mirror of
https://github.com/fwbuilder/fwbuilder
synced 2026-03-21 10:47:16 +01:00
upgraded unit test data files
This commit is contained in:
Vadim Kurland
parent
85dad674bf
commit
5a1b9d3b15
@ -1,6 +1,6 @@
|
||||
<?xml version="1.0" encoding="utf-8"?>
|
||||
<!DOCTYPE FWObjectDatabase SYSTEM "fwbuilder.dtd">
|
||||
<FWObjectDatabase xmlns="http://www.fwbuilder.org/1.0/" version="17" lastModified="1288832643" id="root">
|
||||
<FWObjectDatabase xmlns="http://www.fwbuilder.org/1.0/" version="18" lastModified="1288832643" id="root">
|
||||
<Library id="syslib000" color="#d4f8ff" name="Standard" comment="Standard objects" ro="True">
|
||||
<AnyNetwork id="sysid0" name="Any" comment="Any Network" ro="False" address="0.0.0.0" netmask="0.0.0.0"/>
|
||||
<AnyIPService id="sysid1" protocol_num="0" name="Any" comment="Any IP Service" ro="False"/>
|
||||
|
||||
@ -1,6 +1,6 @@
|
||||
<?xml version="1.0" encoding="utf-8"?>
|
||||
<!DOCTYPE FWObjectDatabase SYSTEM "fwbuilder.dtd">
|
||||
<FWObjectDatabase xmlns="http://www.fwbuilder.org/1.0/" version="17" lastModified="1295999701" id="root">
|
||||
<FWObjectDatabase xmlns="http://www.fwbuilder.org/1.0/" version="18" lastModified="1295999701" id="root">
|
||||
<Library id="syslib000" color="#d4f8ff" name="Standard" comment="Standard objects" ro="True">
|
||||
<AnyNetwork id="sysid0" name="Any" comment="Any Network" ro="False" address="0.0.0.0" netmask="0.0.0.0"/>
|
||||
<AnyIPService id="sysid1" protocol_num="0" name="Any" comment="Any IP Service" ro="False"/>
|
||||
|
||||
@ -1,6 +1,6 @@
|
||||
<?xml version="1.0" encoding="utf-8"?>
|
||||
<!DOCTYPE FWObjectDatabase SYSTEM "fwbuilder.dtd">
|
||||
<FWObjectDatabase xmlns="http://www.fwbuilder.org/1.0/" version="17" lastModified="1296002154" id="root">
|
||||
<FWObjectDatabase xmlns="http://www.fwbuilder.org/1.0/" version="18" lastModified="1296002154" id="root">
|
||||
<Library id="syslib000" color="#d4f8ff" name="Standard" comment="Standard objects" ro="True">
|
||||
<AnyNetwork id="sysid0" name="Any" comment="Any Network" ro="False" address="0.0.0.0" netmask="0.0.0.0"/>
|
||||
<AnyIPService id="sysid1" protocol_num="0" name="Any" comment="Any IP Service" ro="False"/>
|
||||
@ -621,6 +621,12 @@
|
||||
<TSrv neg="False">
|
||||
<ServiceRef ref="sysid1"/>
|
||||
</TSrv>
|
||||
<ItfInb neg="False">
|
||||
<ObjectRef ref="sysid0"/>
|
||||
</ItfInb>
|
||||
<ItfOutb neg="False">
|
||||
<ObjectRef ref="sysid0"/>
|
||||
</ItfOutb>
|
||||
<NATRuleOptions>
|
||||
<Option name="color">#C86E6E</Option>
|
||||
</NATRuleOptions>
|
||||
@ -644,6 +650,12 @@
|
||||
<TSrv neg="False">
|
||||
<ServiceRef ref="sysid1"/>
|
||||
</TSrv>
|
||||
<ItfInb neg="False">
|
||||
<ObjectRef ref="sysid0"/>
|
||||
</ItfInb>
|
||||
<ItfOutb neg="False">
|
||||
<ObjectRef ref="sysid0"/>
|
||||
</ItfOutb>
|
||||
<NATRuleOptions>
|
||||
<Option name="color">#C86E6E</Option>
|
||||
</NATRuleOptions>
|
||||
@ -667,6 +679,12 @@
|
||||
<TSrv neg="False">
|
||||
<ServiceRef ref="sysid1"/>
|
||||
</TSrv>
|
||||
<ItfInb neg="False">
|
||||
<ObjectRef ref="sysid0"/>
|
||||
</ItfInb>
|
||||
<ItfOutb neg="False">
|
||||
<ObjectRef ref="sysid0"/>
|
||||
</ItfOutb>
|
||||
<NATRuleOptions>
|
||||
<Option name="color">#C86E6E</Option>
|
||||
</NATRuleOptions>
|
||||
@ -690,6 +708,12 @@
|
||||
<TSrv neg="False">
|
||||
<ServiceRef ref="sysid1"/>
|
||||
</TSrv>
|
||||
<ItfInb neg="False">
|
||||
<ObjectRef ref="sysid0"/>
|
||||
</ItfInb>
|
||||
<ItfOutb neg="False">
|
||||
<ObjectRef ref="sysid0"/>
|
||||
</ItfOutb>
|
||||
<NATRuleOptions>
|
||||
<Option name="color">#C86E6E</Option>
|
||||
</NATRuleOptions>
|
||||
@ -713,6 +737,12 @@
|
||||
<TSrv neg="False">
|
||||
<ServiceRef ref="sysid1"/>
|
||||
</TSrv>
|
||||
<ItfInb neg="False">
|
||||
<ObjectRef ref="sysid0"/>
|
||||
</ItfInb>
|
||||
<ItfOutb neg="False">
|
||||
<ObjectRef ref="sysid0"/>
|
||||
</ItfOutb>
|
||||
<NATRuleOptions>
|
||||
<Option name="color">#C86E6E</Option>
|
||||
</NATRuleOptions>
|
||||
@ -736,6 +766,12 @@
|
||||
<TSrv neg="False">
|
||||
<ServiceRef ref="id116"/>
|
||||
</TSrv>
|
||||
<ItfInb neg="False">
|
||||
<ObjectRef ref="sysid0"/>
|
||||
</ItfInb>
|
||||
<ItfOutb neg="False">
|
||||
<ObjectRef ref="sysid0"/>
|
||||
</ItfOutb>
|
||||
<NATRuleOptions>
|
||||
<Option name="color">#C86E6E</Option>
|
||||
</NATRuleOptions>
|
||||
@ -759,6 +795,12 @@
|
||||
<TSrv neg="False">
|
||||
<ServiceRef ref="sysid1"/>
|
||||
</TSrv>
|
||||
<ItfInb neg="False">
|
||||
<ObjectRef ref="sysid0"/>
|
||||
</ItfInb>
|
||||
<ItfOutb neg="False">
|
||||
<ObjectRef ref="sysid0"/>
|
||||
</ItfOutb>
|
||||
<NATRuleOptions/>
|
||||
</NATRule>
|
||||
<NATRule id="id772" disabled="False" group="" position="7" action="Translate" comment="">
|
||||
@ -781,6 +823,12 @@
|
||||
<TSrv neg="False">
|
||||
<ServiceRef ref="sysid1"/>
|
||||
</TSrv>
|
||||
<ItfInb neg="False">
|
||||
<ObjectRef ref="sysid0"/>
|
||||
</ItfInb>
|
||||
<ItfOutb neg="False">
|
||||
<ObjectRef ref="sysid0"/>
|
||||
</ItfOutb>
|
||||
<NATRuleOptions/>
|
||||
</NATRule>
|
||||
<NATRule id="id787" disabled="False" group="" position="8" action="Translate" comment="">
|
||||
@ -802,6 +850,12 @@
|
||||
<TSrv neg="False">
|
||||
<ServiceRef ref="id114"/>
|
||||
</TSrv>
|
||||
<ItfInb neg="False">
|
||||
<ObjectRef ref="sysid0"/>
|
||||
</ItfInb>
|
||||
<ItfOutb neg="False">
|
||||
<ObjectRef ref="sysid0"/>
|
||||
</ItfOutb>
|
||||
<NATRuleOptions/>
|
||||
</NATRule>
|
||||
<NATRule id="id801" disabled="False" group="" position="9" action="Translate" comment="">
|
||||
@ -823,6 +877,12 @@
|
||||
<TSrv neg="False">
|
||||
<ServiceRef ref="id117"/>
|
||||
</TSrv>
|
||||
<ItfInb neg="False">
|
||||
<ObjectRef ref="sysid0"/>
|
||||
</ItfInb>
|
||||
<ItfOutb neg="False">
|
||||
<ObjectRef ref="sysid0"/>
|
||||
</ItfOutb>
|
||||
<NATRuleOptions/>
|
||||
</NATRule>
|
||||
<NATRule id="id815" disabled="False" group="" position="10" action="Translate" comment="">
|
||||
@ -844,6 +904,12 @@
|
||||
<TSrv neg="False">
|
||||
<ServiceRef ref="sysid1"/>
|
||||
</TSrv>
|
||||
<ItfInb neg="False">
|
||||
<ObjectRef ref="sysid0"/>
|
||||
</ItfInb>
|
||||
<ItfOutb neg="False">
|
||||
<ObjectRef ref="sysid0"/>
|
||||
</ItfOutb>
|
||||
<NATRuleOptions/>
|
||||
</NATRule>
|
||||
<NATRule id="id829" disabled="False" group="" position="11" action="Translate" comment="">
|
||||
@ -865,6 +931,12 @@
|
||||
<TSrv neg="False">
|
||||
<ServiceRef ref="sysid1"/>
|
||||
</TSrv>
|
||||
<ItfInb neg="False">
|
||||
<ObjectRef ref="sysid0"/>
|
||||
</ItfInb>
|
||||
<ItfOutb neg="False">
|
||||
<ObjectRef ref="sysid0"/>
|
||||
</ItfOutb>
|
||||
<NATRuleOptions/>
|
||||
</NATRule>
|
||||
<NATRule id="id843" disabled="False" group="" position="12" action="Translate" comment="">
|
||||
@ -886,6 +958,12 @@
|
||||
<TSrv neg="False">
|
||||
<ServiceRef ref="id118"/>
|
||||
</TSrv>
|
||||
<ItfInb neg="False">
|
||||
<ObjectRef ref="sysid0"/>
|
||||
</ItfInb>
|
||||
<ItfOutb neg="False">
|
||||
<ObjectRef ref="sysid0"/>
|
||||
</ItfOutb>
|
||||
<NATRuleOptions/>
|
||||
</NATRule>
|
||||
<NATRule id="id857" disabled="False" group="" position="13" action="Translate" comment="">
|
||||
@ -907,6 +985,12 @@
|
||||
<TSrv neg="False">
|
||||
<ServiceRef ref="sysid1"/>
|
||||
</TSrv>
|
||||
<ItfInb neg="False">
|
||||
<ObjectRef ref="sysid0"/>
|
||||
</ItfInb>
|
||||
<ItfOutb neg="False">
|
||||
<ObjectRef ref="sysid0"/>
|
||||
</ItfOutb>
|
||||
<NATRuleOptions/>
|
||||
</NATRule>
|
||||
<NATRule id="id871" disabled="False" group="" position="14" action="Translate" comment="Original rule defines inbound interface 'eth0'. Replace address in ODst with matching interface of the firewall.">
|
||||
@ -928,6 +1012,12 @@
|
||||
<TSrv neg="False">
|
||||
<ServiceRef ref="sysid1"/>
|
||||
</TSrv>
|
||||
<ItfInb neg="False">
|
||||
<ObjectRef ref="sysid0"/>
|
||||
</ItfInb>
|
||||
<ItfOutb neg="False">
|
||||
<ObjectRef ref="sysid0"/>
|
||||
</ItfOutb>
|
||||
<NATRuleOptions>
|
||||
<Option name="color">#C86E6E</Option>
|
||||
</NATRuleOptions>
|
||||
@ -951,6 +1041,12 @@
|
||||
<TSrv neg="False">
|
||||
<ServiceRef ref="sysid1"/>
|
||||
</TSrv>
|
||||
<ItfInb neg="False">
|
||||
<ObjectRef ref="sysid0"/>
|
||||
</ItfInb>
|
||||
<ItfOutb neg="False">
|
||||
<ObjectRef ref="sysid0"/>
|
||||
</ItfOutb>
|
||||
<NATRuleOptions/>
|
||||
</NATRule>
|
||||
<NATRule id="id899" disabled="False" group="" position="16" action="Translate" comment="">
|
||||
@ -972,6 +1068,12 @@
|
||||
<TSrv neg="False">
|
||||
<ServiceRef ref="sysid1"/>
|
||||
</TSrv>
|
||||
<ItfInb neg="False">
|
||||
<ObjectRef ref="sysid0"/>
|
||||
</ItfInb>
|
||||
<ItfOutb neg="False">
|
||||
<ObjectRef ref="sysid0"/>
|
||||
</ItfOutb>
|
||||
<NATRuleOptions/>
|
||||
</NATRule>
|
||||
<NATRule id="id913" disabled="False" group="" position="17" action="Translate" comment="">
|
||||
@ -993,6 +1095,12 @@
|
||||
<TSrv neg="False">
|
||||
<ServiceRef ref="id85"/>
|
||||
</TSrv>
|
||||
<ItfInb neg="False">
|
||||
<ObjectRef ref="sysid0"/>
|
||||
</ItfInb>
|
||||
<ItfOutb neg="False">
|
||||
<ObjectRef ref="sysid0"/>
|
||||
</ItfOutb>
|
||||
<NATRuleOptions/>
|
||||
</NATRule>
|
||||
<NATRule id="id927" disabled="False" group="" position="18" action="Translate" comment="">
|
||||
@ -1014,6 +1122,12 @@
|
||||
<TSrv neg="False">
|
||||
<ServiceRef ref="sysid1"/>
|
||||
</TSrv>
|
||||
<ItfInb neg="False">
|
||||
<ObjectRef ref="sysid0"/>
|
||||
</ItfInb>
|
||||
<ItfOutb neg="False">
|
||||
<ObjectRef ref="sysid0"/>
|
||||
</ItfOutb>
|
||||
<NATRuleOptions/>
|
||||
</NATRule>
|
||||
<RuleSetOptions/>
|
||||
|
||||
@ -1,6 +1,6 @@
|
||||
<?xml version="1.0" encoding="utf-8"?>
|
||||
<!DOCTYPE FWObjectDatabase SYSTEM "fwbuilder.dtd">
|
||||
<FWObjectDatabase xmlns="http://www.fwbuilder.org/1.0/" version="17" lastModified="1268754223" id="root">
|
||||
<FWObjectDatabase xmlns="http://www.fwbuilder.org/1.0/" version="18" lastModified="1268754223" id="root">
|
||||
<Library id="syslib000" color="#d4f8ff" name="Standard" comment="Standard objects" ro="False">
|
||||
<AnyNetwork id="sysid0" name="Any" comment="Any Network" ro="False" address="0.0.0.0" netmask="0.0.0.0"/>
|
||||
<AnyIPService id="sysid1" protocol_num="0" name="Any" comment="Any IP Service" ro="False"/>
|
||||
@ -437,7 +437,7 @@
|
||||
<ObjectGroup id="id2911X3401" name="Firewalls" comment="" ro="False">
|
||||
<Firewall id="id4687X3401" host_OS="linux24" lastCompiled="0" lastInstalled="0" lastModified="0" platform="iptables" version="" name="TestFirewall" comment="This firewall has two interfaces. Eth0 faces outside and has a dynamic address; eth1 faces inside. Policy includes basic rules to permit unrestricted outbound access and anti-spoofing rules. Access to the firewall is permitted only from internal network and only using SSH. The firewall uses one of the machines on internal network for DNS. Internal network is configured with address 192.168.1.0/255.255.255.0" ro="False">
|
||||
<NAT id="id4708X3401" name="NAT" comment="" ro="False" ipv4_rule_set="False" ipv6_rule_set="False" top_rule_set="True">
|
||||
<NATRule id="id4710X3401" disabled="False" position="0" action="Translate" comment="">
|
||||
<NATRule id="id4710X3401" disabled="False" group="" position="0" action="Translate" comment="">
|
||||
<OSrc neg="False">
|
||||
<ObjectRef ref="id3DC75CE7-1"/>
|
||||
</OSrc>
|
||||
@ -456,12 +456,18 @@
|
||||
<TSrv neg="False">
|
||||
<ServiceRef ref="sysid1"/>
|
||||
</TSrv>
|
||||
<ItfInb neg="False">
|
||||
<ObjectRef ref="sysid0"/>
|
||||
</ItfInb>
|
||||
<ItfOutb neg="False">
|
||||
<ObjectRef ref="sysid0"/>
|
||||
</ItfOutb>
|
||||
<NATRuleOptions/>
|
||||
</NATRule>
|
||||
<RuleSetOptions/>
|
||||
</NAT>
|
||||
<Policy id="id4744X3401" name="Policy" comment="" ro="False" ipv4_rule_set="False" ipv6_rule_set="False" top_rule_set="True">
|
||||
<PolicyRule id="id4746X3401" disabled="False" log="True" position="0" action="Deny" direction="Inbound" comment="anti spoofing rule">
|
||||
<PolicyRule id="id4746X3401" disabled="False" group="" log="True" position="0" action="Deny" direction="Inbound" comment="anti spoofing rule">
|
||||
<Src neg="False">
|
||||
<ObjectRef ref="id4687X3401"/>
|
||||
<ObjectRef ref="id3DC75CE7-1"/>
|
||||
@ -480,7 +486,7 @@
|
||||
</When>
|
||||
<PolicyRuleOptions/>
|
||||
</PolicyRule>
|
||||
<PolicyRule id="id4775X3401" disabled="False" log="False" position="1" action="Accept" direction="Both" comment="">
|
||||
<PolicyRule id="id4775X3401" disabled="False" group="" log="False" position="1" action="Accept" direction="Both" comment="">
|
||||
<Src neg="False">
|
||||
<ObjectRef ref="sysid0"/>
|
||||
</Src>
|
||||
@ -498,7 +504,7 @@
|
||||
</When>
|
||||
<PolicyRuleOptions/>
|
||||
</PolicyRule>
|
||||
<PolicyRule id="id4803X3401" disabled="False" log="False" position="2" action="Accept" direction="Both" comment="SSH Access to firewall is permitted only from internal network">
|
||||
<PolicyRule id="id4803X3401" disabled="False" group="" log="False" position="2" action="Accept" direction="Both" comment="SSH Access to firewall is permitted only from internal network">
|
||||
<Src neg="False">
|
||||
<ObjectRef ref="id3DC75CE7-1"/>
|
||||
</Src>
|
||||
@ -516,7 +522,7 @@
|
||||
</When>
|
||||
<PolicyRuleOptions/>
|
||||
</PolicyRule>
|
||||
<PolicyRule id="id4831X3401" disabled="False" log="True" position="3" action="Accept" direction="Both" comment="Firewall uses one of the machines on internal network for DNS">
|
||||
<PolicyRule id="id4831X3401" disabled="False" group="" log="True" position="3" action="Accept" direction="Both" comment="Firewall uses one of the machines on internal network for DNS">
|
||||
<Src neg="False">
|
||||
<ObjectRef ref="id4687X3401"/>
|
||||
</Src>
|
||||
@ -534,7 +540,7 @@
|
||||
</When>
|
||||
<PolicyRuleOptions/>
|
||||
</PolicyRule>
|
||||
<PolicyRule id="id4859X3401" disabled="False" log="True" position="4" action="Deny" direction="Both" comment="All other attempts to connect to the firewall are denied and logged">
|
||||
<PolicyRule id="id4859X3401" disabled="False" group="" log="True" position="4" action="Deny" direction="Both" comment="All other attempts to connect to the firewall are denied and logged">
|
||||
<Src neg="False">
|
||||
<ObjectRef ref="sysid0"/>
|
||||
</Src>
|
||||
@ -552,7 +558,7 @@
|
||||
</When>
|
||||
<PolicyRuleOptions/>
|
||||
</PolicyRule>
|
||||
<PolicyRule id="id4887X3401" disabled="False" log="False" position="5" action="Accept" direction="Both" comment="">
|
||||
<PolicyRule id="id4887X3401" disabled="False" group="" log="False" position="5" action="Accept" direction="Both" comment="">
|
||||
<Src neg="False">
|
||||
<ObjectRef ref="id3DC75CE7-1"/>
|
||||
</Src>
|
||||
@ -570,7 +576,7 @@
|
||||
</When>
|
||||
<PolicyRuleOptions/>
|
||||
</PolicyRule>
|
||||
<PolicyRule id="id4915X3401" disabled="False" log="True" position="6" action="Deny" direction="Both" comment="">
|
||||
<PolicyRule id="id4915X3401" disabled="False" group="" log="True" position="6" action="Deny" direction="Both" comment="">
|
||||
<Src neg="False">
|
||||
<ObjectRef ref="sysid0"/>
|
||||
</Src>
|
||||
|
||||
@ -1,6 +1,6 @@
|
||||
<?xml version="1.0" encoding="utf-8"?>
|
||||
<!DOCTYPE FWObjectDatabase SYSTEM "fwbuilder.dtd">
|
||||
<FWObjectDatabase xmlns="http://www.fwbuilder.org/1.0/" version="17" lastModified="1265584375" id="root">
|
||||
<FWObjectDatabase xmlns="http://www.fwbuilder.org/1.0/" version="18" lastModified="1265584375" id="root">
|
||||
<Library id="sysid99" name="Deleted Objects" comment="" ro="False">
|
||||
<IPv4 id="id9040X76354" name="pc:eth0:ip" comment="" ro="False" address="192.168.1.1" netmask="255.255.255.0"/>
|
||||
</Library>
|
||||
@ -28,9 +28,9 @@
|
||||
<PolicyInstallScript arguments="" command="" enabled="False"/>
|
||||
</Management>
|
||||
<HostOptions>
|
||||
<Option name="snmp_contact"/>
|
||||
<Option name="snmp_description"/>
|
||||
<Option name="snmp_location"/>
|
||||
<Option name="snmp_contact"></Option>
|
||||
<Option name="snmp_description"></Option>
|
||||
<Option name="snmp_location"></Option>
|
||||
<Option name="use_mac_addr">false</Option>
|
||||
<Option name="use_mac_addr_filter">False</Option>
|
||||
</HostOptions>
|
||||
@ -46,9 +46,9 @@
|
||||
<PolicyInstallScript arguments="" command="" enabled="False"/>
|
||||
</Management>
|
||||
<HostOptions>
|
||||
<Option name="snmp_contact"/>
|
||||
<Option name="snmp_description"/>
|
||||
<Option name="snmp_location"/>
|
||||
<Option name="snmp_contact"></Option>
|
||||
<Option name="snmp_description"></Option>
|
||||
<Option name="snmp_location"></Option>
|
||||
<Option name="use_mac_addr">false</Option>
|
||||
<Option name="use_mac_addr_filter">False</Option>
|
||||
</HostOptions>
|
||||
|
||||
@ -1,27 +1,54 @@
|
||||
<?xml version="1.0" encoding="utf-8"?>
|
||||
<!DOCTYPE FWObjectDatabase SYSTEM "fwbuilder.dtd">
|
||||
<FWObjectDatabase xmlns="http://www.fwbuilder.org/1.0/" version="2.1.5" lastModified="1153280413" id="root">
|
||||
<FWObjectDatabase xmlns="http://www.fwbuilder.org/1.0/" version="18" lastModified="" id="root">
|
||||
<Library color="#d2ffd0" id="id40CCB499" name="User" ro="False">
|
||||
<ObjectGroup name="Clusters" id="id40CCB49A_clusters">
|
||||
|
||||
</ObjectGroup>
|
||||
<ObjectGroup id="id40CCB49A" name="Objects">
|
||||
<ObjectGroup id="id40CCB49A_og_ats_1" name="Address Tables"/>
|
||||
<ObjectGroup id="id40CCB49B" name="Addresses"/>
|
||||
<ObjectGroup id="id40CCB49C" name="Groups"/>
|
||||
<ObjectGroup id="id40CCB49D" name="Hosts"/>
|
||||
<ObjectGroup id="id40CCB49E" name="Networks"/>
|
||||
<ObjectGroup id="id40CCB49F" name="Address Ranges"/>
|
||||
<ObjectGroup id="id44BDA99120157" name="DNS Names">
|
||||
|
||||
<ObjectGroup id="id40CCB49A_og_ats_1" name="Address Tables"/><ObjectGroup id="id40CCB49B" name="Addresses"/><ObjectGroup id="id40CCB49C" name="Groups"/><ObjectGroup id="id40CCB49D" name="Hosts"/><ObjectGroup id="id40CCB49E" name="Networks"/><ObjectGroup id="id40CCB49F" name="Address Ranges"/><ObjectGroup id="id44BDA99120157" name="DNS Names">
|
||||
<DNSName comment="" dnsrec="www.cnn.com" id="id44BDAF4720160" name="www.cnn.com" run_time="False"/>
|
||||
|
||||
|
||||
|
||||
<DNSName comment="" dnsrec="www.bbc.co.uk" id="id44BDB67B20160" name="www.bbc.co.uk" run_time="False"/>
|
||||
|
||||
|
||||
|
||||
</ObjectGroup>
|
||||
</ObjectGroup>
|
||||
</ObjectGroup>
|
||||
<ServiceGroup id="id40CCB4A0" name="Services">
|
||||
<ServiceGroup id="id40CCB4A0_og_tag_1" name="TagServices"/>
|
||||
<ServiceGroup id="id40CCB4A1" name="Groups"/>
|
||||
<ServiceGroup id="id40CCB4A2" name="ICMP"/>
|
||||
<ServiceGroup id="id40CCB4A3" name="IP"/>
|
||||
<ServiceGroup id="id40CCB4A4" name="TCP"/>
|
||||
<ServiceGroup id="id40CCB4A5" name="UDP"/>
|
||||
<ServiceGroup id="id40CCB4A6" name="Custom"/>
|
||||
</ServiceGroup>
|
||||
<ServiceGroup id="id40CCB4A0_userservices" name="Users"/>
|
||||
|
||||
|
||||
|
||||
|
||||
<ServiceGroup id="id40CCB4A0_og_tag_1" name="TagServices">
|
||||
|
||||
|
||||
</ServiceGroup>
|
||||
|
||||
<ServiceGroup id="id40CCB4A1" name="Groups"/>
|
||||
|
||||
|
||||
<ServiceGroup id="id40CCB4A2" name="ICMP"/>
|
||||
|
||||
|
||||
<ServiceGroup id="id40CCB4A3" name="IP"/>
|
||||
|
||||
|
||||
<ServiceGroup id="id40CCB4A4" name="TCP"/>
|
||||
|
||||
|
||||
<ServiceGroup id="id40CCB4A5" name="UDP"/>
|
||||
|
||||
|
||||
<ServiceGroup id="id40CCB4A6" name="Custom"/>
|
||||
|
||||
|
||||
|
||||
</ServiceGroup>
|
||||
<ObjectGroup id="id40CCB4A7" name="Firewalls"/>
|
||||
<IntervalGroup id="id40CCB4A8" name="Time"/>
|
||||
</Library>
|
||||
|
||||
@ -1,12 +1,16 @@
|
||||
head 1.7;
|
||||
head 1.8;
|
||||
access;
|
||||
symbols;
|
||||
locks
|
||||
vadim:1.6; strict;
|
||||
locks; strict;
|
||||
comment @# @;
|
||||
expand @b@;
|
||||
|
||||
|
||||
1.8
|
||||
date 2011.02.23.00.03.49; author vadim; state Exp;
|
||||
branches;
|
||||
next 1.7;
|
||||
|
||||
1.7
|
||||
date 2006.07.19.03.42.51; author vadim; state Exp;
|
||||
branches;
|
||||
@ -59,16 +63,80 @@ desc
|
||||
@
|
||||
|
||||
|
||||
1.8
|
||||
log
|
||||
@upgrade to dtd 18
|
||||
@
|
||||
text
|
||||
@<?xml version="1.0" encoding="utf-8"?>
|
||||
<!DOCTYPE FWObjectDatabase SYSTEM "fwbuilder.dtd">
|
||||
<FWObjectDatabase xmlns="http://www.fwbuilder.org/1.0/" version="18" lastModified="" id="root">
|
||||
<Library color="#d2ffd0" id="id40CCB499" name="User" ro="False">
|
||||
<ObjectGroup name="Clusters" id="id40CCB49A_clusters">
|
||||
|
||||
</ObjectGroup>
|
||||
<ObjectGroup id="id40CCB49A" name="Objects">
|
||||
|
||||
<ObjectGroup id="id40CCB49A_og_ats_1" name="Address Tables"/><ObjectGroup id="id40CCB49B" name="Addresses"/><ObjectGroup id="id40CCB49C" name="Groups"/><ObjectGroup id="id40CCB49D" name="Hosts"/><ObjectGroup id="id40CCB49E" name="Networks"/><ObjectGroup id="id40CCB49F" name="Address Ranges"/><ObjectGroup id="id44BDA99120157" name="DNS Names">
|
||||
<DNSName comment="" dnsrec="www.cnn.com" id="id44BDAF4720160" name="www.cnn.com" run_time="False"/>
|
||||
|
||||
|
||||
|
||||
<DNSName comment="" dnsrec="www.bbc.co.uk" id="id44BDB67B20160" name="www.bbc.co.uk" run_time="False"/>
|
||||
|
||||
|
||||
|
||||
</ObjectGroup>
|
||||
</ObjectGroup>
|
||||
<ServiceGroup id="id40CCB4A0" name="Services">
|
||||
<ServiceGroup id="id40CCB4A0_userservices" name="Users"/>
|
||||
|
||||
|
||||
|
||||
|
||||
<ServiceGroup id="id40CCB4A0_og_tag_1" name="TagServices">
|
||||
|
||||
|
||||
</ServiceGroup>
|
||||
|
||||
<ServiceGroup id="id40CCB4A1" name="Groups"/>
|
||||
|
||||
|
||||
<ServiceGroup id="id40CCB4A2" name="ICMP"/>
|
||||
|
||||
|
||||
<ServiceGroup id="id40CCB4A3" name="IP"/>
|
||||
|
||||
|
||||
<ServiceGroup id="id40CCB4A4" name="TCP"/>
|
||||
|
||||
|
||||
<ServiceGroup id="id40CCB4A5" name="UDP"/>
|
||||
|
||||
|
||||
<ServiceGroup id="id40CCB4A6" name="Custom"/>
|
||||
|
||||
|
||||
|
||||
</ServiceGroup>
|
||||
<ObjectGroup id="id40CCB4A7" name="Firewalls"/>
|
||||
<IntervalGroup id="id40CCB4A8" name="Time"/>
|
||||
</Library>
|
||||
</FWObjectDatabase>
|
||||
@
|
||||
|
||||
|
||||
1.7
|
||||
log
|
||||
@working in the main trunk
|
||||
@
|
||||
text
|
||||
@<?xml version="1.0" encoding="utf-8"?>
|
||||
<!DOCTYPE FWObjectDatabase SYSTEM "fwbuilder.dtd">
|
||||
@d3 1
|
||||
a3 1
|
||||
<FWObjectDatabase xmlns="http://www.fwbuilder.org/1.0/" version="2.1.5" lastModified="1153280559" id="root">
|
||||
<Library color="#d2ffd0" id="id40CCB499" name="User" ro="False">
|
||||
<ObjectGroup id="id40CCB49A" name="Objects">
|
||||
d5 3
|
||||
d9 2
|
||||
a10 7
|
||||
<ObjectGroup id="id40CCB49A_og_ats_1" name="Address Tables"/>
|
||||
<ObjectGroup id="id40CCB49B" name="Addresses"/>
|
||||
<ObjectGroup id="id40CCB49C" name="Groups"/>
|
||||
@ -76,11 +144,12 @@ text
|
||||
<ObjectGroup id="id40CCB49E" name="Networks"/>
|
||||
<ObjectGroup id="id40CCB49F" name="Address Ranges"/>
|
||||
<ObjectGroup id="id44BDA99120157" name="DNS Names">
|
||||
<DNSName comment="" dnsrec="www.cnn.com" id="id44BDAF4720160" name="www.cnn.com" run_time="False"/>
|
||||
<DNSName comment="" dnsrec="www.bbc.co.uk" id="id44BDB67B20160" name="www.bbc.co.uk" run_time="False"/>
|
||||
</ObjectGroup>
|
||||
d12 3
|
||||
d16 4
|
||||
a20 1
|
||||
</ObjectGroup>
|
||||
<ServiceGroup id="id40CCB4A0" name="Services">
|
||||
d22 30
|
||||
a51 8
|
||||
<ServiceGroup id="id40CCB4A0_og_tag_1" name="TagServices"/>
|
||||
<ServiceGroup id="id40CCB4A1" name="Groups"/>
|
||||
<ServiceGroup id="id40CCB4A2" name="ICMP"/>
|
||||
@ -89,10 +158,6 @@ text
|
||||
<ServiceGroup id="id40CCB4A5" name="UDP"/>
|
||||
<ServiceGroup id="id40CCB4A6" name="Custom"/>
|
||||
</ServiceGroup>
|
||||
<ObjectGroup id="id40CCB4A7" name="Firewalls"/>
|
||||
<IntervalGroup id="id40CCB4A8" name="Time"/>
|
||||
</Library>
|
||||
</FWObjectDatabase>
|
||||
@
|
||||
|
||||
|
||||
|
||||
@ -1,6 +1,6 @@
|
||||
<?xml version="1.0" encoding="utf-8"?>
|
||||
<!DOCTYPE FWObjectDatabase SYSTEM "fwbuilder.dtd">
|
||||
<FWObjectDatabase xmlns="http://www.fwbuilder.org/1.0/" version="17" lastModified="1280235390" id="root">
|
||||
<FWObjectDatabase xmlns="http://www.fwbuilder.org/1.0/" version="18" lastModified="1280235390" id="root">
|
||||
<Library id="syslib000" color="#d4f8ff" name="Standard" comment="Standard objects" ro="True">
|
||||
<AnyNetwork id="sysid0" name="Any" comment="Any Network" ro="False" address="0.0.0.0" netmask="0.0.0.0"/>
|
||||
<AnyIPService id="sysid1" protocol_num="0" name="Any" comment="Any IP Service" ro="False"/>
|
||||
@ -439,7 +439,7 @@
|
||||
<ObjectGroup id="id1566X14880" name="Firewalls" comment="" ro="False">
|
||||
<Firewall id="id3522X14880" host_OS="linux24" inactive="False" lastCompiled="0" lastInstalled="0" lastModified="1268942625" platform="iptables" version="" name="test" comment="This firewall has two interfaces. Eth0 faces outside and has a dynamic address; eth1 faces inside. Policy includes basic rules to permit unrestricted outbound access and anti-spoofing rules. Access to the firewall is permitted only from internal network and only using SSH. The firewall uses one of the machines on internal network for DNS. Internal network is configured with address 192.168.1.0/255.255.255.0" ro="False">
|
||||
<NAT id="id3543X14880" name="NAT" comment="" ro="False" ipv4_rule_set="False" ipv6_rule_set="False" top_rule_set="True">
|
||||
<NATRule id="id3545X14880" disabled="False" position="0" action="Translate" comment="">
|
||||
<NATRule id="id3545X14880" disabled="False" group="" position="0" action="Translate" comment="">
|
||||
<OSrc neg="False">
|
||||
<ObjectRef ref="id3DC75CE7-1"/>
|
||||
</OSrc>
|
||||
@ -458,12 +458,18 @@
|
||||
<TSrv neg="False">
|
||||
<ServiceRef ref="sysid1"/>
|
||||
</TSrv>
|
||||
<ItfInb neg="False">
|
||||
<ObjectRef ref="sysid0"/>
|
||||
</ItfInb>
|
||||
<ItfOutb neg="False">
|
||||
<ObjectRef ref="sysid0"/>
|
||||
</ItfOutb>
|
||||
<NATRuleOptions/>
|
||||
</NATRule>
|
||||
<RuleSetOptions/>
|
||||
</NAT>
|
||||
<Policy id="id3579X14880" name="Policy" comment="" ro="False" ipv4_rule_set="False" ipv6_rule_set="False" top_rule_set="True">
|
||||
<PolicyRule id="id3581X14880" disabled="False" log="True" position="0" action="Deny" direction="Inbound" comment="anti spoofing rule">
|
||||
<PolicyRule id="id3581X14880" disabled="False" group="" log="True" position="0" action="Deny" direction="Inbound" comment="anti spoofing rule">
|
||||
<Src neg="False">
|
||||
<ObjectRef ref="id3522X14880"/>
|
||||
<ObjectRef ref="id3DC75CE7-1"/>
|
||||
@ -508,7 +514,7 @@
|
||||
<Option name="ulog_nlgroup">1</Option>
|
||||
</PolicyRuleOptions>
|
||||
</PolicyRule>
|
||||
<PolicyRule id="id3610X14880" disabled="False" log="False" position="1" action="Accept" direction="Both" comment="">
|
||||
<PolicyRule id="id3610X14880" disabled="False" group="" log="False" position="1" action="Accept" direction="Both" comment="">
|
||||
<Src neg="False">
|
||||
<ObjectRef ref="sysid0"/>
|
||||
</Src>
|
||||
@ -526,7 +532,7 @@
|
||||
</When>
|
||||
<PolicyRuleOptions/>
|
||||
</PolicyRule>
|
||||
<PolicyRule id="id3638X14880" disabled="False" log="False" position="2" action="Accept" direction="Both" comment="SSH Access to firewall is permitted only from internal network">
|
||||
<PolicyRule id="id3638X14880" disabled="False" group="" log="False" position="2" action="Accept" direction="Both" comment="SSH Access to firewall is permitted only from internal network">
|
||||
<Src neg="False">
|
||||
<ObjectRef ref="id3DC75CE7-1"/>
|
||||
</Src>
|
||||
@ -544,7 +550,7 @@
|
||||
</When>
|
||||
<PolicyRuleOptions/>
|
||||
</PolicyRule>
|
||||
<PolicyRule id="id3666X14880" disabled="False" log="False" position="3" action="Accept" direction="Both" comment="Firewall uses one of the machines on internal network for DNS">
|
||||
<PolicyRule id="id3666X14880" disabled="False" group="" log="False" position="3" action="Accept" direction="Both" comment="Firewall uses one of the machines on internal network for DNS">
|
||||
<Src neg="False">
|
||||
<ObjectRef ref="id3522X14880"/>
|
||||
</Src>
|
||||
@ -562,7 +568,7 @@
|
||||
</When>
|
||||
<PolicyRuleOptions/>
|
||||
</PolicyRule>
|
||||
<PolicyRule id="id3694X14880" disabled="False" log="True" position="4" action="Deny" direction="Both" comment="All other attempts to connect to the firewall are denied and logged">
|
||||
<PolicyRule id="id3694X14880" disabled="False" group="" log="True" position="4" action="Deny" direction="Both" comment="All other attempts to connect to the firewall are denied and logged">
|
||||
<Src neg="False">
|
||||
<ObjectRef ref="sysid0"/>
|
||||
</Src>
|
||||
@ -606,7 +612,7 @@
|
||||
<Option name="ulog_nlgroup">1</Option>
|
||||
</PolicyRuleOptions>
|
||||
</PolicyRule>
|
||||
<PolicyRule id="id3722X14880" disabled="False" log="False" position="5" action="Accept" direction="Both" comment="">
|
||||
<PolicyRule id="id3722X14880" disabled="False" group="" log="False" position="5" action="Accept" direction="Both" comment="">
|
||||
<Src neg="False">
|
||||
<ObjectRef ref="id3DC75CE7-1"/>
|
||||
</Src>
|
||||
@ -624,7 +630,7 @@
|
||||
</When>
|
||||
<PolicyRuleOptions/>
|
||||
</PolicyRule>
|
||||
<PolicyRule id="id3750X14880" disabled="False" log="True" position="6" action="Deny" direction="Both" comment="">
|
||||
<PolicyRule id="id3750X14880" disabled="False" group="" log="True" position="6" action="Deny" direction="Both" comment="">
|
||||
<Src neg="False">
|
||||
<ObjectRef ref="sysid0"/>
|
||||
</Src>
|
||||
|
||||
@ -1,6 +1,6 @@
|
||||
<?xml version="1.0" encoding="utf-8"?>
|
||||
<!DOCTYPE FWObjectDatabase SYSTEM "fwbuilder.dtd">
|
||||
<FWObjectDatabase xmlns="http://www.fwbuilder.org/1.0/" version="17" lastModified="1275952357" id="root">
|
||||
<FWObjectDatabase xmlns="http://www.fwbuilder.org/1.0/" version="18" lastModified="1275952357" id="root">
|
||||
<Library id="syslib000" color="#d4f8ff" name="Standard" comment="Standard objects" ro="True">
|
||||
<AnyNetwork id="sysid0" name="Any" comment="Any Network" ro="False" address="0.0.0.0" netmask="0.0.0.0"/>
|
||||
<AnyIPService id="sysid1" protocol_num="0" name="Any" comment="Any IP Service" ro="False"/>
|
||||
@ -445,7 +445,7 @@
|
||||
<ObjectGroup id="id1566X80784" name="Firewalls" comment="" ro="False">
|
||||
<Firewall id="id3522X80784" host_OS="linux24" inactive="False" lastCompiled="0" lastInstalled="0" lastModified="1275950255" platform="iptables" version="" name="fw1" comment="This firewall has three interfaces. Eth0 faces outside and has a static routable address; eth1 faces inside; eth2 is connected to DMZ subnet. Policy includes basic rules to permit unrestricted outbound access and anti-spoofing rules. Access to the firewall is permitted only from internal network and only using SSH. The firewall uses one of the machines on internal network for DNS. Internal network is configured with address 192.168.1.0/255.255.255.0, DMZ is 192.168.2.0/255.255.255.0. Since DMZ used private IP address, it needs NAT. There is a mail relay host located on DMZ (object 'server on dmz'). Policy rules permit SMTP connections to it from the Internet and allow this server to connect to a host on internal network 'internal server'. All other access from DMZ to internal net is denied. To provide access to the mail relay its private address is mapped to firewall's outside interface address by NAT rule #1." ro="False">
|
||||
<NAT id="id3547X80784" name="NAT" comment="" ro="False" ipv4_rule_set="False" ipv6_rule_set="False" top_rule_set="True">
|
||||
<NATRule id="id3549X80784" disabled="False" position="0" action="Translate" comment="no need to translate between DMZ and internal net">
|
||||
<NATRule id="id3549X80784" disabled="False" group="" position="0" action="Translate" comment="no need to translate between DMZ and internal net">
|
||||
<OSrc neg="False">
|
||||
<ObjectRef ref="id3DC75CE7-2"/>
|
||||
</OSrc>
|
||||
@ -464,9 +464,15 @@
|
||||
<TSrv neg="False">
|
||||
<ServiceRef ref="sysid1"/>
|
||||
</TSrv>
|
||||
<ItfInb neg="False">
|
||||
<ObjectRef ref="sysid0"/>
|
||||
</ItfInb>
|
||||
<ItfOutb neg="False">
|
||||
<ObjectRef ref="sysid0"/>
|
||||
</ItfOutb>
|
||||
<NATRuleOptions/>
|
||||
</NATRule>
|
||||
<NATRule id="id3582X80784" disabled="False" position="1" action="Translate" comment="Translate source address for outgoing connections">
|
||||
<NATRule id="id3582X80784" disabled="False" group="" position="1" action="Translate" comment="Translate source address for outgoing connections">
|
||||
<OSrc neg="False">
|
||||
<ObjectRef ref="id3DC75CE7-1"/>
|
||||
<ObjectRef ref="id3DC75CE7-2"/>
|
||||
@ -486,9 +492,15 @@
|
||||
<TSrv neg="False">
|
||||
<ServiceRef ref="sysid1"/>
|
||||
</TSrv>
|
||||
<ItfInb neg="False">
|
||||
<ObjectRef ref="sysid0"/>
|
||||
</ItfInb>
|
||||
<ItfOutb neg="False">
|
||||
<ObjectRef ref="sysid0"/>
|
||||
</ItfOutb>
|
||||
<NATRuleOptions/>
|
||||
</NATRule>
|
||||
<NATRule id="id3616X80784" disabled="False" position="2" action="Translate" comment="">
|
||||
<NATRule id="id3616X80784" disabled="False" group="" position="2" action="Translate" comment="">
|
||||
<OSrc neg="False">
|
||||
<ObjectRef ref="sysid0"/>
|
||||
</OSrc>
|
||||
@ -507,6 +519,12 @@
|
||||
<TSrv neg="False">
|
||||
<ServiceRef ref="sysid1"/>
|
||||
</TSrv>
|
||||
<ItfInb neg="False">
|
||||
<ObjectRef ref="sysid0"/>
|
||||
</ItfInb>
|
||||
<ItfOutb neg="False">
|
||||
<ObjectRef ref="sysid0"/>
|
||||
</ItfOutb>
|
||||
<NATRuleOptions/>
|
||||
</NATRule>
|
||||
<RuleSetOptions/>
|
||||
@ -619,7 +637,7 @@
|
||||
</Firewall>
|
||||
<Firewall id="id4399X15797" host_OS="linux24" inactive="False" lastCompiled="0" lastInstalled="0" lastModified="1275952379" platform="iptables" version="" name="member1" comment="This firewall has two interfaces. Eth0 faces outside and has a dynamic address; eth1 faces inside. Policy includes basic rules to permit unrestricted outbound access and anti-spoofing rules. Access to the firewall is permitted only from internal network and only using SSH. The firewall uses one of the machines on internal network for DNS. Internal network is configured with address 192.168.1.0/255.255.255.0" ro="False">
|
||||
<NAT id="id4420X15797" name="NAT" comment="" ro="False" ipv4_rule_set="False" ipv6_rule_set="False" top_rule_set="True">
|
||||
<NATRule id="id4422X15797" disabled="False" position="0" action="Translate" comment="">
|
||||
<NATRule id="id4422X15797" disabled="False" group="" position="0" action="Translate" comment="">
|
||||
<OSrc neg="False">
|
||||
<ObjectRef ref="id3DC75CE7-1"/>
|
||||
</OSrc>
|
||||
@ -638,6 +656,12 @@
|
||||
<TSrv neg="False">
|
||||
<ServiceRef ref="sysid1"/>
|
||||
</TSrv>
|
||||
<ItfInb neg="False">
|
||||
<ObjectRef ref="sysid0"/>
|
||||
</ItfInb>
|
||||
<ItfOutb neg="False">
|
||||
<ObjectRef ref="sysid0"/>
|
||||
</ItfOutb>
|
||||
<NATRuleOptions/>
|
||||
</NATRule>
|
||||
<RuleSetOptions/>
|
||||
@ -709,7 +733,7 @@
|
||||
</Firewall>
|
||||
<Firewall id="id4661X15797" host_OS="linux24" inactive="False" lastCompiled="0" lastInstalled="0" lastModified="1275952384" platform="iptables" version="" name="member2" comment="This firewall has two interfaces. Eth0 faces outside and has a dynamic address; eth1 faces inside. Policy includes basic rules to permit unrestricted outbound access and anti-spoofing rules. Access to the firewall is permitted only from internal network and only using SSH. The firewall uses one of the machines on internal network for DNS. Internal network is configured with address 192.168.1.0/255.255.255.0" ro="False">
|
||||
<NAT id="id4769X15797" name="NAT" comment="" ro="False" ipv4_rule_set="False" ipv6_rule_set="False" top_rule_set="True">
|
||||
<NATRule id="id4770X15797" disabled="False" position="0" action="Translate" comment="">
|
||||
<NATRule id="id4770X15797" disabled="False" group="" position="0" action="Translate" comment="">
|
||||
<OSrc neg="False">
|
||||
<ObjectRef ref="id3DC75CE7-1"/>
|
||||
</OSrc>
|
||||
@ -728,6 +752,12 @@
|
||||
<TSrv neg="False">
|
||||
<ServiceRef ref="sysid1"/>
|
||||
</TSrv>
|
||||
<ItfInb neg="False">
|
||||
<ObjectRef ref="sysid0"/>
|
||||
</ItfInb>
|
||||
<ItfOutb neg="False">
|
||||
<ObjectRef ref="sysid0"/>
|
||||
</ItfOutb>
|
||||
<NATRuleOptions/>
|
||||
</NATRule>
|
||||
<RuleSetOptions/>
|
||||
|
||||
@ -1,6 +1,6 @@
|
||||
<?xml version="1.0" encoding="utf-8"?>
|
||||
<!DOCTYPE FWObjectDatabase SYSTEM "fwbuilder.dtd">
|
||||
<FWObjectDatabase xmlns="http://www.fwbuilder.org/1.0/" version="17" lastModified="1284658651" id="root">
|
||||
<FWObjectDatabase xmlns="http://www.fwbuilder.org/1.0/" version="18" lastModified="1284658651" id="root">
|
||||
<Library id="syslib000" color="#d4f8ff" name="Standard" comment="Standard objects" ro="True">
|
||||
<AnyNetwork id="sysid0" name="Any" comment="Any Network" ro="False" address="0.0.0.0" netmask="0.0.0.0"/>
|
||||
<AnyIPService id="sysid1" protocol_num="0" name="Any" comment="Any IP Service" ro="False"/>
|
||||
@ -442,7 +442,7 @@
|
||||
<ObjectGroup id="id1809X5592" name="Firewalls" comment="" ro="False">
|
||||
<Firewall id="id2393X25033" host_OS="solaris" inactive="False" lastCompiled="1284654406" lastInstalled="0" lastModified="1284659631" platform="ipf" version="" name="ipf1" comment="# Firewall object test1 comment " ro="False">
|
||||
<NAT id="id2397X25033" name="NAT" comment="" ro="False" ipv4_rule_set="False" ipv6_rule_set="False" top_rule_set="True">
|
||||
<NATRule id="id2503X28067" disabled="False" position="0" action="Translate" comment="">
|
||||
<NATRule id="id2503X28067" disabled="False" group="" position="0" action="Translate" comment="">
|
||||
<OSrc neg="False">
|
||||
<ObjectRef ref="sysid0"/>
|
||||
</OSrc>
|
||||
@ -461,12 +461,18 @@
|
||||
<TSrv neg="False">
|
||||
<ServiceRef ref="sysid1"/>
|
||||
</TSrv>
|
||||
<ItfInb neg="False">
|
||||
<ObjectRef ref="sysid0"/>
|
||||
</ItfInb>
|
||||
<ItfOutb neg="False">
|
||||
<ObjectRef ref="sysid0"/>
|
||||
</ItfOutb>
|
||||
<NATRuleOptions/>
|
||||
</NATRule>
|
||||
<RuleSetOptions/>
|
||||
</NAT>
|
||||
<Policy id="id2395X25033" name="Policy" comment="" ro="False" ipv4_rule_set="False" ipv6_rule_set="False" top_rule_set="True">
|
||||
<PolicyRule id="id2410X25033" disabled="False" log="True" position="0" action="Deny" direction="Both" comment="">
|
||||
<PolicyRule id="id2410X25033" disabled="False" group="" log="True" position="0" action="Deny" direction="Both" comment="">
|
||||
<Src neg="False">
|
||||
<ObjectRef ref="sysid0"/>
|
||||
</Src>
|
||||
@ -516,7 +522,7 @@
|
||||
</Firewall>
|
||||
<Firewall id="id2422X25033" host_OS="solaris" inactive="False" lastCompiled="1284669164" lastInstalled="0" lastModified="1284659302" platform="ipf" version="" name="ipf2" comment="output file name is set to ipf2-1.fw" ro="False">
|
||||
<NAT id="id2449X25033" name="NAT" comment="" ro="False" ipv4_rule_set="False" ipv6_rule_set="False" top_rule_set="True">
|
||||
<NATRule id="id2754X28067" disabled="False" position="0" action="Translate" comment="">
|
||||
<NATRule id="id2754X28067" disabled="False" group="" position="0" action="Translate" comment="">
|
||||
<OSrc neg="False">
|
||||
<ObjectRef ref="sysid0"/>
|
||||
</OSrc>
|
||||
@ -535,12 +541,18 @@
|
||||
<TSrv neg="False">
|
||||
<ServiceRef ref="sysid1"/>
|
||||
</TSrv>
|
||||
<ItfInb neg="False">
|
||||
<ObjectRef ref="sysid0"/>
|
||||
</ItfInb>
|
||||
<ItfOutb neg="False">
|
||||
<ObjectRef ref="sysid0"/>
|
||||
</ItfOutb>
|
||||
<NATRuleOptions/>
|
||||
</NATRule>
|
||||
<RuleSetOptions/>
|
||||
</NAT>
|
||||
<Policy id="id2435X25033" name="Policy" comment="" ro="False" ipv4_rule_set="False" ipv6_rule_set="False" top_rule_set="True">
|
||||
<PolicyRule id="id2436X25033" disabled="False" log="True" position="0" action="Deny" direction="Both" comment="">
|
||||
<PolicyRule id="id2436X25033" disabled="False" group="" log="True" position="0" action="Deny" direction="Both" comment="">
|
||||
<Src neg="False">
|
||||
<ObjectRef ref="sysid0"/>
|
||||
</Src>
|
||||
@ -625,7 +637,7 @@
|
||||
</Firewall>
|
||||
<Firewall id="id2540X25033" host_OS="solaris" inactive="False" lastCompiled="1284659421" lastInstalled="0" lastModified="1284659417" platform="ipf" version="" name="ipf3" comment="" ro="False">
|
||||
<NAT id="id2567X25033" name="NAT" comment="" ro="False" ipv4_rule_set="False" ipv6_rule_set="False" top_rule_set="True">
|
||||
<NATRule id="id2768X28067" disabled="False" position="0" action="Translate" comment="">
|
||||
<NATRule id="id2768X28067" disabled="False" group="" position="0" action="Translate" comment="">
|
||||
<OSrc neg="False">
|
||||
<ObjectRef ref="sysid0"/>
|
||||
</OSrc>
|
||||
@ -644,12 +656,18 @@
|
||||
<TSrv neg="False">
|
||||
<ServiceRef ref="sysid1"/>
|
||||
</TSrv>
|
||||
<ItfInb neg="False">
|
||||
<ObjectRef ref="sysid0"/>
|
||||
</ItfInb>
|
||||
<ItfOutb neg="False">
|
||||
<ObjectRef ref="sysid0"/>
|
||||
</ItfOutb>
|
||||
<NATRuleOptions/>
|
||||
</NATRule>
|
||||
<RuleSetOptions/>
|
||||
</NAT>
|
||||
<Policy id="id2553X25033" name="Policy" comment="" ro="False" ipv4_rule_set="False" ipv6_rule_set="False" top_rule_set="True">
|
||||
<PolicyRule id="id2554X25033" disabled="False" log="True" position="0" action="Deny" direction="Both" comment="">
|
||||
<PolicyRule id="id2554X25033" disabled="False" group="" log="True" position="0" action="Deny" direction="Both" comment="">
|
||||
<Src neg="False">
|
||||
<ObjectRef ref="sysid0"/>
|
||||
</Src>
|
||||
@ -734,7 +752,7 @@
|
||||
</Firewall>
|
||||
<Firewall id="id2685X25033" host_OS="solaris" inactive="False" lastCompiled="1284659501" lastInstalled="0" lastModified="1284659497" platform="ipf" version="" name="ipf4" comment="" ro="False">
|
||||
<NAT id="id2712X25033" name="NAT" comment="" ro="False" ipv4_rule_set="False" ipv6_rule_set="False" top_rule_set="True">
|
||||
<NATRule id="id2782X28067" disabled="False" position="0" action="Translate" comment="">
|
||||
<NATRule id="id2782X28067" disabled="False" group="" position="0" action="Translate" comment="">
|
||||
<OSrc neg="False">
|
||||
<ObjectRef ref="sysid0"/>
|
||||
</OSrc>
|
||||
@ -753,12 +771,18 @@
|
||||
<TSrv neg="False">
|
||||
<ServiceRef ref="sysid1"/>
|
||||
</TSrv>
|
||||
<ItfInb neg="False">
|
||||
<ObjectRef ref="sysid0"/>
|
||||
</ItfInb>
|
||||
<ItfOutb neg="False">
|
||||
<ObjectRef ref="sysid0"/>
|
||||
</ItfOutb>
|
||||
<NATRuleOptions/>
|
||||
</NATRule>
|
||||
<RuleSetOptions/>
|
||||
</NAT>
|
||||
<Policy id="id2698X25033" name="Policy" comment="" ro="False" ipv4_rule_set="False" ipv6_rule_set="False" top_rule_set="True">
|
||||
<PolicyRule id="id2699X25033" disabled="False" log="True" position="0" action="Deny" direction="Both" comment="">
|
||||
<PolicyRule id="id2699X25033" disabled="False" group="" log="True" position="0" action="Deny" direction="Both" comment="">
|
||||
<Src neg="False">
|
||||
<ObjectRef ref="sysid0"/>
|
||||
</Src>
|
||||
@ -843,7 +867,7 @@
|
||||
</Firewall>
|
||||
<Firewall id="id2541X28067" host_OS="solaris" inactive="False" lastCompiled="1284659208" lastInstalled="0" lastModified="1284659299" platform="ipf" version="" name="ipf2a" comment="output file name is set to ipf2a-1" ro="False">
|
||||
<NAT id="id2568X28067" name="NAT" comment="" ro="False" ipv4_rule_set="False" ipv6_rule_set="False" top_rule_set="True">
|
||||
<NATRule id="id2740X28067" disabled="False" position="0" action="Translate" comment="">
|
||||
<NATRule id="id2740X28067" disabled="False" group="" position="0" action="Translate" comment="">
|
||||
<OSrc neg="False">
|
||||
<ObjectRef ref="sysid0"/>
|
||||
</OSrc>
|
||||
@ -862,12 +886,18 @@
|
||||
<TSrv neg="False">
|
||||
<ServiceRef ref="sysid1"/>
|
||||
</TSrv>
|
||||
<ItfInb neg="False">
|
||||
<ObjectRef ref="sysid0"/>
|
||||
</ItfInb>
|
||||
<ItfOutb neg="False">
|
||||
<ObjectRef ref="sysid0"/>
|
||||
</ItfOutb>
|
||||
<NATRuleOptions/>
|
||||
</NATRule>
|
||||
<RuleSetOptions/>
|
||||
</NAT>
|
||||
<Policy id="id2554X28067" name="Policy" comment="" ro="False" ipv4_rule_set="False" ipv6_rule_set="False" top_rule_set="True">
|
||||
<PolicyRule id="id2555X28067" disabled="False" log="True" position="0" action="Deny" direction="Both" comment="">
|
||||
<PolicyRule id="id2555X28067" disabled="False" group="" log="True" position="0" action="Deny" direction="Both" comment="">
|
||||
<Src neg="False">
|
||||
<ObjectRef ref="sysid0"/>
|
||||
</Src>
|
||||
|
||||
@ -1,6 +1,6 @@
|
||||
<?xml version="1.0" encoding="utf-8"?>
|
||||
<!DOCTYPE FWObjectDatabase SYSTEM "fwbuilder.dtd">
|
||||
<FWObjectDatabase xmlns="http://www.fwbuilder.org/1.0/" version="17" lastModified="1284658651" id="root">
|
||||
<FWObjectDatabase xmlns="http://www.fwbuilder.org/1.0/" version="18" lastModified="1284658651" id="root">
|
||||
<Library id="syslib000" color="#d4f8ff" name="Standard" comment="Standard objects" ro="True">
|
||||
<AnyNetwork id="sysid0" name="Any" comment="Any Network" ro="False" address="0.0.0.0" netmask="0.0.0.0"/>
|
||||
<AnyIPService id="sysid1" protocol_num="0" name="Any" comment="Any IP Service" ro="False"/>
|
||||
@ -468,6 +468,12 @@
|
||||
<TSrv neg="False">
|
||||
<ServiceRef ref="sysid1"/>
|
||||
</TSrv>
|
||||
<ItfInb neg="False">
|
||||
<ObjectRef ref="sysid0"/>
|
||||
</ItfInb>
|
||||
<ItfOutb neg="False">
|
||||
<ObjectRef ref="sysid0"/>
|
||||
</ItfOutb>
|
||||
<NATRuleOptions/>
|
||||
</NATRule>
|
||||
<RuleSetOptions/>
|
||||
@ -545,6 +551,12 @@
|
||||
<TSrv neg="False">
|
||||
<ServiceRef ref="sysid1"/>
|
||||
</TSrv>
|
||||
<ItfInb neg="False">
|
||||
<ObjectRef ref="sysid0"/>
|
||||
</ItfInb>
|
||||
<ItfOutb neg="False">
|
||||
<ObjectRef ref="sysid0"/>
|
||||
</ItfOutb>
|
||||
<NATRuleOptions/>
|
||||
</NATRule>
|
||||
<RuleSetOptions/>
|
||||
@ -656,6 +668,12 @@
|
||||
<TSrv neg="False">
|
||||
<ServiceRef ref="sysid1"/>
|
||||
</TSrv>
|
||||
<ItfInb neg="False">
|
||||
<ObjectRef ref="sysid0"/>
|
||||
</ItfInb>
|
||||
<ItfOutb neg="False">
|
||||
<ObjectRef ref="sysid0"/>
|
||||
</ItfOutb>
|
||||
<NATRuleOptions/>
|
||||
</NATRule>
|
||||
<RuleSetOptions/>
|
||||
@ -767,6 +785,12 @@
|
||||
<TSrv neg="False">
|
||||
<ServiceRef ref="sysid1"/>
|
||||
</TSrv>
|
||||
<ItfInb neg="False">
|
||||
<ObjectRef ref="sysid0"/>
|
||||
</ItfInb>
|
||||
<ItfOutb neg="False">
|
||||
<ObjectRef ref="sysid0"/>
|
||||
</ItfOutb>
|
||||
<NATRuleOptions/>
|
||||
</NATRule>
|
||||
<RuleSetOptions/>
|
||||
@ -878,6 +902,12 @@
|
||||
<TSrv neg="False">
|
||||
<ServiceRef ref="sysid1"/>
|
||||
</TSrv>
|
||||
<ItfInb neg="False">
|
||||
<ObjectRef ref="sysid0"/>
|
||||
</ItfInb>
|
||||
<ItfOutb neg="False">
|
||||
<ObjectRef ref="sysid0"/>
|
||||
</ItfOutb>
|
||||
<NATRuleOptions/>
|
||||
</NATRule>
|
||||
<RuleSetOptions/>
|
||||
|
||||
@ -1,6 +1,6 @@
|
||||
<?xml version="1.0" encoding="utf-8"?>
|
||||
<!DOCTYPE FWObjectDatabase SYSTEM "fwbuilder.dtd">
|
||||
<FWObjectDatabase xmlns="http://www.fwbuilder.org/1.0/" version="17" lastModified="1296619808" id="root">
|
||||
<FWObjectDatabase xmlns="http://www.fwbuilder.org/1.0/" version="18" lastModified="1296619808" id="root">
|
||||
<Library id="syslib000" color="#d4f8ff" name="Standard" comment="Standard objects" ro="True">
|
||||
<AnyNetwork id="sysid0" name="Any" comment="Any Network" ro="False" address="0.0.0.0" netmask="0.0.0.0"/>
|
||||
<AnyIPService id="sysid1" protocol_num="0" name="Any" comment="Any IP Service" ro="False"/>
|
||||
@ -930,6 +930,12 @@
|
||||
<TSrv neg="False">
|
||||
<ServiceRef ref="sysid1"/>
|
||||
</TSrv>
|
||||
<ItfInb neg="False">
|
||||
<ObjectRef ref="sysid0"/>
|
||||
</ItfInb>
|
||||
<ItfOutb neg="False">
|
||||
<ObjectRef ref="sysid0"/>
|
||||
</ItfOutb>
|
||||
<NATRuleOptions/>
|
||||
</NATRule>
|
||||
<NATRule id="id11861X30989" disabled="False" group="" position="1" action="Translate" comment="">
|
||||
@ -951,6 +957,12 @@
|
||||
<TSrv neg="False">
|
||||
<ServiceRef ref="sysid1"/>
|
||||
</TSrv>
|
||||
<ItfInb neg="False">
|
||||
<ObjectRef ref="sysid0"/>
|
||||
</ItfInb>
|
||||
<ItfOutb neg="False">
|
||||
<ObjectRef ref="sysid0"/>
|
||||
</ItfOutb>
|
||||
<NATRuleOptions/>
|
||||
</NATRule>
|
||||
<RuleSetOptions/>
|
||||
@ -1100,6 +1112,12 @@
|
||||
<TSrv neg="False">
|
||||
<ServiceRef ref="sysid1"/>
|
||||
</TSrv>
|
||||
<ItfInb neg="False">
|
||||
<ObjectRef ref="sysid0"/>
|
||||
</ItfInb>
|
||||
<ItfOutb neg="False">
|
||||
<ObjectRef ref="sysid0"/>
|
||||
</ItfOutb>
|
||||
<NATRuleOptions/>
|
||||
</NATRule>
|
||||
<NATRule id="id16509X30989" disabled="False" group="" position="1" action="Translate" comment="">
|
||||
@ -1121,6 +1139,12 @@
|
||||
<TSrv neg="False">
|
||||
<ServiceRef ref="sysid1"/>
|
||||
</TSrv>
|
||||
<ItfInb neg="False">
|
||||
<ObjectRef ref="sysid0"/>
|
||||
</ItfInb>
|
||||
<ItfOutb neg="False">
|
||||
<ObjectRef ref="sysid0"/>
|
||||
</ItfOutb>
|
||||
<NATRuleOptions/>
|
||||
</NATRule>
|
||||
<RuleSetOptions/>
|
||||
@ -1270,6 +1294,12 @@
|
||||
<TSrv neg="False">
|
||||
<ServiceRef ref="sysid1"/>
|
||||
</TSrv>
|
||||
<ItfInb neg="False">
|
||||
<ObjectRef ref="sysid0"/>
|
||||
</ItfInb>
|
||||
<ItfOutb neg="False">
|
||||
<ObjectRef ref="sysid0"/>
|
||||
</ItfOutb>
|
||||
<NATRuleOptions/>
|
||||
</NATRule>
|
||||
<NATRule id="id3078X5927" disabled="False" group="" position="1" action="Translate" comment="">
|
||||
@ -1291,6 +1321,12 @@
|
||||
<TSrv neg="False">
|
||||
<ServiceRef ref="sysid1"/>
|
||||
</TSrv>
|
||||
<ItfInb neg="False">
|
||||
<ObjectRef ref="sysid0"/>
|
||||
</ItfInb>
|
||||
<ItfOutb neg="False">
|
||||
<ObjectRef ref="sysid0"/>
|
||||
</ItfOutb>
|
||||
<NATRuleOptions/>
|
||||
</NATRule>
|
||||
<RuleSetOptions/>
|
||||
|
||||
@ -1,6 +1,6 @@
|
||||
<?xml version="1.0" encoding="utf-8"?>
|
||||
<!DOCTYPE FWObjectDatabase SYSTEM "fwbuilder.dtd">
|
||||
<FWObjectDatabase xmlns="http://www.fwbuilder.org/1.0/" version="17" lastModified="1296774909" id="root">
|
||||
<FWObjectDatabase xmlns="http://www.fwbuilder.org/1.0/" version="18" lastModified="1296774909" id="root">
|
||||
<Library id="syslib000" color="#d4f8ff" name="Standard" comment="Standard objects" ro="True">
|
||||
<AnyNetwork id="sysid0" name="Any" comment="Any Network" ro="False" address="0.0.0.0" netmask="0.0.0.0"/>
|
||||
<AnyIPService id="sysid1" protocol_num="0" name="Any" comment="Any IP Service" ro="False"/>
|
||||
@ -468,6 +468,12 @@
|
||||
<TSrv neg="False">
|
||||
<ServiceRef ref="sysid1"/>
|
||||
</TSrv>
|
||||
<ItfInb neg="False">
|
||||
<ObjectRef ref="sysid0"/>
|
||||
</ItfInb>
|
||||
<ItfOutb neg="False">
|
||||
<ObjectRef ref="sysid0"/>
|
||||
</ItfOutb>
|
||||
<NATRuleOptions/>
|
||||
</NATRule>
|
||||
<RuleSetOptions/>
|
||||
@ -550,6 +556,12 @@
|
||||
<TSrv neg="False">
|
||||
<ServiceRef ref="sysid1"/>
|
||||
</TSrv>
|
||||
<ItfInb neg="False">
|
||||
<ObjectRef ref="sysid0"/>
|
||||
</ItfInb>
|
||||
<ItfOutb neg="False">
|
||||
<ObjectRef ref="sysid0"/>
|
||||
</ItfOutb>
|
||||
<NATRuleOptions/>
|
||||
</NATRule>
|
||||
<RuleSetOptions/>
|
||||
@ -667,6 +679,12 @@
|
||||
<TSrv neg="False">
|
||||
<ServiceRef ref="sysid1"/>
|
||||
</TSrv>
|
||||
<ItfInb neg="False">
|
||||
<ObjectRef ref="sysid0"/>
|
||||
</ItfInb>
|
||||
<ItfOutb neg="False">
|
||||
<ObjectRef ref="sysid0"/>
|
||||
</ItfOutb>
|
||||
<NATRuleOptions/>
|
||||
</NATRule>
|
||||
<RuleSetOptions/>
|
||||
@ -846,6 +864,12 @@
|
||||
<TSrv neg="False">
|
||||
<ServiceRef ref="sysid1"/>
|
||||
</TSrv>
|
||||
<ItfInb neg="False">
|
||||
<ObjectRef ref="sysid0"/>
|
||||
</ItfInb>
|
||||
<ItfOutb neg="False">
|
||||
<ObjectRef ref="sysid0"/>
|
||||
</ItfOutb>
|
||||
<NATRuleOptions/>
|
||||
</NATRule>
|
||||
<RuleSetOptions/>
|
||||
@ -1025,6 +1049,12 @@
|
||||
<TSrv neg="False">
|
||||
<ServiceRef ref="sysid1"/>
|
||||
</TSrv>
|
||||
<ItfInb neg="False">
|
||||
<ObjectRef ref="sysid0"/>
|
||||
</ItfInb>
|
||||
<ItfOutb neg="False">
|
||||
<ObjectRef ref="sysid0"/>
|
||||
</ItfOutb>
|
||||
<NATRuleOptions/>
|
||||
</NATRule>
|
||||
<RuleSetOptions/>
|
||||
@ -1204,6 +1234,12 @@
|
||||
<TSrv neg="False">
|
||||
<ServiceRef ref="sysid1"/>
|
||||
</TSrv>
|
||||
<ItfInb neg="False">
|
||||
<ObjectRef ref="sysid0"/>
|
||||
</ItfInb>
|
||||
<ItfOutb neg="False">
|
||||
<ObjectRef ref="sysid0"/>
|
||||
</ItfOutb>
|
||||
<NATRuleOptions/>
|
||||
</NATRule>
|
||||
<RuleSetOptions/>
|
||||
@ -1383,6 +1419,12 @@
|
||||
<TSrv neg="False">
|
||||
<ServiceRef ref="sysid1"/>
|
||||
</TSrv>
|
||||
<ItfInb neg="False">
|
||||
<ObjectRef ref="sysid0"/>
|
||||
</ItfInb>
|
||||
<ItfOutb neg="False">
|
||||
<ObjectRef ref="sysid0"/>
|
||||
</ItfOutb>
|
||||
<NATRuleOptions/>
|
||||
</NATRule>
|
||||
<RuleSetOptions/>
|
||||
@ -1562,6 +1604,12 @@
|
||||
<TSrv neg="False">
|
||||
<ServiceRef ref="sysid1"/>
|
||||
</TSrv>
|
||||
<ItfInb neg="False">
|
||||
<ObjectRef ref="sysid0"/>
|
||||
</ItfInb>
|
||||
<ItfOutb neg="False">
|
||||
<ObjectRef ref="sysid0"/>
|
||||
</ItfOutb>
|
||||
<NATRuleOptions/>
|
||||
</NATRule>
|
||||
<RuleSetOptions/>
|
||||
@ -1741,6 +1789,12 @@
|
||||
<TSrv neg="False">
|
||||
<ServiceRef ref="sysid1"/>
|
||||
</TSrv>
|
||||
<ItfInb neg="False">
|
||||
<ObjectRef ref="sysid0"/>
|
||||
</ItfInb>
|
||||
<ItfOutb neg="False">
|
||||
<ObjectRef ref="sysid0"/>
|
||||
</ItfOutb>
|
||||
<NATRuleOptions/>
|
||||
</NATRule>
|
||||
<RuleSetOptions/>
|
||||
@ -1943,6 +1997,12 @@
|
||||
<TSrv neg="False">
|
||||
<ServiceRef ref="sysid1"/>
|
||||
</TSrv>
|
||||
<ItfInb neg="False">
|
||||
<ObjectRef ref="sysid0"/>
|
||||
</ItfInb>
|
||||
<ItfOutb neg="False">
|
||||
<ObjectRef ref="sysid0"/>
|
||||
</ItfOutb>
|
||||
<NATRuleOptions/>
|
||||
</NATRule>
|
||||
<RuleSetOptions/>
|
||||
|
||||
@ -1,6 +1,6 @@
|
||||
<?xml version="1.0" encoding="utf-8"?>
|
||||
<!DOCTYPE FWObjectDatabase SYSTEM "fwbuilder.dtd">
|
||||
<FWObjectDatabase xmlns="http://www.fwbuilder.org/1.0/" version="17" lastModified="1269017995" id="root">
|
||||
<FWObjectDatabase xmlns="http://www.fwbuilder.org/1.0/" version="18" lastModified="1269017995" id="root">
|
||||
<Library id="syslib000" color="#d4f8ff" name="Standard" comment="Standard objects" ro="True">
|
||||
<AnyNetwork id="sysid0" name="Any" comment="Any Network" ro="False" address="0.0.0.0" netmask="0.0.0.0"/>
|
||||
<AnyIPService id="sysid1" protocol_num="0" name="Any" comment="Any IP Service" ro="False"/>
|
||||
|
||||
@ -1,6 +1,6 @@
|
||||
<?xml version="1.0" encoding="utf-8"?>
|
||||
<!DOCTYPE FWObjectDatabase SYSTEM "fwbuilder.dtd">
|
||||
<FWObjectDatabase xmlns="http://www.fwbuilder.org/1.0/" version="17" lastModified="1263678434" id="root">
|
||||
<FWObjectDatabase xmlns="http://www.fwbuilder.org/1.0/" version="18" lastModified="1263678434" id="root">
|
||||
<Library id="syslib000" color="#d4f8ff" name="Standard" comment="Standard objects" ro="True">
|
||||
<AnyNetwork id="sysid0" name="Any" comment="Any Network" ro="False" address="0.0.0.0" netmask="0.0.0.0"/>
|
||||
<AnyIPService id="sysid1" protocol_num="0" name="Any" comment="Any IP Service" ro="False"/>
|
||||
@ -437,7 +437,7 @@
|
||||
<ObjectGroup id="id14951X3268" name="Firewalls" comment="" ro="False">
|
||||
<Firewall id="id16544X3268" host_OS="linux24" inactive="False" lastCompiled="1263673489" lastInstalled="0" lastModified="1263673477" platform="iptables" version="" name="test1" comment="This firewall has two interfaces. Eth0 faces outside and has a dynamic address; eth1 faces inside. Policy includes basic rules to permit unrestricted outbound access and anti-spoofing rules. Access to the firewall is permitted only from internal network and only using SSH. The firewall uses one of the machines on internal network for DNS. Internal network is configured with address 192.168.1.0/255.255.255.0" ro="False">
|
||||
<NAT id="id16565X3268" name="NAT" comment="" ro="False" ipv4_rule_set="False" ipv6_rule_set="False" top_rule_set="True">
|
||||
<NATRule id="id16567X3268" disabled="False" position="0" action="Translate" comment="">
|
||||
<NATRule id="id16567X3268" disabled="False" group="" position="0" action="Translate" comment="">
|
||||
<OSrc neg="False">
|
||||
<ObjectRef ref="id3DC75CE7-1"/>
|
||||
</OSrc>
|
||||
@ -456,12 +456,18 @@
|
||||
<TSrv neg="False">
|
||||
<ServiceRef ref="sysid1"/>
|
||||
</TSrv>
|
||||
<ItfInb neg="False">
|
||||
<ObjectRef ref="sysid0"/>
|
||||
</ItfInb>
|
||||
<ItfOutb neg="False">
|
||||
<ObjectRef ref="sysid0"/>
|
||||
</ItfOutb>
|
||||
<NATRuleOptions/>
|
||||
</NATRule>
|
||||
<RuleSetOptions/>
|
||||
</NAT>
|
||||
<Policy id="id16601X3268" name="Policy" comment="" ro="False" ipv4_rule_set="False" ipv6_rule_set="False" top_rule_set="True">
|
||||
<PolicyRule id="id16603X3268" disabled="False" log="True" position="0" action="Deny" direction="Inbound" comment="anti spoofing rule">
|
||||
<PolicyRule id="id16603X3268" disabled="False" group="" log="True" position="0" action="Deny" direction="Inbound" comment="anti spoofing rule">
|
||||
<Src neg="False">
|
||||
<ObjectRef ref="id16544X3268"/>
|
||||
<ObjectRef ref="id3DC75CE7-1"/>
|
||||
@ -480,7 +486,7 @@
|
||||
</When>
|
||||
<PolicyRuleOptions/>
|
||||
</PolicyRule>
|
||||
<PolicyRule id="id16632X3268" disabled="False" log="False" position="1" action="Accept" direction="Both" comment="">
|
||||
<PolicyRule id="id16632X3268" disabled="False" group="" log="False" position="1" action="Accept" direction="Both" comment="">
|
||||
<Src neg="False">
|
||||
<ObjectRef ref="sysid0"/>
|
||||
</Src>
|
||||
@ -498,7 +504,7 @@
|
||||
</When>
|
||||
<PolicyRuleOptions/>
|
||||
</PolicyRule>
|
||||
<PolicyRule id="id16660X3268" disabled="False" log="False" position="2" action="Accept" direction="Both" comment="SSH Access to firewall is permitted only from internal network">
|
||||
<PolicyRule id="id16660X3268" disabled="False" group="" log="False" position="2" action="Accept" direction="Both" comment="SSH Access to firewall is permitted only from internal network">
|
||||
<Src neg="False">
|
||||
<ObjectRef ref="id3DC75CE7-1"/>
|
||||
</Src>
|
||||
@ -516,7 +522,7 @@
|
||||
</When>
|
||||
<PolicyRuleOptions/>
|
||||
</PolicyRule>
|
||||
<PolicyRule id="id16688X3268" disabled="False" log="True" position="3" action="Accept" direction="Both" comment="Firewall uses one of the machines on internal network for DNS">
|
||||
<PolicyRule id="id16688X3268" disabled="False" group="" log="True" position="3" action="Accept" direction="Both" comment="Firewall uses one of the machines on internal network for DNS">
|
||||
<Src neg="False">
|
||||
<ObjectRef ref="id16544X3268"/>
|
||||
</Src>
|
||||
@ -534,7 +540,7 @@
|
||||
</When>
|
||||
<PolicyRuleOptions/>
|
||||
</PolicyRule>
|
||||
<PolicyRule id="id16716X3268" disabled="False" log="True" position="4" action="Deny" direction="Both" comment="All other attempts to connect to the firewall are denied and logged">
|
||||
<PolicyRule id="id16716X3268" disabled="False" group="" log="True" position="4" action="Deny" direction="Both" comment="All other attempts to connect to the firewall are denied and logged">
|
||||
<Src neg="False">
|
||||
<ObjectRef ref="sysid0"/>
|
||||
</Src>
|
||||
@ -552,7 +558,7 @@
|
||||
</When>
|
||||
<PolicyRuleOptions/>
|
||||
</PolicyRule>
|
||||
<PolicyRule id="id16744X3268" disabled="False" log="False" position="5" action="Accept" direction="Both" comment="">
|
||||
<PolicyRule id="id16744X3268" disabled="False" group="" log="False" position="5" action="Accept" direction="Both" comment="">
|
||||
<Src neg="False">
|
||||
<ObjectRef ref="id3DC75CE7-1"/>
|
||||
</Src>
|
||||
@ -570,7 +576,7 @@
|
||||
</When>
|
||||
<PolicyRuleOptions/>
|
||||
</PolicyRule>
|
||||
<PolicyRule id="id16772X3268" disabled="False" log="True" position="6" action="Deny" direction="Both" comment="">
|
||||
<PolicyRule id="id16772X3268" disabled="False" group="" log="True" position="6" action="Deny" direction="Both" comment="">
|
||||
<Src neg="False">
|
||||
<ObjectRef ref="sysid0"/>
|
||||
</Src>
|
||||
@ -653,7 +659,7 @@
|
||||
</Firewall>
|
||||
<Firewall id="id2198X35122" host_OS="linux24" inactive="False" lastCompiled="0" lastInstalled="0" lastModified="1263673484" platform="iptables" version="" name="test2" comment="This firewall has two interfaces. Eth0 faces outside and has a dynamic address; eth1 faces inside. Policy includes basic rules to permit unrestricted outbound access and anti-spoofing rules. Access to the firewall is permitted only from internal network and only using SSH. The firewall uses one of the machines on internal network for DNS. Internal network is configured with address 192.168.1.0/255.255.255.0" ro="False">
|
||||
<NAT id="id2306X35122" name="NAT" comment="" ro="False" ipv4_rule_set="False" ipv6_rule_set="False" top_rule_set="True">
|
||||
<NATRule id="id2307X35122" disabled="False" position="0" action="Translate" comment="">
|
||||
<NATRule id="id2307X35122" disabled="False" group="" position="0" action="Translate" comment="">
|
||||
<OSrc neg="False">
|
||||
<ObjectRef ref="id3DC75CE7-1"/>
|
||||
</OSrc>
|
||||
@ -672,12 +678,18 @@
|
||||
<TSrv neg="False">
|
||||
<ServiceRef ref="sysid1"/>
|
||||
</TSrv>
|
||||
<ItfInb neg="False">
|
||||
<ObjectRef ref="sysid0"/>
|
||||
</ItfInb>
|
||||
<ItfOutb neg="False">
|
||||
<ObjectRef ref="sysid0"/>
|
||||
</ItfOutb>
|
||||
<NATRuleOptions/>
|
||||
</NATRule>
|
||||
<RuleSetOptions/>
|
||||
</NAT>
|
||||
<Policy id="id2219X35122" name="Policy" comment="" ro="False" ipv4_rule_set="False" ipv6_rule_set="False" top_rule_set="True">
|
||||
<PolicyRule id="id2220X35122" disabled="False" log="True" position="0" action="Deny" direction="Inbound" comment="anti spoofing rule">
|
||||
<PolicyRule id="id2220X35122" disabled="False" group="" log="True" position="0" action="Deny" direction="Inbound" comment="anti spoofing rule">
|
||||
<Src neg="False">
|
||||
<ObjectRef ref="id2198X35122"/>
|
||||
<ObjectRef ref="id3DC75CE7-1"/>
|
||||
@ -696,7 +708,7 @@
|
||||
</When>
|
||||
<PolicyRuleOptions/>
|
||||
</PolicyRule>
|
||||
<PolicyRule id="id2233X35122" disabled="False" log="False" position="1" action="Accept" direction="Both" comment="">
|
||||
<PolicyRule id="id2233X35122" disabled="False" group="" log="False" position="1" action="Accept" direction="Both" comment="">
|
||||
<Src neg="False">
|
||||
<ObjectRef ref="sysid0"/>
|
||||
</Src>
|
||||
@ -714,7 +726,7 @@
|
||||
</When>
|
||||
<PolicyRuleOptions/>
|
||||
</PolicyRule>
|
||||
<PolicyRule id="id2245X35122" disabled="False" log="False" position="2" action="Accept" direction="Both" comment="SSH Access to firewall is permitted only from internal network">
|
||||
<PolicyRule id="id2245X35122" disabled="False" group="" log="False" position="2" action="Accept" direction="Both" comment="SSH Access to firewall is permitted only from internal network">
|
||||
<Src neg="False">
|
||||
<ObjectRef ref="id3DC75CE7-1"/>
|
||||
</Src>
|
||||
@ -732,7 +744,7 @@
|
||||
</When>
|
||||
<PolicyRuleOptions/>
|
||||
</PolicyRule>
|
||||
<PolicyRule id="id2257X35122" disabled="False" log="True" position="3" action="Accept" direction="Both" comment="Firewall uses one of the machines on internal network for DNS">
|
||||
<PolicyRule id="id2257X35122" disabled="False" group="" log="True" position="3" action="Accept" direction="Both" comment="Firewall uses one of the machines on internal network for DNS">
|
||||
<Src neg="False">
|
||||
<ObjectRef ref="id2198X35122"/>
|
||||
</Src>
|
||||
@ -750,7 +762,7 @@
|
||||
</When>
|
||||
<PolicyRuleOptions/>
|
||||
</PolicyRule>
|
||||
<PolicyRule id="id2269X35122" disabled="False" log="True" position="4" action="Deny" direction="Both" comment="All other attempts to connect to the firewall are denied and logged">
|
||||
<PolicyRule id="id2269X35122" disabled="False" group="" log="True" position="4" action="Deny" direction="Both" comment="All other attempts to connect to the firewall are denied and logged">
|
||||
<Src neg="False">
|
||||
<ObjectRef ref="sysid0"/>
|
||||
</Src>
|
||||
@ -768,7 +780,7 @@
|
||||
</When>
|
||||
<PolicyRuleOptions/>
|
||||
</PolicyRule>
|
||||
<PolicyRule id="id2281X35122" disabled="False" log="False" position="5" action="Accept" direction="Both" comment="">
|
||||
<PolicyRule id="id2281X35122" disabled="False" group="" log="False" position="5" action="Accept" direction="Both" comment="">
|
||||
<Src neg="False">
|
||||
<ObjectRef ref="id3DC75CE7-1"/>
|
||||
</Src>
|
||||
@ -786,7 +798,7 @@
|
||||
</When>
|
||||
<PolicyRuleOptions/>
|
||||
</PolicyRule>
|
||||
<PolicyRule id="id2293X35122" disabled="False" log="True" position="6" action="Deny" direction="Both" comment="">
|
||||
<PolicyRule id="id2293X35122" disabled="False" group="" log="True" position="6" action="Deny" direction="Both" comment="">
|
||||
<Src neg="False">
|
||||
<ObjectRef ref="sysid0"/>
|
||||
</Src>
|
||||
@ -869,7 +881,7 @@
|
||||
</Firewall>
|
||||
<Firewall id="id2427X41369" host_OS="linux24" inactive="False" lastCompiled="1263678454" lastInstalled="0" lastModified="1263678441" platform="iptables" version="" name="test3" comment="This firewall has two interfaces. Eth0 faces outside and has a dynamic address; eth1 faces inside. Policy includes basic rules to permit unrestricted outbound access and anti-spoofing rules. Access to the firewall is permitted only from internal network and only using SSH. The firewall uses one of the machines on internal network for DNS. Internal network is configured with address 192.168.1.0/255.255.255.0" ro="False">
|
||||
<NAT id="id2535X41369" name="NAT" comment="" ro="False" ipv4_rule_set="False" ipv6_rule_set="False" top_rule_set="True">
|
||||
<NATRule id="id2536X41369" disabled="False" position="0" action="Translate" comment="">
|
||||
<NATRule id="id2536X41369" disabled="False" group="" position="0" action="Translate" comment="">
|
||||
<OSrc neg="False">
|
||||
<ObjectRef ref="id3DC75CE7-1"/>
|
||||
</OSrc>
|
||||
@ -888,12 +900,18 @@
|
||||
<TSrv neg="False">
|
||||
<ServiceRef ref="sysid1"/>
|
||||
</TSrv>
|
||||
<ItfInb neg="False">
|
||||
<ObjectRef ref="sysid0"/>
|
||||
</ItfInb>
|
||||
<ItfOutb neg="False">
|
||||
<ObjectRef ref="sysid0"/>
|
||||
</ItfOutb>
|
||||
<NATRuleOptions/>
|
||||
</NATRule>
|
||||
<RuleSetOptions/>
|
||||
</NAT>
|
||||
<Policy id="id2448X41369" name="Policy" comment="" ro="False" ipv4_rule_set="False" ipv6_rule_set="False" top_rule_set="True">
|
||||
<PolicyRule id="id2449X41369" disabled="False" log="True" position="0" action="Deny" direction="Inbound" comment="anti spoofing rule">
|
||||
<PolicyRule id="id2449X41369" disabled="False" group="" log="True" position="0" action="Deny" direction="Inbound" comment="anti spoofing rule">
|
||||
<Src neg="False">
|
||||
<ObjectRef ref="id2427X41369"/>
|
||||
<ObjectRef ref="id3DC75CE7-1"/>
|
||||
@ -912,7 +930,7 @@
|
||||
</When>
|
||||
<PolicyRuleOptions/>
|
||||
</PolicyRule>
|
||||
<PolicyRule id="id2462X41369" disabled="False" log="False" position="1" action="Accept" direction="Both" comment="">
|
||||
<PolicyRule id="id2462X41369" disabled="False" group="" log="False" position="1" action="Accept" direction="Both" comment="">
|
||||
<Src neg="False">
|
||||
<ObjectRef ref="sysid0"/>
|
||||
</Src>
|
||||
@ -930,7 +948,7 @@
|
||||
</When>
|
||||
<PolicyRuleOptions/>
|
||||
</PolicyRule>
|
||||
<PolicyRule id="id2474X41369" disabled="False" log="False" position="2" action="Accept" direction="Both" comment="SSH Access to firewall is permitted only from internal network">
|
||||
<PolicyRule id="id2474X41369" disabled="False" group="" log="False" position="2" action="Accept" direction="Both" comment="SSH Access to firewall is permitted only from internal network">
|
||||
<Src neg="False">
|
||||
<ObjectRef ref="id3DC75CE7-1"/>
|
||||
</Src>
|
||||
@ -948,7 +966,7 @@
|
||||
</When>
|
||||
<PolicyRuleOptions/>
|
||||
</PolicyRule>
|
||||
<PolicyRule id="id2486X41369" disabled="False" log="True" position="3" action="Accept" direction="Both" comment="Firewall uses one of the machines on internal network for DNS">
|
||||
<PolicyRule id="id2486X41369" disabled="False" group="" log="True" position="3" action="Accept" direction="Both" comment="Firewall uses one of the machines on internal network for DNS">
|
||||
<Src neg="False">
|
||||
<ObjectRef ref="id2427X41369"/>
|
||||
</Src>
|
||||
@ -966,7 +984,7 @@
|
||||
</When>
|
||||
<PolicyRuleOptions/>
|
||||
</PolicyRule>
|
||||
<PolicyRule id="id2498X41369" disabled="False" log="True" position="4" action="Deny" direction="Both" comment="All other attempts to connect to the firewall are denied and logged">
|
||||
<PolicyRule id="id2498X41369" disabled="False" group="" log="True" position="4" action="Deny" direction="Both" comment="All other attempts to connect to the firewall are denied and logged">
|
||||
<Src neg="False">
|
||||
<ObjectRef ref="sysid0"/>
|
||||
</Src>
|
||||
@ -984,7 +1002,7 @@
|
||||
</When>
|
||||
<PolicyRuleOptions/>
|
||||
</PolicyRule>
|
||||
<PolicyRule id="id2510X41369" disabled="False" log="False" position="5" action="Accept" direction="Both" comment="">
|
||||
<PolicyRule id="id2510X41369" disabled="False" group="" log="False" position="5" action="Accept" direction="Both" comment="">
|
||||
<Src neg="False">
|
||||
<ObjectRef ref="id3DC75CE7-1"/>
|
||||
</Src>
|
||||
@ -1002,7 +1020,7 @@
|
||||
</When>
|
||||
<PolicyRuleOptions/>
|
||||
</PolicyRule>
|
||||
<PolicyRule id="id2522X41369" disabled="False" log="True" position="6" action="Deny" direction="Both" comment="">
|
||||
<PolicyRule id="id2522X41369" disabled="False" group="" log="True" position="6" action="Deny" direction="Both" comment="">
|
||||
<Src neg="False">
|
||||
<ObjectRef ref="sysid0"/>
|
||||
</Src>
|
||||
@ -1085,7 +1103,7 @@
|
||||
</Firewall>
|
||||
<Firewall id="id2560X41369" host_OS="linux24" inactive="False" lastCompiled="0" lastInstalled="0" lastModified="1263678446" platform="iptables" version="" name="test4" comment="This firewall has two interfaces. Eth0 faces outside and has a dynamic address; eth1 faces inside. Policy includes basic rules to permit unrestricted outbound access and anti-spoofing rules. Access to the firewall is permitted only from internal network and only using SSH. The firewall uses one of the machines on internal network for DNS. Internal network is configured with address 192.168.1.0/255.255.255.0" ro="False">
|
||||
<NAT id="id2668X41369" name="NAT" comment="" ro="False" ipv4_rule_set="False" ipv6_rule_set="False" top_rule_set="True">
|
||||
<NATRule id="id2669X41369" disabled="False" position="0" action="Translate" comment="">
|
||||
<NATRule id="id2669X41369" disabled="False" group="" position="0" action="Translate" comment="">
|
||||
<OSrc neg="False">
|
||||
<ObjectRef ref="id3DC75CE7-1"/>
|
||||
</OSrc>
|
||||
@ -1104,12 +1122,18 @@
|
||||
<TSrv neg="False">
|
||||
<ServiceRef ref="sysid1"/>
|
||||
</TSrv>
|
||||
<ItfInb neg="False">
|
||||
<ObjectRef ref="sysid0"/>
|
||||
</ItfInb>
|
||||
<ItfOutb neg="False">
|
||||
<ObjectRef ref="sysid0"/>
|
||||
</ItfOutb>
|
||||
<NATRuleOptions/>
|
||||
</NATRule>
|
||||
<RuleSetOptions/>
|
||||
</NAT>
|
||||
<Policy id="id2581X41369" name="Policy" comment="" ro="False" ipv4_rule_set="False" ipv6_rule_set="False" top_rule_set="True">
|
||||
<PolicyRule id="id2582X41369" disabled="False" log="True" position="0" action="Deny" direction="Inbound" comment="anti spoofing rule">
|
||||
<PolicyRule id="id2582X41369" disabled="False" group="" log="True" position="0" action="Deny" direction="Inbound" comment="anti spoofing rule">
|
||||
<Src neg="False">
|
||||
<ObjectRef ref="id2560X41369"/>
|
||||
<ObjectRef ref="id3DC75CE7-1"/>
|
||||
@ -1128,7 +1152,7 @@
|
||||
</When>
|
||||
<PolicyRuleOptions/>
|
||||
</PolicyRule>
|
||||
<PolicyRule id="id2595X41369" disabled="False" log="False" position="1" action="Accept" direction="Both" comment="">
|
||||
<PolicyRule id="id2595X41369" disabled="False" group="" log="False" position="1" action="Accept" direction="Both" comment="">
|
||||
<Src neg="False">
|
||||
<ObjectRef ref="sysid0"/>
|
||||
</Src>
|
||||
@ -1146,7 +1170,7 @@
|
||||
</When>
|
||||
<PolicyRuleOptions/>
|
||||
</PolicyRule>
|
||||
<PolicyRule id="id2607X41369" disabled="False" log="False" position="2" action="Accept" direction="Both" comment="SSH Access to firewall is permitted only from internal network">
|
||||
<PolicyRule id="id2607X41369" disabled="False" group="" log="False" position="2" action="Accept" direction="Both" comment="SSH Access to firewall is permitted only from internal network">
|
||||
<Src neg="False">
|
||||
<ObjectRef ref="id3DC75CE7-1"/>
|
||||
</Src>
|
||||
@ -1164,7 +1188,7 @@
|
||||
</When>
|
||||
<PolicyRuleOptions/>
|
||||
</PolicyRule>
|
||||
<PolicyRule id="id2619X41369" disabled="False" log="True" position="3" action="Accept" direction="Both" comment="Firewall uses one of the machines on internal network for DNS">
|
||||
<PolicyRule id="id2619X41369" disabled="False" group="" log="True" position="3" action="Accept" direction="Both" comment="Firewall uses one of the machines on internal network for DNS">
|
||||
<Src neg="False">
|
||||
<ObjectRef ref="id2560X41369"/>
|
||||
</Src>
|
||||
@ -1182,7 +1206,7 @@
|
||||
</When>
|
||||
<PolicyRuleOptions/>
|
||||
</PolicyRule>
|
||||
<PolicyRule id="id2631X41369" disabled="False" log="True" position="4" action="Deny" direction="Both" comment="All other attempts to connect to the firewall are denied and logged">
|
||||
<PolicyRule id="id2631X41369" disabled="False" group="" log="True" position="4" action="Deny" direction="Both" comment="All other attempts to connect to the firewall are denied and logged">
|
||||
<Src neg="False">
|
||||
<ObjectRef ref="sysid0"/>
|
||||
</Src>
|
||||
@ -1200,7 +1224,7 @@
|
||||
</When>
|
||||
<PolicyRuleOptions/>
|
||||
</PolicyRule>
|
||||
<PolicyRule id="id2643X41369" disabled="False" log="False" position="5" action="Accept" direction="Both" comment="">
|
||||
<PolicyRule id="id2643X41369" disabled="False" group="" log="False" position="5" action="Accept" direction="Both" comment="">
|
||||
<Src neg="False">
|
||||
<ObjectRef ref="id3DC75CE7-1"/>
|
||||
</Src>
|
||||
@ -1218,7 +1242,7 @@
|
||||
</When>
|
||||
<PolicyRuleOptions/>
|
||||
</PolicyRule>
|
||||
<PolicyRule id="id2655X41369" disabled="False" log="True" position="6" action="Deny" direction="Both" comment="">
|
||||
<PolicyRule id="id2655X41369" disabled="False" group="" log="True" position="6" action="Deny" direction="Both" comment="">
|
||||
<Src neg="False">
|
||||
<ObjectRef ref="sysid0"/>
|
||||
</Src>
|
||||
|
||||
@ -1,6 +1,6 @@
|
||||
<?xml version="1.0" encoding="utf-8"?>
|
||||
<!DOCTYPE FWObjectDatabase SYSTEM "fwbuilder.dtd">
|
||||
<FWObjectDatabase xmlns="http://www.fwbuilder.org/1.0/" version="17" lastModified="1263678434" id="root">
|
||||
<FWObjectDatabase xmlns="http://www.fwbuilder.org/1.0/" version="18" lastModified="1263678434" id="root">
|
||||
<Library id="syslib000" color="#d4f8ff" name="Standard" comment="Standard objects" ro="True">
|
||||
<AnyNetwork id="sysid0" name="Any" comment="Any Network" ro="False" address="0.0.0.0" netmask="0.0.0.0"/>
|
||||
<AnyIPService id="sysid1" protocol_num="0" name="Any" comment="Any IP Service" ro="False"/>
|
||||
@ -439,7 +439,7 @@
|
||||
<ObjectGroup id="id14951X3268" name="Firewalls" comment="" ro="False">
|
||||
<Firewall id="id16544X3268" host_OS="linux24" inactive="False" lastCompiled="1263673489" lastInstalled="0" lastModified="1263673477" platform="iptables" version="" name="test1" comment="This firewall has two interfaces. Eth0 faces outside and has a dynamic address; eth1 faces inside. Policy includes basic rules to permit unrestricted outbound access and anti-spoofing rules. Access to the firewall is permitted only from internal network and only using SSH. The firewall uses one of the machines on internal network for DNS. Internal network is configured with address 192.168.1.0/255.255.255.0" ro="False">
|
||||
<NAT id="id16565X3268" name="NAT" comment="" ro="False" ipv4_rule_set="False" ipv6_rule_set="False" top_rule_set="True">
|
||||
<NATRule id="id16567X3268" disabled="False" position="0" action="Translate" comment="">
|
||||
<NATRule id="id16567X3268" disabled="False" group="" position="0" action="Translate" comment="">
|
||||
<OSrc neg="False">
|
||||
<ObjectRef ref="id3DC75CE7-1"/>
|
||||
</OSrc>
|
||||
@ -458,12 +458,18 @@
|
||||
<TSrv neg="False">
|
||||
<ServiceRef ref="sysid1"/>
|
||||
</TSrv>
|
||||
<ItfInb neg="False">
|
||||
<ObjectRef ref="sysid0"/>
|
||||
</ItfInb>
|
||||
<ItfOutb neg="False">
|
||||
<ObjectRef ref="sysid0"/>
|
||||
</ItfOutb>
|
||||
<NATRuleOptions/>
|
||||
</NATRule>
|
||||
<RuleSetOptions/>
|
||||
</NAT>
|
||||
<Policy id="id16601X3268" name="Policy" comment="" ro="False" ipv4_rule_set="False" ipv6_rule_set="False" top_rule_set="True">
|
||||
<PolicyRule id="id16603X3268" disabled="False" log="True" position="0" action="Deny" direction="Inbound" comment="anti spoofing rule">
|
||||
<PolicyRule id="id16603X3268" disabled="False" group="" log="True" position="0" action="Deny" direction="Inbound" comment="anti spoofing rule">
|
||||
<Src neg="False">
|
||||
<ObjectRef ref="id16544X3268"/>
|
||||
<ObjectRef ref="id3DC75CE7-1"/>
|
||||
@ -482,7 +488,7 @@
|
||||
</When>
|
||||
<PolicyRuleOptions/>
|
||||
</PolicyRule>
|
||||
<PolicyRule id="id16632X3268" disabled="False" log="False" position="1" action="Accept" direction="Both" comment="">
|
||||
<PolicyRule id="id16632X3268" disabled="False" group="" log="False" position="1" action="Accept" direction="Both" comment="">
|
||||
<Src neg="False">
|
||||
<ObjectRef ref="sysid0"/>
|
||||
</Src>
|
||||
@ -500,7 +506,7 @@
|
||||
</When>
|
||||
<PolicyRuleOptions/>
|
||||
</PolicyRule>
|
||||
<PolicyRule id="id16660X3268" disabled="False" log="False" position="2" action="Accept" direction="Both" comment="SSH Access to firewall is permitted only from internal network">
|
||||
<PolicyRule id="id16660X3268" disabled="False" group="" log="False" position="2" action="Accept" direction="Both" comment="SSH Access to firewall is permitted only from internal network">
|
||||
<Src neg="False">
|
||||
<ObjectRef ref="id3DC75CE7-1"/>
|
||||
</Src>
|
||||
@ -518,7 +524,7 @@
|
||||
</When>
|
||||
<PolicyRuleOptions/>
|
||||
</PolicyRule>
|
||||
<PolicyRule id="id16688X3268" disabled="False" log="True" position="3" action="Accept" direction="Both" comment="Firewall uses one of the machines on internal network for DNS">
|
||||
<PolicyRule id="id16688X3268" disabled="False" group="" log="True" position="3" action="Accept" direction="Both" comment="Firewall uses one of the machines on internal network for DNS">
|
||||
<Src neg="False">
|
||||
<ObjectRef ref="id16544X3268"/>
|
||||
</Src>
|
||||
@ -536,7 +542,7 @@
|
||||
</When>
|
||||
<PolicyRuleOptions/>
|
||||
</PolicyRule>
|
||||
<PolicyRule id="id16716X3268" disabled="False" log="True" position="4" action="Deny" direction="Both" comment="All other attempts to connect to the firewall are denied and logged">
|
||||
<PolicyRule id="id16716X3268" disabled="False" group="" log="True" position="4" action="Deny" direction="Both" comment="All other attempts to connect to the firewall are denied and logged">
|
||||
<Src neg="False">
|
||||
<ObjectRef ref="sysid0"/>
|
||||
</Src>
|
||||
@ -554,7 +560,7 @@
|
||||
</When>
|
||||
<PolicyRuleOptions/>
|
||||
</PolicyRule>
|
||||
<PolicyRule id="id16744X3268" disabled="False" log="False" position="5" action="Accept" direction="Both" comment="">
|
||||
<PolicyRule id="id16744X3268" disabled="False" group="" log="False" position="5" action="Accept" direction="Both" comment="">
|
||||
<Src neg="False">
|
||||
<ObjectRef ref="id3DC75CE7-1"/>
|
||||
</Src>
|
||||
@ -572,7 +578,7 @@
|
||||
</When>
|
||||
<PolicyRuleOptions/>
|
||||
</PolicyRule>
|
||||
<PolicyRule id="id16772X3268" disabled="False" log="True" position="6" action="Deny" direction="Both" comment="">
|
||||
<PolicyRule id="id16772X3268" disabled="False" group="" log="True" position="6" action="Deny" direction="Both" comment="">
|
||||
<Src neg="False">
|
||||
<ObjectRef ref="sysid0"/>
|
||||
</Src>
|
||||
@ -655,7 +661,7 @@
|
||||
</Firewall>
|
||||
<Firewall id="id2198X35122" host_OS="linux24" inactive="False" lastCompiled="0" lastInstalled="0" lastModified="1263673484" platform="iptables" version="" name="test2" comment="This firewall has two interfaces. Eth0 faces outside and has a dynamic address; eth1 faces inside. Policy includes basic rules to permit unrestricted outbound access and anti-spoofing rules. Access to the firewall is permitted only from internal network and only using SSH. The firewall uses one of the machines on internal network for DNS. Internal network is configured with address 192.168.1.0/255.255.255.0" ro="False">
|
||||
<NAT id="id2306X35122" name="NAT" comment="" ro="False" ipv4_rule_set="False" ipv6_rule_set="False" top_rule_set="True">
|
||||
<NATRule id="id2307X35122" disabled="False" position="0" action="Translate" comment="">
|
||||
<NATRule id="id2307X35122" disabled="False" group="" position="0" action="Translate" comment="">
|
||||
<OSrc neg="False">
|
||||
<ObjectRef ref="id3DC75CE7-1"/>
|
||||
</OSrc>
|
||||
@ -674,12 +680,18 @@
|
||||
<TSrv neg="False">
|
||||
<ServiceRef ref="sysid1"/>
|
||||
</TSrv>
|
||||
<ItfInb neg="False">
|
||||
<ObjectRef ref="sysid0"/>
|
||||
</ItfInb>
|
||||
<ItfOutb neg="False">
|
||||
<ObjectRef ref="sysid0"/>
|
||||
</ItfOutb>
|
||||
<NATRuleOptions/>
|
||||
</NATRule>
|
||||
<RuleSetOptions/>
|
||||
</NAT>
|
||||
<Policy id="id2219X35122" name="Policy" comment="" ro="False" ipv4_rule_set="False" ipv6_rule_set="False" top_rule_set="True">
|
||||
<PolicyRule id="id2220X35122" disabled="False" log="True" position="0" action="Deny" direction="Inbound" comment="anti spoofing rule">
|
||||
<PolicyRule id="id2220X35122" disabled="False" group="" log="True" position="0" action="Deny" direction="Inbound" comment="anti spoofing rule">
|
||||
<Src neg="False">
|
||||
<ObjectRef ref="id2198X35122"/>
|
||||
<ObjectRef ref="id3DC75CE7-1"/>
|
||||
@ -698,7 +710,7 @@
|
||||
</When>
|
||||
<PolicyRuleOptions/>
|
||||
</PolicyRule>
|
||||
<PolicyRule id="id2233X35122" disabled="False" log="False" position="1" action="Accept" direction="Both" comment="">
|
||||
<PolicyRule id="id2233X35122" disabled="False" group="" log="False" position="1" action="Accept" direction="Both" comment="">
|
||||
<Src neg="False">
|
||||
<ObjectRef ref="sysid0"/>
|
||||
</Src>
|
||||
@ -716,7 +728,7 @@
|
||||
</When>
|
||||
<PolicyRuleOptions/>
|
||||
</PolicyRule>
|
||||
<PolicyRule id="id2245X35122" disabled="False" log="False" position="2" action="Accept" direction="Both" comment="SSH Access to firewall is permitted only from internal network">
|
||||
<PolicyRule id="id2245X35122" disabled="False" group="" log="False" position="2" action="Accept" direction="Both" comment="SSH Access to firewall is permitted only from internal network">
|
||||
<Src neg="False">
|
||||
<ObjectRef ref="id3DC75CE7-1"/>
|
||||
</Src>
|
||||
@ -734,7 +746,7 @@
|
||||
</When>
|
||||
<PolicyRuleOptions/>
|
||||
</PolicyRule>
|
||||
<PolicyRule id="id2257X35122" disabled="False" log="True" position="3" action="Accept" direction="Both" comment="Firewall uses one of the machines on internal network for DNS">
|
||||
<PolicyRule id="id2257X35122" disabled="False" group="" log="True" position="3" action="Accept" direction="Both" comment="Firewall uses one of the machines on internal network for DNS">
|
||||
<Src neg="False">
|
||||
<ObjectRef ref="id2198X35122"/>
|
||||
</Src>
|
||||
@ -752,7 +764,7 @@
|
||||
</When>
|
||||
<PolicyRuleOptions/>
|
||||
</PolicyRule>
|
||||
<PolicyRule id="id2269X35122" disabled="False" log="True" position="4" action="Deny" direction="Both" comment="All other attempts to connect to the firewall are denied and logged">
|
||||
<PolicyRule id="id2269X35122" disabled="False" group="" log="True" position="4" action="Deny" direction="Both" comment="All other attempts to connect to the firewall are denied and logged">
|
||||
<Src neg="False">
|
||||
<ObjectRef ref="sysid0"/>
|
||||
</Src>
|
||||
@ -770,7 +782,7 @@
|
||||
</When>
|
||||
<PolicyRuleOptions/>
|
||||
</PolicyRule>
|
||||
<PolicyRule id="id2281X35122" disabled="False" log="False" position="5" action="Accept" direction="Both" comment="">
|
||||
<PolicyRule id="id2281X35122" disabled="False" group="" log="False" position="5" action="Accept" direction="Both" comment="">
|
||||
<Src neg="False">
|
||||
<ObjectRef ref="id3DC75CE7-1"/>
|
||||
</Src>
|
||||
@ -788,7 +800,7 @@
|
||||
</When>
|
||||
<PolicyRuleOptions/>
|
||||
</PolicyRule>
|
||||
<PolicyRule id="id2293X35122" disabled="False" log="True" position="6" action="Deny" direction="Both" comment="">
|
||||
<PolicyRule id="id2293X35122" disabled="False" group="" log="True" position="6" action="Deny" direction="Both" comment="">
|
||||
<Src neg="False">
|
||||
<ObjectRef ref="sysid0"/>
|
||||
</Src>
|
||||
@ -871,7 +883,7 @@
|
||||
</Firewall>
|
||||
<Firewall id="id2427X41369" host_OS="linux24" inactive="False" lastCompiled="1263678454" lastInstalled="0" lastModified="1263678441" platform="iptables" version="" name="test3" comment="This firewall has two interfaces. Eth0 faces outside and has a dynamic address; eth1 faces inside. Policy includes basic rules to permit unrestricted outbound access and anti-spoofing rules. Access to the firewall is permitted only from internal network and only using SSH. The firewall uses one of the machines on internal network for DNS. Internal network is configured with address 192.168.1.0/255.255.255.0" ro="False">
|
||||
<NAT id="id2535X41369" name="NAT" comment="" ro="False" ipv4_rule_set="False" ipv6_rule_set="False" top_rule_set="True">
|
||||
<NATRule id="id2536X41369" disabled="False" position="0" action="Translate" comment="">
|
||||
<NATRule id="id2536X41369" disabled="False" group="" position="0" action="Translate" comment="">
|
||||
<OSrc neg="False">
|
||||
<ObjectRef ref="id3DC75CE7-1"/>
|
||||
</OSrc>
|
||||
@ -890,12 +902,18 @@
|
||||
<TSrv neg="False">
|
||||
<ServiceRef ref="sysid1"/>
|
||||
</TSrv>
|
||||
<ItfInb neg="False">
|
||||
<ObjectRef ref="sysid0"/>
|
||||
</ItfInb>
|
||||
<ItfOutb neg="False">
|
||||
<ObjectRef ref="sysid0"/>
|
||||
</ItfOutb>
|
||||
<NATRuleOptions/>
|
||||
</NATRule>
|
||||
<RuleSetOptions/>
|
||||
</NAT>
|
||||
<Policy id="id2448X41369" name="Policy" comment="" ro="False" ipv4_rule_set="False" ipv6_rule_set="False" top_rule_set="True">
|
||||
<PolicyRule id="id2449X41369" disabled="False" log="True" position="0" action="Deny" direction="Inbound" comment="anti spoofing rule">
|
||||
<PolicyRule id="id2449X41369" disabled="False" group="" log="True" position="0" action="Deny" direction="Inbound" comment="anti spoofing rule">
|
||||
<Src neg="False">
|
||||
<ObjectRef ref="id2427X41369"/>
|
||||
<ObjectRef ref="id3DC75CE7-1"/>
|
||||
@ -914,7 +932,7 @@
|
||||
</When>
|
||||
<PolicyRuleOptions/>
|
||||
</PolicyRule>
|
||||
<PolicyRule id="id2462X41369" disabled="False" log="False" position="1" action="Accept" direction="Both" comment="">
|
||||
<PolicyRule id="id2462X41369" disabled="False" group="" log="False" position="1" action="Accept" direction="Both" comment="">
|
||||
<Src neg="False">
|
||||
<ObjectRef ref="sysid0"/>
|
||||
</Src>
|
||||
@ -932,7 +950,7 @@
|
||||
</When>
|
||||
<PolicyRuleOptions/>
|
||||
</PolicyRule>
|
||||
<PolicyRule id="id2474X41369" disabled="False" log="False" position="2" action="Accept" direction="Both" comment="SSH Access to firewall is permitted only from internal network">
|
||||
<PolicyRule id="id2474X41369" disabled="False" group="" log="False" position="2" action="Accept" direction="Both" comment="SSH Access to firewall is permitted only from internal network">
|
||||
<Src neg="False">
|
||||
<ObjectRef ref="id3DC75CE7-1"/>
|
||||
</Src>
|
||||
@ -950,7 +968,7 @@
|
||||
</When>
|
||||
<PolicyRuleOptions/>
|
||||
</PolicyRule>
|
||||
<PolicyRule id="id2486X41369" disabled="False" log="True" position="3" action="Accept" direction="Both" comment="Firewall uses one of the machines on internal network for DNS">
|
||||
<PolicyRule id="id2486X41369" disabled="False" group="" log="True" position="3" action="Accept" direction="Both" comment="Firewall uses one of the machines on internal network for DNS">
|
||||
<Src neg="False">
|
||||
<ObjectRef ref="id2427X41369"/>
|
||||
</Src>
|
||||
@ -968,7 +986,7 @@
|
||||
</When>
|
||||
<PolicyRuleOptions/>
|
||||
</PolicyRule>
|
||||
<PolicyRule id="id2498X41369" disabled="False" log="True" position="4" action="Deny" direction="Both" comment="All other attempts to connect to the firewall are denied and logged">
|
||||
<PolicyRule id="id2498X41369" disabled="False" group="" log="True" position="4" action="Deny" direction="Both" comment="All other attempts to connect to the firewall are denied and logged">
|
||||
<Src neg="False">
|
||||
<ObjectRef ref="sysid0"/>
|
||||
</Src>
|
||||
@ -986,7 +1004,7 @@
|
||||
</When>
|
||||
<PolicyRuleOptions/>
|
||||
</PolicyRule>
|
||||
<PolicyRule id="id2510X41369" disabled="False" log="False" position="5" action="Accept" direction="Both" comment="">
|
||||
<PolicyRule id="id2510X41369" disabled="False" group="" log="False" position="5" action="Accept" direction="Both" comment="">
|
||||
<Src neg="False">
|
||||
<ObjectRef ref="id3DC75CE7-1"/>
|
||||
</Src>
|
||||
@ -1004,7 +1022,7 @@
|
||||
</When>
|
||||
<PolicyRuleOptions/>
|
||||
</PolicyRule>
|
||||
<PolicyRule id="id2522X41369" disabled="False" log="True" position="6" action="Deny" direction="Both" comment="">
|
||||
<PolicyRule id="id2522X41369" disabled="False" group="" log="True" position="6" action="Deny" direction="Both" comment="">
|
||||
<Src neg="False">
|
||||
<ObjectRef ref="sysid0"/>
|
||||
</Src>
|
||||
@ -1087,7 +1105,7 @@
|
||||
</Firewall>
|
||||
<Firewall id="id2560X41369" host_OS="linux24" inactive="False" lastCompiled="0" lastInstalled="0" lastModified="1263678446" platform="iptables" version="" name="test4" comment="This firewall has two interfaces. Eth0 faces outside and has a dynamic address; eth1 faces inside. Policy includes basic rules to permit unrestricted outbound access and anti-spoofing rules. Access to the firewall is permitted only from internal network and only using SSH. The firewall uses one of the machines on internal network for DNS. Internal network is configured with address 192.168.1.0/255.255.255.0" ro="False">
|
||||
<NAT id="id2668X41369" name="NAT" comment="" ro="False" ipv4_rule_set="False" ipv6_rule_set="False" top_rule_set="True">
|
||||
<NATRule id="id2669X41369" disabled="False" position="0" action="Translate" comment="">
|
||||
<NATRule id="id2669X41369" disabled="False" group="" position="0" action="Translate" comment="">
|
||||
<OSrc neg="False">
|
||||
<ObjectRef ref="id3DC75CE7-1"/>
|
||||
</OSrc>
|
||||
@ -1106,12 +1124,18 @@
|
||||
<TSrv neg="False">
|
||||
<ServiceRef ref="sysid1"/>
|
||||
</TSrv>
|
||||
<ItfInb neg="False">
|
||||
<ObjectRef ref="sysid0"/>
|
||||
</ItfInb>
|
||||
<ItfOutb neg="False">
|
||||
<ObjectRef ref="sysid0"/>
|
||||
</ItfOutb>
|
||||
<NATRuleOptions/>
|
||||
</NATRule>
|
||||
<RuleSetOptions/>
|
||||
</NAT>
|
||||
<Policy id="id2581X41369" name="Policy" comment="" ro="False" ipv4_rule_set="False" ipv6_rule_set="False" top_rule_set="True">
|
||||
<PolicyRule id="id2582X41369" disabled="False" log="True" position="0" action="Deny" direction="Inbound" comment="anti spoofing rule">
|
||||
<PolicyRule id="id2582X41369" disabled="False" group="" log="True" position="0" action="Deny" direction="Inbound" comment="anti spoofing rule">
|
||||
<Src neg="False">
|
||||
<ObjectRef ref="id2560X41369"/>
|
||||
<ObjectRef ref="id3DC75CE7-1"/>
|
||||
@ -1130,7 +1154,7 @@
|
||||
</When>
|
||||
<PolicyRuleOptions/>
|
||||
</PolicyRule>
|
||||
<PolicyRule id="id2595X41369" disabled="False" log="False" position="1" action="Accept" direction="Both" comment="">
|
||||
<PolicyRule id="id2595X41369" disabled="False" group="" log="False" position="1" action="Accept" direction="Both" comment="">
|
||||
<Src neg="False">
|
||||
<ObjectRef ref="sysid0"/>
|
||||
</Src>
|
||||
@ -1148,7 +1172,7 @@
|
||||
</When>
|
||||
<PolicyRuleOptions/>
|
||||
</PolicyRule>
|
||||
<PolicyRule id="id2607X41369" disabled="False" log="False" position="2" action="Accept" direction="Both" comment="SSH Access to firewall is permitted only from internal network">
|
||||
<PolicyRule id="id2607X41369" disabled="False" group="" log="False" position="2" action="Accept" direction="Both" comment="SSH Access to firewall is permitted only from internal network">
|
||||
<Src neg="False">
|
||||
<ObjectRef ref="id3DC75CE7-1"/>
|
||||
</Src>
|
||||
@ -1166,7 +1190,7 @@
|
||||
</When>
|
||||
<PolicyRuleOptions/>
|
||||
</PolicyRule>
|
||||
<PolicyRule id="id2619X41369" disabled="False" log="True" position="3" action="Accept" direction="Both" comment="Firewall uses one of the machines on internal network for DNS">
|
||||
<PolicyRule id="id2619X41369" disabled="False" group="" log="True" position="3" action="Accept" direction="Both" comment="Firewall uses one of the machines on internal network for DNS">
|
||||
<Src neg="False">
|
||||
<ObjectRef ref="id2560X41369"/>
|
||||
</Src>
|
||||
@ -1184,7 +1208,7 @@
|
||||
</When>
|
||||
<PolicyRuleOptions/>
|
||||
</PolicyRule>
|
||||
<PolicyRule id="id2631X41369" disabled="False" log="True" position="4" action="Deny" direction="Both" comment="All other attempts to connect to the firewall are denied and logged">
|
||||
<PolicyRule id="id2631X41369" disabled="False" group="" log="True" position="4" action="Deny" direction="Both" comment="All other attempts to connect to the firewall are denied and logged">
|
||||
<Src neg="False">
|
||||
<ObjectRef ref="sysid0"/>
|
||||
</Src>
|
||||
@ -1202,7 +1226,7 @@
|
||||
</When>
|
||||
<PolicyRuleOptions/>
|
||||
</PolicyRule>
|
||||
<PolicyRule id="id2643X41369" disabled="False" log="False" position="5" action="Accept" direction="Both" comment="">
|
||||
<PolicyRule id="id2643X41369" disabled="False" group="" log="False" position="5" action="Accept" direction="Both" comment="">
|
||||
<Src neg="False">
|
||||
<ObjectRef ref="id3DC75CE7-1"/>
|
||||
</Src>
|
||||
@ -1220,7 +1244,7 @@
|
||||
</When>
|
||||
<PolicyRuleOptions/>
|
||||
</PolicyRule>
|
||||
<PolicyRule id="id2655X41369" disabled="False" log="True" position="6" action="Deny" direction="Both" comment="">
|
||||
<PolicyRule id="id2655X41369" disabled="False" group="" log="True" position="6" action="Deny" direction="Both" comment="">
|
||||
<Src neg="False">
|
||||
<ObjectRef ref="sysid0"/>
|
||||
</Src>
|
||||
@ -1303,7 +1327,7 @@
|
||||
</Firewall>
|
||||
<Firewall id="id5323X26004" host_OS="openbsd" inactive="False" lastCompiled="0" lastInstalled="0" lastModified="1268942625" platform="pf" version="" name="pf firewall" comment="This firewall has two interfaces. Eth0 faces outside and has a dynamic address; eth1 faces inside. Policy includes basic rules to permit unrestricted outbound access and anti-spoofing rules. Access to the firewall is permitted only from internal network and only using SSH. The firewall uses one of the machines on internal network for DNS. Internal network is configured with address 192.168.1.0/255.255.255.0" ro="False">
|
||||
<NAT id="id5344X26004" name="NAT" comment="" ro="False" ipv4_rule_set="False" ipv6_rule_set="False" top_rule_set="True">
|
||||
<NATRule id="id5346X26004" disabled="False" position="0" action="Translate" comment="">
|
||||
<NATRule id="id5346X26004" disabled="False" group="" position="0" action="Translate" comment="">
|
||||
<OSrc neg="False">
|
||||
<ObjectRef ref="id3DC75CE7-1"/>
|
||||
</OSrc>
|
||||
@ -1322,12 +1346,18 @@
|
||||
<TSrv neg="False">
|
||||
<ServiceRef ref="sysid1"/>
|
||||
</TSrv>
|
||||
<ItfInb neg="False">
|
||||
<ObjectRef ref="sysid0"/>
|
||||
</ItfInb>
|
||||
<ItfOutb neg="False">
|
||||
<ObjectRef ref="sysid0"/>
|
||||
</ItfOutb>
|
||||
<NATRuleOptions/>
|
||||
</NATRule>
|
||||
<RuleSetOptions/>
|
||||
</NAT>
|
||||
<Policy id="id5380X26004" name="Policy" comment="" ro="False" ipv4_rule_set="False" ipv6_rule_set="False" top_rule_set="True">
|
||||
<PolicyRule id="id5382X26004" disabled="False" log="True" position="0" action="Deny" direction="Inbound" comment="anti spoofing rule">
|
||||
<PolicyRule id="id5382X26004" disabled="False" group="" log="True" position="0" action="Deny" direction="Inbound" comment="anti spoofing rule">
|
||||
<Src neg="False">
|
||||
<ObjectRef ref="id5323X26004"/>
|
||||
<ObjectRef ref="id3DC75CE7-1"/>
|
||||
@ -1372,7 +1402,7 @@
|
||||
<Option name="ulog_nlgroup">1</Option>
|
||||
</PolicyRuleOptions>
|
||||
</PolicyRule>
|
||||
<PolicyRule id="id5411X26004" disabled="False" log="False" position="1" action="Accept" direction="Both" comment="">
|
||||
<PolicyRule id="id5411X26004" disabled="False" group="" log="False" position="1" action="Accept" direction="Both" comment="">
|
||||
<Src neg="False">
|
||||
<ObjectRef ref="sysid0"/>
|
||||
</Src>
|
||||
@ -1390,7 +1420,7 @@
|
||||
</When>
|
||||
<PolicyRuleOptions/>
|
||||
</PolicyRule>
|
||||
<PolicyRule id="id5439X26004" disabled="False" log="False" position="2" action="Accept" direction="Both" comment="SSH Access to firewall is permitted only from internal network">
|
||||
<PolicyRule id="id5439X26004" disabled="False" group="" log="False" position="2" action="Accept" direction="Both" comment="SSH Access to firewall is permitted only from internal network">
|
||||
<Src neg="False">
|
||||
<ObjectRef ref="id3DC75CE7-1"/>
|
||||
</Src>
|
||||
@ -1408,7 +1438,7 @@
|
||||
</When>
|
||||
<PolicyRuleOptions/>
|
||||
</PolicyRule>
|
||||
<PolicyRule id="id5467X26004" disabled="False" log="False" position="3" action="Accept" direction="Both" comment="Firewall uses one of the machines on internal network for DNS">
|
||||
<PolicyRule id="id5467X26004" disabled="False" group="" log="False" position="3" action="Accept" direction="Both" comment="Firewall uses one of the machines on internal network for DNS">
|
||||
<Src neg="False">
|
||||
<ObjectRef ref="id5323X26004"/>
|
||||
</Src>
|
||||
@ -1426,7 +1456,7 @@
|
||||
</When>
|
||||
<PolicyRuleOptions/>
|
||||
</PolicyRule>
|
||||
<PolicyRule id="id5495X26004" disabled="False" log="True" position="4" action="Deny" direction="Both" comment="All other attempts to connect to the firewall are denied and logged">
|
||||
<PolicyRule id="id5495X26004" disabled="False" group="" log="True" position="4" action="Deny" direction="Both" comment="All other attempts to connect to the firewall are denied and logged">
|
||||
<Src neg="False">
|
||||
<ObjectRef ref="sysid0"/>
|
||||
</Src>
|
||||
@ -1470,7 +1500,7 @@
|
||||
<Option name="ulog_nlgroup">1</Option>
|
||||
</PolicyRuleOptions>
|
||||
</PolicyRule>
|
||||
<PolicyRule id="id5523X26004" disabled="False" log="False" position="5" action="Accept" direction="Both" comment="">
|
||||
<PolicyRule id="id5523X26004" disabled="False" group="" log="False" position="5" action="Accept" direction="Both" comment="">
|
||||
<Src neg="False">
|
||||
<ObjectRef ref="id3DC75CE7-1"/>
|
||||
</Src>
|
||||
@ -1488,7 +1518,7 @@
|
||||
</When>
|
||||
<PolicyRuleOptions/>
|
||||
</PolicyRule>
|
||||
<PolicyRule id="id5551X26004" disabled="False" log="True" position="6" action="Deny" direction="Both" comment="">
|
||||
<PolicyRule id="id5551X26004" disabled="False" group="" log="True" position="6" action="Deny" direction="Both" comment="">
|
||||
<Src neg="False">
|
||||
<ObjectRef ref="sysid0"/>
|
||||
</Src>
|
||||
@ -1598,7 +1628,7 @@
|
||||
</Firewall>
|
||||
<Firewall id="id5583X26074" host_OS="freebsd" inactive="False" lastCompiled="0" lastInstalled="0" lastModified="1268942652" platform="ipf" version="" name="ipfilter firewall" comment="Similar to fw 1, but the firewall is used as DHCP and DNS server for internal network. This firewall has two interfaces. Eth0 faces outside and has a dynamic address; eth1 faces inside. Policy includes basic rules to permit unrestricted outbound access and anti-spoofing rules. Access to the firewall is permitted only from internal network and only using SSH. The firewall can send DNS queries to servers out on the Internet. Another rule permits DNS queries from internal network to the firewall. Special rules permit DHCP requests from internal network and replies sent by the firewall." ro="False">
|
||||
<NAT id="id5604X26074" name="NAT" comment="" ro="False" ipv4_rule_set="False" ipv6_rule_set="False" top_rule_set="True">
|
||||
<NATRule id="id5606X26074" disabled="False" position="0" action="Translate" comment="">
|
||||
<NATRule id="id5606X26074" disabled="False" group="" position="0" action="Translate" comment="">
|
||||
<OSrc neg="False">
|
||||
<ObjectRef ref="id3DC75CE7-1"/>
|
||||
</OSrc>
|
||||
@ -1617,12 +1647,18 @@
|
||||
<TSrv neg="False">
|
||||
<ServiceRef ref="sysid1"/>
|
||||
</TSrv>
|
||||
<ItfInb neg="False">
|
||||
<ObjectRef ref="sysid0"/>
|
||||
</ItfInb>
|
||||
<ItfOutb neg="False">
|
||||
<ObjectRef ref="sysid0"/>
|
||||
</ItfOutb>
|
||||
<NATRuleOptions/>
|
||||
</NATRule>
|
||||
<RuleSetOptions/>
|
||||
</NAT>
|
||||
<Policy id="id5640X26074" name="Policy" comment="" ro="False" ipv4_rule_set="False" ipv6_rule_set="False" top_rule_set="True">
|
||||
<PolicyRule id="id5642X26074" disabled="False" log="True" position="0" action="Deny" direction="Inbound" comment="anti spoofing rule">
|
||||
<PolicyRule id="id5642X26074" disabled="False" group="" log="True" position="0" action="Deny" direction="Inbound" comment="anti spoofing rule">
|
||||
<Src neg="False">
|
||||
<ObjectRef ref="id5583X26074"/>
|
||||
<ObjectRef ref="id3DC75CE7-1"/>
|
||||
@ -1667,7 +1703,7 @@
|
||||
<Option name="ulog_nlgroup">1</Option>
|
||||
</PolicyRuleOptions>
|
||||
</PolicyRule>
|
||||
<PolicyRule id="id5671X26074" disabled="False" log="False" position="1" action="Accept" direction="Both" comment="">
|
||||
<PolicyRule id="id5671X26074" disabled="False" group="" log="False" position="1" action="Accept" direction="Both" comment="">
|
||||
<Src neg="False">
|
||||
<ObjectRef ref="sysid0"/>
|
||||
</Src>
|
||||
@ -1685,7 +1721,7 @@
|
||||
</When>
|
||||
<PolicyRuleOptions/>
|
||||
</PolicyRule>
|
||||
<PolicyRule id="id5699X26074" disabled="False" log="False" position="2" action="Accept" direction="Both" comment="SSH Access to firewall is permitted only from internal network Also firewall serves DNS for internal network">
|
||||
<PolicyRule id="id5699X26074" disabled="False" group="" log="False" position="2" action="Accept" direction="Both" comment="SSH Access to firewall is permitted only from internal network Also firewall serves DNS for internal network">
|
||||
<Src neg="False">
|
||||
<ObjectRef ref="id3DC75CE7-1"/>
|
||||
</Src>
|
||||
@ -1704,7 +1740,7 @@
|
||||
</When>
|
||||
<PolicyRuleOptions/>
|
||||
</PolicyRule>
|
||||
<PolicyRule id="id5728X26074" disabled="False" log="False" position="3" action="Accept" direction="Both" comment="DHCP requests are permitted from internal network">
|
||||
<PolicyRule id="id5728X26074" disabled="False" group="" log="False" position="3" action="Accept" direction="Both" comment="DHCP requests are permitted from internal network">
|
||||
<Src neg="False">
|
||||
<ObjectRef ref="id3DC75CE7-1"/>
|
||||
<ObjectRef ref="id3F6D115D"/>
|
||||
@ -1724,7 +1760,7 @@
|
||||
</When>
|
||||
<PolicyRuleOptions/>
|
||||
</PolicyRule>
|
||||
<PolicyRule id="id5758X26074" disabled="False" log="False" position="4" action="Accept" direction="Both" comment="DHCP replies">
|
||||
<PolicyRule id="id5758X26074" disabled="False" group="" log="False" position="4" action="Accept" direction="Both" comment="DHCP replies">
|
||||
<Src neg="False">
|
||||
<ObjectRef ref="id5583X26074"/>
|
||||
</Src>
|
||||
@ -1742,7 +1778,7 @@
|
||||
</When>
|
||||
<PolicyRuleOptions/>
|
||||
</PolicyRule>
|
||||
<PolicyRule id="id5786X26074" disabled="False" log="False" position="5" action="Accept" direction="Both" comment="Firewall should be able to send DNS queries to the Internet">
|
||||
<PolicyRule id="id5786X26074" disabled="False" group="" log="False" position="5" action="Accept" direction="Both" comment="Firewall should be able to send DNS queries to the Internet">
|
||||
<Src neg="False">
|
||||
<ObjectRef ref="id5583X26074"/>
|
||||
</Src>
|
||||
@ -1760,7 +1796,7 @@
|
||||
</When>
|
||||
<PolicyRuleOptions/>
|
||||
</PolicyRule>
|
||||
<PolicyRule id="id5814X26074" disabled="False" log="True" position="6" action="Deny" direction="Both" comment="All other attempts to connect to the firewall are denied and logged">
|
||||
<PolicyRule id="id5814X26074" disabled="False" group="" log="True" position="6" action="Deny" direction="Both" comment="All other attempts to connect to the firewall are denied and logged">
|
||||
<Src neg="False">
|
||||
<ObjectRef ref="sysid0"/>
|
||||
</Src>
|
||||
@ -1804,7 +1840,7 @@
|
||||
<Option name="ulog_nlgroup">1</Option>
|
||||
</PolicyRuleOptions>
|
||||
</PolicyRule>
|
||||
<PolicyRule id="id5842X26074" disabled="False" log="False" position="7" action="Accept" direction="Both" comment="">
|
||||
<PolicyRule id="id5842X26074" disabled="False" group="" log="False" position="7" action="Accept" direction="Both" comment="">
|
||||
<Src neg="False">
|
||||
<ObjectRef ref="id3DC75CE7-1"/>
|
||||
</Src>
|
||||
@ -1822,7 +1858,7 @@
|
||||
</When>
|
||||
<PolicyRuleOptions/>
|
||||
</PolicyRule>
|
||||
<PolicyRule id="id5870X26074" disabled="False" log="True" position="8" action="Deny" direction="Both" comment="">
|
||||
<PolicyRule id="id5870X26074" disabled="False" group="" log="True" position="8" action="Deny" direction="Both" comment="">
|
||||
<Src neg="False">
|
||||
<ObjectRef ref="sysid0"/>
|
||||
</Src>
|
||||
|
||||
@ -1,6 +1,6 @@
|
||||
<?xml version="1.0" encoding="utf-8"?>
|
||||
<!DOCTYPE FWObjectDatabase SYSTEM "fwbuilder.dtd">
|
||||
<FWObjectDatabase xmlns="http://www.fwbuilder.org/1.0/" version="17" lastModified="1263678434" id="root">
|
||||
<FWObjectDatabase xmlns="http://www.fwbuilder.org/1.0/" version="18" lastModified="1263678434" id="root">
|
||||
<Library id="syslib000" color="#d4f8ff" name="Standard" comment="Standard objects" ro="True">
|
||||
<AnyNetwork id="sysid0" name="Any" comment="Any Network" ro="False" address="0.0.0.0" netmask="0.0.0.0"/>
|
||||
<AnyIPService id="sysid1" protocol_num="0" name="Any" comment="Any IP Service" ro="False"/>
|
||||
@ -439,7 +439,7 @@
|
||||
<ObjectGroup id="id14951X3268" name="Firewalls" comment="" ro="False">
|
||||
<Firewall id="id16544X3268" host_OS="linux24" inactive="False" lastCompiled="1279119420" lastInstalled="0" lastModified="1263673477" platform="iptables" version="" name="test1" comment="This firewall has two interfaces. Eth0 faces outside and has a dynamic address; eth1 faces inside. Policy includes basic rules to permit unrestricted outbound access and anti-spoofing rules. Access to the firewall is permitted only from internal network and only using SSH. The firewall uses one of the machines on internal network for DNS. Internal network is configured with address 192.168.1.0/255.255.255.0" ro="False">
|
||||
<NAT id="id16565X3268" name="NAT" comment="" ro="False" ipv4_rule_set="False" ipv6_rule_set="False" top_rule_set="True">
|
||||
<NATRule id="id16567X3268" disabled="False" position="0" action="Translate" comment="">
|
||||
<NATRule id="id16567X3268" disabled="False" group="" position="0" action="Translate" comment="">
|
||||
<OSrc neg="False">
|
||||
<ObjectRef ref="id3DC75CE7-1"/>
|
||||
</OSrc>
|
||||
@ -458,12 +458,18 @@
|
||||
<TSrv neg="False">
|
||||
<ServiceRef ref="sysid1"/>
|
||||
</TSrv>
|
||||
<ItfInb neg="False">
|
||||
<ObjectRef ref="sysid0"/>
|
||||
</ItfInb>
|
||||
<ItfOutb neg="False">
|
||||
<ObjectRef ref="sysid0"/>
|
||||
</ItfOutb>
|
||||
<NATRuleOptions/>
|
||||
</NATRule>
|
||||
<RuleSetOptions/>
|
||||
</NAT>
|
||||
<Policy id="id16601X3268" name="Policy" comment="" ro="False" ipv4_rule_set="False" ipv6_rule_set="False" top_rule_set="True">
|
||||
<PolicyRule id="id16603X3268" disabled="False" log="True" position="0" action="Deny" direction="Inbound" comment="anti spoofing rule">
|
||||
<PolicyRule id="id16603X3268" disabled="False" group="" log="True" position="0" action="Deny" direction="Inbound" comment="anti spoofing rule">
|
||||
<Src neg="False">
|
||||
<ObjectRef ref="id16544X3268"/>
|
||||
<ObjectRef ref="id3DC75CE7-1"/>
|
||||
@ -482,7 +488,7 @@
|
||||
</When>
|
||||
<PolicyRuleOptions/>
|
||||
</PolicyRule>
|
||||
<PolicyRule id="id16632X3268" disabled="False" log="False" position="1" action="Accept" direction="Both" comment="">
|
||||
<PolicyRule id="id16632X3268" disabled="False" group="" log="False" position="1" action="Accept" direction="Both" comment="">
|
||||
<Src neg="False">
|
||||
<ObjectRef ref="sysid0"/>
|
||||
</Src>
|
||||
@ -500,7 +506,7 @@
|
||||
</When>
|
||||
<PolicyRuleOptions/>
|
||||
</PolicyRule>
|
||||
<PolicyRule id="id16660X3268" disabled="False" log="False" position="2" action="Accept" direction="Both" comment="SSH Access to firewall is permitted only from internal network">
|
||||
<PolicyRule id="id16660X3268" disabled="False" group="" log="False" position="2" action="Accept" direction="Both" comment="SSH Access to firewall is permitted only from internal network">
|
||||
<Src neg="False">
|
||||
<ObjectRef ref="id3DC75CE7-1"/>
|
||||
</Src>
|
||||
@ -518,7 +524,7 @@
|
||||
</When>
|
||||
<PolicyRuleOptions/>
|
||||
</PolicyRule>
|
||||
<PolicyRule id="id16688X3268" disabled="False" log="True" position="3" action="Accept" direction="Both" comment="Firewall uses one of the machines on internal network for DNS">
|
||||
<PolicyRule id="id16688X3268" disabled="False" group="" log="True" position="3" action="Accept" direction="Both" comment="Firewall uses one of the machines on internal network for DNS">
|
||||
<Src neg="False">
|
||||
<ObjectRef ref="id16544X3268"/>
|
||||
</Src>
|
||||
@ -536,7 +542,7 @@
|
||||
</When>
|
||||
<PolicyRuleOptions/>
|
||||
</PolicyRule>
|
||||
<PolicyRule id="id16716X3268" disabled="False" log="True" position="4" action="Deny" direction="Both" comment="All other attempts to connect to the firewall are denied and logged">
|
||||
<PolicyRule id="id16716X3268" disabled="False" group="" log="True" position="4" action="Deny" direction="Both" comment="All other attempts to connect to the firewall are denied and logged">
|
||||
<Src neg="False">
|
||||
<ObjectRef ref="sysid0"/>
|
||||
</Src>
|
||||
@ -554,7 +560,7 @@
|
||||
</When>
|
||||
<PolicyRuleOptions/>
|
||||
</PolicyRule>
|
||||
<PolicyRule id="id16744X3268" disabled="False" log="False" position="5" action="Accept" direction="Both" comment="">
|
||||
<PolicyRule id="id16744X3268" disabled="False" group="" log="False" position="5" action="Accept" direction="Both" comment="">
|
||||
<Src neg="False">
|
||||
<ObjectRef ref="id3DC75CE7-1"/>
|
||||
</Src>
|
||||
@ -572,7 +578,7 @@
|
||||
</When>
|
||||
<PolicyRuleOptions/>
|
||||
</PolicyRule>
|
||||
<PolicyRule id="id16772X3268" disabled="False" log="True" position="6" action="Deny" direction="Both" comment="">
|
||||
<PolicyRule id="id16772X3268" disabled="False" group="" log="True" position="6" action="Deny" direction="Both" comment="">
|
||||
<Src neg="False">
|
||||
<ObjectRef ref="sysid0"/>
|
||||
</Src>
|
||||
@ -655,7 +661,7 @@
|
||||
</Firewall>
|
||||
<Firewall id="id2198X35122" host_OS="linux24" inactive="False" lastCompiled="1279119543" lastInstalled="0" lastModified="1263673484" platform="iptables" version="" name="test2" comment="This firewall has two interfaces. Eth0 faces outside and has a dynamic address; eth1 faces inside. Policy includes basic rules to permit unrestricted outbound access and anti-spoofing rules. Access to the firewall is permitted only from internal network and only using SSH. The firewall uses one of the machines on internal network for DNS. Internal network is configured with address 192.168.1.0/255.255.255.0" ro="False">
|
||||
<NAT id="id2306X35122" name="NAT" comment="" ro="False" ipv4_rule_set="False" ipv6_rule_set="False" top_rule_set="True">
|
||||
<NATRule id="id2307X35122" disabled="False" position="0" action="Translate" comment="">
|
||||
<NATRule id="id2307X35122" disabled="False" group="" position="0" action="Translate" comment="">
|
||||
<OSrc neg="False">
|
||||
<ObjectRef ref="id3DC75CE7-1"/>
|
||||
</OSrc>
|
||||
@ -674,12 +680,18 @@
|
||||
<TSrv neg="False">
|
||||
<ServiceRef ref="sysid1"/>
|
||||
</TSrv>
|
||||
<ItfInb neg="False">
|
||||
<ObjectRef ref="sysid0"/>
|
||||
</ItfInb>
|
||||
<ItfOutb neg="False">
|
||||
<ObjectRef ref="sysid0"/>
|
||||
</ItfOutb>
|
||||
<NATRuleOptions/>
|
||||
</NATRule>
|
||||
<RuleSetOptions/>
|
||||
</NAT>
|
||||
<Policy id="id2219X35122" name="Policy" comment="" ro="False" ipv4_rule_set="False" ipv6_rule_set="False" top_rule_set="True">
|
||||
<PolicyRule id="id2220X35122" disabled="False" log="True" position="0" action="Deny" direction="Inbound" comment="anti spoofing rule">
|
||||
<PolicyRule id="id2220X35122" disabled="False" group="" log="True" position="0" action="Deny" direction="Inbound" comment="anti spoofing rule">
|
||||
<Src neg="False">
|
||||
<ObjectRef ref="id2198X35122"/>
|
||||
<ObjectRef ref="id3DC75CE7-1"/>
|
||||
@ -698,7 +710,7 @@
|
||||
</When>
|
||||
<PolicyRuleOptions/>
|
||||
</PolicyRule>
|
||||
<PolicyRule id="id2233X35122" disabled="False" log="False" position="1" action="Accept" direction="Both" comment="">
|
||||
<PolicyRule id="id2233X35122" disabled="False" group="" log="False" position="1" action="Accept" direction="Both" comment="">
|
||||
<Src neg="False">
|
||||
<ObjectRef ref="sysid0"/>
|
||||
</Src>
|
||||
@ -716,7 +728,7 @@
|
||||
</When>
|
||||
<PolicyRuleOptions/>
|
||||
</PolicyRule>
|
||||
<PolicyRule id="id2245X35122" disabled="False" log="False" position="2" action="Accept" direction="Both" comment="SSH Access to firewall is permitted only from internal network">
|
||||
<PolicyRule id="id2245X35122" disabled="False" group="" log="False" position="2" action="Accept" direction="Both" comment="SSH Access to firewall is permitted only from internal network">
|
||||
<Src neg="False">
|
||||
<ObjectRef ref="id3DC75CE7-1"/>
|
||||
</Src>
|
||||
@ -734,7 +746,7 @@
|
||||
</When>
|
||||
<PolicyRuleOptions/>
|
||||
</PolicyRule>
|
||||
<PolicyRule id="id2257X35122" disabled="False" log="True" position="3" action="Accept" direction="Both" comment="Firewall uses one of the machines on internal network for DNS">
|
||||
<PolicyRule id="id2257X35122" disabled="False" group="" log="True" position="3" action="Accept" direction="Both" comment="Firewall uses one of the machines on internal network for DNS">
|
||||
<Src neg="False">
|
||||
<ObjectRef ref="id2198X35122"/>
|
||||
</Src>
|
||||
@ -752,7 +764,7 @@
|
||||
</When>
|
||||
<PolicyRuleOptions/>
|
||||
</PolicyRule>
|
||||
<PolicyRule id="id2269X35122" disabled="False" log="True" position="4" action="Deny" direction="Both" comment="All other attempts to connect to the firewall are denied and logged">
|
||||
<PolicyRule id="id2269X35122" disabled="False" group="" log="True" position="4" action="Deny" direction="Both" comment="All other attempts to connect to the firewall are denied and logged">
|
||||
<Src neg="False">
|
||||
<ObjectRef ref="sysid0"/>
|
||||
</Src>
|
||||
@ -770,7 +782,7 @@
|
||||
</When>
|
||||
<PolicyRuleOptions/>
|
||||
</PolicyRule>
|
||||
<PolicyRule id="id2281X35122" disabled="False" log="False" position="5" action="Accept" direction="Both" comment="">
|
||||
<PolicyRule id="id2281X35122" disabled="False" group="" log="False" position="5" action="Accept" direction="Both" comment="">
|
||||
<Src neg="False">
|
||||
<ObjectRef ref="id3DC75CE7-1"/>
|
||||
</Src>
|
||||
@ -788,7 +800,7 @@
|
||||
</When>
|
||||
<PolicyRuleOptions/>
|
||||
</PolicyRule>
|
||||
<PolicyRule id="id2293X35122" disabled="False" log="True" position="6" action="Deny" direction="Both" comment="">
|
||||
<PolicyRule id="id2293X35122" disabled="False" group="" log="True" position="6" action="Deny" direction="Both" comment="">
|
||||
<Src neg="False">
|
||||
<ObjectRef ref="sysid0"/>
|
||||
</Src>
|
||||
@ -871,7 +883,7 @@
|
||||
</Firewall>
|
||||
<Firewall id="id2427X41369" host_OS="linux24" inactive="False" lastCompiled="1279119543" lastInstalled="0" lastModified="1263678441" platform="iptables" version="" name="test3" comment="This firewall has two interfaces. Eth0 faces outside and has a dynamic address; eth1 faces inside. Policy includes basic rules to permit unrestricted outbound access and anti-spoofing rules. Access to the firewall is permitted only from internal network and only using SSH. The firewall uses one of the machines on internal network for DNS. Internal network is configured with address 192.168.1.0/255.255.255.0" ro="False">
|
||||
<NAT id="id2535X41369" name="NAT" comment="" ro="False" ipv4_rule_set="False" ipv6_rule_set="False" top_rule_set="True">
|
||||
<NATRule id="id2536X41369" disabled="False" position="0" action="Translate" comment="">
|
||||
<NATRule id="id2536X41369" disabled="False" group="" position="0" action="Translate" comment="">
|
||||
<OSrc neg="False">
|
||||
<ObjectRef ref="id3DC75CE7-1"/>
|
||||
</OSrc>
|
||||
@ -890,12 +902,18 @@
|
||||
<TSrv neg="False">
|
||||
<ServiceRef ref="sysid1"/>
|
||||
</TSrv>
|
||||
<ItfInb neg="False">
|
||||
<ObjectRef ref="sysid0"/>
|
||||
</ItfInb>
|
||||
<ItfOutb neg="False">
|
||||
<ObjectRef ref="sysid0"/>
|
||||
</ItfOutb>
|
||||
<NATRuleOptions/>
|
||||
</NATRule>
|
||||
<RuleSetOptions/>
|
||||
</NAT>
|
||||
<Policy id="id2448X41369" name="Policy" comment="" ro="False" ipv4_rule_set="False" ipv6_rule_set="False" top_rule_set="True">
|
||||
<PolicyRule id="id2449X41369" disabled="False" log="True" position="0" action="Deny" direction="Inbound" comment="anti spoofing rule">
|
||||
<PolicyRule id="id2449X41369" disabled="False" group="" log="True" position="0" action="Deny" direction="Inbound" comment="anti spoofing rule">
|
||||
<Src neg="False">
|
||||
<ObjectRef ref="id2427X41369"/>
|
||||
<ObjectRef ref="id3DC75CE7-1"/>
|
||||
@ -914,7 +932,7 @@
|
||||
</When>
|
||||
<PolicyRuleOptions/>
|
||||
</PolicyRule>
|
||||
<PolicyRule id="id2462X41369" disabled="False" log="False" position="1" action="Accept" direction="Both" comment="">
|
||||
<PolicyRule id="id2462X41369" disabled="False" group="" log="False" position="1" action="Accept" direction="Both" comment="">
|
||||
<Src neg="False">
|
||||
<ObjectRef ref="sysid0"/>
|
||||
</Src>
|
||||
@ -932,7 +950,7 @@
|
||||
</When>
|
||||
<PolicyRuleOptions/>
|
||||
</PolicyRule>
|
||||
<PolicyRule id="id2474X41369" disabled="False" log="False" position="2" action="Accept" direction="Both" comment="SSH Access to firewall is permitted only from internal network">
|
||||
<PolicyRule id="id2474X41369" disabled="False" group="" log="False" position="2" action="Accept" direction="Both" comment="SSH Access to firewall is permitted only from internal network">
|
||||
<Src neg="False">
|
||||
<ObjectRef ref="id3DC75CE7-1"/>
|
||||
</Src>
|
||||
@ -950,7 +968,7 @@
|
||||
</When>
|
||||
<PolicyRuleOptions/>
|
||||
</PolicyRule>
|
||||
<PolicyRule id="id2486X41369" disabled="False" log="True" position="3" action="Accept" direction="Both" comment="Firewall uses one of the machines on internal network for DNS">
|
||||
<PolicyRule id="id2486X41369" disabled="False" group="" log="True" position="3" action="Accept" direction="Both" comment="Firewall uses one of the machines on internal network for DNS">
|
||||
<Src neg="False">
|
||||
<ObjectRef ref="id2427X41369"/>
|
||||
</Src>
|
||||
@ -968,7 +986,7 @@
|
||||
</When>
|
||||
<PolicyRuleOptions/>
|
||||
</PolicyRule>
|
||||
<PolicyRule id="id2498X41369" disabled="False" log="True" position="4" action="Deny" direction="Both" comment="All other attempts to connect to the firewall are denied and logged">
|
||||
<PolicyRule id="id2498X41369" disabled="False" group="" log="True" position="4" action="Deny" direction="Both" comment="All other attempts to connect to the firewall are denied and logged">
|
||||
<Src neg="False">
|
||||
<ObjectRef ref="sysid0"/>
|
||||
</Src>
|
||||
@ -986,7 +1004,7 @@
|
||||
</When>
|
||||
<PolicyRuleOptions/>
|
||||
</PolicyRule>
|
||||
<PolicyRule id="id2510X41369" disabled="False" log="False" position="5" action="Accept" direction="Both" comment="">
|
||||
<PolicyRule id="id2510X41369" disabled="False" group="" log="False" position="5" action="Accept" direction="Both" comment="">
|
||||
<Src neg="False">
|
||||
<ObjectRef ref="id3DC75CE7-1"/>
|
||||
</Src>
|
||||
@ -1004,7 +1022,7 @@
|
||||
</When>
|
||||
<PolicyRuleOptions/>
|
||||
</PolicyRule>
|
||||
<PolicyRule id="id2522X41369" disabled="False" log="True" position="6" action="Deny" direction="Both" comment="">
|
||||
<PolicyRule id="id2522X41369" disabled="False" group="" log="True" position="6" action="Deny" direction="Both" comment="">
|
||||
<Src neg="False">
|
||||
<ObjectRef ref="sysid0"/>
|
||||
</Src>
|
||||
@ -1087,7 +1105,7 @@
|
||||
</Firewall>
|
||||
<Firewall id="id2560X41369" host_OS="linux24" inactive="False" lastCompiled="1279119543" lastInstalled="0" lastModified="1263678446" platform="iptables" version="" name="test4" comment="This firewall has two interfaces. Eth0 faces outside and has a dynamic address; eth1 faces inside. Policy includes basic rules to permit unrestricted outbound access and anti-spoofing rules. Access to the firewall is permitted only from internal network and only using SSH. The firewall uses one of the machines on internal network for DNS. Internal network is configured with address 192.168.1.0/255.255.255.0" ro="False">
|
||||
<NAT id="id2668X41369" name="NAT" comment="" ro="False" ipv4_rule_set="False" ipv6_rule_set="False" top_rule_set="True">
|
||||
<NATRule id="id2669X41369" disabled="False" position="0" action="Translate" comment="">
|
||||
<NATRule id="id2669X41369" disabled="False" group="" position="0" action="Translate" comment="">
|
||||
<OSrc neg="False">
|
||||
<ObjectRef ref="id3DC75CE7-1"/>
|
||||
</OSrc>
|
||||
@ -1106,12 +1124,18 @@
|
||||
<TSrv neg="False">
|
||||
<ServiceRef ref="sysid1"/>
|
||||
</TSrv>
|
||||
<ItfInb neg="False">
|
||||
<ObjectRef ref="sysid0"/>
|
||||
</ItfInb>
|
||||
<ItfOutb neg="False">
|
||||
<ObjectRef ref="sysid0"/>
|
||||
</ItfOutb>
|
||||
<NATRuleOptions/>
|
||||
</NATRule>
|
||||
<RuleSetOptions/>
|
||||
</NAT>
|
||||
<Policy id="id2581X41369" name="Policy" comment="" ro="False" ipv4_rule_set="False" ipv6_rule_set="False" top_rule_set="True">
|
||||
<PolicyRule id="id2582X41369" disabled="False" log="True" position="0" action="Deny" direction="Inbound" comment="anti spoofing rule">
|
||||
<PolicyRule id="id2582X41369" disabled="False" group="" log="True" position="0" action="Deny" direction="Inbound" comment="anti spoofing rule">
|
||||
<Src neg="False">
|
||||
<ObjectRef ref="id2560X41369"/>
|
||||
<ObjectRef ref="id3DC75CE7-1"/>
|
||||
@ -1130,7 +1154,7 @@
|
||||
</When>
|
||||
<PolicyRuleOptions/>
|
||||
</PolicyRule>
|
||||
<PolicyRule id="id2595X41369" disabled="False" log="False" position="1" action="Accept" direction="Both" comment="">
|
||||
<PolicyRule id="id2595X41369" disabled="False" group="" log="False" position="1" action="Accept" direction="Both" comment="">
|
||||
<Src neg="False">
|
||||
<ObjectRef ref="sysid0"/>
|
||||
</Src>
|
||||
@ -1148,7 +1172,7 @@
|
||||
</When>
|
||||
<PolicyRuleOptions/>
|
||||
</PolicyRule>
|
||||
<PolicyRule id="id2607X41369" disabled="False" log="False" position="2" action="Accept" direction="Both" comment="SSH Access to firewall is permitted only from internal network">
|
||||
<PolicyRule id="id2607X41369" disabled="False" group="" log="False" position="2" action="Accept" direction="Both" comment="SSH Access to firewall is permitted only from internal network">
|
||||
<Src neg="False">
|
||||
<ObjectRef ref="id3DC75CE7-1"/>
|
||||
</Src>
|
||||
@ -1166,7 +1190,7 @@
|
||||
</When>
|
||||
<PolicyRuleOptions/>
|
||||
</PolicyRule>
|
||||
<PolicyRule id="id2619X41369" disabled="False" log="True" position="3" action="Accept" direction="Both" comment="Firewall uses one of the machines on internal network for DNS">
|
||||
<PolicyRule id="id2619X41369" disabled="False" group="" log="True" position="3" action="Accept" direction="Both" comment="Firewall uses one of the machines on internal network for DNS">
|
||||
<Src neg="False">
|
||||
<ObjectRef ref="id2560X41369"/>
|
||||
</Src>
|
||||
@ -1184,7 +1208,7 @@
|
||||
</When>
|
||||
<PolicyRuleOptions/>
|
||||
</PolicyRule>
|
||||
<PolicyRule id="id2631X41369" disabled="False" log="True" position="4" action="Deny" direction="Both" comment="All other attempts to connect to the firewall are denied and logged">
|
||||
<PolicyRule id="id2631X41369" disabled="False" group="" log="True" position="4" action="Deny" direction="Both" comment="All other attempts to connect to the firewall are denied and logged">
|
||||
<Src neg="False">
|
||||
<ObjectRef ref="sysid0"/>
|
||||
</Src>
|
||||
@ -1202,7 +1226,7 @@
|
||||
</When>
|
||||
<PolicyRuleOptions/>
|
||||
</PolicyRule>
|
||||
<PolicyRule id="id2643X41369" disabled="False" log="False" position="5" action="Accept" direction="Both" comment="">
|
||||
<PolicyRule id="id2643X41369" disabled="False" group="" log="False" position="5" action="Accept" direction="Both" comment="">
|
||||
<Src neg="False">
|
||||
<ObjectRef ref="id3DC75CE7-1"/>
|
||||
</Src>
|
||||
@ -1220,7 +1244,7 @@
|
||||
</When>
|
||||
<PolicyRuleOptions/>
|
||||
</PolicyRule>
|
||||
<PolicyRule id="id2655X41369" disabled="False" log="True" position="6" action="Deny" direction="Both" comment="">
|
||||
<PolicyRule id="id2655X41369" disabled="False" group="" log="True" position="6" action="Deny" direction="Both" comment="">
|
||||
<Src neg="False">
|
||||
<ObjectRef ref="sysid0"/>
|
||||
</Src>
|
||||
@ -1303,7 +1327,7 @@
|
||||
</Firewall>
|
||||
<Firewall id="id5323X19499" host_OS="linux24" inactive="False" lastCompiled="1279119527" lastInstalled="0" lastModified="1268942652" platform="iptables" version="" name="firewall name" comment="Similar to fw 1, but the firewall is used as DHCP and DNS server for internal network. This firewall has two interfaces. Eth0 faces outside and has a dynamic address; eth1 faces inside. Policy includes basic rules to permit unrestricted outbound access and anti-spoofing rules. Access to the firewall is permitted only from internal network and only using SSH. The firewall can send DNS queries to servers out on the Internet. Another rule permits DNS queries from internal network to the firewall. Special rules permit DHCP requests from internal network and replies sent by the firewall." ro="False">
|
||||
<NAT id="id5344X19499" name="NAT" comment="" ro="False" ipv4_rule_set="False" ipv6_rule_set="False" top_rule_set="True">
|
||||
<NATRule id="id5346X19499" disabled="False" position="0" action="Translate" comment="">
|
||||
<NATRule id="id5346X19499" disabled="False" group="" position="0" action="Translate" comment="">
|
||||
<OSrc neg="False">
|
||||
<ObjectRef ref="id3DC75CE7-1"/>
|
||||
</OSrc>
|
||||
@ -1322,12 +1346,18 @@
|
||||
<TSrv neg="False">
|
||||
<ServiceRef ref="sysid1"/>
|
||||
</TSrv>
|
||||
<ItfInb neg="False">
|
||||
<ObjectRef ref="sysid0"/>
|
||||
</ItfInb>
|
||||
<ItfOutb neg="False">
|
||||
<ObjectRef ref="sysid0"/>
|
||||
</ItfOutb>
|
||||
<NATRuleOptions/>
|
||||
</NATRule>
|
||||
<RuleSetOptions/>
|
||||
</NAT>
|
||||
<Policy id="id5380X19499" name="Policy" comment="" ro="False" ipv4_rule_set="False" ipv6_rule_set="False" top_rule_set="True">
|
||||
<PolicyRule id="id5382X19499" disabled="False" log="True" position="0" action="Deny" direction="Inbound" comment="anti spoofing rule">
|
||||
<PolicyRule id="id5382X19499" disabled="False" group="" log="True" position="0" action="Deny" direction="Inbound" comment="anti spoofing rule">
|
||||
<Src neg="False">
|
||||
<ObjectRef ref="id5323X19499"/>
|
||||
<ObjectRef ref="id3DC75CE7-1"/>
|
||||
@ -1372,7 +1402,7 @@
|
||||
<Option name="ulog_nlgroup">1</Option>
|
||||
</PolicyRuleOptions>
|
||||
</PolicyRule>
|
||||
<PolicyRule id="id5411X19499" disabled="False" log="False" position="1" action="Accept" direction="Both" comment="">
|
||||
<PolicyRule id="id5411X19499" disabled="False" group="" log="False" position="1" action="Accept" direction="Both" comment="">
|
||||
<Src neg="False">
|
||||
<ObjectRef ref="sysid0"/>
|
||||
</Src>
|
||||
@ -1390,7 +1420,7 @@
|
||||
</When>
|
||||
<PolicyRuleOptions/>
|
||||
</PolicyRule>
|
||||
<PolicyRule id="id5439X19499" disabled="False" log="False" position="2" action="Accept" direction="Both" comment="SSH Access to firewall is permitted only from internal network Also firewall serves DNS for internal network">
|
||||
<PolicyRule id="id5439X19499" disabled="False" group="" log="False" position="2" action="Accept" direction="Both" comment="SSH Access to firewall is permitted only from internal network Also firewall serves DNS for internal network">
|
||||
<Src neg="False">
|
||||
<ObjectRef ref="id3DC75CE7-1"/>
|
||||
</Src>
|
||||
@ -1409,7 +1439,7 @@
|
||||
</When>
|
||||
<PolicyRuleOptions/>
|
||||
</PolicyRule>
|
||||
<PolicyRule id="id5468X19499" disabled="False" log="False" position="3" action="Accept" direction="Both" comment="DHCP requests are permitted from internal network">
|
||||
<PolicyRule id="id5468X19499" disabled="False" group="" log="False" position="3" action="Accept" direction="Both" comment="DHCP requests are permitted from internal network">
|
||||
<Src neg="False">
|
||||
<ObjectRef ref="id3DC75CE7-1"/>
|
||||
<ObjectRef ref="id3F6D115D"/>
|
||||
@ -1429,7 +1459,7 @@
|
||||
</When>
|
||||
<PolicyRuleOptions/>
|
||||
</PolicyRule>
|
||||
<PolicyRule id="id5498X19499" disabled="False" log="False" position="4" action="Accept" direction="Both" comment="DHCP replies">
|
||||
<PolicyRule id="id5498X19499" disabled="False" group="" log="False" position="4" action="Accept" direction="Both" comment="DHCP replies">
|
||||
<Src neg="False">
|
||||
<ObjectRef ref="id5323X19499"/>
|
||||
</Src>
|
||||
@ -1447,7 +1477,7 @@
|
||||
</When>
|
||||
<PolicyRuleOptions/>
|
||||
</PolicyRule>
|
||||
<PolicyRule id="id5526X19499" disabled="False" log="False" position="5" action="Accept" direction="Both" comment="Firewall should be able to send DNS queries to the Internet">
|
||||
<PolicyRule id="id5526X19499" disabled="False" group="" log="False" position="5" action="Accept" direction="Both" comment="Firewall should be able to send DNS queries to the Internet">
|
||||
<Src neg="False">
|
||||
<ObjectRef ref="id5323X19499"/>
|
||||
</Src>
|
||||
@ -1465,7 +1495,7 @@
|
||||
</When>
|
||||
<PolicyRuleOptions/>
|
||||
</PolicyRule>
|
||||
<PolicyRule id="id5554X19499" disabled="False" log="True" position="6" action="Deny" direction="Both" comment="All other attempts to connect to the firewall are denied and logged">
|
||||
<PolicyRule id="id5554X19499" disabled="False" group="" log="True" position="6" action="Deny" direction="Both" comment="All other attempts to connect to the firewall are denied and logged">
|
||||
<Src neg="False">
|
||||
<ObjectRef ref="sysid0"/>
|
||||
</Src>
|
||||
@ -1509,7 +1539,7 @@
|
||||
<Option name="ulog_nlgroup">1</Option>
|
||||
</PolicyRuleOptions>
|
||||
</PolicyRule>
|
||||
<PolicyRule id="id5582X19499" disabled="False" log="False" position="7" action="Accept" direction="Both" comment="">
|
||||
<PolicyRule id="id5582X19499" disabled="False" group="" log="False" position="7" action="Accept" direction="Both" comment="">
|
||||
<Src neg="False">
|
||||
<ObjectRef ref="id3DC75CE7-1"/>
|
||||
</Src>
|
||||
@ -1527,7 +1557,7 @@
|
||||
</When>
|
||||
<PolicyRuleOptions/>
|
||||
</PolicyRule>
|
||||
<PolicyRule id="id5610X19499" disabled="False" log="True" position="8" action="Deny" direction="Both" comment="">
|
||||
<PolicyRule id="id5610X19499" disabled="False" group="" log="True" position="8" action="Deny" direction="Both" comment="">
|
||||
<Src neg="False">
|
||||
<ObjectRef ref="sysid0"/>
|
||||
</Src>
|
||||
@ -1637,7 +1667,7 @@
|
||||
</Firewall>
|
||||
<Firewall id="id5639X22322" host_OS="linux24" inactive="False" lastCompiled="0" lastInstalled="0" lastModified="1268942667" platform="iptables" version="" name="firewall !@#$%^&()-+{},;" comment="This firewall has three interfaces. Eth0 faces outside and has a static routable address; eth1 faces inside; eth2 is connected to DMZ subnet. Policy includes basic rules to permit unrestricted outbound access and anti-spoofing rules. Access to the firewall is permitted only from internal network and only using SSH. The firewall uses one of the machines on internal network for DNS. Internal network is configured with address 192.168.1.0/255.255.255.0, DMZ is 192.168.2.0/255.255.255.0. Since DMZ used private IP address, it needs NAT. There is a mail relay host located on DMZ (object 'server on dmz'). Policy rules permit SMTP connections to it from the Internet and allow this server to connect to a host on internal network 'internal server'. All other access from DMZ to internal net is denied. To provide access to the mail relay its private address is mapped to firewall's outside interface address by NAT rule #1." ro="False">
|
||||
<NAT id="id5664X22322" name="NAT" comment="" ro="False" ipv4_rule_set="False" ipv6_rule_set="False" top_rule_set="True">
|
||||
<NATRule id="id5666X22322" disabled="False" position="0" action="Translate" comment="no need to translate between DMZ and internal net">
|
||||
<NATRule id="id5666X22322" disabled="False" group="" position="0" action="Translate" comment="no need to translate between DMZ and internal net">
|
||||
<OSrc neg="False">
|
||||
<ObjectRef ref="id3DC75CE7-2"/>
|
||||
</OSrc>
|
||||
@ -1656,9 +1686,15 @@
|
||||
<TSrv neg="False">
|
||||
<ServiceRef ref="sysid1"/>
|
||||
</TSrv>
|
||||
<ItfInb neg="False">
|
||||
<ObjectRef ref="sysid0"/>
|
||||
</ItfInb>
|
||||
<ItfOutb neg="False">
|
||||
<ObjectRef ref="sysid0"/>
|
||||
</ItfOutb>
|
||||
<NATRuleOptions/>
|
||||
</NATRule>
|
||||
<NATRule id="id5699X22322" disabled="False" position="1" action="Translate" comment="Translate source address for outgoing connections">
|
||||
<NATRule id="id5699X22322" disabled="False" group="" position="1" action="Translate" comment="Translate source address for outgoing connections">
|
||||
<OSrc neg="False">
|
||||
<ObjectRef ref="id3DC75CE7-1"/>
|
||||
<ObjectRef ref="id3DC75CE7-2"/>
|
||||
@ -1678,9 +1714,15 @@
|
||||
<TSrv neg="False">
|
||||
<ServiceRef ref="sysid1"/>
|
||||
</TSrv>
|
||||
<ItfInb neg="False">
|
||||
<ObjectRef ref="sysid0"/>
|
||||
</ItfInb>
|
||||
<ItfOutb neg="False">
|
||||
<ObjectRef ref="sysid0"/>
|
||||
</ItfOutb>
|
||||
<NATRuleOptions/>
|
||||
</NATRule>
|
||||
<NATRule id="id5733X22322" disabled="False" position="2" action="Translate" comment="">
|
||||
<NATRule id="id5733X22322" disabled="False" group="" position="2" action="Translate" comment="">
|
||||
<OSrc neg="False">
|
||||
<ObjectRef ref="sysid0"/>
|
||||
</OSrc>
|
||||
@ -1699,12 +1741,18 @@
|
||||
<TSrv neg="False">
|
||||
<ServiceRef ref="sysid1"/>
|
||||
</TSrv>
|
||||
<ItfInb neg="False">
|
||||
<ObjectRef ref="sysid0"/>
|
||||
</ItfInb>
|
||||
<ItfOutb neg="False">
|
||||
<ObjectRef ref="sysid0"/>
|
||||
</ItfOutb>
|
||||
<NATRuleOptions/>
|
||||
</NATRule>
|
||||
<RuleSetOptions/>
|
||||
</NAT>
|
||||
<Policy id="id5767X22322" name="Policy" comment="" ro="False" ipv4_rule_set="False" ipv6_rule_set="False" top_rule_set="True">
|
||||
<PolicyRule id="id5769X22322" disabled="False" log="True" position="0" action="Deny" direction="Inbound" comment="anti spoofing rule">
|
||||
<PolicyRule id="id5769X22322" disabled="False" group="" log="True" position="0" action="Deny" direction="Inbound" comment="anti spoofing rule">
|
||||
<Src neg="False">
|
||||
<ObjectRef ref="id5639X22322"/>
|
||||
<ObjectRef ref="id3DC75CE7-1"/>
|
||||
@ -1724,7 +1772,7 @@
|
||||
</When>
|
||||
<PolicyRuleOptions/>
|
||||
</PolicyRule>
|
||||
<PolicyRule id="id5799X22322" disabled="False" log="False" position="1" action="Accept" direction="Both" comment="">
|
||||
<PolicyRule id="id5799X22322" disabled="False" group="" log="False" position="1" action="Accept" direction="Both" comment="">
|
||||
<Src neg="False">
|
||||
<ObjectRef ref="sysid0"/>
|
||||
</Src>
|
||||
@ -1742,7 +1790,7 @@
|
||||
</When>
|
||||
<PolicyRuleOptions/>
|
||||
</PolicyRule>
|
||||
<PolicyRule id="id5827X22322" disabled="False" log="False" position="2" action="Accept" direction="Both" comment="SSH Access to firewall is permitted only from internal network">
|
||||
<PolicyRule id="id5827X22322" disabled="False" group="" log="False" position="2" action="Accept" direction="Both" comment="SSH Access to firewall is permitted only from internal network">
|
||||
<Src neg="False">
|
||||
<ObjectRef ref="id3DC75CE7-1"/>
|
||||
</Src>
|
||||
@ -1760,7 +1808,7 @@
|
||||
</When>
|
||||
<PolicyRuleOptions/>
|
||||
</PolicyRule>
|
||||
<PolicyRule id="id5855X22322" disabled="False" log="False" position="3" action="Accept" direction="Both" comment="Firewall uses one of the machines on internal network for DNS">
|
||||
<PolicyRule id="id5855X22322" disabled="False" group="" log="False" position="3" action="Accept" direction="Both" comment="Firewall uses one of the machines on internal network for DNS">
|
||||
<Src neg="False">
|
||||
<ObjectRef ref="id5639X22322"/>
|
||||
</Src>
|
||||
@ -1778,7 +1826,7 @@
|
||||
</When>
|
||||
<PolicyRuleOptions/>
|
||||
</PolicyRule>
|
||||
<PolicyRule id="id5883X22322" disabled="False" log="True" position="4" action="Deny" direction="Both" comment="All other attempts to connect to the firewall are denied and logged">
|
||||
<PolicyRule id="id5883X22322" disabled="False" group="" log="True" position="4" action="Deny" direction="Both" comment="All other attempts to connect to the firewall are denied and logged">
|
||||
<Src neg="False">
|
||||
<ObjectRef ref="sysid0"/>
|
||||
</Src>
|
||||
@ -1796,7 +1844,7 @@
|
||||
</When>
|
||||
<PolicyRuleOptions/>
|
||||
</PolicyRule>
|
||||
<PolicyRule id="id5911X22322" disabled="False" log="False" position="5" action="Reject" direction="Both" comment="Quickly reject attempts to connect to ident server to avoid SMTP delays">
|
||||
<PolicyRule id="id5911X22322" disabled="False" group="" log="False" position="5" action="Reject" direction="Both" comment="Quickly reject attempts to connect to ident server to avoid SMTP delays">
|
||||
<Src neg="False">
|
||||
<ObjectRef ref="sysid0"/>
|
||||
</Src>
|
||||
@ -1840,7 +1888,7 @@
|
||||
<Option name="ulog_nlgroup">1</Option>
|
||||
</PolicyRuleOptions>
|
||||
</PolicyRule>
|
||||
<PolicyRule id="id5939X22322" disabled="False" log="False" position="6" action="Accept" direction="Both" comment="Mail relay on DMZ can accept connections from hosts on the Internet">
|
||||
<PolicyRule id="id5939X22322" disabled="False" group="" log="False" position="6" action="Accept" direction="Both" comment="Mail relay on DMZ can accept connections from hosts on the Internet">
|
||||
<Src neg="False">
|
||||
<ObjectRef ref="sysid0"/>
|
||||
</Src>
|
||||
@ -1858,7 +1906,7 @@
|
||||
</When>
|
||||
<PolicyRuleOptions/>
|
||||
</PolicyRule>
|
||||
<PolicyRule id="id5967X22322" disabled="False" log="False" position="7" action="Accept" direction="Both" comment="this rule permits a mail relay located on DMZ to connect to internal mail server">
|
||||
<PolicyRule id="id5967X22322" disabled="False" group="" log="False" position="7" action="Accept" direction="Both" comment="this rule permits a mail relay located on DMZ to connect to internal mail server">
|
||||
<Src neg="False">
|
||||
<ObjectRef ref="id3D84EECF"/>
|
||||
</Src>
|
||||
@ -1876,7 +1924,7 @@
|
||||
</When>
|
||||
<PolicyRuleOptions/>
|
||||
</PolicyRule>
|
||||
<PolicyRule id="id5995X22322" disabled="False" log="False" position="8" action="Accept" direction="Both" comment="Mail relay needs DNS and can connect to mail servers on the Internet">
|
||||
<PolicyRule id="id5995X22322" disabled="False" group="" log="False" position="8" action="Accept" direction="Both" comment="Mail relay needs DNS and can connect to mail servers on the Internet">
|
||||
<Src neg="False">
|
||||
<ObjectRef ref="id3D84EECF"/>
|
||||
</Src>
|
||||
@ -1895,7 +1943,7 @@
|
||||
</When>
|
||||
<PolicyRuleOptions/>
|
||||
</PolicyRule>
|
||||
<PolicyRule id="id6024X22322" disabled="False" log="True" position="9" action="Deny" direction="Both" comment="All other access from DMZ to internal net is denied">
|
||||
<PolicyRule id="id6024X22322" disabled="False" group="" log="True" position="9" action="Deny" direction="Both" comment="All other access from DMZ to internal net is denied">
|
||||
<Src neg="False">
|
||||
<ObjectRef ref="id3DC75CE7-2"/>
|
||||
</Src>
|
||||
@ -1939,7 +1987,7 @@
|
||||
<Option name="ulog_nlgroup">1</Option>
|
||||
</PolicyRuleOptions>
|
||||
</PolicyRule>
|
||||
<PolicyRule id="id6052X22322" disabled="False" log="False" position="10" action="Accept" direction="Both" comment="This permits access from internal net to the Internet and DMZ">
|
||||
<PolicyRule id="id6052X22322" disabled="False" group="" log="False" position="10" action="Accept" direction="Both" comment="This permits access from internal net to the Internet and DMZ">
|
||||
<Src neg="False">
|
||||
<ObjectRef ref="id3DC75CE7-1"/>
|
||||
</Src>
|
||||
@ -1957,7 +2005,7 @@
|
||||
</When>
|
||||
<PolicyRuleOptions/>
|
||||
</PolicyRule>
|
||||
<PolicyRule id="id6080X22322" disabled="False" log="True" position="11" action="Deny" direction="Both" comment="">
|
||||
<PolicyRule id="id6080X22322" disabled="False" group="" log="True" position="11" action="Deny" direction="Both" comment="">
|
||||
<Src neg="False">
|
||||
<ObjectRef ref="sysid0"/>
|
||||
</Src>
|
||||
@ -2072,7 +2120,7 @@
|
||||
</Firewall>
|
||||
<Firewall id="id6102X22330" host_OS="linux24" inactive="False" lastCompiled="0" lastInstalled="0" lastModified="1268942625" platform="iptables" version="" name="!@#$%^&()-+{},;" comment="This firewall has two interfaces. Eth0 faces outside and has a dynamic address; eth1 faces inside. Policy includes basic rules to permit unrestricted outbound access and anti-spoofing rules. Access to the firewall is permitted only from internal network and only using SSH. The firewall uses one of the machines on internal network for DNS. Internal network is configured with address 192.168.1.0/255.255.255.0" ro="False">
|
||||
<NAT id="id6123X22330" name="NAT" comment="" ro="False" ipv4_rule_set="False" ipv6_rule_set="False" top_rule_set="True">
|
||||
<NATRule id="id6125X22330" disabled="False" position="0" action="Translate" comment="">
|
||||
<NATRule id="id6125X22330" disabled="False" group="" position="0" action="Translate" comment="">
|
||||
<OSrc neg="False">
|
||||
<ObjectRef ref="id3DC75CE7-1"/>
|
||||
</OSrc>
|
||||
@ -2091,12 +2139,18 @@
|
||||
<TSrv neg="False">
|
||||
<ServiceRef ref="sysid1"/>
|
||||
</TSrv>
|
||||
<ItfInb neg="False">
|
||||
<ObjectRef ref="sysid0"/>
|
||||
</ItfInb>
|
||||
<ItfOutb neg="False">
|
||||
<ObjectRef ref="sysid0"/>
|
||||
</ItfOutb>
|
||||
<NATRuleOptions/>
|
||||
</NATRule>
|
||||
<RuleSetOptions/>
|
||||
</NAT>
|
||||
<Policy id="id6159X22330" name="Policy" comment="" ro="False" ipv4_rule_set="False" ipv6_rule_set="False" top_rule_set="True">
|
||||
<PolicyRule id="id6161X22330" disabled="False" log="True" position="0" action="Deny" direction="Inbound" comment="anti spoofing rule">
|
||||
<PolicyRule id="id6161X22330" disabled="False" group="" log="True" position="0" action="Deny" direction="Inbound" comment="anti spoofing rule">
|
||||
<Src neg="False">
|
||||
<ObjectRef ref="id6102X22330"/>
|
||||
<ObjectRef ref="id3DC75CE7-1"/>
|
||||
@ -2141,7 +2195,7 @@
|
||||
<Option name="ulog_nlgroup">1</Option>
|
||||
</PolicyRuleOptions>
|
||||
</PolicyRule>
|
||||
<PolicyRule id="id6190X22330" disabled="False" log="False" position="1" action="Accept" direction="Both" comment="">
|
||||
<PolicyRule id="id6190X22330" disabled="False" group="" log="False" position="1" action="Accept" direction="Both" comment="">
|
||||
<Src neg="False">
|
||||
<ObjectRef ref="sysid0"/>
|
||||
</Src>
|
||||
@ -2159,7 +2213,7 @@
|
||||
</When>
|
||||
<PolicyRuleOptions/>
|
||||
</PolicyRule>
|
||||
<PolicyRule id="id6218X22330" disabled="False" log="False" position="2" action="Accept" direction="Both" comment="SSH Access to firewall is permitted only from internal network">
|
||||
<PolicyRule id="id6218X22330" disabled="False" group="" log="False" position="2" action="Accept" direction="Both" comment="SSH Access to firewall is permitted only from internal network">
|
||||
<Src neg="False">
|
||||
<ObjectRef ref="id3DC75CE7-1"/>
|
||||
</Src>
|
||||
@ -2177,7 +2231,7 @@
|
||||
</When>
|
||||
<PolicyRuleOptions/>
|
||||
</PolicyRule>
|
||||
<PolicyRule id="id6246X22330" disabled="False" log="False" position="3" action="Accept" direction="Both" comment="Firewall uses one of the machines on internal network for DNS">
|
||||
<PolicyRule id="id6246X22330" disabled="False" group="" log="False" position="3" action="Accept" direction="Both" comment="Firewall uses one of the machines on internal network for DNS">
|
||||
<Src neg="False">
|
||||
<ObjectRef ref="id6102X22330"/>
|
||||
</Src>
|
||||
@ -2195,7 +2249,7 @@
|
||||
</When>
|
||||
<PolicyRuleOptions/>
|
||||
</PolicyRule>
|
||||
<PolicyRule id="id6274X22330" disabled="False" log="True" position="4" action="Deny" direction="Both" comment="All other attempts to connect to the firewall are denied and logged">
|
||||
<PolicyRule id="id6274X22330" disabled="False" group="" log="True" position="4" action="Deny" direction="Both" comment="All other attempts to connect to the firewall are denied and logged">
|
||||
<Src neg="False">
|
||||
<ObjectRef ref="sysid0"/>
|
||||
</Src>
|
||||
@ -2239,7 +2293,7 @@
|
||||
<Option name="ulog_nlgroup">1</Option>
|
||||
</PolicyRuleOptions>
|
||||
</PolicyRule>
|
||||
<PolicyRule id="id6302X22330" disabled="False" log="False" position="5" action="Accept" direction="Both" comment="">
|
||||
<PolicyRule id="id6302X22330" disabled="False" group="" log="False" position="5" action="Accept" direction="Both" comment="">
|
||||
<Src neg="False">
|
||||
<ObjectRef ref="id3DC75CE7-1"/>
|
||||
</Src>
|
||||
@ -2257,7 +2311,7 @@
|
||||
</When>
|
||||
<PolicyRuleOptions/>
|
||||
</PolicyRule>
|
||||
<PolicyRule id="id6330X22330" disabled="False" log="True" position="6" action="Deny" direction="Both" comment="">
|
||||
<PolicyRule id="id6330X22330" disabled="False" group="" log="True" position="6" action="Deny" direction="Both" comment="">
|
||||
<Src neg="False">
|
||||
<ObjectRef ref="sysid0"/>
|
||||
</Src>
|
||||
@ -2367,7 +2421,7 @@
|
||||
</Firewall>
|
||||
<Firewall id="id6362X22937" host_OS="linux24" inactive="False" lastCompiled="0" lastInstalled="0" lastModified="1268942652" platform="iptables" version="" name="русский фаерволл" comment="Similar to fw 1, but the firewall is used as DHCP and DNS server for internal network. This firewall has two interfaces. Eth0 faces outside and has a dynamic address; eth1 faces inside. Policy includes basic rules to permit unrestricted outbound access and anti-spoofing rules. Access to the firewall is permitted only from internal network and only using SSH. The firewall can send DNS queries to servers out on the Internet. Another rule permits DNS queries from internal network to the firewall. Special rules permit DHCP requests from internal network and replies sent by the firewall." ro="False">
|
||||
<NAT id="id6383X22937" name="NAT" comment="" ro="False" ipv4_rule_set="False" ipv6_rule_set="False" top_rule_set="True">
|
||||
<NATRule id="id6385X22937" disabled="False" position="0" action="Translate" comment="">
|
||||
<NATRule id="id6385X22937" disabled="False" group="" position="0" action="Translate" comment="">
|
||||
<OSrc neg="False">
|
||||
<ObjectRef ref="id3DC75CE7-1"/>
|
||||
</OSrc>
|
||||
@ -2386,12 +2440,18 @@
|
||||
<TSrv neg="False">
|
||||
<ServiceRef ref="sysid1"/>
|
||||
</TSrv>
|
||||
<ItfInb neg="False">
|
||||
<ObjectRef ref="sysid0"/>
|
||||
</ItfInb>
|
||||
<ItfOutb neg="False">
|
||||
<ObjectRef ref="sysid0"/>
|
||||
</ItfOutb>
|
||||
<NATRuleOptions/>
|
||||
</NATRule>
|
||||
<RuleSetOptions/>
|
||||
</NAT>
|
||||
<Policy id="id6419X22937" name="Policy" comment="" ro="False" ipv4_rule_set="False" ipv6_rule_set="False" top_rule_set="True">
|
||||
<PolicyRule id="id6421X22937" disabled="False" log="True" position="0" action="Deny" direction="Inbound" comment="anti spoofing rule">
|
||||
<PolicyRule id="id6421X22937" disabled="False" group="" log="True" position="0" action="Deny" direction="Inbound" comment="anti spoofing rule">
|
||||
<Src neg="False">
|
||||
<ObjectRef ref="id6362X22937"/>
|
||||
<ObjectRef ref="id3DC75CE7-1"/>
|
||||
@ -2436,7 +2496,7 @@
|
||||
<Option name="ulog_nlgroup">1</Option>
|
||||
</PolicyRuleOptions>
|
||||
</PolicyRule>
|
||||
<PolicyRule id="id6450X22937" disabled="False" log="False" position="1" action="Accept" direction="Both" comment="">
|
||||
<PolicyRule id="id6450X22937" disabled="False" group="" log="False" position="1" action="Accept" direction="Both" comment="">
|
||||
<Src neg="False">
|
||||
<ObjectRef ref="sysid0"/>
|
||||
</Src>
|
||||
@ -2454,7 +2514,7 @@
|
||||
</When>
|
||||
<PolicyRuleOptions/>
|
||||
</PolicyRule>
|
||||
<PolicyRule id="id6478X22937" disabled="False" log="False" position="2" action="Accept" direction="Both" comment="SSH Access to firewall is permitted only from internal network Also firewall serves DNS for internal network">
|
||||
<PolicyRule id="id6478X22937" disabled="False" group="" log="False" position="2" action="Accept" direction="Both" comment="SSH Access to firewall is permitted only from internal network Also firewall serves DNS for internal network">
|
||||
<Src neg="False">
|
||||
<ObjectRef ref="id3DC75CE7-1"/>
|
||||
</Src>
|
||||
@ -2473,7 +2533,7 @@
|
||||
</When>
|
||||
<PolicyRuleOptions/>
|
||||
</PolicyRule>
|
||||
<PolicyRule id="id6507X22937" disabled="False" log="False" position="3" action="Accept" direction="Both" comment="DHCP requests are permitted from internal network">
|
||||
<PolicyRule id="id6507X22937" disabled="False" group="" log="False" position="3" action="Accept" direction="Both" comment="DHCP requests are permitted from internal network">
|
||||
<Src neg="False">
|
||||
<ObjectRef ref="id3DC75CE7-1"/>
|
||||
<ObjectRef ref="id3F6D115D"/>
|
||||
@ -2493,7 +2553,7 @@
|
||||
</When>
|
||||
<PolicyRuleOptions/>
|
||||
</PolicyRule>
|
||||
<PolicyRule id="id6537X22937" disabled="False" log="False" position="4" action="Accept" direction="Both" comment="DHCP replies">
|
||||
<PolicyRule id="id6537X22937" disabled="False" group="" log="False" position="4" action="Accept" direction="Both" comment="DHCP replies">
|
||||
<Src neg="False">
|
||||
<ObjectRef ref="id6362X22937"/>
|
||||
</Src>
|
||||
@ -2511,7 +2571,7 @@
|
||||
</When>
|
||||
<PolicyRuleOptions/>
|
||||
</PolicyRule>
|
||||
<PolicyRule id="id6565X22937" disabled="False" log="False" position="5" action="Accept" direction="Both" comment="Firewall should be able to send DNS queries to the Internet">
|
||||
<PolicyRule id="id6565X22937" disabled="False" group="" log="False" position="5" action="Accept" direction="Both" comment="Firewall should be able to send DNS queries to the Internet">
|
||||
<Src neg="False">
|
||||
<ObjectRef ref="id6362X22937"/>
|
||||
</Src>
|
||||
@ -2529,7 +2589,7 @@
|
||||
</When>
|
||||
<PolicyRuleOptions/>
|
||||
</PolicyRule>
|
||||
<PolicyRule id="id6593X22937" disabled="False" log="True" position="6" action="Deny" direction="Both" comment="All other attempts to connect to the firewall are denied and logged">
|
||||
<PolicyRule id="id6593X22937" disabled="False" group="" log="True" position="6" action="Deny" direction="Both" comment="All other attempts to connect to the firewall are denied and logged">
|
||||
<Src neg="False">
|
||||
<ObjectRef ref="sysid0"/>
|
||||
</Src>
|
||||
@ -2573,7 +2633,7 @@
|
||||
<Option name="ulog_nlgroup">1</Option>
|
||||
</PolicyRuleOptions>
|
||||
</PolicyRule>
|
||||
<PolicyRule id="id6621X22937" disabled="False" log="False" position="7" action="Accept" direction="Both" comment="">
|
||||
<PolicyRule id="id6621X22937" disabled="False" group="" log="False" position="7" action="Accept" direction="Both" comment="">
|
||||
<Src neg="False">
|
||||
<ObjectRef ref="id3DC75CE7-1"/>
|
||||
</Src>
|
||||
@ -2591,7 +2651,7 @@
|
||||
</When>
|
||||
<PolicyRuleOptions/>
|
||||
</PolicyRule>
|
||||
<PolicyRule id="id6649X22937" disabled="False" log="True" position="8" action="Deny" direction="Both" comment="">
|
||||
<PolicyRule id="id6649X22937" disabled="False" group="" log="True" position="8" action="Deny" direction="Both" comment="">
|
||||
<Src neg="False">
|
||||
<ObjectRef ref="sysid0"/>
|
||||
</Src>
|
||||
|
||||
@ -1,6 +1,6 @@
|
||||
<?xml version="1.0" encoding="utf-8"?>
|
||||
<!DOCTYPE FWObjectDatabase SYSTEM "fwbuilder.dtd">
|
||||
<FWObjectDatabase xmlns="http://www.fwbuilder.org/1.0/" version="17" lastModified="1263678434" id="root">
|
||||
<FWObjectDatabase xmlns="http://www.fwbuilder.org/1.0/" version="18" lastModified="1263678434" id="root">
|
||||
<Library id="syslib000" color="#d4f8ff" name="Standard" comment="Standard objects" ro="True">
|
||||
<AnyNetwork id="sysid0" name="Any" comment="Any Network" ro="False" address="0.0.0.0" netmask="0.0.0.0"/>
|
||||
<AnyIPService id="sysid1" protocol_num="0" name="Any" comment="Any IP Service" ro="False"/>
|
||||
@ -437,7 +437,7 @@
|
||||
<ObjectGroup id="id14951X3268" name="Firewalls" comment="" ro="False">
|
||||
<Firewall id="id16544X3268" host_OS="linux24" inactive="False" lastCompiled="1263673489" lastInstalled="0" lastModified="1263673477" platform="iptables" version="" name="test1" comment="This firewall has two interfaces. Eth0 faces outside and has a dynamic address; eth1 faces inside. Policy includes basic rules to permit unrestricted outbound access and anti-spoofing rules. Access to the firewall is permitted only from internal network and only using SSH. The firewall uses one of the machines on internal network for DNS. Internal network is configured with address 192.168.1.0/255.255.255.0" ro="False">
|
||||
<NAT id="id16565X3268" name="NAT" comment="" ro="False" ipv4_rule_set="False" ipv6_rule_set="False" top_rule_set="True">
|
||||
<NATRule id="id16567X3268" disabled="False" position="0" action="Translate" comment="">
|
||||
<NATRule id="id16567X3268" disabled="False" group="" position="0" action="Translate" comment="">
|
||||
<OSrc neg="False">
|
||||
<ObjectRef ref="id3DC75CE7-1"/>
|
||||
</OSrc>
|
||||
@ -456,12 +456,18 @@
|
||||
<TSrv neg="False">
|
||||
<ServiceRef ref="sysid1"/>
|
||||
</TSrv>
|
||||
<ItfInb neg="False">
|
||||
<ObjectRef ref="sysid0"/>
|
||||
</ItfInb>
|
||||
<ItfOutb neg="False">
|
||||
<ObjectRef ref="sysid0"/>
|
||||
</ItfOutb>
|
||||
<NATRuleOptions/>
|
||||
</NATRule>
|
||||
<RuleSetOptions/>
|
||||
</NAT>
|
||||
<Policy id="id16601X3268" name="Policy" comment="" ro="False" ipv4_rule_set="False" ipv6_rule_set="False" top_rule_set="True">
|
||||
<PolicyRule id="id16603X3268" disabled="False" log="True" position="0" action="Deny" direction="Inbound" comment="anti spoofing rule">
|
||||
<PolicyRule id="id16603X3268" disabled="False" group="" log="True" position="0" action="Deny" direction="Inbound" comment="anti spoofing rule">
|
||||
<Src neg="False">
|
||||
<ObjectRef ref="id16544X3268"/>
|
||||
<ObjectRef ref="id3DC75CE7-1"/>
|
||||
@ -480,7 +486,7 @@
|
||||
</When>
|
||||
<PolicyRuleOptions/>
|
||||
</PolicyRule>
|
||||
<PolicyRule id="id16632X3268" disabled="False" log="False" position="1" action="Accept" direction="Both" comment="">
|
||||
<PolicyRule id="id16632X3268" disabled="False" group="" log="False" position="1" action="Accept" direction="Both" comment="">
|
||||
<Src neg="False">
|
||||
<ObjectRef ref="sysid0"/>
|
||||
</Src>
|
||||
@ -498,7 +504,7 @@
|
||||
</When>
|
||||
<PolicyRuleOptions/>
|
||||
</PolicyRule>
|
||||
<PolicyRule id="id16660X3268" disabled="False" log="False" position="2" action="Accept" direction="Both" comment="SSH Access to firewall is permitted only from internal network">
|
||||
<PolicyRule id="id16660X3268" disabled="False" group="" log="False" position="2" action="Accept" direction="Both" comment="SSH Access to firewall is permitted only from internal network">
|
||||
<Src neg="False">
|
||||
<ObjectRef ref="id3DC75CE7-1"/>
|
||||
</Src>
|
||||
@ -516,7 +522,7 @@
|
||||
</When>
|
||||
<PolicyRuleOptions/>
|
||||
</PolicyRule>
|
||||
<PolicyRule id="id16688X3268" disabled="False" log="True" position="3" action="Accept" direction="Both" comment="Firewall uses one of the machines on internal network for DNS">
|
||||
<PolicyRule id="id16688X3268" disabled="False" group="" log="True" position="3" action="Accept" direction="Both" comment="Firewall uses one of the machines on internal network for DNS">
|
||||
<Src neg="False">
|
||||
<ObjectRef ref="id16544X3268"/>
|
||||
</Src>
|
||||
@ -534,7 +540,7 @@
|
||||
</When>
|
||||
<PolicyRuleOptions/>
|
||||
</PolicyRule>
|
||||
<PolicyRule id="id16716X3268" disabled="False" log="True" position="4" action="Deny" direction="Both" comment="All other attempts to connect to the firewall are denied and logged">
|
||||
<PolicyRule id="id16716X3268" disabled="False" group="" log="True" position="4" action="Deny" direction="Both" comment="All other attempts to connect to the firewall are denied and logged">
|
||||
<Src neg="False">
|
||||
<ObjectRef ref="sysid0"/>
|
||||
</Src>
|
||||
@ -552,7 +558,7 @@
|
||||
</When>
|
||||
<PolicyRuleOptions/>
|
||||
</PolicyRule>
|
||||
<PolicyRule id="id16744X3268" disabled="False" log="False" position="5" action="Accept" direction="Both" comment="">
|
||||
<PolicyRule id="id16744X3268" disabled="False" group="" log="False" position="5" action="Accept" direction="Both" comment="">
|
||||
<Src neg="False">
|
||||
<ObjectRef ref="id3DC75CE7-1"/>
|
||||
</Src>
|
||||
@ -570,7 +576,7 @@
|
||||
</When>
|
||||
<PolicyRuleOptions/>
|
||||
</PolicyRule>
|
||||
<PolicyRule id="id16772X3268" disabled="False" log="True" position="6" action="Deny" direction="Both" comment="">
|
||||
<PolicyRule id="id16772X3268" disabled="False" group="" log="True" position="6" action="Deny" direction="Both" comment="">
|
||||
<Src neg="False">
|
||||
<ObjectRef ref="sysid0"/>
|
||||
</Src>
|
||||
@ -653,7 +659,7 @@
|
||||
</Firewall>
|
||||
<Firewall id="id2198X35122" host_OS="linux24" inactive="False" lastCompiled="0" lastInstalled="0" lastModified="1263673484" platform="iptables" version="" name="test2" comment="This firewall has two interfaces. Eth0 faces outside and has a dynamic address; eth1 faces inside. Policy includes basic rules to permit unrestricted outbound access and anti-spoofing rules. Access to the firewall is permitted only from internal network and only using SSH. The firewall uses one of the machines on internal network for DNS. Internal network is configured with address 192.168.1.0/255.255.255.0" ro="False">
|
||||
<NAT id="id2306X35122" name="NAT" comment="" ro="False" ipv4_rule_set="False" ipv6_rule_set="False" top_rule_set="True">
|
||||
<NATRule id="id2307X35122" disabled="False" position="0" action="Translate" comment="">
|
||||
<NATRule id="id2307X35122" disabled="False" group="" position="0" action="Translate" comment="">
|
||||
<OSrc neg="False">
|
||||
<ObjectRef ref="id3DC75CE7-1"/>
|
||||
</OSrc>
|
||||
@ -672,12 +678,18 @@
|
||||
<TSrv neg="False">
|
||||
<ServiceRef ref="sysid1"/>
|
||||
</TSrv>
|
||||
<ItfInb neg="False">
|
||||
<ObjectRef ref="sysid0"/>
|
||||
</ItfInb>
|
||||
<ItfOutb neg="False">
|
||||
<ObjectRef ref="sysid0"/>
|
||||
</ItfOutb>
|
||||
<NATRuleOptions/>
|
||||
</NATRule>
|
||||
<RuleSetOptions/>
|
||||
</NAT>
|
||||
<Policy id="id2219X35122" name="Policy" comment="" ro="False" ipv4_rule_set="False" ipv6_rule_set="False" top_rule_set="True">
|
||||
<PolicyRule id="id2220X35122" disabled="False" log="True" position="0" action="Deny" direction="Inbound" comment="anti spoofing rule">
|
||||
<PolicyRule id="id2220X35122" disabled="False" group="" log="True" position="0" action="Deny" direction="Inbound" comment="anti spoofing rule">
|
||||
<Src neg="False">
|
||||
<ObjectRef ref="id2198X35122"/>
|
||||
<ObjectRef ref="id3DC75CE7-1"/>
|
||||
@ -696,7 +708,7 @@
|
||||
</When>
|
||||
<PolicyRuleOptions/>
|
||||
</PolicyRule>
|
||||
<PolicyRule id="id2233X35122" disabled="False" log="False" position="1" action="Accept" direction="Both" comment="">
|
||||
<PolicyRule id="id2233X35122" disabled="False" group="" log="False" position="1" action="Accept" direction="Both" comment="">
|
||||
<Src neg="False">
|
||||
<ObjectRef ref="sysid0"/>
|
||||
</Src>
|
||||
@ -714,7 +726,7 @@
|
||||
</When>
|
||||
<PolicyRuleOptions/>
|
||||
</PolicyRule>
|
||||
<PolicyRule id="id2245X35122" disabled="False" log="False" position="2" action="Accept" direction="Both" comment="SSH Access to firewall is permitted only from internal network">
|
||||
<PolicyRule id="id2245X35122" disabled="False" group="" log="False" position="2" action="Accept" direction="Both" comment="SSH Access to firewall is permitted only from internal network">
|
||||
<Src neg="False">
|
||||
<ObjectRef ref="id3DC75CE7-1"/>
|
||||
</Src>
|
||||
@ -732,7 +744,7 @@
|
||||
</When>
|
||||
<PolicyRuleOptions/>
|
||||
</PolicyRule>
|
||||
<PolicyRule id="id2257X35122" disabled="False" log="True" position="3" action="Accept" direction="Both" comment="Firewall uses one of the machines on internal network for DNS">
|
||||
<PolicyRule id="id2257X35122" disabled="False" group="" log="True" position="3" action="Accept" direction="Both" comment="Firewall uses one of the machines on internal network for DNS">
|
||||
<Src neg="False">
|
||||
<ObjectRef ref="id2198X35122"/>
|
||||
</Src>
|
||||
@ -750,7 +762,7 @@
|
||||
</When>
|
||||
<PolicyRuleOptions/>
|
||||
</PolicyRule>
|
||||
<PolicyRule id="id2269X35122" disabled="False" log="True" position="4" action="Deny" direction="Both" comment="All other attempts to connect to the firewall are denied and logged">
|
||||
<PolicyRule id="id2269X35122" disabled="False" group="" log="True" position="4" action="Deny" direction="Both" comment="All other attempts to connect to the firewall are denied and logged">
|
||||
<Src neg="False">
|
||||
<ObjectRef ref="sysid0"/>
|
||||
</Src>
|
||||
@ -768,7 +780,7 @@
|
||||
</When>
|
||||
<PolicyRuleOptions/>
|
||||
</PolicyRule>
|
||||
<PolicyRule id="id2281X35122" disabled="False" log="False" position="5" action="Accept" direction="Both" comment="">
|
||||
<PolicyRule id="id2281X35122" disabled="False" group="" log="False" position="5" action="Accept" direction="Both" comment="">
|
||||
<Src neg="False">
|
||||
<ObjectRef ref="id3DC75CE7-1"/>
|
||||
</Src>
|
||||
@ -786,7 +798,7 @@
|
||||
</When>
|
||||
<PolicyRuleOptions/>
|
||||
</PolicyRule>
|
||||
<PolicyRule id="id2293X35122" disabled="False" log="True" position="6" action="Deny" direction="Both" comment="">
|
||||
<PolicyRule id="id2293X35122" disabled="False" group="" log="True" position="6" action="Deny" direction="Both" comment="">
|
||||
<Src neg="False">
|
||||
<ObjectRef ref="sysid0"/>
|
||||
</Src>
|
||||
@ -869,7 +881,7 @@
|
||||
</Firewall>
|
||||
<Firewall id="id2427X41369" host_OS="linux24" inactive="False" lastCompiled="1263678454" lastInstalled="0" lastModified="1263678441" platform="iptables" version="" name="test3" comment="This firewall has two interfaces. Eth0 faces outside and has a dynamic address; eth1 faces inside. Policy includes basic rules to permit unrestricted outbound access and anti-spoofing rules. Access to the firewall is permitted only from internal network and only using SSH. The firewall uses one of the machines on internal network for DNS. Internal network is configured with address 192.168.1.0/255.255.255.0" ro="False">
|
||||
<NAT id="id2535X41369" name="NAT" comment="" ro="False" ipv4_rule_set="False" ipv6_rule_set="False" top_rule_set="True">
|
||||
<NATRule id="id2536X41369" disabled="False" position="0" action="Translate" comment="">
|
||||
<NATRule id="id2536X41369" disabled="False" group="" position="0" action="Translate" comment="">
|
||||
<OSrc neg="False">
|
||||
<ObjectRef ref="id3DC75CE7-1"/>
|
||||
</OSrc>
|
||||
@ -888,12 +900,18 @@
|
||||
<TSrv neg="False">
|
||||
<ServiceRef ref="sysid1"/>
|
||||
</TSrv>
|
||||
<ItfInb neg="False">
|
||||
<ObjectRef ref="sysid0"/>
|
||||
</ItfInb>
|
||||
<ItfOutb neg="False">
|
||||
<ObjectRef ref="sysid0"/>
|
||||
</ItfOutb>
|
||||
<NATRuleOptions/>
|
||||
</NATRule>
|
||||
<RuleSetOptions/>
|
||||
</NAT>
|
||||
<Policy id="id2448X41369" name="Policy" comment="" ro="False" ipv4_rule_set="False" ipv6_rule_set="False" top_rule_set="True">
|
||||
<PolicyRule id="id2449X41369" disabled="False" log="True" position="0" action="Deny" direction="Inbound" comment="anti spoofing rule">
|
||||
<PolicyRule id="id2449X41369" disabled="False" group="" log="True" position="0" action="Deny" direction="Inbound" comment="anti spoofing rule">
|
||||
<Src neg="False">
|
||||
<ObjectRef ref="id2427X41369"/>
|
||||
<ObjectRef ref="id3DC75CE7-1"/>
|
||||
@ -912,7 +930,7 @@
|
||||
</When>
|
||||
<PolicyRuleOptions/>
|
||||
</PolicyRule>
|
||||
<PolicyRule id="id2462X41369" disabled="False" log="False" position="1" action="Accept" direction="Both" comment="">
|
||||
<PolicyRule id="id2462X41369" disabled="False" group="" log="False" position="1" action="Accept" direction="Both" comment="">
|
||||
<Src neg="False">
|
||||
<ObjectRef ref="sysid0"/>
|
||||
</Src>
|
||||
@ -930,7 +948,7 @@
|
||||
</When>
|
||||
<PolicyRuleOptions/>
|
||||
</PolicyRule>
|
||||
<PolicyRule id="id2474X41369" disabled="False" log="False" position="2" action="Accept" direction="Both" comment="SSH Access to firewall is permitted only from internal network">
|
||||
<PolicyRule id="id2474X41369" disabled="False" group="" log="False" position="2" action="Accept" direction="Both" comment="SSH Access to firewall is permitted only from internal network">
|
||||
<Src neg="False">
|
||||
<ObjectRef ref="id3DC75CE7-1"/>
|
||||
</Src>
|
||||
@ -948,7 +966,7 @@
|
||||
</When>
|
||||
<PolicyRuleOptions/>
|
||||
</PolicyRule>
|
||||
<PolicyRule id="id2486X41369" disabled="False" log="True" position="3" action="Accept" direction="Both" comment="Firewall uses one of the machines on internal network for DNS">
|
||||
<PolicyRule id="id2486X41369" disabled="False" group="" log="True" position="3" action="Accept" direction="Both" comment="Firewall uses one of the machines on internal network for DNS">
|
||||
<Src neg="False">
|
||||
<ObjectRef ref="id2427X41369"/>
|
||||
</Src>
|
||||
@ -966,7 +984,7 @@
|
||||
</When>
|
||||
<PolicyRuleOptions/>
|
||||
</PolicyRule>
|
||||
<PolicyRule id="id2498X41369" disabled="False" log="True" position="4" action="Deny" direction="Both" comment="All other attempts to connect to the firewall are denied and logged">
|
||||
<PolicyRule id="id2498X41369" disabled="False" group="" log="True" position="4" action="Deny" direction="Both" comment="All other attempts to connect to the firewall are denied and logged">
|
||||
<Src neg="False">
|
||||
<ObjectRef ref="sysid0"/>
|
||||
</Src>
|
||||
@ -984,7 +1002,7 @@
|
||||
</When>
|
||||
<PolicyRuleOptions/>
|
||||
</PolicyRule>
|
||||
<PolicyRule id="id2510X41369" disabled="False" log="False" position="5" action="Accept" direction="Both" comment="">
|
||||
<PolicyRule id="id2510X41369" disabled="False" group="" log="False" position="5" action="Accept" direction="Both" comment="">
|
||||
<Src neg="False">
|
||||
<ObjectRef ref="id3DC75CE7-1"/>
|
||||
</Src>
|
||||
@ -1002,7 +1020,7 @@
|
||||
</When>
|
||||
<PolicyRuleOptions/>
|
||||
</PolicyRule>
|
||||
<PolicyRule id="id2522X41369" disabled="False" log="True" position="6" action="Deny" direction="Both" comment="">
|
||||
<PolicyRule id="id2522X41369" disabled="False" group="" log="True" position="6" action="Deny" direction="Both" comment="">
|
||||
<Src neg="False">
|
||||
<ObjectRef ref="sysid0"/>
|
||||
</Src>
|
||||
@ -1085,7 +1103,7 @@
|
||||
</Firewall>
|
||||
<Firewall id="id2560X41369" host_OS="linux24" inactive="False" lastCompiled="0" lastInstalled="0" lastModified="1263678446" platform="iptables" version="" name="test4" comment="This firewall has two interfaces. Eth0 faces outside and has a dynamic address; eth1 faces inside. Policy includes basic rules to permit unrestricted outbound access and anti-spoofing rules. Access to the firewall is permitted only from internal network and only using SSH. The firewall uses one of the machines on internal network for DNS. Internal network is configured with address 192.168.1.0/255.255.255.0" ro="False">
|
||||
<NAT id="id2668X41369" name="NAT" comment="" ro="False" ipv4_rule_set="False" ipv6_rule_set="False" top_rule_set="True">
|
||||
<NATRule id="id2669X41369" disabled="False" position="0" action="Translate" comment="">
|
||||
<NATRule id="id2669X41369" disabled="False" group="" position="0" action="Translate" comment="">
|
||||
<OSrc neg="False">
|
||||
<ObjectRef ref="id3DC75CE7-1"/>
|
||||
</OSrc>
|
||||
@ -1104,12 +1122,18 @@
|
||||
<TSrv neg="False">
|
||||
<ServiceRef ref="sysid1"/>
|
||||
</TSrv>
|
||||
<ItfInb neg="False">
|
||||
<ObjectRef ref="sysid0"/>
|
||||
</ItfInb>
|
||||
<ItfOutb neg="False">
|
||||
<ObjectRef ref="sysid0"/>
|
||||
</ItfOutb>
|
||||
<NATRuleOptions/>
|
||||
</NATRule>
|
||||
<RuleSetOptions/>
|
||||
</NAT>
|
||||
<Policy id="id2581X41369" name="Policy" comment="" ro="False" ipv4_rule_set="False" ipv6_rule_set="False" top_rule_set="True">
|
||||
<PolicyRule id="id2582X41369" disabled="False" log="True" position="0" action="Deny" direction="Inbound" comment="anti spoofing rule">
|
||||
<PolicyRule id="id2582X41369" disabled="False" group="" log="True" position="0" action="Deny" direction="Inbound" comment="anti spoofing rule">
|
||||
<Src neg="False">
|
||||
<ObjectRef ref="id2560X41369"/>
|
||||
<ObjectRef ref="id3DC75CE7-1"/>
|
||||
@ -1128,7 +1152,7 @@
|
||||
</When>
|
||||
<PolicyRuleOptions/>
|
||||
</PolicyRule>
|
||||
<PolicyRule id="id2595X41369" disabled="False" log="False" position="1" action="Accept" direction="Both" comment="">
|
||||
<PolicyRule id="id2595X41369" disabled="False" group="" log="False" position="1" action="Accept" direction="Both" comment="">
|
||||
<Src neg="False">
|
||||
<ObjectRef ref="sysid0"/>
|
||||
</Src>
|
||||
@ -1146,7 +1170,7 @@
|
||||
</When>
|
||||
<PolicyRuleOptions/>
|
||||
</PolicyRule>
|
||||
<PolicyRule id="id2607X41369" disabled="False" log="False" position="2" action="Accept" direction="Both" comment="SSH Access to firewall is permitted only from internal network">
|
||||
<PolicyRule id="id2607X41369" disabled="False" group="" log="False" position="2" action="Accept" direction="Both" comment="SSH Access to firewall is permitted only from internal network">
|
||||
<Src neg="False">
|
||||
<ObjectRef ref="id3DC75CE7-1"/>
|
||||
</Src>
|
||||
@ -1164,7 +1188,7 @@
|
||||
</When>
|
||||
<PolicyRuleOptions/>
|
||||
</PolicyRule>
|
||||
<PolicyRule id="id2619X41369" disabled="False" log="True" position="3" action="Accept" direction="Both" comment="Firewall uses one of the machines on internal network for DNS">
|
||||
<PolicyRule id="id2619X41369" disabled="False" group="" log="True" position="3" action="Accept" direction="Both" comment="Firewall uses one of the machines on internal network for DNS">
|
||||
<Src neg="False">
|
||||
<ObjectRef ref="id2560X41369"/>
|
||||
</Src>
|
||||
@ -1182,7 +1206,7 @@
|
||||
</When>
|
||||
<PolicyRuleOptions/>
|
||||
</PolicyRule>
|
||||
<PolicyRule id="id2631X41369" disabled="False" log="True" position="4" action="Deny" direction="Both" comment="All other attempts to connect to the firewall are denied and logged">
|
||||
<PolicyRule id="id2631X41369" disabled="False" group="" log="True" position="4" action="Deny" direction="Both" comment="All other attempts to connect to the firewall are denied and logged">
|
||||
<Src neg="False">
|
||||
<ObjectRef ref="sysid0"/>
|
||||
</Src>
|
||||
@ -1200,7 +1224,7 @@
|
||||
</When>
|
||||
<PolicyRuleOptions/>
|
||||
</PolicyRule>
|
||||
<PolicyRule id="id2643X41369" disabled="False" log="False" position="5" action="Accept" direction="Both" comment="">
|
||||
<PolicyRule id="id2643X41369" disabled="False" group="" log="False" position="5" action="Accept" direction="Both" comment="">
|
||||
<Src neg="False">
|
||||
<ObjectRef ref="id3DC75CE7-1"/>
|
||||
</Src>
|
||||
@ -1218,7 +1242,7 @@
|
||||
</When>
|
||||
<PolicyRuleOptions/>
|
||||
</PolicyRule>
|
||||
<PolicyRule id="id2655X41369" disabled="False" log="True" position="6" action="Deny" direction="Both" comment="">
|
||||
<PolicyRule id="id2655X41369" disabled="False" group="" log="True" position="6" action="Deny" direction="Both" comment="">
|
||||
<Src neg="False">
|
||||
<ObjectRef ref="sysid0"/>
|
||||
</Src>
|
||||
|
||||
@ -1,6 +1,6 @@
|
||||
<?xml version="1.0" encoding="utf-8"?>
|
||||
<!DOCTYPE FWObjectDatabase SYSTEM "fwbuilder.dtd">
|
||||
<FWObjectDatabase xmlns="http://www.fwbuilder.org/1.0/" version="17" lastModified="1263678434" id="root">
|
||||
<FWObjectDatabase xmlns="http://www.fwbuilder.org/1.0/" version="18" lastModified="1263678434" id="root">
|
||||
<Library id="syslib000" color="#d4f8ff" name="Standard" comment="Standard objects" ro="True">
|
||||
<AnyNetwork id="sysid0" name="Any" comment="Any Network" ro="False" address="0.0.0.0" netmask="0.0.0.0"/>
|
||||
<AnyIPService id="sysid1" protocol_num="0" name="Any" comment="Any IP Service" ro="False"/>
|
||||
@ -437,7 +437,7 @@
|
||||
<ObjectGroup id="id14951X3268" name="Firewalls" comment="" ro="False">
|
||||
<Firewall id="id16544X3268" host_OS="linux24" inactive="False" lastCompiled="1263673489" lastInstalled="0" lastModified="1272058262" platform="iptables" version="" name="test1" comment="This firewall has two interfaces. Eth0 faces outside and has a dynamic address; eth1 faces inside. Policy includes basic rules to permit unrestricted outbound access and anti-spoofing rules. Access to the firewall is permitted only from internal network and only using SSH. The firewall uses one of the machines on internal network for DNS. Internal network is configured with address 192.168.1.0/255.255.255.0" ro="False">
|
||||
<NAT id="id16565X3268" name="NAT" comment="" ro="False" ipv4_rule_set="False" ipv6_rule_set="False" top_rule_set="True">
|
||||
<NATRule id="id16567X3268" disabled="False" position="0" action="Translate" comment="">
|
||||
<NATRule id="id16567X3268" disabled="False" group="" position="0" action="Translate" comment="">
|
||||
<OSrc neg="False">
|
||||
<ObjectRef ref="id3DC75CE7-1"/>
|
||||
</OSrc>
|
||||
@ -456,12 +456,18 @@
|
||||
<TSrv neg="False">
|
||||
<ServiceRef ref="sysid1"/>
|
||||
</TSrv>
|
||||
<ItfInb neg="False">
|
||||
<ObjectRef ref="sysid0"/>
|
||||
</ItfInb>
|
||||
<ItfOutb neg="False">
|
||||
<ObjectRef ref="sysid0"/>
|
||||
</ItfOutb>
|
||||
<NATRuleOptions/>
|
||||
</NATRule>
|
||||
<RuleSetOptions/>
|
||||
</NAT>
|
||||
<Policy id="id16601X3268" name="Policy" comment="" ro="False" ipv4_rule_set="False" ipv6_rule_set="False" top_rule_set="True">
|
||||
<PolicyRule id="id16603X3268" disabled="False" log="True" position="0" action="Deny" direction="Inbound" comment="anti spoofing rule">
|
||||
<PolicyRule id="id16603X3268" disabled="False" group="" log="True" position="0" action="Deny" direction="Inbound" comment="anti spoofing rule">
|
||||
<Src neg="False">
|
||||
<ObjectRef ref="id16544X3268"/>
|
||||
<ObjectRef ref="id3DC75CE7-1"/>
|
||||
@ -480,7 +486,7 @@
|
||||
</When>
|
||||
<PolicyRuleOptions/>
|
||||
</PolicyRule>
|
||||
<PolicyRule id="id16632X3268" disabled="False" log="False" position="1" action="Accept" direction="Both" comment="">
|
||||
<PolicyRule id="id16632X3268" disabled="False" group="" log="False" position="1" action="Accept" direction="Both" comment="">
|
||||
<Src neg="False">
|
||||
<ObjectRef ref="sysid0"/>
|
||||
</Src>
|
||||
@ -498,7 +504,7 @@
|
||||
</When>
|
||||
<PolicyRuleOptions/>
|
||||
</PolicyRule>
|
||||
<PolicyRule id="id16660X3268" disabled="False" log="False" position="2" action="Accept" direction="Both" comment="SSH Access to firewall is permitted only from internal network">
|
||||
<PolicyRule id="id16660X3268" disabled="False" group="" log="False" position="2" action="Accept" direction="Both" comment="SSH Access to firewall is permitted only from internal network">
|
||||
<Src neg="False">
|
||||
<ObjectRef ref="id3DC75CE7-1"/>
|
||||
</Src>
|
||||
@ -516,7 +522,7 @@
|
||||
</When>
|
||||
<PolicyRuleOptions/>
|
||||
</PolicyRule>
|
||||
<PolicyRule id="id16688X3268" disabled="False" log="True" position="3" action="Accept" direction="Both" comment="Firewall uses one of the machines on internal network for DNS">
|
||||
<PolicyRule id="id16688X3268" disabled="False" group="" log="True" position="3" action="Accept" direction="Both" comment="Firewall uses one of the machines on internal network for DNS">
|
||||
<Src neg="False">
|
||||
<ObjectRef ref="id16544X3268"/>
|
||||
</Src>
|
||||
@ -534,7 +540,7 @@
|
||||
</When>
|
||||
<PolicyRuleOptions/>
|
||||
</PolicyRule>
|
||||
<PolicyRule id="id16716X3268" disabled="False" log="True" position="4" action="Deny" direction="Both" comment="All other attempts to connect to the firewall are denied and logged">
|
||||
<PolicyRule id="id16716X3268" disabled="False" group="" log="True" position="4" action="Deny" direction="Both" comment="All other attempts to connect to the firewall are denied and logged">
|
||||
<Src neg="False">
|
||||
<ObjectRef ref="sysid0"/>
|
||||
</Src>
|
||||
@ -552,7 +558,7 @@
|
||||
</When>
|
||||
<PolicyRuleOptions/>
|
||||
</PolicyRule>
|
||||
<PolicyRule id="id16744X3268" disabled="False" log="False" position="5" action="Accept" direction="Both" comment="">
|
||||
<PolicyRule id="id16744X3268" disabled="False" group="" log="False" position="5" action="Accept" direction="Both" comment="">
|
||||
<Src neg="False">
|
||||
<ObjectRef ref="id3DC75CE7-1"/>
|
||||
</Src>
|
||||
@ -570,7 +576,7 @@
|
||||
</When>
|
||||
<PolicyRuleOptions/>
|
||||
</PolicyRule>
|
||||
<PolicyRule id="id16772X3268" disabled="False" log="True" position="6" action="Deny" direction="Both" comment="">
|
||||
<PolicyRule id="id16772X3268" disabled="False" group="" log="True" position="6" action="Deny" direction="Both" comment="">
|
||||
<Src neg="False">
|
||||
<ObjectRef ref="sysid0"/>
|
||||
</Src>
|
||||
@ -653,7 +659,7 @@
|
||||
</Firewall>
|
||||
<Firewall id="id2198X35122" host_OS="linux24" inactive="False" lastCompiled="1272058388" lastInstalled="0" lastModified="1263673484" platform="iptables" version="" name="test2" comment="This firewall has two interfaces. Eth0 faces outside and has a dynamic address; eth1 faces inside. Policy includes basic rules to permit unrestricted outbound access and anti-spoofing rules. Access to the firewall is permitted only from internal network and only using SSH. The firewall uses one of the machines on internal network for DNS. Internal network is configured with address 192.168.1.0/255.255.255.0" ro="False">
|
||||
<NAT id="id2306X35122" name="NAT" comment="" ro="False" ipv4_rule_set="False" ipv6_rule_set="False" top_rule_set="True">
|
||||
<NATRule id="id2307X35122" disabled="False" position="0" action="Translate" comment="">
|
||||
<NATRule id="id2307X35122" disabled="False" group="" position="0" action="Translate" comment="">
|
||||
<OSrc neg="False">
|
||||
<ObjectRef ref="id3DC75CE7-1"/>
|
||||
</OSrc>
|
||||
@ -672,12 +678,18 @@
|
||||
<TSrv neg="False">
|
||||
<ServiceRef ref="sysid1"/>
|
||||
</TSrv>
|
||||
<ItfInb neg="False">
|
||||
<ObjectRef ref="sysid0"/>
|
||||
</ItfInb>
|
||||
<ItfOutb neg="False">
|
||||
<ObjectRef ref="sysid0"/>
|
||||
</ItfOutb>
|
||||
<NATRuleOptions/>
|
||||
</NATRule>
|
||||
<RuleSetOptions/>
|
||||
</NAT>
|
||||
<Policy id="id2219X35122" name="Policy" comment="" ro="False" ipv4_rule_set="False" ipv6_rule_set="False" top_rule_set="True">
|
||||
<PolicyRule id="id2220X35122" disabled="False" log="True" position="0" action="Deny" direction="Inbound" comment="anti spoofing rule">
|
||||
<PolicyRule id="id2220X35122" disabled="False" group="" log="True" position="0" action="Deny" direction="Inbound" comment="anti spoofing rule">
|
||||
<Src neg="False">
|
||||
<ObjectRef ref="id2198X35122"/>
|
||||
<ObjectRef ref="id3DC75CE7-1"/>
|
||||
@ -696,7 +708,7 @@
|
||||
</When>
|
||||
<PolicyRuleOptions/>
|
||||
</PolicyRule>
|
||||
<PolicyRule id="id2233X35122" disabled="False" log="False" position="1" action="Accept" direction="Both" comment="">
|
||||
<PolicyRule id="id2233X35122" disabled="False" group="" log="False" position="1" action="Accept" direction="Both" comment="">
|
||||
<Src neg="False">
|
||||
<ObjectRef ref="sysid0"/>
|
||||
</Src>
|
||||
@ -714,7 +726,7 @@
|
||||
</When>
|
||||
<PolicyRuleOptions/>
|
||||
</PolicyRule>
|
||||
<PolicyRule id="id2245X35122" disabled="False" log="False" position="2" action="Accept" direction="Both" comment="SSH Access to firewall is permitted only from internal network">
|
||||
<PolicyRule id="id2245X35122" disabled="False" group="" log="False" position="2" action="Accept" direction="Both" comment="SSH Access to firewall is permitted only from internal network">
|
||||
<Src neg="False">
|
||||
<ObjectRef ref="id3DC75CE7-1"/>
|
||||
</Src>
|
||||
@ -732,7 +744,7 @@
|
||||
</When>
|
||||
<PolicyRuleOptions/>
|
||||
</PolicyRule>
|
||||
<PolicyRule id="id2257X35122" disabled="False" log="True" position="3" action="Accept" direction="Both" comment="Firewall uses one of the machines on internal network for DNS">
|
||||
<PolicyRule id="id2257X35122" disabled="False" group="" log="True" position="3" action="Accept" direction="Both" comment="Firewall uses one of the machines on internal network for DNS">
|
||||
<Src neg="False">
|
||||
<ObjectRef ref="id2198X35122"/>
|
||||
</Src>
|
||||
@ -750,7 +762,7 @@
|
||||
</When>
|
||||
<PolicyRuleOptions/>
|
||||
</PolicyRule>
|
||||
<PolicyRule id="id2269X35122" disabled="False" log="True" position="4" action="Deny" direction="Both" comment="All other attempts to connect to the firewall are denied and logged">
|
||||
<PolicyRule id="id2269X35122" disabled="False" group="" log="True" position="4" action="Deny" direction="Both" comment="All other attempts to connect to the firewall are denied and logged">
|
||||
<Src neg="False">
|
||||
<ObjectRef ref="sysid0"/>
|
||||
</Src>
|
||||
@ -768,7 +780,7 @@
|
||||
</When>
|
||||
<PolicyRuleOptions/>
|
||||
</PolicyRule>
|
||||
<PolicyRule id="id2281X35122" disabled="False" log="False" position="5" action="Accept" direction="Both" comment="">
|
||||
<PolicyRule id="id2281X35122" disabled="False" group="" log="False" position="5" action="Accept" direction="Both" comment="">
|
||||
<Src neg="False">
|
||||
<ObjectRef ref="id3DC75CE7-1"/>
|
||||
</Src>
|
||||
@ -786,7 +798,7 @@
|
||||
</When>
|
||||
<PolicyRuleOptions/>
|
||||
</PolicyRule>
|
||||
<PolicyRule id="id2293X35122" disabled="False" log="True" position="6" action="Deny" direction="Both" comment="">
|
||||
<PolicyRule id="id2293X35122" disabled="False" group="" log="True" position="6" action="Deny" direction="Both" comment="">
|
||||
<Src neg="False">
|
||||
<ObjectRef ref="sysid0"/>
|
||||
</Src>
|
||||
@ -869,7 +881,7 @@
|
||||
</Firewall>
|
||||
<Firewall id="id2427X41369" host_OS="linux24" inactive="False" lastCompiled="1263678454" lastInstalled="0" lastModified="1263678441" platform="iptables" version="" name="test3" comment="This firewall has two interfaces. Eth0 faces outside and has a dynamic address; eth1 faces inside. Policy includes basic rules to permit unrestricted outbound access and anti-spoofing rules. Access to the firewall is permitted only from internal network and only using SSH. The firewall uses one of the machines on internal network for DNS. Internal network is configured with address 192.168.1.0/255.255.255.0" ro="False">
|
||||
<NAT id="id2535X41369" name="NAT" comment="" ro="False" ipv4_rule_set="False" ipv6_rule_set="False" top_rule_set="True">
|
||||
<NATRule id="id2536X41369" disabled="False" position="0" action="Translate" comment="">
|
||||
<NATRule id="id2536X41369" disabled="False" group="" position="0" action="Translate" comment="">
|
||||
<OSrc neg="False">
|
||||
<ObjectRef ref="id3DC75CE7-1"/>
|
||||
</OSrc>
|
||||
@ -888,12 +900,18 @@
|
||||
<TSrv neg="False">
|
||||
<ServiceRef ref="sysid1"/>
|
||||
</TSrv>
|
||||
<ItfInb neg="False">
|
||||
<ObjectRef ref="sysid0"/>
|
||||
</ItfInb>
|
||||
<ItfOutb neg="False">
|
||||
<ObjectRef ref="sysid0"/>
|
||||
</ItfOutb>
|
||||
<NATRuleOptions/>
|
||||
</NATRule>
|
||||
<RuleSetOptions/>
|
||||
</NAT>
|
||||
<Policy id="id2448X41369" name="Policy" comment="" ro="False" ipv4_rule_set="False" ipv6_rule_set="False" top_rule_set="True">
|
||||
<PolicyRule id="id2449X41369" disabled="False" log="True" position="0" action="Deny" direction="Inbound" comment="anti spoofing rule">
|
||||
<PolicyRule id="id2449X41369" disabled="False" group="" log="True" position="0" action="Deny" direction="Inbound" comment="anti spoofing rule">
|
||||
<Src neg="False">
|
||||
<ObjectRef ref="id2427X41369"/>
|
||||
<ObjectRef ref="id3DC75CE7-1"/>
|
||||
@ -912,7 +930,7 @@
|
||||
</When>
|
||||
<PolicyRuleOptions/>
|
||||
</PolicyRule>
|
||||
<PolicyRule id="id2462X41369" disabled="False" log="False" position="1" action="Accept" direction="Both" comment="">
|
||||
<PolicyRule id="id2462X41369" disabled="False" group="" log="False" position="1" action="Accept" direction="Both" comment="">
|
||||
<Src neg="False">
|
||||
<ObjectRef ref="sysid0"/>
|
||||
</Src>
|
||||
@ -930,7 +948,7 @@
|
||||
</When>
|
||||
<PolicyRuleOptions/>
|
||||
</PolicyRule>
|
||||
<PolicyRule id="id2474X41369" disabled="False" log="False" position="2" action="Accept" direction="Both" comment="SSH Access to firewall is permitted only from internal network">
|
||||
<PolicyRule id="id2474X41369" disabled="False" group="" log="False" position="2" action="Accept" direction="Both" comment="SSH Access to firewall is permitted only from internal network">
|
||||
<Src neg="False">
|
||||
<ObjectRef ref="id3DC75CE7-1"/>
|
||||
</Src>
|
||||
@ -948,7 +966,7 @@
|
||||
</When>
|
||||
<PolicyRuleOptions/>
|
||||
</PolicyRule>
|
||||
<PolicyRule id="id2486X41369" disabled="False" log="True" position="3" action="Accept" direction="Both" comment="Firewall uses one of the machines on internal network for DNS">
|
||||
<PolicyRule id="id2486X41369" disabled="False" group="" log="True" position="3" action="Accept" direction="Both" comment="Firewall uses one of the machines on internal network for DNS">
|
||||
<Src neg="False">
|
||||
<ObjectRef ref="id2427X41369"/>
|
||||
</Src>
|
||||
@ -966,7 +984,7 @@
|
||||
</When>
|
||||
<PolicyRuleOptions/>
|
||||
</PolicyRule>
|
||||
<PolicyRule id="id2498X41369" disabled="False" log="True" position="4" action="Deny" direction="Both" comment="All other attempts to connect to the firewall are denied and logged">
|
||||
<PolicyRule id="id2498X41369" disabled="False" group="" log="True" position="4" action="Deny" direction="Both" comment="All other attempts to connect to the firewall are denied and logged">
|
||||
<Src neg="False">
|
||||
<ObjectRef ref="sysid0"/>
|
||||
</Src>
|
||||
@ -984,7 +1002,7 @@
|
||||
</When>
|
||||
<PolicyRuleOptions/>
|
||||
</PolicyRule>
|
||||
<PolicyRule id="id2510X41369" disabled="False" log="False" position="5" action="Accept" direction="Both" comment="">
|
||||
<PolicyRule id="id2510X41369" disabled="False" group="" log="False" position="5" action="Accept" direction="Both" comment="">
|
||||
<Src neg="False">
|
||||
<ObjectRef ref="id3DC75CE7-1"/>
|
||||
</Src>
|
||||
@ -1002,7 +1020,7 @@
|
||||
</When>
|
||||
<PolicyRuleOptions/>
|
||||
</PolicyRule>
|
||||
<PolicyRule id="id2522X41369" disabled="False" log="True" position="6" action="Deny" direction="Both" comment="">
|
||||
<PolicyRule id="id2522X41369" disabled="False" group="" log="True" position="6" action="Deny" direction="Both" comment="">
|
||||
<Src neg="False">
|
||||
<ObjectRef ref="sysid0"/>
|
||||
</Src>
|
||||
@ -1085,7 +1103,7 @@
|
||||
</Firewall>
|
||||
<Firewall id="id2560X41369" host_OS="linux24" inactive="False" lastCompiled="0" lastInstalled="0" lastModified="1263678446" platform="iptables" version="" name="test4" comment="This firewall has two interfaces. Eth0 faces outside and has a dynamic address; eth1 faces inside. Policy includes basic rules to permit unrestricted outbound access and anti-spoofing rules. Access to the firewall is permitted only from internal network and only using SSH. The firewall uses one of the machines on internal network for DNS. Internal network is configured with address 192.168.1.0/255.255.255.0" ro="False">
|
||||
<NAT id="id2668X41369" name="NAT" comment="" ro="False" ipv4_rule_set="False" ipv6_rule_set="False" top_rule_set="True">
|
||||
<NATRule id="id2669X41369" disabled="False" position="0" action="Translate" comment="">
|
||||
<NATRule id="id2669X41369" disabled="False" group="" position="0" action="Translate" comment="">
|
||||
<OSrc neg="False">
|
||||
<ObjectRef ref="id3DC75CE7-1"/>
|
||||
</OSrc>
|
||||
@ -1104,12 +1122,18 @@
|
||||
<TSrv neg="False">
|
||||
<ServiceRef ref="sysid1"/>
|
||||
</TSrv>
|
||||
<ItfInb neg="False">
|
||||
<ObjectRef ref="sysid0"/>
|
||||
</ItfInb>
|
||||
<ItfOutb neg="False">
|
||||
<ObjectRef ref="sysid0"/>
|
||||
</ItfOutb>
|
||||
<NATRuleOptions/>
|
||||
</NATRule>
|
||||
<RuleSetOptions/>
|
||||
</NAT>
|
||||
<Policy id="id2581X41369" name="Policy" comment="" ro="False" ipv4_rule_set="False" ipv6_rule_set="False" top_rule_set="True">
|
||||
<PolicyRule id="id2582X41369" disabled="False" log="True" position="0" action="Deny" direction="Inbound" comment="anti spoofing rule">
|
||||
<PolicyRule id="id2582X41369" disabled="False" group="" log="True" position="0" action="Deny" direction="Inbound" comment="anti spoofing rule">
|
||||
<Src neg="False">
|
||||
<ObjectRef ref="id2560X41369"/>
|
||||
<ObjectRef ref="id3DC75CE7-1"/>
|
||||
@ -1128,7 +1152,7 @@
|
||||
</When>
|
||||
<PolicyRuleOptions/>
|
||||
</PolicyRule>
|
||||
<PolicyRule id="id2595X41369" disabled="False" log="False" position="1" action="Accept" direction="Both" comment="">
|
||||
<PolicyRule id="id2595X41369" disabled="False" group="" log="False" position="1" action="Accept" direction="Both" comment="">
|
||||
<Src neg="False">
|
||||
<ObjectRef ref="sysid0"/>
|
||||
</Src>
|
||||
@ -1146,7 +1170,7 @@
|
||||
</When>
|
||||
<PolicyRuleOptions/>
|
||||
</PolicyRule>
|
||||
<PolicyRule id="id2607X41369" disabled="False" log="False" position="2" action="Accept" direction="Both" comment="SSH Access to firewall is permitted only from internal network">
|
||||
<PolicyRule id="id2607X41369" disabled="False" group="" log="False" position="2" action="Accept" direction="Both" comment="SSH Access to firewall is permitted only from internal network">
|
||||
<Src neg="False">
|
||||
<ObjectRef ref="id3DC75CE7-1"/>
|
||||
</Src>
|
||||
@ -1164,7 +1188,7 @@
|
||||
</When>
|
||||
<PolicyRuleOptions/>
|
||||
</PolicyRule>
|
||||
<PolicyRule id="id2619X41369" disabled="False" log="True" position="3" action="Accept" direction="Both" comment="Firewall uses one of the machines on internal network for DNS">
|
||||
<PolicyRule id="id2619X41369" disabled="False" group="" log="True" position="3" action="Accept" direction="Both" comment="Firewall uses one of the machines on internal network for DNS">
|
||||
<Src neg="False">
|
||||
<ObjectRef ref="id2560X41369"/>
|
||||
</Src>
|
||||
@ -1182,7 +1206,7 @@
|
||||
</When>
|
||||
<PolicyRuleOptions/>
|
||||
</PolicyRule>
|
||||
<PolicyRule id="id2631X41369" disabled="False" log="True" position="4" action="Deny" direction="Both" comment="All other attempts to connect to the firewall are denied and logged">
|
||||
<PolicyRule id="id2631X41369" disabled="False" group="" log="True" position="4" action="Deny" direction="Both" comment="All other attempts to connect to the firewall are denied and logged">
|
||||
<Src neg="False">
|
||||
<ObjectRef ref="sysid0"/>
|
||||
</Src>
|
||||
@ -1200,7 +1224,7 @@
|
||||
</When>
|
||||
<PolicyRuleOptions/>
|
||||
</PolicyRule>
|
||||
<PolicyRule id="id2643X41369" disabled="False" log="False" position="5" action="Accept" direction="Both" comment="">
|
||||
<PolicyRule id="id2643X41369" disabled="False" group="" log="False" position="5" action="Accept" direction="Both" comment="">
|
||||
<Src neg="False">
|
||||
<ObjectRef ref="id3DC75CE7-1"/>
|
||||
</Src>
|
||||
@ -1218,7 +1242,7 @@
|
||||
</When>
|
||||
<PolicyRuleOptions/>
|
||||
</PolicyRule>
|
||||
<PolicyRule id="id2655X41369" disabled="False" log="True" position="6" action="Deny" direction="Both" comment="">
|
||||
<PolicyRule id="id2655X41369" disabled="False" group="" log="True" position="6" action="Deny" direction="Both" comment="">
|
||||
<Src neg="False">
|
||||
<ObjectRef ref="sysid0"/>
|
||||
</Src>
|
||||
|
||||
@ -1,6 +1,6 @@
|
||||
<?xml version="1.0" encoding="utf-8"?>
|
||||
<!DOCTYPE FWObjectDatabase SYSTEM "fwbuilder.dtd">
|
||||
<FWObjectDatabase xmlns="http://www.fwbuilder.org/1.0/" version="17" lastModified="1261881957" id="root">
|
||||
<FWObjectDatabase xmlns="http://www.fwbuilder.org/1.0/" version="18" lastModified="1261881957" id="root">
|
||||
<Library id="sysid99" name="Deleted Objects" comment="" ro="False"/>
|
||||
<Library id="id6821X7237" color="#FFFFFF" name="new_cluster_test" comment="" ro="False">
|
||||
<ObjectGroup id="id6822X7237" name="Objects" comment="" ro="False">
|
||||
@ -31,7 +31,7 @@
|
||||
<RuleSetOptions/>
|
||||
</Policy>
|
||||
<Policy id="id6872X7237" name="to_fw" comment="" ro="False" ipv4_rule_set="True" ipv6_rule_set="False" top_rule_set="False">
|
||||
<PolicyRule id="id6873X7237" disabled="False" log="True" position="0" action="Deny" direction="Both" comment="block with hashlimit 10/sec">
|
||||
<PolicyRule id="id6873X7237" disabled="False" group="" log="True" position="0" action="Deny" direction="Both" comment="block with hashlimit 10/sec">
|
||||
<Src neg="False">
|
||||
<ObjectRef ref="sysid0"/>
|
||||
</Src>
|
||||
@ -213,7 +213,7 @@
|
||||
</Firewall>
|
||||
<Firewall id="id6897X7237" host_OS="linux24" inactive="False" lastCompiled="1261336030" lastInstalled="0" lastModified="1261881942" platform="iptables" version="1.4.3" name="linux-2" comment="Similar to fw 1, but the firewall is used as DHCP and DNS server for internal network. This firewall has two interfaces. Eth0 faces outside and has a dynamic address; eth1 faces inside. Policy includes basic rules to permit unrestricted outbound access and anti-spoofing rules. Access to the firewall is permitted only from internal network and only using SSH. The firewall can send DNS queries to servers out on the Internet. Another rule permits DNS queries from internal network to the firewall. Special rules permit DHCP requests from internal network and replies sent by the firewall." ro="False">
|
||||
<NAT id="id7064X7237" name="NAT" comment="" ro="False" ipv4_rule_set="False" ipv6_rule_set="False" top_rule_set="True">
|
||||
<NATRule id="id7065X7237" disabled="False" position="0" action="Translate" comment="">
|
||||
<NATRule id="id7065X7237" disabled="False" group="" position="0" action="Translate" comment="">
|
||||
<OSrc neg="False">
|
||||
<ObjectRef ref="id3DC75CE7-1"/>
|
||||
</OSrc>
|
||||
@ -232,12 +232,18 @@
|
||||
<TSrv neg="False">
|
||||
<ServiceRef ref="sysid1"/>
|
||||
</TSrv>
|
||||
<ItfInb neg="False">
|
||||
<ObjectRef ref="sysid0"/>
|
||||
</ItfInb>
|
||||
<ItfOutb neg="False">
|
||||
<ObjectRef ref="sysid0"/>
|
||||
</ItfOutb>
|
||||
<NATRuleOptions/>
|
||||
</NATRule>
|
||||
<RuleSetOptions/>
|
||||
</NAT>
|
||||
<Policy id="id6923X7237" name="Policy" comment="" ro="False" ipv4_rule_set="False" ipv6_rule_set="False" top_rule_set="True">
|
||||
<PolicyRule id="id6924X7237" disabled="False" log="True" position="0" action="Deny" direction="Inbound" comment="anti spoofing rule">
|
||||
<PolicyRule id="id6924X7237" disabled="False" group="" log="True" position="0" action="Deny" direction="Inbound" comment="anti spoofing rule">
|
||||
<Src neg="False">
|
||||
<ObjectRef ref="id6897X7237"/>
|
||||
<ObjectRef ref="id3DC75CE7-1"/>
|
||||
@ -256,7 +262,7 @@
|
||||
</When>
|
||||
<PolicyRuleOptions/>
|
||||
</PolicyRule>
|
||||
<PolicyRule id="id6937X7237" disabled="False" log="False" position="1" action="Accept" direction="Both" comment="">
|
||||
<PolicyRule id="id6937X7237" disabled="False" group="" log="False" position="1" action="Accept" direction="Both" comment="">
|
||||
<Src neg="False">
|
||||
<ObjectRef ref="sysid0"/>
|
||||
</Src>
|
||||
@ -274,7 +280,7 @@
|
||||
</When>
|
||||
<PolicyRuleOptions/>
|
||||
</PolicyRule>
|
||||
<PolicyRule id="id6949X7237" disabled="False" log="False" position="2" action="Accept" direction="Both" comment="SSH Access to firewall is permitted only from internal network Also firewall serves DNS for internal network">
|
||||
<PolicyRule id="id6949X7237" disabled="False" group="" log="False" position="2" action="Accept" direction="Both" comment="SSH Access to firewall is permitted only from internal network Also firewall serves DNS for internal network">
|
||||
<Src neg="False">
|
||||
<ObjectRef ref="id3DC75CE7-1"/>
|
||||
</Src>
|
||||
@ -293,7 +299,7 @@
|
||||
</When>
|
||||
<PolicyRuleOptions/>
|
||||
</PolicyRule>
|
||||
<PolicyRule id="id6989X7237" disabled="False" log="False" position="3" action="Accept" direction="Both" comment="DHCP replies">
|
||||
<PolicyRule id="id6989X7237" disabled="False" group="" log="False" position="3" action="Accept" direction="Both" comment="DHCP replies">
|
||||
<Src neg="False">
|
||||
<ObjectRef ref="id6897X7237"/>
|
||||
</Src>
|
||||
@ -311,7 +317,7 @@
|
||||
</When>
|
||||
<PolicyRuleOptions/>
|
||||
</PolicyRule>
|
||||
<PolicyRule id="id7001X7237" disabled="False" log="True" position="4" action="Accept" direction="Both" comment="Firewall should be able to send DNS queries to the Internet">
|
||||
<PolicyRule id="id7001X7237" disabled="False" group="" log="True" position="4" action="Accept" direction="Both" comment="Firewall should be able to send DNS queries to the Internet">
|
||||
<Src neg="False">
|
||||
<ObjectRef ref="id6897X7237"/>
|
||||
</Src>
|
||||
@ -329,7 +335,7 @@
|
||||
</When>
|
||||
<PolicyRuleOptions/>
|
||||
</PolicyRule>
|
||||
<PolicyRule id="id7013X7237" disabled="False" log="True" position="5" action="Deny" direction="Both" comment="All other attempts to connect to the firewall are denied and logged">
|
||||
<PolicyRule id="id7013X7237" disabled="False" group="" log="True" position="5" action="Deny" direction="Both" comment="All other attempts to connect to the firewall are denied and logged">
|
||||
<Src neg="False">
|
||||
<ObjectRef ref="sysid0"/>
|
||||
</Src>
|
||||
@ -347,7 +353,7 @@
|
||||
</When>
|
||||
<PolicyRuleOptions/>
|
||||
</PolicyRule>
|
||||
<PolicyRule id="id7025X7237" disabled="False" log="False" position="6" action="Branch" direction="Both" comment="">
|
||||
<PolicyRule id="id7025X7237" disabled="False" group="" log="False" position="6" action="Branch" direction="Both" comment="">
|
||||
<Src neg="False">
|
||||
<ObjectRef ref="id3DC75CE7-1"/>
|
||||
</Src>
|
||||
@ -390,7 +396,7 @@
|
||||
<Option name="stateless">True</Option>
|
||||
</PolicyRuleOptions>
|
||||
</PolicyRule>
|
||||
<PolicyRule id="id7037X7237" disabled="False" log="True" position="7" action="Tag" direction="Both" comment="">
|
||||
<PolicyRule id="id7037X7237" disabled="False" group="" log="True" position="7" action="Tag" direction="Both" comment="">
|
||||
<Src neg="False">
|
||||
<ObjectRef ref="sysid0"/>
|
||||
</Src>
|
||||
@ -413,7 +419,7 @@
|
||||
<RuleSetOptions/>
|
||||
</Policy>
|
||||
<Policy id="id7050X7237" name="to_fw" comment="" ro="False" ipv4_rule_set="True" ipv6_rule_set="False" top_rule_set="False">
|
||||
<PolicyRule id="id7051X7237" disabled="False" log="True" position="0" action="Deny" direction="Both" comment="block with hashlimit 20/sec">
|
||||
<PolicyRule id="id7051X7237" disabled="False" group="" log="True" position="0" action="Deny" direction="Both" comment="block with hashlimit 20/sec">
|
||||
<Src neg="False">
|
||||
<ObjectRef ref="sysid0"/>
|
||||
</Src>
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user