mirror of
https://github.com/fwbuilder/fwbuilder
synced 2026-03-20 02:07:23 +01:00
updated unit test files to the latest DTD version
This commit is contained in:
Vadim Kurland
parent
51774a5bf5
commit
25c887595a
@ -1,6 +1,6 @@
|
||||
<?xml version="1.0" encoding="utf-8"?>
|
||||
<!DOCTYPE FWObjectDatabase SYSTEM "fwbuilder.dtd">
|
||||
<FWObjectDatabase xmlns="http://www.fwbuilder.org/1.0/" version="18" lastModified="1302911379" id="root">
|
||||
<FWObjectDatabase xmlns="http://www.fwbuilder.org/1.0/" version="20" lastModified="1304658161" id="root">
|
||||
<Library id="syslib000" color="#d4f8ff" name="Standard" comment="Standard objects" ro="True">
|
||||
<AnyNetwork id="sysid0" name="Any" comment="Any Network" ro="False" address="0.0.0.0" netmask="0.0.0.0"/>
|
||||
<AnyIPService id="sysid1" protocol_num="0" name="Any" comment="Any IP Service" ro="False"/>
|
||||
|
||||
@ -1,6 +1,6 @@
|
||||
<?xml version="1.0" encoding="utf-8"?>
|
||||
<!DOCTYPE FWObjectDatabase SYSTEM "fwbuilder.dtd">
|
||||
<FWObjectDatabase xmlns="http://www.fwbuilder.org/1.0/" version="18" lastModified="1302570885" id="root">
|
||||
<FWObjectDatabase xmlns="http://www.fwbuilder.org/1.0/" version="20" lastModified="1304658161" id="root">
|
||||
<Library id="syslib000" color="#d4f8ff" name="Standard" comment="Standard objects" ro="True">
|
||||
<AnyNetwork id="sysid0" name="Any" comment="Any Network" ro="False" address="0.0.0.0" netmask="0.0.0.0"/>
|
||||
<AnyIPService id="sysid1" protocol_num="0" name="Any" comment="Any IP Service" ro="False"/>
|
||||
|
||||
@ -1,6 +1,6 @@
|
||||
<?xml version="1.0" encoding="utf-8"?>
|
||||
<!DOCTYPE FWObjectDatabase SYSTEM "fwbuilder.dtd">
|
||||
<FWObjectDatabase xmlns="http://www.fwbuilder.org/1.0/" version="18" lastModified="1302918460" id="root">
|
||||
<FWObjectDatabase xmlns="http://www.fwbuilder.org/1.0/" version="20" lastModified="1304658161" id="root">
|
||||
<Library id="syslib000" color="#d4f8ff" name="Standard" comment="Standard objects" ro="True">
|
||||
<AnyNetwork id="sysid0" name="Any" comment="Any Network" ro="False" address="0.0.0.0" netmask="0.0.0.0"/>
|
||||
<AnyIPService id="sysid1" protocol_num="0" name="Any" comment="Any IP Service" ro="False"/>
|
||||
|
||||
@ -1,6 +1,6 @@
|
||||
<?xml version="1.0" encoding="utf-8"?>
|
||||
<!DOCTYPE FWObjectDatabase SYSTEM "fwbuilder.dtd">
|
||||
<FWObjectDatabase xmlns="http://www.fwbuilder.org/1.0/" version="18" lastModified="1268754223" id="root">
|
||||
<FWObjectDatabase xmlns="http://www.fwbuilder.org/1.0/" version="20" lastModified="1268754223" id="root">
|
||||
<Library id="syslib000" color="#d4f8ff" name="Standard" comment="Standard objects" ro="False">
|
||||
<AnyNetwork id="sysid0" name="Any" comment="Any Network" ro="False" address="0.0.0.0" netmask="0.0.0.0"/>
|
||||
<AnyIPService id="sysid1" protocol_num="0" name="Any" comment="Any IP Service" ro="False"/>
|
||||
@ -484,7 +484,9 @@
|
||||
<When neg="False">
|
||||
<IntervalRef ref="sysid2"/>
|
||||
</When>
|
||||
<PolicyRuleOptions/>
|
||||
<PolicyRuleOptions>
|
||||
<Option name="pf_classify_str"></Option>
|
||||
</PolicyRuleOptions>
|
||||
</PolicyRule>
|
||||
<PolicyRule id="id4775X3401" disabled="False" group="" log="False" position="1" action="Accept" direction="Both" comment="">
|
||||
<Src neg="False">
|
||||
@ -502,7 +504,9 @@
|
||||
<When neg="False">
|
||||
<IntervalRef ref="sysid2"/>
|
||||
</When>
|
||||
<PolicyRuleOptions/>
|
||||
<PolicyRuleOptions>
|
||||
<Option name="pf_classify_str"></Option>
|
||||
</PolicyRuleOptions>
|
||||
</PolicyRule>
|
||||
<PolicyRule id="id4803X3401" disabled="False" group="" log="False" position="2" action="Accept" direction="Both" comment="SSH Access to firewall is permitted only from internal network">
|
||||
<Src neg="False">
|
||||
@ -520,7 +524,9 @@
|
||||
<When neg="False">
|
||||
<IntervalRef ref="sysid2"/>
|
||||
</When>
|
||||
<PolicyRuleOptions/>
|
||||
<PolicyRuleOptions>
|
||||
<Option name="pf_classify_str"></Option>
|
||||
</PolicyRuleOptions>
|
||||
</PolicyRule>
|
||||
<PolicyRule id="id4831X3401" disabled="False" group="" log="True" position="3" action="Accept" direction="Both" comment="Firewall uses one of the machines on internal network for DNS">
|
||||
<Src neg="False">
|
||||
@ -538,7 +544,9 @@
|
||||
<When neg="False">
|
||||
<IntervalRef ref="sysid2"/>
|
||||
</When>
|
||||
<PolicyRuleOptions/>
|
||||
<PolicyRuleOptions>
|
||||
<Option name="pf_classify_str"></Option>
|
||||
</PolicyRuleOptions>
|
||||
</PolicyRule>
|
||||
<PolicyRule id="id4859X3401" disabled="False" group="" log="True" position="4" action="Deny" direction="Both" comment="All other attempts to connect to the firewall are denied and logged">
|
||||
<Src neg="False">
|
||||
@ -556,7 +564,9 @@
|
||||
<When neg="False">
|
||||
<IntervalRef ref="sysid2"/>
|
||||
</When>
|
||||
<PolicyRuleOptions/>
|
||||
<PolicyRuleOptions>
|
||||
<Option name="pf_classify_str"></Option>
|
||||
</PolicyRuleOptions>
|
||||
</PolicyRule>
|
||||
<PolicyRule id="id4887X3401" disabled="False" group="" log="False" position="5" action="Accept" direction="Both" comment="">
|
||||
<Src neg="False">
|
||||
@ -574,7 +584,9 @@
|
||||
<When neg="False">
|
||||
<IntervalRef ref="sysid2"/>
|
||||
</When>
|
||||
<PolicyRuleOptions/>
|
||||
<PolicyRuleOptions>
|
||||
<Option name="pf_classify_str"></Option>
|
||||
</PolicyRuleOptions>
|
||||
</PolicyRule>
|
||||
<PolicyRule id="id4915X3401" disabled="False" group="" log="True" position="6" action="Deny" direction="Both" comment="">
|
||||
<Src neg="False">
|
||||
@ -592,7 +604,9 @@
|
||||
<When neg="False">
|
||||
<IntervalRef ref="sysid2"/>
|
||||
</When>
|
||||
<PolicyRuleOptions/>
|
||||
<PolicyRuleOptions>
|
||||
<Option name="pf_classify_str"></Option>
|
||||
</PolicyRuleOptions>
|
||||
</PolicyRule>
|
||||
<RuleSetOptions/>
|
||||
</Policy>
|
||||
|
||||
@ -1,6 +1,6 @@
|
||||
<?xml version="1.0" encoding="utf-8"?>
|
||||
<!DOCTYPE FWObjectDatabase SYSTEM "fwbuilder.dtd">
|
||||
<FWObjectDatabase xmlns="http://www.fwbuilder.org/1.0/" version="18" lastModified="1302831932" id="root">
|
||||
<FWObjectDatabase xmlns="http://www.fwbuilder.org/1.0/" version="20" lastModified="1304658047" id="root">
|
||||
<Library id="syslib000" color="#d4f8ff" name="Standard" comment="Standard objects" ro="True">
|
||||
<AnyNetwork id="sysid0" name="Any" comment="Any Network" ro="False" address="0.0.0.0" netmask="0.0.0.0"/>
|
||||
<AnyIPService id="sysid1" protocol_num="0" name="Any" comment="Any IP Service" ro="False"/>
|
||||
|
||||
@ -1,6 +1,6 @@
|
||||
<?xml version="1.0" encoding="utf-8"?>
|
||||
<!DOCTYPE FWObjectDatabase SYSTEM "fwbuilder.dtd">
|
||||
<FWObjectDatabase xmlns="http://www.fwbuilder.org/1.0/" version="18" lastModified="1302832095" id="root">
|
||||
<FWObjectDatabase xmlns="http://www.fwbuilder.org/1.0/" version="20" lastModified="1304658046" id="root">
|
||||
<Library id="syslib000" color="#d4f8ff" name="Standard" comment="Standard objects" ro="True">
|
||||
<AnyNetwork id="sysid0" name="Any" comment="Any Network" ro="False" address="0.0.0.0" netmask="0.0.0.0"/>
|
||||
<AnyIPService id="sysid1" protocol_num="0" name="Any" comment="Any IP Service" ro="False"/>
|
||||
|
||||
@ -1,6 +1,6 @@
|
||||
<?xml version="1.0" encoding="utf-8"?>
|
||||
<!DOCTYPE FWObjectDatabase SYSTEM "fwbuilder.dtd">
|
||||
<FWObjectDatabase xmlns="http://www.fwbuilder.org/1.0/" version="18" lastModified="1302901495" id="root">
|
||||
<FWObjectDatabase xmlns="http://www.fwbuilder.org/1.0/" version="20" lastModified="1304658046" id="root">
|
||||
<Library id="syslib000" color="#d4f8ff" name="Standard" comment="Standard objects" ro="True">
|
||||
<AnyNetwork id="sysid0" name="Any" comment="Any Network" ro="False" address="0.0.0.0" netmask="0.0.0.0"/>
|
||||
<AnyIPService id="sysid1" protocol_num="0" name="Any" comment="Any IP Service" ro="False"/>
|
||||
|
||||
@ -1,6 +1,6 @@
|
||||
<?xml version="1.0" encoding="utf-8"?>
|
||||
<!DOCTYPE FWObjectDatabase SYSTEM "fwbuilder.dtd">
|
||||
<FWObjectDatabase xmlns="http://www.fwbuilder.org/1.0/" version="18" lastModified="1302901426" id="root">
|
||||
<FWObjectDatabase xmlns="http://www.fwbuilder.org/1.0/" version="20" lastModified="1304658046" id="root">
|
||||
<Library id="syslib000" color="#d4f8ff" name="Standard" comment="Standard objects" ro="True">
|
||||
<AnyNetwork id="sysid0" name="Any" comment="Any Network" ro="False" address="0.0.0.0" netmask="0.0.0.0"/>
|
||||
<AnyIPService id="sysid1" protocol_num="0" name="Any" comment="Any IP Service" ro="False"/>
|
||||
|
||||
@ -1,6 +1,6 @@
|
||||
<?xml version="1.0" encoding="utf-8"?>
|
||||
<!DOCTYPE FWObjectDatabase SYSTEM "fwbuilder.dtd">
|
||||
<FWObjectDatabase xmlns="http://www.fwbuilder.org/1.0/" version="18" lastModified="1302901477" id="root">
|
||||
<FWObjectDatabase xmlns="http://www.fwbuilder.org/1.0/" version="20" lastModified="1304658046" id="root">
|
||||
<Library id="syslib000" color="#d4f8ff" name="Standard" comment="Standard objects" ro="True">
|
||||
<AnyNetwork id="sysid0" name="Any" comment="Any Network" ro="False" address="0.0.0.0" netmask="0.0.0.0"/>
|
||||
<AnyIPService id="sysid1" protocol_num="0" name="Any" comment="Any IP Service" ro="False"/>
|
||||
|
||||
@ -1,6 +1,6 @@
|
||||
<?xml version="1.0" encoding="utf-8"?>
|
||||
<!DOCTYPE FWObjectDatabase SYSTEM "fwbuilder.dtd">
|
||||
<FWObjectDatabase xmlns="http://www.fwbuilder.org/1.0/" version="18" lastModified="1302901495" id="root">
|
||||
<FWObjectDatabase xmlns="http://www.fwbuilder.org/1.0/" version="20" lastModified="1304658046" id="root">
|
||||
<Library id="syslib000" color="#d4f8ff" name="Standard" comment="Standard objects" ro="True">
|
||||
<AnyNetwork id="sysid0" name="Any" comment="Any Network" ro="False" address="0.0.0.0" netmask="0.0.0.0"/>
|
||||
<AnyIPService id="sysid1" protocol_num="0" name="Any" comment="Any IP Service" ro="False"/>
|
||||
|
||||
@ -1,6 +1,6 @@
|
||||
<?xml version="1.0" encoding="utf-8"?>
|
||||
<!DOCTYPE FWObjectDatabase SYSTEM "fwbuilder.dtd">
|
||||
<FWObjectDatabase xmlns="http://www.fwbuilder.org/1.0/" version="18" lastModified="1302832427" id="root">
|
||||
<FWObjectDatabase xmlns="http://www.fwbuilder.org/1.0/" version="20" lastModified="1304658047" id="root">
|
||||
<Library id="syslib000" color="#d4f8ff" name="Standard" comment="Standard objects" ro="True">
|
||||
<AnyNetwork id="sysid0" name="Any" comment="Any Network" ro="False" address="0.0.0.0" netmask="0.0.0.0"/>
|
||||
<AnyIPService id="sysid1" protocol_num="0" name="Any" comment="Any IP Service" ro="False"/>
|
||||
|
||||
@ -1,6 +1,6 @@
|
||||
<?xml version="1.0" encoding="utf-8"?>
|
||||
<!DOCTYPE FWObjectDatabase SYSTEM "fwbuilder.dtd">
|
||||
<FWObjectDatabase xmlns="http://www.fwbuilder.org/1.0/" version="18" lastModified="1302910457" id="root">
|
||||
<FWObjectDatabase xmlns="http://www.fwbuilder.org/1.0/" version="20" lastModified="1304658046" id="root">
|
||||
<Library id="syslib000" color="#d4f8ff" name="Standard" comment="Standard objects" ro="True">
|
||||
<AnyNetwork id="sysid0" name="Any" comment="Any Network" ro="False" address="0.0.0.0" netmask="0.0.0.0"/>
|
||||
<AnyIPService id="sysid1" protocol_num="0" name="Any" comment="Any IP Service" ro="False"/>
|
||||
|
||||
@ -1,6 +1,6 @@
|
||||
<?xml version="1.0" encoding="utf-8"?>
|
||||
<!DOCTYPE FWObjectDatabase SYSTEM "fwbuilder.dtd">
|
||||
<FWObjectDatabase xmlns="http://www.fwbuilder.org/1.0/" version="18" lastModified="1302832095" id="root">
|
||||
<FWObjectDatabase xmlns="http://www.fwbuilder.org/1.0/" version="20" lastModified="1304658046" id="root">
|
||||
<Library id="syslib000" color="#d4f8ff" name="Standard" comment="Standard objects" ro="True">
|
||||
<AnyNetwork id="sysid0" name="Any" comment="Any Network" ro="False" address="0.0.0.0" netmask="0.0.0.0"/>
|
||||
<AnyIPService id="sysid1" protocol_num="0" name="Any" comment="Any IP Service" ro="False"/>
|
||||
|
||||
@ -1,6 +1,6 @@
|
||||
<?xml version="1.0" encoding="utf-8"?>
|
||||
<!DOCTYPE FWObjectDatabase SYSTEM "fwbuilder.dtd">
|
||||
<FWObjectDatabase xmlns="http://www.fwbuilder.org/1.0/" version="18" lastModified="1302832131" id="root">
|
||||
<FWObjectDatabase xmlns="http://www.fwbuilder.org/1.0/" version="20" lastModified="1304658046" id="root">
|
||||
<Library id="syslib000" color="#d4f8ff" name="Standard" comment="Standard objects" ro="True">
|
||||
<AnyNetwork id="sysid0" name="Any" comment="Any Network" ro="False" address="0.0.0.0" netmask="0.0.0.0"/>
|
||||
<AnyIPService id="sysid1" protocol_num="0" name="Any" comment="Any IP Service" ro="False"/>
|
||||
|
||||
@ -1,55 +1,31 @@
|
||||
<?xml version="1.0" encoding="utf-8"?>
|
||||
<!DOCTYPE FWObjectDatabase SYSTEM "fwbuilder.dtd">
|
||||
<FWObjectDatabase xmlns="http://www.fwbuilder.org/1.0/" version="18" lastModified="" id="root">
|
||||
<Library color="#d2ffd0" id="id40CCB499" name="User" ro="False">
|
||||
<ObjectGroup name="Clusters" id="id40CCB49A_clusters">
|
||||
|
||||
</ObjectGroup>
|
||||
<ObjectGroup id="id40CCB49A" name="Objects">
|
||||
|
||||
<ObjectGroup id="id40CCB49A_og_ats_1" name="Address Tables"/><ObjectGroup id="id40CCB49B" name="Addresses"/><ObjectGroup id="id40CCB49C" name="Groups"/><ObjectGroup id="id40CCB49D" name="Hosts"/><ObjectGroup id="id40CCB49E" name="Networks"/><ObjectGroup id="id40CCB49F" name="Address Ranges"/><ObjectGroup id="id44BDA99120157" name="DNS Names">
|
||||
<DNSName comment="" dnsrec="www.cnn.com" id="id44BDAF4720160" name="www.cnn.com" run_time="False"/>
|
||||
|
||||
|
||||
|
||||
<DNSName comment="" dnsrec="www.bbc.co.uk" id="id44BDB67B20160" name="www.bbc.co.uk" run_time="False"/>
|
||||
|
||||
|
||||
|
||||
<FWObjectDatabase xmlns="http://www.fwbuilder.org/1.0/" version="20" id="root">
|
||||
<Library id="id40CCB499" color="#d2ffd0" name="User" comment="" ro="False">
|
||||
<ObjectGroup id="id40CCB49A_clusters" name="Clusters" comment="" ro="False"/>
|
||||
<ObjectGroup id="id40CCB49A" name="Objects" comment="" ro="False">
|
||||
<ObjectGroup id="id40CCB49A_og_ats_1" name="Address Tables" comment="" ro="False"/>
|
||||
<ObjectGroup id="id40CCB49B" name="Addresses" comment="" ro="False"/>
|
||||
<ObjectGroup id="id40CCB49C" name="Groups" comment="" ro="False"/>
|
||||
<ObjectGroup id="id40CCB49D" name="Hosts" comment="" ro="False"/>
|
||||
<ObjectGroup id="id40CCB49E" name="Networks" comment="" ro="False"/>
|
||||
<ObjectGroup id="id40CCB49F" name="Address Ranges" comment="" ro="False"/>
|
||||
<ObjectGroup id="id44BDA99120157" name="DNS Names" comment="" ro="False">
|
||||
<DNSName id="id44BDAF4720160" dnsrec="www.cnn.com" dnsrectype="A" run_time="False" name="www.cnn.com" comment="" ro="False"/>
|
||||
<DNSName id="id44BDB67B20160" dnsrec="www.bbc.co.uk" dnsrectype="A" run_time="False" name="www.bbc.co.uk" comment="" ro="False"/>
|
||||
</ObjectGroup>
|
||||
</ObjectGroup>
|
||||
<ServiceGroup id="id40CCB4A0" name="Services">
|
||||
<ServiceGroup id="id40CCB4A0_userservices" name="Users"/>
|
||||
|
||||
|
||||
|
||||
|
||||
<ServiceGroup id="id40CCB4A0_og_tag_1" name="TagServices">
|
||||
|
||||
|
||||
</ServiceGroup>
|
||||
|
||||
<ServiceGroup id="id40CCB4A1" name="Groups"/>
|
||||
|
||||
|
||||
<ServiceGroup id="id40CCB4A2" name="ICMP"/>
|
||||
|
||||
|
||||
<ServiceGroup id="id40CCB4A3" name="IP"/>
|
||||
|
||||
|
||||
<ServiceGroup id="id40CCB4A4" name="TCP"/>
|
||||
|
||||
|
||||
<ServiceGroup id="id40CCB4A5" name="UDP"/>
|
||||
|
||||
|
||||
<ServiceGroup id="id40CCB4A6" name="Custom"/>
|
||||
|
||||
|
||||
|
||||
</ServiceGroup>
|
||||
<ObjectGroup id="id40CCB4A7" name="Firewalls"/>
|
||||
<IntervalGroup id="id40CCB4A8" name="Time"/>
|
||||
</ObjectGroup>
|
||||
<ServiceGroup id="id40CCB4A0" name="Services" comment="" ro="False">
|
||||
<ServiceGroup id="id40CCB4A0_userservices" name="Users" comment="" ro="False"/>
|
||||
<ServiceGroup id="id40CCB4A0_og_tag_1" name="TagServices" comment="" ro="False"/>
|
||||
<ServiceGroup id="id40CCB4A1" name="Groups" comment="" ro="False"/>
|
||||
<ServiceGroup id="id40CCB4A2" name="ICMP" comment="" ro="False"/>
|
||||
<ServiceGroup id="id40CCB4A3" name="IP" comment="" ro="False"/>
|
||||
<ServiceGroup id="id40CCB4A4" name="TCP" comment="" ro="False"/>
|
||||
<ServiceGroup id="id40CCB4A5" name="UDP" comment="" ro="False"/>
|
||||
<ServiceGroup id="id40CCB4A6" name="Custom" comment="" ro="False"/>
|
||||
</ServiceGroup>
|
||||
<ObjectGroup id="id40CCB4A7" name="Firewalls" comment="" ro="False"/>
|
||||
<IntervalGroup id="id40CCB4A8" name="Time" comment="" ro="False"/>
|
||||
</Library>
|
||||
</FWObjectDatabase>
|
||||
|
||||
@ -1,4 +1,4 @@
|
||||
head 1.8;
|
||||
head 1.9;
|
||||
access;
|
||||
symbols;
|
||||
locks; strict;
|
||||
@ -6,6 +6,11 @@ comment @# @;
|
||||
expand @b@;
|
||||
|
||||
|
||||
1.9
|
||||
date 2011.05.06.05.06.32; author vadim; state Exp;
|
||||
branches;
|
||||
next 1.8;
|
||||
|
||||
1.8
|
||||
date 2011.02.23.00.03.49; author vadim; state Exp;
|
||||
branches;
|
||||
@ -63,13 +68,52 @@ desc
|
||||
@
|
||||
|
||||
|
||||
1.9
|
||||
log
|
||||
@upgraded to the latest dtd version
|
||||
@
|
||||
text
|
||||
@<?xml version="1.0" encoding="utf-8"?>
|
||||
<!DOCTYPE FWObjectDatabase SYSTEM "fwbuilder.dtd">
|
||||
<FWObjectDatabase xmlns="http://www.fwbuilder.org/1.0/" version="20" id="root">
|
||||
<Library id="id40CCB499" color="#d2ffd0" name="User" comment="" ro="False">
|
||||
<ObjectGroup id="id40CCB49A_clusters" name="Clusters" comment="" ro="False"/>
|
||||
<ObjectGroup id="id40CCB49A" name="Objects" comment="" ro="False">
|
||||
<ObjectGroup id="id40CCB49A_og_ats_1" name="Address Tables" comment="" ro="False"/>
|
||||
<ObjectGroup id="id40CCB49B" name="Addresses" comment="" ro="False"/>
|
||||
<ObjectGroup id="id40CCB49C" name="Groups" comment="" ro="False"/>
|
||||
<ObjectGroup id="id40CCB49D" name="Hosts" comment="" ro="False"/>
|
||||
<ObjectGroup id="id40CCB49E" name="Networks" comment="" ro="False"/>
|
||||
<ObjectGroup id="id40CCB49F" name="Address Ranges" comment="" ro="False"/>
|
||||
<ObjectGroup id="id44BDA99120157" name="DNS Names" comment="" ro="False">
|
||||
<DNSName id="id44BDAF4720160" dnsrec="www.cnn.com" dnsrectype="A" run_time="False" name="www.cnn.com" comment="" ro="False"/>
|
||||
<DNSName id="id44BDB67B20160" dnsrec="www.bbc.co.uk" dnsrectype="A" run_time="False" name="www.bbc.co.uk" comment="" ro="False"/>
|
||||
</ObjectGroup>
|
||||
</ObjectGroup>
|
||||
<ServiceGroup id="id40CCB4A0" name="Services" comment="" ro="False">
|
||||
<ServiceGroup id="id40CCB4A0_userservices" name="Users" comment="" ro="False"/>
|
||||
<ServiceGroup id="id40CCB4A0_og_tag_1" name="TagServices" comment="" ro="False"/>
|
||||
<ServiceGroup id="id40CCB4A1" name="Groups" comment="" ro="False"/>
|
||||
<ServiceGroup id="id40CCB4A2" name="ICMP" comment="" ro="False"/>
|
||||
<ServiceGroup id="id40CCB4A3" name="IP" comment="" ro="False"/>
|
||||
<ServiceGroup id="id40CCB4A4" name="TCP" comment="" ro="False"/>
|
||||
<ServiceGroup id="id40CCB4A5" name="UDP" comment="" ro="False"/>
|
||||
<ServiceGroup id="id40CCB4A6" name="Custom" comment="" ro="False"/>
|
||||
</ServiceGroup>
|
||||
<ObjectGroup id="id40CCB4A7" name="Firewalls" comment="" ro="False"/>
|
||||
<IntervalGroup id="id40CCB4A8" name="Time" comment="" ro="False"/>
|
||||
</Library>
|
||||
</FWObjectDatabase>
|
||||
@
|
||||
|
||||
|
||||
1.8
|
||||
log
|
||||
@upgrade to dtd 18
|
||||
@
|
||||
text
|
||||
@<?xml version="1.0" encoding="utf-8"?>
|
||||
<!DOCTYPE FWObjectDatabase SYSTEM "fwbuilder.dtd">
|
||||
@d3 13
|
||||
a15 16
|
||||
<FWObjectDatabase xmlns="http://www.fwbuilder.org/1.0/" version="18" lastModified="" id="root">
|
||||
<Library color="#d2ffd0" id="id40CCB499" name="User" ro="False">
|
||||
<ObjectGroup name="Clusters" id="id40CCB49A_clusters">
|
||||
@ -86,7 +130,8 @@ text
|
||||
|
||||
|
||||
|
||||
</ObjectGroup>
|
||||
d17 13
|
||||
a29 34
|
||||
</ObjectGroup>
|
||||
<ServiceGroup id="id40CCB4A0" name="Services">
|
||||
<ServiceGroup id="id40CCB4A0_userservices" name="Users"/>
|
||||
@ -121,8 +166,6 @@ text
|
||||
</ServiceGroup>
|
||||
<ObjectGroup id="id40CCB4A7" name="Firewalls"/>
|
||||
<IntervalGroup id="id40CCB4A8" name="Time"/>
|
||||
</Library>
|
||||
</FWObjectDatabase>
|
||||
@
|
||||
|
||||
|
||||
|
||||
@ -1,6 +1,6 @@
|
||||
<?xml version="1.0" encoding="utf-8"?>
|
||||
<!DOCTYPE FWObjectDatabase SYSTEM "fwbuilder.dtd">
|
||||
<FWObjectDatabase xmlns="http://www.fwbuilder.org/1.0/" version="18" lastModified="1280235390" id="root">
|
||||
<FWObjectDatabase xmlns="http://www.fwbuilder.org/1.0/" version="20" lastModified="1280235390" id="root">
|
||||
<Library id="syslib000" color="#d4f8ff" name="Standard" comment="Standard objects" ro="True">
|
||||
<AnyNetwork id="sysid0" name="Any" comment="Any Network" ro="False" address="0.0.0.0" netmask="0.0.0.0"/>
|
||||
<AnyIPService id="sysid1" protocol_num="0" name="Any" comment="Any IP Service" ro="False"/>
|
||||
@ -510,6 +510,7 @@
|
||||
<Option name="limit_value_not">False</Option>
|
||||
<Option name="log_level"></Option>
|
||||
<Option name="log_prefix"></Option>
|
||||
<Option name="pf_classify_str"></Option>
|
||||
<Option name="stateless">True</Option>
|
||||
<Option name="ulog_nlgroup">1</Option>
|
||||
</PolicyRuleOptions>
|
||||
@ -530,7 +531,9 @@
|
||||
<When neg="False">
|
||||
<IntervalRef ref="sysid2"/>
|
||||
</When>
|
||||
<PolicyRuleOptions/>
|
||||
<PolicyRuleOptions>
|
||||
<Option name="pf_classify_str"></Option>
|
||||
</PolicyRuleOptions>
|
||||
</PolicyRule>
|
||||
<PolicyRule id="id3638X14880" disabled="False" group="" log="False" position="2" action="Accept" direction="Both" comment="SSH Access to firewall is permitted only from internal network">
|
||||
<Src neg="False">
|
||||
@ -548,7 +551,9 @@
|
||||
<When neg="False">
|
||||
<IntervalRef ref="sysid2"/>
|
||||
</When>
|
||||
<PolicyRuleOptions/>
|
||||
<PolicyRuleOptions>
|
||||
<Option name="pf_classify_str"></Option>
|
||||
</PolicyRuleOptions>
|
||||
</PolicyRule>
|
||||
<PolicyRule id="id3666X14880" disabled="False" group="" log="False" position="3" action="Accept" direction="Both" comment="Firewall uses one of the machines on internal network for DNS">
|
||||
<Src neg="False">
|
||||
@ -566,7 +571,9 @@
|
||||
<When neg="False">
|
||||
<IntervalRef ref="sysid2"/>
|
||||
</When>
|
||||
<PolicyRuleOptions/>
|
||||
<PolicyRuleOptions>
|
||||
<Option name="pf_classify_str"></Option>
|
||||
</PolicyRuleOptions>
|
||||
</PolicyRule>
|
||||
<PolicyRule id="id3694X14880" disabled="False" group="" log="True" position="4" action="Deny" direction="Both" comment="All other attempts to connect to the firewall are denied and logged">
|
||||
<Src neg="False">
|
||||
@ -608,6 +615,7 @@
|
||||
<Option name="limit_value_not">False</Option>
|
||||
<Option name="log_level"></Option>
|
||||
<Option name="log_prefix"></Option>
|
||||
<Option name="pf_classify_str"></Option>
|
||||
<Option name="stateless">True</Option>
|
||||
<Option name="ulog_nlgroup">1</Option>
|
||||
</PolicyRuleOptions>
|
||||
@ -628,7 +636,9 @@
|
||||
<When neg="False">
|
||||
<IntervalRef ref="sysid2"/>
|
||||
</When>
|
||||
<PolicyRuleOptions/>
|
||||
<PolicyRuleOptions>
|
||||
<Option name="pf_classify_str"></Option>
|
||||
</PolicyRuleOptions>
|
||||
</PolicyRule>
|
||||
<PolicyRule id="id3750X14880" disabled="False" group="" log="True" position="6" action="Deny" direction="Both" comment="">
|
||||
<Src neg="False">
|
||||
@ -670,6 +680,7 @@
|
||||
<Option name="limit_value_not">False</Option>
|
||||
<Option name="log_level"></Option>
|
||||
<Option name="log_prefix"></Option>
|
||||
<Option name="pf_classify_str"></Option>
|
||||
<Option name="stateless">True</Option>
|
||||
<Option name="ulog_nlgroup">1</Option>
|
||||
</PolicyRuleOptions>
|
||||
|
||||
@ -1,6 +1,6 @@
|
||||
<?xml version="1.0" encoding="utf-8"?>
|
||||
<!DOCTYPE FWObjectDatabase SYSTEM "fwbuilder.dtd">
|
||||
<FWObjectDatabase xmlns="http://www.fwbuilder.org/1.0/" version="18" lastModified="1284658651" id="root">
|
||||
<FWObjectDatabase xmlns="http://www.fwbuilder.org/1.0/" version="20" lastModified="1284658651" id="root">
|
||||
<Library id="syslib000" color="#d4f8ff" name="Standard" comment="Standard objects" ro="True">
|
||||
<AnyNetwork id="sysid0" name="Any" comment="Any Network" ro="False" address="0.0.0.0" netmask="0.0.0.0"/>
|
||||
<AnyIPService id="sysid1" protocol_num="0" name="Any" comment="Any IP Service" ro="False"/>
|
||||
@ -489,6 +489,7 @@
|
||||
<IntervalRef ref="sysid2"/>
|
||||
</When>
|
||||
<PolicyRuleOptions>
|
||||
<Option name="pf_classify_str"></Option>
|
||||
<Option name="stateless">True</Option>
|
||||
</PolicyRuleOptions>
|
||||
</PolicyRule>
|
||||
@ -569,6 +570,7 @@
|
||||
<IntervalRef ref="sysid2"/>
|
||||
</When>
|
||||
<PolicyRuleOptions>
|
||||
<Option name="pf_classify_str"></Option>
|
||||
<Option name="stateless">True</Option>
|
||||
</PolicyRuleOptions>
|
||||
</PolicyRule>
|
||||
@ -684,6 +686,7 @@
|
||||
<IntervalRef ref="sysid2"/>
|
||||
</When>
|
||||
<PolicyRuleOptions>
|
||||
<Option name="pf_classify_str"></Option>
|
||||
<Option name="stateless">True</Option>
|
||||
</PolicyRuleOptions>
|
||||
</PolicyRule>
|
||||
@ -799,6 +802,7 @@
|
||||
<IntervalRef ref="sysid2"/>
|
||||
</When>
|
||||
<PolicyRuleOptions>
|
||||
<Option name="pf_classify_str"></Option>
|
||||
<Option name="stateless">True</Option>
|
||||
</PolicyRuleOptions>
|
||||
</PolicyRule>
|
||||
@ -914,6 +918,7 @@
|
||||
<IntervalRef ref="sysid2"/>
|
||||
</When>
|
||||
<PolicyRuleOptions>
|
||||
<Option name="pf_classify_str"></Option>
|
||||
<Option name="stateless">True</Option>
|
||||
</PolicyRuleOptions>
|
||||
</PolicyRule>
|
||||
|
||||
@ -1,6 +1,6 @@
|
||||
<?xml version="1.0" encoding="utf-8"?>
|
||||
<!DOCTYPE FWObjectDatabase SYSTEM "fwbuilder.dtd">
|
||||
<FWObjectDatabase xmlns="http://www.fwbuilder.org/1.0/" version="18" lastModified="1284658651" id="root">
|
||||
<FWObjectDatabase xmlns="http://www.fwbuilder.org/1.0/" version="20" lastModified="1284658651" id="root">
|
||||
<Library id="syslib000" color="#d4f8ff" name="Standard" comment="Standard objects" ro="True">
|
||||
<AnyNetwork id="sysid0" name="Any" comment="Any Network" ro="False" address="0.0.0.0" netmask="0.0.0.0"/>
|
||||
<AnyIPService id="sysid1" protocol_num="0" name="Any" comment="Any IP Service" ro="False"/>
|
||||
@ -496,6 +496,7 @@
|
||||
<IntervalRef ref="sysid2"/>
|
||||
</When>
|
||||
<PolicyRuleOptions>
|
||||
<Option name="pf_classify_str"></Option>
|
||||
<Option name="stateless">True</Option>
|
||||
</PolicyRuleOptions>
|
||||
</PolicyRule>
|
||||
@ -579,6 +580,7 @@
|
||||
<IntervalRef ref="sysid2"/>
|
||||
</When>
|
||||
<PolicyRuleOptions>
|
||||
<Option name="pf_classify_str"></Option>
|
||||
<Option name="stateless">True</Option>
|
||||
</PolicyRuleOptions>
|
||||
</PolicyRule>
|
||||
@ -696,6 +698,7 @@
|
||||
<IntervalRef ref="sysid2"/>
|
||||
</When>
|
||||
<PolicyRuleOptions>
|
||||
<Option name="pf_classify_str"></Option>
|
||||
<Option name="stateless">True</Option>
|
||||
</PolicyRuleOptions>
|
||||
</PolicyRule>
|
||||
@ -813,6 +816,7 @@
|
||||
<IntervalRef ref="sysid2"/>
|
||||
</When>
|
||||
<PolicyRuleOptions>
|
||||
<Option name="pf_classify_str"></Option>
|
||||
<Option name="stateless">True</Option>
|
||||
</PolicyRuleOptions>
|
||||
</PolicyRule>
|
||||
@ -930,6 +934,7 @@
|
||||
<IntervalRef ref="sysid2"/>
|
||||
</When>
|
||||
<PolicyRuleOptions>
|
||||
<Option name="pf_classify_str"></Option>
|
||||
<Option name="stateless">True</Option>
|
||||
</PolicyRuleOptions>
|
||||
</PolicyRule>
|
||||
|
||||
@ -1,6 +1,6 @@
|
||||
<?xml version="1.0" encoding="utf-8"?>
|
||||
<!DOCTYPE FWObjectDatabase SYSTEM "fwbuilder.dtd">
|
||||
<FWObjectDatabase xmlns="http://www.fwbuilder.org/1.0/" version="18" lastModified="1296619808" id="root">
|
||||
<FWObjectDatabase xmlns="http://www.fwbuilder.org/1.0/" version="20" lastModified="1296619808" id="root">
|
||||
<Library id="syslib000" color="#d4f8ff" name="Standard" comment="Standard objects" ro="True">
|
||||
<AnyNetwork id="sysid0" name="Any" comment="Any Network" ro="False" address="0.0.0.0" netmask="0.0.0.0"/>
|
||||
<AnyIPService id="sysid1" protocol_num="0" name="Any" comment="Any IP Service" ro="False"/>
|
||||
@ -985,6 +985,7 @@
|
||||
<IntervalRef ref="sysid2"/>
|
||||
</When>
|
||||
<PolicyRuleOptions>
|
||||
<Option name="pf_classify_str"></Option>
|
||||
<Option name="stateless">True</Option>
|
||||
</PolicyRuleOptions>
|
||||
</PolicyRule>
|
||||
@ -1167,6 +1168,7 @@
|
||||
<IntervalRef ref="sysid2"/>
|
||||
</When>
|
||||
<PolicyRuleOptions>
|
||||
<Option name="pf_classify_str"></Option>
|
||||
<Option name="stateless">True</Option>
|
||||
</PolicyRuleOptions>
|
||||
</PolicyRule>
|
||||
@ -1349,6 +1351,7 @@
|
||||
<IntervalRef ref="sysid2"/>
|
||||
</When>
|
||||
<PolicyRuleOptions>
|
||||
<Option name="pf_classify_str"></Option>
|
||||
<Option name="stateless">True</Option>
|
||||
</PolicyRuleOptions>
|
||||
</PolicyRule>
|
||||
@ -1369,6 +1372,7 @@
|
||||
<IntervalRef ref="sysid2"/>
|
||||
</When>
|
||||
<PolicyRuleOptions>
|
||||
<Option name="pf_classify_str"></Option>
|
||||
<Option name="stateless">True</Option>
|
||||
</PolicyRuleOptions>
|
||||
</PolicyRule>
|
||||
@ -1389,6 +1393,7 @@
|
||||
<IntervalRef ref="sysid2"/>
|
||||
</When>
|
||||
<PolicyRuleOptions>
|
||||
<Option name="pf_classify_str"></Option>
|
||||
<Option name="stateless">True</Option>
|
||||
</PolicyRuleOptions>
|
||||
</PolicyRule>
|
||||
|
||||
@ -1,6 +1,6 @@
|
||||
<?xml version="1.0" encoding="utf-8"?>
|
||||
<!DOCTYPE FWObjectDatabase SYSTEM "fwbuilder.dtd">
|
||||
<FWObjectDatabase xmlns="http://www.fwbuilder.org/1.0/" version="18" lastModified="1296774909" id="root">
|
||||
<FWObjectDatabase xmlns="http://www.fwbuilder.org/1.0/" version="20" lastModified="1296774909" id="root">
|
||||
<Library id="syslib000" color="#d4f8ff" name="Standard" comment="Standard objects" ro="True">
|
||||
<AnyNetwork id="sysid0" name="Any" comment="Any Network" ro="False" address="0.0.0.0" netmask="0.0.0.0"/>
|
||||
<AnyIPService id="sysid1" protocol_num="0" name="Any" comment="Any IP Service" ro="False"/>
|
||||
@ -496,6 +496,7 @@
|
||||
<IntervalRef ref="sysid2"/>
|
||||
</When>
|
||||
<PolicyRuleOptions>
|
||||
<Option name="pf_classify_str"></Option>
|
||||
<Option name="stateless">True</Option>
|
||||
</PolicyRuleOptions>
|
||||
</PolicyRule>
|
||||
@ -584,6 +585,7 @@
|
||||
<IntervalRef ref="sysid2"/>
|
||||
</When>
|
||||
<PolicyRuleOptions>
|
||||
<Option name="pf_classify_str"></Option>
|
||||
<Option name="stateless">True</Option>
|
||||
</PolicyRuleOptions>
|
||||
</PolicyRule>
|
||||
@ -707,6 +709,7 @@
|
||||
<IntervalRef ref="sysid2"/>
|
||||
</When>
|
||||
<PolicyRuleOptions>
|
||||
<Option name="pf_classify_str"></Option>
|
||||
<Option name="stateless">True</Option>
|
||||
</PolicyRuleOptions>
|
||||
</PolicyRule>
|
||||
@ -892,6 +895,7 @@
|
||||
<IntervalRef ref="sysid2"/>
|
||||
</When>
|
||||
<PolicyRuleOptions>
|
||||
<Option name="pf_classify_str"></Option>
|
||||
<Option name="stateless">True</Option>
|
||||
</PolicyRuleOptions>
|
||||
</PolicyRule>
|
||||
@ -1077,6 +1081,7 @@
|
||||
<IntervalRef ref="sysid2"/>
|
||||
</When>
|
||||
<PolicyRuleOptions>
|
||||
<Option name="pf_classify_str"></Option>
|
||||
<Option name="stateless">True</Option>
|
||||
</PolicyRuleOptions>
|
||||
</PolicyRule>
|
||||
@ -1262,6 +1267,7 @@
|
||||
<IntervalRef ref="sysid2"/>
|
||||
</When>
|
||||
<PolicyRuleOptions>
|
||||
<Option name="pf_classify_str"></Option>
|
||||
<Option name="stateless">True</Option>
|
||||
</PolicyRuleOptions>
|
||||
</PolicyRule>
|
||||
@ -1447,6 +1453,7 @@
|
||||
<IntervalRef ref="sysid2"/>
|
||||
</When>
|
||||
<PolicyRuleOptions>
|
||||
<Option name="pf_classify_str"></Option>
|
||||
<Option name="stateless">True</Option>
|
||||
</PolicyRuleOptions>
|
||||
</PolicyRule>
|
||||
@ -1632,6 +1639,7 @@
|
||||
<IntervalRef ref="sysid2"/>
|
||||
</When>
|
||||
<PolicyRuleOptions>
|
||||
<Option name="pf_classify_str"></Option>
|
||||
<Option name="stateless">True</Option>
|
||||
</PolicyRuleOptions>
|
||||
</PolicyRule>
|
||||
@ -1817,6 +1825,7 @@
|
||||
<IntervalRef ref="sysid2"/>
|
||||
</When>
|
||||
<PolicyRuleOptions>
|
||||
<Option name="pf_classify_str"></Option>
|
||||
<Option name="stateless">True</Option>
|
||||
</PolicyRuleOptions>
|
||||
</PolicyRule>
|
||||
@ -1840,6 +1849,7 @@
|
||||
<IntervalRef ref="sysid2"/>
|
||||
</When>
|
||||
<PolicyRuleOptions>
|
||||
<Option name="pf_classify_str"></Option>
|
||||
<Option name="stateless">True</Option>
|
||||
</PolicyRuleOptions>
|
||||
</PolicyRule>
|
||||
@ -2025,6 +2035,7 @@
|
||||
<IntervalRef ref="sysid2"/>
|
||||
</When>
|
||||
<PolicyRuleOptions>
|
||||
<Option name="pf_classify_str"></Option>
|
||||
<Option name="stateless">True</Option>
|
||||
</PolicyRuleOptions>
|
||||
</PolicyRule>
|
||||
@ -2048,6 +2059,7 @@
|
||||
<IntervalRef ref="sysid2"/>
|
||||
</When>
|
||||
<PolicyRuleOptions>
|
||||
<Option name="pf_classify_str"></Option>
|
||||
<Option name="stateless">True</Option>
|
||||
</PolicyRuleOptions>
|
||||
</PolicyRule>
|
||||
|
||||
@ -1,6 +1,6 @@
|
||||
<?xml version="1.0" encoding="utf-8"?>
|
||||
<!DOCTYPE FWObjectDatabase SYSTEM "fwbuilder.dtd">
|
||||
<FWObjectDatabase xmlns="http://www.fwbuilder.org/1.0/" version="18" lastModified="1269017995" id="root">
|
||||
<FWObjectDatabase xmlns="http://www.fwbuilder.org/1.0/" version="20" lastModified="1269017995" id="root">
|
||||
<Library id="syslib000" color="#d4f8ff" name="Standard" comment="Standard objects" ro="True">
|
||||
<AnyNetwork id="sysid0" name="Any" comment="Any Network" ro="False" address="0.0.0.0" netmask="0.0.0.0"/>
|
||||
<AnyIPService id="sysid1" protocol_num="0" name="Any" comment="Any IP Service" ro="False"/>
|
||||
|
||||
@ -1,6 +1,6 @@
|
||||
<?xml version="1.0" encoding="utf-8"?>
|
||||
<!DOCTYPE FWObjectDatabase SYSTEM "fwbuilder.dtd">
|
||||
<FWObjectDatabase xmlns="http://www.fwbuilder.org/1.0/" version="18" lastModified="1263678434" id="root">
|
||||
<FWObjectDatabase xmlns="http://www.fwbuilder.org/1.0/" version="20" lastModified="1263678434" id="root">
|
||||
<Library id="syslib000" color="#d4f8ff" name="Standard" comment="Standard objects" ro="True">
|
||||
<AnyNetwork id="sysid0" name="Any" comment="Any Network" ro="False" address="0.0.0.0" netmask="0.0.0.0"/>
|
||||
<AnyIPService id="sysid1" protocol_num="0" name="Any" comment="Any IP Service" ro="False"/>
|
||||
@ -484,7 +484,9 @@
|
||||
<When neg="False">
|
||||
<IntervalRef ref="sysid2"/>
|
||||
</When>
|
||||
<PolicyRuleOptions/>
|
||||
<PolicyRuleOptions>
|
||||
<Option name="pf_classify_str"></Option>
|
||||
</PolicyRuleOptions>
|
||||
</PolicyRule>
|
||||
<PolicyRule id="id16632X3268" disabled="False" group="" log="False" position="1" action="Accept" direction="Both" comment="">
|
||||
<Src neg="False">
|
||||
@ -502,7 +504,9 @@
|
||||
<When neg="False">
|
||||
<IntervalRef ref="sysid2"/>
|
||||
</When>
|
||||
<PolicyRuleOptions/>
|
||||
<PolicyRuleOptions>
|
||||
<Option name="pf_classify_str"></Option>
|
||||
</PolicyRuleOptions>
|
||||
</PolicyRule>
|
||||
<PolicyRule id="id16660X3268" disabled="False" group="" log="False" position="2" action="Accept" direction="Both" comment="SSH Access to firewall is permitted only from internal network">
|
||||
<Src neg="False">
|
||||
@ -520,7 +524,9 @@
|
||||
<When neg="False">
|
||||
<IntervalRef ref="sysid2"/>
|
||||
</When>
|
||||
<PolicyRuleOptions/>
|
||||
<PolicyRuleOptions>
|
||||
<Option name="pf_classify_str"></Option>
|
||||
</PolicyRuleOptions>
|
||||
</PolicyRule>
|
||||
<PolicyRule id="id16688X3268" disabled="False" group="" log="True" position="3" action="Accept" direction="Both" comment="Firewall uses one of the machines on internal network for DNS">
|
||||
<Src neg="False">
|
||||
@ -538,7 +544,9 @@
|
||||
<When neg="False">
|
||||
<IntervalRef ref="sysid2"/>
|
||||
</When>
|
||||
<PolicyRuleOptions/>
|
||||
<PolicyRuleOptions>
|
||||
<Option name="pf_classify_str"></Option>
|
||||
</PolicyRuleOptions>
|
||||
</PolicyRule>
|
||||
<PolicyRule id="id16716X3268" disabled="False" group="" log="True" position="4" action="Deny" direction="Both" comment="All other attempts to connect to the firewall are denied and logged">
|
||||
<Src neg="False">
|
||||
@ -556,7 +564,9 @@
|
||||
<When neg="False">
|
||||
<IntervalRef ref="sysid2"/>
|
||||
</When>
|
||||
<PolicyRuleOptions/>
|
||||
<PolicyRuleOptions>
|
||||
<Option name="pf_classify_str"></Option>
|
||||
</PolicyRuleOptions>
|
||||
</PolicyRule>
|
||||
<PolicyRule id="id16744X3268" disabled="False" group="" log="False" position="5" action="Accept" direction="Both" comment="">
|
||||
<Src neg="False">
|
||||
@ -574,7 +584,9 @@
|
||||
<When neg="False">
|
||||
<IntervalRef ref="sysid2"/>
|
||||
</When>
|
||||
<PolicyRuleOptions/>
|
||||
<PolicyRuleOptions>
|
||||
<Option name="pf_classify_str"></Option>
|
||||
</PolicyRuleOptions>
|
||||
</PolicyRule>
|
||||
<PolicyRule id="id16772X3268" disabled="False" group="" log="True" position="6" action="Deny" direction="Both" comment="">
|
||||
<Src neg="False">
|
||||
@ -592,7 +604,9 @@
|
||||
<When neg="False">
|
||||
<IntervalRef ref="sysid2"/>
|
||||
</When>
|
||||
<PolicyRuleOptions/>
|
||||
<PolicyRuleOptions>
|
||||
<Option name="pf_classify_str"></Option>
|
||||
</PolicyRuleOptions>
|
||||
</PolicyRule>
|
||||
<RuleSetOptions/>
|
||||
</Policy>
|
||||
@ -706,7 +720,9 @@
|
||||
<When neg="False">
|
||||
<IntervalRef ref="sysid2"/>
|
||||
</When>
|
||||
<PolicyRuleOptions/>
|
||||
<PolicyRuleOptions>
|
||||
<Option name="pf_classify_str"></Option>
|
||||
</PolicyRuleOptions>
|
||||
</PolicyRule>
|
||||
<PolicyRule id="id2233X35122" disabled="False" group="" log="False" position="1" action="Accept" direction="Both" comment="">
|
||||
<Src neg="False">
|
||||
@ -724,7 +740,9 @@
|
||||
<When neg="False">
|
||||
<IntervalRef ref="sysid2"/>
|
||||
</When>
|
||||
<PolicyRuleOptions/>
|
||||
<PolicyRuleOptions>
|
||||
<Option name="pf_classify_str"></Option>
|
||||
</PolicyRuleOptions>
|
||||
</PolicyRule>
|
||||
<PolicyRule id="id2245X35122" disabled="False" group="" log="False" position="2" action="Accept" direction="Both" comment="SSH Access to firewall is permitted only from internal network">
|
||||
<Src neg="False">
|
||||
@ -742,7 +760,9 @@
|
||||
<When neg="False">
|
||||
<IntervalRef ref="sysid2"/>
|
||||
</When>
|
||||
<PolicyRuleOptions/>
|
||||
<PolicyRuleOptions>
|
||||
<Option name="pf_classify_str"></Option>
|
||||
</PolicyRuleOptions>
|
||||
</PolicyRule>
|
||||
<PolicyRule id="id2257X35122" disabled="False" group="" log="True" position="3" action="Accept" direction="Both" comment="Firewall uses one of the machines on internal network for DNS">
|
||||
<Src neg="False">
|
||||
@ -760,7 +780,9 @@
|
||||
<When neg="False">
|
||||
<IntervalRef ref="sysid2"/>
|
||||
</When>
|
||||
<PolicyRuleOptions/>
|
||||
<PolicyRuleOptions>
|
||||
<Option name="pf_classify_str"></Option>
|
||||
</PolicyRuleOptions>
|
||||
</PolicyRule>
|
||||
<PolicyRule id="id2269X35122" disabled="False" group="" log="True" position="4" action="Deny" direction="Both" comment="All other attempts to connect to the firewall are denied and logged">
|
||||
<Src neg="False">
|
||||
@ -778,7 +800,9 @@
|
||||
<When neg="False">
|
||||
<IntervalRef ref="sysid2"/>
|
||||
</When>
|
||||
<PolicyRuleOptions/>
|
||||
<PolicyRuleOptions>
|
||||
<Option name="pf_classify_str"></Option>
|
||||
</PolicyRuleOptions>
|
||||
</PolicyRule>
|
||||
<PolicyRule id="id2281X35122" disabled="False" group="" log="False" position="5" action="Accept" direction="Both" comment="">
|
||||
<Src neg="False">
|
||||
@ -796,7 +820,9 @@
|
||||
<When neg="False">
|
||||
<IntervalRef ref="sysid2"/>
|
||||
</When>
|
||||
<PolicyRuleOptions/>
|
||||
<PolicyRuleOptions>
|
||||
<Option name="pf_classify_str"></Option>
|
||||
</PolicyRuleOptions>
|
||||
</PolicyRule>
|
||||
<PolicyRule id="id2293X35122" disabled="False" group="" log="True" position="6" action="Deny" direction="Both" comment="">
|
||||
<Src neg="False">
|
||||
@ -814,7 +840,9 @@
|
||||
<When neg="False">
|
||||
<IntervalRef ref="sysid2"/>
|
||||
</When>
|
||||
<PolicyRuleOptions/>
|
||||
<PolicyRuleOptions>
|
||||
<Option name="pf_classify_str"></Option>
|
||||
</PolicyRuleOptions>
|
||||
</PolicyRule>
|
||||
<RuleSetOptions/>
|
||||
</Policy>
|
||||
@ -928,7 +956,9 @@
|
||||
<When neg="False">
|
||||
<IntervalRef ref="sysid2"/>
|
||||
</When>
|
||||
<PolicyRuleOptions/>
|
||||
<PolicyRuleOptions>
|
||||
<Option name="pf_classify_str"></Option>
|
||||
</PolicyRuleOptions>
|
||||
</PolicyRule>
|
||||
<PolicyRule id="id2462X41369" disabled="False" group="" log="False" position="1" action="Accept" direction="Both" comment="">
|
||||
<Src neg="False">
|
||||
@ -946,7 +976,9 @@
|
||||
<When neg="False">
|
||||
<IntervalRef ref="sysid2"/>
|
||||
</When>
|
||||
<PolicyRuleOptions/>
|
||||
<PolicyRuleOptions>
|
||||
<Option name="pf_classify_str"></Option>
|
||||
</PolicyRuleOptions>
|
||||
</PolicyRule>
|
||||
<PolicyRule id="id2474X41369" disabled="False" group="" log="False" position="2" action="Accept" direction="Both" comment="SSH Access to firewall is permitted only from internal network">
|
||||
<Src neg="False">
|
||||
@ -964,7 +996,9 @@
|
||||
<When neg="False">
|
||||
<IntervalRef ref="sysid2"/>
|
||||
</When>
|
||||
<PolicyRuleOptions/>
|
||||
<PolicyRuleOptions>
|
||||
<Option name="pf_classify_str"></Option>
|
||||
</PolicyRuleOptions>
|
||||
</PolicyRule>
|
||||
<PolicyRule id="id2486X41369" disabled="False" group="" log="True" position="3" action="Accept" direction="Both" comment="Firewall uses one of the machines on internal network for DNS">
|
||||
<Src neg="False">
|
||||
@ -982,7 +1016,9 @@
|
||||
<When neg="False">
|
||||
<IntervalRef ref="sysid2"/>
|
||||
</When>
|
||||
<PolicyRuleOptions/>
|
||||
<PolicyRuleOptions>
|
||||
<Option name="pf_classify_str"></Option>
|
||||
</PolicyRuleOptions>
|
||||
</PolicyRule>
|
||||
<PolicyRule id="id2498X41369" disabled="False" group="" log="True" position="4" action="Deny" direction="Both" comment="All other attempts to connect to the firewall are denied and logged">
|
||||
<Src neg="False">
|
||||
@ -1000,7 +1036,9 @@
|
||||
<When neg="False">
|
||||
<IntervalRef ref="sysid2"/>
|
||||
</When>
|
||||
<PolicyRuleOptions/>
|
||||
<PolicyRuleOptions>
|
||||
<Option name="pf_classify_str"></Option>
|
||||
</PolicyRuleOptions>
|
||||
</PolicyRule>
|
||||
<PolicyRule id="id2510X41369" disabled="False" group="" log="False" position="5" action="Accept" direction="Both" comment="">
|
||||
<Src neg="False">
|
||||
@ -1018,7 +1056,9 @@
|
||||
<When neg="False">
|
||||
<IntervalRef ref="sysid2"/>
|
||||
</When>
|
||||
<PolicyRuleOptions/>
|
||||
<PolicyRuleOptions>
|
||||
<Option name="pf_classify_str"></Option>
|
||||
</PolicyRuleOptions>
|
||||
</PolicyRule>
|
||||
<PolicyRule id="id2522X41369" disabled="False" group="" log="True" position="6" action="Deny" direction="Both" comment="">
|
||||
<Src neg="False">
|
||||
@ -1036,7 +1076,9 @@
|
||||
<When neg="False">
|
||||
<IntervalRef ref="sysid2"/>
|
||||
</When>
|
||||
<PolicyRuleOptions/>
|
||||
<PolicyRuleOptions>
|
||||
<Option name="pf_classify_str"></Option>
|
||||
</PolicyRuleOptions>
|
||||
</PolicyRule>
|
||||
<RuleSetOptions/>
|
||||
</Policy>
|
||||
@ -1150,7 +1192,9 @@
|
||||
<When neg="False">
|
||||
<IntervalRef ref="sysid2"/>
|
||||
</When>
|
||||
<PolicyRuleOptions/>
|
||||
<PolicyRuleOptions>
|
||||
<Option name="pf_classify_str"></Option>
|
||||
</PolicyRuleOptions>
|
||||
</PolicyRule>
|
||||
<PolicyRule id="id2595X41369" disabled="False" group="" log="False" position="1" action="Accept" direction="Both" comment="">
|
||||
<Src neg="False">
|
||||
@ -1168,7 +1212,9 @@
|
||||
<When neg="False">
|
||||
<IntervalRef ref="sysid2"/>
|
||||
</When>
|
||||
<PolicyRuleOptions/>
|
||||
<PolicyRuleOptions>
|
||||
<Option name="pf_classify_str"></Option>
|
||||
</PolicyRuleOptions>
|
||||
</PolicyRule>
|
||||
<PolicyRule id="id2607X41369" disabled="False" group="" log="False" position="2" action="Accept" direction="Both" comment="SSH Access to firewall is permitted only from internal network">
|
||||
<Src neg="False">
|
||||
@ -1186,7 +1232,9 @@
|
||||
<When neg="False">
|
||||
<IntervalRef ref="sysid2"/>
|
||||
</When>
|
||||
<PolicyRuleOptions/>
|
||||
<PolicyRuleOptions>
|
||||
<Option name="pf_classify_str"></Option>
|
||||
</PolicyRuleOptions>
|
||||
</PolicyRule>
|
||||
<PolicyRule id="id2619X41369" disabled="False" group="" log="True" position="3" action="Accept" direction="Both" comment="Firewall uses one of the machines on internal network for DNS">
|
||||
<Src neg="False">
|
||||
@ -1204,7 +1252,9 @@
|
||||
<When neg="False">
|
||||
<IntervalRef ref="sysid2"/>
|
||||
</When>
|
||||
<PolicyRuleOptions/>
|
||||
<PolicyRuleOptions>
|
||||
<Option name="pf_classify_str"></Option>
|
||||
</PolicyRuleOptions>
|
||||
</PolicyRule>
|
||||
<PolicyRule id="id2631X41369" disabled="False" group="" log="True" position="4" action="Deny" direction="Both" comment="All other attempts to connect to the firewall are denied and logged">
|
||||
<Src neg="False">
|
||||
@ -1222,7 +1272,9 @@
|
||||
<When neg="False">
|
||||
<IntervalRef ref="sysid2"/>
|
||||
</When>
|
||||
<PolicyRuleOptions/>
|
||||
<PolicyRuleOptions>
|
||||
<Option name="pf_classify_str"></Option>
|
||||
</PolicyRuleOptions>
|
||||
</PolicyRule>
|
||||
<PolicyRule id="id2643X41369" disabled="False" group="" log="False" position="5" action="Accept" direction="Both" comment="">
|
||||
<Src neg="False">
|
||||
@ -1240,7 +1292,9 @@
|
||||
<When neg="False">
|
||||
<IntervalRef ref="sysid2"/>
|
||||
</When>
|
||||
<PolicyRuleOptions/>
|
||||
<PolicyRuleOptions>
|
||||
<Option name="pf_classify_str"></Option>
|
||||
</PolicyRuleOptions>
|
||||
</PolicyRule>
|
||||
<PolicyRule id="id2655X41369" disabled="False" group="" log="True" position="6" action="Deny" direction="Both" comment="">
|
||||
<Src neg="False">
|
||||
@ -1258,7 +1312,9 @@
|
||||
<When neg="False">
|
||||
<IntervalRef ref="sysid2"/>
|
||||
</When>
|
||||
<PolicyRuleOptions/>
|
||||
<PolicyRuleOptions>
|
||||
<Option name="pf_classify_str"></Option>
|
||||
</PolicyRuleOptions>
|
||||
</PolicyRule>
|
||||
<RuleSetOptions/>
|
||||
</Policy>
|
||||
|
||||
@ -1,6 +1,6 @@
|
||||
<?xml version="1.0" encoding="utf-8"?>
|
||||
<!DOCTYPE FWObjectDatabase SYSTEM "fwbuilder.dtd">
|
||||
<FWObjectDatabase xmlns="http://www.fwbuilder.org/1.0/" version="18" lastModified="1263678434" id="root">
|
||||
<FWObjectDatabase xmlns="http://www.fwbuilder.org/1.0/" version="20" lastModified="1263678434" id="root">
|
||||
<Library id="syslib000" color="#d4f8ff" name="Standard" comment="Standard objects" ro="True">
|
||||
<AnyNetwork id="sysid0" name="Any" comment="Any Network" ro="False" address="0.0.0.0" netmask="0.0.0.0"/>
|
||||
<AnyIPService id="sysid1" protocol_num="0" name="Any" comment="Any IP Service" ro="False"/>
|
||||
@ -486,7 +486,9 @@
|
||||
<When neg="False">
|
||||
<IntervalRef ref="sysid2"/>
|
||||
</When>
|
||||
<PolicyRuleOptions/>
|
||||
<PolicyRuleOptions>
|
||||
<Option name="pf_classify_str"></Option>
|
||||
</PolicyRuleOptions>
|
||||
</PolicyRule>
|
||||
<PolicyRule id="id16632X3268" disabled="False" group="" log="False" position="1" action="Accept" direction="Both" comment="">
|
||||
<Src neg="False">
|
||||
@ -504,7 +506,9 @@
|
||||
<When neg="False">
|
||||
<IntervalRef ref="sysid2"/>
|
||||
</When>
|
||||
<PolicyRuleOptions/>
|
||||
<PolicyRuleOptions>
|
||||
<Option name="pf_classify_str"></Option>
|
||||
</PolicyRuleOptions>
|
||||
</PolicyRule>
|
||||
<PolicyRule id="id16660X3268" disabled="False" group="" log="False" position="2" action="Accept" direction="Both" comment="SSH Access to firewall is permitted only from internal network">
|
||||
<Src neg="False">
|
||||
@ -522,7 +526,9 @@
|
||||
<When neg="False">
|
||||
<IntervalRef ref="sysid2"/>
|
||||
</When>
|
||||
<PolicyRuleOptions/>
|
||||
<PolicyRuleOptions>
|
||||
<Option name="pf_classify_str"></Option>
|
||||
</PolicyRuleOptions>
|
||||
</PolicyRule>
|
||||
<PolicyRule id="id16688X3268" disabled="False" group="" log="True" position="3" action="Accept" direction="Both" comment="Firewall uses one of the machines on internal network for DNS">
|
||||
<Src neg="False">
|
||||
@ -540,7 +546,9 @@
|
||||
<When neg="False">
|
||||
<IntervalRef ref="sysid2"/>
|
||||
</When>
|
||||
<PolicyRuleOptions/>
|
||||
<PolicyRuleOptions>
|
||||
<Option name="pf_classify_str"></Option>
|
||||
</PolicyRuleOptions>
|
||||
</PolicyRule>
|
||||
<PolicyRule id="id16716X3268" disabled="False" group="" log="True" position="4" action="Deny" direction="Both" comment="All other attempts to connect to the firewall are denied and logged">
|
||||
<Src neg="False">
|
||||
@ -558,7 +566,9 @@
|
||||
<When neg="False">
|
||||
<IntervalRef ref="sysid2"/>
|
||||
</When>
|
||||
<PolicyRuleOptions/>
|
||||
<PolicyRuleOptions>
|
||||
<Option name="pf_classify_str"></Option>
|
||||
</PolicyRuleOptions>
|
||||
</PolicyRule>
|
||||
<PolicyRule id="id16744X3268" disabled="False" group="" log="False" position="5" action="Accept" direction="Both" comment="">
|
||||
<Src neg="False">
|
||||
@ -576,7 +586,9 @@
|
||||
<When neg="False">
|
||||
<IntervalRef ref="sysid2"/>
|
||||
</When>
|
||||
<PolicyRuleOptions/>
|
||||
<PolicyRuleOptions>
|
||||
<Option name="pf_classify_str"></Option>
|
||||
</PolicyRuleOptions>
|
||||
</PolicyRule>
|
||||
<PolicyRule id="id16772X3268" disabled="False" group="" log="True" position="6" action="Deny" direction="Both" comment="">
|
||||
<Src neg="False">
|
||||
@ -594,7 +606,9 @@
|
||||
<When neg="False">
|
||||
<IntervalRef ref="sysid2"/>
|
||||
</When>
|
||||
<PolicyRuleOptions/>
|
||||
<PolicyRuleOptions>
|
||||
<Option name="pf_classify_str"></Option>
|
||||
</PolicyRuleOptions>
|
||||
</PolicyRule>
|
||||
<RuleSetOptions/>
|
||||
</Policy>
|
||||
@ -708,7 +722,9 @@
|
||||
<When neg="False">
|
||||
<IntervalRef ref="sysid2"/>
|
||||
</When>
|
||||
<PolicyRuleOptions/>
|
||||
<PolicyRuleOptions>
|
||||
<Option name="pf_classify_str"></Option>
|
||||
</PolicyRuleOptions>
|
||||
</PolicyRule>
|
||||
<PolicyRule id="id2233X35122" disabled="False" group="" log="False" position="1" action="Accept" direction="Both" comment="">
|
||||
<Src neg="False">
|
||||
@ -726,7 +742,9 @@
|
||||
<When neg="False">
|
||||
<IntervalRef ref="sysid2"/>
|
||||
</When>
|
||||
<PolicyRuleOptions/>
|
||||
<PolicyRuleOptions>
|
||||
<Option name="pf_classify_str"></Option>
|
||||
</PolicyRuleOptions>
|
||||
</PolicyRule>
|
||||
<PolicyRule id="id2245X35122" disabled="False" group="" log="False" position="2" action="Accept" direction="Both" comment="SSH Access to firewall is permitted only from internal network">
|
||||
<Src neg="False">
|
||||
@ -744,7 +762,9 @@
|
||||
<When neg="False">
|
||||
<IntervalRef ref="sysid2"/>
|
||||
</When>
|
||||
<PolicyRuleOptions/>
|
||||
<PolicyRuleOptions>
|
||||
<Option name="pf_classify_str"></Option>
|
||||
</PolicyRuleOptions>
|
||||
</PolicyRule>
|
||||
<PolicyRule id="id2257X35122" disabled="False" group="" log="True" position="3" action="Accept" direction="Both" comment="Firewall uses one of the machines on internal network for DNS">
|
||||
<Src neg="False">
|
||||
@ -762,7 +782,9 @@
|
||||
<When neg="False">
|
||||
<IntervalRef ref="sysid2"/>
|
||||
</When>
|
||||
<PolicyRuleOptions/>
|
||||
<PolicyRuleOptions>
|
||||
<Option name="pf_classify_str"></Option>
|
||||
</PolicyRuleOptions>
|
||||
</PolicyRule>
|
||||
<PolicyRule id="id2269X35122" disabled="False" group="" log="True" position="4" action="Deny" direction="Both" comment="All other attempts to connect to the firewall are denied and logged">
|
||||
<Src neg="False">
|
||||
@ -780,7 +802,9 @@
|
||||
<When neg="False">
|
||||
<IntervalRef ref="sysid2"/>
|
||||
</When>
|
||||
<PolicyRuleOptions/>
|
||||
<PolicyRuleOptions>
|
||||
<Option name="pf_classify_str"></Option>
|
||||
</PolicyRuleOptions>
|
||||
</PolicyRule>
|
||||
<PolicyRule id="id2281X35122" disabled="False" group="" log="False" position="5" action="Accept" direction="Both" comment="">
|
||||
<Src neg="False">
|
||||
@ -798,7 +822,9 @@
|
||||
<When neg="False">
|
||||
<IntervalRef ref="sysid2"/>
|
||||
</When>
|
||||
<PolicyRuleOptions/>
|
||||
<PolicyRuleOptions>
|
||||
<Option name="pf_classify_str"></Option>
|
||||
</PolicyRuleOptions>
|
||||
</PolicyRule>
|
||||
<PolicyRule id="id2293X35122" disabled="False" group="" log="True" position="6" action="Deny" direction="Both" comment="">
|
||||
<Src neg="False">
|
||||
@ -816,7 +842,9 @@
|
||||
<When neg="False">
|
||||
<IntervalRef ref="sysid2"/>
|
||||
</When>
|
||||
<PolicyRuleOptions/>
|
||||
<PolicyRuleOptions>
|
||||
<Option name="pf_classify_str"></Option>
|
||||
</PolicyRuleOptions>
|
||||
</PolicyRule>
|
||||
<RuleSetOptions/>
|
||||
</Policy>
|
||||
@ -930,7 +958,9 @@
|
||||
<When neg="False">
|
||||
<IntervalRef ref="sysid2"/>
|
||||
</When>
|
||||
<PolicyRuleOptions/>
|
||||
<PolicyRuleOptions>
|
||||
<Option name="pf_classify_str"></Option>
|
||||
</PolicyRuleOptions>
|
||||
</PolicyRule>
|
||||
<PolicyRule id="id2462X41369" disabled="False" group="" log="False" position="1" action="Accept" direction="Both" comment="">
|
||||
<Src neg="False">
|
||||
@ -948,7 +978,9 @@
|
||||
<When neg="False">
|
||||
<IntervalRef ref="sysid2"/>
|
||||
</When>
|
||||
<PolicyRuleOptions/>
|
||||
<PolicyRuleOptions>
|
||||
<Option name="pf_classify_str"></Option>
|
||||
</PolicyRuleOptions>
|
||||
</PolicyRule>
|
||||
<PolicyRule id="id2474X41369" disabled="False" group="" log="False" position="2" action="Accept" direction="Both" comment="SSH Access to firewall is permitted only from internal network">
|
||||
<Src neg="False">
|
||||
@ -966,7 +998,9 @@
|
||||
<When neg="False">
|
||||
<IntervalRef ref="sysid2"/>
|
||||
</When>
|
||||
<PolicyRuleOptions/>
|
||||
<PolicyRuleOptions>
|
||||
<Option name="pf_classify_str"></Option>
|
||||
</PolicyRuleOptions>
|
||||
</PolicyRule>
|
||||
<PolicyRule id="id2486X41369" disabled="False" group="" log="True" position="3" action="Accept" direction="Both" comment="Firewall uses one of the machines on internal network for DNS">
|
||||
<Src neg="False">
|
||||
@ -984,7 +1018,9 @@
|
||||
<When neg="False">
|
||||
<IntervalRef ref="sysid2"/>
|
||||
</When>
|
||||
<PolicyRuleOptions/>
|
||||
<PolicyRuleOptions>
|
||||
<Option name="pf_classify_str"></Option>
|
||||
</PolicyRuleOptions>
|
||||
</PolicyRule>
|
||||
<PolicyRule id="id2498X41369" disabled="False" group="" log="True" position="4" action="Deny" direction="Both" comment="All other attempts to connect to the firewall are denied and logged">
|
||||
<Src neg="False">
|
||||
@ -1002,7 +1038,9 @@
|
||||
<When neg="False">
|
||||
<IntervalRef ref="sysid2"/>
|
||||
</When>
|
||||
<PolicyRuleOptions/>
|
||||
<PolicyRuleOptions>
|
||||
<Option name="pf_classify_str"></Option>
|
||||
</PolicyRuleOptions>
|
||||
</PolicyRule>
|
||||
<PolicyRule id="id2510X41369" disabled="False" group="" log="False" position="5" action="Accept" direction="Both" comment="">
|
||||
<Src neg="False">
|
||||
@ -1020,7 +1058,9 @@
|
||||
<When neg="False">
|
||||
<IntervalRef ref="sysid2"/>
|
||||
</When>
|
||||
<PolicyRuleOptions/>
|
||||
<PolicyRuleOptions>
|
||||
<Option name="pf_classify_str"></Option>
|
||||
</PolicyRuleOptions>
|
||||
</PolicyRule>
|
||||
<PolicyRule id="id2522X41369" disabled="False" group="" log="True" position="6" action="Deny" direction="Both" comment="">
|
||||
<Src neg="False">
|
||||
@ -1038,7 +1078,9 @@
|
||||
<When neg="False">
|
||||
<IntervalRef ref="sysid2"/>
|
||||
</When>
|
||||
<PolicyRuleOptions/>
|
||||
<PolicyRuleOptions>
|
||||
<Option name="pf_classify_str"></Option>
|
||||
</PolicyRuleOptions>
|
||||
</PolicyRule>
|
||||
<RuleSetOptions/>
|
||||
</Policy>
|
||||
@ -1152,7 +1194,9 @@
|
||||
<When neg="False">
|
||||
<IntervalRef ref="sysid2"/>
|
||||
</When>
|
||||
<PolicyRuleOptions/>
|
||||
<PolicyRuleOptions>
|
||||
<Option name="pf_classify_str"></Option>
|
||||
</PolicyRuleOptions>
|
||||
</PolicyRule>
|
||||
<PolicyRule id="id2595X41369" disabled="False" group="" log="False" position="1" action="Accept" direction="Both" comment="">
|
||||
<Src neg="False">
|
||||
@ -1170,7 +1214,9 @@
|
||||
<When neg="False">
|
||||
<IntervalRef ref="sysid2"/>
|
||||
</When>
|
||||
<PolicyRuleOptions/>
|
||||
<PolicyRuleOptions>
|
||||
<Option name="pf_classify_str"></Option>
|
||||
</PolicyRuleOptions>
|
||||
</PolicyRule>
|
||||
<PolicyRule id="id2607X41369" disabled="False" group="" log="False" position="2" action="Accept" direction="Both" comment="SSH Access to firewall is permitted only from internal network">
|
||||
<Src neg="False">
|
||||
@ -1188,7 +1234,9 @@
|
||||
<When neg="False">
|
||||
<IntervalRef ref="sysid2"/>
|
||||
</When>
|
||||
<PolicyRuleOptions/>
|
||||
<PolicyRuleOptions>
|
||||
<Option name="pf_classify_str"></Option>
|
||||
</PolicyRuleOptions>
|
||||
</PolicyRule>
|
||||
<PolicyRule id="id2619X41369" disabled="False" group="" log="True" position="3" action="Accept" direction="Both" comment="Firewall uses one of the machines on internal network for DNS">
|
||||
<Src neg="False">
|
||||
@ -1206,7 +1254,9 @@
|
||||
<When neg="False">
|
||||
<IntervalRef ref="sysid2"/>
|
||||
</When>
|
||||
<PolicyRuleOptions/>
|
||||
<PolicyRuleOptions>
|
||||
<Option name="pf_classify_str"></Option>
|
||||
</PolicyRuleOptions>
|
||||
</PolicyRule>
|
||||
<PolicyRule id="id2631X41369" disabled="False" group="" log="True" position="4" action="Deny" direction="Both" comment="All other attempts to connect to the firewall are denied and logged">
|
||||
<Src neg="False">
|
||||
@ -1224,7 +1274,9 @@
|
||||
<When neg="False">
|
||||
<IntervalRef ref="sysid2"/>
|
||||
</When>
|
||||
<PolicyRuleOptions/>
|
||||
<PolicyRuleOptions>
|
||||
<Option name="pf_classify_str"></Option>
|
||||
</PolicyRuleOptions>
|
||||
</PolicyRule>
|
||||
<PolicyRule id="id2643X41369" disabled="False" group="" log="False" position="5" action="Accept" direction="Both" comment="">
|
||||
<Src neg="False">
|
||||
@ -1242,7 +1294,9 @@
|
||||
<When neg="False">
|
||||
<IntervalRef ref="sysid2"/>
|
||||
</When>
|
||||
<PolicyRuleOptions/>
|
||||
<PolicyRuleOptions>
|
||||
<Option name="pf_classify_str"></Option>
|
||||
</PolicyRuleOptions>
|
||||
</PolicyRule>
|
||||
<PolicyRule id="id2655X41369" disabled="False" group="" log="True" position="6" action="Deny" direction="Both" comment="">
|
||||
<Src neg="False">
|
||||
@ -1260,7 +1314,9 @@
|
||||
<When neg="False">
|
||||
<IntervalRef ref="sysid2"/>
|
||||
</When>
|
||||
<PolicyRuleOptions/>
|
||||
<PolicyRuleOptions>
|
||||
<Option name="pf_classify_str"></Option>
|
||||
</PolicyRuleOptions>
|
||||
</PolicyRule>
|
||||
<RuleSetOptions/>
|
||||
</Policy>
|
||||
@ -1398,6 +1454,7 @@
|
||||
<Option name="limit_value_not">False</Option>
|
||||
<Option name="log_level"></Option>
|
||||
<Option name="log_prefix"></Option>
|
||||
<Option name="pf_classify_str"></Option>
|
||||
<Option name="stateless">True</Option>
|
||||
<Option name="ulog_nlgroup">1</Option>
|
||||
</PolicyRuleOptions>
|
||||
@ -1418,7 +1475,9 @@
|
||||
<When neg="False">
|
||||
<IntervalRef ref="sysid2"/>
|
||||
</When>
|
||||
<PolicyRuleOptions/>
|
||||
<PolicyRuleOptions>
|
||||
<Option name="pf_classify_str"></Option>
|
||||
</PolicyRuleOptions>
|
||||
</PolicyRule>
|
||||
<PolicyRule id="id5439X26004" disabled="False" group="" log="False" position="2" action="Accept" direction="Both" comment="SSH Access to firewall is permitted only from internal network">
|
||||
<Src neg="False">
|
||||
@ -1436,7 +1495,9 @@
|
||||
<When neg="False">
|
||||
<IntervalRef ref="sysid2"/>
|
||||
</When>
|
||||
<PolicyRuleOptions/>
|
||||
<PolicyRuleOptions>
|
||||
<Option name="pf_classify_str"></Option>
|
||||
</PolicyRuleOptions>
|
||||
</PolicyRule>
|
||||
<PolicyRule id="id5467X26004" disabled="False" group="" log="False" position="3" action="Accept" direction="Both" comment="Firewall uses one of the machines on internal network for DNS">
|
||||
<Src neg="False">
|
||||
@ -1454,7 +1515,9 @@
|
||||
<When neg="False">
|
||||
<IntervalRef ref="sysid2"/>
|
||||
</When>
|
||||
<PolicyRuleOptions/>
|
||||
<PolicyRuleOptions>
|
||||
<Option name="pf_classify_str"></Option>
|
||||
</PolicyRuleOptions>
|
||||
</PolicyRule>
|
||||
<PolicyRule id="id5495X26004" disabled="False" group="" log="True" position="4" action="Deny" direction="Both" comment="All other attempts to connect to the firewall are denied and logged">
|
||||
<Src neg="False">
|
||||
@ -1496,6 +1559,7 @@
|
||||
<Option name="limit_value_not">False</Option>
|
||||
<Option name="log_level"></Option>
|
||||
<Option name="log_prefix"></Option>
|
||||
<Option name="pf_classify_str"></Option>
|
||||
<Option name="stateless">True</Option>
|
||||
<Option name="ulog_nlgroup">1</Option>
|
||||
</PolicyRuleOptions>
|
||||
@ -1516,7 +1580,9 @@
|
||||
<When neg="False">
|
||||
<IntervalRef ref="sysid2"/>
|
||||
</When>
|
||||
<PolicyRuleOptions/>
|
||||
<PolicyRuleOptions>
|
||||
<Option name="pf_classify_str"></Option>
|
||||
</PolicyRuleOptions>
|
||||
</PolicyRule>
|
||||
<PolicyRule id="id5551X26004" disabled="False" group="" log="True" position="6" action="Deny" direction="Both" comment="">
|
||||
<Src neg="False">
|
||||
@ -1558,6 +1624,7 @@
|
||||
<Option name="limit_value_not">False</Option>
|
||||
<Option name="log_level"></Option>
|
||||
<Option name="log_prefix"></Option>
|
||||
<Option name="pf_classify_str"></Option>
|
||||
<Option name="stateless">True</Option>
|
||||
<Option name="ulog_nlgroup">1</Option>
|
||||
</PolicyRuleOptions>
|
||||
@ -1699,6 +1766,7 @@
|
||||
<Option name="limit_value_not">False</Option>
|
||||
<Option name="log_level"></Option>
|
||||
<Option name="log_prefix"></Option>
|
||||
<Option name="pf_classify_str"></Option>
|
||||
<Option name="stateless">True</Option>
|
||||
<Option name="ulog_nlgroup">1</Option>
|
||||
</PolicyRuleOptions>
|
||||
@ -1719,7 +1787,9 @@
|
||||
<When neg="False">
|
||||
<IntervalRef ref="sysid2"/>
|
||||
</When>
|
||||
<PolicyRuleOptions/>
|
||||
<PolicyRuleOptions>
|
||||
<Option name="pf_classify_str"></Option>
|
||||
</PolicyRuleOptions>
|
||||
</PolicyRule>
|
||||
<PolicyRule id="id5699X26074" disabled="False" group="" log="False" position="2" action="Accept" direction="Both" comment="SSH Access to firewall is permitted only from internal network Also firewall serves DNS for internal network">
|
||||
<Src neg="False">
|
||||
@ -1738,7 +1808,9 @@
|
||||
<When neg="False">
|
||||
<IntervalRef ref="sysid2"/>
|
||||
</When>
|
||||
<PolicyRuleOptions/>
|
||||
<PolicyRuleOptions>
|
||||
<Option name="pf_classify_str"></Option>
|
||||
</PolicyRuleOptions>
|
||||
</PolicyRule>
|
||||
<PolicyRule id="id5728X26074" disabled="False" group="" log="False" position="3" action="Accept" direction="Both" comment="DHCP requests are permitted from internal network">
|
||||
<Src neg="False">
|
||||
@ -1758,7 +1830,9 @@
|
||||
<When neg="False">
|
||||
<IntervalRef ref="sysid2"/>
|
||||
</When>
|
||||
<PolicyRuleOptions/>
|
||||
<PolicyRuleOptions>
|
||||
<Option name="pf_classify_str"></Option>
|
||||
</PolicyRuleOptions>
|
||||
</PolicyRule>
|
||||
<PolicyRule id="id5758X26074" disabled="False" group="" log="False" position="4" action="Accept" direction="Both" comment="DHCP replies">
|
||||
<Src neg="False">
|
||||
@ -1776,7 +1850,9 @@
|
||||
<When neg="False">
|
||||
<IntervalRef ref="sysid2"/>
|
||||
</When>
|
||||
<PolicyRuleOptions/>
|
||||
<PolicyRuleOptions>
|
||||
<Option name="pf_classify_str"></Option>
|
||||
</PolicyRuleOptions>
|
||||
</PolicyRule>
|
||||
<PolicyRule id="id5786X26074" disabled="False" group="" log="False" position="5" action="Accept" direction="Both" comment="Firewall should be able to send DNS queries to the Internet">
|
||||
<Src neg="False">
|
||||
@ -1794,7 +1870,9 @@
|
||||
<When neg="False">
|
||||
<IntervalRef ref="sysid2"/>
|
||||
</When>
|
||||
<PolicyRuleOptions/>
|
||||
<PolicyRuleOptions>
|
||||
<Option name="pf_classify_str"></Option>
|
||||
</PolicyRuleOptions>
|
||||
</PolicyRule>
|
||||
<PolicyRule id="id5814X26074" disabled="False" group="" log="True" position="6" action="Deny" direction="Both" comment="All other attempts to connect to the firewall are denied and logged">
|
||||
<Src neg="False">
|
||||
@ -1836,6 +1914,7 @@
|
||||
<Option name="limit_value_not">False</Option>
|
||||
<Option name="log_level"></Option>
|
||||
<Option name="log_prefix"></Option>
|
||||
<Option name="pf_classify_str"></Option>
|
||||
<Option name="stateless">True</Option>
|
||||
<Option name="ulog_nlgroup">1</Option>
|
||||
</PolicyRuleOptions>
|
||||
@ -1856,7 +1935,9 @@
|
||||
<When neg="False">
|
||||
<IntervalRef ref="sysid2"/>
|
||||
</When>
|
||||
<PolicyRuleOptions/>
|
||||
<PolicyRuleOptions>
|
||||
<Option name="pf_classify_str"></Option>
|
||||
</PolicyRuleOptions>
|
||||
</PolicyRule>
|
||||
<PolicyRule id="id5870X26074" disabled="False" group="" log="True" position="8" action="Deny" direction="Both" comment="">
|
||||
<Src neg="False">
|
||||
@ -1898,6 +1979,7 @@
|
||||
<Option name="limit_value_not">False</Option>
|
||||
<Option name="log_level"></Option>
|
||||
<Option name="log_prefix"></Option>
|
||||
<Option name="pf_classify_str"></Option>
|
||||
<Option name="stateless">True</Option>
|
||||
<Option name="ulog_nlgroup">1</Option>
|
||||
</PolicyRuleOptions>
|
||||
|
||||
@ -1,6 +1,6 @@
|
||||
<?xml version="1.0" encoding="utf-8"?>
|
||||
<!DOCTYPE FWObjectDatabase SYSTEM "fwbuilder.dtd">
|
||||
<FWObjectDatabase xmlns="http://www.fwbuilder.org/1.0/" version="18" lastModified="1263678434" id="root">
|
||||
<FWObjectDatabase xmlns="http://www.fwbuilder.org/1.0/" version="20" lastModified="1263678434" id="root">
|
||||
<Library id="syslib000" color="#d4f8ff" name="Standard" comment="Standard objects" ro="True">
|
||||
<AnyNetwork id="sysid0" name="Any" comment="Any Network" ro="False" address="0.0.0.0" netmask="0.0.0.0"/>
|
||||
<AnyIPService id="sysid1" protocol_num="0" name="Any" comment="Any IP Service" ro="False"/>
|
||||
@ -486,7 +486,9 @@
|
||||
<When neg="False">
|
||||
<IntervalRef ref="sysid2"/>
|
||||
</When>
|
||||
<PolicyRuleOptions/>
|
||||
<PolicyRuleOptions>
|
||||
<Option name="pf_classify_str"></Option>
|
||||
</PolicyRuleOptions>
|
||||
</PolicyRule>
|
||||
<PolicyRule id="id16632X3268" disabled="False" group="" log="False" position="1" action="Accept" direction="Both" comment="">
|
||||
<Src neg="False">
|
||||
@ -504,7 +506,9 @@
|
||||
<When neg="False">
|
||||
<IntervalRef ref="sysid2"/>
|
||||
</When>
|
||||
<PolicyRuleOptions/>
|
||||
<PolicyRuleOptions>
|
||||
<Option name="pf_classify_str"></Option>
|
||||
</PolicyRuleOptions>
|
||||
</PolicyRule>
|
||||
<PolicyRule id="id16660X3268" disabled="False" group="" log="False" position="2" action="Accept" direction="Both" comment="SSH Access to firewall is permitted only from internal network">
|
||||
<Src neg="False">
|
||||
@ -522,7 +526,9 @@
|
||||
<When neg="False">
|
||||
<IntervalRef ref="sysid2"/>
|
||||
</When>
|
||||
<PolicyRuleOptions/>
|
||||
<PolicyRuleOptions>
|
||||
<Option name="pf_classify_str"></Option>
|
||||
</PolicyRuleOptions>
|
||||
</PolicyRule>
|
||||
<PolicyRule id="id16688X3268" disabled="False" group="" log="True" position="3" action="Accept" direction="Both" comment="Firewall uses one of the machines on internal network for DNS">
|
||||
<Src neg="False">
|
||||
@ -540,7 +546,9 @@
|
||||
<When neg="False">
|
||||
<IntervalRef ref="sysid2"/>
|
||||
</When>
|
||||
<PolicyRuleOptions/>
|
||||
<PolicyRuleOptions>
|
||||
<Option name="pf_classify_str"></Option>
|
||||
</PolicyRuleOptions>
|
||||
</PolicyRule>
|
||||
<PolicyRule id="id16716X3268" disabled="False" group="" log="True" position="4" action="Deny" direction="Both" comment="All other attempts to connect to the firewall are denied and logged">
|
||||
<Src neg="False">
|
||||
@ -558,7 +566,9 @@
|
||||
<When neg="False">
|
||||
<IntervalRef ref="sysid2"/>
|
||||
</When>
|
||||
<PolicyRuleOptions/>
|
||||
<PolicyRuleOptions>
|
||||
<Option name="pf_classify_str"></Option>
|
||||
</PolicyRuleOptions>
|
||||
</PolicyRule>
|
||||
<PolicyRule id="id16744X3268" disabled="False" group="" log="False" position="5" action="Accept" direction="Both" comment="">
|
||||
<Src neg="False">
|
||||
@ -576,7 +586,9 @@
|
||||
<When neg="False">
|
||||
<IntervalRef ref="sysid2"/>
|
||||
</When>
|
||||
<PolicyRuleOptions/>
|
||||
<PolicyRuleOptions>
|
||||
<Option name="pf_classify_str"></Option>
|
||||
</PolicyRuleOptions>
|
||||
</PolicyRule>
|
||||
<PolicyRule id="id16772X3268" disabled="False" group="" log="True" position="6" action="Deny" direction="Both" comment="">
|
||||
<Src neg="False">
|
||||
@ -594,7 +606,9 @@
|
||||
<When neg="False">
|
||||
<IntervalRef ref="sysid2"/>
|
||||
</When>
|
||||
<PolicyRuleOptions/>
|
||||
<PolicyRuleOptions>
|
||||
<Option name="pf_classify_str"></Option>
|
||||
</PolicyRuleOptions>
|
||||
</PolicyRule>
|
||||
<RuleSetOptions/>
|
||||
</Policy>
|
||||
@ -708,7 +722,9 @@
|
||||
<When neg="False">
|
||||
<IntervalRef ref="sysid2"/>
|
||||
</When>
|
||||
<PolicyRuleOptions/>
|
||||
<PolicyRuleOptions>
|
||||
<Option name="pf_classify_str"></Option>
|
||||
</PolicyRuleOptions>
|
||||
</PolicyRule>
|
||||
<PolicyRule id="id2233X35122" disabled="False" group="" log="False" position="1" action="Accept" direction="Both" comment="">
|
||||
<Src neg="False">
|
||||
@ -726,7 +742,9 @@
|
||||
<When neg="False">
|
||||
<IntervalRef ref="sysid2"/>
|
||||
</When>
|
||||
<PolicyRuleOptions/>
|
||||
<PolicyRuleOptions>
|
||||
<Option name="pf_classify_str"></Option>
|
||||
</PolicyRuleOptions>
|
||||
</PolicyRule>
|
||||
<PolicyRule id="id2245X35122" disabled="False" group="" log="False" position="2" action="Accept" direction="Both" comment="SSH Access to firewall is permitted only from internal network">
|
||||
<Src neg="False">
|
||||
@ -744,7 +762,9 @@
|
||||
<When neg="False">
|
||||
<IntervalRef ref="sysid2"/>
|
||||
</When>
|
||||
<PolicyRuleOptions/>
|
||||
<PolicyRuleOptions>
|
||||
<Option name="pf_classify_str"></Option>
|
||||
</PolicyRuleOptions>
|
||||
</PolicyRule>
|
||||
<PolicyRule id="id2257X35122" disabled="False" group="" log="True" position="3" action="Accept" direction="Both" comment="Firewall uses one of the machines on internal network for DNS">
|
||||
<Src neg="False">
|
||||
@ -762,7 +782,9 @@
|
||||
<When neg="False">
|
||||
<IntervalRef ref="sysid2"/>
|
||||
</When>
|
||||
<PolicyRuleOptions/>
|
||||
<PolicyRuleOptions>
|
||||
<Option name="pf_classify_str"></Option>
|
||||
</PolicyRuleOptions>
|
||||
</PolicyRule>
|
||||
<PolicyRule id="id2269X35122" disabled="False" group="" log="True" position="4" action="Deny" direction="Both" comment="All other attempts to connect to the firewall are denied and logged">
|
||||
<Src neg="False">
|
||||
@ -780,7 +802,9 @@
|
||||
<When neg="False">
|
||||
<IntervalRef ref="sysid2"/>
|
||||
</When>
|
||||
<PolicyRuleOptions/>
|
||||
<PolicyRuleOptions>
|
||||
<Option name="pf_classify_str"></Option>
|
||||
</PolicyRuleOptions>
|
||||
</PolicyRule>
|
||||
<PolicyRule id="id2281X35122" disabled="False" group="" log="False" position="5" action="Accept" direction="Both" comment="">
|
||||
<Src neg="False">
|
||||
@ -798,7 +822,9 @@
|
||||
<When neg="False">
|
||||
<IntervalRef ref="sysid2"/>
|
||||
</When>
|
||||
<PolicyRuleOptions/>
|
||||
<PolicyRuleOptions>
|
||||
<Option name="pf_classify_str"></Option>
|
||||
</PolicyRuleOptions>
|
||||
</PolicyRule>
|
||||
<PolicyRule id="id2293X35122" disabled="False" group="" log="True" position="6" action="Deny" direction="Both" comment="">
|
||||
<Src neg="False">
|
||||
@ -816,7 +842,9 @@
|
||||
<When neg="False">
|
||||
<IntervalRef ref="sysid2"/>
|
||||
</When>
|
||||
<PolicyRuleOptions/>
|
||||
<PolicyRuleOptions>
|
||||
<Option name="pf_classify_str"></Option>
|
||||
</PolicyRuleOptions>
|
||||
</PolicyRule>
|
||||
<RuleSetOptions/>
|
||||
</Policy>
|
||||
@ -930,7 +958,9 @@
|
||||
<When neg="False">
|
||||
<IntervalRef ref="sysid2"/>
|
||||
</When>
|
||||
<PolicyRuleOptions/>
|
||||
<PolicyRuleOptions>
|
||||
<Option name="pf_classify_str"></Option>
|
||||
</PolicyRuleOptions>
|
||||
</PolicyRule>
|
||||
<PolicyRule id="id2462X41369" disabled="False" group="" log="False" position="1" action="Accept" direction="Both" comment="">
|
||||
<Src neg="False">
|
||||
@ -948,7 +978,9 @@
|
||||
<When neg="False">
|
||||
<IntervalRef ref="sysid2"/>
|
||||
</When>
|
||||
<PolicyRuleOptions/>
|
||||
<PolicyRuleOptions>
|
||||
<Option name="pf_classify_str"></Option>
|
||||
</PolicyRuleOptions>
|
||||
</PolicyRule>
|
||||
<PolicyRule id="id2474X41369" disabled="False" group="" log="False" position="2" action="Accept" direction="Both" comment="SSH Access to firewall is permitted only from internal network">
|
||||
<Src neg="False">
|
||||
@ -966,7 +998,9 @@
|
||||
<When neg="False">
|
||||
<IntervalRef ref="sysid2"/>
|
||||
</When>
|
||||
<PolicyRuleOptions/>
|
||||
<PolicyRuleOptions>
|
||||
<Option name="pf_classify_str"></Option>
|
||||
</PolicyRuleOptions>
|
||||
</PolicyRule>
|
||||
<PolicyRule id="id2486X41369" disabled="False" group="" log="True" position="3" action="Accept" direction="Both" comment="Firewall uses one of the machines on internal network for DNS">
|
||||
<Src neg="False">
|
||||
@ -984,7 +1018,9 @@
|
||||
<When neg="False">
|
||||
<IntervalRef ref="sysid2"/>
|
||||
</When>
|
||||
<PolicyRuleOptions/>
|
||||
<PolicyRuleOptions>
|
||||
<Option name="pf_classify_str"></Option>
|
||||
</PolicyRuleOptions>
|
||||
</PolicyRule>
|
||||
<PolicyRule id="id2498X41369" disabled="False" group="" log="True" position="4" action="Deny" direction="Both" comment="All other attempts to connect to the firewall are denied and logged">
|
||||
<Src neg="False">
|
||||
@ -1002,7 +1038,9 @@
|
||||
<When neg="False">
|
||||
<IntervalRef ref="sysid2"/>
|
||||
</When>
|
||||
<PolicyRuleOptions/>
|
||||
<PolicyRuleOptions>
|
||||
<Option name="pf_classify_str"></Option>
|
||||
</PolicyRuleOptions>
|
||||
</PolicyRule>
|
||||
<PolicyRule id="id2510X41369" disabled="False" group="" log="False" position="5" action="Accept" direction="Both" comment="">
|
||||
<Src neg="False">
|
||||
@ -1020,7 +1058,9 @@
|
||||
<When neg="False">
|
||||
<IntervalRef ref="sysid2"/>
|
||||
</When>
|
||||
<PolicyRuleOptions/>
|
||||
<PolicyRuleOptions>
|
||||
<Option name="pf_classify_str"></Option>
|
||||
</PolicyRuleOptions>
|
||||
</PolicyRule>
|
||||
<PolicyRule id="id2522X41369" disabled="False" group="" log="True" position="6" action="Deny" direction="Both" comment="">
|
||||
<Src neg="False">
|
||||
@ -1038,7 +1078,9 @@
|
||||
<When neg="False">
|
||||
<IntervalRef ref="sysid2"/>
|
||||
</When>
|
||||
<PolicyRuleOptions/>
|
||||
<PolicyRuleOptions>
|
||||
<Option name="pf_classify_str"></Option>
|
||||
</PolicyRuleOptions>
|
||||
</PolicyRule>
|
||||
<RuleSetOptions/>
|
||||
</Policy>
|
||||
@ -1152,7 +1194,9 @@
|
||||
<When neg="False">
|
||||
<IntervalRef ref="sysid2"/>
|
||||
</When>
|
||||
<PolicyRuleOptions/>
|
||||
<PolicyRuleOptions>
|
||||
<Option name="pf_classify_str"></Option>
|
||||
</PolicyRuleOptions>
|
||||
</PolicyRule>
|
||||
<PolicyRule id="id2595X41369" disabled="False" group="" log="False" position="1" action="Accept" direction="Both" comment="">
|
||||
<Src neg="False">
|
||||
@ -1170,7 +1214,9 @@
|
||||
<When neg="False">
|
||||
<IntervalRef ref="sysid2"/>
|
||||
</When>
|
||||
<PolicyRuleOptions/>
|
||||
<PolicyRuleOptions>
|
||||
<Option name="pf_classify_str"></Option>
|
||||
</PolicyRuleOptions>
|
||||
</PolicyRule>
|
||||
<PolicyRule id="id2607X41369" disabled="False" group="" log="False" position="2" action="Accept" direction="Both" comment="SSH Access to firewall is permitted only from internal network">
|
||||
<Src neg="False">
|
||||
@ -1188,7 +1234,9 @@
|
||||
<When neg="False">
|
||||
<IntervalRef ref="sysid2"/>
|
||||
</When>
|
||||
<PolicyRuleOptions/>
|
||||
<PolicyRuleOptions>
|
||||
<Option name="pf_classify_str"></Option>
|
||||
</PolicyRuleOptions>
|
||||
</PolicyRule>
|
||||
<PolicyRule id="id2619X41369" disabled="False" group="" log="True" position="3" action="Accept" direction="Both" comment="Firewall uses one of the machines on internal network for DNS">
|
||||
<Src neg="False">
|
||||
@ -1206,7 +1254,9 @@
|
||||
<When neg="False">
|
||||
<IntervalRef ref="sysid2"/>
|
||||
</When>
|
||||
<PolicyRuleOptions/>
|
||||
<PolicyRuleOptions>
|
||||
<Option name="pf_classify_str"></Option>
|
||||
</PolicyRuleOptions>
|
||||
</PolicyRule>
|
||||
<PolicyRule id="id2631X41369" disabled="False" group="" log="True" position="4" action="Deny" direction="Both" comment="All other attempts to connect to the firewall are denied and logged">
|
||||
<Src neg="False">
|
||||
@ -1224,7 +1274,9 @@
|
||||
<When neg="False">
|
||||
<IntervalRef ref="sysid2"/>
|
||||
</When>
|
||||
<PolicyRuleOptions/>
|
||||
<PolicyRuleOptions>
|
||||
<Option name="pf_classify_str"></Option>
|
||||
</PolicyRuleOptions>
|
||||
</PolicyRule>
|
||||
<PolicyRule id="id2643X41369" disabled="False" group="" log="False" position="5" action="Accept" direction="Both" comment="">
|
||||
<Src neg="False">
|
||||
@ -1242,7 +1294,9 @@
|
||||
<When neg="False">
|
||||
<IntervalRef ref="sysid2"/>
|
||||
</When>
|
||||
<PolicyRuleOptions/>
|
||||
<PolicyRuleOptions>
|
||||
<Option name="pf_classify_str"></Option>
|
||||
</PolicyRuleOptions>
|
||||
</PolicyRule>
|
||||
<PolicyRule id="id2655X41369" disabled="False" group="" log="True" position="6" action="Deny" direction="Both" comment="">
|
||||
<Src neg="False">
|
||||
@ -1260,7 +1314,9 @@
|
||||
<When neg="False">
|
||||
<IntervalRef ref="sysid2"/>
|
||||
</When>
|
||||
<PolicyRuleOptions/>
|
||||
<PolicyRuleOptions>
|
||||
<Option name="pf_classify_str"></Option>
|
||||
</PolicyRuleOptions>
|
||||
</PolicyRule>
|
||||
<RuleSetOptions/>
|
||||
</Policy>
|
||||
@ -1398,6 +1454,7 @@
|
||||
<Option name="limit_value_not">False</Option>
|
||||
<Option name="log_level"></Option>
|
||||
<Option name="log_prefix"></Option>
|
||||
<Option name="pf_classify_str"></Option>
|
||||
<Option name="stateless">True</Option>
|
||||
<Option name="ulog_nlgroup">1</Option>
|
||||
</PolicyRuleOptions>
|
||||
@ -1418,7 +1475,9 @@
|
||||
<When neg="False">
|
||||
<IntervalRef ref="sysid2"/>
|
||||
</When>
|
||||
<PolicyRuleOptions/>
|
||||
<PolicyRuleOptions>
|
||||
<Option name="pf_classify_str"></Option>
|
||||
</PolicyRuleOptions>
|
||||
</PolicyRule>
|
||||
<PolicyRule id="id5439X19499" disabled="False" group="" log="False" position="2" action="Accept" direction="Both" comment="SSH Access to firewall is permitted only from internal network Also firewall serves DNS for internal network">
|
||||
<Src neg="False">
|
||||
@ -1437,7 +1496,9 @@
|
||||
<When neg="False">
|
||||
<IntervalRef ref="sysid2"/>
|
||||
</When>
|
||||
<PolicyRuleOptions/>
|
||||
<PolicyRuleOptions>
|
||||
<Option name="pf_classify_str"></Option>
|
||||
</PolicyRuleOptions>
|
||||
</PolicyRule>
|
||||
<PolicyRule id="id5468X19499" disabled="False" group="" log="False" position="3" action="Accept" direction="Both" comment="DHCP requests are permitted from internal network">
|
||||
<Src neg="False">
|
||||
@ -1457,7 +1518,9 @@
|
||||
<When neg="False">
|
||||
<IntervalRef ref="sysid2"/>
|
||||
</When>
|
||||
<PolicyRuleOptions/>
|
||||
<PolicyRuleOptions>
|
||||
<Option name="pf_classify_str"></Option>
|
||||
</PolicyRuleOptions>
|
||||
</PolicyRule>
|
||||
<PolicyRule id="id5498X19499" disabled="False" group="" log="False" position="4" action="Accept" direction="Both" comment="DHCP replies">
|
||||
<Src neg="False">
|
||||
@ -1475,7 +1538,9 @@
|
||||
<When neg="False">
|
||||
<IntervalRef ref="sysid2"/>
|
||||
</When>
|
||||
<PolicyRuleOptions/>
|
||||
<PolicyRuleOptions>
|
||||
<Option name="pf_classify_str"></Option>
|
||||
</PolicyRuleOptions>
|
||||
</PolicyRule>
|
||||
<PolicyRule id="id5526X19499" disabled="False" group="" log="False" position="5" action="Accept" direction="Both" comment="Firewall should be able to send DNS queries to the Internet">
|
||||
<Src neg="False">
|
||||
@ -1493,7 +1558,9 @@
|
||||
<When neg="False">
|
||||
<IntervalRef ref="sysid2"/>
|
||||
</When>
|
||||
<PolicyRuleOptions/>
|
||||
<PolicyRuleOptions>
|
||||
<Option name="pf_classify_str"></Option>
|
||||
</PolicyRuleOptions>
|
||||
</PolicyRule>
|
||||
<PolicyRule id="id5554X19499" disabled="False" group="" log="True" position="6" action="Deny" direction="Both" comment="All other attempts to connect to the firewall are denied and logged">
|
||||
<Src neg="False">
|
||||
@ -1535,6 +1602,7 @@
|
||||
<Option name="limit_value_not">False</Option>
|
||||
<Option name="log_level"></Option>
|
||||
<Option name="log_prefix"></Option>
|
||||
<Option name="pf_classify_str"></Option>
|
||||
<Option name="stateless">True</Option>
|
||||
<Option name="ulog_nlgroup">1</Option>
|
||||
</PolicyRuleOptions>
|
||||
@ -1555,7 +1623,9 @@
|
||||
<When neg="False">
|
||||
<IntervalRef ref="sysid2"/>
|
||||
</When>
|
||||
<PolicyRuleOptions/>
|
||||
<PolicyRuleOptions>
|
||||
<Option name="pf_classify_str"></Option>
|
||||
</PolicyRuleOptions>
|
||||
</PolicyRule>
|
||||
<PolicyRule id="id5610X19499" disabled="False" group="" log="True" position="8" action="Deny" direction="Both" comment="">
|
||||
<Src neg="False">
|
||||
@ -1597,6 +1667,7 @@
|
||||
<Option name="limit_value_not">False</Option>
|
||||
<Option name="log_level"></Option>
|
||||
<Option name="log_prefix"></Option>
|
||||
<Option name="pf_classify_str"></Option>
|
||||
<Option name="stateless">True</Option>
|
||||
<Option name="ulog_nlgroup">1</Option>
|
||||
</PolicyRuleOptions>
|
||||
@ -1770,7 +1841,9 @@
|
||||
<When neg="False">
|
||||
<IntervalRef ref="sysid2"/>
|
||||
</When>
|
||||
<PolicyRuleOptions/>
|
||||
<PolicyRuleOptions>
|
||||
<Option name="pf_classify_str"></Option>
|
||||
</PolicyRuleOptions>
|
||||
</PolicyRule>
|
||||
<PolicyRule id="id5799X22322" disabled="False" group="" log="False" position="1" action="Accept" direction="Both" comment="">
|
||||
<Src neg="False">
|
||||
@ -1788,7 +1861,9 @@
|
||||
<When neg="False">
|
||||
<IntervalRef ref="sysid2"/>
|
||||
</When>
|
||||
<PolicyRuleOptions/>
|
||||
<PolicyRuleOptions>
|
||||
<Option name="pf_classify_str"></Option>
|
||||
</PolicyRuleOptions>
|
||||
</PolicyRule>
|
||||
<PolicyRule id="id5827X22322" disabled="False" group="" log="False" position="2" action="Accept" direction="Both" comment="SSH Access to firewall is permitted only from internal network">
|
||||
<Src neg="False">
|
||||
@ -1806,7 +1881,9 @@
|
||||
<When neg="False">
|
||||
<IntervalRef ref="sysid2"/>
|
||||
</When>
|
||||
<PolicyRuleOptions/>
|
||||
<PolicyRuleOptions>
|
||||
<Option name="pf_classify_str"></Option>
|
||||
</PolicyRuleOptions>
|
||||
</PolicyRule>
|
||||
<PolicyRule id="id5855X22322" disabled="False" group="" log="False" position="3" action="Accept" direction="Both" comment="Firewall uses one of the machines on internal network for DNS">
|
||||
<Src neg="False">
|
||||
@ -1824,7 +1901,9 @@
|
||||
<When neg="False">
|
||||
<IntervalRef ref="sysid2"/>
|
||||
</When>
|
||||
<PolicyRuleOptions/>
|
||||
<PolicyRuleOptions>
|
||||
<Option name="pf_classify_str"></Option>
|
||||
</PolicyRuleOptions>
|
||||
</PolicyRule>
|
||||
<PolicyRule id="id5883X22322" disabled="False" group="" log="True" position="4" action="Deny" direction="Both" comment="All other attempts to connect to the firewall are denied and logged">
|
||||
<Src neg="False">
|
||||
@ -1842,7 +1921,9 @@
|
||||
<When neg="False">
|
||||
<IntervalRef ref="sysid2"/>
|
||||
</When>
|
||||
<PolicyRuleOptions/>
|
||||
<PolicyRuleOptions>
|
||||
<Option name="pf_classify_str"></Option>
|
||||
</PolicyRuleOptions>
|
||||
</PolicyRule>
|
||||
<PolicyRule id="id5911X22322" disabled="False" group="" log="False" position="5" action="Reject" direction="Both" comment="Quickly reject attempts to connect to ident server to avoid SMTP delays">
|
||||
<Src neg="False">
|
||||
@ -1884,6 +1965,7 @@
|
||||
<Option name="limit_value_not">False</Option>
|
||||
<Option name="log_level"></Option>
|
||||
<Option name="log_prefix"></Option>
|
||||
<Option name="pf_classify_str"></Option>
|
||||
<Option name="stateless">True</Option>
|
||||
<Option name="ulog_nlgroup">1</Option>
|
||||
</PolicyRuleOptions>
|
||||
@ -1904,7 +1986,9 @@
|
||||
<When neg="False">
|
||||
<IntervalRef ref="sysid2"/>
|
||||
</When>
|
||||
<PolicyRuleOptions/>
|
||||
<PolicyRuleOptions>
|
||||
<Option name="pf_classify_str"></Option>
|
||||
</PolicyRuleOptions>
|
||||
</PolicyRule>
|
||||
<PolicyRule id="id5967X22322" disabled="False" group="" log="False" position="7" action="Accept" direction="Both" comment="this rule permits a mail relay located on DMZ to connect to internal mail server">
|
||||
<Src neg="False">
|
||||
@ -1922,7 +2006,9 @@
|
||||
<When neg="False">
|
||||
<IntervalRef ref="sysid2"/>
|
||||
</When>
|
||||
<PolicyRuleOptions/>
|
||||
<PolicyRuleOptions>
|
||||
<Option name="pf_classify_str"></Option>
|
||||
</PolicyRuleOptions>
|
||||
</PolicyRule>
|
||||
<PolicyRule id="id5995X22322" disabled="False" group="" log="False" position="8" action="Accept" direction="Both" comment="Mail relay needs DNS and can connect to mail servers on the Internet">
|
||||
<Src neg="False">
|
||||
@ -1941,7 +2027,9 @@
|
||||
<When neg="False">
|
||||
<IntervalRef ref="sysid2"/>
|
||||
</When>
|
||||
<PolicyRuleOptions/>
|
||||
<PolicyRuleOptions>
|
||||
<Option name="pf_classify_str"></Option>
|
||||
</PolicyRuleOptions>
|
||||
</PolicyRule>
|
||||
<PolicyRule id="id6024X22322" disabled="False" group="" log="True" position="9" action="Deny" direction="Both" comment="All other access from DMZ to internal net is denied">
|
||||
<Src neg="False">
|
||||
@ -1983,6 +2071,7 @@
|
||||
<Option name="limit_value_not">False</Option>
|
||||
<Option name="log_level"></Option>
|
||||
<Option name="log_prefix"></Option>
|
||||
<Option name="pf_classify_str"></Option>
|
||||
<Option name="stateless">True</Option>
|
||||
<Option name="ulog_nlgroup">1</Option>
|
||||
</PolicyRuleOptions>
|
||||
@ -2003,7 +2092,9 @@
|
||||
<When neg="False">
|
||||
<IntervalRef ref="sysid2"/>
|
||||
</When>
|
||||
<PolicyRuleOptions/>
|
||||
<PolicyRuleOptions>
|
||||
<Option name="pf_classify_str"></Option>
|
||||
</PolicyRuleOptions>
|
||||
</PolicyRule>
|
||||
<PolicyRule id="id6080X22322" disabled="False" group="" log="True" position="11" action="Deny" direction="Both" comment="">
|
||||
<Src neg="False">
|
||||
@ -2045,6 +2136,7 @@
|
||||
<Option name="limit_value_not">False</Option>
|
||||
<Option name="log_level"></Option>
|
||||
<Option name="log_prefix"></Option>
|
||||
<Option name="pf_classify_str"></Option>
|
||||
<Option name="stateless">True</Option>
|
||||
<Option name="ulog_nlgroup">1</Option>
|
||||
</PolicyRuleOptions>
|
||||
@ -2191,6 +2283,7 @@
|
||||
<Option name="limit_value_not">False</Option>
|
||||
<Option name="log_level"></Option>
|
||||
<Option name="log_prefix"></Option>
|
||||
<Option name="pf_classify_str"></Option>
|
||||
<Option name="stateless">True</Option>
|
||||
<Option name="ulog_nlgroup">1</Option>
|
||||
</PolicyRuleOptions>
|
||||
@ -2211,7 +2304,9 @@
|
||||
<When neg="False">
|
||||
<IntervalRef ref="sysid2"/>
|
||||
</When>
|
||||
<PolicyRuleOptions/>
|
||||
<PolicyRuleOptions>
|
||||
<Option name="pf_classify_str"></Option>
|
||||
</PolicyRuleOptions>
|
||||
</PolicyRule>
|
||||
<PolicyRule id="id6218X22330" disabled="False" group="" log="False" position="2" action="Accept" direction="Both" comment="SSH Access to firewall is permitted only from internal network">
|
||||
<Src neg="False">
|
||||
@ -2229,7 +2324,9 @@
|
||||
<When neg="False">
|
||||
<IntervalRef ref="sysid2"/>
|
||||
</When>
|
||||
<PolicyRuleOptions/>
|
||||
<PolicyRuleOptions>
|
||||
<Option name="pf_classify_str"></Option>
|
||||
</PolicyRuleOptions>
|
||||
</PolicyRule>
|
||||
<PolicyRule id="id6246X22330" disabled="False" group="" log="False" position="3" action="Accept" direction="Both" comment="Firewall uses one of the machines on internal network for DNS">
|
||||
<Src neg="False">
|
||||
@ -2247,7 +2344,9 @@
|
||||
<When neg="False">
|
||||
<IntervalRef ref="sysid2"/>
|
||||
</When>
|
||||
<PolicyRuleOptions/>
|
||||
<PolicyRuleOptions>
|
||||
<Option name="pf_classify_str"></Option>
|
||||
</PolicyRuleOptions>
|
||||
</PolicyRule>
|
||||
<PolicyRule id="id6274X22330" disabled="False" group="" log="True" position="4" action="Deny" direction="Both" comment="All other attempts to connect to the firewall are denied and logged">
|
||||
<Src neg="False">
|
||||
@ -2289,6 +2388,7 @@
|
||||
<Option name="limit_value_not">False</Option>
|
||||
<Option name="log_level"></Option>
|
||||
<Option name="log_prefix"></Option>
|
||||
<Option name="pf_classify_str"></Option>
|
||||
<Option name="stateless">True</Option>
|
||||
<Option name="ulog_nlgroup">1</Option>
|
||||
</PolicyRuleOptions>
|
||||
@ -2309,7 +2409,9 @@
|
||||
<When neg="False">
|
||||
<IntervalRef ref="sysid2"/>
|
||||
</When>
|
||||
<PolicyRuleOptions/>
|
||||
<PolicyRuleOptions>
|
||||
<Option name="pf_classify_str"></Option>
|
||||
</PolicyRuleOptions>
|
||||
</PolicyRule>
|
||||
<PolicyRule id="id6330X22330" disabled="False" group="" log="True" position="6" action="Deny" direction="Both" comment="">
|
||||
<Src neg="False">
|
||||
@ -2351,6 +2453,7 @@
|
||||
<Option name="limit_value_not">False</Option>
|
||||
<Option name="log_level"></Option>
|
||||
<Option name="log_prefix"></Option>
|
||||
<Option name="pf_classify_str"></Option>
|
||||
<Option name="stateless">True</Option>
|
||||
<Option name="ulog_nlgroup">1</Option>
|
||||
</PolicyRuleOptions>
|
||||
@ -2492,6 +2595,7 @@
|
||||
<Option name="limit_value_not">False</Option>
|
||||
<Option name="log_level"></Option>
|
||||
<Option name="log_prefix"></Option>
|
||||
<Option name="pf_classify_str"></Option>
|
||||
<Option name="stateless">True</Option>
|
||||
<Option name="ulog_nlgroup">1</Option>
|
||||
</PolicyRuleOptions>
|
||||
@ -2512,7 +2616,9 @@
|
||||
<When neg="False">
|
||||
<IntervalRef ref="sysid2"/>
|
||||
</When>
|
||||
<PolicyRuleOptions/>
|
||||
<PolicyRuleOptions>
|
||||
<Option name="pf_classify_str"></Option>
|
||||
</PolicyRuleOptions>
|
||||
</PolicyRule>
|
||||
<PolicyRule id="id6478X22937" disabled="False" group="" log="False" position="2" action="Accept" direction="Both" comment="SSH Access to firewall is permitted only from internal network Also firewall serves DNS for internal network">
|
||||
<Src neg="False">
|
||||
@ -2531,7 +2637,9 @@
|
||||
<When neg="False">
|
||||
<IntervalRef ref="sysid2"/>
|
||||
</When>
|
||||
<PolicyRuleOptions/>
|
||||
<PolicyRuleOptions>
|
||||
<Option name="pf_classify_str"></Option>
|
||||
</PolicyRuleOptions>
|
||||
</PolicyRule>
|
||||
<PolicyRule id="id6507X22937" disabled="False" group="" log="False" position="3" action="Accept" direction="Both" comment="DHCP requests are permitted from internal network">
|
||||
<Src neg="False">
|
||||
@ -2551,7 +2659,9 @@
|
||||
<When neg="False">
|
||||
<IntervalRef ref="sysid2"/>
|
||||
</When>
|
||||
<PolicyRuleOptions/>
|
||||
<PolicyRuleOptions>
|
||||
<Option name="pf_classify_str"></Option>
|
||||
</PolicyRuleOptions>
|
||||
</PolicyRule>
|
||||
<PolicyRule id="id6537X22937" disabled="False" group="" log="False" position="4" action="Accept" direction="Both" comment="DHCP replies">
|
||||
<Src neg="False">
|
||||
@ -2569,7 +2679,9 @@
|
||||
<When neg="False">
|
||||
<IntervalRef ref="sysid2"/>
|
||||
</When>
|
||||
<PolicyRuleOptions/>
|
||||
<PolicyRuleOptions>
|
||||
<Option name="pf_classify_str"></Option>
|
||||
</PolicyRuleOptions>
|
||||
</PolicyRule>
|
||||
<PolicyRule id="id6565X22937" disabled="False" group="" log="False" position="5" action="Accept" direction="Both" comment="Firewall should be able to send DNS queries to the Internet">
|
||||
<Src neg="False">
|
||||
@ -2587,7 +2699,9 @@
|
||||
<When neg="False">
|
||||
<IntervalRef ref="sysid2"/>
|
||||
</When>
|
||||
<PolicyRuleOptions/>
|
||||
<PolicyRuleOptions>
|
||||
<Option name="pf_classify_str"></Option>
|
||||
</PolicyRuleOptions>
|
||||
</PolicyRule>
|
||||
<PolicyRule id="id6593X22937" disabled="False" group="" log="True" position="6" action="Deny" direction="Both" comment="All other attempts to connect to the firewall are denied and logged">
|
||||
<Src neg="False">
|
||||
@ -2629,6 +2743,7 @@
|
||||
<Option name="limit_value_not">False</Option>
|
||||
<Option name="log_level"></Option>
|
||||
<Option name="log_prefix"></Option>
|
||||
<Option name="pf_classify_str"></Option>
|
||||
<Option name="stateless">True</Option>
|
||||
<Option name="ulog_nlgroup">1</Option>
|
||||
</PolicyRuleOptions>
|
||||
@ -2649,7 +2764,9 @@
|
||||
<When neg="False">
|
||||
<IntervalRef ref="sysid2"/>
|
||||
</When>
|
||||
<PolicyRuleOptions/>
|
||||
<PolicyRuleOptions>
|
||||
<Option name="pf_classify_str"></Option>
|
||||
</PolicyRuleOptions>
|
||||
</PolicyRule>
|
||||
<PolicyRule id="id6649X22937" disabled="False" group="" log="True" position="8" action="Deny" direction="Both" comment="">
|
||||
<Src neg="False">
|
||||
@ -2691,6 +2808,7 @@
|
||||
<Option name="limit_value_not">False</Option>
|
||||
<Option name="log_level"></Option>
|
||||
<Option name="log_prefix"></Option>
|
||||
<Option name="pf_classify_str"></Option>
|
||||
<Option name="stateless">True</Option>
|
||||
<Option name="ulog_nlgroup">1</Option>
|
||||
</PolicyRuleOptions>
|
||||
|
||||
@ -1,6 +1,6 @@
|
||||
<?xml version="1.0" encoding="utf-8"?>
|
||||
<!DOCTYPE FWObjectDatabase SYSTEM "fwbuilder.dtd">
|
||||
<FWObjectDatabase xmlns="http://www.fwbuilder.org/1.0/" version="18" lastModified="1263678434" id="root">
|
||||
<FWObjectDatabase xmlns="http://www.fwbuilder.org/1.0/" version="20" lastModified="1263678434" id="root">
|
||||
<Library id="syslib000" color="#d4f8ff" name="Standard" comment="Standard objects" ro="True">
|
||||
<AnyNetwork id="sysid0" name="Any" comment="Any Network" ro="False" address="0.0.0.0" netmask="0.0.0.0"/>
|
||||
<AnyIPService id="sysid1" protocol_num="0" name="Any" comment="Any IP Service" ro="False"/>
|
||||
@ -484,7 +484,9 @@
|
||||
<When neg="False">
|
||||
<IntervalRef ref="sysid2"/>
|
||||
</When>
|
||||
<PolicyRuleOptions/>
|
||||
<PolicyRuleOptions>
|
||||
<Option name="pf_classify_str"></Option>
|
||||
</PolicyRuleOptions>
|
||||
</PolicyRule>
|
||||
<PolicyRule id="id16632X3268" disabled="False" group="" log="False" position="1" action="Accept" direction="Both" comment="">
|
||||
<Src neg="False">
|
||||
@ -502,7 +504,9 @@
|
||||
<When neg="False">
|
||||
<IntervalRef ref="sysid2"/>
|
||||
</When>
|
||||
<PolicyRuleOptions/>
|
||||
<PolicyRuleOptions>
|
||||
<Option name="pf_classify_str"></Option>
|
||||
</PolicyRuleOptions>
|
||||
</PolicyRule>
|
||||
<PolicyRule id="id16660X3268" disabled="False" group="" log="False" position="2" action="Accept" direction="Both" comment="SSH Access to firewall is permitted only from internal network">
|
||||
<Src neg="False">
|
||||
@ -520,7 +524,9 @@
|
||||
<When neg="False">
|
||||
<IntervalRef ref="sysid2"/>
|
||||
</When>
|
||||
<PolicyRuleOptions/>
|
||||
<PolicyRuleOptions>
|
||||
<Option name="pf_classify_str"></Option>
|
||||
</PolicyRuleOptions>
|
||||
</PolicyRule>
|
||||
<PolicyRule id="id16688X3268" disabled="False" group="" log="True" position="3" action="Accept" direction="Both" comment="Firewall uses one of the machines on internal network for DNS">
|
||||
<Src neg="False">
|
||||
@ -538,7 +544,9 @@
|
||||
<When neg="False">
|
||||
<IntervalRef ref="sysid2"/>
|
||||
</When>
|
||||
<PolicyRuleOptions/>
|
||||
<PolicyRuleOptions>
|
||||
<Option name="pf_classify_str"></Option>
|
||||
</PolicyRuleOptions>
|
||||
</PolicyRule>
|
||||
<PolicyRule id="id16716X3268" disabled="False" group="" log="True" position="4" action="Deny" direction="Both" comment="All other attempts to connect to the firewall are denied and logged">
|
||||
<Src neg="False">
|
||||
@ -556,7 +564,9 @@
|
||||
<When neg="False">
|
||||
<IntervalRef ref="sysid2"/>
|
||||
</When>
|
||||
<PolicyRuleOptions/>
|
||||
<PolicyRuleOptions>
|
||||
<Option name="pf_classify_str"></Option>
|
||||
</PolicyRuleOptions>
|
||||
</PolicyRule>
|
||||
<PolicyRule id="id16744X3268" disabled="False" group="" log="False" position="5" action="Accept" direction="Both" comment="">
|
||||
<Src neg="False">
|
||||
@ -574,7 +584,9 @@
|
||||
<When neg="False">
|
||||
<IntervalRef ref="sysid2"/>
|
||||
</When>
|
||||
<PolicyRuleOptions/>
|
||||
<PolicyRuleOptions>
|
||||
<Option name="pf_classify_str"></Option>
|
||||
</PolicyRuleOptions>
|
||||
</PolicyRule>
|
||||
<PolicyRule id="id16772X3268" disabled="False" group="" log="True" position="6" action="Deny" direction="Both" comment="">
|
||||
<Src neg="False">
|
||||
@ -592,7 +604,9 @@
|
||||
<When neg="False">
|
||||
<IntervalRef ref="sysid2"/>
|
||||
</When>
|
||||
<PolicyRuleOptions/>
|
||||
<PolicyRuleOptions>
|
||||
<Option name="pf_classify_str"></Option>
|
||||
</PolicyRuleOptions>
|
||||
</PolicyRule>
|
||||
<RuleSetOptions/>
|
||||
</Policy>
|
||||
@ -706,7 +720,9 @@
|
||||
<When neg="False">
|
||||
<IntervalRef ref="sysid2"/>
|
||||
</When>
|
||||
<PolicyRuleOptions/>
|
||||
<PolicyRuleOptions>
|
||||
<Option name="pf_classify_str"></Option>
|
||||
</PolicyRuleOptions>
|
||||
</PolicyRule>
|
||||
<PolicyRule id="id2233X35122" disabled="False" group="" log="False" position="1" action="Accept" direction="Both" comment="">
|
||||
<Src neg="False">
|
||||
@ -724,7 +740,9 @@
|
||||
<When neg="False">
|
||||
<IntervalRef ref="sysid2"/>
|
||||
</When>
|
||||
<PolicyRuleOptions/>
|
||||
<PolicyRuleOptions>
|
||||
<Option name="pf_classify_str"></Option>
|
||||
</PolicyRuleOptions>
|
||||
</PolicyRule>
|
||||
<PolicyRule id="id2245X35122" disabled="False" group="" log="False" position="2" action="Accept" direction="Both" comment="SSH Access to firewall is permitted only from internal network">
|
||||
<Src neg="False">
|
||||
@ -742,7 +760,9 @@
|
||||
<When neg="False">
|
||||
<IntervalRef ref="sysid2"/>
|
||||
</When>
|
||||
<PolicyRuleOptions/>
|
||||
<PolicyRuleOptions>
|
||||
<Option name="pf_classify_str"></Option>
|
||||
</PolicyRuleOptions>
|
||||
</PolicyRule>
|
||||
<PolicyRule id="id2257X35122" disabled="False" group="" log="True" position="3" action="Accept" direction="Both" comment="Firewall uses one of the machines on internal network for DNS">
|
||||
<Src neg="False">
|
||||
@ -760,7 +780,9 @@
|
||||
<When neg="False">
|
||||
<IntervalRef ref="sysid2"/>
|
||||
</When>
|
||||
<PolicyRuleOptions/>
|
||||
<PolicyRuleOptions>
|
||||
<Option name="pf_classify_str"></Option>
|
||||
</PolicyRuleOptions>
|
||||
</PolicyRule>
|
||||
<PolicyRule id="id2269X35122" disabled="False" group="" log="True" position="4" action="Deny" direction="Both" comment="All other attempts to connect to the firewall are denied and logged">
|
||||
<Src neg="False">
|
||||
@ -778,7 +800,9 @@
|
||||
<When neg="False">
|
||||
<IntervalRef ref="sysid2"/>
|
||||
</When>
|
||||
<PolicyRuleOptions/>
|
||||
<PolicyRuleOptions>
|
||||
<Option name="pf_classify_str"></Option>
|
||||
</PolicyRuleOptions>
|
||||
</PolicyRule>
|
||||
<PolicyRule id="id2281X35122" disabled="False" group="" log="False" position="5" action="Accept" direction="Both" comment="">
|
||||
<Src neg="False">
|
||||
@ -796,7 +820,9 @@
|
||||
<When neg="False">
|
||||
<IntervalRef ref="sysid2"/>
|
||||
</When>
|
||||
<PolicyRuleOptions/>
|
||||
<PolicyRuleOptions>
|
||||
<Option name="pf_classify_str"></Option>
|
||||
</PolicyRuleOptions>
|
||||
</PolicyRule>
|
||||
<PolicyRule id="id2293X35122" disabled="False" group="" log="True" position="6" action="Deny" direction="Both" comment="">
|
||||
<Src neg="False">
|
||||
@ -814,7 +840,9 @@
|
||||
<When neg="False">
|
||||
<IntervalRef ref="sysid2"/>
|
||||
</When>
|
||||
<PolicyRuleOptions/>
|
||||
<PolicyRuleOptions>
|
||||
<Option name="pf_classify_str"></Option>
|
||||
</PolicyRuleOptions>
|
||||
</PolicyRule>
|
||||
<RuleSetOptions/>
|
||||
</Policy>
|
||||
@ -928,7 +956,9 @@
|
||||
<When neg="False">
|
||||
<IntervalRef ref="sysid2"/>
|
||||
</When>
|
||||
<PolicyRuleOptions/>
|
||||
<PolicyRuleOptions>
|
||||
<Option name="pf_classify_str"></Option>
|
||||
</PolicyRuleOptions>
|
||||
</PolicyRule>
|
||||
<PolicyRule id="id2462X41369" disabled="False" group="" log="False" position="1" action="Accept" direction="Both" comment="">
|
||||
<Src neg="False">
|
||||
@ -946,7 +976,9 @@
|
||||
<When neg="False">
|
||||
<IntervalRef ref="sysid2"/>
|
||||
</When>
|
||||
<PolicyRuleOptions/>
|
||||
<PolicyRuleOptions>
|
||||
<Option name="pf_classify_str"></Option>
|
||||
</PolicyRuleOptions>
|
||||
</PolicyRule>
|
||||
<PolicyRule id="id2474X41369" disabled="False" group="" log="False" position="2" action="Accept" direction="Both" comment="SSH Access to firewall is permitted only from internal network">
|
||||
<Src neg="False">
|
||||
@ -964,7 +996,9 @@
|
||||
<When neg="False">
|
||||
<IntervalRef ref="sysid2"/>
|
||||
</When>
|
||||
<PolicyRuleOptions/>
|
||||
<PolicyRuleOptions>
|
||||
<Option name="pf_classify_str"></Option>
|
||||
</PolicyRuleOptions>
|
||||
</PolicyRule>
|
||||
<PolicyRule id="id2486X41369" disabled="False" group="" log="True" position="3" action="Accept" direction="Both" comment="Firewall uses one of the machines on internal network for DNS">
|
||||
<Src neg="False">
|
||||
@ -982,7 +1016,9 @@
|
||||
<When neg="False">
|
||||
<IntervalRef ref="sysid2"/>
|
||||
</When>
|
||||
<PolicyRuleOptions/>
|
||||
<PolicyRuleOptions>
|
||||
<Option name="pf_classify_str"></Option>
|
||||
</PolicyRuleOptions>
|
||||
</PolicyRule>
|
||||
<PolicyRule id="id2498X41369" disabled="False" group="" log="True" position="4" action="Deny" direction="Both" comment="All other attempts to connect to the firewall are denied and logged">
|
||||
<Src neg="False">
|
||||
@ -1000,7 +1036,9 @@
|
||||
<When neg="False">
|
||||
<IntervalRef ref="sysid2"/>
|
||||
</When>
|
||||
<PolicyRuleOptions/>
|
||||
<PolicyRuleOptions>
|
||||
<Option name="pf_classify_str"></Option>
|
||||
</PolicyRuleOptions>
|
||||
</PolicyRule>
|
||||
<PolicyRule id="id2510X41369" disabled="False" group="" log="False" position="5" action="Accept" direction="Both" comment="">
|
||||
<Src neg="False">
|
||||
@ -1018,7 +1056,9 @@
|
||||
<When neg="False">
|
||||
<IntervalRef ref="sysid2"/>
|
||||
</When>
|
||||
<PolicyRuleOptions/>
|
||||
<PolicyRuleOptions>
|
||||
<Option name="pf_classify_str"></Option>
|
||||
</PolicyRuleOptions>
|
||||
</PolicyRule>
|
||||
<PolicyRule id="id2522X41369" disabled="False" group="" log="True" position="6" action="Deny" direction="Both" comment="">
|
||||
<Src neg="False">
|
||||
@ -1036,7 +1076,9 @@
|
||||
<When neg="False">
|
||||
<IntervalRef ref="sysid2"/>
|
||||
</When>
|
||||
<PolicyRuleOptions/>
|
||||
<PolicyRuleOptions>
|
||||
<Option name="pf_classify_str"></Option>
|
||||
</PolicyRuleOptions>
|
||||
</PolicyRule>
|
||||
<RuleSetOptions/>
|
||||
</Policy>
|
||||
@ -1150,7 +1192,9 @@
|
||||
<When neg="False">
|
||||
<IntervalRef ref="sysid2"/>
|
||||
</When>
|
||||
<PolicyRuleOptions/>
|
||||
<PolicyRuleOptions>
|
||||
<Option name="pf_classify_str"></Option>
|
||||
</PolicyRuleOptions>
|
||||
</PolicyRule>
|
||||
<PolicyRule id="id2595X41369" disabled="False" group="" log="False" position="1" action="Accept" direction="Both" comment="">
|
||||
<Src neg="False">
|
||||
@ -1168,7 +1212,9 @@
|
||||
<When neg="False">
|
||||
<IntervalRef ref="sysid2"/>
|
||||
</When>
|
||||
<PolicyRuleOptions/>
|
||||
<PolicyRuleOptions>
|
||||
<Option name="pf_classify_str"></Option>
|
||||
</PolicyRuleOptions>
|
||||
</PolicyRule>
|
||||
<PolicyRule id="id2607X41369" disabled="False" group="" log="False" position="2" action="Accept" direction="Both" comment="SSH Access to firewall is permitted only from internal network">
|
||||
<Src neg="False">
|
||||
@ -1186,7 +1232,9 @@
|
||||
<When neg="False">
|
||||
<IntervalRef ref="sysid2"/>
|
||||
</When>
|
||||
<PolicyRuleOptions/>
|
||||
<PolicyRuleOptions>
|
||||
<Option name="pf_classify_str"></Option>
|
||||
</PolicyRuleOptions>
|
||||
</PolicyRule>
|
||||
<PolicyRule id="id2619X41369" disabled="False" group="" log="True" position="3" action="Accept" direction="Both" comment="Firewall uses one of the machines on internal network for DNS">
|
||||
<Src neg="False">
|
||||
@ -1204,7 +1252,9 @@
|
||||
<When neg="False">
|
||||
<IntervalRef ref="sysid2"/>
|
||||
</When>
|
||||
<PolicyRuleOptions/>
|
||||
<PolicyRuleOptions>
|
||||
<Option name="pf_classify_str"></Option>
|
||||
</PolicyRuleOptions>
|
||||
</PolicyRule>
|
||||
<PolicyRule id="id2631X41369" disabled="False" group="" log="True" position="4" action="Deny" direction="Both" comment="All other attempts to connect to the firewall are denied and logged">
|
||||
<Src neg="False">
|
||||
@ -1222,7 +1272,9 @@
|
||||
<When neg="False">
|
||||
<IntervalRef ref="sysid2"/>
|
||||
</When>
|
||||
<PolicyRuleOptions/>
|
||||
<PolicyRuleOptions>
|
||||
<Option name="pf_classify_str"></Option>
|
||||
</PolicyRuleOptions>
|
||||
</PolicyRule>
|
||||
<PolicyRule id="id2643X41369" disabled="False" group="" log="False" position="5" action="Accept" direction="Both" comment="">
|
||||
<Src neg="False">
|
||||
@ -1240,7 +1292,9 @@
|
||||
<When neg="False">
|
||||
<IntervalRef ref="sysid2"/>
|
||||
</When>
|
||||
<PolicyRuleOptions/>
|
||||
<PolicyRuleOptions>
|
||||
<Option name="pf_classify_str"></Option>
|
||||
</PolicyRuleOptions>
|
||||
</PolicyRule>
|
||||
<PolicyRule id="id2655X41369" disabled="False" group="" log="True" position="6" action="Deny" direction="Both" comment="">
|
||||
<Src neg="False">
|
||||
@ -1258,7 +1312,9 @@
|
||||
<When neg="False">
|
||||
<IntervalRef ref="sysid2"/>
|
||||
</When>
|
||||
<PolicyRuleOptions/>
|
||||
<PolicyRuleOptions>
|
||||
<Option name="pf_classify_str"></Option>
|
||||
</PolicyRuleOptions>
|
||||
</PolicyRule>
|
||||
<RuleSetOptions/>
|
||||
</Policy>
|
||||
|
||||
@ -1,6 +1,6 @@
|
||||
<?xml version="1.0" encoding="utf-8"?>
|
||||
<!DOCTYPE FWObjectDatabase SYSTEM "fwbuilder.dtd">
|
||||
<FWObjectDatabase xmlns="http://www.fwbuilder.org/1.0/" version="18" lastModified="1263678434" id="root">
|
||||
<FWObjectDatabase xmlns="http://www.fwbuilder.org/1.0/" version="20" lastModified="1263678434" id="root">
|
||||
<Library id="syslib000" color="#d4f8ff" name="Standard" comment="Standard objects" ro="True">
|
||||
<AnyNetwork id="sysid0" name="Any" comment="Any Network" ro="False" address="0.0.0.0" netmask="0.0.0.0"/>
|
||||
<AnyIPService id="sysid1" protocol_num="0" name="Any" comment="Any IP Service" ro="False"/>
|
||||
@ -484,7 +484,9 @@
|
||||
<When neg="False">
|
||||
<IntervalRef ref="sysid2"/>
|
||||
</When>
|
||||
<PolicyRuleOptions/>
|
||||
<PolicyRuleOptions>
|
||||
<Option name="pf_classify_str"></Option>
|
||||
</PolicyRuleOptions>
|
||||
</PolicyRule>
|
||||
<PolicyRule id="id16632X3268" disabled="False" group="" log="False" position="1" action="Accept" direction="Both" comment="">
|
||||
<Src neg="False">
|
||||
@ -502,7 +504,9 @@
|
||||
<When neg="False">
|
||||
<IntervalRef ref="sysid2"/>
|
||||
</When>
|
||||
<PolicyRuleOptions/>
|
||||
<PolicyRuleOptions>
|
||||
<Option name="pf_classify_str"></Option>
|
||||
</PolicyRuleOptions>
|
||||
</PolicyRule>
|
||||
<PolicyRule id="id16660X3268" disabled="False" group="" log="False" position="2" action="Accept" direction="Both" comment="SSH Access to firewall is permitted only from internal network">
|
||||
<Src neg="False">
|
||||
@ -520,7 +524,9 @@
|
||||
<When neg="False">
|
||||
<IntervalRef ref="sysid2"/>
|
||||
</When>
|
||||
<PolicyRuleOptions/>
|
||||
<PolicyRuleOptions>
|
||||
<Option name="pf_classify_str"></Option>
|
||||
</PolicyRuleOptions>
|
||||
</PolicyRule>
|
||||
<PolicyRule id="id16688X3268" disabled="False" group="" log="True" position="3" action="Accept" direction="Both" comment="Firewall uses one of the machines on internal network for DNS">
|
||||
<Src neg="False">
|
||||
@ -538,7 +544,9 @@
|
||||
<When neg="False">
|
||||
<IntervalRef ref="sysid2"/>
|
||||
</When>
|
||||
<PolicyRuleOptions/>
|
||||
<PolicyRuleOptions>
|
||||
<Option name="pf_classify_str"></Option>
|
||||
</PolicyRuleOptions>
|
||||
</PolicyRule>
|
||||
<PolicyRule id="id16716X3268" disabled="False" group="" log="True" position="4" action="Deny" direction="Both" comment="All other attempts to connect to the firewall are denied and logged">
|
||||
<Src neg="False">
|
||||
@ -556,7 +564,9 @@
|
||||
<When neg="False">
|
||||
<IntervalRef ref="sysid2"/>
|
||||
</When>
|
||||
<PolicyRuleOptions/>
|
||||
<PolicyRuleOptions>
|
||||
<Option name="pf_classify_str"></Option>
|
||||
</PolicyRuleOptions>
|
||||
</PolicyRule>
|
||||
<PolicyRule id="id16744X3268" disabled="False" group="" log="False" position="5" action="Accept" direction="Both" comment="">
|
||||
<Src neg="False">
|
||||
@ -574,7 +584,9 @@
|
||||
<When neg="False">
|
||||
<IntervalRef ref="sysid2"/>
|
||||
</When>
|
||||
<PolicyRuleOptions/>
|
||||
<PolicyRuleOptions>
|
||||
<Option name="pf_classify_str"></Option>
|
||||
</PolicyRuleOptions>
|
||||
</PolicyRule>
|
||||
<PolicyRule id="id16772X3268" disabled="False" group="" log="True" position="6" action="Deny" direction="Both" comment="">
|
||||
<Src neg="False">
|
||||
@ -592,7 +604,9 @@
|
||||
<When neg="False">
|
||||
<IntervalRef ref="sysid2"/>
|
||||
</When>
|
||||
<PolicyRuleOptions/>
|
||||
<PolicyRuleOptions>
|
||||
<Option name="pf_classify_str"></Option>
|
||||
</PolicyRuleOptions>
|
||||
</PolicyRule>
|
||||
<RuleSetOptions/>
|
||||
</Policy>
|
||||
@ -706,7 +720,9 @@
|
||||
<When neg="False">
|
||||
<IntervalRef ref="sysid2"/>
|
||||
</When>
|
||||
<PolicyRuleOptions/>
|
||||
<PolicyRuleOptions>
|
||||
<Option name="pf_classify_str"></Option>
|
||||
</PolicyRuleOptions>
|
||||
</PolicyRule>
|
||||
<PolicyRule id="id2233X35122" disabled="False" group="" log="False" position="1" action="Accept" direction="Both" comment="">
|
||||
<Src neg="False">
|
||||
@ -724,7 +740,9 @@
|
||||
<When neg="False">
|
||||
<IntervalRef ref="sysid2"/>
|
||||
</When>
|
||||
<PolicyRuleOptions/>
|
||||
<PolicyRuleOptions>
|
||||
<Option name="pf_classify_str"></Option>
|
||||
</PolicyRuleOptions>
|
||||
</PolicyRule>
|
||||
<PolicyRule id="id2245X35122" disabled="False" group="" log="False" position="2" action="Accept" direction="Both" comment="SSH Access to firewall is permitted only from internal network">
|
||||
<Src neg="False">
|
||||
@ -742,7 +760,9 @@
|
||||
<When neg="False">
|
||||
<IntervalRef ref="sysid2"/>
|
||||
</When>
|
||||
<PolicyRuleOptions/>
|
||||
<PolicyRuleOptions>
|
||||
<Option name="pf_classify_str"></Option>
|
||||
</PolicyRuleOptions>
|
||||
</PolicyRule>
|
||||
<PolicyRule id="id2257X35122" disabled="False" group="" log="True" position="3" action="Accept" direction="Both" comment="Firewall uses one of the machines on internal network for DNS">
|
||||
<Src neg="False">
|
||||
@ -760,7 +780,9 @@
|
||||
<When neg="False">
|
||||
<IntervalRef ref="sysid2"/>
|
||||
</When>
|
||||
<PolicyRuleOptions/>
|
||||
<PolicyRuleOptions>
|
||||
<Option name="pf_classify_str"></Option>
|
||||
</PolicyRuleOptions>
|
||||
</PolicyRule>
|
||||
<PolicyRule id="id2269X35122" disabled="False" group="" log="True" position="4" action="Deny" direction="Both" comment="All other attempts to connect to the firewall are denied and logged">
|
||||
<Src neg="False">
|
||||
@ -778,7 +800,9 @@
|
||||
<When neg="False">
|
||||
<IntervalRef ref="sysid2"/>
|
||||
</When>
|
||||
<PolicyRuleOptions/>
|
||||
<PolicyRuleOptions>
|
||||
<Option name="pf_classify_str"></Option>
|
||||
</PolicyRuleOptions>
|
||||
</PolicyRule>
|
||||
<PolicyRule id="id2281X35122" disabled="False" group="" log="False" position="5" action="Accept" direction="Both" comment="">
|
||||
<Src neg="False">
|
||||
@ -796,7 +820,9 @@
|
||||
<When neg="False">
|
||||
<IntervalRef ref="sysid2"/>
|
||||
</When>
|
||||
<PolicyRuleOptions/>
|
||||
<PolicyRuleOptions>
|
||||
<Option name="pf_classify_str"></Option>
|
||||
</PolicyRuleOptions>
|
||||
</PolicyRule>
|
||||
<PolicyRule id="id2293X35122" disabled="False" group="" log="True" position="6" action="Deny" direction="Both" comment="">
|
||||
<Src neg="False">
|
||||
@ -814,7 +840,9 @@
|
||||
<When neg="False">
|
||||
<IntervalRef ref="sysid2"/>
|
||||
</When>
|
||||
<PolicyRuleOptions/>
|
||||
<PolicyRuleOptions>
|
||||
<Option name="pf_classify_str"></Option>
|
||||
</PolicyRuleOptions>
|
||||
</PolicyRule>
|
||||
<RuleSetOptions/>
|
||||
</Policy>
|
||||
@ -928,7 +956,9 @@
|
||||
<When neg="False">
|
||||
<IntervalRef ref="sysid2"/>
|
||||
</When>
|
||||
<PolicyRuleOptions/>
|
||||
<PolicyRuleOptions>
|
||||
<Option name="pf_classify_str"></Option>
|
||||
</PolicyRuleOptions>
|
||||
</PolicyRule>
|
||||
<PolicyRule id="id2462X41369" disabled="False" group="" log="False" position="1" action="Accept" direction="Both" comment="">
|
||||
<Src neg="False">
|
||||
@ -946,7 +976,9 @@
|
||||
<When neg="False">
|
||||
<IntervalRef ref="sysid2"/>
|
||||
</When>
|
||||
<PolicyRuleOptions/>
|
||||
<PolicyRuleOptions>
|
||||
<Option name="pf_classify_str"></Option>
|
||||
</PolicyRuleOptions>
|
||||
</PolicyRule>
|
||||
<PolicyRule id="id2474X41369" disabled="False" group="" log="False" position="2" action="Accept" direction="Both" comment="SSH Access to firewall is permitted only from internal network">
|
||||
<Src neg="False">
|
||||
@ -964,7 +996,9 @@
|
||||
<When neg="False">
|
||||
<IntervalRef ref="sysid2"/>
|
||||
</When>
|
||||
<PolicyRuleOptions/>
|
||||
<PolicyRuleOptions>
|
||||
<Option name="pf_classify_str"></Option>
|
||||
</PolicyRuleOptions>
|
||||
</PolicyRule>
|
||||
<PolicyRule id="id2486X41369" disabled="False" group="" log="True" position="3" action="Accept" direction="Both" comment="Firewall uses one of the machines on internal network for DNS">
|
||||
<Src neg="False">
|
||||
@ -982,7 +1016,9 @@
|
||||
<When neg="False">
|
||||
<IntervalRef ref="sysid2"/>
|
||||
</When>
|
||||
<PolicyRuleOptions/>
|
||||
<PolicyRuleOptions>
|
||||
<Option name="pf_classify_str"></Option>
|
||||
</PolicyRuleOptions>
|
||||
</PolicyRule>
|
||||
<PolicyRule id="id2498X41369" disabled="False" group="" log="True" position="4" action="Deny" direction="Both" comment="All other attempts to connect to the firewall are denied and logged">
|
||||
<Src neg="False">
|
||||
@ -1000,7 +1036,9 @@
|
||||
<When neg="False">
|
||||
<IntervalRef ref="sysid2"/>
|
||||
</When>
|
||||
<PolicyRuleOptions/>
|
||||
<PolicyRuleOptions>
|
||||
<Option name="pf_classify_str"></Option>
|
||||
</PolicyRuleOptions>
|
||||
</PolicyRule>
|
||||
<PolicyRule id="id2510X41369" disabled="False" group="" log="False" position="5" action="Accept" direction="Both" comment="">
|
||||
<Src neg="False">
|
||||
@ -1018,7 +1056,9 @@
|
||||
<When neg="False">
|
||||
<IntervalRef ref="sysid2"/>
|
||||
</When>
|
||||
<PolicyRuleOptions/>
|
||||
<PolicyRuleOptions>
|
||||
<Option name="pf_classify_str"></Option>
|
||||
</PolicyRuleOptions>
|
||||
</PolicyRule>
|
||||
<PolicyRule id="id2522X41369" disabled="False" group="" log="True" position="6" action="Deny" direction="Both" comment="">
|
||||
<Src neg="False">
|
||||
@ -1036,7 +1076,9 @@
|
||||
<When neg="False">
|
||||
<IntervalRef ref="sysid2"/>
|
||||
</When>
|
||||
<PolicyRuleOptions/>
|
||||
<PolicyRuleOptions>
|
||||
<Option name="pf_classify_str"></Option>
|
||||
</PolicyRuleOptions>
|
||||
</PolicyRule>
|
||||
<RuleSetOptions/>
|
||||
</Policy>
|
||||
@ -1150,7 +1192,9 @@
|
||||
<When neg="False">
|
||||
<IntervalRef ref="sysid2"/>
|
||||
</When>
|
||||
<PolicyRuleOptions/>
|
||||
<PolicyRuleOptions>
|
||||
<Option name="pf_classify_str"></Option>
|
||||
</PolicyRuleOptions>
|
||||
</PolicyRule>
|
||||
<PolicyRule id="id2595X41369" disabled="False" group="" log="False" position="1" action="Accept" direction="Both" comment="">
|
||||
<Src neg="False">
|
||||
@ -1168,7 +1212,9 @@
|
||||
<When neg="False">
|
||||
<IntervalRef ref="sysid2"/>
|
||||
</When>
|
||||
<PolicyRuleOptions/>
|
||||
<PolicyRuleOptions>
|
||||
<Option name="pf_classify_str"></Option>
|
||||
</PolicyRuleOptions>
|
||||
</PolicyRule>
|
||||
<PolicyRule id="id2607X41369" disabled="False" group="" log="False" position="2" action="Accept" direction="Both" comment="SSH Access to firewall is permitted only from internal network">
|
||||
<Src neg="False">
|
||||
@ -1186,7 +1232,9 @@
|
||||
<When neg="False">
|
||||
<IntervalRef ref="sysid2"/>
|
||||
</When>
|
||||
<PolicyRuleOptions/>
|
||||
<PolicyRuleOptions>
|
||||
<Option name="pf_classify_str"></Option>
|
||||
</PolicyRuleOptions>
|
||||
</PolicyRule>
|
||||
<PolicyRule id="id2619X41369" disabled="False" group="" log="True" position="3" action="Accept" direction="Both" comment="Firewall uses one of the machines on internal network for DNS">
|
||||
<Src neg="False">
|
||||
@ -1204,7 +1252,9 @@
|
||||
<When neg="False">
|
||||
<IntervalRef ref="sysid2"/>
|
||||
</When>
|
||||
<PolicyRuleOptions/>
|
||||
<PolicyRuleOptions>
|
||||
<Option name="pf_classify_str"></Option>
|
||||
</PolicyRuleOptions>
|
||||
</PolicyRule>
|
||||
<PolicyRule id="id2631X41369" disabled="False" group="" log="True" position="4" action="Deny" direction="Both" comment="All other attempts to connect to the firewall are denied and logged">
|
||||
<Src neg="False">
|
||||
@ -1222,7 +1272,9 @@
|
||||
<When neg="False">
|
||||
<IntervalRef ref="sysid2"/>
|
||||
</When>
|
||||
<PolicyRuleOptions/>
|
||||
<PolicyRuleOptions>
|
||||
<Option name="pf_classify_str"></Option>
|
||||
</PolicyRuleOptions>
|
||||
</PolicyRule>
|
||||
<PolicyRule id="id2643X41369" disabled="False" group="" log="False" position="5" action="Accept" direction="Both" comment="">
|
||||
<Src neg="False">
|
||||
@ -1240,7 +1292,9 @@
|
||||
<When neg="False">
|
||||
<IntervalRef ref="sysid2"/>
|
||||
</When>
|
||||
<PolicyRuleOptions/>
|
||||
<PolicyRuleOptions>
|
||||
<Option name="pf_classify_str"></Option>
|
||||
</PolicyRuleOptions>
|
||||
</PolicyRule>
|
||||
<PolicyRule id="id2655X41369" disabled="False" group="" log="True" position="6" action="Deny" direction="Both" comment="">
|
||||
<Src neg="False">
|
||||
@ -1258,7 +1312,9 @@
|
||||
<When neg="False">
|
||||
<IntervalRef ref="sysid2"/>
|
||||
</When>
|
||||
<PolicyRuleOptions/>
|
||||
<PolicyRuleOptions>
|
||||
<Option name="pf_classify_str"></Option>
|
||||
</PolicyRuleOptions>
|
||||
</PolicyRule>
|
||||
<RuleSetOptions/>
|
||||
</Policy>
|
||||
|
||||
@ -1,6 +1,6 @@
|
||||
<?xml version="1.0" encoding="utf-8"?>
|
||||
<!DOCTYPE FWObjectDatabase SYSTEM "fwbuilder.dtd">
|
||||
<FWObjectDatabase xmlns="http://www.fwbuilder.org/1.0/" version="18" lastModified="1261881957" id="root">
|
||||
<FWObjectDatabase xmlns="http://www.fwbuilder.org/1.0/" version="20" lastModified="1261881957" id="root">
|
||||
<Library id="sysid99" name="Deleted Objects" comment="" ro="False"/>
|
||||
<Library id="id6821X7237" color="#FFFFFF" name="new_cluster_test" comment="" ro="False">
|
||||
<ObjectGroup id="id6822X7237" name="Objects" comment="" ro="False">
|
||||
@ -69,6 +69,7 @@
|
||||
<Option name="limit_value">0</Option>
|
||||
<Option name="log_level"></Option>
|
||||
<Option name="log_prefix"></Option>
|
||||
<Option name="pf_classify_str"></Option>
|
||||
<Option name="stateless">True</Option>
|
||||
<Option name="ulog_nlgroup">1</Option>
|
||||
</PolicyRuleOptions>
|
||||
@ -260,7 +261,9 @@
|
||||
<When neg="False">
|
||||
<IntervalRef ref="sysid2"/>
|
||||
</When>
|
||||
<PolicyRuleOptions/>
|
||||
<PolicyRuleOptions>
|
||||
<Option name="pf_classify_str"></Option>
|
||||
</PolicyRuleOptions>
|
||||
</PolicyRule>
|
||||
<PolicyRule id="id6937X7237" disabled="False" group="" log="False" position="1" action="Accept" direction="Both" comment="">
|
||||
<Src neg="False">
|
||||
@ -278,7 +281,9 @@
|
||||
<When neg="False">
|
||||
<IntervalRef ref="sysid2"/>
|
||||
</When>
|
||||
<PolicyRuleOptions/>
|
||||
<PolicyRuleOptions>
|
||||
<Option name="pf_classify_str"></Option>
|
||||
</PolicyRuleOptions>
|
||||
</PolicyRule>
|
||||
<PolicyRule id="id6949X7237" disabled="False" group="" log="False" position="2" action="Accept" direction="Both" comment="SSH Access to firewall is permitted only from internal network Also firewall serves DNS for internal network">
|
||||
<Src neg="False">
|
||||
@ -297,7 +302,9 @@
|
||||
<When neg="False">
|
||||
<IntervalRef ref="sysid2"/>
|
||||
</When>
|
||||
<PolicyRuleOptions/>
|
||||
<PolicyRuleOptions>
|
||||
<Option name="pf_classify_str"></Option>
|
||||
</PolicyRuleOptions>
|
||||
</PolicyRule>
|
||||
<PolicyRule id="id6989X7237" disabled="False" group="" log="False" position="3" action="Accept" direction="Both" comment="DHCP replies">
|
||||
<Src neg="False">
|
||||
@ -315,7 +322,9 @@
|
||||
<When neg="False">
|
||||
<IntervalRef ref="sysid2"/>
|
||||
</When>
|
||||
<PolicyRuleOptions/>
|
||||
<PolicyRuleOptions>
|
||||
<Option name="pf_classify_str"></Option>
|
||||
</PolicyRuleOptions>
|
||||
</PolicyRule>
|
||||
<PolicyRule id="id7001X7237" disabled="False" group="" log="True" position="4" action="Accept" direction="Both" comment="Firewall should be able to send DNS queries to the Internet">
|
||||
<Src neg="False">
|
||||
@ -333,7 +342,9 @@
|
||||
<When neg="False">
|
||||
<IntervalRef ref="sysid2"/>
|
||||
</When>
|
||||
<PolicyRuleOptions/>
|
||||
<PolicyRuleOptions>
|
||||
<Option name="pf_classify_str"></Option>
|
||||
</PolicyRuleOptions>
|
||||
</PolicyRule>
|
||||
<PolicyRule id="id7013X7237" disabled="False" group="" log="True" position="5" action="Deny" direction="Both" comment="All other attempts to connect to the firewall are denied and logged">
|
||||
<Src neg="False">
|
||||
@ -351,7 +362,9 @@
|
||||
<When neg="False">
|
||||
<IntervalRef ref="sysid2"/>
|
||||
</When>
|
||||
<PolicyRuleOptions/>
|
||||
<PolicyRuleOptions>
|
||||
<Option name="pf_classify_str"></Option>
|
||||
</PolicyRuleOptions>
|
||||
</PolicyRule>
|
||||
<PolicyRule id="id7025X7237" disabled="False" group="" log="False" position="6" action="Branch" direction="Both" comment="">
|
||||
<Src neg="False">
|
||||
@ -387,6 +400,7 @@
|
||||
<Option name="ipt_mark_connections">False</Option>
|
||||
<Option name="ipt_oif"></Option>
|
||||
<Option name="ipt_tee">False</Option>
|
||||
<Option name="pf_classify_str"></Option>
|
||||
<Option name="pf_fastroute">False</Option>
|
||||
<Option name="pf_route_load_option">none</Option>
|
||||
<Option name="pf_route_opt_addr"></Option>
|
||||
@ -413,6 +427,7 @@
|
||||
<IntervalRef ref="sysid2"/>
|
||||
</When>
|
||||
<PolicyRuleOptions>
|
||||
<Option name="pf_classify_str"></Option>
|
||||
<Option name="stateless">False</Option>
|
||||
</PolicyRuleOptions>
|
||||
</PolicyRule>
|
||||
@ -457,6 +472,7 @@
|
||||
<Option name="limit_value">0</Option>
|
||||
<Option name="log_level"></Option>
|
||||
<Option name="log_prefix"></Option>
|
||||
<Option name="pf_classify_str"></Option>
|
||||
<Option name="stateless">True</Option>
|
||||
<Option name="ulog_nlgroup">1</Option>
|
||||
</PolicyRuleOptions>
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user