mirror of
https://github.com/fwbuilder/fwbuilder
synced 2026-03-24 20:27:22 +01:00
merging -r102:HEAD from branch rule-element-action
This commit is contained in:
Vadim Kurland
parent
36e2024a92
commit
c52a266bb0
@ -645,11 +645,9 @@ void ProjectPanel::updateTreeViewItemOrder()
|
||||
void ProjectPanel::setPolicyBranchTabName(libfwbuilder::RuleSet *subset)
|
||||
{
|
||||
assert(subset!=NULL);
|
||||
PolicyRule *rule = PolicyRule::cast(subset->getParent());
|
||||
RuleSetView *rsv = ruleSetViews[subset];
|
||||
assert(rsv);
|
||||
FWOptions *ropt = rule->getOptionsObject();
|
||||
QString branchName = ropt->getStr("branch_name").c_str();
|
||||
QString branchName = subset->getName().c_str();
|
||||
m_panel->ruleSets->setTabText(m_panel->ruleSets->indexOf(rsv),
|
||||
tr("%1").arg(branchName) );
|
||||
}
|
||||
@ -658,10 +656,7 @@ void ProjectPanel::addPolicyBranchTab(libfwbuilder::RuleSet *subset)
|
||||
{
|
||||
assert(subset!=NULL);
|
||||
|
||||
PolicyRule *rule = PolicyRule::cast(subset->getParent());
|
||||
FWOptions *ropt = rule->getOptionsObject();
|
||||
QString branchName = ropt->getStr("branch_name").c_str();
|
||||
|
||||
QString branchName = subset->getName().c_str();
|
||||
QStatusBar *sb = mainW->statusBar();
|
||||
sb->showMessage( tr("Building branch policy view '%1'...").arg(branchName) );
|
||||
QApplication::processEvents(QEventLoop::ExcludeUserInputEvents,1000);
|
||||
|
||||
@ -1,6 +1,6 @@
|
||||
<?xml version="1.0" encoding="utf-8"?>
|
||||
<!DOCTYPE FWObjectDatabase SYSTEM "fwbuilder.dtd">
|
||||
<FWObjectDatabase xmlns="http://www.fwbuilder.org/1.0/" version="4" lastModified="1178590930" id="root">
|
||||
<FWObjectDatabase xmlns="http://www.fwbuilder.org/1.0/" version="5" lastModified="1178590930" id="root">
|
||||
<Library color="#d4f8ff" comment="Standard objects" id="syslib000" name="Standard" ro="True">
|
||||
<AnyNetwork comment="Any Network" id="sysid0" name="Any" address="0.0.0.0" netmask="0.0.0.0"/>
|
||||
<AnyIPService comment="Any IP Service" id="sysid1" name="Any" protocol_num="0"/>
|
||||
|
||||
@ -1,6 +1,6 @@
|
||||
<?xml version="1.0" encoding="utf-8"?>
|
||||
<!DOCTYPE FWObjectDatabase SYSTEM "fwbuilder.dtd">
|
||||
<FWObjectDatabase xmlns="http://www.fwbuilder.org/1.0/" version="4" lastModified="1184450093" id="root">
|
||||
<FWObjectDatabase xmlns="http://www.fwbuilder.org/1.0/" version="5" lastModified="1184450093" id="root">
|
||||
<Library color="#d4f8ff" comment="Standard objects" id="syslib000" name="Standard" ro="False">
|
||||
<AnyNetwork comment="Any Network" id="sysid0" name="Any" address="0.0.0.0" netmask="0.0.0.0"/>
|
||||
<AnyIPService comment="Any IP Service" id="sysid1" name="Any" protocol_num="0"/>
|
||||
@ -427,7 +427,7 @@
|
||||
</ServiceGroup>
|
||||
<ObjectGroup id="id4070BBA8" name="Firewalls">
|
||||
<Firewall comment="This firewall has two interfaces. Eth0 faces outside and has a dynamic address; eth1 faces inside. Policy includes basic rules to permit unrestricted outbound access and anti-spoofing rules. Access to the firewall is permitted only from internal network and only using SSH. The firewall uses one of the machines on internal network for DNS. Internal network is configured with address 192.168.1.0/255.255.255.0" host_OS="unknown_os" id="id40708A6A" lastCompiled="0" lastInstalled="0" lastModified="0" name="fw template 1" platform="unknown" ro="False" version="">
|
||||
<NAT id="id40708A6E">
|
||||
<NAT id="id40708A6E" name="NAT">
|
||||
<NATRule disabled="False" id="id4070BFF5" position="0">
|
||||
<OSrc neg="False">
|
||||
<ObjectRef ref="id3DC75CE7-1"/>
|
||||
@ -450,7 +450,7 @@
|
||||
<NATRuleOptions/>
|
||||
</NATRule>
|
||||
</NAT>
|
||||
<Policy id="id40708A6D">
|
||||
<Policy id="id40708A6D" name="Policy">
|
||||
<PolicyRule action="Deny" comment="anti spoofing rule" direction="Inbound" disabled="False" id="id4070BFE9" log="True" position="0">
|
||||
<Src neg="False">
|
||||
<ObjectRef ref="id40708A6A"/>
|
||||
@ -579,7 +579,7 @@
|
||||
<PolicyRuleOptions/>
|
||||
</PolicyRule>
|
||||
</Policy>
|
||||
<Routing id="id40708A6A-routing"/>
|
||||
<Routing id="id40708A6A-routing" name="Routing"/>
|
||||
<Interface bridgeport="False" comment="" dyn="True" id="id4070BFD8" label="outside" mgmt="False" name="eth0" security_level="0" unnum="False" unprotected="False"/>
|
||||
<Interface bridgeport="False" comment="" dyn="False" id="id4070BFDA" label="inside" mgmt="True" name="eth1" security_level="100" unnum="False" unprotected="False">
|
||||
<IPv4 address="192.168.1.1" comment="" id="id4070BFDC" name="ip" netmask="255.255.255.0"/>
|
||||
@ -633,7 +633,7 @@
|
||||
</FirewallOptions>
|
||||
</Firewall>
|
||||
<Firewall comment="Similar to fw 1, but the firewall is used as DHCP and DNS server for internal network. This firewall has two interfaces. Eth0 faces outside and has a dynamic address; eth1 faces inside. Policy includes basic rules to permit unrestricted outbound access and anti-spoofing rules. Access to the firewall is permitted only from internal network and only using SSH. The firewall can send DNS queries to servers out on the Internet. Another rule permits DNS queries from internal network to the firewall. Special rules permit DHCP requests from internal network and replies sent by the firewall." host_OS="unknown_os" id="id40941E8C" lastCompiled="0" lastInstalled="0" lastModified="0" name="fw template 2" platform="unknown" ro="False" version="">
|
||||
<NAT id="id40941E91">
|
||||
<NAT id="id40941E91" name="NAT">
|
||||
<NATRule disabled="False" id="id40941E92" position="0">
|
||||
<OSrc neg="False">
|
||||
<ObjectRef ref="id3DC75CE7-1"/>
|
||||
@ -656,7 +656,7 @@
|
||||
<NATRuleOptions/>
|
||||
</NATRule>
|
||||
</NAT>
|
||||
<Policy id="id40941EA0">
|
||||
<Policy id="id40941EA0" name="Policy">
|
||||
<PolicyRule action="Deny" comment="anti spoofing rule" direction="Inbound" disabled="False" id="id40941ED5" log="True" position="2">
|
||||
<Src neg="False">
|
||||
<ObjectRef ref="id40941E8C"/>
|
||||
@ -824,7 +824,7 @@
|
||||
<PolicyRuleOptions/>
|
||||
</PolicyRule>
|
||||
</Policy>
|
||||
<Routing id="id40941E8C-routing"/>
|
||||
<Routing id="id40941E8C-routing" name="Routing"/>
|
||||
<Interface bridgeport="False" comment="" dyn="True" id="id40941ED3" label="outside" mgmt="False" name="eth0" security_level="0" unnum="False" unprotected="False"/>
|
||||
<Interface bridgeport="False" comment="" dyn="False" id="id40941EE0" label="inside" mgmt="True" name="eth1" security_level="100" unnum="False" unprotected="False">
|
||||
<IPv4 address="192.168.1.1" comment="" id="id40941EE1" name="ip" netmask="255.255.255.0"/>
|
||||
@ -878,7 +878,7 @@
|
||||
</FirewallOptions>
|
||||
</Firewall>
|
||||
<Firewall comment="This firewall has three interfaces. Eth0 faces outside and has a static routable address; eth1 faces inside; eth2 is connected to DMZ subnet. Policy includes basic rules to permit unrestricted outbound access and anti-spoofing rules. Access to the firewall is permitted only from internal network and only using SSH. The firewall uses one of the machines on internal network for DNS. Internal network is configured with address 192.168.1.0/255.255.255.0, DMZ is 192.168.2.0/255.255.255.0. Since DMZ used private IP address, it needs NAT. There is a mail relay host located on DMZ (object 'server on dmz'). Policy rules permit SMTP connections to it from the Internet and allow this server to connect to a host on internal network 'internal server'. All other access from DMZ to internal net is denied. To provide access to the mail relay its private address is mapped to firewall's outside interface address by NAT rule #1." host_OS="freebsd" id="id40986AFE" lastCompiled="0" lastInstalled="0" lastModified="0" name="fw template 3" platform="unknown" ro="False" version="">
|
||||
<NAT id="id40986B03">
|
||||
<NAT id="id40986B03" name="NAT">
|
||||
<NATRule comment="no need to translate between DMZ and internal net" disabled="False" id="id40987169" position="0">
|
||||
<OSrc neg="False">
|
||||
<ObjectRef ref="id3DC75CE7-2"/>
|
||||
@ -944,7 +944,7 @@
|
||||
<NATRuleOptions/>
|
||||
</NATRule>
|
||||
</NAT>
|
||||
<Policy id="id40986B12">
|
||||
<Policy id="id40986B12" name="Policy">
|
||||
<PolicyRule action="Deny" comment="anti spoofing rule" direction="Inbound" disabled="False" id="id40986B47" log="True" position="4">
|
||||
<Src neg="False">
|
||||
<ObjectRef ref="id40986AFE"/>
|
||||
@ -1165,7 +1165,7 @@
|
||||
<PolicyRuleOptions/>
|
||||
</PolicyRule>
|
||||
</Policy>
|
||||
<Routing id="id40986AFE-routing"/>
|
||||
<Routing id="id40986AFE-routing" name="Routing"/>
|
||||
<Interface bridgeport="False" comment="" dyn="False" id="id40986B45" label="outside" mgmt="False" name="eth0" security_level="0" unnum="False" unprotected="False">
|
||||
<IPv4 address="192.0.2.1" comment="This is a test address, change it to your real one" id="id40986E5B" name="fw 3:eth0:ip" netmask="255.255.255.0"/>
|
||||
</Interface>
|
||||
@ -1224,8 +1224,8 @@
|
||||
</FirewallOptions>
|
||||
</Firewall>
|
||||
<Firewall comment="This is an example of a firewall protecting a host ( a server or a workstation). Only SSH access to the host is permitted. Host has dynamic address." host_OS="unknown_os" id="id409878E4" lastCompiled="0" lastInstalled="0" lastModified="0" name="host fw template 1" platform="unknown" ro="False" version="">
|
||||
<NAT id="id409878E9"/>
|
||||
<Policy id="id409878F8">
|
||||
<NAT id="id409878E9" name="NAT"/>
|
||||
<Policy id="id409878F8" name="Policy">
|
||||
<PolicyRule action="Deny" comment="anti spoofing rule" direction="Inbound" disabled="False" id="id4098792D" log="True" position="6">
|
||||
<Src neg="False">
|
||||
<ObjectRef ref="id409878E4"/>
|
||||
@ -1319,7 +1319,7 @@
|
||||
<PolicyRuleOptions/>
|
||||
</PolicyRule>
|
||||
</Policy>
|
||||
<Routing id="id409878E4-routing"/>
|
||||
<Routing id="id409878E4-routing" name="Routing"/>
|
||||
<Interface bridgeport="False" comment="" dyn="True" id="id4098792B" label="outside" mgmt="False" name="eth0" security_level="0" unnum="False" unprotected="False"/>
|
||||
<Interface bridgeport="False" comment="" dyn="False" id="id4098793B" label="loopback" mgmt="False" name="lo" security_level="100" unnum="False" unprotected="False">
|
||||
<IPv4 address="127.0.0.1" comment="" id="id4098793C" name="lo:ip" netmask="255.0.0.0"/>
|
||||
@ -1366,7 +1366,7 @@
|
||||
</FirewallOptions>
|
||||
</Firewall>
|
||||
<Firewall comment="This firewall is based on Linksys appliance running Sveasoft firmware; it has two interfaces. Interface vlan1 faces outside and has a dynamic address; br0 faces inside. Policy includes basic rules to permit unrestricted outbound access and anti-spoofing rules. Access to the firewall is permitted only from internal network and only using SSH or HTTP. The firewall uses name servers supplied by the ISP for DNS. Special rule blocks DHCP requests on external interface without logging to reduce noise in the log. Internal network is configured with address 192.168.1.0/255.255.255.0" host_OS="linksys" id="id41293477" lastCompiled="0" lastInstalled="0" lastModified="0" name="linksys firewall" platform="iptables" ro="False" version="">
|
||||
<NAT id="id412934D3">
|
||||
<NAT id="id412934D3" name="NAT">
|
||||
<NATRule disabled="False" id="id412934D4" position="0">
|
||||
<OSrc neg="False">
|
||||
<ObjectRef ref="id3DC75CE7-1"/>
|
||||
@ -1389,7 +1389,7 @@
|
||||
<NATRuleOptions/>
|
||||
</NATRule>
|
||||
</NAT>
|
||||
<Policy id="id4129347C">
|
||||
<Policy id="id4129347C" name="Policy">
|
||||
<PolicyRule action="Deny" comment="anti spoofing rule" direction="Inbound" disabled="False" id="id412934E4" log="True" position="8">
|
||||
<Src neg="False">
|
||||
<ObjectRef ref="id41293477"/>
|
||||
@ -1587,7 +1587,7 @@
|
||||
<PolicyRuleOptions/>
|
||||
</PolicyRule>
|
||||
</Policy>
|
||||
<Routing id="id41293477-routing"/>
|
||||
<Routing id="id41293477-routing" name="Routing"/>
|
||||
<Interface bridgeport="False" comment="" dyn="True" id="id412934E2" label="outside" mgmt="False" name="vlan1" security_level="0" unnum="False" unprotected="False"/>
|
||||
<Interface bridgeport="False" comment="" dyn="False" id="id412934EF" label="inside" mgmt="True" name="br0" security_level="100" unnum="False" unprotected="False">
|
||||
<IPv4 address="192.168.1.1" comment="" id="id412934F0" name="linksys firewall:br0:ip" netmask="255.255.255.0"/>
|
||||
@ -1693,8 +1693,8 @@
|
||||
</FirewallOptions>
|
||||
</Firewall>
|
||||
<Firewall comment="" host_OS="linux24" id="id4129355E" lastCompiled="0" lastInstalled="0" lastModified="0" name="web server" platform="iptables" ro="False" version="">
|
||||
<NAT id="id41293598"/>
|
||||
<Policy id="id41293563">
|
||||
<NAT id="id41293598" name="NAT"/>
|
||||
<Policy id="id41293563" name="Policy">
|
||||
<PolicyRule action="Deny" direction="Inbound" disabled="False" id="id4129359C" log="True" position="10">
|
||||
<Src neg="False">
|
||||
<ObjectRef ref="id4129355E"/>
|
||||
@ -1824,7 +1824,7 @@
|
||||
<PolicyRuleOptions/>
|
||||
</PolicyRule>
|
||||
</Policy>
|
||||
<Routing id="id4129355E-routing"/>
|
||||
<Routing id="id4129355E-routing" name="Routing"/>
|
||||
<Interface bridgeport="False" comment="" dyn="False" id="id41293599" label="outside" mgmt="True" name="eth0" security_level="0" unnum="False" unprotected="False">
|
||||
<IPv4 address="192.168.1.10" id="id4129359A" name="web server:eth0:ip" netmask="255.255.255.0"/>
|
||||
</Interface>
|
||||
@ -1889,8 +1889,8 @@
|
||||
</FirewallOptions>
|
||||
</Firewall>
|
||||
<Firewall comment="An example of Cisco router" host_OS="ios" id="id4699503132343" inactive="False" lastCompiled="0" lastInstalled="0" lastModified="1184450093" name="c36xx" platform="iosacl" ro="False" version="12.x">
|
||||
<NAT id="id4699503532343"/>
|
||||
<Policy id="id4699503432343">
|
||||
<NAT id="id4699503532343" name="NAT"/>
|
||||
<Policy id="id4699503432343" name="Policy">
|
||||
<PolicyRule action="Deny" comment="anti-spoofing rule" direction="Inbound" disabled="False" id="id46995E2832343" log="True" position="0">
|
||||
<Src neg="False">
|
||||
<ObjectRef ref="id3DC75CE7-1"/>
|
||||
@ -1973,7 +1973,7 @@
|
||||
</PolicyRuleOptions>
|
||||
</PolicyRule>
|
||||
</Policy>
|
||||
<Routing id="id4699503632343"/>
|
||||
<Routing id="id4699503632343" name="Routing"/>
|
||||
<Interface bridgeport="False" comment="" dyn="False" id="id4699503732343" label="" mgmt="False" name="Ethernet1/0" security_level="0" unnum="False" unprotected="False">
|
||||
<IPv4 address="192.0.2.1" comment="" id="id4699503832343" name="c36xx:Ethernet1/0:ip" netmask="255.255.255.0"/>
|
||||
</Interface>
|
||||
|
||||
@ -427,7 +427,7 @@
|
||||
</ServiceGroup>
|
||||
<ObjectGroup id="id4070BBA8" name="Firewalls">
|
||||
<Firewall comment="This firewall has two interfaces. Eth0 faces outside and has a dynamic address; eth1 faces inside. Policy includes basic rules to permit unrestricted outbound access and anti-spoofing rules. Access to the firewall is permitted only from internal network and only using SSH. The firewall uses one of the machines on internal network for DNS. Internal network is configured with address 192.168.1.0/255.255.255.0" host_OS="unknown_os" id="id40708A6A" lastCompiled="0" lastInstalled="0" lastModified="0" name="fw template 1" platform="unknown" ro="False" version="">
|
||||
<NAT id="id40708A6E">
|
||||
<NAT id="id40708A6E" name="NAT">
|
||||
<NATRule disabled="False" id="id4070BFF5" position="0">
|
||||
<OSrc neg="False">
|
||||
<ObjectRef ref="id3DC75CE7-1"/>
|
||||
@ -450,7 +450,7 @@
|
||||
<NATRuleOptions/>
|
||||
</NATRule>
|
||||
</NAT>
|
||||
<Policy id="id40708A6D">
|
||||
<Policy id="id40708A6D" name="Policy">
|
||||
<PolicyRule action="Deny" comment="anti spoofing rule" direction="Inbound" disabled="False" id="id4070BFE9" log="True" position="0">
|
||||
<Src neg="False">
|
||||
<ObjectRef ref="id40708A6A"/>
|
||||
@ -579,7 +579,7 @@
|
||||
<PolicyRuleOptions/>
|
||||
</PolicyRule>
|
||||
</Policy>
|
||||
<Routing id="id40708A6A-routing"/>
|
||||
<Routing id="id40708A6A-routing" name="Routing"/>
|
||||
<Interface bridgeport="False" comment="" dyn="True" id="id4070BFD8" label="outside" mgmt="False" name="eth0" security_level="0" unnum="False" unprotected="False"/>
|
||||
<Interface bridgeport="False" comment="" dyn="False" id="id4070BFDA" label="inside" mgmt="True" name="eth1" security_level="100" unnum="False" unprotected="False">
|
||||
<IPv4 address="192.168.1.1" comment="" id="id4070BFDC" name="ip" netmask="255.255.255.0"/>
|
||||
@ -633,7 +633,7 @@
|
||||
</FirewallOptions>
|
||||
</Firewall>
|
||||
<Firewall comment="Similar to fw 1, but the firewall is used as DHCP and DNS server for internal network. This firewall has two interfaces. Eth0 faces outside and has a dynamic address; eth1 faces inside. Policy includes basic rules to permit unrestricted outbound access and anti-spoofing rules. Access to the firewall is permitted only from internal network and only using SSH. The firewall can send DNS queries to servers out on the Internet. Another rule permits DNS queries from internal network to the firewall. Special rules permit DHCP requests from internal network and replies sent by the firewall." host_OS="unknown_os" id="id40941E8C" lastCompiled="0" lastInstalled="0" lastModified="0" name="fw template 2" platform="unknown" ro="False" version="">
|
||||
<NAT id="id40941E91">
|
||||
<NAT id="id40941E91" name="NAT">
|
||||
<NATRule disabled="False" id="id40941E92" position="0">
|
||||
<OSrc neg="False">
|
||||
<ObjectRef ref="id3DC75CE7-1"/>
|
||||
@ -656,7 +656,7 @@
|
||||
<NATRuleOptions/>
|
||||
</NATRule>
|
||||
</NAT>
|
||||
<Policy id="id40941EA0">
|
||||
<Policy id="id40941EA0" name="Policy">
|
||||
<PolicyRule action="Deny" comment="anti spoofing rule" direction="Inbound" disabled="False" id="id40941ED5" log="True" position="2">
|
||||
<Src neg="False">
|
||||
<ObjectRef ref="id40941E8C"/>
|
||||
@ -824,7 +824,7 @@
|
||||
<PolicyRuleOptions/>
|
||||
</PolicyRule>
|
||||
</Policy>
|
||||
<Routing id="id40941E8C-routing"/>
|
||||
<Routing id="id40941E8C-routing" name="Routing"/>
|
||||
<Interface bridgeport="False" comment="" dyn="True" id="id40941ED3" label="outside" mgmt="False" name="eth0" security_level="0" unnum="False" unprotected="False"/>
|
||||
<Interface bridgeport="False" comment="" dyn="False" id="id40941EE0" label="inside" mgmt="True" name="eth1" security_level="100" unnum="False" unprotected="False">
|
||||
<IPv4 address="192.168.1.1" comment="" id="id40941EE1" name="ip" netmask="255.255.255.0"/>
|
||||
@ -878,7 +878,7 @@
|
||||
</FirewallOptions>
|
||||
</Firewall>
|
||||
<Firewall comment="This firewall has three interfaces. Eth0 faces outside and has a static routable address; eth1 faces inside; eth2 is connected to DMZ subnet. Policy includes basic rules to permit unrestricted outbound access and anti-spoofing rules. Access to the firewall is permitted only from internal network and only using SSH. The firewall uses one of the machines on internal network for DNS. Internal network is configured with address 192.168.1.0/255.255.255.0, DMZ is 192.168.2.0/255.255.255.0. Since DMZ used private IP address, it needs NAT. There is a mail relay host located on DMZ (object 'server on dmz'). Policy rules permit SMTP connections to it from the Internet and allow this server to connect to a host on internal network 'internal server'. All other access from DMZ to internal net is denied. To provide access to the mail relay its private address is mapped to firewall's outside interface address by NAT rule #1." host_OS="freebsd" id="id40986AFE" lastCompiled="0" lastInstalled="0" lastModified="0" name="fw template 3" platform="unknown" ro="False" version="">
|
||||
<NAT id="id40986B03">
|
||||
<NAT id="id40986B03" name="NAT">
|
||||
<NATRule comment="no need to translate between DMZ and internal net" disabled="False" id="id40987169" position="0">
|
||||
<OSrc neg="False">
|
||||
<ObjectRef ref="id3DC75CE7-2"/>
|
||||
@ -944,7 +944,7 @@
|
||||
<NATRuleOptions/>
|
||||
</NATRule>
|
||||
</NAT>
|
||||
<Policy id="id40986B12">
|
||||
<Policy id="id40986B12" name="Policy">
|
||||
<PolicyRule action="Deny" comment="anti spoofing rule" direction="Inbound" disabled="False" id="id40986B47" log="True" position="4">
|
||||
<Src neg="False">
|
||||
<ObjectRef ref="id40986AFE"/>
|
||||
@ -1165,7 +1165,7 @@
|
||||
<PolicyRuleOptions/>
|
||||
</PolicyRule>
|
||||
</Policy>
|
||||
<Routing id="id40986AFE-routing"/>
|
||||
<Routing id="id40986AFE-routing" name="Routing"/>
|
||||
<Interface bridgeport="False" comment="" dyn="False" id="id40986B45" label="outside" mgmt="False" name="eth0" security_level="0" unnum="False" unprotected="False">
|
||||
<IPv4 address="192.0.2.1" comment="This is a test address, change it to your real one" id="id40986E5B" name="fw 3:eth0:ip" netmask="255.255.255.0"/>
|
||||
</Interface>
|
||||
@ -1224,8 +1224,8 @@
|
||||
</FirewallOptions>
|
||||
</Firewall>
|
||||
<Firewall comment="This is an example of a firewall protecting a host ( a server or a workstation). Only SSH access to the host is permitted. Host has dynamic address." host_OS="unknown_os" id="id409878E4" lastCompiled="0" lastInstalled="0" lastModified="0" name="host fw template 1" platform="unknown" ro="False" version="">
|
||||
<NAT id="id409878E9"/>
|
||||
<Policy id="id409878F8">
|
||||
<NAT id="id409878E9" name="NAT"/>
|
||||
<Policy id="id409878F8" name="Policy">
|
||||
<PolicyRule action="Deny" comment="anti spoofing rule" direction="Inbound" disabled="False" id="id4098792D" log="True" position="6">
|
||||
<Src neg="False">
|
||||
<ObjectRef ref="id409878E4"/>
|
||||
@ -1319,7 +1319,7 @@
|
||||
<PolicyRuleOptions/>
|
||||
</PolicyRule>
|
||||
</Policy>
|
||||
<Routing id="id409878E4-routing"/>
|
||||
<Routing id="id409878E4-routing" name="Routing"/>
|
||||
<Interface bridgeport="False" comment="" dyn="True" id="id4098792B" label="outside" mgmt="False" name="eth0" security_level="0" unnum="False" unprotected="False"/>
|
||||
<Interface bridgeport="False" comment="" dyn="False" id="id4098793B" label="loopback" mgmt="False" name="lo" security_level="100" unnum="False" unprotected="False">
|
||||
<IPv4 address="127.0.0.1" comment="" id="id4098793C" name="lo:ip" netmask="255.0.0.0"/>
|
||||
@ -1366,7 +1366,7 @@
|
||||
</FirewallOptions>
|
||||
</Firewall>
|
||||
<Firewall comment="This firewall is based on Linksys appliance running Sveasoft firmware; it has two interfaces. Interface vlan1 faces outside and has a dynamic address; br0 faces inside. Policy includes basic rules to permit unrestricted outbound access and anti-spoofing rules. Access to the firewall is permitted only from internal network and only using SSH or HTTP. The firewall uses name servers supplied by the ISP for DNS. Special rule blocks DHCP requests on external interface without logging to reduce noise in the log. Internal network is configured with address 192.168.1.0/255.255.255.0" host_OS="linksys" id="id41293477" lastCompiled="0" lastInstalled="0" lastModified="0" name="linksys firewall" platform="iptables" ro="False" version="">
|
||||
<NAT id="id412934D3">
|
||||
<NAT id="id412934D3" name="NAT">
|
||||
<NATRule disabled="False" id="id412934D4" position="0">
|
||||
<OSrc neg="False">
|
||||
<ObjectRef ref="id3DC75CE7-1"/>
|
||||
@ -1389,7 +1389,7 @@
|
||||
<NATRuleOptions/>
|
||||
</NATRule>
|
||||
</NAT>
|
||||
<Policy id="id4129347C">
|
||||
<Policy id="id4129347C" name="Policy">
|
||||
<PolicyRule action="Deny" comment="anti spoofing rule" direction="Inbound" disabled="False" id="id412934E4" log="True" position="8">
|
||||
<Src neg="False">
|
||||
<ObjectRef ref="id41293477"/>
|
||||
@ -1587,7 +1587,7 @@
|
||||
<PolicyRuleOptions/>
|
||||
</PolicyRule>
|
||||
</Policy>
|
||||
<Routing id="id41293477-routing"/>
|
||||
<Routing id="id41293477-routing" name="Routing"/>
|
||||
<Interface bridgeport="False" comment="" dyn="True" id="id412934E2" label="outside" mgmt="False" name="vlan1" security_level="0" unnum="False" unprotected="False"/>
|
||||
<Interface bridgeport="False" comment="" dyn="False" id="id412934EF" label="inside" mgmt="True" name="br0" security_level="100" unnum="False" unprotected="False">
|
||||
<IPv4 address="192.168.1.1" comment="" id="id412934F0" name="linksys firewall:br0:ip" netmask="255.255.255.0"/>
|
||||
@ -1693,8 +1693,8 @@
|
||||
</FirewallOptions>
|
||||
</Firewall>
|
||||
<Firewall comment="" host_OS="linux24" id="id4129355E" lastCompiled="0" lastInstalled="0" lastModified="0" name="web server" platform="iptables" ro="False" version="">
|
||||
<NAT id="id41293598"/>
|
||||
<Policy id="id41293563">
|
||||
<NAT id="id41293598" name="NAT"/>
|
||||
<Policy id="id41293563" name="Policy">
|
||||
<PolicyRule action="Deny" direction="Inbound" disabled="False" id="id4129359C" log="True" position="10">
|
||||
<Src neg="False">
|
||||
<ObjectRef ref="id4129355E"/>
|
||||
@ -1824,7 +1824,7 @@
|
||||
<PolicyRuleOptions/>
|
||||
</PolicyRule>
|
||||
</Policy>
|
||||
<Routing id="id4129355E-routing"/>
|
||||
<Routing id="id4129355E-routing" name="Routing"/>
|
||||
<Interface bridgeport="False" comment="" dyn="False" id="id41293599" label="outside" mgmt="True" name="eth0" security_level="0" unnum="False" unprotected="False">
|
||||
<IPv4 address="192.168.1.10" id="id4129359A" name="web server:eth0:ip" netmask="255.255.255.0"/>
|
||||
</Interface>
|
||||
@ -1889,8 +1889,8 @@
|
||||
</FirewallOptions>
|
||||
</Firewall>
|
||||
<Firewall comment="An example of Cisco router" host_OS="ios" id="id4699503132343" inactive="False" lastCompiled="0" lastInstalled="0" lastModified="1184450093" name="c36xx" platform="iosacl" ro="False" version="12.x">
|
||||
<NAT id="id4699503532343"/>
|
||||
<Policy id="id4699503432343">
|
||||
<NAT id="id4699503532343" name="NAT"/>
|
||||
<Policy id="id4699503432343" name="Policy">
|
||||
<PolicyRule action="Deny" comment="anti-spoofing rule" direction="Inbound" disabled="False" id="id46995E2832343" log="True" position="0">
|
||||
<Src neg="False">
|
||||
<ObjectRef ref="id3DC75CE7-1"/>
|
||||
@ -1973,7 +1973,7 @@
|
||||
</PolicyRuleOptions>
|
||||
</PolicyRule>
|
||||
</Policy>
|
||||
<Routing id="id4699503632343"/>
|
||||
<Routing id="id4699503632343" name="Routing"/>
|
||||
<Interface bridgeport="False" comment="" dyn="False" id="id4699503732343" label="" mgmt="False" name="Ethernet1/0" security_level="0" unnum="False" unprotected="False">
|
||||
<IPv4 address="192.0.2.1" comment="" id="id4699503832343" name="c36xx:Ethernet1/0:ip" netmask="255.255.255.0"/>
|
||||
</Interface>
|
||||
|
||||
File diff suppressed because it is too large
Load Diff
File diff suppressed because it is too large
Load Diff
File diff suppressed because it is too large
Load Diff
File diff suppressed because it is too large
Load Diff
File diff suppressed because it is too large
Load Diff
5837
test/pix/objects.fwb
5837
test/pix/objects.fwb
File diff suppressed because it is too large
Load Diff
Loading…
x
Reference in New Issue
Block a user