mirror of
https://github.com/fwbuilder/fwbuilder
synced 2026-03-24 04:07:55 +01:00
fixes #550 catching FWException while loading template library; upgraded templates.xml to DTD v13 that includes NAT actions
This commit is contained in:
Vadim Kurland
parent
358b0935f8
commit
5febcbad72
@ -454,11 +454,21 @@ void newFirewallDialog::showPage(const int page)
|
||||
{
|
||||
|
||||
MessageBoxUpgradePredicate upgrade_predicate(this);
|
||||
|
||||
tmpldb = new FWObjectDatabase();
|
||||
tmpldb->setReadOnly( false );
|
||||
tmpldb->load( m_dialog->templaterFilePath->text().toAscii().data(),
|
||||
&upgrade_predicate, librespath);
|
||||
try
|
||||
{
|
||||
tmpldb->load( m_dialog->templaterFilePath->text().toAscii().data(),
|
||||
&upgrade_predicate, librespath);
|
||||
}
|
||||
catch (FWException &ex)
|
||||
{
|
||||
QMessageBox::critical(
|
||||
this,"Firewall Builder",
|
||||
tr("Error loading template library:\n%1").arg(ex.toString().c_str()),
|
||||
tr("&Continue"), QString::null,QString::null,
|
||||
0, 1 );
|
||||
}
|
||||
}
|
||||
|
||||
list<FWObject*> fl;
|
||||
@ -467,7 +477,6 @@ void newFirewallDialog::showPage(const int page)
|
||||
for ( ; libiter!=libiter.end(); ++libiter)
|
||||
findFirewalls(*libiter, fl, false);
|
||||
|
||||
|
||||
QString icn = ":/Icons/Firewall/icon-tree";
|
||||
|
||||
m_dialog->templateList->clear();
|
||||
|
||||
@ -82,7 +82,7 @@
|
||||
<FailoverClusterGroup id="id4639X4597" type="vrrp" name="vrrp0:members" comment="">
|
||||
<ClusterGroupOptions>
|
||||
<Option name="vrrp_secret">secret</Option>
|
||||
<Option name="vrrp_vrid"></Option>
|
||||
<Option name="vrrp_vrid"/>
|
||||
</ClusterGroupOptions>
|
||||
</FailoverClusterGroup>
|
||||
</Interface>
|
||||
@ -95,7 +95,7 @@
|
||||
<FailoverClusterGroup id="id4643X4597" type="vrrp" name="vrrp1:members" comment="">
|
||||
<ClusterGroupOptions>
|
||||
<Option name="vrrp_secret">secret</Option>
|
||||
<Option name="vrrp_vrid"></Option>
|
||||
<Option name="vrrp_vrid"/>
|
||||
</ClusterGroupOptions>
|
||||
</FailoverClusterGroup>
|
||||
</Interface>
|
||||
@ -115,7 +115,7 @@
|
||||
<FailoverClusterGroup id="id4639X4598" type="vrrp" name="vrrp0:members" comment="">
|
||||
<ClusterGroupOptions>
|
||||
<Option name="vrrp_secret">secret</Option>
|
||||
<Option name="vrrp_vrid"></Option>
|
||||
<Option name="vrrp_vrid"/>
|
||||
</ClusterGroupOptions>
|
||||
</FailoverClusterGroup>
|
||||
</Interface>
|
||||
@ -128,7 +128,7 @@
|
||||
<FailoverClusterGroup id="id4643X4598" type="vrrp" name="vrrp1:members" comment="">
|
||||
<ClusterGroupOptions>
|
||||
<Option name="vrrp_secret">secret</Option>
|
||||
<Option name="vrrp_vrid"></Option>
|
||||
<Option name="vrrp_vrid"/>
|
||||
</ClusterGroupOptions>
|
||||
</FailoverClusterGroup>
|
||||
</Interface>
|
||||
@ -163,7 +163,7 @@
|
||||
<FailoverClusterGroup id="id4639X4600" type="carp" name="carp0:members" comment="">
|
||||
<ClusterGroupOptions>
|
||||
<Option name="carp_password">secret</Option>
|
||||
<Option name="carp_vhid"></Option>
|
||||
<Option name="carp_vhid"/>
|
||||
</ClusterGroupOptions>
|
||||
</FailoverClusterGroup>
|
||||
</Interface>
|
||||
@ -172,7 +172,7 @@
|
||||
<FailoverClusterGroup id="id4643X4600" type="carp" name="carp1:members" comment="">
|
||||
<ClusterGroupOptions>
|
||||
<Option name="carp_password">secret</Option>
|
||||
<Option name="carp_vhid"></Option>
|
||||
<Option name="carp_vhid"/>
|
||||
</ClusterGroupOptions>
|
||||
</FailoverClusterGroup>
|
||||
</Interface>
|
||||
@ -183,7 +183,7 @@
|
||||
<ObjectGroup id="id4070BBA8" name="Firewalls" comment="" ro="False">
|
||||
<Firewall id="id40708A6A" host_OS="unknown_os" lastCompiled="0" lastInstalled="0" lastModified="0" platform="unknown" version="" name="fw template 1" comment="This firewall has two interfaces. Eth0 faces outside and has a dynamic address; eth1 faces inside. Policy includes basic rules to permit unrestricted outbound access and anti-spoofing rules. Access to the firewall is permitted only from internal network and only using SSH. The firewall uses one of the machines on internal network for DNS. Internal network is configured with address 192.168.1.0/255.255.255.0" ro="False">
|
||||
<NAT id="id40708A6E" name="NAT" comment="" ro="False" ipv4_rule_set="False" ipv6_rule_set="False" top_rule_set="True">
|
||||
<NATRule id="id4070BFF5" disabled="False" position="0" comment="">
|
||||
<NATRule action="Translate" id="id4070BFF5" disabled="False" position="0" comment="">
|
||||
<OSrc neg="False">
|
||||
<ObjectRef ref="id3DC75CE7-1"/>
|
||||
</OSrc>
|
||||
@ -389,7 +389,7 @@
|
||||
</Firewall>
|
||||
<Firewall id="id40941E8C" host_OS="unknown_os" lastCompiled="0" lastInstalled="0" lastModified="0" platform="unknown" version="" name="fw template 2" comment="Similar to fw 1, but the firewall is used as DHCP and DNS server for internal network. This firewall has two interfaces. Eth0 faces outside and has a dynamic address; eth1 faces inside. Policy includes basic rules to permit unrestricted outbound access and anti-spoofing rules. Access to the firewall is permitted only from internal network and only using SSH. The firewall can send DNS queries to servers out on the Internet. Another rule permits DNS queries from internal network to the firewall. Special rules permit DHCP requests from internal network and replies sent by the firewall." ro="False">
|
||||
<NAT id="id40941E91" name="NAT" comment="" ro="False" ipv4_rule_set="False" ipv6_rule_set="False" top_rule_set="True">
|
||||
<NATRule id="id40941E92" disabled="False" position="0" comment="">
|
||||
<NATRule action="Translate" id="id40941E92" disabled="False" position="0" comment="">
|
||||
<OSrc neg="False">
|
||||
<ObjectRef ref="id3DC75CE7-1"/>
|
||||
</OSrc>
|
||||
@ -634,7 +634,7 @@
|
||||
</Firewall>
|
||||
<Firewall id="id40986AFE" host_OS="freebsd" lastCompiled="0" lastInstalled="0" lastModified="0" platform="unknown" version="" name="fw template 3" comment="This firewall has three interfaces. Eth0 faces outside and has a static routable address; eth1 faces inside; eth2 is connected to DMZ subnet. Policy includes basic rules to permit unrestricted outbound access and anti-spoofing rules. Access to the firewall is permitted only from internal network and only using SSH. The firewall uses one of the machines on internal network for DNS. Internal network is configured with address 192.168.1.0/255.255.255.0, DMZ is 192.168.2.0/255.255.255.0. Since DMZ used private IP address, it needs NAT. There is a mail relay host located on DMZ (object 'server on dmz'). Policy rules permit SMTP connections to it from the Internet and allow this server to connect to a host on internal network 'internal server'. All other access from DMZ to internal net is denied. To provide access to the mail relay its private address is mapped to firewall's outside interface address by NAT rule #1." ro="False">
|
||||
<NAT id="id40986B03" name="NAT" comment="" ro="False" ipv4_rule_set="False" ipv6_rule_set="False" top_rule_set="True">
|
||||
<NATRule id="id40987169" disabled="False" position="0" comment="no need to translate between DMZ and internal net">
|
||||
<NATRule action="Translate" id="id40987169" disabled="False" position="0" comment="no need to translate between DMZ and internal net">
|
||||
<OSrc neg="False">
|
||||
<ObjectRef ref="id3DC75CE7-2"/>
|
||||
</OSrc>
|
||||
@ -655,7 +655,7 @@
|
||||
</TSrv>
|
||||
<NATRuleOptions/>
|
||||
</NATRule>
|
||||
<NATRule id="id40986B04" disabled="False" position="1" comment="Translate source address for outgoing connections">
|
||||
<NATRule action="Translate" id="id40986B04" disabled="False" position="1" comment="Translate source address for outgoing connections">
|
||||
<OSrc neg="False">
|
||||
<ObjectRef ref="id3DC75CE7-1"/>
|
||||
<ObjectRef ref="id3DC75CE7-2"/>
|
||||
@ -677,7 +677,7 @@
|
||||
</TSrv>
|
||||
<NATRuleOptions/>
|
||||
</NATRule>
|
||||
<NATRule id="id40986E4B" disabled="False" position="2" comment="">
|
||||
<NATRule action="Translate" id="id40986E4B" disabled="False" position="2" comment="">
|
||||
<OSrc neg="False">
|
||||
<ObjectRef ref="sysid0"/>
|
||||
</OSrc>
|
||||
@ -1122,7 +1122,7 @@
|
||||
</Firewall>
|
||||
<Firewall id="id41293477" host_OS="linksys" lastCompiled="0" lastInstalled="0" lastModified="0" platform="iptables" version="" name="linksys firewall" comment="This firewall is based on Linksys appliance running Sveasoft firmware; it has two interfaces. Interface vlan1 faces outside and has a dynamic address; br0 faces inside. Policy includes basic rules to permit unrestricted outbound access and anti-spoofing rules. Access to the firewall is permitted only from internal network and only using SSH or HTTP. The firewall uses name servers supplied by the ISP for DNS. Special rule blocks DHCP requests on external interface without logging to reduce noise in the log. Internal network is configured with address 192.168.1.0/255.255.255.0" ro="False">
|
||||
<NAT id="id412934D3" name="NAT" comment="" ro="False" ipv4_rule_set="False" ipv6_rule_set="False" top_rule_set="True">
|
||||
<NATRule id="id412934D4" disabled="False" position="0" comment="">
|
||||
<NATRule action="Translate" id="id412934D4" disabled="False" position="0" comment="">
|
||||
<OSrc neg="False">
|
||||
<ObjectRef ref="id3DC75CE7-1"/>
|
||||
</OSrc>
|
||||
@ -1240,13 +1240,13 @@
|
||||
<IntervalRef ref="sysid2"/>
|
||||
</When>
|
||||
<PolicyRuleOptions>
|
||||
<Option name="action_on_reject"></Option>
|
||||
<Option name="action_on_reject"/>
|
||||
<Option name="firewall_is_part_of_any_and_networks">False</Option>
|
||||
<Option name="limit_burst">0</Option>
|
||||
<Option name="limit_suffix"></Option>
|
||||
<Option name="limit_suffix"/>
|
||||
<Option name="limit_value">0</Option>
|
||||
<Option name="log_level"></Option>
|
||||
<Option name="log_prefix"></Option>
|
||||
<Option name="log_level"/>
|
||||
<Option name="log_prefix"/>
|
||||
<Option name="stateless">True</Option>
|
||||
<Option name="ulog_nlgroup">1</Option>
|
||||
</PolicyRuleOptions>
|
||||
@ -1358,52 +1358,52 @@
|
||||
<FirewallOptions>
|
||||
<Option name="accept_established">True</Option>
|
||||
<Option name="accept_new_tcp_with_no_syn">True</Option>
|
||||
<Option name="action_on_reject"></Option>
|
||||
<Option name="activationCmd"></Option>
|
||||
<Option name="action_on_reject"/>
|
||||
<Option name="activationCmd"/>
|
||||
<Option name="admUser">root</Option>
|
||||
<Option name="altAddress"></Option>
|
||||
<Option name="altAddress"/>
|
||||
<Option name="bridging_fw">False</Option>
|
||||
<Option name="check_shading">True</Option>
|
||||
<Option name="clamp_mss_to_mtu">False</Option>
|
||||
<Option name="cmdline"></Option>
|
||||
<Option name="compiler"></Option>
|
||||
<Option name="cmdline"/>
|
||||
<Option name="compiler"/>
|
||||
<Option name="configure_interfaces">True</Option>
|
||||
<Option name="debug">True</Option>
|
||||
<Option name="eliminate_duplicates">true</Option>
|
||||
<Option name="firewall_dir"></Option>
|
||||
<Option name="firewall_dir"/>
|
||||
<Option name="firewall_is_part_of_any_and_networks">True</Option>
|
||||
<Option name="freebsd_ip_forward">1</Option>
|
||||
<Option name="ignore_empty_groups">False</Option>
|
||||
<Option name="in_out_code">true</Option>
|
||||
<Option name="limit_suffix"></Option>
|
||||
<Option name="limit_suffix"/>
|
||||
<Option name="limit_value">0</Option>
|
||||
<Option name="linksys_path_ip"></Option>
|
||||
<Option name="linksys_path_iptables"></Option>
|
||||
<Option name="linksys_path_logger"></Option>
|
||||
<Option name="linksys_path_lsmod"></Option>
|
||||
<Option name="linksys_path_modprobe"></Option>
|
||||
<Option name="linux24_accept_redirects"></Option>
|
||||
<Option name="linux24_accept_source_route"></Option>
|
||||
<Option name="linux24_icmp_echo_ignore_all"></Option>
|
||||
<Option name="linux24_icmp_echo_ignore_broadcasts"></Option>
|
||||
<Option name="linux24_icmp_ignore_bogus_error_responses"></Option>
|
||||
<Option name="linux24_ip_dynaddr"></Option>
|
||||
<Option name="linksys_path_ip"/>
|
||||
<Option name="linksys_path_iptables"/>
|
||||
<Option name="linksys_path_logger"/>
|
||||
<Option name="linksys_path_lsmod"/>
|
||||
<Option name="linksys_path_modprobe"/>
|
||||
<Option name="linux24_accept_redirects"/>
|
||||
<Option name="linux24_accept_source_route"/>
|
||||
<Option name="linux24_icmp_echo_ignore_all"/>
|
||||
<Option name="linux24_icmp_echo_ignore_broadcasts"/>
|
||||
<Option name="linux24_icmp_ignore_bogus_error_responses"/>
|
||||
<Option name="linux24_ip_dynaddr"/>
|
||||
<Option name="linux24_ip_forward">1</Option>
|
||||
<Option name="linux24_log_martians"></Option>
|
||||
<Option name="linux24_log_martians"/>
|
||||
<Option name="linux24_path_ip">/usr/sbin/ip</Option>
|
||||
<Option name="linux24_path_iptables">/usr/sbin/iptables</Option>
|
||||
<Option name="linux24_path_logger">/usr/bin/logger</Option>
|
||||
<Option name="linux24_path_lsmod">/sbin/lsmod</Option>
|
||||
<Option name="linux24_path_modprobe">/sbin/modprobe</Option>
|
||||
<Option name="linux24_rp_filter"></Option>
|
||||
<Option name="linux24_tcp_ecn"></Option>
|
||||
<Option name="linux24_tcp_fack"></Option>
|
||||
<Option name="linux24_rp_filter"/>
|
||||
<Option name="linux24_tcp_ecn"/>
|
||||
<Option name="linux24_tcp_fack"/>
|
||||
<Option name="linux24_tcp_fin_timeout">0</Option>
|
||||
<Option name="linux24_tcp_keepalive_interval">0</Option>
|
||||
<Option name="linux24_tcp_sack"></Option>
|
||||
<Option name="linux24_tcp_syncookies"></Option>
|
||||
<Option name="linux24_tcp_timestamps"></Option>
|
||||
<Option name="linux24_tcp_window_scaling"></Option>
|
||||
<Option name="linux24_tcp_sack"/>
|
||||
<Option name="linux24_tcp_syncookies"/>
|
||||
<Option name="linux24_tcp_timestamps"/>
|
||||
<Option name="linux24_tcp_window_scaling"/>
|
||||
<Option name="load_modules">True</Option>
|
||||
<Option name="local_nat">False</Option>
|
||||
<Option name="log_all">False</Option>
|
||||
@ -1415,7 +1415,7 @@
|
||||
<Option name="loopback_interface">lo0</Option>
|
||||
<Option name="macosx_ip_forward">1</Option>
|
||||
<Option name="manage_virtual_addr">True</Option>
|
||||
<Option name="mgmt_addr"></Option>
|
||||
<Option name="mgmt_addr"/>
|
||||
<Option name="mgmt_ssh">False</Option>
|
||||
<Option name="openbsd_ip_forward">1</Option>
|
||||
<Option name="pass_all_out">false</Option>
|
||||
@ -1594,11 +1594,11 @@
|
||||
<FirewallOptions>
|
||||
<Option name="accept_established">True</Option>
|
||||
<Option name="accept_new_tcp_with_no_syn">True</Option>
|
||||
<Option name="action_on_reject"></Option>
|
||||
<Option name="action_on_reject"/>
|
||||
<Option name="bridging_fw">False</Option>
|
||||
<Option name="check_shading">True</Option>
|
||||
<Option name="cmdline"></Option>
|
||||
<Option name="compiler"></Option>
|
||||
<Option name="cmdline"/>
|
||||
<Option name="compiler"/>
|
||||
<Option name="configure_interfaces">True</Option>
|
||||
<Option name="debug">False</Option>
|
||||
<Option name="eliminate_duplicates">true</Option>
|
||||
@ -1606,7 +1606,7 @@
|
||||
<Option name="firewall_is_part_of_any_and_networks">True</Option>
|
||||
<Option name="freebsd_ip_forward">1</Option>
|
||||
<Option name="ignore_empty_groups">False</Option>
|
||||
<Option name="limit_suffix"></Option>
|
||||
<Option name="limit_suffix"/>
|
||||
<Option name="limit_value">0</Option>
|
||||
<Option name="linux24_ip_forward">1</Option>
|
||||
<Option name="load_modules">True</Option>
|
||||
@ -1750,8 +1750,8 @@
|
||||
<Option name="accept_established">true</Option>
|
||||
<Option name="accept_new_tcp_with_no_syn">true</Option>
|
||||
<Option name="add_check_state_rule">true</Option>
|
||||
<Option name="admUser"></Option>
|
||||
<Option name="altAddress"></Option>
|
||||
<Option name="admUser"/>
|
||||
<Option name="altAddress"/>
|
||||
<Option name="check_shading">True</Option>
|
||||
<Option name="configure_interfaces">true</Option>
|
||||
<Option name="eliminate_duplicates">true</Option>
|
||||
@ -1766,18 +1766,18 @@
|
||||
<Option name="iosacl_acl_temp_addr">192.168.1.1</Option>
|
||||
<Option name="iosacl_add_clear_statements">true</Option>
|
||||
<Option name="iosacl_assume_fw_part_of_any">true</Option>
|
||||
<Option name="iosacl_epilog_script"></Option>
|
||||
<Option name="iosacl_epilog_script"/>
|
||||
<Option name="iosacl_include_comments">True</Option>
|
||||
<Option name="iosacl_logging_buffered">False</Option>
|
||||
<Option name="iosacl_logging_buffered_level"></Option>
|
||||
<Option name="iosacl_logging_buffered_level"/>
|
||||
<Option name="iosacl_logging_console">False</Option>
|
||||
<Option name="iosacl_logging_console_level"></Option>
|
||||
<Option name="iosacl_logging_console_level"/>
|
||||
<Option name="iosacl_logging_timestamp">False</Option>
|
||||
<Option name="iosacl_logging_trap_level"></Option>
|
||||
<Option name="iosacl_prolog_script"></Option>
|
||||
<Option name="iosacl_logging_trap_level"/>
|
||||
<Option name="iosacl_prolog_script"/>
|
||||
<Option name="iosacl_regroup_commands">False</Option>
|
||||
<Option name="iosacl_syslog_facility"></Option>
|
||||
<Option name="iosacl_syslog_host"></Option>
|
||||
<Option name="iosacl_syslog_facility"/>
|
||||
<Option name="iosacl_syslog_host"/>
|
||||
<Option name="limit_value">0</Option>
|
||||
<Option name="linux24_ip_forward">1</Option>
|
||||
<Option name="load_modules">true</Option>
|
||||
@ -1787,10 +1787,10 @@
|
||||
<Option name="loopback_interface">lo0</Option>
|
||||
<Option name="macosx_ip_forward">1</Option>
|
||||
<Option name="manage_virtual_addr">true</Option>
|
||||
<Option name="mgmt_addr"></Option>
|
||||
<Option name="mgmt_addr"/>
|
||||
<Option name="mgmt_ssh">False</Option>
|
||||
<Option name="openbsd_ip_forward">1</Option>
|
||||
<Option name="output_file"></Option>
|
||||
<Option name="output_file"/>
|
||||
<Option name="pass_all_out">false</Option>
|
||||
<Option name="pf_limit_frags">5000</Option>
|
||||
<Option name="pf_limit_states">10000</Option>
|
||||
@ -1812,7 +1812,7 @@
|
||||
<Option name="prompt1">$ </Option>
|
||||
<Option name="prompt2"> # </Option>
|
||||
<Option name="solaris_ip_forward">1</Option>
|
||||
<Option name="sshArgs"></Option>
|
||||
<Option name="sshArgs"/>
|
||||
<Option name="ulog_nlgroup">1</Option>
|
||||
<Option name="verify_interfaces">true</Option>
|
||||
</FirewallOptions>
|
||||
@ -1845,32 +1845,32 @@
|
||||
<Option name="firewall_is_part_of_any_and_networks">true</Option>
|
||||
<Option name="flush_and_set_default_policy">True</Option>
|
||||
<Option name="limit_value">0</Option>
|
||||
<Option name="linux24_accept_redirects"></Option>
|
||||
<Option name="linux24_accept_source_route"></Option>
|
||||
<Option name="linux24_icmp_echo_ignore_all"></Option>
|
||||
<Option name="linux24_icmp_echo_ignore_broadcasts"></Option>
|
||||
<Option name="linux24_icmp_ignore_bogus_error_responses"></Option>
|
||||
<Option name="linux24_ip_dynaddr"></Option>
|
||||
<Option name="linux24_accept_redirects"/>
|
||||
<Option name="linux24_accept_source_route"/>
|
||||
<Option name="linux24_icmp_echo_ignore_all"/>
|
||||
<Option name="linux24_icmp_echo_ignore_broadcasts"/>
|
||||
<Option name="linux24_icmp_ignore_bogus_error_responses"/>
|
||||
<Option name="linux24_ip_dynaddr"/>
|
||||
<Option name="linux24_ip_forward">1</Option>
|
||||
<Option name="linux24_ipv6_forward"></Option>
|
||||
<Option name="linux24_log_martians"></Option>
|
||||
<Option name="linux24_path_ip"></Option>
|
||||
<Option name="linux24_path_ip6tables"></Option>
|
||||
<Option name="linux24_path_ip6tables_restore"></Option>
|
||||
<Option name="linux24_path_iptables"></Option>
|
||||
<Option name="linux24_path_iptables_restore"></Option>
|
||||
<Option name="linux24_path_logger"></Option>
|
||||
<Option name="linux24_path_lsmod"></Option>
|
||||
<Option name="linux24_path_modprobe"></Option>
|
||||
<Option name="linux24_rp_filter"></Option>
|
||||
<Option name="linux24_tcp_ecn"></Option>
|
||||
<Option name="linux24_tcp_fack"></Option>
|
||||
<Option name="linux24_ipv6_forward"/>
|
||||
<Option name="linux24_log_martians"/>
|
||||
<Option name="linux24_path_ip"/>
|
||||
<Option name="linux24_path_ip6tables"/>
|
||||
<Option name="linux24_path_ip6tables_restore"/>
|
||||
<Option name="linux24_path_iptables"/>
|
||||
<Option name="linux24_path_iptables_restore"/>
|
||||
<Option name="linux24_path_logger"/>
|
||||
<Option name="linux24_path_lsmod"/>
|
||||
<Option name="linux24_path_modprobe"/>
|
||||
<Option name="linux24_rp_filter"/>
|
||||
<Option name="linux24_tcp_ecn"/>
|
||||
<Option name="linux24_tcp_fack"/>
|
||||
<Option name="linux24_tcp_fin_timeout">0</Option>
|
||||
<Option name="linux24_tcp_keepalive_interval">0</Option>
|
||||
<Option name="linux24_tcp_sack"></Option>
|
||||
<Option name="linux24_tcp_syncookies"></Option>
|
||||
<Option name="linux24_tcp_timestamps"></Option>
|
||||
<Option name="linux24_tcp_window_scaling"></Option>
|
||||
<Option name="linux24_tcp_sack"/>
|
||||
<Option name="linux24_tcp_syncookies"/>
|
||||
<Option name="linux24_tcp_timestamps"/>
|
||||
<Option name="linux24_tcp_window_scaling"/>
|
||||
<Option name="load_modules">true</Option>
|
||||
<Option name="local_nat">false</Option>
|
||||
<Option name="log_level">info</Option>
|
||||
@ -1913,32 +1913,32 @@
|
||||
<Option name="firewall_is_part_of_any_and_networks">true</Option>
|
||||
<Option name="flush_and_set_default_policy">True</Option>
|
||||
<Option name="limit_value">0</Option>
|
||||
<Option name="linux24_accept_redirects"></Option>
|
||||
<Option name="linux24_accept_source_route"></Option>
|
||||
<Option name="linux24_icmp_echo_ignore_all"></Option>
|
||||
<Option name="linux24_icmp_echo_ignore_broadcasts"></Option>
|
||||
<Option name="linux24_icmp_ignore_bogus_error_responses"></Option>
|
||||
<Option name="linux24_ip_dynaddr"></Option>
|
||||
<Option name="linux24_accept_redirects"/>
|
||||
<Option name="linux24_accept_source_route"/>
|
||||
<Option name="linux24_icmp_echo_ignore_all"/>
|
||||
<Option name="linux24_icmp_echo_ignore_broadcasts"/>
|
||||
<Option name="linux24_icmp_ignore_bogus_error_responses"/>
|
||||
<Option name="linux24_ip_dynaddr"/>
|
||||
<Option name="linux24_ip_forward">1</Option>
|
||||
<Option name="linux24_ipv6_forward"></Option>
|
||||
<Option name="linux24_log_martians"></Option>
|
||||
<Option name="linux24_path_ip"></Option>
|
||||
<Option name="linux24_path_ip6tables"></Option>
|
||||
<Option name="linux24_path_ip6tables_restore"></Option>
|
||||
<Option name="linux24_path_iptables"></Option>
|
||||
<Option name="linux24_path_iptables_restore"></Option>
|
||||
<Option name="linux24_path_logger"></Option>
|
||||
<Option name="linux24_path_lsmod"></Option>
|
||||
<Option name="linux24_path_modprobe"></Option>
|
||||
<Option name="linux24_rp_filter"></Option>
|
||||
<Option name="linux24_tcp_ecn"></Option>
|
||||
<Option name="linux24_tcp_fack"></Option>
|
||||
<Option name="linux24_ipv6_forward"/>
|
||||
<Option name="linux24_log_martians"/>
|
||||
<Option name="linux24_path_ip"/>
|
||||
<Option name="linux24_path_ip6tables"/>
|
||||
<Option name="linux24_path_ip6tables_restore"/>
|
||||
<Option name="linux24_path_iptables"/>
|
||||
<Option name="linux24_path_iptables_restore"/>
|
||||
<Option name="linux24_path_logger"/>
|
||||
<Option name="linux24_path_lsmod"/>
|
||||
<Option name="linux24_path_modprobe"/>
|
||||
<Option name="linux24_rp_filter"/>
|
||||
<Option name="linux24_tcp_ecn"/>
|
||||
<Option name="linux24_tcp_fack"/>
|
||||
<Option name="linux24_tcp_fin_timeout">0</Option>
|
||||
<Option name="linux24_tcp_keepalive_interval">0</Option>
|
||||
<Option name="linux24_tcp_sack"></Option>
|
||||
<Option name="linux24_tcp_syncookies"></Option>
|
||||
<Option name="linux24_tcp_timestamps"></Option>
|
||||
<Option name="linux24_tcp_window_scaling"></Option>
|
||||
<Option name="linux24_tcp_sack"/>
|
||||
<Option name="linux24_tcp_syncookies"/>
|
||||
<Option name="linux24_tcp_timestamps"/>
|
||||
<Option name="linux24_tcp_window_scaling"/>
|
||||
<Option name="load_modules">true</Option>
|
||||
<Option name="local_nat">false</Option>
|
||||
<Option name="log_level">info</Option>
|
||||
@ -1980,9 +1980,9 @@
|
||||
<PolicyInstallScript arguments="" command="" enabled="False"/>
|
||||
</Management>
|
||||
<HostOptions>
|
||||
<Option name="snmp_contact"></Option>
|
||||
<Option name="snmp_description"></Option>
|
||||
<Option name="snmp_location"></Option>
|
||||
<Option name="snmp_contact"/>
|
||||
<Option name="snmp_description"/>
|
||||
<Option name="snmp_location"/>
|
||||
<Option name="use_mac_addr">false</Option>
|
||||
<Option name="use_mac_addr_filter">False</Option>
|
||||
</HostOptions>
|
||||
@ -1997,9 +1997,9 @@
|
||||
<PolicyInstallScript arguments="" command="" enabled="False"/>
|
||||
</Management>
|
||||
<HostOptions>
|
||||
<Option name="snmp_contact"></Option>
|
||||
<Option name="snmp_description"></Option>
|
||||
<Option name="snmp_location"></Option>
|
||||
<Option name="snmp_contact"/>
|
||||
<Option name="snmp_description"/>
|
||||
<Option name="snmp_location"/>
|
||||
<Option name="use_mac_addr">false</Option>
|
||||
<Option name="use_mac_addr_filter">False</Option>
|
||||
</HostOptions>
|
||||
@ -2024,16 +2024,16 @@
|
||||
</ObjectGroup>
|
||||
<ServiceGroup id="stdid05" name="Services" comment="" ro="False">
|
||||
<CustomService id="stdid14_1" name="ESTABLISHED" comment="This service matches all packets which are part of network connections established through the firewall, or connections 'related' to those established through the firewall. Term 'established' refers to the state tracking mechanism which exists inside iptables and other stateful firewalls and does not mean any particular combination of packet header options. Packet is considered to correspond to the state 'ESTABLISHED' if it belongs to the network session, for which proper initiation has been seen by the firewall, so its stateful inspection module made appropriate record in the state table. Usually stateful firewalls keep track of network connections using not only tcp protocol, but also udp and sometimes even icmp protocols. 'RELATED' describes packet belonging to a separate network connection, related to the session firewall is keeping track of. One example is FTP command and FTP data sessions." ro="False" protocol="any" address_family="ipv4">
|
||||
<CustomServiceCommand platform="Undefined"></CustomServiceCommand>
|
||||
<CustomServiceCommand platform="Undefined"/>
|
||||
<CustomServiceCommand platform="iosacl">established</CustomServiceCommand>
|
||||
<CustomServiceCommand platform="ipfilter"></CustomServiceCommand>
|
||||
<CustomServiceCommand platform="ipfilter"/>
|
||||
<CustomServiceCommand platform="ipfw">established</CustomServiceCommand>
|
||||
<CustomServiceCommand platform="iptables">-m state --state ESTABLISHED,RELATED</CustomServiceCommand>
|
||||
</CustomService>
|
||||
<CustomService id="stdid14_2" name="ESTABLISHED ipv6" comment="This service matches all packets which are part of network connections established through the firewall, or connections 'related' to those established through the firewall. Term 'established' refers to the state tracking mechanism which exists inside iptables and other stateful firewalls and does not mean any particular combination of packet header options. Packet is considered to correspond to the state 'ESTABLISHED' if it belongs to the network session, for which proper initiation has been seen by the firewall, so its stateful inspection module made appropriate record in the state table. Usually stateful firewalls keep track of network connections using not only tcp protocol, but also udp and sometimes even icmp protocols. 'RELATED' describes packet belonging to a separate network connection, related to the session firewall is keeping track of. One example is FTP command and FTP data sessions." ro="False" protocol="any" address_family="ipv6">
|
||||
<CustomServiceCommand platform="Undefined"></CustomServiceCommand>
|
||||
<CustomServiceCommand platform="Undefined"/>
|
||||
<CustomServiceCommand platform="iosacl">established</CustomServiceCommand>
|
||||
<CustomServiceCommand platform="ipfilter"></CustomServiceCommand>
|
||||
<CustomServiceCommand platform="ipfilter"/>
|
||||
<CustomServiceCommand platform="ipfw">established</CustomServiceCommand>
|
||||
<CustomServiceCommand platform="iptables">-m state --state ESTABLISHED,RELATED</CustomServiceCommand>
|
||||
</CustomService>
|
||||
@ -2272,54 +2272,54 @@
|
||||
</ServiceGroup>
|
||||
<ServiceGroup id="stdid13" name="Custom" comment="" ro="False">
|
||||
<CustomService id="id3B64EEA8" name="rpc" comment="works in iptables and requires patch-o-matic. For more information look for patch-o-matic on http://www.netfilter.org/" ro="False" protocol="any" address_family="ipv4">
|
||||
<CustomServiceCommand platform="Undefined"></CustomServiceCommand>
|
||||
<CustomServiceCommand platform="ipf"></CustomServiceCommand>
|
||||
<CustomServiceCommand platform="ipfilter"></CustomServiceCommand>
|
||||
<CustomServiceCommand platform="ipfw"></CustomServiceCommand>
|
||||
<CustomServiceCommand platform="Undefined"/>
|
||||
<CustomServiceCommand platform="ipf"/>
|
||||
<CustomServiceCommand platform="ipfilter"/>
|
||||
<CustomServiceCommand platform="ipfw"/>
|
||||
<CustomServiceCommand platform="iptables">-m record_rpc</CustomServiceCommand>
|
||||
<CustomServiceCommand platform="pf"></CustomServiceCommand>
|
||||
<CustomServiceCommand platform="pix"></CustomServiceCommand>
|
||||
<CustomServiceCommand platform="unknown"></CustomServiceCommand>
|
||||
<CustomServiceCommand platform="pf"/>
|
||||
<CustomServiceCommand platform="pix"/>
|
||||
<CustomServiceCommand platform="unknown"/>
|
||||
</CustomService>
|
||||
<CustomService id="id3B64EF4E" name="irc-conn" comment="IRC connection tracker, supports DCC. Works on iptables and requires patch-o-matic. For more information look for patch-o-matic on http://www.netfilter.org/ " ro="False" protocol="any" address_family="ipv4">
|
||||
<CustomServiceCommand platform="Undefined"></CustomServiceCommand>
|
||||
<CustomServiceCommand platform="ipf"></CustomServiceCommand>
|
||||
<CustomServiceCommand platform="ipfilter"></CustomServiceCommand>
|
||||
<CustomServiceCommand platform="ipfw"></CustomServiceCommand>
|
||||
<CustomServiceCommand platform="Undefined"/>
|
||||
<CustomServiceCommand platform="ipf"/>
|
||||
<CustomServiceCommand platform="ipfilter"/>
|
||||
<CustomServiceCommand platform="ipfw"/>
|
||||
<CustomServiceCommand platform="iptables">-m irc</CustomServiceCommand>
|
||||
<CustomServiceCommand platform="pf"></CustomServiceCommand>
|
||||
<CustomServiceCommand platform="pix"></CustomServiceCommand>
|
||||
<CustomServiceCommand platform="unknown"></CustomServiceCommand>
|
||||
<CustomServiceCommand platform="pf"/>
|
||||
<CustomServiceCommand platform="pix"/>
|
||||
<CustomServiceCommand platform="unknown"/>
|
||||
</CustomService>
|
||||
<CustomService id="id3B64EF50" name="psd" comment="Port scan detector, works only on iptables and requires patch-o-matic For more information look for patch-o-matic on http://www.netfilter.org/" ro="False" protocol="any" address_family="ipv4">
|
||||
<CustomServiceCommand platform="Undefined"></CustomServiceCommand>
|
||||
<CustomServiceCommand platform="ipf"></CustomServiceCommand>
|
||||
<CustomServiceCommand platform="ipfilter"></CustomServiceCommand>
|
||||
<CustomServiceCommand platform="ipfw"></CustomServiceCommand>
|
||||
<CustomServiceCommand platform="Undefined"/>
|
||||
<CustomServiceCommand platform="ipf"/>
|
||||
<CustomServiceCommand platform="ipfilter"/>
|
||||
<CustomServiceCommand platform="ipfw"/>
|
||||
<CustomServiceCommand platform="iptables">-m psd --psd-weight-threshold 5 --psd-delay-threshold 10000</CustomServiceCommand>
|
||||
<CustomServiceCommand platform="pf"></CustomServiceCommand>
|
||||
<CustomServiceCommand platform="pix"></CustomServiceCommand>
|
||||
<CustomServiceCommand platform="unknown"></CustomServiceCommand>
|
||||
<CustomServiceCommand platform="pf"/>
|
||||
<CustomServiceCommand platform="pix"/>
|
||||
<CustomServiceCommand platform="unknown"/>
|
||||
</CustomService>
|
||||
<CustomService id="id3B64EF52" name="string" comment="Matches a string in a whole packet, works in iptables and requires patch-o-matic. For more information look for patch-o-matic on http://www.netfilter.org/" ro="False" protocol="any" address_family="ipv4">
|
||||
<CustomServiceCommand platform="Undefined"></CustomServiceCommand>
|
||||
<CustomServiceCommand platform="ipf"></CustomServiceCommand>
|
||||
<CustomServiceCommand platform="ipfilter"></CustomServiceCommand>
|
||||
<CustomServiceCommand platform="ipfw"></CustomServiceCommand>
|
||||
<CustomServiceCommand platform="Undefined"/>
|
||||
<CustomServiceCommand platform="ipf"/>
|
||||
<CustomServiceCommand platform="ipfilter"/>
|
||||
<CustomServiceCommand platform="ipfw"/>
|
||||
<CustomServiceCommand platform="iptables">-m string --string test_pattern</CustomServiceCommand>
|
||||
<CustomServiceCommand platform="pf"></CustomServiceCommand>
|
||||
<CustomServiceCommand platform="pix"></CustomServiceCommand>
|
||||
<CustomServiceCommand platform="unknown"></CustomServiceCommand>
|
||||
<CustomServiceCommand platform="pf"/>
|
||||
<CustomServiceCommand platform="pix"/>
|
||||
<CustomServiceCommand platform="unknown"/>
|
||||
</CustomService>
|
||||
<CustomService id="id3B64EF54" name="talk" comment="Talk protocol support. Works in iptables and requires patch-o-matic. For more information look for patch-o-matic on http://www.netfilter.org/" ro="False" protocol="any" address_family="ipv4">
|
||||
<CustomServiceCommand platform="Undefined"></CustomServiceCommand>
|
||||
<CustomServiceCommand platform="ipf"></CustomServiceCommand>
|
||||
<CustomServiceCommand platform="ipfilter"></CustomServiceCommand>
|
||||
<CustomServiceCommand platform="ipfw"></CustomServiceCommand>
|
||||
<CustomServiceCommand platform="Undefined"/>
|
||||
<CustomServiceCommand platform="ipf"/>
|
||||
<CustomServiceCommand platform="ipfilter"/>
|
||||
<CustomServiceCommand platform="ipfw"/>
|
||||
<CustomServiceCommand platform="iptables">-m talk</CustomServiceCommand>
|
||||
<CustomServiceCommand platform="pf"></CustomServiceCommand>
|
||||
<CustomServiceCommand platform="pix"></CustomServiceCommand>
|
||||
<CustomServiceCommand platform="unknown"></CustomServiceCommand>
|
||||
<CustomServiceCommand platform="pf"/>
|
||||
<CustomServiceCommand platform="pix"/>
|
||||
<CustomServiceCommand platform="unknown"/>
|
||||
</CustomService>
|
||||
</ServiceGroup>
|
||||
<ServiceGroup id="stdid19" name="TagServices" comment="" ro="False"/>
|
||||
|
||||
@ -82,7 +82,7 @@
|
||||
<FailoverClusterGroup id="id4639X4597" type="vrrp" name="vrrp0:members" comment="">
|
||||
<ClusterGroupOptions>
|
||||
<Option name="vrrp_secret">secret</Option>
|
||||
<Option name="vrrp_vrid"></Option>
|
||||
<Option name="vrrp_vrid"/>
|
||||
</ClusterGroupOptions>
|
||||
</FailoverClusterGroup>
|
||||
</Interface>
|
||||
@ -95,7 +95,7 @@
|
||||
<FailoverClusterGroup id="id4643X4597" type="vrrp" name="vrrp1:members" comment="">
|
||||
<ClusterGroupOptions>
|
||||
<Option name="vrrp_secret">secret</Option>
|
||||
<Option name="vrrp_vrid"></Option>
|
||||
<Option name="vrrp_vrid"/>
|
||||
</ClusterGroupOptions>
|
||||
</FailoverClusterGroup>
|
||||
</Interface>
|
||||
@ -115,7 +115,7 @@
|
||||
<FailoverClusterGroup id="id4639X4598" type="vrrp" name="vrrp0:members" comment="">
|
||||
<ClusterGroupOptions>
|
||||
<Option name="vrrp_secret">secret</Option>
|
||||
<Option name="vrrp_vrid"></Option>
|
||||
<Option name="vrrp_vrid"/>
|
||||
</ClusterGroupOptions>
|
||||
</FailoverClusterGroup>
|
||||
</Interface>
|
||||
@ -128,7 +128,7 @@
|
||||
<FailoverClusterGroup id="id4643X4598" type="vrrp" name="vrrp1:members" comment="">
|
||||
<ClusterGroupOptions>
|
||||
<Option name="vrrp_secret">secret</Option>
|
||||
<Option name="vrrp_vrid"></Option>
|
||||
<Option name="vrrp_vrid"/>
|
||||
</ClusterGroupOptions>
|
||||
</FailoverClusterGroup>
|
||||
</Interface>
|
||||
@ -163,7 +163,7 @@
|
||||
<FailoverClusterGroup id="id4639X4600" type="carp" name="carp0:members" comment="">
|
||||
<ClusterGroupOptions>
|
||||
<Option name="carp_password">secret</Option>
|
||||
<Option name="carp_vhid"></Option>
|
||||
<Option name="carp_vhid"/>
|
||||
</ClusterGroupOptions>
|
||||
</FailoverClusterGroup>
|
||||
</Interface>
|
||||
@ -172,7 +172,7 @@
|
||||
<FailoverClusterGroup id="id4643X4600" type="carp" name="carp1:members" comment="">
|
||||
<ClusterGroupOptions>
|
||||
<Option name="carp_password">secret</Option>
|
||||
<Option name="carp_vhid"></Option>
|
||||
<Option name="carp_vhid"/>
|
||||
</ClusterGroupOptions>
|
||||
</FailoverClusterGroup>
|
||||
</Interface>
|
||||
@ -183,7 +183,7 @@
|
||||
<ObjectGroup id="id4070BBA8" name="Firewalls" comment="" ro="False">
|
||||
<Firewall id="id40708A6A" host_OS="unknown_os" lastCompiled="0" lastInstalled="0" lastModified="0" platform="unknown" version="" name="fw template 1" comment="This firewall has two interfaces. Eth0 faces outside and has a dynamic address; eth1 faces inside. Policy includes basic rules to permit unrestricted outbound access and anti-spoofing rules. Access to the firewall is permitted only from internal network and only using SSH. The firewall uses one of the machines on internal network for DNS. Internal network is configured with address 192.168.1.0/255.255.255.0" ro="False">
|
||||
<NAT id="id40708A6E" name="NAT" comment="" ro="False" ipv4_rule_set="False" ipv6_rule_set="False" top_rule_set="True">
|
||||
<NATRule id="id4070BFF5" disabled="False" position="0" comment="">
|
||||
<NATRule action="Translate" id="id4070BFF5" disabled="False" position="0" comment="">
|
||||
<OSrc neg="False">
|
||||
<ObjectRef ref="id3DC75CE7-1"/>
|
||||
</OSrc>
|
||||
@ -389,7 +389,7 @@
|
||||
</Firewall>
|
||||
<Firewall id="id40941E8C" host_OS="unknown_os" lastCompiled="0" lastInstalled="0" lastModified="0" platform="unknown" version="" name="fw template 2" comment="Similar to fw 1, but the firewall is used as DHCP and DNS server for internal network. This firewall has two interfaces. Eth0 faces outside and has a dynamic address; eth1 faces inside. Policy includes basic rules to permit unrestricted outbound access and anti-spoofing rules. Access to the firewall is permitted only from internal network and only using SSH. The firewall can send DNS queries to servers out on the Internet. Another rule permits DNS queries from internal network to the firewall. Special rules permit DHCP requests from internal network and replies sent by the firewall." ro="False">
|
||||
<NAT id="id40941E91" name="NAT" comment="" ro="False" ipv4_rule_set="False" ipv6_rule_set="False" top_rule_set="True">
|
||||
<NATRule id="id40941E92" disabled="False" position="0" comment="">
|
||||
<NATRule action="Translate" id="id40941E92" disabled="False" position="0" comment="">
|
||||
<OSrc neg="False">
|
||||
<ObjectRef ref="id3DC75CE7-1"/>
|
||||
</OSrc>
|
||||
@ -634,7 +634,7 @@
|
||||
</Firewall>
|
||||
<Firewall id="id40986AFE" host_OS="freebsd" lastCompiled="0" lastInstalled="0" lastModified="0" platform="unknown" version="" name="fw template 3" comment="This firewall has three interfaces. Eth0 faces outside and has a static routable address; eth1 faces inside; eth2 is connected to DMZ subnet. Policy includes basic rules to permit unrestricted outbound access and anti-spoofing rules. Access to the firewall is permitted only from internal network and only using SSH. The firewall uses one of the machines on internal network for DNS. Internal network is configured with address 192.168.1.0/255.255.255.0, DMZ is 192.168.2.0/255.255.255.0. Since DMZ used private IP address, it needs NAT. There is a mail relay host located on DMZ (object 'server on dmz'). Policy rules permit SMTP connections to it from the Internet and allow this server to connect to a host on internal network 'internal server'. All other access from DMZ to internal net is denied. To provide access to the mail relay its private address is mapped to firewall's outside interface address by NAT rule #1." ro="False">
|
||||
<NAT id="id40986B03" name="NAT" comment="" ro="False" ipv4_rule_set="False" ipv6_rule_set="False" top_rule_set="True">
|
||||
<NATRule id="id40987169" disabled="False" position="0" comment="no need to translate between DMZ and internal net">
|
||||
<NATRule action="Translate" id="id40987169" disabled="False" position="0" comment="no need to translate between DMZ and internal net">
|
||||
<OSrc neg="False">
|
||||
<ObjectRef ref="id3DC75CE7-2"/>
|
||||
</OSrc>
|
||||
@ -655,7 +655,7 @@
|
||||
</TSrv>
|
||||
<NATRuleOptions/>
|
||||
</NATRule>
|
||||
<NATRule id="id40986B04" disabled="False" position="1" comment="Translate source address for outgoing connections">
|
||||
<NATRule action="Translate" id="id40986B04" disabled="False" position="1" comment="Translate source address for outgoing connections">
|
||||
<OSrc neg="False">
|
||||
<ObjectRef ref="id3DC75CE7-1"/>
|
||||
<ObjectRef ref="id3DC75CE7-2"/>
|
||||
@ -677,7 +677,7 @@
|
||||
</TSrv>
|
||||
<NATRuleOptions/>
|
||||
</NATRule>
|
||||
<NATRule id="id40986E4B" disabled="False" position="2" comment="">
|
||||
<NATRule action="Translate" id="id40986E4B" disabled="False" position="2" comment="">
|
||||
<OSrc neg="False">
|
||||
<ObjectRef ref="sysid0"/>
|
||||
</OSrc>
|
||||
@ -1122,7 +1122,7 @@
|
||||
</Firewall>
|
||||
<Firewall id="id41293477" host_OS="linksys" lastCompiled="0" lastInstalled="0" lastModified="0" platform="iptables" version="" name="linksys firewall" comment="This firewall is based on Linksys appliance running Sveasoft firmware; it has two interfaces. Interface vlan1 faces outside and has a dynamic address; br0 faces inside. Policy includes basic rules to permit unrestricted outbound access and anti-spoofing rules. Access to the firewall is permitted only from internal network and only using SSH or HTTP. The firewall uses name servers supplied by the ISP for DNS. Special rule blocks DHCP requests on external interface without logging to reduce noise in the log. Internal network is configured with address 192.168.1.0/255.255.255.0" ro="False">
|
||||
<NAT id="id412934D3" name="NAT" comment="" ro="False" ipv4_rule_set="False" ipv6_rule_set="False" top_rule_set="True">
|
||||
<NATRule id="id412934D4" disabled="False" position="0" comment="">
|
||||
<NATRule action="Translate" id="id412934D4" disabled="False" position="0" comment="">
|
||||
<OSrc neg="False">
|
||||
<ObjectRef ref="id3DC75CE7-1"/>
|
||||
</OSrc>
|
||||
@ -1240,13 +1240,13 @@
|
||||
<IntervalRef ref="sysid2"/>
|
||||
</When>
|
||||
<PolicyRuleOptions>
|
||||
<Option name="action_on_reject"></Option>
|
||||
<Option name="action_on_reject"/>
|
||||
<Option name="firewall_is_part_of_any_and_networks">False</Option>
|
||||
<Option name="limit_burst">0</Option>
|
||||
<Option name="limit_suffix"></Option>
|
||||
<Option name="limit_suffix"/>
|
||||
<Option name="limit_value">0</Option>
|
||||
<Option name="log_level"></Option>
|
||||
<Option name="log_prefix"></Option>
|
||||
<Option name="log_level"/>
|
||||
<Option name="log_prefix"/>
|
||||
<Option name="stateless">True</Option>
|
||||
<Option name="ulog_nlgroup">1</Option>
|
||||
</PolicyRuleOptions>
|
||||
@ -1358,52 +1358,52 @@
|
||||
<FirewallOptions>
|
||||
<Option name="accept_established">True</Option>
|
||||
<Option name="accept_new_tcp_with_no_syn">True</Option>
|
||||
<Option name="action_on_reject"></Option>
|
||||
<Option name="activationCmd"></Option>
|
||||
<Option name="action_on_reject"/>
|
||||
<Option name="activationCmd"/>
|
||||
<Option name="admUser">root</Option>
|
||||
<Option name="altAddress"></Option>
|
||||
<Option name="altAddress"/>
|
||||
<Option name="bridging_fw">False</Option>
|
||||
<Option name="check_shading">True</Option>
|
||||
<Option name="clamp_mss_to_mtu">False</Option>
|
||||
<Option name="cmdline"></Option>
|
||||
<Option name="compiler"></Option>
|
||||
<Option name="cmdline"/>
|
||||
<Option name="compiler"/>
|
||||
<Option name="configure_interfaces">True</Option>
|
||||
<Option name="debug">True</Option>
|
||||
<Option name="eliminate_duplicates">true</Option>
|
||||
<Option name="firewall_dir"></Option>
|
||||
<Option name="firewall_dir"/>
|
||||
<Option name="firewall_is_part_of_any_and_networks">True</Option>
|
||||
<Option name="freebsd_ip_forward">1</Option>
|
||||
<Option name="ignore_empty_groups">False</Option>
|
||||
<Option name="in_out_code">true</Option>
|
||||
<Option name="limit_suffix"></Option>
|
||||
<Option name="limit_suffix"/>
|
||||
<Option name="limit_value">0</Option>
|
||||
<Option name="linksys_path_ip"></Option>
|
||||
<Option name="linksys_path_iptables"></Option>
|
||||
<Option name="linksys_path_logger"></Option>
|
||||
<Option name="linksys_path_lsmod"></Option>
|
||||
<Option name="linksys_path_modprobe"></Option>
|
||||
<Option name="linux24_accept_redirects"></Option>
|
||||
<Option name="linux24_accept_source_route"></Option>
|
||||
<Option name="linux24_icmp_echo_ignore_all"></Option>
|
||||
<Option name="linux24_icmp_echo_ignore_broadcasts"></Option>
|
||||
<Option name="linux24_icmp_ignore_bogus_error_responses"></Option>
|
||||
<Option name="linux24_ip_dynaddr"></Option>
|
||||
<Option name="linksys_path_ip"/>
|
||||
<Option name="linksys_path_iptables"/>
|
||||
<Option name="linksys_path_logger"/>
|
||||
<Option name="linksys_path_lsmod"/>
|
||||
<Option name="linksys_path_modprobe"/>
|
||||
<Option name="linux24_accept_redirects"/>
|
||||
<Option name="linux24_accept_source_route"/>
|
||||
<Option name="linux24_icmp_echo_ignore_all"/>
|
||||
<Option name="linux24_icmp_echo_ignore_broadcasts"/>
|
||||
<Option name="linux24_icmp_ignore_bogus_error_responses"/>
|
||||
<Option name="linux24_ip_dynaddr"/>
|
||||
<Option name="linux24_ip_forward">1</Option>
|
||||
<Option name="linux24_log_martians"></Option>
|
||||
<Option name="linux24_log_martians"/>
|
||||
<Option name="linux24_path_ip">/usr/sbin/ip</Option>
|
||||
<Option name="linux24_path_iptables">/usr/sbin/iptables</Option>
|
||||
<Option name="linux24_path_logger">/usr/bin/logger</Option>
|
||||
<Option name="linux24_path_lsmod">/sbin/lsmod</Option>
|
||||
<Option name="linux24_path_modprobe">/sbin/modprobe</Option>
|
||||
<Option name="linux24_rp_filter"></Option>
|
||||
<Option name="linux24_tcp_ecn"></Option>
|
||||
<Option name="linux24_tcp_fack"></Option>
|
||||
<Option name="linux24_rp_filter"/>
|
||||
<Option name="linux24_tcp_ecn"/>
|
||||
<Option name="linux24_tcp_fack"/>
|
||||
<Option name="linux24_tcp_fin_timeout">0</Option>
|
||||
<Option name="linux24_tcp_keepalive_interval">0</Option>
|
||||
<Option name="linux24_tcp_sack"></Option>
|
||||
<Option name="linux24_tcp_syncookies"></Option>
|
||||
<Option name="linux24_tcp_timestamps"></Option>
|
||||
<Option name="linux24_tcp_window_scaling"></Option>
|
||||
<Option name="linux24_tcp_sack"/>
|
||||
<Option name="linux24_tcp_syncookies"/>
|
||||
<Option name="linux24_tcp_timestamps"/>
|
||||
<Option name="linux24_tcp_window_scaling"/>
|
||||
<Option name="load_modules">True</Option>
|
||||
<Option name="local_nat">False</Option>
|
||||
<Option name="log_all">False</Option>
|
||||
@ -1415,7 +1415,7 @@
|
||||
<Option name="loopback_interface">lo0</Option>
|
||||
<Option name="macosx_ip_forward">1</Option>
|
||||
<Option name="manage_virtual_addr">True</Option>
|
||||
<Option name="mgmt_addr"></Option>
|
||||
<Option name="mgmt_addr"/>
|
||||
<Option name="mgmt_ssh">False</Option>
|
||||
<Option name="openbsd_ip_forward">1</Option>
|
||||
<Option name="pass_all_out">false</Option>
|
||||
@ -1594,11 +1594,11 @@
|
||||
<FirewallOptions>
|
||||
<Option name="accept_established">True</Option>
|
||||
<Option name="accept_new_tcp_with_no_syn">True</Option>
|
||||
<Option name="action_on_reject"></Option>
|
||||
<Option name="action_on_reject"/>
|
||||
<Option name="bridging_fw">False</Option>
|
||||
<Option name="check_shading">True</Option>
|
||||
<Option name="cmdline"></Option>
|
||||
<Option name="compiler"></Option>
|
||||
<Option name="cmdline"/>
|
||||
<Option name="compiler"/>
|
||||
<Option name="configure_interfaces">True</Option>
|
||||
<Option name="debug">False</Option>
|
||||
<Option name="eliminate_duplicates">true</Option>
|
||||
@ -1606,7 +1606,7 @@
|
||||
<Option name="firewall_is_part_of_any_and_networks">True</Option>
|
||||
<Option name="freebsd_ip_forward">1</Option>
|
||||
<Option name="ignore_empty_groups">False</Option>
|
||||
<Option name="limit_suffix"></Option>
|
||||
<Option name="limit_suffix"/>
|
||||
<Option name="limit_value">0</Option>
|
||||
<Option name="linux24_ip_forward">1</Option>
|
||||
<Option name="load_modules">True</Option>
|
||||
@ -1750,8 +1750,8 @@
|
||||
<Option name="accept_established">true</Option>
|
||||
<Option name="accept_new_tcp_with_no_syn">true</Option>
|
||||
<Option name="add_check_state_rule">true</Option>
|
||||
<Option name="admUser"></Option>
|
||||
<Option name="altAddress"></Option>
|
||||
<Option name="admUser"/>
|
||||
<Option name="altAddress"/>
|
||||
<Option name="check_shading">True</Option>
|
||||
<Option name="configure_interfaces">true</Option>
|
||||
<Option name="eliminate_duplicates">true</Option>
|
||||
@ -1766,18 +1766,18 @@
|
||||
<Option name="iosacl_acl_temp_addr">192.168.1.1</Option>
|
||||
<Option name="iosacl_add_clear_statements">true</Option>
|
||||
<Option name="iosacl_assume_fw_part_of_any">true</Option>
|
||||
<Option name="iosacl_epilog_script"></Option>
|
||||
<Option name="iosacl_epilog_script"/>
|
||||
<Option name="iosacl_include_comments">True</Option>
|
||||
<Option name="iosacl_logging_buffered">False</Option>
|
||||
<Option name="iosacl_logging_buffered_level"></Option>
|
||||
<Option name="iosacl_logging_buffered_level"/>
|
||||
<Option name="iosacl_logging_console">False</Option>
|
||||
<Option name="iosacl_logging_console_level"></Option>
|
||||
<Option name="iosacl_logging_console_level"/>
|
||||
<Option name="iosacl_logging_timestamp">False</Option>
|
||||
<Option name="iosacl_logging_trap_level"></Option>
|
||||
<Option name="iosacl_prolog_script"></Option>
|
||||
<Option name="iosacl_logging_trap_level"/>
|
||||
<Option name="iosacl_prolog_script"/>
|
||||
<Option name="iosacl_regroup_commands">False</Option>
|
||||
<Option name="iosacl_syslog_facility"></Option>
|
||||
<Option name="iosacl_syslog_host"></Option>
|
||||
<Option name="iosacl_syslog_facility"/>
|
||||
<Option name="iosacl_syslog_host"/>
|
||||
<Option name="limit_value">0</Option>
|
||||
<Option name="linux24_ip_forward">1</Option>
|
||||
<Option name="load_modules">true</Option>
|
||||
@ -1787,10 +1787,10 @@
|
||||
<Option name="loopback_interface">lo0</Option>
|
||||
<Option name="macosx_ip_forward">1</Option>
|
||||
<Option name="manage_virtual_addr">true</Option>
|
||||
<Option name="mgmt_addr"></Option>
|
||||
<Option name="mgmt_addr"/>
|
||||
<Option name="mgmt_ssh">False</Option>
|
||||
<Option name="openbsd_ip_forward">1</Option>
|
||||
<Option name="output_file"></Option>
|
||||
<Option name="output_file"/>
|
||||
<Option name="pass_all_out">false</Option>
|
||||
<Option name="pf_limit_frags">5000</Option>
|
||||
<Option name="pf_limit_states">10000</Option>
|
||||
@ -1812,7 +1812,7 @@
|
||||
<Option name="prompt1">$ </Option>
|
||||
<Option name="prompt2"> # </Option>
|
||||
<Option name="solaris_ip_forward">1</Option>
|
||||
<Option name="sshArgs"></Option>
|
||||
<Option name="sshArgs"/>
|
||||
<Option name="ulog_nlgroup">1</Option>
|
||||
<Option name="verify_interfaces">true</Option>
|
||||
</FirewallOptions>
|
||||
@ -1845,32 +1845,32 @@
|
||||
<Option name="firewall_is_part_of_any_and_networks">true</Option>
|
||||
<Option name="flush_and_set_default_policy">True</Option>
|
||||
<Option name="limit_value">0</Option>
|
||||
<Option name="linux24_accept_redirects"></Option>
|
||||
<Option name="linux24_accept_source_route"></Option>
|
||||
<Option name="linux24_icmp_echo_ignore_all"></Option>
|
||||
<Option name="linux24_icmp_echo_ignore_broadcasts"></Option>
|
||||
<Option name="linux24_icmp_ignore_bogus_error_responses"></Option>
|
||||
<Option name="linux24_ip_dynaddr"></Option>
|
||||
<Option name="linux24_accept_redirects"/>
|
||||
<Option name="linux24_accept_source_route"/>
|
||||
<Option name="linux24_icmp_echo_ignore_all"/>
|
||||
<Option name="linux24_icmp_echo_ignore_broadcasts"/>
|
||||
<Option name="linux24_icmp_ignore_bogus_error_responses"/>
|
||||
<Option name="linux24_ip_dynaddr"/>
|
||||
<Option name="linux24_ip_forward">1</Option>
|
||||
<Option name="linux24_ipv6_forward"></Option>
|
||||
<Option name="linux24_log_martians"></Option>
|
||||
<Option name="linux24_path_ip"></Option>
|
||||
<Option name="linux24_path_ip6tables"></Option>
|
||||
<Option name="linux24_path_ip6tables_restore"></Option>
|
||||
<Option name="linux24_path_iptables"></Option>
|
||||
<Option name="linux24_path_iptables_restore"></Option>
|
||||
<Option name="linux24_path_logger"></Option>
|
||||
<Option name="linux24_path_lsmod"></Option>
|
||||
<Option name="linux24_path_modprobe"></Option>
|
||||
<Option name="linux24_rp_filter"></Option>
|
||||
<Option name="linux24_tcp_ecn"></Option>
|
||||
<Option name="linux24_tcp_fack"></Option>
|
||||
<Option name="linux24_ipv6_forward"/>
|
||||
<Option name="linux24_log_martians"/>
|
||||
<Option name="linux24_path_ip"/>
|
||||
<Option name="linux24_path_ip6tables"/>
|
||||
<Option name="linux24_path_ip6tables_restore"/>
|
||||
<Option name="linux24_path_iptables"/>
|
||||
<Option name="linux24_path_iptables_restore"/>
|
||||
<Option name="linux24_path_logger"/>
|
||||
<Option name="linux24_path_lsmod"/>
|
||||
<Option name="linux24_path_modprobe"/>
|
||||
<Option name="linux24_rp_filter"/>
|
||||
<Option name="linux24_tcp_ecn"/>
|
||||
<Option name="linux24_tcp_fack"/>
|
||||
<Option name="linux24_tcp_fin_timeout">0</Option>
|
||||
<Option name="linux24_tcp_keepalive_interval">0</Option>
|
||||
<Option name="linux24_tcp_sack"></Option>
|
||||
<Option name="linux24_tcp_syncookies"></Option>
|
||||
<Option name="linux24_tcp_timestamps"></Option>
|
||||
<Option name="linux24_tcp_window_scaling"></Option>
|
||||
<Option name="linux24_tcp_sack"/>
|
||||
<Option name="linux24_tcp_syncookies"/>
|
||||
<Option name="linux24_tcp_timestamps"/>
|
||||
<Option name="linux24_tcp_window_scaling"/>
|
||||
<Option name="load_modules">true</Option>
|
||||
<Option name="local_nat">false</Option>
|
||||
<Option name="log_level">info</Option>
|
||||
@ -1913,32 +1913,32 @@
|
||||
<Option name="firewall_is_part_of_any_and_networks">true</Option>
|
||||
<Option name="flush_and_set_default_policy">True</Option>
|
||||
<Option name="limit_value">0</Option>
|
||||
<Option name="linux24_accept_redirects"></Option>
|
||||
<Option name="linux24_accept_source_route"></Option>
|
||||
<Option name="linux24_icmp_echo_ignore_all"></Option>
|
||||
<Option name="linux24_icmp_echo_ignore_broadcasts"></Option>
|
||||
<Option name="linux24_icmp_ignore_bogus_error_responses"></Option>
|
||||
<Option name="linux24_ip_dynaddr"></Option>
|
||||
<Option name="linux24_accept_redirects"/>
|
||||
<Option name="linux24_accept_source_route"/>
|
||||
<Option name="linux24_icmp_echo_ignore_all"/>
|
||||
<Option name="linux24_icmp_echo_ignore_broadcasts"/>
|
||||
<Option name="linux24_icmp_ignore_bogus_error_responses"/>
|
||||
<Option name="linux24_ip_dynaddr"/>
|
||||
<Option name="linux24_ip_forward">1</Option>
|
||||
<Option name="linux24_ipv6_forward"></Option>
|
||||
<Option name="linux24_log_martians"></Option>
|
||||
<Option name="linux24_path_ip"></Option>
|
||||
<Option name="linux24_path_ip6tables"></Option>
|
||||
<Option name="linux24_path_ip6tables_restore"></Option>
|
||||
<Option name="linux24_path_iptables"></Option>
|
||||
<Option name="linux24_path_iptables_restore"></Option>
|
||||
<Option name="linux24_path_logger"></Option>
|
||||
<Option name="linux24_path_lsmod"></Option>
|
||||
<Option name="linux24_path_modprobe"></Option>
|
||||
<Option name="linux24_rp_filter"></Option>
|
||||
<Option name="linux24_tcp_ecn"></Option>
|
||||
<Option name="linux24_tcp_fack"></Option>
|
||||
<Option name="linux24_ipv6_forward"/>
|
||||
<Option name="linux24_log_martians"/>
|
||||
<Option name="linux24_path_ip"/>
|
||||
<Option name="linux24_path_ip6tables"/>
|
||||
<Option name="linux24_path_ip6tables_restore"/>
|
||||
<Option name="linux24_path_iptables"/>
|
||||
<Option name="linux24_path_iptables_restore"/>
|
||||
<Option name="linux24_path_logger"/>
|
||||
<Option name="linux24_path_lsmod"/>
|
||||
<Option name="linux24_path_modprobe"/>
|
||||
<Option name="linux24_rp_filter"/>
|
||||
<Option name="linux24_tcp_ecn"/>
|
||||
<Option name="linux24_tcp_fack"/>
|
||||
<Option name="linux24_tcp_fin_timeout">0</Option>
|
||||
<Option name="linux24_tcp_keepalive_interval">0</Option>
|
||||
<Option name="linux24_tcp_sack"></Option>
|
||||
<Option name="linux24_tcp_syncookies"></Option>
|
||||
<Option name="linux24_tcp_timestamps"></Option>
|
||||
<Option name="linux24_tcp_window_scaling"></Option>
|
||||
<Option name="linux24_tcp_sack"/>
|
||||
<Option name="linux24_tcp_syncookies"/>
|
||||
<Option name="linux24_tcp_timestamps"/>
|
||||
<Option name="linux24_tcp_window_scaling"/>
|
||||
<Option name="load_modules">true</Option>
|
||||
<Option name="local_nat">false</Option>
|
||||
<Option name="log_level">info</Option>
|
||||
@ -1980,9 +1980,9 @@
|
||||
<PolicyInstallScript arguments="" command="" enabled="False"/>
|
||||
</Management>
|
||||
<HostOptions>
|
||||
<Option name="snmp_contact"></Option>
|
||||
<Option name="snmp_description"></Option>
|
||||
<Option name="snmp_location"></Option>
|
||||
<Option name="snmp_contact"/>
|
||||
<Option name="snmp_description"/>
|
||||
<Option name="snmp_location"/>
|
||||
<Option name="use_mac_addr">false</Option>
|
||||
<Option name="use_mac_addr_filter">False</Option>
|
||||
</HostOptions>
|
||||
@ -1997,9 +1997,9 @@
|
||||
<PolicyInstallScript arguments="" command="" enabled="False"/>
|
||||
</Management>
|
||||
<HostOptions>
|
||||
<Option name="snmp_contact"></Option>
|
||||
<Option name="snmp_description"></Option>
|
||||
<Option name="snmp_location"></Option>
|
||||
<Option name="snmp_contact"/>
|
||||
<Option name="snmp_description"/>
|
||||
<Option name="snmp_location"/>
|
||||
<Option name="use_mac_addr">false</Option>
|
||||
<Option name="use_mac_addr_filter">False</Option>
|
||||
</HostOptions>
|
||||
@ -2024,16 +2024,16 @@
|
||||
</ObjectGroup>
|
||||
<ServiceGroup id="stdid05" name="Services" comment="" ro="False">
|
||||
<CustomService id="stdid14_1" name="ESTABLISHED" comment="This service matches all packets which are part of network connections established through the firewall, or connections 'related' to those established through the firewall. Term 'established' refers to the state tracking mechanism which exists inside iptables and other stateful firewalls and does not mean any particular combination of packet header options. Packet is considered to correspond to the state 'ESTABLISHED' if it belongs to the network session, for which proper initiation has been seen by the firewall, so its stateful inspection module made appropriate record in the state table. Usually stateful firewalls keep track of network connections using not only tcp protocol, but also udp and sometimes even icmp protocols. 'RELATED' describes packet belonging to a separate network connection, related to the session firewall is keeping track of. One example is FTP command and FTP data sessions." ro="False" protocol="any" address_family="ipv4">
|
||||
<CustomServiceCommand platform="Undefined"></CustomServiceCommand>
|
||||
<CustomServiceCommand platform="Undefined"/>
|
||||
<CustomServiceCommand platform="iosacl">established</CustomServiceCommand>
|
||||
<CustomServiceCommand platform="ipfilter"></CustomServiceCommand>
|
||||
<CustomServiceCommand platform="ipfilter"/>
|
||||
<CustomServiceCommand platform="ipfw">established</CustomServiceCommand>
|
||||
<CustomServiceCommand platform="iptables">-m state --state ESTABLISHED,RELATED</CustomServiceCommand>
|
||||
</CustomService>
|
||||
<CustomService id="stdid14_2" name="ESTABLISHED ipv6" comment="This service matches all packets which are part of network connections established through the firewall, or connections 'related' to those established through the firewall. Term 'established' refers to the state tracking mechanism which exists inside iptables and other stateful firewalls and does not mean any particular combination of packet header options. Packet is considered to correspond to the state 'ESTABLISHED' if it belongs to the network session, for which proper initiation has been seen by the firewall, so its stateful inspection module made appropriate record in the state table. Usually stateful firewalls keep track of network connections using not only tcp protocol, but also udp and sometimes even icmp protocols. 'RELATED' describes packet belonging to a separate network connection, related to the session firewall is keeping track of. One example is FTP command and FTP data sessions." ro="False" protocol="any" address_family="ipv6">
|
||||
<CustomServiceCommand platform="Undefined"></CustomServiceCommand>
|
||||
<CustomServiceCommand platform="Undefined"/>
|
||||
<CustomServiceCommand platform="iosacl">established</CustomServiceCommand>
|
||||
<CustomServiceCommand platform="ipfilter"></CustomServiceCommand>
|
||||
<CustomServiceCommand platform="ipfilter"/>
|
||||
<CustomServiceCommand platform="ipfw">established</CustomServiceCommand>
|
||||
<CustomServiceCommand platform="iptables">-m state --state ESTABLISHED,RELATED</CustomServiceCommand>
|
||||
</CustomService>
|
||||
@ -2272,54 +2272,54 @@
|
||||
</ServiceGroup>
|
||||
<ServiceGroup id="stdid13" name="Custom" comment="" ro="False">
|
||||
<CustomService id="id3B64EEA8" name="rpc" comment="works in iptables and requires patch-o-matic. For more information look for patch-o-matic on http://www.netfilter.org/" ro="False" protocol="any" address_family="ipv4">
|
||||
<CustomServiceCommand platform="Undefined"></CustomServiceCommand>
|
||||
<CustomServiceCommand platform="ipf"></CustomServiceCommand>
|
||||
<CustomServiceCommand platform="ipfilter"></CustomServiceCommand>
|
||||
<CustomServiceCommand platform="ipfw"></CustomServiceCommand>
|
||||
<CustomServiceCommand platform="Undefined"/>
|
||||
<CustomServiceCommand platform="ipf"/>
|
||||
<CustomServiceCommand platform="ipfilter"/>
|
||||
<CustomServiceCommand platform="ipfw"/>
|
||||
<CustomServiceCommand platform="iptables">-m record_rpc</CustomServiceCommand>
|
||||
<CustomServiceCommand platform="pf"></CustomServiceCommand>
|
||||
<CustomServiceCommand platform="pix"></CustomServiceCommand>
|
||||
<CustomServiceCommand platform="unknown"></CustomServiceCommand>
|
||||
<CustomServiceCommand platform="pf"/>
|
||||
<CustomServiceCommand platform="pix"/>
|
||||
<CustomServiceCommand platform="unknown"/>
|
||||
</CustomService>
|
||||
<CustomService id="id3B64EF4E" name="irc-conn" comment="IRC connection tracker, supports DCC. Works on iptables and requires patch-o-matic. For more information look for patch-o-matic on http://www.netfilter.org/ " ro="False" protocol="any" address_family="ipv4">
|
||||
<CustomServiceCommand platform="Undefined"></CustomServiceCommand>
|
||||
<CustomServiceCommand platform="ipf"></CustomServiceCommand>
|
||||
<CustomServiceCommand platform="ipfilter"></CustomServiceCommand>
|
||||
<CustomServiceCommand platform="ipfw"></CustomServiceCommand>
|
||||
<CustomServiceCommand platform="Undefined"/>
|
||||
<CustomServiceCommand platform="ipf"/>
|
||||
<CustomServiceCommand platform="ipfilter"/>
|
||||
<CustomServiceCommand platform="ipfw"/>
|
||||
<CustomServiceCommand platform="iptables">-m irc</CustomServiceCommand>
|
||||
<CustomServiceCommand platform="pf"></CustomServiceCommand>
|
||||
<CustomServiceCommand platform="pix"></CustomServiceCommand>
|
||||
<CustomServiceCommand platform="unknown"></CustomServiceCommand>
|
||||
<CustomServiceCommand platform="pf"/>
|
||||
<CustomServiceCommand platform="pix"/>
|
||||
<CustomServiceCommand platform="unknown"/>
|
||||
</CustomService>
|
||||
<CustomService id="id3B64EF50" name="psd" comment="Port scan detector, works only on iptables and requires patch-o-matic For more information look for patch-o-matic on http://www.netfilter.org/" ro="False" protocol="any" address_family="ipv4">
|
||||
<CustomServiceCommand platform="Undefined"></CustomServiceCommand>
|
||||
<CustomServiceCommand platform="ipf"></CustomServiceCommand>
|
||||
<CustomServiceCommand platform="ipfilter"></CustomServiceCommand>
|
||||
<CustomServiceCommand platform="ipfw"></CustomServiceCommand>
|
||||
<CustomServiceCommand platform="Undefined"/>
|
||||
<CustomServiceCommand platform="ipf"/>
|
||||
<CustomServiceCommand platform="ipfilter"/>
|
||||
<CustomServiceCommand platform="ipfw"/>
|
||||
<CustomServiceCommand platform="iptables">-m psd --psd-weight-threshold 5 --psd-delay-threshold 10000</CustomServiceCommand>
|
||||
<CustomServiceCommand platform="pf"></CustomServiceCommand>
|
||||
<CustomServiceCommand platform="pix"></CustomServiceCommand>
|
||||
<CustomServiceCommand platform="unknown"></CustomServiceCommand>
|
||||
<CustomServiceCommand platform="pf"/>
|
||||
<CustomServiceCommand platform="pix"/>
|
||||
<CustomServiceCommand platform="unknown"/>
|
||||
</CustomService>
|
||||
<CustomService id="id3B64EF52" name="string" comment="Matches a string in a whole packet, works in iptables and requires patch-o-matic. For more information look for patch-o-matic on http://www.netfilter.org/" ro="False" protocol="any" address_family="ipv4">
|
||||
<CustomServiceCommand platform="Undefined"></CustomServiceCommand>
|
||||
<CustomServiceCommand platform="ipf"></CustomServiceCommand>
|
||||
<CustomServiceCommand platform="ipfilter"></CustomServiceCommand>
|
||||
<CustomServiceCommand platform="ipfw"></CustomServiceCommand>
|
||||
<CustomServiceCommand platform="Undefined"/>
|
||||
<CustomServiceCommand platform="ipf"/>
|
||||
<CustomServiceCommand platform="ipfilter"/>
|
||||
<CustomServiceCommand platform="ipfw"/>
|
||||
<CustomServiceCommand platform="iptables">-m string --string test_pattern</CustomServiceCommand>
|
||||
<CustomServiceCommand platform="pf"></CustomServiceCommand>
|
||||
<CustomServiceCommand platform="pix"></CustomServiceCommand>
|
||||
<CustomServiceCommand platform="unknown"></CustomServiceCommand>
|
||||
<CustomServiceCommand platform="pf"/>
|
||||
<CustomServiceCommand platform="pix"/>
|
||||
<CustomServiceCommand platform="unknown"/>
|
||||
</CustomService>
|
||||
<CustomService id="id3B64EF54" name="talk" comment="Talk protocol support. Works in iptables and requires patch-o-matic. For more information look for patch-o-matic on http://www.netfilter.org/" ro="False" protocol="any" address_family="ipv4">
|
||||
<CustomServiceCommand platform="Undefined"></CustomServiceCommand>
|
||||
<CustomServiceCommand platform="ipf"></CustomServiceCommand>
|
||||
<CustomServiceCommand platform="ipfilter"></CustomServiceCommand>
|
||||
<CustomServiceCommand platform="ipfw"></CustomServiceCommand>
|
||||
<CustomServiceCommand platform="Undefined"/>
|
||||
<CustomServiceCommand platform="ipf"/>
|
||||
<CustomServiceCommand platform="ipfilter"/>
|
||||
<CustomServiceCommand platform="ipfw"/>
|
||||
<CustomServiceCommand platform="iptables">-m talk</CustomServiceCommand>
|
||||
<CustomServiceCommand platform="pf"></CustomServiceCommand>
|
||||
<CustomServiceCommand platform="pix"></CustomServiceCommand>
|
||||
<CustomServiceCommand platform="unknown"></CustomServiceCommand>
|
||||
<CustomServiceCommand platform="pf"/>
|
||||
<CustomServiceCommand platform="pix"/>
|
||||
<CustomServiceCommand platform="unknown"/>
|
||||
</CustomService>
|
||||
</ServiceGroup>
|
||||
<ServiceGroup id="stdid19" name="TagServices" comment="" ro="False"/>
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user