mirror of
https://github.com/fwbuilder/fwbuilder
synced 2026-03-24 04:07:55 +01:00
fwb_ipt recognizes ICMP6Service
This commit is contained in:
Vadim Kurland
parent
0d3776eb8c
commit
aa2abe50b8
@ -1,5 +1,8 @@
|
||||
2008-07-01 Vadim Kurland <vadim@vk.crocodile.org>
|
||||
|
||||
* PolicyCompiler_PrintRule.cpp (PrintRule::_printProtocol):
|
||||
compiler for iptables distinguishes ICMPService and ICMP6Service
|
||||
|
||||
* objects_init.xml.in: Added few standard ICMP6 objects
|
||||
|
||||
* ObjectManipulator.cpp (ObjectManipulator::newICMP6): Added
|
||||
|
||||
@ -29,6 +29,7 @@
|
||||
#include "fwbuilder/RuleElement.h"
|
||||
#include "fwbuilder/IPService.h"
|
||||
#include "fwbuilder/ICMPService.h"
|
||||
#include "fwbuilder/ICMP6Service.h"
|
||||
#include "fwbuilder/TCPService.h"
|
||||
#include "fwbuilder/UDPService.h"
|
||||
#include "fwbuilder/CustomService.h"
|
||||
@ -601,7 +602,13 @@ string PolicyCompiler_ipt::PrintRule::_printProtocol(libfwbuilder::Service *srv)
|
||||
|
||||
if (ipt_comp->ipv6)
|
||||
{
|
||||
if (pn == "icmp")
|
||||
if (ICMPService::isA(srv))
|
||||
{
|
||||
compiler->abort("Can not use ICMPService in ipv6 rule; "
|
||||
"use ICMP6Service object instead");
|
||||
}
|
||||
|
||||
if (ICMP6Service::isA(srv))
|
||||
{
|
||||
s = "-p ipv6-icmp ";
|
||||
if (srv->getInt("type")!=-1 &&
|
||||
@ -615,7 +622,13 @@ string PolicyCompiler_ipt::PrintRule::_printProtocol(libfwbuilder::Service *srv)
|
||||
}
|
||||
} else
|
||||
{
|
||||
if (pn == "icmp")
|
||||
if (ICMP6Service::isA(srv))
|
||||
{
|
||||
compiler->abort("Can not use ICMP6Service in ipv4 rule; "
|
||||
"use ICMPService object instead");
|
||||
}
|
||||
|
||||
if (ICMPService::isA(srv))
|
||||
{
|
||||
s = "-p icmp ";
|
||||
if (ipt_comp->newIptables(version)) s += " -m icmp ";
|
||||
@ -673,7 +686,7 @@ string PolicyCompiler_ipt::PrintRule::_printDstPorts(Service *srv)
|
||||
string PolicyCompiler_ipt::PrintRule::_printICMP(ICMPService *srv)
|
||||
{
|
||||
std::ostringstream str;
|
||||
if (ICMPService::isA(srv) && srv->getInt("type")!=-1)
|
||||
if (ICMPService::cast(srv) && srv->getInt("type")!=-1)
|
||||
{
|
||||
str << srv->getStr("type");
|
||||
if (srv->getInt("code")!=-1)
|
||||
@ -850,7 +863,7 @@ string PolicyCompiler_ipt::PrintRule::_printDstService(RuleElementSrv *rel)
|
||||
<< str << " ";
|
||||
}
|
||||
}
|
||||
if (ICMPService::isA(srv))
|
||||
if (ICMPService::isA(srv) || ICMP6Service::isA(srv))
|
||||
{
|
||||
string icmp_type_str =
|
||||
(ipt_comp->ipv6) ? " --icmpv6-type" : " --icmp-type";
|
||||
|
||||
@ -165,6 +165,8 @@
|
||||
<ICMP6Service id="idCFF27650" name="ipv6 time exceeded in reassembly" comment="Time exceeded in reassembly" code="1" type="3"/>
|
||||
<ICMP6Service id="idE0B27650" name="ipv6 packet too big" code="-1" type="2"/>
|
||||
<ICMP6Service id="idE0D27650" name="ipv6 all dest unreachable" comment="All icmpv6 codes for type "destination unreachable" " code="-1" type="1"/>
|
||||
<ICMP6Service id="idCFE27660" name="ipv6 any ICMP6" comment="any ICMPv6" code="-1" type="-1"/>
|
||||
|
||||
</ServiceGroup>
|
||||
<ServiceGroup id="stdid06" name="IP">
|
||||
<IPService id="id3CB12797" name="AH" comment="IPSEC Authentication Header Protocol" fragm="False" lsrr="False" protocol_num="51" rr="False" short_fragm="False" ssrr="False" ts="False"/>
|
||||
|
||||
@ -165,6 +165,8 @@
|
||||
<ICMP6Service id="idCFF27650" name="ipv6 time exceeded in reassembly" comment="Time exceeded in reassembly" code="1" type="3"/>
|
||||
<ICMP6Service id="idE0B27650" name="ipv6 packet too big" code="-1" type="2"/>
|
||||
<ICMP6Service id="idE0D27650" name="ipv6 all dest unreachable" comment="All icmpv6 codes for type "destination unreachable" " code="-1" type="1"/>
|
||||
<ICMP6Service id="idCFE27660" name="ipv6 any ICMP6" comment="any ICMPv6" code="-1" type="-1"/>
|
||||
|
||||
</ServiceGroup>
|
||||
<ServiceGroup id="stdid06" name="IP">
|
||||
<IPService id="id3CB12797" name="AH" comment="IPSEC Authentication Header Protocol" fragm="False" lsrr="False" protocol_num="51" rr="False" short_fragm="False" ssrr="False" ts="False"/>
|
||||
|
||||
@ -1,6 +1,588 @@
|
||||
<?xml version="1.0" encoding="utf-8"?>
|
||||
<!DOCTYPE FWObjectDatabase SYSTEM "fwbuilder.dtd">
|
||||
<FWObjectDatabase xmlns="http://www.fwbuilder.org/1.0/" version="9" lastModified="1214592437" id="root">
|
||||
<FWObjectDatabase xmlns="http://www.fwbuilder.org/1.0/" version="9" lastModified="1214965576" id="root">
|
||||
<Library id="sysid99" name="Deleted Objects" ro="False">
|
||||
<ICMP6Service id="idE0C27650" name="ipv6 dest unreachable" comment="No route to destination" code="0" type="1"/>
|
||||
<IPv4 id="id41D295E2" name="firewall30:ppp.200*:ip" address="192.168.1.1" netmask="255.255.255.0"/>
|
||||
<Firewall id="id41D294BB" name="firewall30" comment="dynamic wildcard interface with a dot in the name" host_OS="linux24" lastCompiled="0" lastInstalled="0" lastModified="0" platform="iptables" ro="False" version="">
|
||||
<NAT id="id41D2953D" name="NAT">
|
||||
<NATRule id="id41D2953E" disabled="False" position="0">
|
||||
<OSrc neg="False">
|
||||
<ObjectRef ref="net-Internal_net"/>
|
||||
</OSrc>
|
||||
<ODst neg="False">
|
||||
<ObjectRef ref="sysid0"/>
|
||||
</ODst>
|
||||
<OSrv neg="False">
|
||||
<ServiceRef ref="sysid1"/>
|
||||
</OSrv>
|
||||
<TSrc neg="False">
|
||||
<ObjectRef ref="sysid0"/>
|
||||
</TSrc>
|
||||
<TDst neg="False">
|
||||
<ObjectRef ref="sysid0"/>
|
||||
</TDst>
|
||||
<TSrv neg="False">
|
||||
<ServiceRef ref="sysid1"/>
|
||||
</TSrv>
|
||||
<NATRuleOptions/>
|
||||
</NATRule>
|
||||
<NATRule id="id41D2954C" disabled="False" position="1">
|
||||
<OSrc neg="False">
|
||||
<ObjectRef ref="net-Internal_net"/>
|
||||
</OSrc>
|
||||
<ODst neg="False">
|
||||
<ObjectRef ref="sysid0"/>
|
||||
</ODst>
|
||||
<OSrv neg="False">
|
||||
<ServiceRef ref="sysid1"/>
|
||||
</OSrv>
|
||||
<TSrc neg="False">
|
||||
<ObjectRef ref="id3AFADBF9"/>
|
||||
</TSrc>
|
||||
<TDst neg="False">
|
||||
<ObjectRef ref="sysid0"/>
|
||||
</TDst>
|
||||
<TSrv neg="False">
|
||||
<ServiceRef ref="sysid1"/>
|
||||
</TSrv>
|
||||
<NATRuleOptions/>
|
||||
</NATRule>
|
||||
<NATRule id="id41D2955A" disabled="False" position="2">
|
||||
<OSrc neg="False">
|
||||
<ObjectRef ref="sysid0"/>
|
||||
</OSrc>
|
||||
<ODst neg="False">
|
||||
<ObjectRef ref="sysid0"/>
|
||||
</ODst>
|
||||
<OSrv neg="False">
|
||||
<ServiceRef ref="tcp-SSH"/>
|
||||
</OSrv>
|
||||
<TSrc neg="False">
|
||||
<ObjectRef ref="sysid0"/>
|
||||
</TSrc>
|
||||
<TDst neg="False">
|
||||
<ObjectRef ref="host-hostA"/>
|
||||
</TDst>
|
||||
<TSrv neg="False">
|
||||
<ServiceRef ref="tcp-SSH"/>
|
||||
</TSrv>
|
||||
<NATRuleOptions/>
|
||||
</NATRule>
|
||||
<NATRule id="id41D29568" disabled="False" position="3">
|
||||
<OSrc neg="False">
|
||||
<ObjectRef ref="net-Internal_net"/>
|
||||
</OSrc>
|
||||
<ODst neg="True">
|
||||
<ObjectRef ref="id3B19C5EB"/>
|
||||
</ODst>
|
||||
<OSrv neg="False">
|
||||
<ServiceRef ref="sysid1"/>
|
||||
</OSrv>
|
||||
<TSrc neg="False">
|
||||
<ObjectRef ref="sysid0"/>
|
||||
</TSrc>
|
||||
<TDst neg="False">
|
||||
<ObjectRef ref="id3D151943"/>
|
||||
</TDst>
|
||||
<TSrv neg="False">
|
||||
<ServiceRef ref="sysid1"/>
|
||||
</TSrv>
|
||||
<NATRuleOptions/>
|
||||
</NATRule>
|
||||
</NAT>
|
||||
<Policy id="id41D294C0" name="Policy">
|
||||
<PolicyRule id="id41D295AE" comment="ppp clients get addresses on 10.1.1.0" action="Deny" direction="Inbound" disabled="False" log="True" position="0">
|
||||
<Src neg="True">
|
||||
<ObjectRef ref="id3EFBCCBA"/>
|
||||
</Src>
|
||||
<Dst neg="False">
|
||||
<ObjectRef ref="sysid0"/>
|
||||
</Dst>
|
||||
<Srv neg="False">
|
||||
<ServiceRef ref="sysid1"/>
|
||||
</Srv>
|
||||
<Itf neg="False">
|
||||
<ObjectRef ref="id41D29576"/>
|
||||
</Itf>
|
||||
<When neg="False">
|
||||
<IntervalRef ref="sysid2"/>
|
||||
</When>
|
||||
<PolicyRuleOptions>
|
||||
<Option name="stateless">True</Option>
|
||||
</PolicyRuleOptions>
|
||||
</PolicyRule>
|
||||
<PolicyRule id="id41D295B8" comment="ppp clients can not connect to the firewall" action="Deny" direction="Inbound" disabled="False" log="True" position="1">
|
||||
<Src neg="False">
|
||||
<ObjectRef ref="sysid0"/>
|
||||
</Src>
|
||||
<Dst neg="False">
|
||||
<ObjectRef ref="sysid0"/>
|
||||
</Dst>
|
||||
<Srv neg="False">
|
||||
<ServiceRef ref="sysid1"/>
|
||||
</Srv>
|
||||
<Itf neg="False">
|
||||
<ObjectRef ref="id41D29576"/>
|
||||
</Itf>
|
||||
<When neg="False">
|
||||
<IntervalRef ref="sysid2"/>
|
||||
</When>
|
||||
<PolicyRuleOptions>
|
||||
<Option name="stateless">True</Option>
|
||||
</PolicyRuleOptions>
|
||||
</PolicyRule>
|
||||
<PolicyRule id="id41D295C2" action="Deny" direction="Inbound" disabled="False" log="True" position="2">
|
||||
<Src neg="False">
|
||||
<ObjectRef ref="sysid0"/>
|
||||
</Src>
|
||||
<Dst neg="False">
|
||||
<ObjectRef ref="sysid0"/>
|
||||
</Dst>
|
||||
<Srv neg="False">
|
||||
<ServiceRef ref="sysid1"/>
|
||||
</Srv>
|
||||
<Itf neg="False">
|
||||
<ObjectRef ref="id41D29576"/>
|
||||
</Itf>
|
||||
<When neg="False">
|
||||
<IntervalRef ref="sysid2"/>
|
||||
</When>
|
||||
<PolicyRuleOptions>
|
||||
<Option name="stateless">True</Option>
|
||||
</PolicyRuleOptions>
|
||||
</PolicyRule>
|
||||
<PolicyRule id="id41D295CC" comment="ppp clients can only connect to the mail server and web proxy on DMZ" action="Accept" direction="Inbound" disabled="False" log="False" position="3">
|
||||
<Src neg="False">
|
||||
<ObjectRef ref="sysid0"/>
|
||||
</Src>
|
||||
<Dst neg="False">
|
||||
<ObjectRef ref="id3D151943"/>
|
||||
</Dst>
|
||||
<Srv neg="False">
|
||||
<ServiceRef ref="tcp-SMTP"/>
|
||||
<ServiceRef ref="id3B4FF09A"/>
|
||||
</Srv>
|
||||
<Itf neg="False">
|
||||
<ObjectRef ref="id41D29576"/>
|
||||
</Itf>
|
||||
<When neg="False">
|
||||
<IntervalRef ref="sysid2"/>
|
||||
</When>
|
||||
<PolicyRuleOptions/>
|
||||
</PolicyRule>
|
||||
<PolicyRule id="id41D295D7" comment="ppp clients can not connect to anything else on DMZ and internal net" action="Deny" direction="Inbound" disabled="False" log="True" position="4">
|
||||
<Src neg="False">
|
||||
<ObjectRef ref="sysid0"/>
|
||||
</Src>
|
||||
<Dst neg="False">
|
||||
<ObjectRef ref="id3B022266"/>
|
||||
<ObjectRef ref="net-Internal_net"/>
|
||||
</Dst>
|
||||
<Srv neg="False">
|
||||
<ServiceRef ref="sysid1"/>
|
||||
</Srv>
|
||||
<Itf neg="False">
|
||||
<ObjectRef ref="id41D29576"/>
|
||||
</Itf>
|
||||
<When neg="False">
|
||||
<IntervalRef ref="sysid2"/>
|
||||
</When>
|
||||
<PolicyRuleOptions>
|
||||
<Option name="stateless">True</Option>
|
||||
</PolicyRuleOptions>
|
||||
</PolicyRule>
|
||||
<PolicyRule id="id41D295F6" action="Deny" direction="Inbound" disabled="False" log="True" position="5">
|
||||
<Src neg="True">
|
||||
<ObjectRef ref="id3B022266"/>
|
||||
</Src>
|
||||
<Dst neg="False">
|
||||
<ObjectRef ref="sysid0"/>
|
||||
</Dst>
|
||||
<Srv neg="False">
|
||||
<ServiceRef ref="sysid1"/>
|
||||
</Srv>
|
||||
<Itf neg="False">
|
||||
<ObjectRef ref="id41D295E8"/>
|
||||
</Itf>
|
||||
<When neg="False">
|
||||
<IntervalRef ref="sysid2"/>
|
||||
</When>
|
||||
<PolicyRuleOptions>
|
||||
<Option name="stateless">True</Option>
|
||||
</PolicyRuleOptions>
|
||||
</PolicyRule>
|
||||
<PolicyRule id="id41D294C1" comment="hostF has the same IP address as firewal." action="Accept" disabled="False" log="True" position="6">
|
||||
<Src neg="False">
|
||||
<ObjectRef ref="sysid0"/>
|
||||
</Src>
|
||||
<Dst neg="False">
|
||||
<ObjectRef ref="id3AFC191C"/>
|
||||
</Dst>
|
||||
<Srv neg="False">
|
||||
<ServiceRef ref="icmp-ping_request"/>
|
||||
</Srv>
|
||||
<Itf neg="False">
|
||||
<ObjectRef ref="sysid0"/>
|
||||
</Itf>
|
||||
<When neg="False">
|
||||
<IntervalRef ref="sysid2"/>
|
||||
</When>
|
||||
<PolicyRuleOptions>
|
||||
<Option name="id"></Option>
|
||||
</PolicyRuleOptions>
|
||||
</PolicyRule>
|
||||
<PolicyRule id="id41D294CB" action="Accept" disabled="False" log="False" position="7">
|
||||
<Src neg="False">
|
||||
<ObjectRef ref="sysid0"/>
|
||||
</Src>
|
||||
<Dst neg="False">
|
||||
<ObjectRef ref="sysid0"/>
|
||||
</Dst>
|
||||
<Srv neg="False">
|
||||
<ServiceRef ref="tcp-SSH"/>
|
||||
</Srv>
|
||||
<Itf neg="False">
|
||||
<ObjectRef ref="sysid0"/>
|
||||
</Itf>
|
||||
<When neg="False">
|
||||
<IntervalRef ref="sysid2"/>
|
||||
</When>
|
||||
<PolicyRuleOptions/>
|
||||
</PolicyRule>
|
||||
<PolicyRule id="id41D294D5" action="Accept" disabled="False" log="False" position="8">
|
||||
<Src neg="False">
|
||||
<ObjectRef ref="sysid0"/>
|
||||
</Src>
|
||||
<Dst neg="False">
|
||||
<ObjectRef ref="sysid0"/>
|
||||
</Dst>
|
||||
<Srv neg="False">
|
||||
<ServiceRef ref="tcp-SSH"/>
|
||||
</Srv>
|
||||
<Itf neg="False">
|
||||
<ObjectRef ref="sysid0"/>
|
||||
</Itf>
|
||||
<When neg="False">
|
||||
<IntervalRef ref="sysid2"/>
|
||||
</When>
|
||||
<PolicyRuleOptions/>
|
||||
</PolicyRule>
|
||||
<PolicyRule id="id41D294DF" action="Accept" disabled="False" log="False" position="9">
|
||||
<Src neg="False">
|
||||
<ObjectRef ref="sysid0"/>
|
||||
</Src>
|
||||
<Dst neg="False">
|
||||
<ObjectRef ref="id3B19BF58"/>
|
||||
</Dst>
|
||||
<Srv neg="False">
|
||||
<ServiceRef ref="tcp-SSH"/>
|
||||
</Srv>
|
||||
<Itf neg="False">
|
||||
<ObjectRef ref="sysid0"/>
|
||||
</Itf>
|
||||
<When neg="False">
|
||||
<IntervalRef ref="sysid2"/>
|
||||
</When>
|
||||
<PolicyRuleOptions/>
|
||||
</PolicyRule>
|
||||
<PolicyRule id="id41D294E9" action="Accept" disabled="False" log="False" position="10">
|
||||
<Src neg="False">
|
||||
<ObjectRef ref="sysid0"/>
|
||||
</Src>
|
||||
<Dst neg="False">
|
||||
<ObjectRef ref="id3AFC191C"/>
|
||||
</Dst>
|
||||
<Srv neg="False">
|
||||
<ServiceRef ref="tcp-SSH"/>
|
||||
<ServiceRef ref="tcp-Telnet"/>
|
||||
</Srv>
|
||||
<Itf neg="False">
|
||||
<ObjectRef ref="sysid0"/>
|
||||
</Itf>
|
||||
<When neg="False">
|
||||
<IntervalRef ref="sysid2"/>
|
||||
</When>
|
||||
<PolicyRuleOptions/>
|
||||
</PolicyRule>
|
||||
<PolicyRule id="id41D294F4" action="Accept" disabled="False" log="False" position="11">
|
||||
<Src neg="False">
|
||||
<ObjectRef ref="sysid0"/>
|
||||
</Src>
|
||||
<Dst neg="False">
|
||||
<ObjectRef ref="id3E9870D1"/>
|
||||
</Dst>
|
||||
<Srv neg="False">
|
||||
<ServiceRef ref="tcp-SSH"/>
|
||||
<ServiceRef ref="tcp-Telnet"/>
|
||||
</Srv>
|
||||
<Itf neg="False">
|
||||
<ObjectRef ref="sysid0"/>
|
||||
</Itf>
|
||||
<When neg="False">
|
||||
<IntervalRef ref="sysid2"/>
|
||||
</When>
|
||||
<PolicyRuleOptions/>
|
||||
</PolicyRule>
|
||||
<PolicyRule id="id41D294FF" action="Accept" disabled="False" log="True" position="12">
|
||||
<Src neg="False">
|
||||
<ObjectRef ref="sysid0"/>
|
||||
</Src>
|
||||
<Dst neg="False">
|
||||
<ObjectRef ref="id3E9870D1"/>
|
||||
</Dst>
|
||||
<Srv neg="False">
|
||||
<ServiceRef ref="tcp-SSH"/>
|
||||
<ServiceRef ref="tcp-Telnet"/>
|
||||
</Srv>
|
||||
<Itf neg="False">
|
||||
<ObjectRef ref="sysid0"/>
|
||||
</Itf>
|
||||
<When neg="False">
|
||||
<IntervalRef ref="sysid2"/>
|
||||
</When>
|
||||
<PolicyRuleOptions/>
|
||||
</PolicyRule>
|
||||
<PolicyRule id="id41D2950A" comment="firewall is part of Any, so compiler should generate code in both FORWARD and OUTPUT chains" action="Accept" disabled="False" log="False" position="13">
|
||||
<Src neg="False">
|
||||
<ObjectRef ref="sysid0"/>
|
||||
</Src>
|
||||
<Dst neg="False">
|
||||
<ObjectRef ref="id3B19C5EB"/>
|
||||
</Dst>
|
||||
<Srv neg="False">
|
||||
<ServiceRef ref="sysid1"/>
|
||||
</Srv>
|
||||
<Itf neg="False">
|
||||
<ObjectRef ref="sysid0"/>
|
||||
</Itf>
|
||||
<When neg="False">
|
||||
<IntervalRef ref="sysid2"/>
|
||||
</When>
|
||||
<PolicyRuleOptions/>
|
||||
</PolicyRule>
|
||||
<PolicyRule id="id41D29514" comment="firewall is part of Any, compiler should generate code for both FORWARD and INPUT chains" action="Accept" disabled="False" log="False" position="14">
|
||||
<Src neg="False">
|
||||
<ObjectRef ref="id3B19C5EB"/>
|
||||
</Src>
|
||||
<Dst neg="False">
|
||||
<ObjectRef ref="sysid0"/>
|
||||
</Dst>
|
||||
<Srv neg="False">
|
||||
<ServiceRef ref="sysid1"/>
|
||||
</Srv>
|
||||
<Itf neg="False">
|
||||
<ObjectRef ref="sysid0"/>
|
||||
</Itf>
|
||||
<When neg="False">
|
||||
<IntervalRef ref="sysid2"/>
|
||||
</When>
|
||||
<PolicyRuleOptions/>
|
||||
</PolicyRule>
|
||||
<PolicyRule id="id41D2951E" comment="because firewall has interface on network internal_net, compiler should generate code for both FORWARD and INPUT chains" action="Accept" disabled="False" log="False" position="15">
|
||||
<Src neg="False">
|
||||
<ObjectRef ref="host-hostA"/>
|
||||
</Src>
|
||||
<Dst neg="False">
|
||||
<ObjectRef ref="net-Internal_net"/>
|
||||
</Dst>
|
||||
<Srv neg="False">
|
||||
<ServiceRef ref="sysid1"/>
|
||||
</Srv>
|
||||
<Itf neg="False">
|
||||
<ObjectRef ref="sysid0"/>
|
||||
</Itf>
|
||||
<When neg="False">
|
||||
<IntervalRef ref="sysid2"/>
|
||||
</When>
|
||||
<PolicyRuleOptions/>
|
||||
</PolicyRule>
|
||||
<PolicyRule id="id41D29528" action="Accept" disabled="False" log="False" position="16">
|
||||
<Src neg="False">
|
||||
<ObjectRef ref="net-Internal_net"/>
|
||||
<ObjectRef ref="id3B022266"/>
|
||||
</Src>
|
||||
<Dst neg="False">
|
||||
<ObjectRef ref="id3B19C5EB"/>
|
||||
</Dst>
|
||||
<Srv neg="False">
|
||||
<ServiceRef ref="sysid1"/>
|
||||
</Srv>
|
||||
<Itf neg="False">
|
||||
<ObjectRef ref="sysid0"/>
|
||||
</Itf>
|
||||
<When neg="False">
|
||||
<IntervalRef ref="sysid2"/>
|
||||
</When>
|
||||
<PolicyRuleOptions/>
|
||||
</PolicyRule>
|
||||
<PolicyRule id="id41D29533" comment="Automatically generated 'catch all' rule" action="Deny" disabled="False" log="True" position="17">
|
||||
<Src neg="False">
|
||||
<ObjectRef ref="sysid0"/>
|
||||
</Src>
|
||||
<Dst neg="False">
|
||||
<ObjectRef ref="sysid0"/>
|
||||
</Dst>
|
||||
<Srv neg="False">
|
||||
<ServiceRef ref="sysid1"/>
|
||||
</Srv>
|
||||
<Itf neg="False">
|
||||
<ObjectRef ref="sysid0"/>
|
||||
</Itf>
|
||||
<When neg="False">
|
||||
<IntervalRef ref="sysid2"/>
|
||||
</When>
|
||||
<PolicyRuleOptions>
|
||||
<Option name="action_on_reject"></Option>
|
||||
<Option name="id"></Option>
|
||||
<Option name="limit_suffix"></Option>
|
||||
<Option name="limit_value">0</Option>
|
||||
<Option name="log_prefix"></Option>
|
||||
<Option name="stateless">True</Option>
|
||||
</PolicyRuleOptions>
|
||||
</PolicyRule>
|
||||
</Policy>
|
||||
<Routing id="id41D294BB-routing" name="Routing"/>
|
||||
<Interface id="id41D29576" name="ppp.200*" bridgeport="False" dyn="True" label="" mgmt="False" security_level="0" unnum="False" unprotected="False"/>
|
||||
<Interface id="id41D295E3" name="eth0" bridgeport="False" dyn="False" label="" mgmt="True" security_level="100" unnum="False" unprotected="False">
|
||||
<IPv4 id="id41D295E7" name="firewall30:eth0:ip" address="192.168.1.1" netmask="255.255.255.0"/>
|
||||
</Interface>
|
||||
<Interface id="id41D295E8" name="eth2" bridgeport="False" dyn="False" security_level="0" unnum="False" unprotected="False">
|
||||
<IPv4 id="id41D29600" name="firewall30:eth2:ip" address="192.168.2.1" netmask="255.255.255.0"/>
|
||||
</Interface>
|
||||
<Management address="192.168.1.1">
|
||||
<SNMPManagement enabled="False" snmp_read_community="public" snmp_write_community=""/>
|
||||
<FWBDManagement enabled="True" identity="" port="9999"/>
|
||||
<PolicyInstallScript arguments="" command="" enabled="False"/>
|
||||
</Management>
|
||||
<FirewallOptions>
|
||||
<Option name="accept_established">True</Option>
|
||||
<Option name="accept_new_tcp_with_no_syn">True</Option>
|
||||
<Option name="action_on_reject">ICMP host prohibited</Option>
|
||||
<Option name="activationCmd"></Option>
|
||||
<Option name="admUser"></Option>
|
||||
<Option name="altAddress"></Option>
|
||||
<Option name="bridging_fw">False</Option>
|
||||
<Option name="check_shading">False</Option>
|
||||
<Option name="clamp_mss_to_mtu">False</Option>
|
||||
<Option name="cmdline"></Option>
|
||||
<Option name="compiler"></Option>
|
||||
<Option name="configure_interfaces">True</Option>
|
||||
<Option name="debug">False</Option>
|
||||
<Option name="drop_invalid">False</Option>
|
||||
<Option name="dyn_addr">False</Option>
|
||||
<Option name="epilog_script"></Option>
|
||||
<Option name="firewall_dir"></Option>
|
||||
<Option name="firewall_is_part_of_any">True</Option>
|
||||
<Option name="firewall_is_part_of_any_and_networks">True</Option>
|
||||
<Option name="id"></Option>
|
||||
<Option name="ignore_empty_groups">False</Option>
|
||||
<Option name="install_script"></Option>
|
||||
<Option name="limit_suffix">/day</Option>
|
||||
<Option name="limit_value">0</Option>
|
||||
<Option name="linux24_accept_redirects"></Option>
|
||||
<Option name="linux24_accept_source_route"></Option>
|
||||
<Option name="linux24_icmp_echo_ignore_all"></Option>
|
||||
<Option name="linux24_icmp_echo_ignore_broadcasts"></Option>
|
||||
<Option name="linux24_icmp_ignore_bogus_error_responses"></Option>
|
||||
<Option name="linux24_ip_dynaddr"></Option>
|
||||
<Option name="linux24_ip_forward"></Option>
|
||||
<Option name="linux24_log_martians"></Option>
|
||||
<Option name="linux24_path_ip"></Option>
|
||||
<Option name="linux24_path_iptables"></Option>
|
||||
<Option name="linux24_path_logger"></Option>
|
||||
<Option name="linux24_path_lsmod"></Option>
|
||||
<Option name="linux24_path_modprobe"></Option>
|
||||
<Option name="linux24_rp_filter"></Option>
|
||||
<Option name="linux24_tcp_ecn"></Option>
|
||||
<Option name="linux24_tcp_fack"></Option>
|
||||
<Option name="linux24_tcp_fin_timeout">30</Option>
|
||||
<Option name="linux24_tcp_keepalive_interval">1800</Option>
|
||||
<Option name="linux24_tcp_sack"></Option>
|
||||
<Option name="linux24_tcp_syncookies"></Option>
|
||||
<Option name="linux24_tcp_timestamps"></Option>
|
||||
<Option name="linux24_tcp_window_scaling"></Option>
|
||||
<Option name="load_modules">False</Option>
|
||||
<Option name="local_nat">False</Option>
|
||||
<Option name="log_all">False</Option>
|
||||
<Option name="log_all_dropped">False</Option>
|
||||
<Option name="log_invalid">False</Option>
|
||||
<Option name="log_ip_opt">False</Option>
|
||||
<Option name="log_level"></Option>
|
||||
<Option name="log_limit_suffix"></Option>
|
||||
<Option name="log_limit_value">0</Option>
|
||||
<Option name="log_prefix"></Option>
|
||||
<Option name="log_tcp_opt">False</Option>
|
||||
<Option name="log_tcp_seq">False</Option>
|
||||
<Option name="manage_virtual_addr">True</Option>
|
||||
<Option name="mgmt_addr"></Option>
|
||||
<Option name="mgmt_ssh">False</Option>
|
||||
<Option name="no_iochains_for_any">False</Option>
|
||||
<Option name="no_optimisation">False</Option>
|
||||
<Option name="output_file"></Option>
|
||||
<Option name="platform">iptables</Option>
|
||||
<Option name="prolog_place">top</Option>
|
||||
<Option name="prolog_script"></Option>
|
||||
<Option name="script_env_path"></Option>
|
||||
<Option name="snmp_contact"></Option>
|
||||
<Option name="snmp_description"></Option>
|
||||
<Option name="snmp_location"></Option>
|
||||
<Option name="ulog_cprange">0</Option>
|
||||
<Option name="ulog_nlgroup">1</Option>
|
||||
<Option name="ulog_qthreshold">1</Option>
|
||||
<Option name="use_ULOG">False</Option>
|
||||
<Option name="use_iptables_restore">False</Option>
|
||||
<Option name="use_numeric_log_levels">False</Option>
|
||||
<Option name="verify_interfaces">True</Option>
|
||||
</FirewallOptions>
|
||||
</Firewall>
|
||||
<Interface id="id41F62C5C" name="eth3" bridgeport="False" dyn="False" security_level="0" unnum="False" unprotected="False">
|
||||
<IPv4 id="id41F62C60" name="firewall30:eth3:ip" address="22.22.23.23" netmask="255.255.255.0"/>
|
||||
</Interface>
|
||||
<Interface id="id41F62C52" name="eth2" bridgeport="False" dyn="False" security_level="100" unnum="False" unprotected="False">
|
||||
<IPv4 id="id41F62C56" name="firewall30:eth2:ip" address="192.168.2.1" netmask="255.255.255.0"/>
|
||||
</Interface>
|
||||
<Interface id="id429910E6" name="eth2" bridgeport="False" dyn="False" label="fw8:eth2" mgmt="True" security_level="100" unnum="False" unprotected="False">
|
||||
<IPv4 id="id429910EA" name="firewall31:eth2:ip" address="192.168.100.1" netmask="255.255.255.0"/>
|
||||
</Interface>
|
||||
<Interface id="id43868A7E1434" name="eth0.200" comment="VLAN interface" bridgeport="False" dyn="True" label="" mgmt="False" security_level="0" unnum="False" unprotected="False"/>
|
||||
<Interface id="id4492FF5124380" name="eth1" bridgeport="False" dyn="False" label="" mgmt="True" security_level="100" unnum="False" unprotected="False">
|
||||
<IPv4 id="id4492FF5324380" name="firewall40:eth1:ip" address="192.168.1.1" netmask="255.255.255.0"/>
|
||||
</Interface>
|
||||
<IPv4 id="id4492FF5F24380" name="firewall40:eth0:ip-1" address="0.0.0.0" netmask="0.0.0.0"/>
|
||||
<Library id="id44EC13FB8791" name="tmp" color="#d2ffd0" ro="False">
|
||||
<ObjectGroup id="id44EC13FC8791" name="Objects">
|
||||
<ObjectGroup id="id44EC13FD8791" name="Addresses"/>
|
||||
<ObjectGroup id="id44EC13FE8791" name="DNS Names"/>
|
||||
<ObjectGroup id="id44EC13FF8791" name="Address Tables"/>
|
||||
<ObjectGroup id="id44EC14008791" name="Groups"/>
|
||||
<ObjectGroup id="id44EC14018791" name="Hosts"/>
|
||||
<ObjectGroup id="id44EC14028791" name="Networks"/>
|
||||
<ObjectGroup id="id44EC14038791" name="Address Ranges"/>
|
||||
</ObjectGroup>
|
||||
<ServiceGroup id="id44EC14048791" name="Services">
|
||||
<ServiceGroup id="id44EC14048791_userservices" name="Users"/>
|
||||
<ServiceGroup id="id44EC14058791" name="Groups"/>
|
||||
<ServiceGroup id="id44EC14068791" name="ICMP"/>
|
||||
<ServiceGroup id="id44EC14078791" name="IP"/>
|
||||
<ServiceGroup id="id44EC14088791" name="TCP"/>
|
||||
<ServiceGroup id="id44EC14098791" name="UDP"/>
|
||||
<ServiceGroup id="id44EC140A8791" name="Custom"/>
|
||||
<ServiceGroup id="id44EC140B8791" name="TagServices"/>
|
||||
</ServiceGroup>
|
||||
<ObjectGroup id="id44EC140C8791" name="Firewalls"/>
|
||||
<IntervalGroup id="id44EC140D8791" name="Time"/>
|
||||
</Library>
|
||||
<Interface id="id46EFBE4D31183" name="eth2" bridgeport="False" dyn="False" security_level="100" unnum="False" unprotected="False">
|
||||
<IPv4 id="id46EFBE4F31183" name="firewall42:eth2:ip" address="192.168.2.1" netmask="255.255.255.0"/>
|
||||
</Interface>
|
||||
<Interface id="id46EFBE5331183" name="eth3" bridgeport="False" dyn="False" security_level="0" unnum="False" unprotected="False">
|
||||
<IPv4 id="id46EFBE5531183" name="firewall42:eth3:ip" address="22.22.23.23" netmask="255.255.255.0"/>
|
||||
</Interface>
|
||||
<IPv4 id="id46EFBE4931183" name="firewall42:eth0:ip" address="192.168.1.1" netmask="255.255.255.0"/>
|
||||
<Interface id="id4848A43B4626" name="ppp0" bridgeport="False" dyn="True" label="" mgmt="False" security_level="0" unnum="False" unprotected="False"/>
|
||||
<ServiceRef ref="sysid1"/>
|
||||
</Library>
|
||||
<Library id="syslib001" name="User" comment="User defined objects" color="#d2ffd0">
|
||||
<ObjectGroup id="stdid01_1" name="Objects">
|
||||
<ObjectGroup id="stdid01_1_og_ats_1" name="Address Tables">
|
||||
@ -24375,7 +24957,7 @@ echo '%FWBPROMPT%'; sh /tmp/%FWSCRIPT%
|
||||
<Option name="verify_interfaces">False</Option>
|
||||
</FirewallOptions>
|
||||
</Firewall>
|
||||
<Firewall id="id4833F62B6131" name="firewall-ipv6-1" host_OS="linux24" inactive="False" lastCompiled="1214592437" lastInstalled="0" lastModified="1214592406" platform="iptables" ro="False" version="">
|
||||
<Firewall id="id4833F62B6131" name="firewall-ipv6-1" host_OS="linux24" inactive="False" lastCompiled="1214965576" lastInstalled="0" lastModified="1214965563" platform="iptables" ro="False" version="">
|
||||
<NAT id="id4833F62F6131" name="NAT"/>
|
||||
<Policy id="id483F5B7623190" name="Policy_ipv4"/>
|
||||
<Policy id="id4833F62E6131" name="Policy">
|
||||
@ -24639,6 +25221,107 @@ echo '%FWBPROMPT%'; sh /tmp/%FWSCRIPT%
|
||||
<Option name="stateless">False</Option>
|
||||
</PolicyRuleOptions>
|
||||
</PolicyRule>
|
||||
<PolicyRule id="idA67C6042" action="Accept" direction="Both" disabled="False" log="False" position="13">
|
||||
<Src neg="False">
|
||||
<ObjectRef ref="sysid0"/>
|
||||
</Src>
|
||||
<Dst neg="False">
|
||||
<ObjectRef ref="sysid0"/>
|
||||
</Dst>
|
||||
<Srv neg="False">
|
||||
<ServiceRef ref="id3C20EEB5"/>
|
||||
</Srv>
|
||||
<Itf neg="False">
|
||||
<ObjectRef ref="sysid0"/>
|
||||
</Itf>
|
||||
<When neg="False">
|
||||
<IntervalRef ref="sysid2"/>
|
||||
</When>
|
||||
<PolicyRuleOptions>
|
||||
<Option name="stateless">False</Option>
|
||||
</PolicyRuleOptions>
|
||||
</PolicyRule>
|
||||
<PolicyRule id="idA6B96042" action="Accept" direction="Both" disabled="False" log="False" position="14">
|
||||
<Src neg="False">
|
||||
<ObjectRef ref="sysid0"/>
|
||||
</Src>
|
||||
<Dst neg="False">
|
||||
<ObjectRef ref="sysid0"/>
|
||||
</Dst>
|
||||
<Srv neg="False">
|
||||
<ServiceRef ref="idCFE27660"/>
|
||||
</Srv>
|
||||
<Itf neg="False">
|
||||
<ObjectRef ref="sysid0"/>
|
||||
</Itf>
|
||||
<When neg="False">
|
||||
<IntervalRef ref="sysid2"/>
|
||||
</When>
|
||||
<PolicyRuleOptions>
|
||||
<Option name="stateless">False</Option>
|
||||
</PolicyRuleOptions>
|
||||
</PolicyRule>
|
||||
<PolicyRule id="idA6896042" action="Accept" direction="Both" disabled="False" log="False" position="15">
|
||||
<Src neg="False">
|
||||
<ObjectRef ref="sysid0"/>
|
||||
</Src>
|
||||
<Dst neg="False">
|
||||
<ObjectRef ref="sysid0"/>
|
||||
</Dst>
|
||||
<Srv neg="False">
|
||||
<ServiceRef ref="icmp-ping_request"/>
|
||||
</Srv>
|
||||
<Itf neg="False">
|
||||
<ObjectRef ref="sysid0"/>
|
||||
</Itf>
|
||||
<When neg="False">
|
||||
<IntervalRef ref="sysid2"/>
|
||||
</When>
|
||||
<PolicyRuleOptions>
|
||||
<Option name="stateless">False</Option>
|
||||
</PolicyRuleOptions>
|
||||
</PolicyRule>
|
||||
<PolicyRule id="idA6966042" action="Accept" direction="Both" disabled="False" log="False" position="16">
|
||||
<Src neg="False">
|
||||
<ObjectRef ref="sysid0"/>
|
||||
</Src>
|
||||
<Dst neg="False">
|
||||
<ObjectRef ref="sysid0"/>
|
||||
</Dst>
|
||||
<Srv neg="False">
|
||||
<ServiceRef ref="ipv6-icmp-ping_request"/>
|
||||
</Srv>
|
||||
<Itf neg="False">
|
||||
<ObjectRef ref="sysid0"/>
|
||||
</Itf>
|
||||
<When neg="False">
|
||||
<IntervalRef ref="sysid2"/>
|
||||
</When>
|
||||
<PolicyRuleOptions>
|
||||
<Option name="stateless">False</Option>
|
||||
</PolicyRuleOptions>
|
||||
</PolicyRule>
|
||||
<PolicyRule id="idA6A86042" action="Accept" direction="Both" disabled="False" log="False" position="17">
|
||||
<Src neg="False">
|
||||
<ObjectRef ref="sysid0"/>
|
||||
</Src>
|
||||
<Dst neg="False">
|
||||
<ObjectRef ref="sysid0"/>
|
||||
</Dst>
|
||||
<Srv neg="False">
|
||||
<ServiceRef ref="ipv6-icmp-ping_request"/>
|
||||
<ServiceRef ref="icmp-ping_request"/>
|
||||
</Srv>
|
||||
<Itf neg="False">
|
||||
<ObjectRef ref="sysid0"/>
|
||||
</Itf>
|
||||
<When neg="False">
|
||||
<IntervalRef ref="sysid2"/>
|
||||
</When>
|
||||
<PolicyRuleOptions>
|
||||
<Option name="stateless">False</Option>
|
||||
</PolicyRuleOptions>
|
||||
</PolicyRule>
|
||||
</Policy>
|
||||
<Routing id="id4833F6306131" name="Routing"/>
|
||||
<Interface id="id4833F6316131" name="eth0" bridgeport="False" dyn="False" label="" security_level="50" unnum="False" unprotected="False">
|
||||
@ -26084,593 +26767,6 @@ echo '%FWBPROMPT%'; sh /tmp/%FWSCRIPT%
|
||||
<ObjectRef ref="id4833F62F6131"/>
|
||||
<ObjectRef ref="id4833F6306131"/>
|
||||
</Library>
|
||||
<Library id="sysid99" name="Deleted Objects" ro="False">
|
||||
<ObjectRef ref="sysid0"/>
|
||||
<IPv4 id="id41D295E2" name="firewall30:ppp.200*:ip" address="192.168.1.1" netmask="255.255.255.0"/>
|
||||
<Firewall id="id41D294BB" name="firewall30" comment="dynamic wildcard interface with a dot in the name" host_OS="linux24" lastCompiled="0" lastInstalled="0" lastModified="0" platform="iptables" ro="False" version="">
|
||||
<NAT id="id41D2953D" name="NAT">
|
||||
<NATRule id="id41D2953E" disabled="False" position="0">
|
||||
<OSrc neg="False">
|
||||
<ObjectRef ref="net-Internal_net"/>
|
||||
</OSrc>
|
||||
<ODst neg="False">
|
||||
<ObjectRef ref="sysid0"/>
|
||||
</ODst>
|
||||
<OSrv neg="False">
|
||||
<ServiceRef ref="sysid1"/>
|
||||
</OSrv>
|
||||
<TSrc neg="False">
|
||||
<ObjectRef ref="sysid0"/>
|
||||
</TSrc>
|
||||
<TDst neg="False">
|
||||
<ObjectRef ref="sysid0"/>
|
||||
</TDst>
|
||||
<TSrv neg="False">
|
||||
<ServiceRef ref="sysid1"/>
|
||||
</TSrv>
|
||||
<NATRuleOptions/>
|
||||
</NATRule>
|
||||
<NATRule id="id41D2954C" disabled="False" position="1">
|
||||
<OSrc neg="False">
|
||||
<ObjectRef ref="net-Internal_net"/>
|
||||
</OSrc>
|
||||
<ODst neg="False">
|
||||
<ObjectRef ref="sysid0"/>
|
||||
</ODst>
|
||||
<OSrv neg="False">
|
||||
<ServiceRef ref="sysid1"/>
|
||||
</OSrv>
|
||||
<TSrc neg="False">
|
||||
<ObjectRef ref="id3AFADBF9"/>
|
||||
</TSrc>
|
||||
<TDst neg="False">
|
||||
<ObjectRef ref="sysid0"/>
|
||||
</TDst>
|
||||
<TSrv neg="False">
|
||||
<ServiceRef ref="sysid1"/>
|
||||
</TSrv>
|
||||
<NATRuleOptions/>
|
||||
</NATRule>
|
||||
<NATRule id="id41D2955A" disabled="False" position="2">
|
||||
<OSrc neg="False">
|
||||
<ObjectRef ref="sysid0"/>
|
||||
</OSrc>
|
||||
<ODst neg="False">
|
||||
<ObjectRef ref="sysid0"/>
|
||||
</ODst>
|
||||
<OSrv neg="False">
|
||||
<ServiceRef ref="tcp-SSH"/>
|
||||
</OSrv>
|
||||
<TSrc neg="False">
|
||||
<ObjectRef ref="sysid0"/>
|
||||
</TSrc>
|
||||
<TDst neg="False">
|
||||
<ObjectRef ref="host-hostA"/>
|
||||
</TDst>
|
||||
<TSrv neg="False">
|
||||
<ServiceRef ref="tcp-SSH"/>
|
||||
</TSrv>
|
||||
<NATRuleOptions/>
|
||||
</NATRule>
|
||||
<NATRule id="id41D29568" disabled="False" position="3">
|
||||
<OSrc neg="False">
|
||||
<ObjectRef ref="net-Internal_net"/>
|
||||
</OSrc>
|
||||
<ODst neg="True">
|
||||
<ObjectRef ref="id3B19C5EB"/>
|
||||
</ODst>
|
||||
<OSrv neg="False">
|
||||
<ServiceRef ref="sysid1"/>
|
||||
</OSrv>
|
||||
<TSrc neg="False">
|
||||
<ObjectRef ref="sysid0"/>
|
||||
</TSrc>
|
||||
<TDst neg="False">
|
||||
<ObjectRef ref="id3D151943"/>
|
||||
</TDst>
|
||||
<TSrv neg="False">
|
||||
<ServiceRef ref="sysid1"/>
|
||||
</TSrv>
|
||||
<NATRuleOptions/>
|
||||
</NATRule>
|
||||
</NAT>
|
||||
<Policy id="id41D294C0" name="Policy">
|
||||
<PolicyRule id="id41D295AE" comment="ppp clients get addresses on 10.1.1.0" action="Deny" direction="Inbound" disabled="False" log="True" position="0">
|
||||
<Src neg="True">
|
||||
<ObjectRef ref="id3EFBCCBA"/>
|
||||
</Src>
|
||||
<Dst neg="False">
|
||||
<ObjectRef ref="sysid0"/>
|
||||
</Dst>
|
||||
<Srv neg="False">
|
||||
<ServiceRef ref="sysid1"/>
|
||||
</Srv>
|
||||
<Itf neg="False">
|
||||
<ObjectRef ref="id41D29576"/>
|
||||
</Itf>
|
||||
<When neg="False">
|
||||
<IntervalRef ref="sysid2"/>
|
||||
</When>
|
||||
<PolicyRuleOptions>
|
||||
<Option name="stateless">True</Option>
|
||||
</PolicyRuleOptions>
|
||||
</PolicyRule>
|
||||
<PolicyRule id="id41D295B8" comment="ppp clients can not connect to the firewall" action="Deny" direction="Inbound" disabled="False" log="True" position="1">
|
||||
<Src neg="False">
|
||||
<ObjectRef ref="sysid0"/>
|
||||
</Src>
|
||||
<Dst neg="False">
|
||||
<ObjectRef ref="sysid0"/>
|
||||
</Dst>
|
||||
<Srv neg="False">
|
||||
<ServiceRef ref="sysid1"/>
|
||||
</Srv>
|
||||
<Itf neg="False">
|
||||
<ObjectRef ref="id41D29576"/>
|
||||
</Itf>
|
||||
<When neg="False">
|
||||
<IntervalRef ref="sysid2"/>
|
||||
</When>
|
||||
<PolicyRuleOptions>
|
||||
<Option name="stateless">True</Option>
|
||||
</PolicyRuleOptions>
|
||||
</PolicyRule>
|
||||
<PolicyRule id="id41D295C2" action="Deny" direction="Inbound" disabled="False" log="True" position="2">
|
||||
<Src neg="False">
|
||||
<ObjectRef ref="sysid0"/>
|
||||
</Src>
|
||||
<Dst neg="False">
|
||||
<ObjectRef ref="sysid0"/>
|
||||
</Dst>
|
||||
<Srv neg="False">
|
||||
<ServiceRef ref="sysid1"/>
|
||||
</Srv>
|
||||
<Itf neg="False">
|
||||
<ObjectRef ref="id41D29576"/>
|
||||
</Itf>
|
||||
<When neg="False">
|
||||
<IntervalRef ref="sysid2"/>
|
||||
</When>
|
||||
<PolicyRuleOptions>
|
||||
<Option name="stateless">True</Option>
|
||||
</PolicyRuleOptions>
|
||||
</PolicyRule>
|
||||
<PolicyRule id="id41D295CC" comment="ppp clients can only connect to the mail server and web proxy on DMZ" action="Accept" direction="Inbound" disabled="False" log="False" position="3">
|
||||
<Src neg="False">
|
||||
<ObjectRef ref="sysid0"/>
|
||||
</Src>
|
||||
<Dst neg="False">
|
||||
<ObjectRef ref="id3D151943"/>
|
||||
</Dst>
|
||||
<Srv neg="False">
|
||||
<ServiceRef ref="tcp-SMTP"/>
|
||||
<ServiceRef ref="id3B4FF09A"/>
|
||||
</Srv>
|
||||
<Itf neg="False">
|
||||
<ObjectRef ref="id41D29576"/>
|
||||
</Itf>
|
||||
<When neg="False">
|
||||
<IntervalRef ref="sysid2"/>
|
||||
</When>
|
||||
<PolicyRuleOptions/>
|
||||
</PolicyRule>
|
||||
<PolicyRule id="id41D295D7" comment="ppp clients can not connect to anything else on DMZ and internal net" action="Deny" direction="Inbound" disabled="False" log="True" position="4">
|
||||
<Src neg="False">
|
||||
<ObjectRef ref="sysid0"/>
|
||||
</Src>
|
||||
<Dst neg="False">
|
||||
<ObjectRef ref="id3B022266"/>
|
||||
<ObjectRef ref="net-Internal_net"/>
|
||||
</Dst>
|
||||
<Srv neg="False">
|
||||
<ServiceRef ref="sysid1"/>
|
||||
</Srv>
|
||||
<Itf neg="False">
|
||||
<ObjectRef ref="id41D29576"/>
|
||||
</Itf>
|
||||
<When neg="False">
|
||||
<IntervalRef ref="sysid2"/>
|
||||
</When>
|
||||
<PolicyRuleOptions>
|
||||
<Option name="stateless">True</Option>
|
||||
</PolicyRuleOptions>
|
||||
</PolicyRule>
|
||||
<PolicyRule id="id41D295F6" action="Deny" direction="Inbound" disabled="False" log="True" position="5">
|
||||
<Src neg="True">
|
||||
<ObjectRef ref="id3B022266"/>
|
||||
</Src>
|
||||
<Dst neg="False">
|
||||
<ObjectRef ref="sysid0"/>
|
||||
</Dst>
|
||||
<Srv neg="False">
|
||||
<ServiceRef ref="sysid1"/>
|
||||
</Srv>
|
||||
<Itf neg="False">
|
||||
<ObjectRef ref="id41D295E8"/>
|
||||
</Itf>
|
||||
<When neg="False">
|
||||
<IntervalRef ref="sysid2"/>
|
||||
</When>
|
||||
<PolicyRuleOptions>
|
||||
<Option name="stateless">True</Option>
|
||||
</PolicyRuleOptions>
|
||||
</PolicyRule>
|
||||
<PolicyRule id="id41D294C1" comment="hostF has the same IP address as firewal." action="Accept" disabled="False" log="True" position="6">
|
||||
<Src neg="False">
|
||||
<ObjectRef ref="sysid0"/>
|
||||
</Src>
|
||||
<Dst neg="False">
|
||||
<ObjectRef ref="id3AFC191C"/>
|
||||
</Dst>
|
||||
<Srv neg="False">
|
||||
<ServiceRef ref="icmp-ping_request"/>
|
||||
</Srv>
|
||||
<Itf neg="False">
|
||||
<ObjectRef ref="sysid0"/>
|
||||
</Itf>
|
||||
<When neg="False">
|
||||
<IntervalRef ref="sysid2"/>
|
||||
</When>
|
||||
<PolicyRuleOptions>
|
||||
<Option name="id"></Option>
|
||||
</PolicyRuleOptions>
|
||||
</PolicyRule>
|
||||
<PolicyRule id="id41D294CB" action="Accept" disabled="False" log="False" position="7">
|
||||
<Src neg="False">
|
||||
<ObjectRef ref="sysid0"/>
|
||||
</Src>
|
||||
<Dst neg="False">
|
||||
<ObjectRef ref="sysid0"/>
|
||||
</Dst>
|
||||
<Srv neg="False">
|
||||
<ServiceRef ref="tcp-SSH"/>
|
||||
</Srv>
|
||||
<Itf neg="False">
|
||||
<ObjectRef ref="sysid0"/>
|
||||
</Itf>
|
||||
<When neg="False">
|
||||
<IntervalRef ref="sysid2"/>
|
||||
</When>
|
||||
<PolicyRuleOptions/>
|
||||
</PolicyRule>
|
||||
<PolicyRule id="id41D294D5" action="Accept" disabled="False" log="False" position="8">
|
||||
<Src neg="False">
|
||||
<ObjectRef ref="sysid0"/>
|
||||
</Src>
|
||||
<Dst neg="False">
|
||||
<ObjectRef ref="sysid0"/>
|
||||
</Dst>
|
||||
<Srv neg="False">
|
||||
<ServiceRef ref="tcp-SSH"/>
|
||||
</Srv>
|
||||
<Itf neg="False">
|
||||
<ObjectRef ref="sysid0"/>
|
||||
</Itf>
|
||||
<When neg="False">
|
||||
<IntervalRef ref="sysid2"/>
|
||||
</When>
|
||||
<PolicyRuleOptions/>
|
||||
</PolicyRule>
|
||||
<PolicyRule id="id41D294DF" action="Accept" disabled="False" log="False" position="9">
|
||||
<Src neg="False">
|
||||
<ObjectRef ref="sysid0"/>
|
||||
</Src>
|
||||
<Dst neg="False">
|
||||
<ObjectRef ref="id3B19BF58"/>
|
||||
</Dst>
|
||||
<Srv neg="False">
|
||||
<ServiceRef ref="tcp-SSH"/>
|
||||
</Srv>
|
||||
<Itf neg="False">
|
||||
<ObjectRef ref="sysid0"/>
|
||||
</Itf>
|
||||
<When neg="False">
|
||||
<IntervalRef ref="sysid2"/>
|
||||
</When>
|
||||
<PolicyRuleOptions/>
|
||||
</PolicyRule>
|
||||
<PolicyRule id="id41D294E9" action="Accept" disabled="False" log="False" position="10">
|
||||
<Src neg="False">
|
||||
<ObjectRef ref="sysid0"/>
|
||||
</Src>
|
||||
<Dst neg="False">
|
||||
<ObjectRef ref="id3AFC191C"/>
|
||||
</Dst>
|
||||
<Srv neg="False">
|
||||
<ServiceRef ref="tcp-SSH"/>
|
||||
<ServiceRef ref="tcp-Telnet"/>
|
||||
</Srv>
|
||||
<Itf neg="False">
|
||||
<ObjectRef ref="sysid0"/>
|
||||
</Itf>
|
||||
<When neg="False">
|
||||
<IntervalRef ref="sysid2"/>
|
||||
</When>
|
||||
<PolicyRuleOptions/>
|
||||
</PolicyRule>
|
||||
<PolicyRule id="id41D294F4" action="Accept" disabled="False" log="False" position="11">
|
||||
<Src neg="False">
|
||||
<ObjectRef ref="sysid0"/>
|
||||
</Src>
|
||||
<Dst neg="False">
|
||||
<ObjectRef ref="id3E9870D1"/>
|
||||
</Dst>
|
||||
<Srv neg="False">
|
||||
<ServiceRef ref="tcp-SSH"/>
|
||||
<ServiceRef ref="tcp-Telnet"/>
|
||||
</Srv>
|
||||
<Itf neg="False">
|
||||
<ObjectRef ref="sysid0"/>
|
||||
</Itf>
|
||||
<When neg="False">
|
||||
<IntervalRef ref="sysid2"/>
|
||||
</When>
|
||||
<PolicyRuleOptions/>
|
||||
</PolicyRule>
|
||||
<PolicyRule id="id41D294FF" action="Accept" disabled="False" log="True" position="12">
|
||||
<Src neg="False">
|
||||
<ObjectRef ref="sysid0"/>
|
||||
</Src>
|
||||
<Dst neg="False">
|
||||
<ObjectRef ref="id3E9870D1"/>
|
||||
</Dst>
|
||||
<Srv neg="False">
|
||||
<ServiceRef ref="tcp-SSH"/>
|
||||
<ServiceRef ref="tcp-Telnet"/>
|
||||
</Srv>
|
||||
<Itf neg="False">
|
||||
<ObjectRef ref="sysid0"/>
|
||||
</Itf>
|
||||
<When neg="False">
|
||||
<IntervalRef ref="sysid2"/>
|
||||
</When>
|
||||
<PolicyRuleOptions/>
|
||||
</PolicyRule>
|
||||
<PolicyRule id="id41D2950A" comment="firewall is part of Any, so compiler should generate code in both FORWARD and OUTPUT chains" action="Accept" disabled="False" log="False" position="13">
|
||||
<Src neg="False">
|
||||
<ObjectRef ref="sysid0"/>
|
||||
</Src>
|
||||
<Dst neg="False">
|
||||
<ObjectRef ref="id3B19C5EB"/>
|
||||
</Dst>
|
||||
<Srv neg="False">
|
||||
<ServiceRef ref="sysid1"/>
|
||||
</Srv>
|
||||
<Itf neg="False">
|
||||
<ObjectRef ref="sysid0"/>
|
||||
</Itf>
|
||||
<When neg="False">
|
||||
<IntervalRef ref="sysid2"/>
|
||||
</When>
|
||||
<PolicyRuleOptions/>
|
||||
</PolicyRule>
|
||||
<PolicyRule id="id41D29514" comment="firewall is part of Any, compiler should generate code for both FORWARD and INPUT chains" action="Accept" disabled="False" log="False" position="14">
|
||||
<Src neg="False">
|
||||
<ObjectRef ref="id3B19C5EB"/>
|
||||
</Src>
|
||||
<Dst neg="False">
|
||||
<ObjectRef ref="sysid0"/>
|
||||
</Dst>
|
||||
<Srv neg="False">
|
||||
<ServiceRef ref="sysid1"/>
|
||||
</Srv>
|
||||
<Itf neg="False">
|
||||
<ObjectRef ref="sysid0"/>
|
||||
</Itf>
|
||||
<When neg="False">
|
||||
<IntervalRef ref="sysid2"/>
|
||||
</When>
|
||||
<PolicyRuleOptions/>
|
||||
</PolicyRule>
|
||||
<PolicyRule id="id41D2951E" comment="because firewall has interface on network internal_net, compiler should generate code for both FORWARD and INPUT chains" action="Accept" disabled="False" log="False" position="15">
|
||||
<Src neg="False">
|
||||
<ObjectRef ref="host-hostA"/>
|
||||
</Src>
|
||||
<Dst neg="False">
|
||||
<ObjectRef ref="net-Internal_net"/>
|
||||
</Dst>
|
||||
<Srv neg="False">
|
||||
<ServiceRef ref="sysid1"/>
|
||||
</Srv>
|
||||
<Itf neg="False">
|
||||
<ObjectRef ref="sysid0"/>
|
||||
</Itf>
|
||||
<When neg="False">
|
||||
<IntervalRef ref="sysid2"/>
|
||||
</When>
|
||||
<PolicyRuleOptions/>
|
||||
</PolicyRule>
|
||||
<PolicyRule id="id41D29528" action="Accept" disabled="False" log="False" position="16">
|
||||
<Src neg="False">
|
||||
<ObjectRef ref="net-Internal_net"/>
|
||||
<ObjectRef ref="id3B022266"/>
|
||||
</Src>
|
||||
<Dst neg="False">
|
||||
<ObjectRef ref="id3B19C5EB"/>
|
||||
</Dst>
|
||||
<Srv neg="False">
|
||||
<ServiceRef ref="sysid1"/>
|
||||
</Srv>
|
||||
<Itf neg="False">
|
||||
<ObjectRef ref="sysid0"/>
|
||||
</Itf>
|
||||
<When neg="False">
|
||||
<IntervalRef ref="sysid2"/>
|
||||
</When>
|
||||
<PolicyRuleOptions/>
|
||||
</PolicyRule>
|
||||
<PolicyRule id="id41D29533" comment="Automatically generated 'catch all' rule" action="Deny" disabled="False" log="True" position="17">
|
||||
<Src neg="False">
|
||||
<ObjectRef ref="sysid0"/>
|
||||
</Src>
|
||||
<Dst neg="False">
|
||||
<ObjectRef ref="sysid0"/>
|
||||
</Dst>
|
||||
<Srv neg="False">
|
||||
<ServiceRef ref="sysid1"/>
|
||||
</Srv>
|
||||
<Itf neg="False">
|
||||
<ObjectRef ref="sysid0"/>
|
||||
</Itf>
|
||||
<When neg="False">
|
||||
<IntervalRef ref="sysid2"/>
|
||||
</When>
|
||||
<PolicyRuleOptions>
|
||||
<Option name="action_on_reject"></Option>
|
||||
<Option name="id"></Option>
|
||||
<Option name="limit_suffix"></Option>
|
||||
<Option name="limit_value">0</Option>
|
||||
<Option name="log_prefix"></Option>
|
||||
<Option name="stateless">True</Option>
|
||||
</PolicyRuleOptions>
|
||||
</PolicyRule>
|
||||
</Policy>
|
||||
<Routing id="id41D294BB-routing" name="Routing"/>
|
||||
<Interface id="id41D29576" name="ppp.200*" bridgeport="False" dyn="True" label="" mgmt="False" security_level="0" unnum="False" unprotected="False"/>
|
||||
<Interface id="id41D295E3" name="eth0" bridgeport="False" dyn="False" label="" mgmt="True" security_level="100" unnum="False" unprotected="False">
|
||||
<IPv4 id="id41D295E7" name="firewall30:eth0:ip" address="192.168.1.1" netmask="255.255.255.0"/>
|
||||
</Interface>
|
||||
<Interface id="id41D295E8" name="eth2" bridgeport="False" dyn="False" security_level="0" unnum="False" unprotected="False">
|
||||
<IPv4 id="id41D29600" name="firewall30:eth2:ip" address="192.168.2.1" netmask="255.255.255.0"/>
|
||||
</Interface>
|
||||
<Management address="192.168.1.1">
|
||||
<SNMPManagement enabled="False" snmp_read_community="public" snmp_write_community=""/>
|
||||
<FWBDManagement enabled="True" identity="" port="9999"/>
|
||||
<PolicyInstallScript arguments="" command="" enabled="False"/>
|
||||
</Management>
|
||||
<FirewallOptions>
|
||||
<Option name="accept_established">True</Option>
|
||||
<Option name="accept_new_tcp_with_no_syn">True</Option>
|
||||
<Option name="action_on_reject">ICMP host prohibited</Option>
|
||||
<Option name="activationCmd"></Option>
|
||||
<Option name="admUser"></Option>
|
||||
<Option name="altAddress"></Option>
|
||||
<Option name="bridging_fw">False</Option>
|
||||
<Option name="check_shading">False</Option>
|
||||
<Option name="clamp_mss_to_mtu">False</Option>
|
||||
<Option name="cmdline"></Option>
|
||||
<Option name="compiler"></Option>
|
||||
<Option name="configure_interfaces">True</Option>
|
||||
<Option name="debug">False</Option>
|
||||
<Option name="drop_invalid">False</Option>
|
||||
<Option name="dyn_addr">False</Option>
|
||||
<Option name="epilog_script"></Option>
|
||||
<Option name="firewall_dir"></Option>
|
||||
<Option name="firewall_is_part_of_any">True</Option>
|
||||
<Option name="firewall_is_part_of_any_and_networks">True</Option>
|
||||
<Option name="id"></Option>
|
||||
<Option name="ignore_empty_groups">False</Option>
|
||||
<Option name="install_script"></Option>
|
||||
<Option name="limit_suffix">/day</Option>
|
||||
<Option name="limit_value">0</Option>
|
||||
<Option name="linux24_accept_redirects"></Option>
|
||||
<Option name="linux24_accept_source_route"></Option>
|
||||
<Option name="linux24_icmp_echo_ignore_all"></Option>
|
||||
<Option name="linux24_icmp_echo_ignore_broadcasts"></Option>
|
||||
<Option name="linux24_icmp_ignore_bogus_error_responses"></Option>
|
||||
<Option name="linux24_ip_dynaddr"></Option>
|
||||
<Option name="linux24_ip_forward"></Option>
|
||||
<Option name="linux24_log_martians"></Option>
|
||||
<Option name="linux24_path_ip"></Option>
|
||||
<Option name="linux24_path_iptables"></Option>
|
||||
<Option name="linux24_path_logger"></Option>
|
||||
<Option name="linux24_path_lsmod"></Option>
|
||||
<Option name="linux24_path_modprobe"></Option>
|
||||
<Option name="linux24_rp_filter"></Option>
|
||||
<Option name="linux24_tcp_ecn"></Option>
|
||||
<Option name="linux24_tcp_fack"></Option>
|
||||
<Option name="linux24_tcp_fin_timeout">30</Option>
|
||||
<Option name="linux24_tcp_keepalive_interval">1800</Option>
|
||||
<Option name="linux24_tcp_sack"></Option>
|
||||
<Option name="linux24_tcp_syncookies"></Option>
|
||||
<Option name="linux24_tcp_timestamps"></Option>
|
||||
<Option name="linux24_tcp_window_scaling"></Option>
|
||||
<Option name="load_modules">False</Option>
|
||||
<Option name="local_nat">False</Option>
|
||||
<Option name="log_all">False</Option>
|
||||
<Option name="log_all_dropped">False</Option>
|
||||
<Option name="log_invalid">False</Option>
|
||||
<Option name="log_ip_opt">False</Option>
|
||||
<Option name="log_level"></Option>
|
||||
<Option name="log_limit_suffix"></Option>
|
||||
<Option name="log_limit_value">0</Option>
|
||||
<Option name="log_prefix"></Option>
|
||||
<Option name="log_tcp_opt">False</Option>
|
||||
<Option name="log_tcp_seq">False</Option>
|
||||
<Option name="manage_virtual_addr">True</Option>
|
||||
<Option name="mgmt_addr"></Option>
|
||||
<Option name="mgmt_ssh">False</Option>
|
||||
<Option name="no_iochains_for_any">False</Option>
|
||||
<Option name="no_optimisation">False</Option>
|
||||
<Option name="output_file"></Option>
|
||||
<Option name="platform">iptables</Option>
|
||||
<Option name="prolog_place">top</Option>
|
||||
<Option name="prolog_script"></Option>
|
||||
<Option name="script_env_path"></Option>
|
||||
<Option name="snmp_contact"></Option>
|
||||
<Option name="snmp_description"></Option>
|
||||
<Option name="snmp_location"></Option>
|
||||
<Option name="ulog_cprange">0</Option>
|
||||
<Option name="ulog_nlgroup">1</Option>
|
||||
<Option name="ulog_qthreshold">1</Option>
|
||||
<Option name="use_ULOG">False</Option>
|
||||
<Option name="use_iptables_restore">False</Option>
|
||||
<Option name="use_numeric_log_levels">False</Option>
|
||||
<Option name="verify_interfaces">True</Option>
|
||||
</FirewallOptions>
|
||||
</Firewall>
|
||||
<Interface id="id41F62C5C" name="eth3" bridgeport="False" dyn="False" security_level="0" unnum="False" unprotected="False">
|
||||
<IPv4 id="id41F62C60" name="firewall30:eth3:ip" address="22.22.23.23" netmask="255.255.255.0"/>
|
||||
</Interface>
|
||||
<Interface id="id41F62C52" name="eth2" bridgeport="False" dyn="False" security_level="100" unnum="False" unprotected="False">
|
||||
<IPv4 id="id41F62C56" name="firewall30:eth2:ip" address="192.168.2.1" netmask="255.255.255.0"/>
|
||||
</Interface>
|
||||
<Interface id="id429910E6" name="eth2" bridgeport="False" dyn="False" label="fw8:eth2" mgmt="True" security_level="100" unnum="False" unprotected="False">
|
||||
<IPv4 id="id429910EA" name="firewall31:eth2:ip" address="192.168.100.1" netmask="255.255.255.0"/>
|
||||
</Interface>
|
||||
<Interface id="id43868A7E1434" name="eth0.200" comment="VLAN interface" bridgeport="False" dyn="True" label="" mgmt="False" security_level="0" unnum="False" unprotected="False"/>
|
||||
<Interface id="id4492FF5124380" name="eth1" bridgeport="False" dyn="False" label="" mgmt="True" security_level="100" unnum="False" unprotected="False">
|
||||
<IPv4 id="id4492FF5324380" name="firewall40:eth1:ip" address="192.168.1.1" netmask="255.255.255.0"/>
|
||||
</Interface>
|
||||
<IPv4 id="id4492FF5F24380" name="firewall40:eth0:ip-1" address="0.0.0.0" netmask="0.0.0.0"/>
|
||||
<Library id="id44EC13FB8791" name="tmp" color="#d2ffd0" ro="False">
|
||||
<ObjectGroup id="id44EC13FC8791" name="Objects">
|
||||
<ObjectGroup id="id44EC13FD8791" name="Addresses"/>
|
||||
<ObjectGroup id="id44EC13FE8791" name="DNS Names"/>
|
||||
<ObjectGroup id="id44EC13FF8791" name="Address Tables"/>
|
||||
<ObjectGroup id="id44EC14008791" name="Groups"/>
|
||||
<ObjectGroup id="id44EC14018791" name="Hosts"/>
|
||||
<ObjectGroup id="id44EC14028791" name="Networks"/>
|
||||
<ObjectGroup id="id44EC14038791" name="Address Ranges"/>
|
||||
</ObjectGroup>
|
||||
<ServiceGroup id="id44EC14048791" name="Services">
|
||||
<ServiceGroup id="id44EC14048791_userservices" name="Users"/>
|
||||
<ServiceGroup id="id44EC14058791" name="Groups"/>
|
||||
<ServiceGroup id="id44EC14068791" name="ICMP"/>
|
||||
<ServiceGroup id="id44EC14078791" name="IP"/>
|
||||
<ServiceGroup id="id44EC14088791" name="TCP"/>
|
||||
<ServiceGroup id="id44EC14098791" name="UDP"/>
|
||||
<ServiceGroup id="id44EC140A8791" name="Custom"/>
|
||||
<ServiceGroup id="id44EC140B8791" name="TagServices"/>
|
||||
</ServiceGroup>
|
||||
<ObjectGroup id="id44EC140C8791" name="Firewalls"/>
|
||||
<IntervalGroup id="id44EC140D8791" name="Time"/>
|
||||
</Library>
|
||||
<Interface id="id46EFBE4D31183" name="eth2" bridgeport="False" dyn="False" security_level="100" unnum="False" unprotected="False">
|
||||
<IPv4 id="id46EFBE4F31183" name="firewall42:eth2:ip" address="192.168.2.1" netmask="255.255.255.0"/>
|
||||
</Interface>
|
||||
<Interface id="id46EFBE5331183" name="eth3" bridgeport="False" dyn="False" security_level="0" unnum="False" unprotected="False">
|
||||
<IPv4 id="id46EFBE5531183" name="firewall42:eth3:ip" address="22.22.23.23" netmask="255.255.255.0"/>
|
||||
</Interface>
|
||||
<IPv4 id="id46EFBE4931183" name="firewall42:eth0:ip" address="192.168.1.1" netmask="255.255.255.0"/>
|
||||
<Interface id="id4848A43B4626" name="ppp0" bridgeport="False" dyn="True" label="" mgmt="False" security_level="0" unnum="False" unprotected="False"/>
|
||||
<IntervalRef ref="sysid2"/>
|
||||
<IntervalRef ref="sysid2"/>
|
||||
<ObjectRef ref="sysid0"/>
|
||||
<ObjectRef ref="sysid0"/>
|
||||
<ServiceRef ref="sysid1"/>
|
||||
<ServiceRef ref="sysid1"/>
|
||||
</Library>
|
||||
<Library id="id4387B43718346" name="transfer" color="#FFFFFF" ro="False">
|
||||
<ObjectGroup id="id4387B43818346" name="Objects">
|
||||
<ObjectGroup id="id4387B43918346" name="Addresses"/>
|
||||
@ -26695,23 +26791,20 @@ echo '%FWBPROMPT%'; sh /tmp/%FWSCRIPT%
|
||||
<IntervalGroup id="id4387B44818346" name="Time"/>
|
||||
</Library>
|
||||
<Library id="syslib000" name="Standard" comment="Standard objects" color="#d4f8ff" ro="True">
|
||||
<AnyNetwork id="sysid0" name="Any" comment="Any Network" address="0.0.0.0" netmask="0.0.0.0"/>
|
||||
<AnyIPService id="sysid1" name="Any" comment="Any IP Service" protocol_num="0"/>
|
||||
<AnyInterval id="sysid2" name="Any" comment="Any Interval" days_of_week="0,1,2,3,4,5,6" from_day="-1" from_hour="-1" from_minute="-1" from_month="-1" from_weekday="-1" from_year="-1" to_day="-1" to_hour="-1" to_minute="-1" to_month="-1" to_weekday="-1" to_year="-1"/>
|
||||
<ServiceGroup id="stdid05" name="Services">
|
||||
<ServiceGroup id="stdid06" name="IP">
|
||||
<IPService id="ip-IPSEC" name="ESP" comment="IPSEC Encapsulating Security Payload Protocol" fragm="False" lsrr="False" protocol_num="50" rr="False" short_fragm="False" ssrr="False" ts="False"/>
|
||||
<IPService id="ip-IP_Fragments" name="ip_fragments" comment="'Short' fragments" fragm="False" lsrr="False" protocol_num="0" rr="False" short_fragm="True" ssrr="False" ts="False"/>
|
||||
<IPService id="ip-RR" name="RR" comment="Route recording packets" fragm="False" lsrr="False" protocol_num="0" rr="True" short_fragm="False" ssrr="False" ts="False"/>
|
||||
<IPService id="ip-SRR" name="SRR" comment="All sorts of Source Routing Packets" fragm="False" lsrr="True" protocol_num="0" rr="False" short_fragm="False" ssrr="True" ts="False"/>
|
||||
<IPService id="id3CB12797" name="AH" comment="IPSEC Authentication Header Protocol" fragm="False" lsrr="False" protocol_num="51" rr="False" short_fragm="False" ssrr="False" ts="False"/>
|
||||
</ServiceGroup>
|
||||
<ServiceGroup id="stdid09" name="TCP">
|
||||
<TCPService id="tcp-SMTP" name="smtp" ack_flag="False" ack_flag_mask="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" src_range_start="0" src_range_end="0" dst_range_start="25" dst_range_end="25"/>
|
||||
<TCPService id="id3B4FF09A" name="squid" ack_flag="False" ack_flag_mask="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" src_range_start="0" src_range_end="0" dst_range_start="3128" dst_range_end="3128"/>
|
||||
<TCPService id="tcp-SSH" name="ssh" ack_flag="False" ack_flag_mask="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" src_range_start="0" src_range_end="0" dst_range_start="22" dst_range_end="22"/>
|
||||
<TCPService id="tcp-Telnet" name="telnet" ack_flag="False" ack_flag_mask="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" src_range_start="0" src_range_end="0" dst_range_start="23" dst_range_end="23"/>
|
||||
<TCPService id="tcp-Auth" name="auth" ack_flag="False" ack_flag_mask="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" src_range_start="0" src_range_end="0" dst_range_start="113" dst_range_end="113"/>
|
||||
<TCPService id="tcp-DNS_zone_transf" name="dns-tcp" ack_flag="False" ack_flag_mask="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" src_range_start="0" src_range_end="0" dst_range_start="53" dst_range_end="53"/>
|
||||
<TCPService id="tcp-FTP" name="ftp" ack_flag="False" ack_flag_mask="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" src_range_start="0" src_range_end="0" dst_range_start="21" dst_range_end="21"/>
|
||||
<TCPService id="tcp-HTTP" name="http" ack_flag="False" ack_flag_mask="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" src_range_start="0" src_range_end="0" dst_range_start="80" dst_range_end="80"/>
|
||||
<TCPService id="tcp-NNTP" name="nntp" ack_flag="False" ack_flag_mask="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" src_range_start="0" src_range_end="0" dst_range_start="119" dst_range_end="119"/>
|
||||
<TCPService id="tcp-SMTP" name="smtp" ack_flag="False" ack_flag_mask="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" src_range_start="0" src_range_end="0" dst_range_start="25" dst_range_end="25"/>
|
||||
<TCPService id="tcp-SSH" name="ssh" ack_flag="False" ack_flag_mask="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" src_range_start="0" src_range_end="0" dst_range_start="22" dst_range_end="22"/>
|
||||
<TCPService id="tcp-Telnet" name="telnet" ack_flag="False" ack_flag_mask="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" src_range_start="0" src_range_end="0" dst_range_start="23" dst_range_end="23"/>
|
||||
<TCPService id="tcp-uucp" name="uucp" ack_flag="False" ack_flag_mask="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" src_range_start="0" src_range_end="0" dst_range_start="540" dst_range_end="540"/>
|
||||
<TCPService id="id3AEDBE6E" name="daytime" ack_flag="False" ack_flag_mask="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" src_range_start="0" src_range_end="0" dst_range_start="13" dst_range_end="13"/>
|
||||
<TCPService id="id3B4FEDA3" name="eklogin" ack_flag="False" ack_flag_mask="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" src_range_start="0" src_range_end="0" dst_range_start="2105" dst_range_end="2105"/>
|
||||
@ -26738,10 +26831,26 @@ echo '%FWBPROMPT%'; sh /tmp/%FWSCRIPT%
|
||||
<TCPService id="id3AEDBE00" name="sunrpc" ack_flag="False" ack_flag_mask="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" src_range_start="0" src_range_end="0" dst_range_start="111" dst_range_end="111"/>
|
||||
<TCPService id="id3B4FF1B8" name="xfs" ack_flag="False" ack_flag_mask="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" src_range_start="0" src_range_end="0" dst_range_start="7100" dst_range_end="7100"/>
|
||||
<TCPService id="tcp-TCP-SYN" name="tcp-syn" ack_flag="False" ack_flag_mask="True" fin_flag="False" fin_flag_mask="True" psh_flag="False" psh_flag_mask="True" rst_flag="False" rst_flag_mask="True" syn_flag="True" syn_flag_mask="True" urg_flag="False" urg_flag_mask="True" src_range_start="0" src_range_end="0" dst_range_start="0" dst_range_end="0"/>
|
||||
<TCPService id="id3B4FF09A" name="squid" ack_flag="False" ack_flag_mask="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" src_range_start="0" src_range_end="0" dst_range_start="3128" dst_range_end="3128"/>
|
||||
<TCPService id="tcp-All_TCP" name="All TCP" ack_flag="False" ack_flag_mask="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" src_range_start="0" src_range_end="0" dst_range_start="0" dst_range_end="0"/>
|
||||
<TCPService id="tcp-DNS" name="domain" ack_flag="False" ack_flag_mask="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" src_range_start="0" src_range_end="0" dst_range_start="53" dst_range_end="53"/>
|
||||
</ServiceGroup>
|
||||
<ServiceGroup id="stdid07" name="ICMP">
|
||||
<ICMPService id="icmp-ping_request" name="ping request" code="0" type="8"/>
|
||||
<ICMPService id="icmp-Unreachables" name="all ICMP unreachables" code="-1" type="3"/>
|
||||
<ICMPService id="id3C20EEB5" name="any ICMP" code="-1" type="-1"/>
|
||||
<ICMP6Service id="idCFE27660" name="ipv6 any ICMP6" comment="any ICMPv6" code="-1" type="-1"/>
|
||||
<ICMP6Service id="ipv6-icmp-ping_request" name="ipv6 ping request" comment="IPv6 ping request" code="0" type="128"/>
|
||||
<ICMPService id="icmp-Time_exceeded" name="time exceeded" comment="ICMP messages of this type are needed for traceroute" code="0" type="11"/>
|
||||
<ICMPService id="icmp-Time_exceeded_in_transit" name="time exceeded in transit" code="1" type="11"/>
|
||||
<ICMPService id="icmp-ping_reply" name="ping reply" code="0" type="0"/>
|
||||
</ServiceGroup>
|
||||
<ServiceGroup id="stdid06" name="IP">
|
||||
<IPService id="ip-IPSEC" name="ESP" comment="IPSEC Encapsulating Security Payload Protocol" fragm="False" lsrr="False" protocol_num="50" rr="False" short_fragm="False" ssrr="False" ts="False"/>
|
||||
<IPService id="ip-IP_Fragments" name="ip_fragments" comment="'Short' fragments" fragm="False" lsrr="False" protocol_num="0" rr="False" short_fragm="True" ssrr="False" ts="False"/>
|
||||
<IPService id="ip-RR" name="RR" comment="Route recording packets" fragm="False" lsrr="False" protocol_num="0" rr="True" short_fragm="False" ssrr="False" ts="False"/>
|
||||
<IPService id="ip-SRR" name="SRR" comment="All sorts of Source Routing Packets" fragm="False" lsrr="True" protocol_num="0" rr="False" short_fragm="False" ssrr="True" ts="False"/>
|
||||
<IPService id="id3CB12797" name="AH" comment="IPSEC Authentication Header Protocol" fragm="False" lsrr="False" protocol_num="51" rr="False" short_fragm="False" ssrr="False" ts="False"/>
|
||||
</ServiceGroup>
|
||||
<ServiceGroup id="stdid08" name="UDP">
|
||||
<UDPService id="udp-DNS" name="domain" src_range_start="0" src_range_end="0" dst_range_start="53" dst_range_end="53"/>
|
||||
<UDPService id="udp-SNMP" name="snmp" src_range_start="0" src_range_end="0" dst_range_start="161" dst_range_end="161"/>
|
||||
@ -26769,18 +26878,7 @@ echo '%FWBPROMPT%'; sh /tmp/%FWSCRIPT%
|
||||
<ServiceRef ref="tcp-DNS"/>
|
||||
</ServiceGroup>
|
||||
</ServiceGroup>
|
||||
<ServiceGroup id="stdid07" name="ICMP">
|
||||
<ICMPService id="icmp-ping_request" name="ping request" code="0" type="8"/>
|
||||
<ICMPService id="icmp-Unreachables" name="all ICMP unreachables" code="-1" type="3"/>
|
||||
<ICMPService id="id3C20EEB5" name="any ICMP" code="-1" type="-1"/>
|
||||
<ICMPService id="icmp-Time_exceeded" name="time exceeded" comment="ICMP messages of this type are needed for traceroute" code="0" type="11"/>
|
||||
<ICMPService id="icmp-Time_exceeded_in_transit" name="time exceeded in transit" code="1" type="11"/>
|
||||
<ICMPService id="icmp-ping_reply" name="ping reply" code="0" type="0"/>
|
||||
</ServiceGroup>
|
||||
</ServiceGroup>
|
||||
<AnyNetwork id="sysid0" name="Any" comment="Any Network" address="0.0.0.0" netmask="0.0.0.0"/>
|
||||
<AnyInterval id="sysid2" name="Any" comment="Any Interval" days_of_week="0,1,2,3,4,5,6" from_day="-1" from_hour="-1" from_minute="-1" from_month="-1" from_weekday="-1" from_year="-1" to_day="-1" to_hour="-1" to_minute="-1" to_month="-1" to_weekday="-1" to_year="-1"/>
|
||||
<AnyIPService id="sysid1" name="Any" comment="Any IP Service" protocol_num="0"/>
|
||||
<IntervalGroup id="stdid11" name="Time">
|
||||
<Interval id="int-afterhours" name="afterhours" comment="any day 6:00pm - 12:00am" days_of_week="0,1,2,3,4,5,6" from_day="-1" from_hour="18" from_minute="0" from_month="-1" from_weekday="-1" from_year="-1" to_day="-1" to_hour="23" to_minute="59" to_month="-1" to_weekday="-1" to_year="-1"/>
|
||||
<Interval id="id3C63479C" name="Sat" days_of_week="6" from_day="-1" from_hour="0" from_minute="0" from_month="-1" from_weekday="6" from_year="-1" to_day="-1" to_hour="23" to_minute="59" to_month="-1" to_weekday="6" to_year="-1"/>
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user