getDstRangeStart();
|
||||
int re=TCPUDPService::cast(srv)->getDstRangeEnd();
|
||||
|
||||
if (rs<0) rs=0;
|
||||
if (re<0) re=0;
|
||||
|
||||
if (rs>0 || re>0) {
|
||||
if (rs==re) str << "eq " << rs << " ";
|
||||
else
|
||||
if (rs==0 && re!=0) str << "lt " << re << " ";
|
||||
else
|
||||
if (rs!=0 && re==65535) str << "gt " << rs << " ";
|
||||
else
|
||||
str << "range " << rs << " " << re << " ";
|
||||
}
|
||||
int rs = TCPUDPService::cast(srv)->getDstRangeStart();
|
||||
int re = TCPUDPService::cast(srv)->getDstRangeEnd();
|
||||
str << _printPortRangeOp(rs, re);
|
||||
}
|
||||
|
||||
if (TCPService::isA(srv))
|
||||
@ -430,8 +410,11 @@ string PolicyCompiler_iosacl::PrintRule::_printDstService(Service *srv)
|
||||
else str << _printTCPFlags(TCPService::cast(srv));
|
||||
}
|
||||
|
||||
if ((ICMPService::isA(srv) || ICMP6Service::isA(srv)) && srv->getInt("type")!=-1)
|
||||
str << srv->getStr("type") << " ";
|
||||
if ((ICMPService::isA(srv) || ICMP6Service::isA(srv)) &&
|
||||
srv->getInt("type")!=-1)
|
||||
{
|
||||
str << srv->getStr("type") << " ";
|
||||
}
|
||||
|
||||
if (CustomService::isA(srv))
|
||||
str << CustomService::cast(srv)->getCodeForPlatform(
|
||||
|
||||
@ -276,6 +276,8 @@ namespace fwcompiler {
|
||||
std::list<std::string> seen_icmp_commands;
|
||||
int aclLineCounter;
|
||||
|
||||
std::string _printPortRangeOp(int rs, int re);
|
||||
|
||||
std::string _printSingleSSHTelnetCommand(int port,
|
||||
libfwbuilder::Address *a,
|
||||
const std::string &interfaceLabel);
|
||||
|
||||
@ -26,6 +26,7 @@
|
||||
#include "PolicyCompiler_pix.h"
|
||||
#include "PIXObjectGroup.h"
|
||||
#include "NamedObjectsManager.h"
|
||||
#include "PortRangeConverter.h"
|
||||
|
||||
#include "fwbuilder/Firewall.h"
|
||||
#include "fwbuilder/AddressRange.h"
|
||||
@ -140,30 +141,20 @@ string PolicyCompiler_pix::PrintRule::_printLog(PolicyRule *rule)
|
||||
return str.join(" ").toStdString();
|
||||
}
|
||||
|
||||
string PolicyCompiler_pix::PrintRule::_printPortRangeOp(int rs, int re)
|
||||
{
|
||||
return PortRangeConverter(rs, re).toString();
|
||||
}
|
||||
|
||||
string PolicyCompiler_pix::PrintRule::_printSrcService(Service *srv)
|
||||
{
|
||||
ostringstream str;
|
||||
|
||||
if (TCPService::isA(srv) || UDPService::isA(srv))
|
||||
{
|
||||
int rs=TCPUDPService::cast(srv)->getSrcRangeStart();
|
||||
int re=TCPUDPService::cast(srv)->getSrcRangeEnd();
|
||||
|
||||
if (rs<0) rs=0;
|
||||
if (re<0) re=0;
|
||||
|
||||
if (rs>0 || re>0)
|
||||
{
|
||||
if (rs==re) str << "eq " << rs << " ";
|
||||
else
|
||||
if (rs==0 && re!=0) str << "lt " << re << " ";
|
||||
else
|
||||
if (rs!=0 && re==65535) str << "gt " << rs << " ";
|
||||
else
|
||||
str << "range " << rs << " " << re << " ";
|
||||
}
|
||||
int rs = TCPUDPService::cast(srv)->getSrcRangeStart();
|
||||
int re = TCPUDPService::cast(srv)->getSrcRangeEnd();
|
||||
return _printPortRangeOp(rs, re);
|
||||
}
|
||||
return str.str();
|
||||
return "";
|
||||
}
|
||||
|
||||
string PolicyCompiler_pix::PrintRule::_printDstService(Service *srv)
|
||||
@ -174,27 +165,19 @@ string PolicyCompiler_pix::PrintRule::_printDstService(Service *srv)
|
||||
{
|
||||
int rs=TCPUDPService::cast(srv)->getDstRangeStart();
|
||||
int re=TCPUDPService::cast(srv)->getDstRangeEnd();
|
||||
|
||||
if (rs<0) rs=0;
|
||||
if (re<0) re=0;
|
||||
|
||||
if (rs>0 || re>0)
|
||||
{
|
||||
if (rs==re) str << "eq " << rs << " ";
|
||||
else
|
||||
if (rs==0 && re!=0) str << "lt " << re << " ";
|
||||
else
|
||||
if (rs!=0 && re==65535) str << "gt " << rs << " ";
|
||||
else
|
||||
str << "range " << rs << " " << re << " ";
|
||||
}
|
||||
str << _printPortRangeOp(rs, re);
|
||||
}
|
||||
|
||||
if (ICMPService::isA(srv) && srv->getInt("type")!=-1)
|
||||
str << srv->getStr("type") << " ";
|
||||
{
|
||||
str << srv->getStr("type") << " ";
|
||||
}
|
||||
|
||||
if (CustomService::isA(srv))
|
||||
{
|
||||
str << CustomService::cast(srv)->getCodeForPlatform(
|
||||
compiler->myPlatformName() ) << " ";
|
||||
}
|
||||
|
||||
const IPService *ip_srv = IPService::constcast(srv);
|
||||
if (ip_srv && ip_srv->hasIpOptions())
|
||||
|
||||
74
src/cisco_lib/PortRangeConverter.h
Normal file
74
src/cisco_lib/PortRangeConverter.h
Normal file
@ -0,0 +1,74 @@
|
||||
/*
|
||||
|
||||
Firewall Builder
|
||||
|
||||
Copyright (C) 2011 NetCitadel, LLC
|
||||
|
||||
Author: Vadim Kurland vadim@fwbuilder.org
|
||||
|
||||
This program is free software which we release under the GNU General Public
|
||||
License. You may redistribute and/or modify this program under the terms
|
||||
of that license as published by the Free Software Foundation; either
|
||||
version 2 of the License, or (at your option) any later version.
|
||||
|
||||
This program is distributed in the hope that it will be useful,
|
||||
but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
GNU General Public License for more details.
|
||||
|
||||
To get a copy of the GNU General Public License, write to the Free Software
|
||||
Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
|
||||
|
||||
*/
|
||||
|
||||
#ifndef _PORT_RANGE_CONVERTER_HH
|
||||
#define _PORT_RANGE_CONVERTER_HH
|
||||
|
||||
#include <string>
|
||||
#include <sstream>
|
||||
|
||||
|
||||
class PortRangeConverter
|
||||
{
|
||||
int rs;
|
||||
int re;
|
||||
|
||||
public:
|
||||
|
||||
PortRangeConverter(int range_start, int range_end)
|
||||
{ rs = range_start; re = range_end; }
|
||||
|
||||
std::string toString()
|
||||
{
|
||||
std::ostringstream str;
|
||||
|
||||
if (rs<0) rs = 0;
|
||||
if (re<0) re = 0;
|
||||
|
||||
if (rs>0 || re>0)
|
||||
{
|
||||
if (rs==re) str << "eq " << rs << " ";
|
||||
else
|
||||
{
|
||||
if (rs==0 && re!=0)
|
||||
{
|
||||
str << "lt " << re + 1 << " ";
|
||||
} else
|
||||
{
|
||||
if (rs!=0 && re==65535)
|
||||
{
|
||||
str << "gt " << rs - 1 << " ";
|
||||
} else
|
||||
{
|
||||
str << "range " << rs << " " << re << " ";
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
return str.str();
|
||||
}
|
||||
};
|
||||
|
||||
#endif
|
||||
|
||||
@ -59,6 +59,7 @@ SOURCES = PolicyCompiler_cisco.cpp \
|
||||
AutomaticRules_iosacl.cpp
|
||||
|
||||
HEADERS = ../../config.h \
|
||||
PortRangeConverter.h \
|
||||
splitByNetworkZonesForRE.h \
|
||||
specialServices.h \
|
||||
ACL.h \
|
||||
|
||||
@ -1,9 +1,9 @@
|
||||
!
|
||||
! This is automatically generated file. DO NOT MODIFY !
|
||||
!
|
||||
! Firewall Builder fwb_iosacl v4.2.0.3499
|
||||
! Firewall Builder fwb_iosacl v4.2.0.3505
|
||||
!
|
||||
! Generated Sat Mar 12 19:44:06 2011 PST by vadim
|
||||
! Generated Mon Mar 21 12:45:58 2011 PDT by vadim
|
||||
!
|
||||
! Compiled for iosacl 12.1
|
||||
!
|
||||
|
||||
@ -1,9 +1,9 @@
|
||||
!
|
||||
! This is automatically generated file. DO NOT MODIFY !
|
||||
!
|
||||
! Firewall Builder fwb_iosacl v4.2.0.3499
|
||||
! Firewall Builder fwb_iosacl v4.2.0.3505
|
||||
!
|
||||
! Generated Sat Mar 12 19:44:06 2011 PST by vadim
|
||||
! Generated Mon Mar 21 12:45:58 2011 PDT by vadim
|
||||
!
|
||||
! Compiled for iosacl 12.1
|
||||
!
|
||||
|
||||
@ -1,9 +1,9 @@
|
||||
!
|
||||
! This is automatically generated file. DO NOT MODIFY !
|
||||
!
|
||||
! Firewall Builder fwb_iosacl v4.2.0.3499
|
||||
! Firewall Builder fwb_iosacl v4.2.0.3505
|
||||
!
|
||||
! Generated Sat Mar 12 19:44:06 2011 PST by vadim
|
||||
! Generated Mon Mar 21 12:45:58 2011 PDT by vadim
|
||||
!
|
||||
! Compiled for iosacl 12.1
|
||||
!
|
||||
|
||||
@ -1,9 +1,9 @@
|
||||
!
|
||||
! This is automatically generated file. DO NOT MODIFY !
|
||||
!
|
||||
! Firewall Builder fwb_iosacl v4.2.0.3499
|
||||
! Firewall Builder fwb_iosacl v4.2.0.3505
|
||||
!
|
||||
! Generated Sat Mar 12 19:44:06 2011 PST by vadim
|
||||
! Generated Mon Mar 21 12:45:58 2011 PDT by vadim
|
||||
!
|
||||
! Compiled for iosacl 12.4
|
||||
!
|
||||
@ -150,9 +150,9 @@ ipv6 access-list ipv6_fe0_0_in
|
||||
!
|
||||
! Rule 1 (FastEthernet0/0)
|
||||
! object-groups can not be used for ipv6
|
||||
permit udp host 2001:5c0:0:2::24 host fe80::21d:9ff:fe8b:8e94 gt 1024
|
||||
permit udp host 2001:5c0:0:2::24 host fe80::21d:9ff:fe8b:8e94 gt 1023
|
||||
permit udp host 2001:5c0:0:2::24 host fe80::21d:9ff:fe8b:8e94 eq 161
|
||||
permit udp host 3ffe:1200:2001:1:8000::1 host fe80::21d:9ff:fe8b:8e94 gt 1024
|
||||
permit udp host 3ffe:1200:2001:1:8000::1 host fe80::21d:9ff:fe8b:8e94 gt 1023
|
||||
permit udp host 3ffe:1200:2001:1:8000::1 host fe80::21d:9ff:fe8b:8e94 eq 161
|
||||
!
|
||||
! Rule 12 (global)
|
||||
|
||||
@ -1,9 +1,9 @@
|
||||
!
|
||||
! This is automatically generated file. DO NOT MODIFY !
|
||||
!
|
||||
! Firewall Builder fwb_iosacl v4.2.0.3499
|
||||
! Firewall Builder fwb_iosacl v4.2.0.3505
|
||||
!
|
||||
! Generated Sat Mar 12 19:44:06 2011 PST by vadim
|
||||
! Generated Mon Mar 21 12:45:59 2011 PDT by vadim
|
||||
!
|
||||
! Compiled for iosacl 12.1
|
||||
!
|
||||
|
||||
@ -1,9 +1,9 @@
|
||||
!
|
||||
! This is automatically generated file. DO NOT MODIFY !
|
||||
!
|
||||
! Firewall Builder fwb_iosacl v4.2.0.3499
|
||||
! Firewall Builder fwb_iosacl v4.2.0.3505
|
||||
!
|
||||
! Generated Sat Mar 12 19:44:06 2011 PST by vadim
|
||||
! Generated Mon Mar 21 12:45:59 2011 PDT by vadim
|
||||
!
|
||||
! Compiled for iosacl 12.1
|
||||
!
|
||||
|
||||
@ -1,9 +1,9 @@
|
||||
!
|
||||
! This is automatically generated file. DO NOT MODIFY !
|
||||
!
|
||||
! Firewall Builder fwb_iosacl v4.2.0.3499
|
||||
! Firewall Builder fwb_iosacl v4.2.0.3505
|
||||
!
|
||||
! Generated Sat Mar 12 19:44:07 2011 PST by vadim
|
||||
! Generated Mon Mar 21 12:45:59 2011 PDT by vadim
|
||||
!
|
||||
! Compiled for iosacl 12.1
|
||||
!
|
||||
|
||||
@ -1,9 +1,9 @@
|
||||
!
|
||||
! This is automatically generated file. DO NOT MODIFY !
|
||||
!
|
||||
! Firewall Builder fwb_iosacl v4.2.0.3499
|
||||
! Firewall Builder fwb_iosacl v4.2.0.3505
|
||||
!
|
||||
! Generated Sat Mar 12 19:44:07 2011 PST by vadim
|
||||
! Generated Mon Mar 21 12:46:00 2011 PDT by vadim
|
||||
!
|
||||
! Compiled for iosacl 12.1
|
||||
!
|
||||
|
||||
@ -1,9 +1,9 @@
|
||||
!
|
||||
! This is automatically generated file. DO NOT MODIFY !
|
||||
!
|
||||
! Firewall Builder fwb_iosacl v4.2.0.3499
|
||||
! Firewall Builder fwb_iosacl v4.2.0.3505
|
||||
!
|
||||
! Generated Sat Mar 12 19:44:07 2011 PST by vadim
|
||||
! Generated Mon Mar 21 12:45:59 2011 PDT by vadim
|
||||
!
|
||||
! Compiled for iosacl 12.1
|
||||
!
|
||||
|
||||
@ -1,9 +1,9 @@
|
||||
!
|
||||
! This is automatically generated file. DO NOT MODIFY !
|
||||
!
|
||||
! Firewall Builder fwb_iosacl v4.2.0.3499
|
||||
! Firewall Builder fwb_iosacl v4.2.0.3505
|
||||
!
|
||||
! Generated Sat Mar 12 19:44:07 2011 PST by vadim
|
||||
! Generated Mon Mar 21 12:46:00 2011 PDT by vadim
|
||||
!
|
||||
! Compiled for iosacl 12.1
|
||||
!
|
||||
|
||||
@ -1,9 +1,9 @@
|
||||
!
|
||||
! This is automatically generated file. DO NOT MODIFY !
|
||||
!
|
||||
! Firewall Builder fwb_iosacl v4.2.0.3499
|
||||
! Firewall Builder fwb_iosacl v4.2.0.3505
|
||||
!
|
||||
! Generated Sat Mar 12 19:44:07 2011 PST by vadim
|
||||
! Generated Mon Mar 21 12:46:00 2011 PDT by vadim
|
||||
!
|
||||
! Compiled for iosacl 12.3
|
||||
!
|
||||
|
||||
@ -1,9 +1,9 @@
|
||||
!
|
||||
! This is automatically generated file. DO NOT MODIFY !
|
||||
!
|
||||
! Firewall Builder fwb_iosacl v4.2.0.3499
|
||||
! Firewall Builder fwb_iosacl v4.2.0.3505
|
||||
!
|
||||
! Generated Sat Mar 12 19:44:07 2011 PST by vadim
|
||||
! Generated Mon Mar 21 12:46:00 2011 PDT by vadim
|
||||
!
|
||||
! Compiled for iosacl 12.4
|
||||
!
|
||||
|
||||
@ -1,9 +1,9 @@
|
||||
!
|
||||
! This is automatically generated file. DO NOT MODIFY !
|
||||
!
|
||||
! Firewall Builder fwb_iosacl v4.2.0.3499
|
||||
! Firewall Builder fwb_iosacl v4.2.0.3505
|
||||
!
|
||||
! Generated Sat Mar 12 19:44:08 2011 PST by vadim
|
||||
! Generated Mon Mar 21 12:46:00 2011 PDT by vadim
|
||||
!
|
||||
! Compiled for iosacl 12.1
|
||||
!
|
||||
|
||||
@ -1,9 +1,9 @@
|
||||
!
|
||||
! This is automatically generated file. DO NOT MODIFY !
|
||||
!
|
||||
! Firewall Builder fwb_iosacl v4.2.0.3499
|
||||
! Firewall Builder fwb_iosacl v4.2.0.3505
|
||||
!
|
||||
! Generated Sat Mar 12 19:44:08 2011 PST by vadim
|
||||
! Generated Mon Mar 21 12:46:00 2011 PDT by vadim
|
||||
!
|
||||
! Compiled for iosacl 12.4
|
||||
!
|
||||
|
||||
@ -1,9 +1,9 @@
|
||||
!
|
||||
! This is automatically generated file. DO NOT MODIFY !
|
||||
!
|
||||
! Firewall Builder fwb_iosacl v4.2.0.3499
|
||||
! Firewall Builder fwb_iosacl v4.2.0.3505
|
||||
!
|
||||
! Generated Sat Mar 12 19:44:08 2011 PST by vadim
|
||||
! Generated Mon Mar 21 12:46:01 2011 PDT by vadim
|
||||
!
|
||||
! Compiled for iosacl 12.4
|
||||
!
|
||||
|
||||
@ -1,9 +1,9 @@
|
||||
!
|
||||
! This is automatically generated file. DO NOT MODIFY !
|
||||
!
|
||||
! Firewall Builder fwb_iosacl v4.2.0.3499
|
||||
! Firewall Builder fwb_iosacl v4.2.0.3505
|
||||
!
|
||||
! Generated Sat Mar 12 19:44:08 2011 PST by vadim
|
||||
! Generated Mon Mar 21 12:46:01 2011 PDT by vadim
|
||||
!
|
||||
! Compiled for iosacl 12.4
|
||||
!
|
||||
|
||||
@ -1,9 +1,9 @@
|
||||
!
|
||||
! This is automatically generated file. DO NOT MODIFY !
|
||||
!
|
||||
! Firewall Builder fwb_pix v4.2.0.3499
|
||||
! Firewall Builder fwb_pix v4.2.0.3505
|
||||
!
|
||||
! Generated Sat Mar 12 19:45:58 2011 PST by vadim
|
||||
! Generated Mon Mar 21 12:46:39 2011 PDT by vadim
|
||||
!
|
||||
! Compiled for pix 7.0
|
||||
! Outbound ACLs: supported
|
||||
|
||||
@ -1,9 +1,9 @@
|
||||
!
|
||||
! This is automatically generated file. DO NOT MODIFY !
|
||||
!
|
||||
! Firewall Builder fwb_pix v4.2.0.3499
|
||||
! Firewall Builder fwb_pix v4.2.0.3505
|
||||
!
|
||||
! Generated Sat Mar 12 19:45:59 2011 PST by vadim
|
||||
! Generated Mon Mar 21 12:46:39 2011 PDT by vadim
|
||||
!
|
||||
! Compiled for pix 7.0
|
||||
! Outbound ACLs: supported
|
||||
|
||||
@ -1,9 +1,9 @@
|
||||
!
|
||||
! This is automatically generated file. DO NOT MODIFY !
|
||||
!
|
||||
! Firewall Builder fwb_pix v4.2.0.3499
|
||||
! Firewall Builder fwb_pix v4.2.0.3505
|
||||
!
|
||||
! Generated Sat Mar 12 19:45:58 2011 PST by vadim
|
||||
! Generated Mon Mar 21 12:46:39 2011 PDT by vadim
|
||||
!
|
||||
! Compiled for pix 7.0
|
||||
! Outbound ACLs: supported
|
||||
|
||||
@ -1,9 +1,9 @@
|
||||
!
|
||||
! This is automatically generated file. DO NOT MODIFY !
|
||||
!
|
||||
! Firewall Builder fwb_pix v4.2.0.3499
|
||||
! Firewall Builder fwb_pix v4.2.0.3505
|
||||
!
|
||||
! Generated Sat Mar 12 19:45:58 2011 PST by vadim
|
||||
! Generated Mon Mar 21 12:46:39 2011 PDT by vadim
|
||||
!
|
||||
! Compiled for pix 7.0
|
||||
! Outbound ACLs: supported
|
||||
|
||||
@ -1,9 +1,9 @@
|
||||
!
|
||||
! This is automatically generated file. DO NOT MODIFY !
|
||||
!
|
||||
! Firewall Builder fwb_pix v4.2.0.3499
|
||||
! Firewall Builder fwb_pix v4.2.0.3505
|
||||
!
|
||||
! Generated Sat Mar 12 19:45:46 2011 PST by vadim
|
||||
! Generated Mon Mar 21 12:46:26 2011 PDT by vadim
|
||||
!
|
||||
! Compiled for pix 6.2
|
||||
! Outbound ACLs: not supported
|
||||
@ -534,9 +534,9 @@ access-list inside_acl_in permit udp any 192.168.1.0 255.255.255.0 eq 4000
|
||||
access-list dmz_acl_in permit udp any 192.168.1.0 255.255.255.0 eq 4000
|
||||
!
|
||||
! Rule 20 (global)
|
||||
access-list outside_acl_in permit tcp any gt 1024 host 192.168.1.10 eq 80
|
||||
access-list inside_acl_in permit tcp any gt 1024 host 192.168.1.10 eq 80
|
||||
access-list dmz_acl_in permit tcp any gt 1024 host 192.168.1.10 eq 80
|
||||
access-list outside_acl_in permit tcp any gt 1023 host 192.168.1.10 eq 80
|
||||
access-list inside_acl_in permit tcp any gt 1023 host 192.168.1.10 eq 80
|
||||
access-list dmz_acl_in permit tcp any gt 1023 host 192.168.1.10 eq 80
|
||||
!
|
||||
! Rule 23 (global)
|
||||
access-list outside_acl_in permit ip host 22.22.22.22 host 22.22.22.22
|
||||
|
||||
@ -1,9 +1,9 @@
|
||||
!
|
||||
! This is automatically generated file. DO NOT MODIFY !
|
||||
!
|
||||
! Firewall Builder fwb_pix v4.2.0.3499
|
||||
! Firewall Builder fwb_pix v4.2.0.3505
|
||||
!
|
||||
! Generated Sat Mar 12 19:45:46 2011 PST by vadim
|
||||
! Generated Mon Mar 21 12:46:26 2011 PDT by vadim
|
||||
!
|
||||
! Compiled for pix 6.1
|
||||
! Outbound ACLs: not supported
|
||||
|
||||
@ -1,9 +1,9 @@
|
||||
!
|
||||
! This is automatically generated file. DO NOT MODIFY !
|
||||
!
|
||||
! Firewall Builder fwb_pix v4.2.0.3499
|
||||
! Firewall Builder fwb_pix v4.2.0.3505
|
||||
!
|
||||
! Generated Sat Mar 12 19:45:46 2011 PST by vadim
|
||||
! Generated Mon Mar 21 12:46:27 2011 PDT by vadim
|
||||
!
|
||||
! Compiled for pix 6.3
|
||||
! Outbound ACLs: not supported
|
||||
@ -355,7 +355,7 @@ global (outside) 1 22.22.22.21-22.22.22.25 netmask 255.255.255.0
|
||||
!
|
||||
!
|
||||
! Rule 4 (NAT)
|
||||
access-list id3DB0F94E.0 permit tcp host 192.168.1.10 eq 25 any
|
||||
access-list id3DB0F94E.0 permit tcp host 192.168.1.10 eq 25 any
|
||||
static (inside,outside) tcp interface 25 access-list id3DB0F94E.0 0 0
|
||||
!
|
||||
! Rule 5 (NAT)
|
||||
|
||||
@ -1,9 +1,9 @@
|
||||
!
|
||||
! This is automatically generated file. DO NOT MODIFY !
|
||||
!
|
||||
! Firewall Builder fwb_pix v4.2.0.3499
|
||||
! Firewall Builder fwb_pix v4.2.0.3505
|
||||
!
|
||||
! Generated Sat Mar 12 19:45:47 2011 PST by vadim
|
||||
! Generated Mon Mar 21 12:46:27 2011 PDT by vadim
|
||||
!
|
||||
! Compiled for pix 6.2
|
||||
! Outbound ACLs: not supported
|
||||
|
||||
@ -1,9 +1,9 @@
|
||||
!
|
||||
! This is automatically generated file. DO NOT MODIFY !
|
||||
!
|
||||
! Firewall Builder fwb_pix v4.2.0.3499
|
||||
! Firewall Builder fwb_pix v4.2.0.3505
|
||||
!
|
||||
! Generated Sat Mar 12 19:45:47 2011 PST by vadim
|
||||
! Generated Mon Mar 21 12:46:27 2011 PDT by vadim
|
||||
!
|
||||
! Compiled for pix 6.3
|
||||
! Outbound ACLs: not supported
|
||||
@ -169,7 +169,7 @@ global (dmz50) 1 interface
|
||||
!
|
||||
!
|
||||
! Rule 1 (NAT)
|
||||
access-list id3F8F95A0.0 permit tcp host 10.3.14.30 eq 80 any
|
||||
access-list id3F8F95A0.0 permit tcp host 10.3.14.30 eq 80 any
|
||||
static (inside,outside) tcp interface 80 access-list id3F8F95A0.0 0 0
|
||||
|
||||
|
||||
|
||||
@ -1,9 +1,9 @@
|
||||
!
|
||||
! This is automatically generated file. DO NOT MODIFY !
|
||||
!
|
||||
! Firewall Builder fwb_pix v4.2.0.3499
|
||||
! Firewall Builder fwb_pix v4.2.0.3505
|
||||
!
|
||||
! Generated Sat Mar 12 19:45:47 2011 PST by vadim
|
||||
! Generated Mon Mar 21 12:46:28 2011 PDT by vadim
|
||||
!
|
||||
! Compiled for pix 6.3
|
||||
! Outbound ACLs: not supported
|
||||
@ -94,11 +94,11 @@ global (outside) 1 interface
|
||||
access-list id3FA34CB5.0 permit ip 10.1.2.0 255.255.255.0 209.165.200.224 255.255.255.224
|
||||
!
|
||||
! Rule 2 (NAT)
|
||||
access-list id3FA349A3.0 permit tcp 10.1.2.0 255.255.255.0 host 209.165.201.11 eq 80
|
||||
access-list id3FA349A3.0 permit tcp 10.1.2.0 255.255.255.0 host 209.165.201.11 eq 80
|
||||
nat (inside) 1 access-list id3FA349A3.0 0 0
|
||||
!
|
||||
! Rule 3 (NAT)
|
||||
access-list id3FA34CB5.0 permit tcp 10.1.2.0 255.255.255.0 host 209.165.201.11 eq 23
|
||||
access-list id3FA34CB5.0 permit tcp 10.1.2.0 255.255.255.0 host 209.165.201.11 eq 23
|
||||
!
|
||||
! Rule 4 (NAT)
|
||||
!
|
||||
@ -113,11 +113,11 @@ access-list id3FA35063.0 permit ip host 10.1.2.27 209.165.200.224 255.255.255.
|
||||
static (inside,outside) interface access-list id3FA35063.0 0 0
|
||||
!
|
||||
! Rule 7 (NAT)
|
||||
access-list id3FA44ABB.0 permit tcp host 10.1.2.27 eq 80 host 209.165.200.225
|
||||
access-list id3FA44ABB.1 permit tcp host 10.1.2.27 eq 81 host 209.165.200.225
|
||||
access-list id3FA44ABB.0 permit tcp host 10.1.2.27 eq 80 host 209.165.201.11
|
||||
access-list id3FA44ABB.0 permit tcp host 10.1.2.27 eq 80 host 209.165.200.225
|
||||
access-list id3FA44ABB.1 permit tcp host 10.1.2.27 eq 81 host 209.165.200.225
|
||||
access-list id3FA44ABB.0 permit tcp host 10.1.2.27 eq 80 host 209.165.201.11
|
||||
static (inside,outside) tcp interface 80 access-list id3FA44ABB.0 0 0
|
||||
access-list id3FA44ABB.1 permit tcp host 10.1.2.27 eq 81 host 209.165.201.11
|
||||
access-list id3FA44ABB.1 permit tcp host 10.1.2.27 eq 81 host 209.165.201.11
|
||||
static (inside,outside) tcp interface 81 access-list id3FA44ABB.1 0 0
|
||||
|
||||
|
||||
|
||||
@ -1,9 +1,9 @@
|
||||
!
|
||||
! This is automatically generated file. DO NOT MODIFY !
|
||||
!
|
||||
! Firewall Builder fwb_pix v4.2.0.3499
|
||||
! Firewall Builder fwb_pix v4.2.0.3505
|
||||
!
|
||||
! Generated Sat Mar 12 19:45:48 2011 PST by vadim
|
||||
! Generated Mon Mar 21 12:46:28 2011 PDT by vadim
|
||||
!
|
||||
! Compiled for pix 6.3
|
||||
! Outbound ACLs: not supported
|
||||
|
||||
@ -1,9 +1,9 @@
|
||||
!
|
||||
! This is automatically generated file. DO NOT MODIFY !
|
||||
!
|
||||
! Firewall Builder fwb_pix v4.2.0.3499
|
||||
! Firewall Builder fwb_pix v4.2.0.3505
|
||||
!
|
||||
! Generated Sat Mar 12 19:45:48 2011 PST by vadim
|
||||
! Generated Mon Mar 21 12:46:28 2011 PDT by vadim
|
||||
!
|
||||
! Compiled for pix 6.3
|
||||
! Outbound ACLs: not supported
|
||||
@ -193,18 +193,18 @@ access-list id3D1BFFA4.0 permit ip host 192.168.1.10 any
|
||||
static (inside,outside) interface access-list id3D1BFFA4.0 0 0
|
||||
!
|
||||
! Rule 17 (NAT)
|
||||
access-list id3D1C0835.0 permit tcp host 192.168.1.10 eq 6667 any
|
||||
access-list id3D1C0835.0 permit tcp host 192.168.1.10 eq 6667 any
|
||||
static (inside,outside) tcp interface 6667 access-list id3D1C0835.0 0 0
|
||||
!
|
||||
! Rule 18 (NAT)
|
||||
access-list id16986X27842.0 permit tcp host 192.168.1.1 eq 6667 any
|
||||
access-list id16986X27842.0 permit tcp host 192.168.1.1 eq 6667 any
|
||||
static (inside,outside) tcp interface 6667 access-list id16986X27842.0 0 0
|
||||
!
|
||||
! Rule 19 (NAT)
|
||||
access-list id414351C7.0 permit tcp host 192.168.1.10 eq 80 any
|
||||
access-list id414351C7.0 permit tcp host 192.168.1.10 eq 80 any
|
||||
!
|
||||
! Rule 20 (NAT)
|
||||
access-list id414351C7.0 permit tcp host 192.168.1.10 eq 80 any
|
||||
access-list id414351C7.0 permit tcp host 192.168.1.10 eq 80 any
|
||||
static (inside,outside) tcp interface 80 access-list id414351C7.0 0 0
|
||||
!
|
||||
! Rule 21 (NAT)
|
||||
@ -220,22 +220,22 @@ access-list id3D1BFFF6.0 permit ip host 192.168.1.10 192.168.2.0 255.255.255.0
|
||||
static (inside,dmz) interface access-list id3D1BFFF6.0 0 0
|
||||
!
|
||||
! Rule 25 (NAT)
|
||||
access-list id3BEEF6D2.0 permit tcp host 192.168.1.10 eq 119 any
|
||||
access-list id3BEEF6D2.0 permit tcp host 192.168.1.10 eq 119 any
|
||||
static (inside,outside) tcp interface 119 access-list id3BEEF6D2.0 0 0
|
||||
!
|
||||
! Rule 27 (NAT)
|
||||
access-list id3B7313C4.0 permit tcp host 192.168.1.10 eq 3128 any
|
||||
access-list id3B7313C4.0 permit tcp host 192.168.1.10 eq 3128 any
|
||||
static (inside,outside) tcp interface 80 access-list id3B7313C4.0 0 0
|
||||
!
|
||||
! Rule 28 (NAT)
|
||||
access-list id47B6CF3421818.0 permit tcp host 192.168.1.10 eq 3128 any
|
||||
access-list id47B6CF3421818.0 permit tcp host 192.168.1.10 eq 3128 any
|
||||
!
|
||||
! Rule 29 (NAT)
|
||||
access-list id36573X14603.0 permit tcp host 192.168.1.10 eq 3128 any
|
||||
access-list id36573X14603.0 permit tcp host 192.168.1.10 eq 3128 any
|
||||
static (inside,outside) tcp interface 80 access-list id36573X14603.0 0 0
|
||||
!
|
||||
! Rule 30 (NAT)
|
||||
access-list id47B6CF3421818.0 permit tcp host 192.168.1.10 eq 3128 any
|
||||
access-list id47B6CF3421818.0 permit tcp host 192.168.1.10 eq 3128 any
|
||||
static (inside,outside) tcp interface 80 access-list id47B6CF3421818.0 0 0
|
||||
|
||||
|
||||
|
||||
@ -1,9 +1,9 @@
|
||||
!
|
||||
! This is automatically generated file. DO NOT MODIFY !
|
||||
!
|
||||
! Firewall Builder fwb_pix v4.2.0.3499
|
||||
! Firewall Builder fwb_pix v4.2.0.3505
|
||||
!
|
||||
! Generated Sat Mar 12 19:45:48 2011 PST by vadim
|
||||
! Generated Mon Mar 21 12:46:29 2011 PDT by vadim
|
||||
!
|
||||
! Compiled for pix 6.3
|
||||
! Outbound ACLs: not supported
|
||||
|
||||
@ -1,9 +1,9 @@
|
||||
!
|
||||
! This is automatically generated file. DO NOT MODIFY !
|
||||
!
|
||||
! Firewall Builder fwb_pix v4.2.0.3499
|
||||
! Firewall Builder fwb_pix v4.2.0.3505
|
||||
!
|
||||
! Generated Sat Mar 12 19:45:49 2011 PST by vadim
|
||||
! Generated Mon Mar 21 12:46:29 2011 PDT by vadim
|
||||
!
|
||||
! Compiled for pix 6.3
|
||||
! Outbound ACLs: not supported
|
||||
|
||||
@ -1,9 +1,9 @@
|
||||
!
|
||||
! This is automatically generated file. DO NOT MODIFY !
|
||||
!
|
||||
! Firewall Builder fwb_pix v4.2.0.3499
|
||||
! Firewall Builder fwb_pix v4.2.0.3505
|
||||
!
|
||||
! Generated Sat Mar 12 19:45:49 2011 PST by vadim
|
||||
! Generated Mon Mar 21 12:46:29 2011 PDT by vadim
|
||||
!
|
||||
! Compiled for pix 7.0
|
||||
! Outbound ACLs: supported
|
||||
|
||||
@ -1,9 +1,9 @@
|
||||
!
|
||||
! This is automatically generated file. DO NOT MODIFY !
|
||||
!
|
||||
! Firewall Builder fwb_pix v4.2.0.3499
|
||||
! Firewall Builder fwb_pix v4.2.0.3505
|
||||
!
|
||||
! Generated Sat Mar 12 19:45:49 2011 PST by vadim
|
||||
! Generated Mon Mar 21 12:46:30 2011 PDT by vadim
|
||||
!
|
||||
! Compiled for pix 7.0
|
||||
! Outbound ACLs: supported
|
||||
|
||||
@ -1,9 +1,9 @@
|
||||
!
|
||||
! This is automatically generated file. DO NOT MODIFY !
|
||||
!
|
||||
! Firewall Builder fwb_pix v4.2.0.3499
|
||||
! Firewall Builder fwb_pix v4.2.0.3505
|
||||
!
|
||||
! Generated Sat Mar 12 19:45:50 2011 PST by vadim
|
||||
! Generated Mon Mar 21 12:46:30 2011 PDT by vadim
|
||||
!
|
||||
! Compiled for pix 6.3
|
||||
! Outbound ACLs: not supported
|
||||
@ -101,19 +101,19 @@ nat (outside) 1 access-list id626114X21763.0 0 0
|
||||
!
|
||||
!
|
||||
! Rule 5 (NAT)
|
||||
access-list id36895X21071.0 permit tcp host 192.168.1.1 eq 6667 any
|
||||
access-list id36895X21071.0 permit tcp host 192.168.1.1 eq 6667 any
|
||||
static (inside,outside) tcp interface 6667 access-list id36895X21071.0 0 0
|
||||
!
|
||||
! Rule 6 (NAT)
|
||||
access-list id36809X21071.0 permit tcp host 192.168.1.10 eq 6667 any
|
||||
access-list id36809X21071.0 permit tcp host 192.168.1.10 eq 6667 any
|
||||
!
|
||||
! Rule 7 (NAT)
|
||||
access-list id36809X21071.0 permit tcp host 192.168.1.10 eq 6667 any
|
||||
access-list id36809X21071.0 permit tcp host 192.168.1.10 eq 6667 any
|
||||
!
|
||||
! Rule 8 (NAT)
|
||||
access-list id36809X21071.0 permit tcp host 192.168.1.10 eq 6667 any
|
||||
access-list id36809X21071.0 permit tcp host 192.168.1.10 eq 6667 any
|
||||
static (inside,outside) tcp interface 6667 access-list id36809X21071.0 0 0
|
||||
access-list id1641340X21763.1 permit tcp host 192.168.1.10 eq 6667 any
|
||||
access-list id1641340X21763.1 permit tcp host 192.168.1.10 eq 6667 any
|
||||
static (inside,dmz) tcp interface 6667 access-list id1641340X21763.1 0 0
|
||||
|
||||
|
||||
|
||||
@ -1,9 +1,9 @@
|
||||
!
|
||||
! This is automatically generated file. DO NOT MODIFY !
|
||||
!
|
||||
! Firewall Builder fwb_pix v4.2.0.3499
|
||||
! Firewall Builder fwb_pix v4.2.0.3505
|
||||
!
|
||||
! Generated Sat Mar 12 19:45:50 2011 PST by vadim
|
||||
! Generated Mon Mar 21 12:46:30 2011 PDT by vadim
|
||||
!
|
||||
! Compiled for pix 6.2
|
||||
! Outbound ACLs: not supported
|
||||
|
||||
@ -1,9 +1,9 @@
|
||||
!
|
||||
! This is automatically generated file. DO NOT MODIFY !
|
||||
!
|
||||
! Firewall Builder fwb_pix v4.2.0.3499
|
||||
! Firewall Builder fwb_pix v4.2.0.3505
|
||||
!
|
||||
! Generated Sat Mar 12 19:45:50 2011 PST by vadim
|
||||
! Generated Mon Mar 21 12:46:31 2011 PDT by vadim
|
||||
!
|
||||
! Compiled for pix 6.3
|
||||
! Outbound ACLs: not supported
|
||||
|
||||
@ -1,9 +1,9 @@
|
||||
!
|
||||
! This is automatically generated file. DO NOT MODIFY !
|
||||
!
|
||||
! Firewall Builder fwb_pix v4.2.0.3499
|
||||
! Firewall Builder fwb_pix v4.2.0.3505
|
||||
!
|
||||
! Generated Sat Mar 12 19:45:51 2011 PST by vadim
|
||||
! Generated Mon Mar 21 12:46:31 2011 PDT by vadim
|
||||
!
|
||||
! Compiled for pix 6.3
|
||||
! Outbound ACLs: not supported
|
||||
|
||||
@ -1,9 +1,9 @@
|
||||
!
|
||||
! This is automatically generated file. DO NOT MODIFY !
|
||||
!
|
||||
! Firewall Builder fwb_pix v4.2.0.3499
|
||||
! Firewall Builder fwb_pix v4.2.0.3505
|
||||
!
|
||||
! Generated Sat Mar 12 19:45:51 2011 PST by vadim
|
||||
! Generated Mon Mar 21 12:46:31 2011 PDT by vadim
|
||||
!
|
||||
! Compiled for pix 6.2
|
||||
! Outbound ACLs: not supported
|
||||
|
||||
@ -1,9 +1,9 @@
|
||||
!
|
||||
! This is automatically generated file. DO NOT MODIFY !
|
||||
!
|
||||
! Firewall Builder fwb_pix v4.2.0.3499
|
||||
! Firewall Builder fwb_pix v4.2.0.3505
|
||||
!
|
||||
! Generated Sat Mar 12 19:45:51 2011 PST by vadim
|
||||
! Generated Mon Mar 21 12:46:32 2011 PDT by vadim
|
||||
!
|
||||
! Compiled for pix 7.0
|
||||
! Outbound ACLs: supported
|
||||
@ -365,9 +365,9 @@ access-list dmz_acl_in permit tcp any 192.168.1.0 255.255.255.0 eq 1494
|
||||
access-list outside_acl_in permit udp any range 10000 10010 host 192.168.1.10
|
||||
access-list inside_acl_in permit udp any range 10000 10010 host 192.168.1.10
|
||||
access-list dmz_acl_in permit udp any range 10000 10010 host 192.168.1.10
|
||||
access-list outside_acl_in permit tcp any gt 1024 host 192.168.1.10 eq 80
|
||||
access-list inside_acl_in permit tcp any gt 1024 host 192.168.1.10 eq 80
|
||||
access-list dmz_acl_in permit tcp any gt 1024 host 192.168.1.10 eq 80
|
||||
access-list outside_acl_in permit tcp any gt 1023 host 192.168.1.10 eq 80
|
||||
access-list inside_acl_in permit tcp any gt 1023 host 192.168.1.10 eq 80
|
||||
access-list dmz_acl_in permit tcp any gt 1023 host 192.168.1.10 eq 80
|
||||
access-list outside_acl_in permit tcp any range 20000 20020 host 192.168.1.10
|
||||
access-list inside_acl_in permit tcp any range 20000 20020 host 192.168.1.10
|
||||
access-list dmz_acl_in permit tcp any range 20000 20020 host 192.168.1.10
|
||||
@ -422,18 +422,18 @@ global (outside) 1 22.22.22.21-22.22.22.25 netmask 255.255.255.0
|
||||
!
|
||||
! Rule 5 (NAT)
|
||||
clear config access-list id451430F428543.0
|
||||
access-list id451430F428543.0 permit tcp host 192.168.1.10 eq 25 any
|
||||
access-list id451430F428543.0 permit tcp host 192.168.1.10 eq 25 any
|
||||
static (inside,outside) tcp interface 25 access-list id451430F428543.0 tcp 0 0
|
||||
!
|
||||
! Rule 6 (NAT)
|
||||
clear config access-list id47B71DF021818.0
|
||||
access-list id47B71DF021818.0 permit tcp host 192.168.1.10 eq 25 any
|
||||
access-list id47B71DF021818.0 permit tcp host 192.168.1.10 eq 25 any
|
||||
!
|
||||
! Rule 7 (NAT)
|
||||
access-list id47B71DF021818.0 permit tcp host 192.168.1.10 eq 25 any
|
||||
access-list id47B71DF021818.0 permit tcp host 192.168.1.10 eq 25 any
|
||||
!
|
||||
! Rule 8 (NAT)
|
||||
access-list id47B71DF021818.0 permit tcp host 192.168.1.10 eq 25 any
|
||||
access-list id47B71DF021818.0 permit tcp host 192.168.1.10 eq 25 any
|
||||
static (inside,outside) tcp interface 2525 access-list id47B71DF021818.0 tcp 0 0
|
||||
!
|
||||
! Rule 9 (NAT)
|
||||
|
||||
@ -1,9 +1,9 @@
|
||||
!
|
||||
! This is automatically generated file. DO NOT MODIFY !
|
||||
!
|
||||
! Firewall Builder fwb_pix v4.2.0.3499
|
||||
! Firewall Builder fwb_pix v4.2.0.3505
|
||||
!
|
||||
! Generated Sat Mar 12 19:45:51 2011 PST by vadim
|
||||
! Generated Mon Mar 21 12:46:32 2011 PDT by vadim
|
||||
!
|
||||
! Compiled for pix 6.2
|
||||
! Outbound ACLs: not supported
|
||||
|
||||
@ -1,9 +1,9 @@
|
||||
!
|
||||
! This is automatically generated file. DO NOT MODIFY !
|
||||
!
|
||||
! Firewall Builder fwb_pix v4.2.0.3499
|
||||
! Firewall Builder fwb_pix v4.2.0.3505
|
||||
!
|
||||
! Generated Sat Mar 12 19:45:52 2011 PST by vadim
|
||||
! Generated Mon Mar 21 12:46:33 2011 PDT by vadim
|
||||
!
|
||||
! Compiled for pix 6.2
|
||||
! Outbound ACLs: not supported
|
||||
|
||||
@ -1,9 +1,9 @@
|
||||
!
|
||||
! This is automatically generated file. DO NOT MODIFY !
|
||||
!
|
||||
! Firewall Builder fwb_pix v4.2.0.3499
|
||||
! Firewall Builder fwb_pix v4.2.0.3505
|
||||
!
|
||||
! Generated Sat Mar 12 19:45:53 2011 PST by vadim
|
||||
! Generated Mon Mar 21 12:46:33 2011 PDT by vadim
|
||||
!
|
||||
! Compiled for pix 8.2
|
||||
! Outbound ACLs: supported
|
||||
@ -150,8 +150,8 @@ access-list inside_acl_in permit 51 any host 192.168.1.10
|
||||
! matching source ports
|
||||
access-list outside_acl_in deny udp any range 10000 10010 host 192.168.1.10
|
||||
access-list inside_acl_in deny udp any range 10000 10010 host 192.168.1.10
|
||||
access-list outside_acl_in deny tcp any gt 1024 host 192.168.1.10 eq 80
|
||||
access-list inside_acl_in deny tcp any gt 1024 host 192.168.1.10 eq 80
|
||||
access-list outside_acl_in deny tcp any gt 1023 host 192.168.1.10 eq 80
|
||||
access-list inside_acl_in deny tcp any gt 1023 host 192.168.1.10 eq 80
|
||||
!
|
||||
! Rule 6 (global)
|
||||
access-list outside_acl_in deny tcp any range 20000 20020 host 192.168.1.10
|
||||
|
||||
@ -1,9 +1,9 @@
|
||||
!
|
||||
! This is automatically generated file. DO NOT MODIFY !
|
||||
!
|
||||
! Firewall Builder fwb_pix v4.2.0.3499
|
||||
! Firewall Builder fwb_pix v4.2.0.3505
|
||||
!
|
||||
! Generated Sat Mar 12 19:45:53 2011 PST by vadim
|
||||
! Generated Mon Mar 21 12:46:33 2011 PDT by vadim
|
||||
!
|
||||
! Compiled for pix 8.3
|
||||
! Outbound ACLs: supported
|
||||
|
||||
@ -1,9 +1,9 @@
|
||||
!
|
||||
! This is automatically generated file. DO NOT MODIFY !
|
||||
!
|
||||
! Firewall Builder fwb_pix v4.2.0.3499
|
||||
! Firewall Builder fwb_pix v4.2.0.3505
|
||||
!
|
||||
! Generated Sat Mar 12 19:45:53 2011 PST by vadim
|
||||
! Generated Mon Mar 21 12:46:34 2011 PDT by vadim
|
||||
!
|
||||
! Compiled for pix 8.3
|
||||
! Outbound ACLs: supported
|
||||
|
||||
@ -1,9 +1,9 @@
|
||||
!
|
||||
! This is automatically generated file. DO NOT MODIFY !
|
||||
!
|
||||
! Firewall Builder fwb_pix v4.2.0.3499
|
||||
! Firewall Builder fwb_pix v4.2.0.3505
|
||||
!
|
||||
! Generated Sat Mar 12 19:45:53 2011 PST by vadim
|
||||
! Generated Mon Mar 21 12:46:34 2011 PDT by vadim
|
||||
!
|
||||
! Compiled for pix 8.3
|
||||
! Outbound ACLs: supported
|
||||
|
||||
@ -1,9 +1,9 @@
|
||||
!
|
||||
! This is automatically generated file. DO NOT MODIFY !
|
||||
!
|
||||
! Firewall Builder fwb_pix v4.2.0.3499
|
||||
! Firewall Builder fwb_pix v4.2.0.3505
|
||||
!
|
||||
! Generated Sat Mar 12 19:45:54 2011 PST by vadim
|
||||
! Generated Mon Mar 21 12:46:34 2011 PDT by vadim
|
||||
!
|
||||
! Compiled for pix 6.3
|
||||
! Outbound ACLs: not supported
|
||||
|
||||
@ -1,9 +1,9 @@
|
||||
!
|
||||
! This is automatically generated file. DO NOT MODIFY !
|
||||
!
|
||||
! Firewall Builder fwb_pix v4.2.0.3499
|
||||
! Firewall Builder fwb_pix v4.2.0.3505
|
||||
!
|
||||
! Generated Sat Mar 12 19:45:54 2011 PST by vadim
|
||||
! Generated Mon Mar 21 12:46:35 2011 PDT by vadim
|
||||
!
|
||||
! Compiled for pix 8.3
|
||||
! Outbound ACLs: supported
|
||||
|
||||
@ -1,9 +1,9 @@
|
||||
!
|
||||
! This is automatically generated file. DO NOT MODIFY !
|
||||
!
|
||||
! Firewall Builder fwb_pix v4.2.0.3499
|
||||
! Firewall Builder fwb_pix v4.2.0.3505
|
||||
!
|
||||
! Generated Sat Mar 12 19:45:55 2011 PST by vadim
|
||||
! Generated Mon Mar 21 12:46:35 2011 PDT by vadim
|
||||
!
|
||||
! Compiled for pix 8.3
|
||||
! Outbound ACLs: supported
|
||||
|
||||
@ -1,9 +1,9 @@
|
||||
!
|
||||
! This is automatically generated file. DO NOT MODIFY !
|
||||
!
|
||||
! Firewall Builder fwb_pix v4.2.0.3499
|
||||
! Firewall Builder fwb_pix v4.2.0.3505
|
||||
!
|
||||
! Generated Sat Mar 12 19:45:55 2011 PST by vadim
|
||||
! Generated Mon Mar 21 12:46:35 2011 PDT by vadim
|
||||
!
|
||||
! Compiled for pix 8.3
|
||||
! Outbound ACLs: supported
|
||||
|
||||
@ -1,9 +1,9 @@
|
||||
!
|
||||
! This is automatically generated file. DO NOT MODIFY !
|
||||
!
|
||||
! Firewall Builder fwb_pix v4.2.0.3499
|
||||
! Firewall Builder fwb_pix v4.2.0.3505
|
||||
!
|
||||
! Generated Sat Mar 12 19:45:55 2011 PST by vadim
|
||||
! Generated Mon Mar 21 12:46:36 2011 PDT by vadim
|
||||
!
|
||||
! Compiled for pix 8.3
|
||||
! Outbound ACLs: supported
|
||||
|
||||
@ -1,9 +1,9 @@
|
||||
!
|
||||
! This is automatically generated file. DO NOT MODIFY !
|
||||
!
|
||||
! Firewall Builder fwb_pix v4.2.0.3499
|
||||
! Firewall Builder fwb_pix v4.2.0.3505
|
||||
!
|
||||
! Generated Sat Mar 12 19:45:55 2011 PST by vadim
|
||||
! Generated Mon Mar 21 12:46:36 2011 PDT by vadim
|
||||
!
|
||||
! Compiled for pix 8.3
|
||||
! Outbound ACLs: supported
|
||||
|
||||
@ -1,9 +1,9 @@
|
||||
!
|
||||
! This is automatically generated file. DO NOT MODIFY !
|
||||
!
|
||||
! Firewall Builder fwb_pix v4.2.0.3499
|
||||
! Firewall Builder fwb_pix v4.2.0.3505
|
||||
!
|
||||
! Generated Sat Mar 12 19:45:56 2011 PST by vadim
|
||||
! Generated Mon Mar 21 12:46:37 2011 PDT by vadim
|
||||
!
|
||||
! Compiled for fwsm 2.3
|
||||
! Outbound ACLs: supported
|
||||
@ -336,9 +336,9 @@ access-list inside_acl_in permit tcp any 192.168.1.0 255.255.255.0 eq 1494
|
||||
access-list dmz_acl_in permit tcp any 192.168.1.0 255.255.255.0 eq 1494
|
||||
!
|
||||
! Rule 20 (global)
|
||||
access-list outside_acl_in permit tcp any gt 1024 host 192.168.1.10 eq 80
|
||||
access-list inside_acl_in permit tcp any gt 1024 host 192.168.1.10 eq 80
|
||||
access-list dmz_acl_in permit tcp any gt 1024 host 192.168.1.10 eq 80
|
||||
access-list outside_acl_in permit tcp any gt 1023 host 192.168.1.10 eq 80
|
||||
access-list inside_acl_in permit tcp any gt 1023 host 192.168.1.10 eq 80
|
||||
access-list dmz_acl_in permit tcp any gt 1023 host 192.168.1.10 eq 80
|
||||
!
|
||||
! Rule 23 (global)
|
||||
access-list outside_acl_in permit ip host 22.22.22.22 host 22.22.22.22 log 0 interval 300
|
||||
|
||||
@ -1,9 +1,9 @@
|
||||
!
|
||||
! This is automatically generated file. DO NOT MODIFY !
|
||||
!
|
||||
! Firewall Builder fwb_pix v4.2.0.3499
|
||||
! Firewall Builder fwb_pix v4.2.0.3505
|
||||
!
|
||||
! Generated Sat Mar 12 19:45:56 2011 PST by vadim
|
||||
! Generated Mon Mar 21 12:46:37 2011 PDT by vadim
|
||||
!
|
||||
! Compiled for fwsm 4.x
|
||||
! Outbound ACLs: supported
|
||||
@ -349,9 +349,9 @@ access-list inside_acl_in permit tcp any 192.168.1.0 255.255.255.0 eq 1494
|
||||
access-list dmz_acl_in permit tcp any 192.168.1.0 255.255.255.0 eq 1494
|
||||
!
|
||||
! Rule 20 (global)
|
||||
access-list outside_acl_in permit tcp any gt 1024 host 192.168.1.10 eq 80
|
||||
access-list inside_acl_in permit tcp any gt 1024 host 192.168.1.10 eq 80
|
||||
access-list dmz_acl_in permit tcp any gt 1024 host 192.168.1.10 eq 80
|
||||
access-list outside_acl_in permit tcp any gt 1023 host 192.168.1.10 eq 80
|
||||
access-list inside_acl_in permit tcp any gt 1023 host 192.168.1.10 eq 80
|
||||
access-list dmz_acl_in permit tcp any gt 1023 host 192.168.1.10 eq 80
|
||||
!
|
||||
! Rule 23 (global)
|
||||
access-list outside_acl_in permit ip host 22.22.22.22 host 22.22.22.22 log 0 interval 300
|
||||
|
||||
@ -1,9 +1,9 @@
|
||||
!
|
||||
! This is automatically generated file. DO NOT MODIFY !
|
||||
!
|
||||
! Firewall Builder fwb_pix v4.2.0.3499
|
||||
! Firewall Builder fwb_pix v4.2.0.3505
|
||||
!
|
||||
! Generated Sat Mar 12 19:45:57 2011 PST by vadim
|
||||
! Generated Mon Mar 21 12:46:37 2011 PDT by vadim
|
||||
!
|
||||
! Compiled for pix 7.0
|
||||
! Outbound ACLs: supported
|
||||
@ -149,7 +149,7 @@ nat (inside) 1 access-list id47B7A71421818.0 tcp 0 0
|
||||
!
|
||||
! Rule 1 (NAT)
|
||||
clear config access-list id47B7C22E21818.0
|
||||
access-list id47B7C22E21818.0 permit tcp host 10.3.14.50 eq 25 any
|
||||
access-list id47B7C22E21818.0 permit tcp host 10.3.14.50 eq 25 any
|
||||
static (inside,outside) tcp interface 2525 access-list id47B7C22E21818.0 tcp 0 0
|
||||
|
||||
!
|
||||
|
||||
@ -1,9 +1,9 @@
|
||||
!
|
||||
! This is automatically generated file. DO NOT MODIFY !
|
||||
!
|
||||
! Firewall Builder fwb_pix v4.2.0.3499
|
||||
! Firewall Builder fwb_pix v4.2.0.3505
|
||||
!
|
||||
! Generated Sat Mar 12 19:45:57 2011 PST by vadim
|
||||
! Generated Mon Mar 21 12:46:38 2011 PDT by vadim
|
||||
!
|
||||
! Compiled for pix 6.3
|
||||
! Outbound ACLs: not supported
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user