mirror of
https://github.com/fwbuilder/fwbuilder
synced 2026-03-19 09:47:20 +01:00
upgraded regression tests data fles
This commit is contained in:
Vadim Kurland
parent
ad5a140932
commit
ccbe413c22
@ -1,6 +1,6 @@
|
||||
<?xml version="1.0" encoding="utf-8"?>
|
||||
<!DOCTYPE FWObjectDatabase SYSTEM "fwbuilder.dtd">
|
||||
<FWObjectDatabase xmlns="http://www.fwbuilder.org/1.0/" version="17" lastModified="1253911075" id="root">
|
||||
<FWObjectDatabase xmlns="http://www.fwbuilder.org/1.0/" version="18" lastModified="1253911075" id="root">
|
||||
<Library id="syslib000" color="#d4f8ff" name="Standard" comment="Standard objects" ro="True">
|
||||
<AnyNetwork id="sysid0" name="Any" comment="Any Network" ro="False" address="0.0.0.0" netmask="0.0.0.0"/>
|
||||
<AnyIPService id="sysid1" protocol_num="0" name="Any" comment="Any IP Service" ro="False"/>
|
||||
@ -51,9 +51,9 @@
|
||||
<PolicyInstallScript arguments="" command="" enabled="False"/>
|
||||
</Management>
|
||||
<HostOptions>
|
||||
<Option name="snmp_contact"></Option>
|
||||
<Option name="snmp_description"></Option>
|
||||
<Option name="snmp_location"></Option>
|
||||
<Option name="snmp_contact"/>
|
||||
<Option name="snmp_description"/>
|
||||
<Option name="snmp_location"/>
|
||||
<Option name="use_mac_addr">false</Option>
|
||||
<Option name="use_mac_addr_filter">False</Option>
|
||||
</HostOptions>
|
||||
@ -69,9 +69,9 @@
|
||||
<PolicyInstallScript arguments="" command="" enabled="False"/>
|
||||
</Management>
|
||||
<HostOptions>
|
||||
<Option name="snmp_contact"></Option>
|
||||
<Option name="snmp_description"></Option>
|
||||
<Option name="snmp_location"></Option>
|
||||
<Option name="snmp_contact"/>
|
||||
<Option name="snmp_description"/>
|
||||
<Option name="snmp_location"/>
|
||||
<Option name="use_mac_addr">false</Option>
|
||||
<Option name="use_mac_addr_filter">False</Option>
|
||||
</HostOptions>
|
||||
@ -100,16 +100,16 @@
|
||||
</ObjectGroup>
|
||||
<ServiceGroup id="stdid05" name="Services" comment="" ro="False">
|
||||
<CustomService id="stdid14_1" name="ESTABLISHED" comment="This service matches all packets which are part of network connections established through the firewall, or connections 'related' to those established through the firewall. Term 'established' refers to the state tracking mechanism which exists inside iptables and other stateful firewalls and does not mean any particular combination of packet header options. Packet is considered to correspond to the state 'ESTABLISHED' if it belongs to the network session, for which proper initiation has been seen by the firewall, so its stateful inspection module made appropriate record in the state table. Usually stateful firewalls keep track of network connections using not only tcp protocol, but also udp and sometimes even icmp protocols. 'RELATED' describes packet belonging to a separate network connection, related to the session firewall is keeping track of. One example is FTP command and FTP data sessions." ro="False" protocol="any" address_family="ipv4">
|
||||
<CustomServiceCommand platform="Undefined"></CustomServiceCommand>
|
||||
<CustomServiceCommand platform="Undefined"/>
|
||||
<CustomServiceCommand platform="iosacl">established</CustomServiceCommand>
|
||||
<CustomServiceCommand platform="ipfilter"></CustomServiceCommand>
|
||||
<CustomServiceCommand platform="ipfilter"/>
|
||||
<CustomServiceCommand platform="ipfw">established</CustomServiceCommand>
|
||||
<CustomServiceCommand platform="iptables">-m state --state ESTABLISHED,RELATED</CustomServiceCommand>
|
||||
</CustomService>
|
||||
<CustomService id="stdid14_2" name="ESTABLISHED ipv6" comment="This service matches all packets which are part of network connections established through the firewall, or connections 'related' to those established through the firewall. Term 'established' refers to the state tracking mechanism which exists inside iptables and other stateful firewalls and does not mean any particular combination of packet header options. Packet is considered to correspond to the state 'ESTABLISHED' if it belongs to the network session, for which proper initiation has been seen by the firewall, so its stateful inspection module made appropriate record in the state table. Usually stateful firewalls keep track of network connections using not only tcp protocol, but also udp and sometimes even icmp protocols. 'RELATED' describes packet belonging to a separate network connection, related to the session firewall is keeping track of. One example is FTP command and FTP data sessions." ro="False" protocol="any" address_family="ipv6">
|
||||
<CustomServiceCommand platform="Undefined"></CustomServiceCommand>
|
||||
<CustomServiceCommand platform="Undefined"/>
|
||||
<CustomServiceCommand platform="iosacl">established</CustomServiceCommand>
|
||||
<CustomServiceCommand platform="ipfilter"></CustomServiceCommand>
|
||||
<CustomServiceCommand platform="ipfilter"/>
|
||||
<CustomServiceCommand platform="ipfw">established</CustomServiceCommand>
|
||||
<CustomServiceCommand platform="iptables">-m state --state ESTABLISHED,RELATED</CustomServiceCommand>
|
||||
</CustomService>
|
||||
@ -350,54 +350,54 @@
|
||||
</ServiceGroup>
|
||||
<ServiceGroup id="stdid13" name="Custom" comment="" ro="False">
|
||||
<CustomService id="id3B64EEA8" name="rpc" comment="works in iptables and requires patch-o-matic. For more information look for patch-o-matic on http://www.netfilter.org/" ro="False" protocol="any" address_family="ipv4">
|
||||
<CustomServiceCommand platform="Undefined"></CustomServiceCommand>
|
||||
<CustomServiceCommand platform="ipf"></CustomServiceCommand>
|
||||
<CustomServiceCommand platform="ipfilter"></CustomServiceCommand>
|
||||
<CustomServiceCommand platform="ipfw"></CustomServiceCommand>
|
||||
<CustomServiceCommand platform="Undefined"/>
|
||||
<CustomServiceCommand platform="ipf"/>
|
||||
<CustomServiceCommand platform="ipfilter"/>
|
||||
<CustomServiceCommand platform="ipfw"/>
|
||||
<CustomServiceCommand platform="iptables">-m record_rpc</CustomServiceCommand>
|
||||
<CustomServiceCommand platform="pf"></CustomServiceCommand>
|
||||
<CustomServiceCommand platform="pix"></CustomServiceCommand>
|
||||
<CustomServiceCommand platform="unknown"></CustomServiceCommand>
|
||||
<CustomServiceCommand platform="pf"/>
|
||||
<CustomServiceCommand platform="pix"/>
|
||||
<CustomServiceCommand platform="unknown"/>
|
||||
</CustomService>
|
||||
<CustomService id="id3B64EF4E" name="irc-conn" comment="IRC connection tracker, supports DCC. Works on iptables and requires patch-o-matic. For more information look for patch-o-matic on http://www.netfilter.org/ " ro="False" protocol="any" address_family="ipv4">
|
||||
<CustomServiceCommand platform="Undefined"></CustomServiceCommand>
|
||||
<CustomServiceCommand platform="ipf"></CustomServiceCommand>
|
||||
<CustomServiceCommand platform="ipfilter"></CustomServiceCommand>
|
||||
<CustomServiceCommand platform="ipfw"></CustomServiceCommand>
|
||||
<CustomServiceCommand platform="Undefined"/>
|
||||
<CustomServiceCommand platform="ipf"/>
|
||||
<CustomServiceCommand platform="ipfilter"/>
|
||||
<CustomServiceCommand platform="ipfw"/>
|
||||
<CustomServiceCommand platform="iptables">-m irc</CustomServiceCommand>
|
||||
<CustomServiceCommand platform="pf"></CustomServiceCommand>
|
||||
<CustomServiceCommand platform="pix"></CustomServiceCommand>
|
||||
<CustomServiceCommand platform="unknown"></CustomServiceCommand>
|
||||
<CustomServiceCommand platform="pf"/>
|
||||
<CustomServiceCommand platform="pix"/>
|
||||
<CustomServiceCommand platform="unknown"/>
|
||||
</CustomService>
|
||||
<CustomService id="id3B64EF50" name="psd" comment="Port scan detector, works only on iptables and requires patch-o-matic For more information look for patch-o-matic on http://www.netfilter.org/" ro="False" protocol="any" address_family="ipv4">
|
||||
<CustomServiceCommand platform="Undefined"></CustomServiceCommand>
|
||||
<CustomServiceCommand platform="ipf"></CustomServiceCommand>
|
||||
<CustomServiceCommand platform="ipfilter"></CustomServiceCommand>
|
||||
<CustomServiceCommand platform="ipfw"></CustomServiceCommand>
|
||||
<CustomServiceCommand platform="Undefined"/>
|
||||
<CustomServiceCommand platform="ipf"/>
|
||||
<CustomServiceCommand platform="ipfilter"/>
|
||||
<CustomServiceCommand platform="ipfw"/>
|
||||
<CustomServiceCommand platform="iptables">-m psd --psd-weight-threshold 5 --psd-delay-threshold 10000</CustomServiceCommand>
|
||||
<CustomServiceCommand platform="pf"></CustomServiceCommand>
|
||||
<CustomServiceCommand platform="pix"></CustomServiceCommand>
|
||||
<CustomServiceCommand platform="unknown"></CustomServiceCommand>
|
||||
<CustomServiceCommand platform="pf"/>
|
||||
<CustomServiceCommand platform="pix"/>
|
||||
<CustomServiceCommand platform="unknown"/>
|
||||
</CustomService>
|
||||
<CustomService id="id3B64EF52" name="string" comment="Matches a string in a whole packet, works in iptables and requires patch-o-matic. For more information look for patch-o-matic on http://www.netfilter.org/" ro="False" protocol="any" address_family="ipv4">
|
||||
<CustomServiceCommand platform="Undefined"></CustomServiceCommand>
|
||||
<CustomServiceCommand platform="ipf"></CustomServiceCommand>
|
||||
<CustomServiceCommand platform="ipfilter"></CustomServiceCommand>
|
||||
<CustomServiceCommand platform="ipfw"></CustomServiceCommand>
|
||||
<CustomServiceCommand platform="Undefined"/>
|
||||
<CustomServiceCommand platform="ipf"/>
|
||||
<CustomServiceCommand platform="ipfilter"/>
|
||||
<CustomServiceCommand platform="ipfw"/>
|
||||
<CustomServiceCommand platform="iptables">-m string --string test_pattern</CustomServiceCommand>
|
||||
<CustomServiceCommand platform="pf"></CustomServiceCommand>
|
||||
<CustomServiceCommand platform="pix"></CustomServiceCommand>
|
||||
<CustomServiceCommand platform="unknown"></CustomServiceCommand>
|
||||
<CustomServiceCommand platform="pf"/>
|
||||
<CustomServiceCommand platform="pix"/>
|
||||
<CustomServiceCommand platform="unknown"/>
|
||||
</CustomService>
|
||||
<CustomService id="id3B64EF54" name="talk" comment="Talk protocol support. Works in iptables and requires patch-o-matic. For more information look for patch-o-matic on http://www.netfilter.org/" ro="False" protocol="any" address_family="ipv4">
|
||||
<CustomServiceCommand platform="Undefined"></CustomServiceCommand>
|
||||
<CustomServiceCommand platform="ipf"></CustomServiceCommand>
|
||||
<CustomServiceCommand platform="ipfilter"></CustomServiceCommand>
|
||||
<CustomServiceCommand platform="ipfw"></CustomServiceCommand>
|
||||
<CustomServiceCommand platform="Undefined"/>
|
||||
<CustomServiceCommand platform="ipf"/>
|
||||
<CustomServiceCommand platform="ipfilter"/>
|
||||
<CustomServiceCommand platform="ipfw"/>
|
||||
<CustomServiceCommand platform="iptables">-m talk</CustomServiceCommand>
|
||||
<CustomServiceCommand platform="pf"></CustomServiceCommand>
|
||||
<CustomServiceCommand platform="pix"></CustomServiceCommand>
|
||||
<CustomServiceCommand platform="unknown"></CustomServiceCommand>
|
||||
<CustomServiceCommand platform="pf"/>
|
||||
<CustomServiceCommand platform="pix"/>
|
||||
<CustomServiceCommand platform="unknown"/>
|
||||
</CustomService>
|
||||
</ServiceGroup>
|
||||
<ServiceGroup id="stdid19" name="TagServices" comment="" ro="False"/>
|
||||
@ -420,7 +420,7 @@
|
||||
<FailoverClusterGroup id="id2719X89830" type="vrrp" name="cluster3:vrrp0:members" comment="">
|
||||
<ClusterGroupOptions>
|
||||
<Option name="vrrp_secret">vrrp_secret</Option>
|
||||
<Option name="vrrp_vrid"></Option>
|
||||
<Option name="vrrp_vrid"/>
|
||||
</ClusterGroupOptions>
|
||||
</FailoverClusterGroup>
|
||||
<StateSyncClusterGroup id="id2762X92940" type="conntrack" name="State Sync Group-1" comment="">
|
||||
@ -438,18 +438,18 @@
|
||||
<Option name="iface_disablearp">False</Option>
|
||||
<Option name="iface_disableboot">False</Option>
|
||||
<Option name="iface_mtu">1500</Option>
|
||||
<Option name="iface_options"></Option>
|
||||
<Option name="iface_options"/>
|
||||
<Option name="type">bridge</Option>
|
||||
<Option name="vlan_id"></Option>
|
||||
<Option name="vlan_id"/>
|
||||
</InterfaceOptions>
|
||||
<Interface id="id10491X48869" dedicated_failover="False" dyn="False" label="" security_level="0" unnum="False" unprotected="False" name="eth2" comment="" ro="False">
|
||||
<InterfaceOptions>
|
||||
<Option name="iface_disablearp">False</Option>
|
||||
<Option name="iface_disableboot">False</Option>
|
||||
<Option name="iface_mtu">1500</Option>
|
||||
<Option name="iface_options"></Option>
|
||||
<Option name="iface_options"/>
|
||||
<Option name="type">ethernet</Option>
|
||||
<Option name="vlan_id"></Option>
|
||||
<Option name="vlan_id"/>
|
||||
</InterfaceOptions>
|
||||
</Interface>
|
||||
<Interface id="id10493X48869" dedicated_failover="False" dyn="False" label="" security_level="0" unnum="False" unprotected="False" name="eth3" comment="" ro="False">
|
||||
@ -486,7 +486,7 @@
|
||||
<Option name="iface_disablearp">False</Option>
|
||||
<Option name="iface_disableboot">False</Option>
|
||||
<Option name="iface_mtu">1500</Option>
|
||||
<Option name="iface_options"></Option>
|
||||
<Option name="iface_options"/>
|
||||
<Option name="type">8021q</Option>
|
||||
<Option name="vlan_id">100</Option>
|
||||
</InterfaceOptions>
|
||||
@ -497,7 +497,7 @@
|
||||
<Option name="iface_disablearp">False</Option>
|
||||
<Option name="iface_disableboot">False</Option>
|
||||
<Option name="iface_mtu">1500</Option>
|
||||
<Option name="iface_options"></Option>
|
||||
<Option name="iface_options"/>
|
||||
<Option name="type">8021q</Option>
|
||||
<Option name="vlan_id">101</Option>
|
||||
</InterfaceOptions>
|
||||
@ -505,131 +505,149 @@
|
||||
<Cluster id="id3631X95766" host_OS="openbsd" inactive="False" lastCompiled="1244758659" lastInstalled="0" lastModified="1244757366" platform="pf" name="pf_cluster_1" comment="" ro="False">
|
||||
<NAT id="id3640X95766" name="NAT" comment="" ro="False" ipv4_rule_set="False" ipv6_rule_set="False" top_rule_set="True">
|
||||
<NATRule id="id3162X39764" disabled="False" position="0" action="Translate" comment="">
|
||||
<OSrc neg="False">
|
||||
<OSrc neg="False">
|
||||
<ObjectRef ref="id3DC75CE7-1"/>
|
||||
</OSrc>
|
||||
<ODst neg="False">
|
||||
<ODst neg="False">
|
||||
<ObjectRef ref="sysid0"/>
|
||||
</ODst>
|
||||
<OSrv neg="False">
|
||||
<OSrv neg="False">
|
||||
<ServiceRef ref="sysid1"/>
|
||||
</OSrv>
|
||||
<TSrc neg="False">
|
||||
<TSrc neg="False">
|
||||
<ObjectRef ref="sysid0"/>
|
||||
</TSrc>
|
||||
<TDst neg="False">
|
||||
<TDst neg="False">
|
||||
<ObjectRef ref="sysid0"/>
|
||||
</TDst>
|
||||
<TSrv neg="False">
|
||||
<TSrv neg="False">
|
||||
<ServiceRef ref="sysid1"/>
|
||||
</TSrv>
|
||||
<NATRuleOptions/>
|
||||
</NATRule>
|
||||
<ItfInb neg="False"><ObjectRef ref="sysid0"/></ItfInb>
|
||||
<ItfOutb neg="False"><ObjectRef ref="sysid0"/></ItfOutb>
|
||||
|
||||
<NATRuleOptions/>
|
||||
</NATRule>
|
||||
<NATRule id="id11381X39764" disabled="False" group="" position="1" action="Translate" comment="">
|
||||
<OSrc neg="False">
|
||||
<OSrc neg="False">
|
||||
<ObjectRef ref="id3DC75CE7-1"/>
|
||||
</OSrc>
|
||||
<ODst neg="False">
|
||||
<ODst neg="False">
|
||||
<ObjectRef ref="sysid0"/>
|
||||
</ODst>
|
||||
<OSrv neg="False">
|
||||
<OSrv neg="False">
|
||||
<ServiceRef ref="sysid1"/>
|
||||
</OSrv>
|
||||
<TSrc neg="False">
|
||||
<TSrc neg="False">
|
||||
<ObjectRef ref="sysid0"/>
|
||||
</TSrc>
|
||||
<TDst neg="False">
|
||||
<TDst neg="False">
|
||||
<ObjectRef ref="sysid0"/>
|
||||
</TDst>
|
||||
<TSrv neg="False">
|
||||
<TSrv neg="False">
|
||||
<ServiceRef ref="sysid1"/>
|
||||
</TSrv>
|
||||
<NATRuleOptions/>
|
||||
</NATRule>
|
||||
<ItfInb neg="False"><ObjectRef ref="sysid0"/></ItfInb>
|
||||
<ItfOutb neg="False"><ObjectRef ref="sysid0"/></ItfOutb>
|
||||
|
||||
<NATRuleOptions/>
|
||||
</NATRule>
|
||||
<NATRule id="id11397X39764" disabled="False" group="" position="2" action="Translate" comment="">
|
||||
<OSrc neg="False">
|
||||
<OSrc neg="False">
|
||||
<ObjectRef ref="id3DC75CE7-1"/>
|
||||
</OSrc>
|
||||
<ODst neg="False">
|
||||
<ODst neg="False">
|
||||
<ObjectRef ref="sysid0"/>
|
||||
</ODst>
|
||||
<OSrv neg="False">
|
||||
<OSrv neg="False">
|
||||
<ServiceRef ref="sysid1"/>
|
||||
</OSrv>
|
||||
<TSrc neg="False">
|
||||
<TSrc neg="False">
|
||||
<ObjectRef ref="id11417X39764"/>
|
||||
</TSrc>
|
||||
<TDst neg="False">
|
||||
<TDst neg="False">
|
||||
<ObjectRef ref="sysid0"/>
|
||||
</TDst>
|
||||
<TSrv neg="False">
|
||||
<TSrv neg="False">
|
||||
<ServiceRef ref="sysid1"/>
|
||||
</TSrv>
|
||||
<NATRuleOptions/>
|
||||
</NATRule>
|
||||
<ItfInb neg="False"><ObjectRef ref="sysid0"/></ItfInb>
|
||||
<ItfOutb neg="False"><ObjectRef ref="sysid0"/></ItfOutb>
|
||||
|
||||
<NATRuleOptions/>
|
||||
</NATRule>
|
||||
<NATRule id="id15078X39764" disabled="False" group="" position="3" action="Translate" comment="">
|
||||
<OSrc neg="False">
|
||||
<OSrc neg="False">
|
||||
<ObjectRef ref="sysid0"/>
|
||||
</OSrc>
|
||||
<ODst neg="False">
|
||||
<ODst neg="False">
|
||||
<ObjectRef ref="sysid0"/>
|
||||
</ODst>
|
||||
<OSrv neg="False">
|
||||
<OSrv neg="False">
|
||||
<ServiceRef ref="tcp-HTTP"/>
|
||||
</OSrv>
|
||||
<TSrc neg="False">
|
||||
<TSrc neg="False">
|
||||
<ObjectRef ref="sysid0"/>
|
||||
</TSrc>
|
||||
<TDst neg="False">
|
||||
<TDst neg="False">
|
||||
<ObjectRef ref="id15840X39764"/>
|
||||
</TDst>
|
||||
<TSrv neg="False">
|
||||
<TSrv neg="False">
|
||||
<ServiceRef ref="sysid1"/>
|
||||
</TSrv>
|
||||
<NATRuleOptions/>
|
||||
</NATRule>
|
||||
<ItfInb neg="False"><ObjectRef ref="sysid0"/></ItfInb>
|
||||
<ItfOutb neg="False"><ObjectRef ref="sysid0"/></ItfOutb>
|
||||
|
||||
<NATRuleOptions/>
|
||||
</NATRule>
|
||||
<NATRule id="id16591X39764" disabled="False" group="" position="4" action="Translate" comment="">
|
||||
<OSrc neg="False">
|
||||
<OSrc neg="False">
|
||||
<ObjectRef ref="sysid0"/>
|
||||
</OSrc>
|
||||
<ODst neg="False">
|
||||
<ODst neg="False">
|
||||
<ObjectRef ref="sysid0"/>
|
||||
</ODst>
|
||||
<OSrv neg="False">
|
||||
<OSrv neg="False">
|
||||
<ServiceRef ref="tcp-HTTP"/>
|
||||
</OSrv>
|
||||
<TSrc neg="False">
|
||||
<TSrc neg="False">
|
||||
<ObjectRef ref="sysid0"/>
|
||||
</TSrc>
|
||||
<TDst neg="False">
|
||||
<TDst neg="False">
|
||||
<ObjectRef ref="id15840X39764"/>
|
||||
</TDst>
|
||||
<TSrv neg="False">
|
||||
<TSrv neg="False">
|
||||
<ServiceRef ref="sysid1"/>
|
||||
</TSrv>
|
||||
<NATRuleOptions/>
|
||||
</NATRule>
|
||||
<ItfInb neg="False"><ObjectRef ref="sysid0"/></ItfInb>
|
||||
<ItfOutb neg="False"><ObjectRef ref="sysid0"/></ItfOutb>
|
||||
|
||||
<NATRuleOptions/>
|
||||
</NATRule>
|
||||
<NATRule id="id16611X39764" disabled="False" group="" position="5" action="Translate" comment="">
|
||||
<OSrc neg="False">
|
||||
<OSrc neg="False">
|
||||
<ObjectRef ref="sysid0"/>
|
||||
</OSrc>
|
||||
<ODst neg="False">
|
||||
<ODst neg="False">
|
||||
<ObjectRef ref="id11417X39764"/>
|
||||
</ODst>
|
||||
<OSrv neg="False">
|
||||
<OSrv neg="False">
|
||||
<ServiceRef ref="tcp-HTTP"/>
|
||||
</OSrv>
|
||||
<TSrc neg="False">
|
||||
<TSrc neg="False">
|
||||
<ObjectRef ref="sysid0"/>
|
||||
</TSrc>
|
||||
<TDst neg="False">
|
||||
<TDst neg="False">
|
||||
<ObjectRef ref="id15840X39764"/>
|
||||
</TDst>
|
||||
<TSrv neg="False">
|
||||
<TSrv neg="False">
|
||||
<ServiceRef ref="sysid1"/>
|
||||
</TSrv>
|
||||
<NATRuleOptions/>
|
||||
</NATRule>
|
||||
<ItfInb neg="False"><ObjectRef ref="sysid0"/></ItfInb>
|
||||
<ItfOutb neg="False"><ObjectRef ref="sysid0"/></ItfOutb>
|
||||
|
||||
<NATRuleOptions/>
|
||||
</NATRule>
|
||||
<RuleSetOptions/>
|
||||
</NAT>
|
||||
<Policy id="id3639X95766" name="Policy" comment="" ro="False" ipv4_rule_set="False" ipv6_rule_set="False" top_rule_set="True">
|
||||
@ -806,18 +824,18 @@
|
||||
</Management>
|
||||
<FirewallOptions>
|
||||
<Option name="accept_new_tcp_with_no_syn">False</Option>
|
||||
<Option name="activationCmd"></Option>
|
||||
<Option name="admUser"></Option>
|
||||
<Option name="altAddress"></Option>
|
||||
<Option name="activationCmd"/>
|
||||
<Option name="admUser"/>
|
||||
<Option name="altAddress"/>
|
||||
<Option name="check_shading">False</Option>
|
||||
<Option name="cmdline"></Option>
|
||||
<Option name="compiler"></Option>
|
||||
<Option name="cmdline"/>
|
||||
<Option name="compiler"/>
|
||||
<Option name="configure_carp_interfaces">True</Option>
|
||||
<Option name="configure_interfaces">True</Option>
|
||||
<Option name="configure_pfsync_interfaces">True</Option>
|
||||
<Option name="configure_vlan_interfaces">True</Option>
|
||||
<Option name="debug">False</Option>
|
||||
<Option name="epilog_script"></Option>
|
||||
<Option name="epilog_script"/>
|
||||
<Option name="fallback_log">False</Option>
|
||||
<Option name="firewall_dir">/etc</Option>
|
||||
<Option name="ignore_empty_groups">False</Option>
|
||||
@ -826,11 +844,11 @@
|
||||
<Option name="log_prefix">RULE %N -- %A </Option>
|
||||
<Option name="loopback_interface">lo0</Option>
|
||||
<Option name="manage_virtual_addr">True</Option>
|
||||
<Option name="mgmt_addr"></Option>
|
||||
<Option name="mgmt_addr"/>
|
||||
<Option name="mgmt_ssh">False</Option>
|
||||
<Option name="modulate_state">False</Option>
|
||||
<Option name="openbsd_ip_forward">1</Option>
|
||||
<Option name="output_file"></Option>
|
||||
<Option name="output_file"/>
|
||||
<Option name="pass_all_out">false</Option>
|
||||
<Option name="pf_adaptive_end">0</Option>
|
||||
<Option name="pf_adaptive_start">0</Option>
|
||||
@ -850,7 +868,7 @@
|
||||
<Option name="pf_limit_states">10000</Option>
|
||||
<Option name="pf_limit_table_entries">0</Option>
|
||||
<Option name="pf_limit_tables">0</Option>
|
||||
<Option name="pf_optimization"></Option>
|
||||
<Option name="pf_optimization"/>
|
||||
<Option name="pf_other_first">0</Option>
|
||||
<Option name="pf_other_multiple">0</Option>
|
||||
<Option name="pf_other_single">0</Option>
|
||||
@ -890,9 +908,9 @@
|
||||
<Option name="pf_udp_multiple">0</Option>
|
||||
<Option name="pf_udp_single">0</Option>
|
||||
<Option name="prolog_place">fw_file</Option>
|
||||
<Option name="prolog_script"></Option>
|
||||
<Option name="scpArgs"></Option>
|
||||
<Option name="sshArgs"></Option>
|
||||
<Option name="prolog_script"/>
|
||||
<Option name="scpArgs"/>
|
||||
<Option name="sshArgs"/>
|
||||
</FirewallOptions>
|
||||
</Firewall>
|
||||
<Firewall id="id3337X26920" host_OS="openbsd" inactive="False" lastCompiled="0" lastInstalled="0" lastModified="1244783399" platform="pf" version="4.x" name="openbsd-2" comment="" ro="False">
|
||||
@ -920,18 +938,18 @@
|
||||
</Management>
|
||||
<FirewallOptions>
|
||||
<Option name="accept_new_tcp_with_no_syn">False</Option>
|
||||
<Option name="activationCmd"></Option>
|
||||
<Option name="admUser"></Option>
|
||||
<Option name="altAddress"></Option>
|
||||
<Option name="activationCmd"/>
|
||||
<Option name="admUser"/>
|
||||
<Option name="altAddress"/>
|
||||
<Option name="check_shading">False</Option>
|
||||
<Option name="cmdline"></Option>
|
||||
<Option name="compiler"></Option>
|
||||
<Option name="cmdline"/>
|
||||
<Option name="compiler"/>
|
||||
<Option name="configure_carp_interfaces">True</Option>
|
||||
<Option name="configure_interfaces">True</Option>
|
||||
<Option name="configure_pfsync_interfaces">False</Option>
|
||||
<Option name="configure_vlan_interfaces">False</Option>
|
||||
<Option name="debug">False</Option>
|
||||
<Option name="epilog_script"></Option>
|
||||
<Option name="epilog_script"/>
|
||||
<Option name="fallback_log">False</Option>
|
||||
<Option name="firewall_dir">/etc</Option>
|
||||
<Option name="ignore_empty_groups">False</Option>
|
||||
@ -940,11 +958,11 @@
|
||||
<Option name="log_prefix">RULE %N -- %A </Option>
|
||||
<Option name="loopback_interface">lo0</Option>
|
||||
<Option name="manage_virtual_addr">True</Option>
|
||||
<Option name="mgmt_addr"></Option>
|
||||
<Option name="mgmt_addr"/>
|
||||
<Option name="mgmt_ssh">False</Option>
|
||||
<Option name="modulate_state">False</Option>
|
||||
<Option name="openbsd_ip_forward">1</Option>
|
||||
<Option name="output_file"></Option>
|
||||
<Option name="output_file"/>
|
||||
<Option name="pass_all_out">false</Option>
|
||||
<Option name="pf_adaptive_end">0</Option>
|
||||
<Option name="pf_adaptive_start">0</Option>
|
||||
@ -964,7 +982,7 @@
|
||||
<Option name="pf_limit_states">10000</Option>
|
||||
<Option name="pf_limit_table_entries">0</Option>
|
||||
<Option name="pf_limit_tables">0</Option>
|
||||
<Option name="pf_optimization"></Option>
|
||||
<Option name="pf_optimization"/>
|
||||
<Option name="pf_other_first">0</Option>
|
||||
<Option name="pf_other_multiple">0</Option>
|
||||
<Option name="pf_other_single">0</Option>
|
||||
@ -1004,9 +1022,9 @@
|
||||
<Option name="pf_udp_multiple">0</Option>
|
||||
<Option name="pf_udp_single">0</Option>
|
||||
<Option name="prolog_place">fw_file</Option>
|
||||
<Option name="prolog_script"></Option>
|
||||
<Option name="scpArgs"></Option>
|
||||
<Option name="sshArgs"></Option>
|
||||
<Option name="prolog_script"/>
|
||||
<Option name="scpArgs"/>
|
||||
<Option name="sshArgs"/>
|
||||
</FirewallOptions>
|
||||
</Firewall>
|
||||
<Cluster id="id3867X13237" host_OS="linux24" lastCompiled="0" lastInstalled="0" lastModified="0" platform="iptables" name="vrrp_cluster_2" comment="" ro="False">
|
||||
@ -1094,9 +1112,9 @@
|
||||
<Option name="iface_disablearp">False</Option>
|
||||
<Option name="iface_disableboot">False</Option>
|
||||
<Option name="iface_mtu">1500</Option>
|
||||
<Option name="iface_options"></Option>
|
||||
<Option name="iface_options"/>
|
||||
<Option name="type">ethernet</Option>
|
||||
<Option name="vlan_id"></Option>
|
||||
<Option name="vlan_id"/>
|
||||
</InterfaceOptions>
|
||||
</Interface>
|
||||
<Interface id="id4038X2906" dedicated_failover="False" dyn="False" label="" mgmt="False" security_level="100" unnum="False" unprotected="False" name="lo" comment="" ro="False">
|
||||
@ -1114,28 +1132,28 @@
|
||||
<FirewallOptions>
|
||||
<Option name="accept_established">True</Option>
|
||||
<Option name="accept_new_tcp_with_no_syn">True</Option>
|
||||
<Option name="action_on_reject"></Option>
|
||||
<Option name="activationCmd"></Option>
|
||||
<Option name="admUser"></Option>
|
||||
<Option name="altAddress"></Option>
|
||||
<Option name="action_on_reject"/>
|
||||
<Option name="activationCmd"/>
|
||||
<Option name="admUser"/>
|
||||
<Option name="altAddress"/>
|
||||
<Option name="bridging_fw">False</Option>
|
||||
<Option name="check_shading">False</Option>
|
||||
<Option name="clamp_mss_to_mtu">False</Option>
|
||||
<Option name="classify_mark_terminating">False</Option>
|
||||
<Option name="cmdline"></Option>
|
||||
<Option name="compiler"></Option>
|
||||
<Option name="cmdline"/>
|
||||
<Option name="compiler"/>
|
||||
<Option name="configure_interfaces">True</Option>
|
||||
<Option name="debug">False</Option>
|
||||
<Option name="drop_invalid">False</Option>
|
||||
<Option name="eliminate_duplicates">true</Option>
|
||||
<Option name="epilog_script"></Option>
|
||||
<Option name="epilog_script"/>
|
||||
<Option name="firewall_dir">/etc</Option>
|
||||
<Option name="firewall_is_part_of_any_and_networks">True</Option>
|
||||
<Option name="flush_and_set_default_policy">True</Option>
|
||||
<Option name="freebsd_ip_forward">1</Option>
|
||||
<Option name="ignore_empty_groups">False</Option>
|
||||
<Option name="ipv4_6_order">ipv4_first</Option>
|
||||
<Option name="limit_suffix"></Option>
|
||||
<Option name="limit_suffix"/>
|
||||
<Option name="limit_value">0</Option>
|
||||
<Option name="linux24_ip_forward">1</Option>
|
||||
<Option name="load_modules">True</Option>
|
||||
@ -1150,11 +1168,11 @@
|
||||
<Option name="loopback_interface">lo</Option>
|
||||
<Option name="macosx_ip_forward">1</Option>
|
||||
<Option name="manage_virtual_addr">True</Option>
|
||||
<Option name="mgmt_addr"></Option>
|
||||
<Option name="mgmt_addr"/>
|
||||
<Option name="mgmt_ssh">False</Option>
|
||||
<Option name="modules_dir">/lib/modules/`uname -r`/kernel/net/</Option>
|
||||
<Option name="openbsd_ip_forward">1</Option>
|
||||
<Option name="output_file"></Option>
|
||||
<Option name="output_file"/>
|
||||
<Option name="pf_limit_frags">5000</Option>
|
||||
<Option name="pf_limit_states">10000</Option>
|
||||
<Option name="pf_timeout_frag">30</Option>
|
||||
@ -1172,13 +1190,13 @@
|
||||
<Option name="pix_syslog_device_id_supported">false</Option>
|
||||
<Option name="pix_use_acl_remarks">true</Option>
|
||||
<Option name="prolog_place">top</Option>
|
||||
<Option name="prolog_script"></Option>
|
||||
<Option name="scpArgs"></Option>
|
||||
<Option name="prolog_script"/>
|
||||
<Option name="scpArgs"/>
|
||||
<Option name="secuwall_add_files">False</Option>
|
||||
<Option name="secuwall_add_files_dir">/opt/secuwall/templates/default</Option>
|
||||
<Option name="secuwall_dns_reso1">files</Option>
|
||||
<Option name="solaris_ip_forward">1</Option>
|
||||
<Option name="sshArgs"></Option>
|
||||
<Option name="sshArgs"/>
|
||||
<Option name="ulog_cprange">0</Option>
|
||||
<Option name="ulog_nlgroup">1</Option>
|
||||
<Option name="ulog_qthreshold">1</Option>
|
||||
@ -1225,9 +1243,9 @@
|
||||
<Option name="iface_disablearp">False</Option>
|
||||
<Option name="iface_disableboot">False</Option>
|
||||
<Option name="iface_mtu">1500</Option>
|
||||
<Option name="iface_options"></Option>
|
||||
<Option name="iface_options"/>
|
||||
<Option name="type">bonding</Option>
|
||||
<Option name="vlan_id"></Option>
|
||||
<Option name="vlan_id"/>
|
||||
</InterfaceOptions>
|
||||
<Interface id="id3807X49120" dedicated_failover="False" dyn="False" label="" security_level="0" unnum="False" unprotected="False" name="eth2" comment="" ro="False">
|
||||
<InterfaceOptions>
|
||||
@ -1250,28 +1268,28 @@
|
||||
<FirewallOptions>
|
||||
<Option name="accept_established">True</Option>
|
||||
<Option name="accept_new_tcp_with_no_syn">True</Option>
|
||||
<Option name="action_on_reject"></Option>
|
||||
<Option name="activationCmd"></Option>
|
||||
<Option name="admUser"></Option>
|
||||
<Option name="altAddress"></Option>
|
||||
<Option name="action_on_reject"/>
|
||||
<Option name="activationCmd"/>
|
||||
<Option name="admUser"/>
|
||||
<Option name="altAddress"/>
|
||||
<Option name="bridging_fw">False</Option>
|
||||
<Option name="check_shading">False</Option>
|
||||
<Option name="clamp_mss_to_mtu">False</Option>
|
||||
<Option name="classify_mark_terminating">False</Option>
|
||||
<Option name="cmdline"></Option>
|
||||
<Option name="compiler"></Option>
|
||||
<Option name="cmdline"/>
|
||||
<Option name="compiler"/>
|
||||
<Option name="configure_interfaces">True</Option>
|
||||
<Option name="debug">False</Option>
|
||||
<Option name="drop_invalid">False</Option>
|
||||
<Option name="eliminate_duplicates">true</Option>
|
||||
<Option name="epilog_script"></Option>
|
||||
<Option name="epilog_script"/>
|
||||
<Option name="firewall_dir">/etc</Option>
|
||||
<Option name="firewall_is_part_of_any_and_networks">True</Option>
|
||||
<Option name="flush_and_set_default_policy">True</Option>
|
||||
<Option name="freebsd_ip_forward">1</Option>
|
||||
<Option name="ignore_empty_groups">False</Option>
|
||||
<Option name="ipv4_6_order">ipv4_first</Option>
|
||||
<Option name="limit_suffix"></Option>
|
||||
<Option name="limit_suffix"/>
|
||||
<Option name="limit_value">0</Option>
|
||||
<Option name="linux24_ip_forward">1</Option>
|
||||
<Option name="load_modules">True</Option>
|
||||
@ -1286,11 +1304,11 @@
|
||||
<Option name="loopback_interface">lo</Option>
|
||||
<Option name="macosx_ip_forward">1</Option>
|
||||
<Option name="manage_virtual_addr">True</Option>
|
||||
<Option name="mgmt_addr"></Option>
|
||||
<Option name="mgmt_addr"/>
|
||||
<Option name="mgmt_ssh">False</Option>
|
||||
<Option name="modules_dir">/lib/modules/`uname -r`/kernel/net/</Option>
|
||||
<Option name="openbsd_ip_forward">1</Option>
|
||||
<Option name="output_file"></Option>
|
||||
<Option name="output_file"/>
|
||||
<Option name="pf_limit_frags">5000</Option>
|
||||
<Option name="pf_limit_states">10000</Option>
|
||||
<Option name="pf_timeout_frag">30</Option>
|
||||
@ -1308,13 +1326,13 @@
|
||||
<Option name="pix_syslog_device_id_supported">false</Option>
|
||||
<Option name="pix_use_acl_remarks">true</Option>
|
||||
<Option name="prolog_place">top</Option>
|
||||
<Option name="prolog_script"></Option>
|
||||
<Option name="scpArgs"></Option>
|
||||
<Option name="prolog_script"/>
|
||||
<Option name="scpArgs"/>
|
||||
<Option name="secuwall_add_files">False</Option>
|
||||
<Option name="secuwall_add_files_dir">/opt/secuwall/templates/default</Option>
|
||||
<Option name="secuwall_dns_reso1">files</Option>
|
||||
<Option name="solaris_ip_forward">1</Option>
|
||||
<Option name="sshArgs"></Option>
|
||||
<Option name="sshArgs"/>
|
||||
<Option name="ulog_cprange">0</Option>
|
||||
<Option name="ulog_nlgroup">1</Option>
|
||||
<Option name="ulog_qthreshold">1</Option>
|
||||
@ -1377,7 +1395,7 @@
|
||||
<InterfaceOptions>
|
||||
<Option name="bonding_mode">blance xor</Option>
|
||||
<Option name="bonding_policy">balance-xor</Option>
|
||||
<Option name="bondng_driver_options"></Option>
|
||||
<Option name="bondng_driver_options"/>
|
||||
<Option name="dev_plus_vid">False</Option>
|
||||
<Option name="dev_plus_vid_no_pad">False</Option>
|
||||
<Option name="enable_stp">True</Option>
|
||||
@ -1407,12 +1425,12 @@
|
||||
<Interface id="id6778X41225" dedicated_failover="False" dyn="False" label="" security_level="0" unnum="False" unprotected="False" name="bond1.123" comment="" ro="False">
|
||||
<IPv4 id="id16320X39036" name="linux-bonding-1:bond1:bond1.123:ip" comment="" ro="False" address="172.16.2.1" netmask="255.255.255.0"/>
|
||||
<InterfaceOptions>
|
||||
<Option name="bonding_policy"></Option>
|
||||
<Option name="bondng_driver_options"></Option>
|
||||
<Option name="bonding_policy"/>
|
||||
<Option name="bondng_driver_options"/>
|
||||
<Option name="enable_stp">False</Option>
|
||||
<Option name="type">8021q</Option>
|
||||
<Option name="vlan_id">123</Option>
|
||||
<Option name="xmit_hash_policy"></Option>
|
||||
<Option name="xmit_hash_policy"/>
|
||||
</InterfaceOptions>
|
||||
</Interface>
|
||||
</Interface>
|
||||
@ -1438,16 +1456,16 @@
|
||||
<FirewallOptions>
|
||||
<Option name="accept_established">True</Option>
|
||||
<Option name="accept_new_tcp_with_no_syn">True</Option>
|
||||
<Option name="action_on_reject"></Option>
|
||||
<Option name="activationCmd"></Option>
|
||||
<Option name="admUser"></Option>
|
||||
<Option name="altAddress"></Option>
|
||||
<Option name="action_on_reject"/>
|
||||
<Option name="activationCmd"/>
|
||||
<Option name="admUser"/>
|
||||
<Option name="altAddress"/>
|
||||
<Option name="bridging_fw">False</Option>
|
||||
<Option name="check_shading">False</Option>
|
||||
<Option name="clamp_mss_to_mtu">False</Option>
|
||||
<Option name="classify_mark_terminating">False</Option>
|
||||
<Option name="cmdline"></Option>
|
||||
<Option name="compiler"></Option>
|
||||
<Option name="cmdline"/>
|
||||
<Option name="compiler"/>
|
||||
<Option name="configure_bonding_interfaces">True</Option>
|
||||
<Option name="configure_bridge_interfaces">True</Option>
|
||||
<Option name="configure_interfaces">True</Option>
|
||||
@ -1455,14 +1473,14 @@
|
||||
<Option name="debug">False</Option>
|
||||
<Option name="drop_invalid">False</Option>
|
||||
<Option name="eliminate_duplicates">true</Option>
|
||||
<Option name="epilog_script"></Option>
|
||||
<Option name="epilog_script"/>
|
||||
<Option name="firewall_dir">/etc</Option>
|
||||
<Option name="firewall_is_part_of_any_and_networks">True</Option>
|
||||
<Option name="flush_and_set_default_policy">True</Option>
|
||||
<Option name="freebsd_ip_forward">1</Option>
|
||||
<Option name="ignore_empty_groups">False</Option>
|
||||
<Option name="ipv4_6_order">ipv4_first</Option>
|
||||
<Option name="limit_suffix"></Option>
|
||||
<Option name="limit_suffix"/>
|
||||
<Option name="limit_value">0</Option>
|
||||
<Option name="linux24_ip_forward">1</Option>
|
||||
<Option name="load_modules">True</Option>
|
||||
@ -1477,11 +1495,11 @@
|
||||
<Option name="loopback_interface">lo</Option>
|
||||
<Option name="macosx_ip_forward">1</Option>
|
||||
<Option name="manage_virtual_addr">True</Option>
|
||||
<Option name="mgmt_addr"></Option>
|
||||
<Option name="mgmt_addr"/>
|
||||
<Option name="mgmt_ssh">False</Option>
|
||||
<Option name="modules_dir">/lib/modules/`uname -r`/kernel/net/</Option>
|
||||
<Option name="openbsd_ip_forward">1</Option>
|
||||
<Option name="output_file"></Option>
|
||||
<Option name="output_file"/>
|
||||
<Option name="pf_limit_frags">5000</Option>
|
||||
<Option name="pf_limit_states">10000</Option>
|
||||
<Option name="pf_timeout_frag">30</Option>
|
||||
@ -1499,13 +1517,13 @@
|
||||
<Option name="pix_syslog_device_id_supported">false</Option>
|
||||
<Option name="pix_use_acl_remarks">true</Option>
|
||||
<Option name="prolog_place">top</Option>
|
||||
<Option name="prolog_script"></Option>
|
||||
<Option name="scpArgs"></Option>
|
||||
<Option name="prolog_script"/>
|
||||
<Option name="scpArgs"/>
|
||||
<Option name="secuwall_add_files">False</Option>
|
||||
<Option name="secuwall_add_files_dir">/opt/secuwall/templates/default</Option>
|
||||
<Option name="secuwall_dns_reso1">files</Option>
|
||||
<Option name="solaris_ip_forward">1</Option>
|
||||
<Option name="sshArgs"></Option>
|
||||
<Option name="sshArgs"/>
|
||||
<Option name="ulog_cprange">0</Option>
|
||||
<Option name="ulog_nlgroup">1</Option>
|
||||
<Option name="ulog_qthreshold">1</Option>
|
||||
@ -1547,26 +1565,29 @@
|
||||
<Cluster id="id3433X13311" host_OS="linux24" inactive="False" lastCompiled="1251482764" lastInstalled="0" lastModified="1253910805" platform="iptables" name="heartbeat_cluster_1" comment="This is an example of linux/heartbeat cluster with two policy rule sets. Branching rule in the top policy passes control to rule set to_fw, which is different in member firewalls. See ticket #372 for explanation. " ro="False">
|
||||
<NAT id="id3587X13311" name="NAT" comment="" ro="False" ipv4_rule_set="False" ipv6_rule_set="False" top_rule_set="True">
|
||||
<NATRule id="id3588X13311" disabled="False" position="0" action="Translate" comment="">
|
||||
<OSrc neg="False">
|
||||
<OSrc neg="False">
|
||||
<ObjectRef ref="id3DC75CE7-1"/>
|
||||
</OSrc>
|
||||
<ODst neg="False">
|
||||
<ODst neg="False">
|
||||
<ObjectRef ref="sysid0"/>
|
||||
</ODst>
|
||||
<OSrv neg="False">
|
||||
<OSrv neg="False">
|
||||
<ServiceRef ref="sysid1"/>
|
||||
</OSrv>
|
||||
<TSrc neg="False">
|
||||
<TSrc neg="False">
|
||||
<ObjectRef ref="sysid0"/>
|
||||
</TSrc>
|
||||
<TDst neg="False">
|
||||
<TDst neg="False">
|
||||
<ObjectRef ref="sysid0"/>
|
||||
</TDst>
|
||||
<TSrv neg="False">
|
||||
<TSrv neg="False">
|
||||
<ServiceRef ref="sysid1"/>
|
||||
</TSrv>
|
||||
<NATRuleOptions/>
|
||||
</NATRule>
|
||||
<ItfInb neg="False"><ObjectRef ref="sysid0"/></ItfInb>
|
||||
<ItfOutb neg="False"><ObjectRef ref="sysid0"/></ItfOutb>
|
||||
|
||||
<NATRuleOptions/>
|
||||
</NATRule>
|
||||
<RuleSetOptions/>
|
||||
</NAT>
|
||||
<Policy id="id3465X13311" name="Policy" comment="" ro="False" ipv4_rule_set="False" ipv6_rule_set="False" top_rule_set="True">
|
||||
@ -1698,12 +1719,12 @@
|
||||
<IntervalRef ref="sysid2"/>
|
||||
</When>
|
||||
<PolicyRuleOptions>
|
||||
<Option name="action_on_reject"></Option>
|
||||
<Option name="action_on_reject"/>
|
||||
<Option name="branch_id">id6187X76214</Option>
|
||||
<Option name="classify_str"></Option>
|
||||
<Option name="classify_str"/>
|
||||
<Option name="connlimit_masklen">0</Option>
|
||||
<Option name="connlimit_value">0</Option>
|
||||
<Option name="custom_str"></Option>
|
||||
<Option name="custom_str"/>
|
||||
<Option name="firewall_is_part_of_any_and_networks">False</Option>
|
||||
<Option name="hashlimit_burst">0</Option>
|
||||
<Option name="hashlimit_dstlimit">False</Option>
|
||||
@ -1714,34 +1735,34 @@
|
||||
<Option name="hashlimit_mode_dstport">False</Option>
|
||||
<Option name="hashlimit_mode_srcip">False</Option>
|
||||
<Option name="hashlimit_mode_srcport">False</Option>
|
||||
<Option name="hashlimit_name"></Option>
|
||||
<Option name="hashlimit_name"/>
|
||||
<Option name="hashlimit_size">0</Option>
|
||||
<Option name="hashlimit_suffix"></Option>
|
||||
<Option name="hashlimit_suffix"/>
|
||||
<Option name="hashlimit_value">0</Option>
|
||||
<Option name="ipf_route_opt_addr"></Option>
|
||||
<Option name="ipf_route_opt_if"></Option>
|
||||
<Option name="ipf_route_opt_addr"/>
|
||||
<Option name="ipf_route_opt_if"/>
|
||||
<Option name="ipf_route_option">route_through</Option>
|
||||
<Option name="ipfw_classify_method">2</Option>
|
||||
<Option name="ipfw_pipe_port_num">0</Option>
|
||||
<Option name="ipfw_pipe_queue_num">0</Option>
|
||||
<Option name="ipt_branch_in_mangle">False</Option>
|
||||
<Option name="ipt_continue">False</Option>
|
||||
<Option name="ipt_gw"></Option>
|
||||
<Option name="ipt_iif"></Option>
|
||||
<Option name="ipt_gw"/>
|
||||
<Option name="ipt_iif"/>
|
||||
<Option name="ipt_mark_connections">False</Option>
|
||||
<Option name="ipt_oif"></Option>
|
||||
<Option name="ipt_oif"/>
|
||||
<Option name="ipt_tee">False</Option>
|
||||
<Option name="limit_burst">0</Option>
|
||||
<Option name="limit_suffix"></Option>
|
||||
<Option name="limit_suffix"/>
|
||||
<Option name="limit_value">0</Option>
|
||||
<Option name="log_level"></Option>
|
||||
<Option name="log_prefix"></Option>
|
||||
<Option name="log_level"/>
|
||||
<Option name="log_prefix"/>
|
||||
<Option name="pf_fastroute">False</Option>
|
||||
<Option name="pf_route_load_option">none</Option>
|
||||
<Option name="pf_route_opt_addr"></Option>
|
||||
<Option name="pf_route_opt_if"></Option>
|
||||
<Option name="pf_route_opt_addr"/>
|
||||
<Option name="pf_route_opt_if"/>
|
||||
<Option name="pf_route_option">none</Option>
|
||||
<Option name="rule_name_accounting"></Option>
|
||||
<Option name="rule_name_accounting"/>
|
||||
<Option name="stateless">True</Option>
|
||||
<Option name="ulog_nlgroup">1</Option>
|
||||
</PolicyRuleOptions>
|
||||
@ -1775,15 +1796,15 @@
|
||||
<Option name="hashlimit_mode_dstport">False</Option>
|
||||
<Option name="hashlimit_mode_srcip">False</Option>
|
||||
<Option name="hashlimit_mode_srcport">False</Option>
|
||||
<Option name="hashlimit_name"></Option>
|
||||
<Option name="hashlimit_name"/>
|
||||
<Option name="hashlimit_size">0</Option>
|
||||
<Option name="hashlimit_suffix"></Option>
|
||||
<Option name="hashlimit_suffix"/>
|
||||
<Option name="hashlimit_value">0</Option>
|
||||
<Option name="limit_burst">0</Option>
|
||||
<Option name="limit_suffix"></Option>
|
||||
<Option name="limit_suffix"/>
|
||||
<Option name="limit_value">0</Option>
|
||||
<Option name="log_level"></Option>
|
||||
<Option name="log_prefix"></Option>
|
||||
<Option name="log_level"/>
|
||||
<Option name="log_prefix"/>
|
||||
<Option name="stateless">True</Option>
|
||||
<Option name="ulog_nlgroup">1</Option>
|
||||
</PolicyRuleOptions>
|
||||
@ -1897,7 +1918,7 @@
|
||||
</FailoverClusterGroup>
|
||||
</Interface>
|
||||
<FirewallOptions>
|
||||
<Option name="ipt_mangle_only_rulesets"></Option>
|
||||
<Option name="ipt_mangle_only_rulesets"/>
|
||||
</FirewallOptions>
|
||||
<StateSyncClusterGroup id="id3604X13311" master_iface="id2843X69605" type="conntrack" name="State Sync Group" comment="">
|
||||
<ObjectRef ref="id2843X69605"/>
|
||||
@ -1911,26 +1932,29 @@
|
||||
<Cluster id="id4400X28690" host_OS="linux24" inactive="False" lastCompiled="1248555910" lastInstalled="0" lastModified="1253911350" platform="iptables" name="openais_cluster_1" comment="" ro="False">
|
||||
<NAT id="id4568X28690" name="NAT" comment="" ro="False" ipv4_rule_set="False" ipv6_rule_set="False" top_rule_set="True">
|
||||
<NATRule id="id4569X28690" disabled="False" position="0" action="Translate" comment="">
|
||||
<OSrc neg="False">
|
||||
<OSrc neg="False">
|
||||
<ObjectRef ref="id3DC75CE7-1"/>
|
||||
</OSrc>
|
||||
<ODst neg="False">
|
||||
<ODst neg="False">
|
||||
<ObjectRef ref="sysid0"/>
|
||||
</ODst>
|
||||
<OSrv neg="False">
|
||||
<OSrv neg="False">
|
||||
<ServiceRef ref="sysid1"/>
|
||||
</OSrv>
|
||||
<TSrc neg="False">
|
||||
<TSrc neg="False">
|
||||
<ObjectRef ref="sysid0"/>
|
||||
</TSrc>
|
||||
<TDst neg="False">
|
||||
<TDst neg="False">
|
||||
<ObjectRef ref="sysid0"/>
|
||||
</TDst>
|
||||
<TSrv neg="False">
|
||||
<TSrv neg="False">
|
||||
<ServiceRef ref="sysid1"/>
|
||||
</TSrv>
|
||||
<NATRuleOptions/>
|
||||
</NATRule>
|
||||
<ItfInb neg="False"><ObjectRef ref="sysid0"/></ItfInb>
|
||||
<ItfOutb neg="False"><ObjectRef ref="sysid0"/></ItfOutb>
|
||||
|
||||
<NATRuleOptions/>
|
||||
</NATRule>
|
||||
<RuleSetOptions/>
|
||||
</NAT>
|
||||
<Policy id="id4434X28690" name="Policy" comment="" ro="False" ipv4_rule_set="False" ipv6_rule_set="False" top_rule_set="True">
|
||||
@ -2074,15 +2098,15 @@
|
||||
<Option name="hashlimit_mode_dstport">False</Option>
|
||||
<Option name="hashlimit_mode_srcip">False</Option>
|
||||
<Option name="hashlimit_mode_srcport">False</Option>
|
||||
<Option name="hashlimit_name"></Option>
|
||||
<Option name="hashlimit_name"/>
|
||||
<Option name="hashlimit_size">0</Option>
|
||||
<Option name="hashlimit_suffix"></Option>
|
||||
<Option name="hashlimit_suffix"/>
|
||||
<Option name="hashlimit_value">0</Option>
|
||||
<Option name="limit_burst">0</Option>
|
||||
<Option name="limit_suffix"></Option>
|
||||
<Option name="limit_suffix"/>
|
||||
<Option name="limit_value">0</Option>
|
||||
<Option name="log_level"></Option>
|
||||
<Option name="log_prefix"></Option>
|
||||
<Option name="log_level"/>
|
||||
<Option name="log_prefix"/>
|
||||
<Option name="stateless">True</Option>
|
||||
<Option name="ulog_nlgroup">1</Option>
|
||||
</PolicyRuleOptions>
|
||||
@ -2116,15 +2140,15 @@
|
||||
<Option name="hashlimit_mode_dstport">False</Option>
|
||||
<Option name="hashlimit_mode_srcip">False</Option>
|
||||
<Option name="hashlimit_mode_srcport">False</Option>
|
||||
<Option name="hashlimit_name"></Option>
|
||||
<Option name="hashlimit_name"/>
|
||||
<Option name="hashlimit_size">0</Option>
|
||||
<Option name="hashlimit_suffix"></Option>
|
||||
<Option name="hashlimit_suffix"/>
|
||||
<Option name="hashlimit_value">0</Option>
|
||||
<Option name="limit_burst">0</Option>
|
||||
<Option name="limit_suffix"></Option>
|
||||
<Option name="limit_suffix"/>
|
||||
<Option name="limit_value">0</Option>
|
||||
<Option name="log_level"></Option>
|
||||
<Option name="log_prefix"></Option>
|
||||
<Option name="log_level"/>
|
||||
<Option name="log_prefix"/>
|
||||
<Option name="stateless">True</Option>
|
||||
<Option name="ulog_nlgroup">1</Option>
|
||||
</PolicyRuleOptions>
|
||||
@ -2261,26 +2285,29 @@
|
||||
<Cluster id="id2772X94039" host_OS="linux24" inactive="False" lastCompiled="1248541095" lastInstalled="0" lastModified="1253911174" platform="iptables" name="vrrp_cluster_1" comment="" ro="False">
|
||||
<NAT id="id2866X94039" name="NAT" comment="" ro="False" ipv4_rule_set="False" ipv6_rule_set="False" top_rule_set="True">
|
||||
<NATRule id="id2867X94039" disabled="False" position="0" action="Translate" comment="">
|
||||
<OSrc neg="False">
|
||||
<OSrc neg="False">
|
||||
<ObjectRef ref="id3DC75CE7-1"/>
|
||||
</OSrc>
|
||||
<ODst neg="False">
|
||||
<ODst neg="False">
|
||||
<ObjectRef ref="sysid0"/>
|
||||
</ODst>
|
||||
<OSrv neg="False">
|
||||
<OSrv neg="False">
|
||||
<ServiceRef ref="sysid1"/>
|
||||
</OSrv>
|
||||
<TSrc neg="False">
|
||||
<TSrc neg="False">
|
||||
<ObjectRef ref="sysid0"/>
|
||||
</TSrc>
|
||||
<TDst neg="False">
|
||||
<TDst neg="False">
|
||||
<ObjectRef ref="sysid0"/>
|
||||
</TDst>
|
||||
<TSrv neg="False">
|
||||
<TSrv neg="False">
|
||||
<ServiceRef ref="sysid1"/>
|
||||
</TSrv>
|
||||
<NATRuleOptions/>
|
||||
</NATRule>
|
||||
<ItfInb neg="False"><ObjectRef ref="sysid0"/></ItfInb>
|
||||
<ItfOutb neg="False"><ObjectRef ref="sysid0"/></ItfOutb>
|
||||
|
||||
<NATRuleOptions/>
|
||||
</NATRule>
|
||||
<RuleSetOptions/>
|
||||
</NAT>
|
||||
<Policy id="id2780X94039" name="Policy" comment="" ro="False" ipv4_rule_set="False" ipv6_rule_set="False" top_rule_set="True">
|
||||
@ -2424,15 +2451,15 @@
|
||||
<Option name="hashlimit_mode_dstport">False</Option>
|
||||
<Option name="hashlimit_mode_srcip">False</Option>
|
||||
<Option name="hashlimit_mode_srcport">False</Option>
|
||||
<Option name="hashlimit_name"></Option>
|
||||
<Option name="hashlimit_name"/>
|
||||
<Option name="hashlimit_size">0</Option>
|
||||
<Option name="hashlimit_suffix"></Option>
|
||||
<Option name="hashlimit_suffix"/>
|
||||
<Option name="hashlimit_value">0</Option>
|
||||
<Option name="limit_burst">0</Option>
|
||||
<Option name="limit_suffix"></Option>
|
||||
<Option name="limit_suffix"/>
|
||||
<Option name="limit_value">0</Option>
|
||||
<Option name="log_level"></Option>
|
||||
<Option name="log_prefix"></Option>
|
||||
<Option name="log_level"/>
|
||||
<Option name="log_prefix"/>
|
||||
<Option name="stateless">True</Option>
|
||||
<Option name="ulog_nlgroup">1</Option>
|
||||
</PolicyRuleOptions>
|
||||
@ -2558,26 +2585,29 @@
|
||||
<Cluster id="id3937X13563" host_OS="linux24" lastCompiled="1248541096" lastInstalled="0" lastModified="1251419063" platform="iptables" name="vrrp_cluster_2" comment="" ro="False">
|
||||
<NAT id="id3941X13563" name="NAT" comment="" ro="False" ipv4_rule_set="False" ipv6_rule_set="False" top_rule_set="True">
|
||||
<NATRule id="id5083X25627" disabled="False" position="0" action="Translate" comment="">
|
||||
<OSrc neg="False">
|
||||
<OSrc neg="False">
|
||||
<ObjectRef ref="id3DC75CE7-1"/>
|
||||
</OSrc>
|
||||
<ODst neg="False">
|
||||
<ODst neg="False">
|
||||
<ObjectRef ref="sysid0"/>
|
||||
</ODst>
|
||||
<OSrv neg="False">
|
||||
<OSrv neg="False">
|
||||
<ServiceRef ref="sysid1"/>
|
||||
</OSrv>
|
||||
<TSrc neg="False">
|
||||
<TSrc neg="False">
|
||||
<ObjectRef ref="sysid0"/>
|
||||
</TSrc>
|
||||
<TDst neg="False">
|
||||
<TDst neg="False">
|
||||
<ObjectRef ref="sysid0"/>
|
||||
</TDst>
|
||||
<TSrv neg="False">
|
||||
<TSrv neg="False">
|
||||
<ServiceRef ref="sysid1"/>
|
||||
</TSrv>
|
||||
<NATRuleOptions/>
|
||||
</NATRule>
|
||||
<ItfInb neg="False"><ObjectRef ref="sysid0"/></ItfInb>
|
||||
<ItfOutb neg="False"><ObjectRef ref="sysid0"/></ItfOutb>
|
||||
|
||||
<NATRuleOptions/>
|
||||
</NATRule>
|
||||
<RuleSetOptions/>
|
||||
</NAT>
|
||||
<Policy id="id3940X13563" name="Policy" comment="" ro="False" ipv4_rule_set="False" ipv6_rule_set="False" top_rule_set="True">
|
||||
@ -2721,15 +2751,15 @@
|
||||
<Option name="hashlimit_mode_dstport">False</Option>
|
||||
<Option name="hashlimit_mode_srcip">False</Option>
|
||||
<Option name="hashlimit_mode_srcport">False</Option>
|
||||
<Option name="hashlimit_name"></Option>
|
||||
<Option name="hashlimit_name"/>
|
||||
<Option name="hashlimit_size">0</Option>
|
||||
<Option name="hashlimit_suffix"></Option>
|
||||
<Option name="hashlimit_suffix"/>
|
||||
<Option name="hashlimit_value">0</Option>
|
||||
<Option name="limit_burst">0</Option>
|
||||
<Option name="limit_suffix"></Option>
|
||||
<Option name="limit_suffix"/>
|
||||
<Option name="limit_value">0</Option>
|
||||
<Option name="log_level"></Option>
|
||||
<Option name="log_prefix"></Option>
|
||||
<Option name="log_level"/>
|
||||
<Option name="log_prefix"/>
|
||||
<Option name="stateless">True</Option>
|
||||
<Option name="ulog_nlgroup">1</Option>
|
||||
</PolicyRuleOptions>
|
||||
@ -2901,16 +2931,16 @@
|
||||
<FirewallOptions>
|
||||
<Option name="accept_established">True</Option>
|
||||
<Option name="accept_new_tcp_with_no_syn">True</Option>
|
||||
<Option name="action_on_reject"></Option>
|
||||
<Option name="activationCmd"></Option>
|
||||
<Option name="admUser"></Option>
|
||||
<Option name="altAddress"></Option>
|
||||
<Option name="action_on_reject"/>
|
||||
<Option name="activationCmd"/>
|
||||
<Option name="admUser"/>
|
||||
<Option name="altAddress"/>
|
||||
<Option name="bridging_fw">False</Option>
|
||||
<Option name="check_shading">False</Option>
|
||||
<Option name="clamp_mss_to_mtu">False</Option>
|
||||
<Option name="classify_mark_terminating">False</Option>
|
||||
<Option name="cmdline"></Option>
|
||||
<Option name="compiler"></Option>
|
||||
<Option name="cmdline"/>
|
||||
<Option name="compiler"/>
|
||||
<Option name="configure_bonding_interfaces">True</Option>
|
||||
<Option name="configure_bridge_interfaces">True</Option>
|
||||
<Option name="configure_interfaces">True</Option>
|
||||
@ -2918,14 +2948,14 @@
|
||||
<Option name="debug">False</Option>
|
||||
<Option name="drop_invalid">False</Option>
|
||||
<Option name="eliminate_duplicates">true</Option>
|
||||
<Option name="epilog_script"></Option>
|
||||
<Option name="epilog_script"/>
|
||||
<Option name="firewall_dir">/etc</Option>
|
||||
<Option name="firewall_is_part_of_any_and_networks">True</Option>
|
||||
<Option name="flush_and_set_default_policy">True</Option>
|
||||
<Option name="freebsd_ip_forward">1</Option>
|
||||
<Option name="ignore_empty_groups">False</Option>
|
||||
<Option name="ipv4_6_order">ipv4_first</Option>
|
||||
<Option name="limit_suffix"></Option>
|
||||
<Option name="limit_suffix"/>
|
||||
<Option name="limit_value">0</Option>
|
||||
<Option name="linux24_ip_forward">1</Option>
|
||||
<Option name="load_modules">True</Option>
|
||||
@ -2940,11 +2970,11 @@
|
||||
<Option name="loopback_interface">lo</Option>
|
||||
<Option name="macosx_ip_forward">1</Option>
|
||||
<Option name="manage_virtual_addr">True</Option>
|
||||
<Option name="mgmt_addr"></Option>
|
||||
<Option name="mgmt_addr"/>
|
||||
<Option name="mgmt_ssh">False</Option>
|
||||
<Option name="modules_dir">/lib/modules/`uname -r`/kernel/net/</Option>
|
||||
<Option name="openbsd_ip_forward">1</Option>
|
||||
<Option name="output_file"></Option>
|
||||
<Option name="output_file"/>
|
||||
<Option name="pf_limit_frags">5000</Option>
|
||||
<Option name="pf_limit_states">10000</Option>
|
||||
<Option name="pf_timeout_frag">30</Option>
|
||||
@ -2962,13 +2992,13 @@
|
||||
<Option name="pix_syslog_device_id_supported">false</Option>
|
||||
<Option name="pix_use_acl_remarks">true</Option>
|
||||
<Option name="prolog_place">top</Option>
|
||||
<Option name="prolog_script"></Option>
|
||||
<Option name="scpArgs"></Option>
|
||||
<Option name="prolog_script"/>
|
||||
<Option name="scpArgs"/>
|
||||
<Option name="secuwall_add_files">False</Option>
|
||||
<Option name="secuwall_add_files_dir">/opt/secuwall/templates/default</Option>
|
||||
<Option name="secuwall_dns_reso1">files</Option>
|
||||
<Option name="solaris_ip_forward">1</Option>
|
||||
<Option name="sshArgs"></Option>
|
||||
<Option name="sshArgs"/>
|
||||
<Option name="ulog_cprange">0</Option>
|
||||
<Option name="ulog_nlgroup">1</Option>
|
||||
<Option name="ulog_qthreshold">1</Option>
|
||||
@ -3007,6 +3037,9 @@
|
||||
<TSrv neg="False">
|
||||
<ServiceRef ref="sysid1"/>
|
||||
</TSrv>
|
||||
<ItfInb neg="False"><ObjectRef ref="sysid0"/></ItfInb>
|
||||
<ItfOutb neg="False"><ObjectRef ref="sysid0"/></ItfOutb>
|
||||
|
||||
<NATRuleOptions/>
|
||||
</NATRule>
|
||||
<RuleSetOptions/>
|
||||
@ -3248,15 +3281,15 @@
|
||||
<Option name="hashlimit_mode_dstport">False</Option>
|
||||
<Option name="hashlimit_mode_srcip">False</Option>
|
||||
<Option name="hashlimit_mode_srcport">False</Option>
|
||||
<Option name="hashlimit_name"></Option>
|
||||
<Option name="hashlimit_name"/>
|
||||
<Option name="hashlimit_size">0</Option>
|
||||
<Option name="hashlimit_suffix">/second</Option>
|
||||
<Option name="hashlimit_value">10</Option>
|
||||
<Option name="limit_burst">0</Option>
|
||||
<Option name="limit_suffix"></Option>
|
||||
<Option name="limit_suffix"/>
|
||||
<Option name="limit_value">0</Option>
|
||||
<Option name="log_level"></Option>
|
||||
<Option name="log_prefix"></Option>
|
||||
<Option name="log_level"/>
|
||||
<Option name="log_prefix"/>
|
||||
<Option name="stateless">True</Option>
|
||||
<Option name="ulog_nlgroup">1</Option>
|
||||
</PolicyRuleOptions>
|
||||
@ -3298,16 +3331,16 @@
|
||||
<FirewallOptions>
|
||||
<Option name="accept_established">True</Option>
|
||||
<Option name="accept_new_tcp_with_no_syn">True</Option>
|
||||
<Option name="action_on_reject"></Option>
|
||||
<Option name="activationCmd"></Option>
|
||||
<Option name="admUser"></Option>
|
||||
<Option name="altAddress"></Option>
|
||||
<Option name="action_on_reject"/>
|
||||
<Option name="activationCmd"/>
|
||||
<Option name="admUser"/>
|
||||
<Option name="altAddress"/>
|
||||
<Option name="bridging_fw">False</Option>
|
||||
<Option name="check_shading">False</Option>
|
||||
<Option name="clamp_mss_to_mtu">False</Option>
|
||||
<Option name="classify_mark_terminating">False</Option>
|
||||
<Option name="cmdline"></Option>
|
||||
<Option name="compiler"></Option>
|
||||
<Option name="cmdline"/>
|
||||
<Option name="compiler"/>
|
||||
<Option name="configure_interfaces">True</Option>
|
||||
<Option name="configure_vlan_interfaces">True</Option>
|
||||
<Option name="ctiqbe_fixup">2 2748 0 nil 0</Option>
|
||||
@ -3315,7 +3348,7 @@
|
||||
<Option name="dns_fixup">2 65535 0 nil 0</Option>
|
||||
<Option name="drop_invalid">False</Option>
|
||||
<Option name="eliminate_duplicates">true</Option>
|
||||
<Option name="epilog_script"></Option>
|
||||
<Option name="epilog_script"/>
|
||||
<Option name="espike_fixup">2 0 0 nil 0</Option>
|
||||
<Option name="firewall_dir">/etc</Option>
|
||||
<Option name="firewall_is_part_of_any_and_networks">True</Option>
|
||||
@ -3331,9 +3364,9 @@
|
||||
<Option name="iosacl_add_clear_statements">true</Option>
|
||||
<Option name="iosacl_assume_fw_part_of_any">true</Option>
|
||||
<Option name="iosacl_include_comments">true</Option>
|
||||
<Option name="ipt_mangle_only_rulesets"></Option>
|
||||
<Option name="ipt_mangle_only_rulesets"/>
|
||||
<Option name="ipv4_6_order">ipv4_first</Option>
|
||||
<Option name="limit_suffix"></Option>
|
||||
<Option name="limit_suffix"/>
|
||||
<Option name="limit_value">0</Option>
|
||||
<Option name="linux24_ip_forward">1</Option>
|
||||
<Option name="load_modules">True</Option>
|
||||
@ -3349,11 +3382,11 @@
|
||||
<Option name="macosx_ip_forward">1</Option>
|
||||
<Option name="manage_virtual_addr">True</Option>
|
||||
<Option name="mgcp_fixup">2 2427 2727 nil 0</Option>
|
||||
<Option name="mgmt_addr"></Option>
|
||||
<Option name="mgmt_addr"/>
|
||||
<Option name="mgmt_ssh">False</Option>
|
||||
<Option name="modules_dir">/lib/modules/`uname -r`/kernel/net/</Option>
|
||||
<Option name="openbsd_ip_forward">1</Option>
|
||||
<Option name="output_file"></Option>
|
||||
<Option name="output_file"/>
|
||||
<Option name="pf_limit_frags">5000</Option>
|
||||
<Option name="pf_limit_states">10000</Option>
|
||||
<Option name="pf_timeout_frag">30</Option>
|
||||
@ -3373,10 +3406,10 @@
|
||||
<Option name="pix_use_acl_remarks">true</Option>
|
||||
<Option name="pptp_fixup">2 1723 0 nil 0</Option>
|
||||
<Option name="prolog_place">top</Option>
|
||||
<Option name="prolog_script"></Option>
|
||||
<Option name="prolog_script"/>
|
||||
<Option name="rsh_fixup">2 514 0 nil 0</Option>
|
||||
<Option name="rtsp_fixup">2 554 0 nil 0</Option>
|
||||
<Option name="scpArgs"></Option>
|
||||
<Option name="scpArgs"/>
|
||||
<Option name="secuwall_add_files">False</Option>
|
||||
<Option name="secuwall_add_files_dir">/opt/secuwall/templates/default</Option>
|
||||
<Option name="secuwall_dns_reso1">files</Option>
|
||||
@ -3386,7 +3419,7 @@
|
||||
<Option name="smtp_fixup">2 25 25 nil 0</Option>
|
||||
<Option name="solaris_ip_forward">1</Option>
|
||||
<Option name="sqlnet_fixup">2 1521 1521 nil 0</Option>
|
||||
<Option name="sshArgs"></Option>
|
||||
<Option name="sshArgs"/>
|
||||
<Option name="tftp_fixup">2 69 0 nil 0</Option>
|
||||
<Option name="ulog_cprange">0</Option>
|
||||
<Option name="ulog_nlgroup">1</Option>
|
||||
@ -3434,15 +3467,15 @@
|
||||
<Option name="hashlimit_mode_dstport">False</Option>
|
||||
<Option name="hashlimit_mode_srcip">False</Option>
|
||||
<Option name="hashlimit_mode_srcport">False</Option>
|
||||
<Option name="hashlimit_name"></Option>
|
||||
<Option name="hashlimit_name"/>
|
||||
<Option name="hashlimit_size">0</Option>
|
||||
<Option name="hashlimit_suffix">/second</Option>
|
||||
<Option name="hashlimit_value">20</Option>
|
||||
<Option name="limit_burst">0</Option>
|
||||
<Option name="limit_suffix"></Option>
|
||||
<Option name="limit_suffix"/>
|
||||
<Option name="limit_value">0</Option>
|
||||
<Option name="log_level"></Option>
|
||||
<Option name="log_prefix"></Option>
|
||||
<Option name="log_level"/>
|
||||
<Option name="log_prefix"/>
|
||||
<Option name="stateless">True</Option>
|
||||
<Option name="ulog_nlgroup">1</Option>
|
||||
</PolicyRuleOptions>
|
||||
@ -3472,21 +3505,21 @@
|
||||
<FirewallOptions>
|
||||
<Option name="accept_established">True</Option>
|
||||
<Option name="accept_new_tcp_with_no_syn">True</Option>
|
||||
<Option name="action_on_reject"></Option>
|
||||
<Option name="activationCmd"></Option>
|
||||
<Option name="admUser"></Option>
|
||||
<Option name="altAddress"></Option>
|
||||
<Option name="action_on_reject"/>
|
||||
<Option name="activationCmd"/>
|
||||
<Option name="admUser"/>
|
||||
<Option name="altAddress"/>
|
||||
<Option name="bridging_fw">False</Option>
|
||||
<Option name="check_shading">False</Option>
|
||||
<Option name="clamp_mss_to_mtu">False</Option>
|
||||
<Option name="classify_mark_terminating">False</Option>
|
||||
<Option name="cmdline"></Option>
|
||||
<Option name="compiler"></Option>
|
||||
<Option name="cmdline"/>
|
||||
<Option name="compiler"/>
|
||||
<Option name="configure_interfaces">True</Option>
|
||||
<Option name="debug">False</Option>
|
||||
<Option name="drop_invalid">False</Option>
|
||||
<Option name="eliminate_duplicates">true</Option>
|
||||
<Option name="epilog_script"></Option>
|
||||
<Option name="epilog_script"/>
|
||||
<Option name="firewall_dir">/etc</Option>
|
||||
<Option name="firewall_is_part_of_any_and_networks">True</Option>
|
||||
<Option name="flush_and_set_default_policy">True</Option>
|
||||
@ -3495,9 +3528,9 @@
|
||||
<Option name="iosacl_add_clear_statements">true</Option>
|
||||
<Option name="iosacl_assume_fw_part_of_any">true</Option>
|
||||
<Option name="iosacl_include_comments">true</Option>
|
||||
<Option name="ipt_mangle_only_rulesets"></Option>
|
||||
<Option name="ipt_mangle_only_rulesets"/>
|
||||
<Option name="ipv4_6_order">ipv4_first</Option>
|
||||
<Option name="limit_suffix"></Option>
|
||||
<Option name="limit_suffix"/>
|
||||
<Option name="limit_value">0</Option>
|
||||
<Option name="linux24_ip_forward">1</Option>
|
||||
<Option name="load_modules">True</Option>
|
||||
@ -3512,11 +3545,11 @@
|
||||
<Option name="loopback_interface">lo</Option>
|
||||
<Option name="macosx_ip_forward">1</Option>
|
||||
<Option name="manage_virtual_addr">True</Option>
|
||||
<Option name="mgmt_addr"></Option>
|
||||
<Option name="mgmt_addr"/>
|
||||
<Option name="mgmt_ssh">False</Option>
|
||||
<Option name="modules_dir">/lib/modules/`uname -r`/kernel/net/</Option>
|
||||
<Option name="openbsd_ip_forward">1</Option>
|
||||
<Option name="output_file"></Option>
|
||||
<Option name="output_file"/>
|
||||
<Option name="pf_limit_frags">5000</Option>
|
||||
<Option name="pf_limit_states">10000</Option>
|
||||
<Option name="pf_timeout_frag">30</Option>
|
||||
@ -3534,13 +3567,13 @@
|
||||
<Option name="pix_syslog_device_id_supported">false</Option>
|
||||
<Option name="pix_use_acl_remarks">true</Option>
|
||||
<Option name="prolog_place">top</Option>
|
||||
<Option name="prolog_script"></Option>
|
||||
<Option name="scpArgs"></Option>
|
||||
<Option name="prolog_script"/>
|
||||
<Option name="scpArgs"/>
|
||||
<Option name="secuwall_add_files">False</Option>
|
||||
<Option name="secuwall_add_files_dir">/opt/secuwall/templates/default</Option>
|
||||
<Option name="secuwall_dns_reso1">files</Option>
|
||||
<Option name="solaris_ip_forward">1</Option>
|
||||
<Option name="sshArgs"></Option>
|
||||
<Option name="sshArgs"/>
|
||||
<Option name="ulog_cprange">0</Option>
|
||||
<Option name="ulog_nlgroup">1</Option>
|
||||
<Option name="ulog_qthreshold">1</Option>
|
||||
|
||||
@ -1,6 +1,6 @@
|
||||
<?xml version="1.0" encoding="utf-8"?>
|
||||
<!DOCTYPE FWObjectDatabase SYSTEM "fwbuilder.dtd">
|
||||
<FWObjectDatabase xmlns="http://www.fwbuilder.org/1.0/" version="17" lastModified="1269897518" id="root">
|
||||
<FWObjectDatabase xmlns="http://www.fwbuilder.org/1.0/" version="18" lastModified="1269897518" id="root">
|
||||
<Library id="syslib000" color="#d4f8ff" name="Standard" comment="Standard objects" ro="True">
|
||||
<AnyNetwork id="sysid0" name="Any" comment="Any Network" ro="False" address="0.0.0.0" netmask="0.0.0.0"/>
|
||||
<AnyIPService id="sysid1" protocol_num="0" name="Any" comment="Any IP Service" ro="False"/>
|
||||
@ -51,9 +51,9 @@
|
||||
<PolicyInstallScript arguments="" command="" enabled="False"/>
|
||||
</Management>
|
||||
<HostOptions>
|
||||
<Option name="snmp_contact"></Option>
|
||||
<Option name="snmp_description"></Option>
|
||||
<Option name="snmp_location"></Option>
|
||||
<Option name="snmp_contact"/>
|
||||
<Option name="snmp_description"/>
|
||||
<Option name="snmp_location"/>
|
||||
<Option name="use_mac_addr">false</Option>
|
||||
<Option name="use_mac_addr_filter">False</Option>
|
||||
</HostOptions>
|
||||
@ -69,9 +69,9 @@
|
||||
<PolicyInstallScript arguments="" command="" enabled="False"/>
|
||||
</Management>
|
||||
<HostOptions>
|
||||
<Option name="snmp_contact"></Option>
|
||||
<Option name="snmp_description"></Option>
|
||||
<Option name="snmp_location"></Option>
|
||||
<Option name="snmp_contact"/>
|
||||
<Option name="snmp_description"/>
|
||||
<Option name="snmp_location"/>
|
||||
<Option name="use_mac_addr">false</Option>
|
||||
<Option name="use_mac_addr_filter">False</Option>
|
||||
</HostOptions>
|
||||
@ -100,17 +100,17 @@
|
||||
</ObjectGroup>
|
||||
<ServiceGroup id="stdid05" name="Services" comment="" ro="False">
|
||||
<CustomService id="stdid14_1" name="ESTABLISHED" comment="This service matches all packets which are part of network connections established through the firewall, or connections 'related' to those established through the firewall. Term 'established' refers to the state tracking mechanism which exists inside iptables and other stateful firewalls and does not mean any particular combination of packet header options. Packet is considered to correspond to the state 'ESTABLISHED' if it belongs to the network session, for which proper initiation has been seen by the firewall, so its stateful inspection module made appropriate record in the state table. Usually stateful firewalls keep track of network connections using not only tcp protocol, but also udp and sometimes even icmp protocols. 'RELATED' describes packet belonging to a separate network connection, related to the session firewall is keeping track of. One example is FTP command and FTP data sessions." ro="False" protocol="any" address_family="ipv4">
|
||||
<CustomServiceCommand platform="Undefined"></CustomServiceCommand>
|
||||
<CustomServiceCommand platform="Undefined"/>
|
||||
<CustomServiceCommand platform="iosacl">established</CustomServiceCommand>
|
||||
<CustomServiceCommand platform="ipfilter"></CustomServiceCommand>
|
||||
<CustomServiceCommand platform="ipfilter"/>
|
||||
<CustomServiceCommand platform="ipfw">established</CustomServiceCommand>
|
||||
<CustomServiceCommand platform="iptables">-m state --state ESTABLISHED,RELATED</CustomServiceCommand>
|
||||
<CustomServiceCommand platform="procurve_acl">established</CustomServiceCommand>
|
||||
</CustomService>
|
||||
<CustomService id="stdid14_2" name="ESTABLISHED ipv6" comment="This service matches all packets which are part of network connections established through the firewall, or connections 'related' to those established through the firewall. Term 'established' refers to the state tracking mechanism which exists inside iptables and other stateful firewalls and does not mean any particular combination of packet header options. Packet is considered to correspond to the state 'ESTABLISHED' if it belongs to the network session, for which proper initiation has been seen by the firewall, so its stateful inspection module made appropriate record in the state table. Usually stateful firewalls keep track of network connections using not only tcp protocol, but also udp and sometimes even icmp protocols. 'RELATED' describes packet belonging to a separate network connection, related to the session firewall is keeping track of. One example is FTP command and FTP data sessions." ro="False" protocol="any" address_family="ipv6">
|
||||
<CustomServiceCommand platform="Undefined"></CustomServiceCommand>
|
||||
<CustomServiceCommand platform="Undefined"/>
|
||||
<CustomServiceCommand platform="iosacl">established</CustomServiceCommand>
|
||||
<CustomServiceCommand platform="ipfilter"></CustomServiceCommand>
|
||||
<CustomServiceCommand platform="ipfilter"/>
|
||||
<CustomServiceCommand platform="ipfw">established</CustomServiceCommand>
|
||||
<CustomServiceCommand platform="iptables">-m state --state ESTABLISHED,RELATED</CustomServiceCommand>
|
||||
<CustomServiceCommand platform="procurve_acl">established</CustomServiceCommand>
|
||||
@ -359,54 +359,54 @@
|
||||
</ServiceGroup>
|
||||
<ServiceGroup id="stdid13" name="Custom" comment="" ro="False">
|
||||
<CustomService id="id3B64EEA8" name="rpc" comment="works in iptables and requires patch-o-matic. For more information look for patch-o-matic on http://www.netfilter.org/" ro="False" protocol="any" address_family="ipv4">
|
||||
<CustomServiceCommand platform="Undefined"></CustomServiceCommand>
|
||||
<CustomServiceCommand platform="ipf"></CustomServiceCommand>
|
||||
<CustomServiceCommand platform="ipfilter"></CustomServiceCommand>
|
||||
<CustomServiceCommand platform="ipfw"></CustomServiceCommand>
|
||||
<CustomServiceCommand platform="Undefined"/>
|
||||
<CustomServiceCommand platform="ipf"/>
|
||||
<CustomServiceCommand platform="ipfilter"/>
|
||||
<CustomServiceCommand platform="ipfw"/>
|
||||
<CustomServiceCommand platform="iptables">-m record_rpc</CustomServiceCommand>
|
||||
<CustomServiceCommand platform="pf"></CustomServiceCommand>
|
||||
<CustomServiceCommand platform="pix"></CustomServiceCommand>
|
||||
<CustomServiceCommand platform="unknown"></CustomServiceCommand>
|
||||
<CustomServiceCommand platform="pf"/>
|
||||
<CustomServiceCommand platform="pix"/>
|
||||
<CustomServiceCommand platform="unknown"/>
|
||||
</CustomService>
|
||||
<CustomService id="id3B64EF4E" name="irc-conn" comment="IRC connection tracker, supports DCC. Works on iptables and requires patch-o-matic. For more information look for patch-o-matic on http://www.netfilter.org/ " ro="False" protocol="any" address_family="ipv4">
|
||||
<CustomServiceCommand platform="Undefined"></CustomServiceCommand>
|
||||
<CustomServiceCommand platform="ipf"></CustomServiceCommand>
|
||||
<CustomServiceCommand platform="ipfilter"></CustomServiceCommand>
|
||||
<CustomServiceCommand platform="ipfw"></CustomServiceCommand>
|
||||
<CustomServiceCommand platform="Undefined"/>
|
||||
<CustomServiceCommand platform="ipf"/>
|
||||
<CustomServiceCommand platform="ipfilter"/>
|
||||
<CustomServiceCommand platform="ipfw"/>
|
||||
<CustomServiceCommand platform="iptables">-m irc</CustomServiceCommand>
|
||||
<CustomServiceCommand platform="pf"></CustomServiceCommand>
|
||||
<CustomServiceCommand platform="pix"></CustomServiceCommand>
|
||||
<CustomServiceCommand platform="unknown"></CustomServiceCommand>
|
||||
<CustomServiceCommand platform="pf"/>
|
||||
<CustomServiceCommand platform="pix"/>
|
||||
<CustomServiceCommand platform="unknown"/>
|
||||
</CustomService>
|
||||
<CustomService id="id3B64EF50" name="psd" comment="Port scan detector, works only on iptables and requires patch-o-matic For more information look for patch-o-matic on http://www.netfilter.org/" ro="False" protocol="any" address_family="ipv4">
|
||||
<CustomServiceCommand platform="Undefined"></CustomServiceCommand>
|
||||
<CustomServiceCommand platform="ipf"></CustomServiceCommand>
|
||||
<CustomServiceCommand platform="ipfilter"></CustomServiceCommand>
|
||||
<CustomServiceCommand platform="ipfw"></CustomServiceCommand>
|
||||
<CustomServiceCommand platform="Undefined"/>
|
||||
<CustomServiceCommand platform="ipf"/>
|
||||
<CustomServiceCommand platform="ipfilter"/>
|
||||
<CustomServiceCommand platform="ipfw"/>
|
||||
<CustomServiceCommand platform="iptables">-m psd --psd-weight-threshold 5 --psd-delay-threshold 10000</CustomServiceCommand>
|
||||
<CustomServiceCommand platform="pf"></CustomServiceCommand>
|
||||
<CustomServiceCommand platform="pix"></CustomServiceCommand>
|
||||
<CustomServiceCommand platform="unknown"></CustomServiceCommand>
|
||||
<CustomServiceCommand platform="pf"/>
|
||||
<CustomServiceCommand platform="pix"/>
|
||||
<CustomServiceCommand platform="unknown"/>
|
||||
</CustomService>
|
||||
<CustomService id="id3B64EF52" name="string" comment="Matches a string in a whole packet, works in iptables and requires patch-o-matic. For more information look for patch-o-matic on http://www.netfilter.org/" ro="False" protocol="any" address_family="ipv4">
|
||||
<CustomServiceCommand platform="Undefined"></CustomServiceCommand>
|
||||
<CustomServiceCommand platform="ipf"></CustomServiceCommand>
|
||||
<CustomServiceCommand platform="ipfilter"></CustomServiceCommand>
|
||||
<CustomServiceCommand platform="ipfw"></CustomServiceCommand>
|
||||
<CustomServiceCommand platform="Undefined"/>
|
||||
<CustomServiceCommand platform="ipf"/>
|
||||
<CustomServiceCommand platform="ipfilter"/>
|
||||
<CustomServiceCommand platform="ipfw"/>
|
||||
<CustomServiceCommand platform="iptables">-m string --string test_pattern</CustomServiceCommand>
|
||||
<CustomServiceCommand platform="pf"></CustomServiceCommand>
|
||||
<CustomServiceCommand platform="pix"></CustomServiceCommand>
|
||||
<CustomServiceCommand platform="unknown"></CustomServiceCommand>
|
||||
<CustomServiceCommand platform="pf"/>
|
||||
<CustomServiceCommand platform="pix"/>
|
||||
<CustomServiceCommand platform="unknown"/>
|
||||
</CustomService>
|
||||
<CustomService id="id3B64EF54" name="talk" comment="Talk protocol support. Works in iptables and requires patch-o-matic. For more information look for patch-o-matic on http://www.netfilter.org/" ro="False" protocol="any" address_family="ipv4">
|
||||
<CustomServiceCommand platform="Undefined"></CustomServiceCommand>
|
||||
<CustomServiceCommand platform="ipf"></CustomServiceCommand>
|
||||
<CustomServiceCommand platform="ipfilter"></CustomServiceCommand>
|
||||
<CustomServiceCommand platform="ipfw"></CustomServiceCommand>
|
||||
<CustomServiceCommand platform="Undefined"/>
|
||||
<CustomServiceCommand platform="ipf"/>
|
||||
<CustomServiceCommand platform="ipfilter"/>
|
||||
<CustomServiceCommand platform="ipfw"/>
|
||||
<CustomServiceCommand platform="iptables">-m talk</CustomServiceCommand>
|
||||
<CustomServiceCommand platform="pf"></CustomServiceCommand>
|
||||
<CustomServiceCommand platform="pix"></CustomServiceCommand>
|
||||
<CustomServiceCommand platform="unknown"></CustomServiceCommand>
|
||||
<CustomServiceCommand platform="pf"/>
|
||||
<CustomServiceCommand platform="pix"/>
|
||||
<CustomServiceCommand platform="unknown"/>
|
||||
</CustomService>
|
||||
</ServiceGroup>
|
||||
<ServiceGroup id="stdid19" name="TagServices" comment="" ro="False"/>
|
||||
@ -588,34 +588,34 @@
|
||||
<ServiceGroup id="id4511637123682" name="UDP" comment="" ro="False"/>
|
||||
<ServiceGroup id="id4511637223682" name="Custom" comment="" ro="False">
|
||||
<CustomService id="id4226X64279" name="dscp af11" comment="" ro="False" protocol="tcp" address_family="ipv4">
|
||||
<CustomServiceCommand platform="fwsm"></CustomServiceCommand>
|
||||
<CustomServiceCommand platform="fwsm"/>
|
||||
<CustomServiceCommand platform="iosacl">dscp af11</CustomServiceCommand>
|
||||
<CustomServiceCommand platform="ipf"></CustomServiceCommand>
|
||||
<CustomServiceCommand platform="ipfw"></CustomServiceCommand>
|
||||
<CustomServiceCommand platform="iptables"></CustomServiceCommand>
|
||||
<CustomServiceCommand platform="pf"></CustomServiceCommand>
|
||||
<CustomServiceCommand platform="pix"></CustomServiceCommand>
|
||||
<CustomServiceCommand platform="unknown"></CustomServiceCommand>
|
||||
<CustomServiceCommand platform="ipf"/>
|
||||
<CustomServiceCommand platform="ipfw"/>
|
||||
<CustomServiceCommand platform="iptables"/>
|
||||
<CustomServiceCommand platform="pf"/>
|
||||
<CustomServiceCommand platform="pix"/>
|
||||
<CustomServiceCommand platform="unknown"/>
|
||||
</CustomService>
|
||||
<CustomService id="id8888X64279" name="esp dscp af12" comment="" ro="False" protocol="50" address_family="ipv4">
|
||||
<CustomServiceCommand platform="fwsm"></CustomServiceCommand>
|
||||
<CustomServiceCommand platform="fwsm"/>
|
||||
<CustomServiceCommand platform="iosacl">dscp af12</CustomServiceCommand>
|
||||
<CustomServiceCommand platform="ipf"></CustomServiceCommand>
|
||||
<CustomServiceCommand platform="ipfw"></CustomServiceCommand>
|
||||
<CustomServiceCommand platform="iptables"></CustomServiceCommand>
|
||||
<CustomServiceCommand platform="pf"></CustomServiceCommand>
|
||||
<CustomServiceCommand platform="pix"></CustomServiceCommand>
|
||||
<CustomServiceCommand platform="unknown"></CustomServiceCommand>
|
||||
<CustomServiceCommand platform="ipf"/>
|
||||
<CustomServiceCommand platform="ipfw"/>
|
||||
<CustomServiceCommand platform="iptables"/>
|
||||
<CustomServiceCommand platform="pf"/>
|
||||
<CustomServiceCommand platform="pix"/>
|
||||
<CustomServiceCommand platform="unknown"/>
|
||||
</CustomService>
|
||||
<CustomService id="id26068X65694" name="esp dscp af11 ipv6" comment="" ro="False" protocol="50" address_family="ipv6">
|
||||
<CustomServiceCommand platform="fwsm"></CustomServiceCommand>
|
||||
<CustomServiceCommand platform="fwsm"/>
|
||||
<CustomServiceCommand platform="iosacl">dscp af11</CustomServiceCommand>
|
||||
<CustomServiceCommand platform="ipf"></CustomServiceCommand>
|
||||
<CustomServiceCommand platform="ipfw"></CustomServiceCommand>
|
||||
<CustomServiceCommand platform="iptables"></CustomServiceCommand>
|
||||
<CustomServiceCommand platform="pf"></CustomServiceCommand>
|
||||
<CustomServiceCommand platform="pix"></CustomServiceCommand>
|
||||
<CustomServiceCommand platform="unknown"></CustomServiceCommand>
|
||||
<CustomServiceCommand platform="ipf"/>
|
||||
<CustomServiceCommand platform="ipfw"/>
|
||||
<CustomServiceCommand platform="iptables"/>
|
||||
<CustomServiceCommand platform="pf"/>
|
||||
<CustomServiceCommand platform="pix"/>
|
||||
<CustomServiceCommand platform="unknown"/>
|
||||
</CustomService>
|
||||
</ServiceGroup>
|
||||
<ServiceGroup id="id4511637323682" name="TagServices" comment="" ro="False"/>
|
||||
@ -1134,10 +1134,10 @@
|
||||
<Option name="accept_established">true</Option>
|
||||
<Option name="accept_new_tcp_with_no_syn">true</Option>
|
||||
<Option name="add_check_state_rule">true</Option>
|
||||
<Option name="admUser"></Option>
|
||||
<Option name="altAddress"></Option>
|
||||
<Option name="admUser"/>
|
||||
<Option name="altAddress"/>
|
||||
<Option name="check_shading">False</Option>
|
||||
<Option name="compiler"></Option>
|
||||
<Option name="compiler"/>
|
||||
<Option name="configure_interfaces">true</Option>
|
||||
<Option name="eliminate_duplicates">true</Option>
|
||||
<Option name="filesystem">/etc</Option>
|
||||
@ -1166,8 +1166,8 @@
|
||||
<Option name="iosacl_logging_trap_level">3</Option>
|
||||
<Option name="iosacl_prolog_script">! This is prolog</Option>
|
||||
<Option name="iosacl_regroup_commands">False</Option>
|
||||
<Option name="iosacl_syslog_facility"></Option>
|
||||
<Option name="iosacl_syslog_host"></Option>
|
||||
<Option name="iosacl_syslog_facility"/>
|
||||
<Option name="iosacl_syslog_host"/>
|
||||
<Option name="iosacl_use_acl_remarks">False</Option>
|
||||
<Option name="ipv4_6_order">ipv4_first</Option>
|
||||
<Option name="limit_value">0</Option>
|
||||
@ -1182,7 +1182,7 @@
|
||||
<Option name="mgmt_addr">1.1.1.100</Option>
|
||||
<Option name="mgmt_ssh">True</Option>
|
||||
<Option name="openbsd_ip_forward">1</Option>
|
||||
<Option name="output_file"></Option>
|
||||
<Option name="output_file"/>
|
||||
<Option name="pass_all_out">false</Option>
|
||||
<Option name="pf_limit_frags">5000</Option>
|
||||
<Option name="pf_limit_states">10000</Option>
|
||||
@ -1203,9 +1203,9 @@
|
||||
<Option name="pix_use_acl_remarks">true</Option>
|
||||
<Option name="prompt1">$ </Option>
|
||||
<Option name="prompt2"> # </Option>
|
||||
<Option name="scpArgs"></Option>
|
||||
<Option name="scpArgs"/>
|
||||
<Option name="solaris_ip_forward">1</Option>
|
||||
<Option name="sshArgs"></Option>
|
||||
<Option name="sshArgs"/>
|
||||
<Option name="ulog_nlgroup">1</Option>
|
||||
<Option name="use_scp">False</Option>
|
||||
<Option name="verify_interfaces">true</Option>
|
||||
@ -1592,10 +1592,10 @@
|
||||
<Option name="accept_established">true</Option>
|
||||
<Option name="accept_new_tcp_with_no_syn">true</Option>
|
||||
<Option name="add_check_state_rule">true</Option>
|
||||
<Option name="admUser"></Option>
|
||||
<Option name="altAddress"></Option>
|
||||
<Option name="admUser"/>
|
||||
<Option name="altAddress"/>
|
||||
<Option name="check_shading">False</Option>
|
||||
<Option name="compiler"></Option>
|
||||
<Option name="compiler"/>
|
||||
<Option name="configure_interfaces">true</Option>
|
||||
<Option name="eliminate_duplicates">true</Option>
|
||||
<Option name="firewall_dir">/etc</Option>
|
||||
@ -1608,21 +1608,21 @@
|
||||
<Option name="iosacl_acl_basic">True</Option>
|
||||
<Option name="iosacl_acl_no_clear">False</Option>
|
||||
<Option name="iosacl_acl_substitution">False</Option>
|
||||
<Option name="iosacl_acl_temp_addr"></Option>
|
||||
<Option name="iosacl_acl_temp_addr"/>
|
||||
<Option name="iosacl_add_clear_statements">true</Option>
|
||||
<Option name="iosacl_assume_fw_part_of_any">true</Option>
|
||||
<Option name="iosacl_epilog_script"></Option>
|
||||
<Option name="iosacl_epilog_script"/>
|
||||
<Option name="iosacl_include_comments">True</Option>
|
||||
<Option name="iosacl_logging_buffered">False</Option>
|
||||
<Option name="iosacl_logging_buffered_level"></Option>
|
||||
<Option name="iosacl_logging_buffered_level"/>
|
||||
<Option name="iosacl_logging_console">False</Option>
|
||||
<Option name="iosacl_logging_console_level"></Option>
|
||||
<Option name="iosacl_logging_console_level"/>
|
||||
<Option name="iosacl_logging_timestamp">False</Option>
|
||||
<Option name="iosacl_logging_trap_level"></Option>
|
||||
<Option name="iosacl_prolog_script"></Option>
|
||||
<Option name="iosacl_logging_trap_level"/>
|
||||
<Option name="iosacl_prolog_script"/>
|
||||
<Option name="iosacl_regroup_commands">False</Option>
|
||||
<Option name="iosacl_syslog_facility"></Option>
|
||||
<Option name="iosacl_syslog_host"></Option>
|
||||
<Option name="iosacl_syslog_facility"/>
|
||||
<Option name="iosacl_syslog_host"/>
|
||||
<Option name="limit_value">0</Option>
|
||||
<Option name="linux24_ip_forward">1</Option>
|
||||
<Option name="load_modules">true</Option>
|
||||
@ -1632,10 +1632,10 @@
|
||||
<Option name="loopback_interface">lo0</Option>
|
||||
<Option name="macosx_ip_forward">1</Option>
|
||||
<Option name="manage_virtual_addr">true</Option>
|
||||
<Option name="mgmt_addr"></Option>
|
||||
<Option name="mgmt_addr"/>
|
||||
<Option name="mgmt_ssh">False</Option>
|
||||
<Option name="openbsd_ip_forward">1</Option>
|
||||
<Option name="output_file"></Option>
|
||||
<Option name="output_file"/>
|
||||
<Option name="pass_all_out">false</Option>
|
||||
<Option name="pf_limit_frags">5000</Option>
|
||||
<Option name="pf_limit_states">10000</Option>
|
||||
@ -1657,7 +1657,7 @@
|
||||
<Option name="prompt1">$ </Option>
|
||||
<Option name="prompt2"> # </Option>
|
||||
<Option name="solaris_ip_forward">1</Option>
|
||||
<Option name="sshArgs"></Option>
|
||||
<Option name="sshArgs"/>
|
||||
<Option name="ulog_nlgroup">1</Option>
|
||||
<Option name="verify_interfaces">true</Option>
|
||||
</FirewallOptions>
|
||||
@ -2131,8 +2131,8 @@
|
||||
<Option name="accept_established">true</Option>
|
||||
<Option name="accept_new_tcp_with_no_syn">true</Option>
|
||||
<Option name="add_check_state_rule">true</Option>
|
||||
<Option name="admUser"></Option>
|
||||
<Option name="altAddress"></Option>
|
||||
<Option name="admUser"/>
|
||||
<Option name="altAddress"/>
|
||||
<Option name="check_shading">False</Option>
|
||||
<Option name="configure_interfaces">true</Option>
|
||||
<Option name="eliminate_duplicates">true</Option>
|
||||
@ -2150,7 +2150,7 @@
|
||||
<Option name="iosacl_acl_temp_addr">10.10.10.0/24</Option>
|
||||
<Option name="iosacl_add_clear_statements">true</Option>
|
||||
<Option name="iosacl_assume_fw_part_of_any">true</Option>
|
||||
<Option name="iosacl_epilog_script"></Option>
|
||||
<Option name="iosacl_epilog_script"/>
|
||||
<Option name="iosacl_generate_logging_commands">False</Option>
|
||||
<Option name="iosacl_include_comments">True</Option>
|
||||
<Option name="iosacl_logging_buffered">False</Option>
|
||||
@ -2159,10 +2159,10 @@
|
||||
<Option name="iosacl_logging_console_level">3</Option>
|
||||
<Option name="iosacl_logging_timestamp">False</Option>
|
||||
<Option name="iosacl_logging_trap_level">3</Option>
|
||||
<Option name="iosacl_prolog_script"></Option>
|
||||
<Option name="iosacl_prolog_script"/>
|
||||
<Option name="iosacl_regroup_commands">False</Option>
|
||||
<Option name="iosacl_syslog_facility"></Option>
|
||||
<Option name="iosacl_syslog_host"></Option>
|
||||
<Option name="iosacl_syslog_facility"/>
|
||||
<Option name="iosacl_syslog_host"/>
|
||||
<Option name="iosacl_use_acl_remarks">False</Option>
|
||||
<Option name="ipv4_6_order">ipv4_first</Option>
|
||||
<Option name="limit_value">0</Option>
|
||||
@ -2177,7 +2177,7 @@
|
||||
<Option name="mgmt_addr">10.10.10.0/24</Option>
|
||||
<Option name="mgmt_ssh">True</Option>
|
||||
<Option name="openbsd_ip_forward">1</Option>
|
||||
<Option name="output_file"></Option>
|
||||
<Option name="output_file"/>
|
||||
<Option name="pass_all_out">false</Option>
|
||||
<Option name="pf_limit_frags">5000</Option>
|
||||
<Option name="pf_limit_states">10000</Option>
|
||||
@ -2198,9 +2198,9 @@
|
||||
<Option name="pix_use_acl_remarks">true</Option>
|
||||
<Option name="prompt1">$ </Option>
|
||||
<Option name="prompt2"> # </Option>
|
||||
<Option name="scpArgs"></Option>
|
||||
<Option name="scpArgs"/>
|
||||
<Option name="solaris_ip_forward">1</Option>
|
||||
<Option name="sshArgs"></Option>
|
||||
<Option name="sshArgs"/>
|
||||
<Option name="ulog_nlgroup">1</Option>
|
||||
<Option name="use_scp">False</Option>
|
||||
<Option name="verify_interfaces">true</Option>
|
||||
@ -2535,8 +2535,8 @@
|
||||
<Option name="accept_established">true</Option>
|
||||
<Option name="accept_new_tcp_with_no_syn">true</Option>
|
||||
<Option name="add_check_state_rule">true</Option>
|
||||
<Option name="admUser"></Option>
|
||||
<Option name="altAddress"></Option>
|
||||
<Option name="admUser"/>
|
||||
<Option name="altAddress"/>
|
||||
<Option name="check_shading">False</Option>
|
||||
<Option name="configure_interfaces">true</Option>
|
||||
<Option name="eliminate_duplicates">true</Option>
|
||||
@ -2549,10 +2549,10 @@
|
||||
<Option name="iosacl_acl_basic">True</Option>
|
||||
<Option name="iosacl_acl_no_clear">False</Option>
|
||||
<Option name="iosacl_acl_substitution">False</Option>
|
||||
<Option name="iosacl_acl_temp_addr"></Option>
|
||||
<Option name="iosacl_acl_temp_addr"/>
|
||||
<Option name="iosacl_add_clear_statements">true</Option>
|
||||
<Option name="iosacl_assume_fw_part_of_any">true</Option>
|
||||
<Option name="iosacl_epilog_script"></Option>
|
||||
<Option name="iosacl_epilog_script"/>
|
||||
<Option name="iosacl_generate_logging_commands">True</Option>
|
||||
<Option name="iosacl_include_comments">True</Option>
|
||||
<Option name="iosacl_logging_buffered">True</Option>
|
||||
@ -2561,10 +2561,10 @@
|
||||
<Option name="iosacl_logging_console_level">6</Option>
|
||||
<Option name="iosacl_logging_timestamp">False</Option>
|
||||
<Option name="iosacl_logging_trap_level">3</Option>
|
||||
<Option name="iosacl_prolog_script"></Option>
|
||||
<Option name="iosacl_prolog_script"/>
|
||||
<Option name="iosacl_regroup_commands">False</Option>
|
||||
<Option name="iosacl_syslog_facility"></Option>
|
||||
<Option name="iosacl_syslog_host"></Option>
|
||||
<Option name="iosacl_syslog_facility"/>
|
||||
<Option name="iosacl_syslog_host"/>
|
||||
<Option name="iosacl_use_acl_remarks">True</Option>
|
||||
<Option name="iosacl_use_object_groups">False</Option>
|
||||
<Option name="ipv4_6_order">ipv4_first</Option>
|
||||
@ -2580,7 +2580,7 @@
|
||||
<Option name="mgmt_addr">10.3.14.41</Option>
|
||||
<Option name="mgmt_ssh">True</Option>
|
||||
<Option name="openbsd_ip_forward">1</Option>
|
||||
<Option name="output_file"></Option>
|
||||
<Option name="output_file"/>
|
||||
<Option name="pass_all_out">false</Option>
|
||||
<Option name="pf_limit_frags">5000</Option>
|
||||
<Option name="pf_limit_states">10000</Option>
|
||||
@ -2601,9 +2601,9 @@
|
||||
<Option name="pix_use_acl_remarks">true</Option>
|
||||
<Option name="prompt1">$ </Option>
|
||||
<Option name="prompt2"> # </Option>
|
||||
<Option name="scpArgs"></Option>
|
||||
<Option name="scpArgs"/>
|
||||
<Option name="solaris_ip_forward">1</Option>
|
||||
<Option name="sshArgs"></Option>
|
||||
<Option name="sshArgs"/>
|
||||
<Option name="ulog_nlgroup">1</Option>
|
||||
<Option name="use_scp">False</Option>
|
||||
<Option name="verify_interfaces">true</Option>
|
||||
@ -2961,34 +2961,34 @@
|
||||
<FirewallOptions>
|
||||
<Option name="accept_established">True</Option>
|
||||
<Option name="accept_new_tcp_with_no_syn">True</Option>
|
||||
<Option name="action_on_reject"></Option>
|
||||
<Option name="activationCmd"></Option>
|
||||
<Option name="action_on_reject"/>
|
||||
<Option name="activationCmd"/>
|
||||
<Option name="add_check_state_rule">true</Option>
|
||||
<Option name="admUser"></Option>
|
||||
<Option name="altAddress"></Option>
|
||||
<Option name="admUser"/>
|
||||
<Option name="altAddress"/>
|
||||
<Option name="bridging_fw">False</Option>
|
||||
<Option name="check_shading">True</Option>
|
||||
<Option name="clamp_mss_to_mtu">False</Option>
|
||||
<Option name="classify_mark_terminating">False</Option>
|
||||
<Option name="cmdline">-xt</Option>
|
||||
<Option name="compiler"></Option>
|
||||
<Option name="compiler"/>
|
||||
<Option name="configure_interfaces">True</Option>
|
||||
<Option name="debug">False</Option>
|
||||
<Option name="drop_invalid">False</Option>
|
||||
<Option name="eliminate_duplicates">true</Option>
|
||||
<Option name="enable_ipv6">True</Option>
|
||||
<Option name="epilog_script"></Option>
|
||||
<Option name="epilog_script"/>
|
||||
<Option name="fallback_log">False</Option>
|
||||
<Option name="firewall_dir">/etc</Option>
|
||||
<Option name="firewall_is_part_of_any_and_networks">True</Option>
|
||||
<Option name="freebsd_ip_forward">1</Option>
|
||||
<Option name="freebsd_ip_redirect"></Option>
|
||||
<Option name="freebsd_ip_sourceroute"></Option>
|
||||
<Option name="freebsd_ip_redirect"/>
|
||||
<Option name="freebsd_ip_sourceroute"/>
|
||||
<Option name="freebsd_ipv6_forward">1</Option>
|
||||
<Option name="freebsd_path_ipf"></Option>
|
||||
<Option name="freebsd_path_ipfw"></Option>
|
||||
<Option name="freebsd_path_ipnat"></Option>
|
||||
<Option name="freebsd_path_sysctl"></Option>
|
||||
<Option name="freebsd_path_ipf"/>
|
||||
<Option name="freebsd_path_ipfw"/>
|
||||
<Option name="freebsd_path_ipnat"/>
|
||||
<Option name="freebsd_path_sysctl"/>
|
||||
<Option name="ignore_empty_groups">False</Option>
|
||||
<Option name="in_out_code">True</Option>
|
||||
<Option name="iosacl_acl_basic">False</Option>
|
||||
@ -2997,7 +2997,7 @@
|
||||
<Option name="iosacl_acl_temp_addr">fe80::21d:9ff:aaaa:bbbb</Option>
|
||||
<Option name="iosacl_add_clear_statements">true</Option>
|
||||
<Option name="iosacl_assume_fw_part_of_any">true</Option>
|
||||
<Option name="iosacl_epilog_script"></Option>
|
||||
<Option name="iosacl_epilog_script"/>
|
||||
<Option name="iosacl_generate_logging_commands">False</Option>
|
||||
<Option name="iosacl_include_comments">True</Option>
|
||||
<Option name="iosacl_logging_buffered">False</Option>
|
||||
@ -3006,13 +3006,13 @@
|
||||
<Option name="iosacl_logging_console_level">0</Option>
|
||||
<Option name="iosacl_logging_timestamp">False</Option>
|
||||
<Option name="iosacl_logging_trap_level">0</Option>
|
||||
<Option name="iosacl_prolog_script"></Option>
|
||||
<Option name="iosacl_prolog_script"/>
|
||||
<Option name="iosacl_regroup_commands">False</Option>
|
||||
<Option name="iosacl_syslog_facility"></Option>
|
||||
<Option name="iosacl_syslog_host"></Option>
|
||||
<Option name="ipt_mangle_only_rulesets"></Option>
|
||||
<Option name="iosacl_syslog_facility"/>
|
||||
<Option name="iosacl_syslog_host"/>
|
||||
<Option name="ipt_mangle_only_rulesets"/>
|
||||
<Option name="ipv4_6_order">ipv4_first</Option>
|
||||
<Option name="limit_suffix"></Option>
|
||||
<Option name="limit_suffix"/>
|
||||
<Option name="limit_value">0</Option>
|
||||
<Option name="linux24_ip_forward">1</Option>
|
||||
<Option name="load_modules">True</Option>
|
||||
@ -3027,18 +3027,18 @@
|
||||
<Option name="loopback_interface">lo0</Option>
|
||||
<Option name="macosx_ip_forward">1</Option>
|
||||
<Option name="manage_virtual_addr">True</Option>
|
||||
<Option name="mgmt_addr"></Option>
|
||||
<Option name="mgmt_addr"/>
|
||||
<Option name="mgmt_ssh">False</Option>
|
||||
<Option name="modulate_state">False</Option>
|
||||
<Option name="no_ipv6_default_policy">False</Option>
|
||||
<Option name="openbsd_ip_directed_broadcast"></Option>
|
||||
<Option name="openbsd_ip_directed_broadcast"/>
|
||||
<Option name="openbsd_ip_forward">1</Option>
|
||||
<Option name="openbsd_ip_redirect"></Option>
|
||||
<Option name="openbsd_ip_sourceroute"></Option>
|
||||
<Option name="openbsd_ip_redirect"/>
|
||||
<Option name="openbsd_ip_sourceroute"/>
|
||||
<Option name="openbsd_ipv6_forward">1</Option>
|
||||
<Option name="openbsd_path_pfctl"></Option>
|
||||
<Option name="openbsd_path_sysctl"></Option>
|
||||
<Option name="output_file"></Option>
|
||||
<Option name="openbsd_path_pfctl"/>
|
||||
<Option name="openbsd_path_sysctl"/>
|
||||
<Option name="output_file"/>
|
||||
<Option name="pass_all_out">False</Option>
|
||||
<Option name="pf_adaptive_end">0</Option>
|
||||
<Option name="pf_adaptive_start">0</Option>
|
||||
@ -3057,7 +3057,7 @@
|
||||
<Option name="pf_limit_states">10000</Option>
|
||||
<Option name="pf_limit_table_entries">0</Option>
|
||||
<Option name="pf_limit_tables">0</Option>
|
||||
<Option name="pf_optimization"></Option>
|
||||
<Option name="pf_optimization"/>
|
||||
<Option name="pf_other_first">0</Option>
|
||||
<Option name="pf_other_multiple">0</Option>
|
||||
<Option name="pf_other_single">0</Option>
|
||||
@ -3109,12 +3109,12 @@
|
||||
<Option name="pix_syslog_device_id_supported">false</Option>
|
||||
<Option name="pix_use_acl_remarks">true</Option>
|
||||
<Option name="prolog_place">fw_file</Option>
|
||||
<Option name="prolog_script"></Option>
|
||||
<Option name="prolog_script"/>
|
||||
<Option name="prompt1">$ </Option>
|
||||
<Option name="prompt2"> # </Option>
|
||||
<Option name="scpArgs"></Option>
|
||||
<Option name="scpArgs"/>
|
||||
<Option name="solaris_ip_forward">1</Option>
|
||||
<Option name="sshArgs"></Option>
|
||||
<Option name="sshArgs"/>
|
||||
<Option name="ulog_cprange">0</Option>
|
||||
<Option name="ulog_nlgroup">1</Option>
|
||||
<Option name="ulog_qthreshold">1</Option>
|
||||
@ -3476,34 +3476,34 @@
|
||||
<FirewallOptions>
|
||||
<Option name="accept_established">True</Option>
|
||||
<Option name="accept_new_tcp_with_no_syn">True</Option>
|
||||
<Option name="action_on_reject"></Option>
|
||||
<Option name="activationCmd"></Option>
|
||||
<Option name="action_on_reject"/>
|
||||
<Option name="activationCmd"/>
|
||||
<Option name="add_check_state_rule">true</Option>
|
||||
<Option name="admUser"></Option>
|
||||
<Option name="altAddress"></Option>
|
||||
<Option name="admUser"/>
|
||||
<Option name="altAddress"/>
|
||||
<Option name="bridging_fw">False</Option>
|
||||
<Option name="check_shading">True</Option>
|
||||
<Option name="clamp_mss_to_mtu">False</Option>
|
||||
<Option name="classify_mark_terminating">False</Option>
|
||||
<Option name="cmdline">-xt</Option>
|
||||
<Option name="compiler"></Option>
|
||||
<Option name="compiler"/>
|
||||
<Option name="configure_interfaces">True</Option>
|
||||
<Option name="debug">False</Option>
|
||||
<Option name="drop_invalid">False</Option>
|
||||
<Option name="eliminate_duplicates">true</Option>
|
||||
<Option name="enable_ipv6">True</Option>
|
||||
<Option name="epilog_script"></Option>
|
||||
<Option name="epilog_script"/>
|
||||
<Option name="fallback_log">False</Option>
|
||||
<Option name="firewall_dir">/etc</Option>
|
||||
<Option name="firewall_is_part_of_any_and_networks">True</Option>
|
||||
<Option name="freebsd_ip_forward">1</Option>
|
||||
<Option name="freebsd_ip_redirect"></Option>
|
||||
<Option name="freebsd_ip_sourceroute"></Option>
|
||||
<Option name="freebsd_ip_redirect"/>
|
||||
<Option name="freebsd_ip_sourceroute"/>
|
||||
<Option name="freebsd_ipv6_forward">1</Option>
|
||||
<Option name="freebsd_path_ipf"></Option>
|
||||
<Option name="freebsd_path_ipfw"></Option>
|
||||
<Option name="freebsd_path_ipnat"></Option>
|
||||
<Option name="freebsd_path_sysctl"></Option>
|
||||
<Option name="freebsd_path_ipf"/>
|
||||
<Option name="freebsd_path_ipfw"/>
|
||||
<Option name="freebsd_path_ipnat"/>
|
||||
<Option name="freebsd_path_sysctl"/>
|
||||
<Option name="ignore_empty_groups">False</Option>
|
||||
<Option name="in_out_code">True</Option>
|
||||
<Option name="iosacl_acl_basic">False</Option>
|
||||
@ -3512,7 +3512,7 @@
|
||||
<Option name="iosacl_acl_temp_addr">1.1.1.0/24</Option>
|
||||
<Option name="iosacl_add_clear_statements">true</Option>
|
||||
<Option name="iosacl_assume_fw_part_of_any">true</Option>
|
||||
<Option name="iosacl_epilog_script"></Option>
|
||||
<Option name="iosacl_epilog_script"/>
|
||||
<Option name="iosacl_generate_logging_commands">False</Option>
|
||||
<Option name="iosacl_include_comments">True</Option>
|
||||
<Option name="iosacl_logging_buffered">False</Option>
|
||||
@ -3521,13 +3521,13 @@
|
||||
<Option name="iosacl_logging_console_level">2</Option>
|
||||
<Option name="iosacl_logging_timestamp">False</Option>
|
||||
<Option name="iosacl_logging_trap_level">2</Option>
|
||||
<Option name="iosacl_prolog_script"></Option>
|
||||
<Option name="iosacl_prolog_script"/>
|
||||
<Option name="iosacl_regroup_commands">False</Option>
|
||||
<Option name="iosacl_syslog_facility"></Option>
|
||||
<Option name="iosacl_syslog_host"></Option>
|
||||
<Option name="ipt_mangle_only_rulesets"></Option>
|
||||
<Option name="iosacl_syslog_facility"/>
|
||||
<Option name="iosacl_syslog_host"/>
|
||||
<Option name="ipt_mangle_only_rulesets"/>
|
||||
<Option name="ipv4_6_order">ipv4_first</Option>
|
||||
<Option name="limit_suffix"></Option>
|
||||
<Option name="limit_suffix"/>
|
||||
<Option name="limit_value">0</Option>
|
||||
<Option name="linux24_ip_forward">1</Option>
|
||||
<Option name="load_modules">True</Option>
|
||||
@ -3546,14 +3546,14 @@
|
||||
<Option name="mgmt_ssh">True</Option>
|
||||
<Option name="modulate_state">False</Option>
|
||||
<Option name="no_ipv6_default_policy">False</Option>
|
||||
<Option name="openbsd_ip_directed_broadcast"></Option>
|
||||
<Option name="openbsd_ip_directed_broadcast"/>
|
||||
<Option name="openbsd_ip_forward">1</Option>
|
||||
<Option name="openbsd_ip_redirect"></Option>
|
||||
<Option name="openbsd_ip_sourceroute"></Option>
|
||||
<Option name="openbsd_ip_redirect"/>
|
||||
<Option name="openbsd_ip_sourceroute"/>
|
||||
<Option name="openbsd_ipv6_forward">1</Option>
|
||||
<Option name="openbsd_path_pfctl"></Option>
|
||||
<Option name="openbsd_path_sysctl"></Option>
|
||||
<Option name="output_file"></Option>
|
||||
<Option name="openbsd_path_pfctl"/>
|
||||
<Option name="openbsd_path_sysctl"/>
|
||||
<Option name="output_file"/>
|
||||
<Option name="pass_all_out">False</Option>
|
||||
<Option name="pf_adaptive_end">0</Option>
|
||||
<Option name="pf_adaptive_start">0</Option>
|
||||
@ -3572,7 +3572,7 @@
|
||||
<Option name="pf_limit_states">10000</Option>
|
||||
<Option name="pf_limit_table_entries">0</Option>
|
||||
<Option name="pf_limit_tables">0</Option>
|
||||
<Option name="pf_optimization"></Option>
|
||||
<Option name="pf_optimization"/>
|
||||
<Option name="pf_other_first">0</Option>
|
||||
<Option name="pf_other_multiple">0</Option>
|
||||
<Option name="pf_other_single">0</Option>
|
||||
@ -3624,12 +3624,12 @@
|
||||
<Option name="pix_syslog_device_id_supported">false</Option>
|
||||
<Option name="pix_use_acl_remarks">true</Option>
|
||||
<Option name="prolog_place">fw_file</Option>
|
||||
<Option name="prolog_script"></Option>
|
||||
<Option name="prolog_script"/>
|
||||
<Option name="prompt1">$ </Option>
|
||||
<Option name="prompt2"> # </Option>
|
||||
<Option name="scpArgs"></Option>
|
||||
<Option name="scpArgs"/>
|
||||
<Option name="solaris_ip_forward">1</Option>
|
||||
<Option name="sshArgs"></Option>
|
||||
<Option name="sshArgs"/>
|
||||
<Option name="ulog_cprange">0</Option>
|
||||
<Option name="ulog_nlgroup">1</Option>
|
||||
<Option name="ulog_qthreshold">1</Option>
|
||||
@ -4018,34 +4018,34 @@
|
||||
<FirewallOptions>
|
||||
<Option name="accept_established">True</Option>
|
||||
<Option name="accept_new_tcp_with_no_syn">True</Option>
|
||||
<Option name="action_on_reject"></Option>
|
||||
<Option name="activationCmd"></Option>
|
||||
<Option name="action_on_reject"/>
|
||||
<Option name="activationCmd"/>
|
||||
<Option name="add_check_state_rule">true</Option>
|
||||
<Option name="admUser"></Option>
|
||||
<Option name="altAddress"></Option>
|
||||
<Option name="admUser"/>
|
||||
<Option name="altAddress"/>
|
||||
<Option name="bridging_fw">False</Option>
|
||||
<Option name="check_shading">True</Option>
|
||||
<Option name="clamp_mss_to_mtu">False</Option>
|
||||
<Option name="classify_mark_terminating">False</Option>
|
||||
<Option name="cmdline">-xt</Option>
|
||||
<Option name="compiler"></Option>
|
||||
<Option name="compiler"/>
|
||||
<Option name="configure_interfaces">True</Option>
|
||||
<Option name="debug">False</Option>
|
||||
<Option name="drop_invalid">False</Option>
|
||||
<Option name="eliminate_duplicates">true</Option>
|
||||
<Option name="enable_ipv6">True</Option>
|
||||
<Option name="epilog_script"></Option>
|
||||
<Option name="epilog_script"/>
|
||||
<Option name="fallback_log">False</Option>
|
||||
<Option name="firewall_dir">/etc</Option>
|
||||
<Option name="firewall_is_part_of_any_and_networks">True</Option>
|
||||
<Option name="freebsd_ip_forward">1</Option>
|
||||
<Option name="freebsd_ip_redirect"></Option>
|
||||
<Option name="freebsd_ip_sourceroute"></Option>
|
||||
<Option name="freebsd_ip_redirect"/>
|
||||
<Option name="freebsd_ip_sourceroute"/>
|
||||
<Option name="freebsd_ipv6_forward">1</Option>
|
||||
<Option name="freebsd_path_ipf"></Option>
|
||||
<Option name="freebsd_path_ipfw"></Option>
|
||||
<Option name="freebsd_path_ipnat"></Option>
|
||||
<Option name="freebsd_path_sysctl"></Option>
|
||||
<Option name="freebsd_path_ipf"/>
|
||||
<Option name="freebsd_path_ipfw"/>
|
||||
<Option name="freebsd_path_ipnat"/>
|
||||
<Option name="freebsd_path_sysctl"/>
|
||||
<Option name="ignore_empty_groups">False</Option>
|
||||
<Option name="in_out_code">True</Option>
|
||||
<Option name="iosacl_acl_basic">False</Option>
|
||||
@ -4054,7 +4054,7 @@
|
||||
<Option name="iosacl_acl_temp_addr">10.1.1.0</Option>
|
||||
<Option name="iosacl_add_clear_statements">true</Option>
|
||||
<Option name="iosacl_assume_fw_part_of_any">true</Option>
|
||||
<Option name="iosacl_epilog_script"></Option>
|
||||
<Option name="iosacl_epilog_script"/>
|
||||
<Option name="iosacl_generate_logging_commands">False</Option>
|
||||
<Option name="iosacl_include_comments">True</Option>
|
||||
<Option name="iosacl_logging_buffered">False</Option>
|
||||
@ -4063,13 +4063,13 @@
|
||||
<Option name="iosacl_logging_console_level">2</Option>
|
||||
<Option name="iosacl_logging_timestamp">False</Option>
|
||||
<Option name="iosacl_logging_trap_level">2</Option>
|
||||
<Option name="iosacl_prolog_script"></Option>
|
||||
<Option name="iosacl_prolog_script"/>
|
||||
<Option name="iosacl_regroup_commands">False</Option>
|
||||
<Option name="iosacl_syslog_facility"></Option>
|
||||
<Option name="iosacl_syslog_host"></Option>
|
||||
<Option name="ipt_mangle_only_rulesets"></Option>
|
||||
<Option name="iosacl_syslog_facility"/>
|
||||
<Option name="iosacl_syslog_host"/>
|
||||
<Option name="ipt_mangle_only_rulesets"/>
|
||||
<Option name="ipv4_6_order">ipv4_first</Option>
|
||||
<Option name="limit_suffix"></Option>
|
||||
<Option name="limit_suffix"/>
|
||||
<Option name="limit_value">0</Option>
|
||||
<Option name="linux24_ip_forward">1</Option>
|
||||
<Option name="load_modules">True</Option>
|
||||
@ -4088,14 +4088,14 @@
|
||||
<Option name="mgmt_ssh">True</Option>
|
||||
<Option name="modulate_state">False</Option>
|
||||
<Option name="no_ipv6_default_policy">False</Option>
|
||||
<Option name="openbsd_ip_directed_broadcast"></Option>
|
||||
<Option name="openbsd_ip_directed_broadcast"/>
|
||||
<Option name="openbsd_ip_forward">1</Option>
|
||||
<Option name="openbsd_ip_redirect"></Option>
|
||||
<Option name="openbsd_ip_sourceroute"></Option>
|
||||
<Option name="openbsd_ip_redirect"/>
|
||||
<Option name="openbsd_ip_sourceroute"/>
|
||||
<Option name="openbsd_ipv6_forward">1</Option>
|
||||
<Option name="openbsd_path_pfctl"></Option>
|
||||
<Option name="openbsd_path_sysctl"></Option>
|
||||
<Option name="output_file"></Option>
|
||||
<Option name="openbsd_path_pfctl"/>
|
||||
<Option name="openbsd_path_sysctl"/>
|
||||
<Option name="output_file"/>
|
||||
<Option name="pass_all_out">False</Option>
|
||||
<Option name="pf_adaptive_end">0</Option>
|
||||
<Option name="pf_adaptive_start">0</Option>
|
||||
@ -4114,7 +4114,7 @@
|
||||
<Option name="pf_limit_states">10000</Option>
|
||||
<Option name="pf_limit_table_entries">0</Option>
|
||||
<Option name="pf_limit_tables">0</Option>
|
||||
<Option name="pf_optimization"></Option>
|
||||
<Option name="pf_optimization"/>
|
||||
<Option name="pf_other_first">0</Option>
|
||||
<Option name="pf_other_multiple">0</Option>
|
||||
<Option name="pf_other_single">0</Option>
|
||||
@ -4166,12 +4166,12 @@
|
||||
<Option name="pix_syslog_device_id_supported">false</Option>
|
||||
<Option name="pix_use_acl_remarks">true</Option>
|
||||
<Option name="prolog_place">fw_file</Option>
|
||||
<Option name="prolog_script"></Option>
|
||||
<Option name="prolog_script"/>
|
||||
<Option name="prompt1">$ </Option>
|
||||
<Option name="prompt2"> # </Option>
|
||||
<Option name="scpArgs"></Option>
|
||||
<Option name="scpArgs"/>
|
||||
<Option name="solaris_ip_forward">1</Option>
|
||||
<Option name="sshArgs"></Option>
|
||||
<Option name="sshArgs"/>
|
||||
<Option name="ulog_cprange">0</Option>
|
||||
<Option name="ulog_nlgroup">1</Option>
|
||||
<Option name="ulog_qthreshold">1</Option>
|
||||
@ -4312,34 +4312,34 @@
|
||||
<FirewallOptions>
|
||||
<Option name="accept_established">True</Option>
|
||||
<Option name="accept_new_tcp_with_no_syn">True</Option>
|
||||
<Option name="action_on_reject"></Option>
|
||||
<Option name="activationCmd"></Option>
|
||||
<Option name="action_on_reject"/>
|
||||
<Option name="activationCmd"/>
|
||||
<Option name="add_check_state_rule">true</Option>
|
||||
<Option name="admUser"></Option>
|
||||
<Option name="altAddress"></Option>
|
||||
<Option name="admUser"/>
|
||||
<Option name="altAddress"/>
|
||||
<Option name="bridging_fw">False</Option>
|
||||
<Option name="check_shading">True</Option>
|
||||
<Option name="clamp_mss_to_mtu">False</Option>
|
||||
<Option name="classify_mark_terminating">False</Option>
|
||||
<Option name="cmdline">-xt</Option>
|
||||
<Option name="compiler"></Option>
|
||||
<Option name="compiler"/>
|
||||
<Option name="configure_interfaces">True</Option>
|
||||
<Option name="debug">False</Option>
|
||||
<Option name="drop_invalid">False</Option>
|
||||
<Option name="eliminate_duplicates">true</Option>
|
||||
<Option name="enable_ipv6">True</Option>
|
||||
<Option name="epilog_script"></Option>
|
||||
<Option name="epilog_script"/>
|
||||
<Option name="fallback_log">False</Option>
|
||||
<Option name="firewall_dir">/etc</Option>
|
||||
<Option name="firewall_is_part_of_any_and_networks">True</Option>
|
||||
<Option name="freebsd_ip_forward">1</Option>
|
||||
<Option name="freebsd_ip_redirect"></Option>
|
||||
<Option name="freebsd_ip_sourceroute"></Option>
|
||||
<Option name="freebsd_ip_redirect"/>
|
||||
<Option name="freebsd_ip_sourceroute"/>
|
||||
<Option name="freebsd_ipv6_forward">1</Option>
|
||||
<Option name="freebsd_path_ipf"></Option>
|
||||
<Option name="freebsd_path_ipfw"></Option>
|
||||
<Option name="freebsd_path_ipnat"></Option>
|
||||
<Option name="freebsd_path_sysctl"></Option>
|
||||
<Option name="freebsd_path_ipf"/>
|
||||
<Option name="freebsd_path_ipfw"/>
|
||||
<Option name="freebsd_path_ipnat"/>
|
||||
<Option name="freebsd_path_sysctl"/>
|
||||
<Option name="ignore_empty_groups">False</Option>
|
||||
<Option name="in_out_code">True</Option>
|
||||
<Option name="iosacl_acl_basic">False</Option>
|
||||
@ -4348,7 +4348,7 @@
|
||||
<Option name="iosacl_acl_temp_addr">fe80::21d:9ff:aaaa:bbbb/64</Option>
|
||||
<Option name="iosacl_add_clear_statements">true</Option>
|
||||
<Option name="iosacl_assume_fw_part_of_any">true</Option>
|
||||
<Option name="iosacl_epilog_script"></Option>
|
||||
<Option name="iosacl_epilog_script"/>
|
||||
<Option name="iosacl_generate_logging_commands">False</Option>
|
||||
<Option name="iosacl_include_comments">True</Option>
|
||||
<Option name="iosacl_logging_buffered">False</Option>
|
||||
@ -4357,13 +4357,13 @@
|
||||
<Option name="iosacl_logging_console_level">1</Option>
|
||||
<Option name="iosacl_logging_timestamp">False</Option>
|
||||
<Option name="iosacl_logging_trap_level">1</Option>
|
||||
<Option name="iosacl_prolog_script"></Option>
|
||||
<Option name="iosacl_prolog_script"/>
|
||||
<Option name="iosacl_regroup_commands">False</Option>
|
||||
<Option name="iosacl_syslog_facility"></Option>
|
||||
<Option name="iosacl_syslog_host"></Option>
|
||||
<Option name="ipt_mangle_only_rulesets"></Option>
|
||||
<Option name="iosacl_syslog_facility"/>
|
||||
<Option name="iosacl_syslog_host"/>
|
||||
<Option name="ipt_mangle_only_rulesets"/>
|
||||
<Option name="ipv4_6_order">ipv4_first</Option>
|
||||
<Option name="limit_suffix"></Option>
|
||||
<Option name="limit_suffix"/>
|
||||
<Option name="limit_value">0</Option>
|
||||
<Option name="linux24_ip_forward">1</Option>
|
||||
<Option name="load_modules">True</Option>
|
||||
@ -4378,18 +4378,18 @@
|
||||
<Option name="loopback_interface">lo0</Option>
|
||||
<Option name="macosx_ip_forward">1</Option>
|
||||
<Option name="manage_virtual_addr">True</Option>
|
||||
<Option name="mgmt_addr"></Option>
|
||||
<Option name="mgmt_addr"/>
|
||||
<Option name="mgmt_ssh">False</Option>
|
||||
<Option name="modulate_state">False</Option>
|
||||
<Option name="no_ipv6_default_policy">False</Option>
|
||||
<Option name="openbsd_ip_directed_broadcast"></Option>
|
||||
<Option name="openbsd_ip_directed_broadcast"/>
|
||||
<Option name="openbsd_ip_forward">1</Option>
|
||||
<Option name="openbsd_ip_redirect"></Option>
|
||||
<Option name="openbsd_ip_sourceroute"></Option>
|
||||
<Option name="openbsd_ip_redirect"/>
|
||||
<Option name="openbsd_ip_sourceroute"/>
|
||||
<Option name="openbsd_ipv6_forward">1</Option>
|
||||
<Option name="openbsd_path_pfctl"></Option>
|
||||
<Option name="openbsd_path_sysctl"></Option>
|
||||
<Option name="output_file"></Option>
|
||||
<Option name="openbsd_path_pfctl"/>
|
||||
<Option name="openbsd_path_sysctl"/>
|
||||
<Option name="output_file"/>
|
||||
<Option name="pass_all_out">False</Option>
|
||||
<Option name="pf_adaptive_end">0</Option>
|
||||
<Option name="pf_adaptive_start">0</Option>
|
||||
@ -4408,7 +4408,7 @@
|
||||
<Option name="pf_limit_states">10000</Option>
|
||||
<Option name="pf_limit_table_entries">0</Option>
|
||||
<Option name="pf_limit_tables">0</Option>
|
||||
<Option name="pf_optimization"></Option>
|
||||
<Option name="pf_optimization"/>
|
||||
<Option name="pf_other_first">0</Option>
|
||||
<Option name="pf_other_multiple">0</Option>
|
||||
<Option name="pf_other_single">0</Option>
|
||||
@ -4460,12 +4460,12 @@
|
||||
<Option name="pix_syslog_device_id_supported">false</Option>
|
||||
<Option name="pix_use_acl_remarks">true</Option>
|
||||
<Option name="prolog_place">fw_file</Option>
|
||||
<Option name="prolog_script"></Option>
|
||||
<Option name="prolog_script"/>
|
||||
<Option name="prompt1">$ </Option>
|
||||
<Option name="prompt2"> # </Option>
|
||||
<Option name="scpArgs"></Option>
|
||||
<Option name="scpArgs"/>
|
||||
<Option name="solaris_ip_forward">1</Option>
|
||||
<Option name="sshArgs"></Option>
|
||||
<Option name="sshArgs"/>
|
||||
<Option name="ulog_cprange">0</Option>
|
||||
<Option name="ulog_nlgroup">1</Option>
|
||||
<Option name="ulog_qthreshold">1</Option>
|
||||
@ -4792,10 +4792,10 @@
|
||||
<Option name="accept_established">true</Option>
|
||||
<Option name="accept_new_tcp_with_no_syn">true</Option>
|
||||
<Option name="add_check_state_rule">true</Option>
|
||||
<Option name="admUser"></Option>
|
||||
<Option name="altAddress"></Option>
|
||||
<Option name="admUser"/>
|
||||
<Option name="altAddress"/>
|
||||
<Option name="check_shading">False</Option>
|
||||
<Option name="compiler"></Option>
|
||||
<Option name="compiler"/>
|
||||
<Option name="configure_interfaces">true</Option>
|
||||
<Option name="eliminate_duplicates">true</Option>
|
||||
<Option name="firewall_dir">/etc</Option>
|
||||
@ -4808,21 +4808,21 @@
|
||||
<Option name="iosacl_acl_basic">True</Option>
|
||||
<Option name="iosacl_acl_no_clear">False</Option>
|
||||
<Option name="iosacl_acl_substitution">False</Option>
|
||||
<Option name="iosacl_acl_temp_addr"></Option>
|
||||
<Option name="iosacl_acl_temp_addr"/>
|
||||
<Option name="iosacl_add_clear_statements">true</Option>
|
||||
<Option name="iosacl_assume_fw_part_of_any">true</Option>
|
||||
<Option name="iosacl_epilog_script"></Option>
|
||||
<Option name="iosacl_epilog_script"/>
|
||||
<Option name="iosacl_include_comments">True</Option>
|
||||
<Option name="iosacl_logging_buffered">False</Option>
|
||||
<Option name="iosacl_logging_buffered_level"></Option>
|
||||
<Option name="iosacl_logging_buffered_level"/>
|
||||
<Option name="iosacl_logging_console">False</Option>
|
||||
<Option name="iosacl_logging_console_level"></Option>
|
||||
<Option name="iosacl_logging_console_level"/>
|
||||
<Option name="iosacl_logging_timestamp">False</Option>
|
||||
<Option name="iosacl_logging_trap_level"></Option>
|
||||
<Option name="iosacl_prolog_script"></Option>
|
||||
<Option name="iosacl_logging_trap_level"/>
|
||||
<Option name="iosacl_prolog_script"/>
|
||||
<Option name="iosacl_regroup_commands">False</Option>
|
||||
<Option name="iosacl_syslog_facility"></Option>
|
||||
<Option name="iosacl_syslog_host"></Option>
|
||||
<Option name="iosacl_syslog_facility"/>
|
||||
<Option name="iosacl_syslog_host"/>
|
||||
<Option name="limit_value">0</Option>
|
||||
<Option name="linux24_ip_forward">1</Option>
|
||||
<Option name="load_modules">true</Option>
|
||||
@ -4832,10 +4832,10 @@
|
||||
<Option name="loopback_interface">lo0</Option>
|
||||
<Option name="macosx_ip_forward">1</Option>
|
||||
<Option name="manage_virtual_addr">true</Option>
|
||||
<Option name="mgmt_addr"></Option>
|
||||
<Option name="mgmt_addr"/>
|
||||
<Option name="mgmt_ssh">False</Option>
|
||||
<Option name="openbsd_ip_forward">1</Option>
|
||||
<Option name="output_file"></Option>
|
||||
<Option name="output_file"/>
|
||||
<Option name="pass_all_out">false</Option>
|
||||
<Option name="pf_limit_frags">5000</Option>
|
||||
<Option name="pf_limit_states">10000</Option>
|
||||
@ -4857,7 +4857,7 @@
|
||||
<Option name="prompt1">$ </Option>
|
||||
<Option name="prompt2"> # </Option>
|
||||
<Option name="solaris_ip_forward">1</Option>
|
||||
<Option name="sshArgs"></Option>
|
||||
<Option name="sshArgs"/>
|
||||
<Option name="ulog_nlgroup">1</Option>
|
||||
<Option name="verify_interfaces">true</Option>
|
||||
</FirewallOptions>
|
||||
@ -4990,8 +4990,8 @@
|
||||
<Option name="accept_established">true</Option>
|
||||
<Option name="accept_new_tcp_with_no_syn">true</Option>
|
||||
<Option name="add_check_state_rule">true</Option>
|
||||
<Option name="admUser"></Option>
|
||||
<Option name="altAddress"></Option>
|
||||
<Option name="admUser"/>
|
||||
<Option name="altAddress"/>
|
||||
<Option name="check_shading">False</Option>
|
||||
<Option name="configure_interfaces">true</Option>
|
||||
<Option name="eliminate_duplicates">true</Option>
|
||||
@ -5009,7 +5009,7 @@
|
||||
<Option name="iosacl_acl_temp_addr">10.10.10.0/24</Option>
|
||||
<Option name="iosacl_add_clear_statements">true</Option>
|
||||
<Option name="iosacl_assume_fw_part_of_any">true</Option>
|
||||
<Option name="iosacl_epilog_script"></Option>
|
||||
<Option name="iosacl_epilog_script"/>
|
||||
<Option name="iosacl_generate_logging_commands">False</Option>
|
||||
<Option name="iosacl_include_comments">True</Option>
|
||||
<Option name="iosacl_logging_buffered">False</Option>
|
||||
@ -5018,10 +5018,10 @@
|
||||
<Option name="iosacl_logging_console_level">3</Option>
|
||||
<Option name="iosacl_logging_timestamp">False</Option>
|
||||
<Option name="iosacl_logging_trap_level">3</Option>
|
||||
<Option name="iosacl_prolog_script"></Option>
|
||||
<Option name="iosacl_prolog_script"/>
|
||||
<Option name="iosacl_regroup_commands">False</Option>
|
||||
<Option name="iosacl_syslog_facility"></Option>
|
||||
<Option name="iosacl_syslog_host"></Option>
|
||||
<Option name="iosacl_syslog_facility"/>
|
||||
<Option name="iosacl_syslog_host"/>
|
||||
<Option name="iosacl_use_acl_remarks">False</Option>
|
||||
<Option name="ipv4_6_order">ipv4_first</Option>
|
||||
<Option name="limit_value">0</Option>
|
||||
@ -5036,7 +5036,7 @@
|
||||
<Option name="mgmt_addr">10.10.10.0/24</Option>
|
||||
<Option name="mgmt_ssh">True</Option>
|
||||
<Option name="openbsd_ip_forward">1</Option>
|
||||
<Option name="output_file"></Option>
|
||||
<Option name="output_file"/>
|
||||
<Option name="pass_all_out">false</Option>
|
||||
<Option name="pf_limit_frags">5000</Option>
|
||||
<Option name="pf_limit_states">10000</Option>
|
||||
@ -5057,9 +5057,9 @@
|
||||
<Option name="pix_use_acl_remarks">true</Option>
|
||||
<Option name="prompt1">$ </Option>
|
||||
<Option name="prompt2"> # </Option>
|
||||
<Option name="scpArgs"></Option>
|
||||
<Option name="scpArgs"/>
|
||||
<Option name="solaris_ip_forward">1</Option>
|
||||
<Option name="sshArgs"></Option>
|
||||
<Option name="sshArgs"/>
|
||||
<Option name="ulog_nlgroup">1</Option>
|
||||
<Option name="use_scp">False</Option>
|
||||
<Option name="verify_interfaces">true</Option>
|
||||
@ -5194,8 +5194,8 @@
|
||||
<Option name="accept_established">true</Option>
|
||||
<Option name="accept_new_tcp_with_no_syn">true</Option>
|
||||
<Option name="add_check_state_rule">true</Option>
|
||||
<Option name="admUser"></Option>
|
||||
<Option name="altAddress"></Option>
|
||||
<Option name="admUser"/>
|
||||
<Option name="altAddress"/>
|
||||
<Option name="check_shading">False</Option>
|
||||
<Option name="configure_interfaces">true</Option>
|
||||
<Option name="eliminate_duplicates">true</Option>
|
||||
@ -5213,7 +5213,7 @@
|
||||
<Option name="iosacl_acl_temp_addr">10.10.10.0/24</Option>
|
||||
<Option name="iosacl_add_clear_statements">true</Option>
|
||||
<Option name="iosacl_assume_fw_part_of_any">true</Option>
|
||||
<Option name="iosacl_epilog_script"></Option>
|
||||
<Option name="iosacl_epilog_script"/>
|
||||
<Option name="iosacl_generate_logging_commands">False</Option>
|
||||
<Option name="iosacl_include_comments">True</Option>
|
||||
<Option name="iosacl_logging_buffered">False</Option>
|
||||
@ -5222,10 +5222,10 @@
|
||||
<Option name="iosacl_logging_console_level">4</Option>
|
||||
<Option name="iosacl_logging_timestamp">False</Option>
|
||||
<Option name="iosacl_logging_trap_level">4</Option>
|
||||
<Option name="iosacl_prolog_script"></Option>
|
||||
<Option name="iosacl_prolog_script"/>
|
||||
<Option name="iosacl_regroup_commands">False</Option>
|
||||
<Option name="iosacl_syslog_facility"></Option>
|
||||
<Option name="iosacl_syslog_host"></Option>
|
||||
<Option name="iosacl_syslog_facility"/>
|
||||
<Option name="iosacl_syslog_host"/>
|
||||
<Option name="iosacl_use_acl_remarks">False</Option>
|
||||
<Option name="iosacl_use_object_groups">True</Option>
|
||||
<Option name="ipv4_6_order">ipv4_first</Option>
|
||||
@ -5241,7 +5241,7 @@
|
||||
<Option name="mgmt_addr">10.10.10.0/24</Option>
|
||||
<Option name="mgmt_ssh">True</Option>
|
||||
<Option name="openbsd_ip_forward">1</Option>
|
||||
<Option name="output_file"></Option>
|
||||
<Option name="output_file"/>
|
||||
<Option name="pass_all_out">false</Option>
|
||||
<Option name="pf_limit_frags">5000</Option>
|
||||
<Option name="pf_limit_states">10000</Option>
|
||||
@ -5262,9 +5262,9 @@
|
||||
<Option name="pix_use_acl_remarks">true</Option>
|
||||
<Option name="prompt1">$ </Option>
|
||||
<Option name="prompt2"> # </Option>
|
||||
<Option name="scpArgs"></Option>
|
||||
<Option name="scpArgs"/>
|
||||
<Option name="solaris_ip_forward">1</Option>
|
||||
<Option name="sshArgs"></Option>
|
||||
<Option name="sshArgs"/>
|
||||
<Option name="ulog_nlgroup">1</Option>
|
||||
<Option name="use_scp">False</Option>
|
||||
<Option name="verify_interfaces">true</Option>
|
||||
@ -5573,18 +5573,18 @@
|
||||
</Management>
|
||||
<FirewallOptions>
|
||||
<Option name="admUser">vadim</Option>
|
||||
<Option name="altAddress"></Option>
|
||||
<Option name="altAddress"/>
|
||||
<Option name="check_shading">False</Option>
|
||||
<Option name="filesystem"></Option>
|
||||
<Option name="firewall_dir"></Option>
|
||||
<Option name="filesystem"/>
|
||||
<Option name="firewall_dir"/>
|
||||
<Option name="ignore_empty_groups">False</Option>
|
||||
<Option name="iosacl_acl_basic">True</Option>
|
||||
<Option name="iosacl_acl_no_clear">False</Option>
|
||||
<Option name="iosacl_acl_substitution">False</Option>
|
||||
<Option name="iosacl_acl_temp_addr"></Option>
|
||||
<Option name="iosacl_acl_temp_addr"/>
|
||||
<Option name="iosacl_add_clear_statements">true</Option>
|
||||
<Option name="iosacl_assume_fw_part_of_any">true</Option>
|
||||
<Option name="iosacl_epilog_script"></Option>
|
||||
<Option name="iosacl_epilog_script"/>
|
||||
<Option name="iosacl_generate_logging_commands">False</Option>
|
||||
<Option name="iosacl_include_comments">True</Option>
|
||||
<Option name="iosacl_logging_buffered">False</Option>
|
||||
@ -5593,18 +5593,18 @@
|
||||
<Option name="iosacl_logging_console_level">4</Option>
|
||||
<Option name="iosacl_logging_timestamp">False</Option>
|
||||
<Option name="iosacl_logging_trap_level">4</Option>
|
||||
<Option name="iosacl_prolog_script"></Option>
|
||||
<Option name="iosacl_prolog_script"/>
|
||||
<Option name="iosacl_regroup_commands">False</Option>
|
||||
<Option name="iosacl_syslog_facility"></Option>
|
||||
<Option name="iosacl_syslog_host"></Option>
|
||||
<Option name="iosacl_syslog_facility"/>
|
||||
<Option name="iosacl_syslog_host"/>
|
||||
<Option name="iosacl_use_acl_remarks">False</Option>
|
||||
<Option name="iosacl_use_object_groups">True</Option>
|
||||
<Option name="ipv4_6_order">ipv4_first</Option>
|
||||
<Option name="mgmt_addr">10.3.14.0/24</Option>
|
||||
<Option name="mgmt_ssh">True</Option>
|
||||
<Option name="output_file"></Option>
|
||||
<Option name="scpArgs"></Option>
|
||||
<Option name="sshArgs"></Option>
|
||||
<Option name="output_file"/>
|
||||
<Option name="scpArgs"/>
|
||||
<Option name="sshArgs"/>
|
||||
<Option name="use_scp">True</Option>
|
||||
</FirewallOptions>
|
||||
</Firewall>
|
||||
@ -5962,8 +5962,8 @@
|
||||
<Option name="accept_established">true</Option>
|
||||
<Option name="accept_new_tcp_with_no_syn">true</Option>
|
||||
<Option name="add_check_state_rule">true</Option>
|
||||
<Option name="admUser"></Option>
|
||||
<Option name="altAddress"></Option>
|
||||
<Option name="admUser"/>
|
||||
<Option name="altAddress"/>
|
||||
<Option name="check_shading">False</Option>
|
||||
<Option name="configure_interfaces">true</Option>
|
||||
<Option name="eliminate_duplicates">true</Option>
|
||||
@ -5981,7 +5981,7 @@
|
||||
<Option name="iosacl_acl_temp_addr">10.10.10.0/24</Option>
|
||||
<Option name="iosacl_add_clear_statements">true</Option>
|
||||
<Option name="iosacl_assume_fw_part_of_any">true</Option>
|
||||
<Option name="iosacl_epilog_script"></Option>
|
||||
<Option name="iosacl_epilog_script"/>
|
||||
<Option name="iosacl_generate_logging_commands">False</Option>
|
||||
<Option name="iosacl_include_comments">True</Option>
|
||||
<Option name="iosacl_logging_buffered">False</Option>
|
||||
@ -5990,10 +5990,10 @@
|
||||
<Option name="iosacl_logging_console_level">7</Option>
|
||||
<Option name="iosacl_logging_timestamp">False</Option>
|
||||
<Option name="iosacl_logging_trap_level">7</Option>
|
||||
<Option name="iosacl_prolog_script"></Option>
|
||||
<Option name="iosacl_prolog_script"/>
|
||||
<Option name="iosacl_regroup_commands">False</Option>
|
||||
<Option name="iosacl_syslog_facility"></Option>
|
||||
<Option name="iosacl_syslog_host"></Option>
|
||||
<Option name="iosacl_syslog_facility"/>
|
||||
<Option name="iosacl_syslog_host"/>
|
||||
<Option name="iosacl_use_acl_remarks">False</Option>
|
||||
<Option name="iosacl_use_object_groups">False</Option>
|
||||
<Option name="ipv4_6_order">ipv4_first</Option>
|
||||
@ -6009,7 +6009,7 @@
|
||||
<Option name="mgmt_addr">10.10.10.0/24</Option>
|
||||
<Option name="mgmt_ssh">True</Option>
|
||||
<Option name="openbsd_ip_forward">1</Option>
|
||||
<Option name="output_file"></Option>
|
||||
<Option name="output_file"/>
|
||||
<Option name="pass_all_out">false</Option>
|
||||
<Option name="pf_limit_frags">5000</Option>
|
||||
<Option name="pf_limit_states">10000</Option>
|
||||
@ -6030,9 +6030,9 @@
|
||||
<Option name="pix_use_acl_remarks">true</Option>
|
||||
<Option name="prompt1">$ </Option>
|
||||
<Option name="prompt2"> # </Option>
|
||||
<Option name="scpArgs"></Option>
|
||||
<Option name="scpArgs"/>
|
||||
<Option name="solaris_ip_forward">1</Option>
|
||||
<Option name="sshArgs"></Option>
|
||||
<Option name="sshArgs"/>
|
||||
<Option name="ulog_nlgroup">1</Option>
|
||||
<Option name="use_scp">False</Option>
|
||||
<Option name="verify_interfaces">true</Option>
|
||||
@ -6371,8 +6371,8 @@
|
||||
<Option name="accept_established">true</Option>
|
||||
<Option name="accept_new_tcp_with_no_syn">true</Option>
|
||||
<Option name="add_check_state_rule">true</Option>
|
||||
<Option name="admUser"></Option>
|
||||
<Option name="altAddress"></Option>
|
||||
<Option name="admUser"/>
|
||||
<Option name="altAddress"/>
|
||||
<Option name="check_shading">False</Option>
|
||||
<Option name="configure_interfaces">true</Option>
|
||||
<Option name="eliminate_duplicates">true</Option>
|
||||
@ -6390,7 +6390,7 @@
|
||||
<Option name="iosacl_acl_temp_addr">10.10.10.0/24</Option>
|
||||
<Option name="iosacl_add_clear_statements">true</Option>
|
||||
<Option name="iosacl_assume_fw_part_of_any">true</Option>
|
||||
<Option name="iosacl_epilog_script"></Option>
|
||||
<Option name="iosacl_epilog_script"/>
|
||||
<Option name="iosacl_generate_logging_commands">False</Option>
|
||||
<Option name="iosacl_include_comments">True</Option>
|
||||
<Option name="iosacl_logging_buffered">False</Option>
|
||||
@ -6399,10 +6399,10 @@
|
||||
<Option name="iosacl_logging_console_level">6</Option>
|
||||
<Option name="iosacl_logging_timestamp">False</Option>
|
||||
<Option name="iosacl_logging_trap_level">6</Option>
|
||||
<Option name="iosacl_prolog_script"></Option>
|
||||
<Option name="iosacl_prolog_script"/>
|
||||
<Option name="iosacl_regroup_commands">False</Option>
|
||||
<Option name="iosacl_syslog_facility"></Option>
|
||||
<Option name="iosacl_syslog_host"></Option>
|
||||
<Option name="iosacl_syslog_facility"/>
|
||||
<Option name="iosacl_syslog_host"/>
|
||||
<Option name="iosacl_use_acl_remarks">False</Option>
|
||||
<Option name="iosacl_use_object_groups">True</Option>
|
||||
<Option name="ipv4_6_order">ipv4_first</Option>
|
||||
@ -6418,7 +6418,7 @@
|
||||
<Option name="mgmt_addr">10.10.10.0/24</Option>
|
||||
<Option name="mgmt_ssh">True</Option>
|
||||
<Option name="openbsd_ip_forward">1</Option>
|
||||
<Option name="output_file"></Option>
|
||||
<Option name="output_file"/>
|
||||
<Option name="pass_all_out">false</Option>
|
||||
<Option name="pf_limit_frags">5000</Option>
|
||||
<Option name="pf_limit_states">10000</Option>
|
||||
@ -6439,9 +6439,9 @@
|
||||
<Option name="pix_use_acl_remarks">true</Option>
|
||||
<Option name="prompt1">$ </Option>
|
||||
<Option name="prompt2"> # </Option>
|
||||
<Option name="scpArgs"></Option>
|
||||
<Option name="scpArgs"/>
|
||||
<Option name="solaris_ip_forward">1</Option>
|
||||
<Option name="sshArgs"></Option>
|
||||
<Option name="sshArgs"/>
|
||||
<Option name="ulog_nlgroup">1</Option>
|
||||
<Option name="use_scp">False</Option>
|
||||
<Option name="verify_interfaces">true</Option>
|
||||
@ -6970,10 +6970,10 @@
|
||||
<Option name="accept_established">true</Option>
|
||||
<Option name="accept_new_tcp_with_no_syn">true</Option>
|
||||
<Option name="add_check_state_rule">true</Option>
|
||||
<Option name="admUser"></Option>
|
||||
<Option name="altAddress"></Option>
|
||||
<Option name="admUser"/>
|
||||
<Option name="altAddress"/>
|
||||
<Option name="check_shading">False</Option>
|
||||
<Option name="compiler"></Option>
|
||||
<Option name="compiler"/>
|
||||
<Option name="configure_interfaces">true</Option>
|
||||
<Option name="eliminate_duplicates">true</Option>
|
||||
<Option name="filesystem">/etc</Option>
|
||||
@ -7002,8 +7002,8 @@
|
||||
<Option name="iosacl_logging_trap_level">4</Option>
|
||||
<Option name="iosacl_prolog_script">! This is prolog</Option>
|
||||
<Option name="iosacl_regroup_commands">False</Option>
|
||||
<Option name="iosacl_syslog_facility"></Option>
|
||||
<Option name="iosacl_syslog_host"></Option>
|
||||
<Option name="iosacl_syslog_facility"/>
|
||||
<Option name="iosacl_syslog_host"/>
|
||||
<Option name="iosacl_use_acl_remarks">False</Option>
|
||||
<Option name="iosacl_use_object_groups">False</Option>
|
||||
<Option name="ipv4_6_order">ipv4_first</Option>
|
||||
@ -7019,7 +7019,7 @@
|
||||
<Option name="mgmt_addr">1.1.1.100</Option>
|
||||
<Option name="mgmt_ssh">False</Option>
|
||||
<Option name="openbsd_ip_forward">1</Option>
|
||||
<Option name="output_file"></Option>
|
||||
<Option name="output_file"/>
|
||||
<Option name="pass_all_out">false</Option>
|
||||
<Option name="pf_limit_frags">5000</Option>
|
||||
<Option name="pf_limit_states">10000</Option>
|
||||
@ -7040,9 +7040,9 @@
|
||||
<Option name="pix_use_acl_remarks">true</Option>
|
||||
<Option name="prompt1">$ </Option>
|
||||
<Option name="prompt2"> # </Option>
|
||||
<Option name="scpArgs"></Option>
|
||||
<Option name="scpArgs"/>
|
||||
<Option name="solaris_ip_forward">1</Option>
|
||||
<Option name="sshArgs"></Option>
|
||||
<Option name="sshArgs"/>
|
||||
<Option name="ulog_nlgroup">1</Option>
|
||||
<Option name="use_scp">False</Option>
|
||||
<Option name="verify_interfaces">true</Option>
|
||||
@ -7285,8 +7285,8 @@
|
||||
<Option name="accept_established">true</Option>
|
||||
<Option name="accept_new_tcp_with_no_syn">true</Option>
|
||||
<Option name="add_check_state_rule">true</Option>
|
||||
<Option name="admUser"></Option>
|
||||
<Option name="altAddress"></Option>
|
||||
<Option name="admUser"/>
|
||||
<Option name="altAddress"/>
|
||||
<Option name="check_shading">False</Option>
|
||||
<Option name="configure_interfaces">true</Option>
|
||||
<Option name="eliminate_duplicates">true</Option>
|
||||
@ -7302,7 +7302,7 @@
|
||||
<Option name="iosacl_acl_temp_addr">192.168.1.1</Option>
|
||||
<Option name="iosacl_add_clear_statements">true</Option>
|
||||
<Option name="iosacl_assume_fw_part_of_any">true</Option>
|
||||
<Option name="iosacl_epilog_script"></Option>
|
||||
<Option name="iosacl_epilog_script"/>
|
||||
<Option name="iosacl_generate_logging_commands">False</Option>
|
||||
<Option name="iosacl_include_comments">True</Option>
|
||||
<Option name="iosacl_logging_buffered">False</Option>
|
||||
@ -7311,10 +7311,10 @@
|
||||
<Option name="iosacl_logging_console_level">0</Option>
|
||||
<Option name="iosacl_logging_timestamp">False</Option>
|
||||
<Option name="iosacl_logging_trap_level">0</Option>
|
||||
<Option name="iosacl_prolog_script"></Option>
|
||||
<Option name="iosacl_prolog_script"/>
|
||||
<Option name="iosacl_regroup_commands">False</Option>
|
||||
<Option name="iosacl_syslog_facility"></Option>
|
||||
<Option name="iosacl_syslog_host"></Option>
|
||||
<Option name="iosacl_syslog_facility"/>
|
||||
<Option name="iosacl_syslog_host"/>
|
||||
<Option name="iosacl_use_acl_remarks">False</Option>
|
||||
<Option name="iosacl_use_object_groups">False</Option>
|
||||
<Option name="ipv4_6_order">ipv4_first</Option>
|
||||
@ -7327,10 +7327,10 @@
|
||||
<Option name="loopback_interface">lo0</Option>
|
||||
<Option name="macosx_ip_forward">1</Option>
|
||||
<Option name="manage_virtual_addr">true</Option>
|
||||
<Option name="mgmt_addr"></Option>
|
||||
<Option name="mgmt_addr"/>
|
||||
<Option name="mgmt_ssh">False</Option>
|
||||
<Option name="openbsd_ip_forward">1</Option>
|
||||
<Option name="output_file"></Option>
|
||||
<Option name="output_file"/>
|
||||
<Option name="pass_all_out">false</Option>
|
||||
<Option name="pf_limit_frags">5000</Option>
|
||||
<Option name="pf_limit_states">10000</Option>
|
||||
@ -7351,9 +7351,9 @@
|
||||
<Option name="pix_use_acl_remarks">true</Option>
|
||||
<Option name="prompt1">$ </Option>
|
||||
<Option name="prompt2"> # </Option>
|
||||
<Option name="scpArgs"></Option>
|
||||
<Option name="scpArgs"/>
|
||||
<Option name="solaris_ip_forward">1</Option>
|
||||
<Option name="sshArgs"></Option>
|
||||
<Option name="sshArgs"/>
|
||||
<Option name="ulog_nlgroup">1</Option>
|
||||
<Option name="use_scp">False</Option>
|
||||
<Option name="verify_interfaces">true</Option>
|
||||
|
||||
@ -1,6 +1,6 @@
|
||||
<?xml version="1.0" encoding="utf-8"?>
|
||||
<!DOCTYPE FWObjectDatabase SYSTEM "fwbuilder.dtd">
|
||||
<FWObjectDatabase xmlns="http://www.fwbuilder.org/1.0/" version="17" lastModified="1269894581" id="root">
|
||||
<FWObjectDatabase xmlns="http://www.fwbuilder.org/1.0/" version="18" lastModified="1269894581" id="root">
|
||||
<Library id="syslib000" color="#d4f8ff" name="Standard" comment="Standard objects" ro="True">
|
||||
<AnyNetwork id="sysid0" name="Any" comment="Any Network" ro="False" address="0.0.0.0" netmask="0.0.0.0"/>
|
||||
<AnyIPService id="sysid1" protocol_num="0" name="Any" comment="Any IP Service" ro="False"/>
|
||||
@ -51,9 +51,9 @@
|
||||
<PolicyInstallScript arguments="" command="" enabled="False"/>
|
||||
</Management>
|
||||
<HostOptions>
|
||||
<Option name="snmp_contact"></Option>
|
||||
<Option name="snmp_description"></Option>
|
||||
<Option name="snmp_location"></Option>
|
||||
<Option name="snmp_contact"/>
|
||||
<Option name="snmp_description"/>
|
||||
<Option name="snmp_location"/>
|
||||
<Option name="use_mac_addr">false</Option>
|
||||
<Option name="use_mac_addr_filter">False</Option>
|
||||
</HostOptions>
|
||||
@ -69,9 +69,9 @@
|
||||
<PolicyInstallScript arguments="" command="" enabled="False"/>
|
||||
</Management>
|
||||
<HostOptions>
|
||||
<Option name="snmp_contact"></Option>
|
||||
<Option name="snmp_description"></Option>
|
||||
<Option name="snmp_location"></Option>
|
||||
<Option name="snmp_contact"/>
|
||||
<Option name="snmp_description"/>
|
||||
<Option name="snmp_location"/>
|
||||
<Option name="use_mac_addr">false</Option>
|
||||
<Option name="use_mac_addr_filter">False</Option>
|
||||
</HostOptions>
|
||||
@ -100,16 +100,16 @@
|
||||
</ObjectGroup>
|
||||
<ServiceGroup id="stdid05" name="Services" comment="" ro="False">
|
||||
<CustomService id="stdid14_1" name="ESTABLISHED" comment="This service matches all packets which are part of network connections established through the firewall, or connections 'related' to those established through the firewall. Term 'established' refers to the state tracking mechanism which exists inside iptables and other stateful firewalls and does not mean any particular combination of packet header options. Packet is considered to correspond to the state 'ESTABLISHED' if it belongs to the network session, for which proper initiation has been seen by the firewall, so its stateful inspection module made appropriate record in the state table. Usually stateful firewalls keep track of network connections using not only tcp protocol, but also udp and sometimes even icmp protocols. 'RELATED' describes packet belonging to a separate network connection, related to the session firewall is keeping track of. One example is FTP command and FTP data sessions." ro="False" protocol="any" address_family="ipv4">
|
||||
<CustomServiceCommand platform="Undefined"></CustomServiceCommand>
|
||||
<CustomServiceCommand platform="Undefined"/>
|
||||
<CustomServiceCommand platform="iosacl">established</CustomServiceCommand>
|
||||
<CustomServiceCommand platform="ipfilter"></CustomServiceCommand>
|
||||
<CustomServiceCommand platform="ipfilter"/>
|
||||
<CustomServiceCommand platform="ipfw">established</CustomServiceCommand>
|
||||
<CustomServiceCommand platform="iptables">-m state --state ESTABLISHED,RELATED</CustomServiceCommand>
|
||||
</CustomService>
|
||||
<CustomService id="stdid14_2" name="ESTABLISHED ipv6" comment="This service matches all packets which are part of network connections established through the firewall, or connections 'related' to those established through the firewall. Term 'established' refers to the state tracking mechanism which exists inside iptables and other stateful firewalls and does not mean any particular combination of packet header options. Packet is considered to correspond to the state 'ESTABLISHED' if it belongs to the network session, for which proper initiation has been seen by the firewall, so its stateful inspection module made appropriate record in the state table. Usually stateful firewalls keep track of network connections using not only tcp protocol, but also udp and sometimes even icmp protocols. 'RELATED' describes packet belonging to a separate network connection, related to the session firewall is keeping track of. One example is FTP command and FTP data sessions." ro="False" protocol="any" address_family="ipv6">
|
||||
<CustomServiceCommand platform="Undefined"></CustomServiceCommand>
|
||||
<CustomServiceCommand platform="Undefined"/>
|
||||
<CustomServiceCommand platform="iosacl">established</CustomServiceCommand>
|
||||
<CustomServiceCommand platform="ipfilter"></CustomServiceCommand>
|
||||
<CustomServiceCommand platform="ipfilter"/>
|
||||
<CustomServiceCommand platform="ipfw">established</CustomServiceCommand>
|
||||
<CustomServiceCommand platform="iptables">-m state --state ESTABLISHED,RELATED</CustomServiceCommand>
|
||||
</CustomService>
|
||||
@ -350,54 +350,54 @@
|
||||
</ServiceGroup>
|
||||
<ServiceGroup id="stdid13" name="Custom" comment="" ro="False">
|
||||
<CustomService id="id3B64EEA8" name="rpc" comment="works in iptables and requires patch-o-matic. For more information look for patch-o-matic on http://www.netfilter.org/" ro="False" protocol="any" address_family="ipv4">
|
||||
<CustomServiceCommand platform="Undefined"></CustomServiceCommand>
|
||||
<CustomServiceCommand platform="ipf"></CustomServiceCommand>
|
||||
<CustomServiceCommand platform="ipfilter"></CustomServiceCommand>
|
||||
<CustomServiceCommand platform="ipfw"></CustomServiceCommand>
|
||||
<CustomServiceCommand platform="Undefined"/>
|
||||
<CustomServiceCommand platform="ipf"/>
|
||||
<CustomServiceCommand platform="ipfilter"/>
|
||||
<CustomServiceCommand platform="ipfw"/>
|
||||
<CustomServiceCommand platform="iptables">-m record_rpc</CustomServiceCommand>
|
||||
<CustomServiceCommand platform="pf"></CustomServiceCommand>
|
||||
<CustomServiceCommand platform="pix"></CustomServiceCommand>
|
||||
<CustomServiceCommand platform="unknown"></CustomServiceCommand>
|
||||
<CustomServiceCommand platform="pf"/>
|
||||
<CustomServiceCommand platform="pix"/>
|
||||
<CustomServiceCommand platform="unknown"/>
|
||||
</CustomService>
|
||||
<CustomService id="id3B64EF4E" name="irc-conn" comment="IRC connection tracker, supports DCC. Works on iptables and requires patch-o-matic. For more information look for patch-o-matic on http://www.netfilter.org/ " ro="False" protocol="any" address_family="ipv4">
|
||||
<CustomServiceCommand platform="Undefined"></CustomServiceCommand>
|
||||
<CustomServiceCommand platform="ipf"></CustomServiceCommand>
|
||||
<CustomServiceCommand platform="ipfilter"></CustomServiceCommand>
|
||||
<CustomServiceCommand platform="ipfw"></CustomServiceCommand>
|
||||
<CustomServiceCommand platform="Undefined"/>
|
||||
<CustomServiceCommand platform="ipf"/>
|
||||
<CustomServiceCommand platform="ipfilter"/>
|
||||
<CustomServiceCommand platform="ipfw"/>
|
||||
<CustomServiceCommand platform="iptables">-m irc</CustomServiceCommand>
|
||||
<CustomServiceCommand platform="pf"></CustomServiceCommand>
|
||||
<CustomServiceCommand platform="pix"></CustomServiceCommand>
|
||||
<CustomServiceCommand platform="unknown"></CustomServiceCommand>
|
||||
<CustomServiceCommand platform="pf"/>
|
||||
<CustomServiceCommand platform="pix"/>
|
||||
<CustomServiceCommand platform="unknown"/>
|
||||
</CustomService>
|
||||
<CustomService id="id3B64EF50" name="psd" comment="Port scan detector, works only on iptables and requires patch-o-matic For more information look for patch-o-matic on http://www.netfilter.org/" ro="False" protocol="any" address_family="ipv4">
|
||||
<CustomServiceCommand platform="Undefined"></CustomServiceCommand>
|
||||
<CustomServiceCommand platform="ipf"></CustomServiceCommand>
|
||||
<CustomServiceCommand platform="ipfilter"></CustomServiceCommand>
|
||||
<CustomServiceCommand platform="ipfw"></CustomServiceCommand>
|
||||
<CustomServiceCommand platform="Undefined"/>
|
||||
<CustomServiceCommand platform="ipf"/>
|
||||
<CustomServiceCommand platform="ipfilter"/>
|
||||
<CustomServiceCommand platform="ipfw"/>
|
||||
<CustomServiceCommand platform="iptables">-m psd --psd-weight-threshold 5 --psd-delay-threshold 10000</CustomServiceCommand>
|
||||
<CustomServiceCommand platform="pf"></CustomServiceCommand>
|
||||
<CustomServiceCommand platform="pix"></CustomServiceCommand>
|
||||
<CustomServiceCommand platform="unknown"></CustomServiceCommand>
|
||||
<CustomServiceCommand platform="pf"/>
|
||||
<CustomServiceCommand platform="pix"/>
|
||||
<CustomServiceCommand platform="unknown"/>
|
||||
</CustomService>
|
||||
<CustomService id="id3B64EF52" name="string" comment="Matches a string in a whole packet, works in iptables and requires patch-o-matic. For more information look for patch-o-matic on http://www.netfilter.org/" ro="False" protocol="any" address_family="ipv4">
|
||||
<CustomServiceCommand platform="Undefined"></CustomServiceCommand>
|
||||
<CustomServiceCommand platform="ipf"></CustomServiceCommand>
|
||||
<CustomServiceCommand platform="ipfilter"></CustomServiceCommand>
|
||||
<CustomServiceCommand platform="ipfw"></CustomServiceCommand>
|
||||
<CustomServiceCommand platform="Undefined"/>
|
||||
<CustomServiceCommand platform="ipf"/>
|
||||
<CustomServiceCommand platform="ipfilter"/>
|
||||
<CustomServiceCommand platform="ipfw"/>
|
||||
<CustomServiceCommand platform="iptables">-m string --string test_pattern</CustomServiceCommand>
|
||||
<CustomServiceCommand platform="pf"></CustomServiceCommand>
|
||||
<CustomServiceCommand platform="pix"></CustomServiceCommand>
|
||||
<CustomServiceCommand platform="unknown"></CustomServiceCommand>
|
||||
<CustomServiceCommand platform="pf"/>
|
||||
<CustomServiceCommand platform="pix"/>
|
||||
<CustomServiceCommand platform="unknown"/>
|
||||
</CustomService>
|
||||
<CustomService id="id3B64EF54" name="talk" comment="Talk protocol support. Works in iptables and requires patch-o-matic. For more information look for patch-o-matic on http://www.netfilter.org/" ro="False" protocol="any" address_family="ipv4">
|
||||
<CustomServiceCommand platform="Undefined"></CustomServiceCommand>
|
||||
<CustomServiceCommand platform="ipf"></CustomServiceCommand>
|
||||
<CustomServiceCommand platform="ipfilter"></CustomServiceCommand>
|
||||
<CustomServiceCommand platform="ipfw"></CustomServiceCommand>
|
||||
<CustomServiceCommand platform="Undefined"/>
|
||||
<CustomServiceCommand platform="ipf"/>
|
||||
<CustomServiceCommand platform="ipfilter"/>
|
||||
<CustomServiceCommand platform="ipfw"/>
|
||||
<CustomServiceCommand platform="iptables">-m talk</CustomServiceCommand>
|
||||
<CustomServiceCommand platform="pf"></CustomServiceCommand>
|
||||
<CustomServiceCommand platform="pix"></CustomServiceCommand>
|
||||
<CustomServiceCommand platform="unknown"></CustomServiceCommand>
|
||||
<CustomServiceCommand platform="pf"/>
|
||||
<CustomServiceCommand platform="pix"/>
|
||||
<CustomServiceCommand platform="unknown"/>
|
||||
</CustomService>
|
||||
</ServiceGroup>
|
||||
<ServiceGroup id="stdid19" name="TagServices" comment="" ro="False"/>
|
||||
@ -451,15 +451,15 @@
|
||||
<Option name="hashlimit_mode_dstport">False</Option>
|
||||
<Option name="hashlimit_mode_srcip">False</Option>
|
||||
<Option name="hashlimit_mode_srcport">False</Option>
|
||||
<Option name="hashlimit_name"></Option>
|
||||
<Option name="hashlimit_name"/>
|
||||
<Option name="hashlimit_size">0</Option>
|
||||
<Option name="hashlimit_suffix">/second</Option>
|
||||
<Option name="hashlimit_value">10</Option>
|
||||
<Option name="limit_burst">0</Option>
|
||||
<Option name="limit_suffix"></Option>
|
||||
<Option name="limit_suffix"/>
|
||||
<Option name="limit_value">0</Option>
|
||||
<Option name="log_level"></Option>
|
||||
<Option name="log_prefix"></Option>
|
||||
<Option name="log_level"/>
|
||||
<Option name="log_prefix"/>
|
||||
<Option name="stateless">True</Option>
|
||||
<Option name="ulog_nlgroup">1</Option>
|
||||
</PolicyRuleOptions>
|
||||
@ -496,15 +496,15 @@
|
||||
<Option name="hashlimit_mode_dstport">False</Option>
|
||||
<Option name="hashlimit_mode_srcip">False</Option>
|
||||
<Option name="hashlimit_mode_srcport">False</Option>
|
||||
<Option name="hashlimit_name"></Option>
|
||||
<Option name="hashlimit_name"/>
|
||||
<Option name="hashlimit_size">0</Option>
|
||||
<Option name="hashlimit_suffix">/second</Option>
|
||||
<Option name="hashlimit_value">10</Option>
|
||||
<Option name="limit_burst">0</Option>
|
||||
<Option name="limit_suffix"></Option>
|
||||
<Option name="limit_suffix"/>
|
||||
<Option name="limit_value">0</Option>
|
||||
<Option name="log_level"></Option>
|
||||
<Option name="log_prefix"></Option>
|
||||
<Option name="log_level"/>
|
||||
<Option name="log_prefix"/>
|
||||
<Option name="stateless">True</Option>
|
||||
<Option name="ulog_nlgroup">1</Option>
|
||||
</PolicyRuleOptions>
|
||||
@ -575,16 +575,16 @@
|
||||
<FirewallOptions>
|
||||
<Option name="accept_established">True</Option>
|
||||
<Option name="accept_new_tcp_with_no_syn">True</Option>
|
||||
<Option name="action_on_reject"></Option>
|
||||
<Option name="activationCmd"></Option>
|
||||
<Option name="admUser"></Option>
|
||||
<Option name="altAddress"></Option>
|
||||
<Option name="action_on_reject"/>
|
||||
<Option name="activationCmd"/>
|
||||
<Option name="admUser"/>
|
||||
<Option name="altAddress"/>
|
||||
<Option name="bridging_fw">False</Option>
|
||||
<Option name="check_shading">False</Option>
|
||||
<Option name="clamp_mss_to_mtu">False</Option>
|
||||
<Option name="classify_mark_terminating">False</Option>
|
||||
<Option name="cmdline"></Option>
|
||||
<Option name="compiler"></Option>
|
||||
<Option name="cmdline"/>
|
||||
<Option name="compiler"/>
|
||||
<Option name="configure_interfaces">True</Option>
|
||||
<Option name="configure_vlan_interfaces">True</Option>
|
||||
<Option name="ctiqbe_fixup">2 2748 0 nil 0</Option>
|
||||
@ -592,7 +592,7 @@
|
||||
<Option name="dns_fixup">2 65535 0 nil 0</Option>
|
||||
<Option name="drop_invalid">False</Option>
|
||||
<Option name="eliminate_duplicates">true</Option>
|
||||
<Option name="epilog_script"></Option>
|
||||
<Option name="epilog_script"/>
|
||||
<Option name="espike_fixup">2 0 0 nil 0</Option>
|
||||
<Option name="firewall_dir">/etc</Option>
|
||||
<Option name="firewall_is_part_of_any_and_networks">True</Option>
|
||||
@ -605,9 +605,9 @@
|
||||
<Option name="icmp_error_fixup">2 0 0 nil 0</Option>
|
||||
<Option name="ignore_empty_groups">False</Option>
|
||||
<Option name="ils_fixup">2 389 389 nil 0</Option>
|
||||
<Option name="ipt_mangle_only_rulesets"></Option>
|
||||
<Option name="ipt_mangle_only_rulesets"/>
|
||||
<Option name="ipv4_6_order">ipv4_first</Option>
|
||||
<Option name="limit_suffix"></Option>
|
||||
<Option name="limit_suffix"/>
|
||||
<Option name="limit_value">0</Option>
|
||||
<Option name="linux24_ip_forward">1</Option>
|
||||
<Option name="load_modules">True</Option>
|
||||
@ -623,11 +623,11 @@
|
||||
<Option name="macosx_ip_forward">1</Option>
|
||||
<Option name="manage_virtual_addr">True</Option>
|
||||
<Option name="mgcp_fixup">2 2427 2727 nil 0</Option>
|
||||
<Option name="mgmt_addr"></Option>
|
||||
<Option name="mgmt_addr"/>
|
||||
<Option name="mgmt_ssh">False</Option>
|
||||
<Option name="modules_dir">/lib/modules/`uname -r`/kernel/net/</Option>
|
||||
<Option name="openbsd_ip_forward">1</Option>
|
||||
<Option name="output_file"></Option>
|
||||
<Option name="output_file"/>
|
||||
<Option name="pf_limit_frags">5000</Option>
|
||||
<Option name="pf_limit_states">10000</Option>
|
||||
<Option name="pf_timeout_frag">30</Option>
|
||||
@ -643,31 +643,31 @@
|
||||
<Option name="pix_floodguard">true</Option>
|
||||
<Option name="pix_include_comments">true</Option>
|
||||
<Option name="pix_ip_address">True</Option>
|
||||
<Option name="pix_ntp1"></Option>
|
||||
<Option name="pix_ntp1"/>
|
||||
<Option name="pix_ntp1_pref">False</Option>
|
||||
<Option name="pix_ntp2"></Option>
|
||||
<Option name="pix_ntp2"/>
|
||||
<Option name="pix_ntp2_pref">False</Option>
|
||||
<Option name="pix_ntp3"></Option>
|
||||
<Option name="pix_ntp3"/>
|
||||
<Option name="pix_ntp3_pref">False</Option>
|
||||
<Option name="pix_route_dnat_supported">true</Option>
|
||||
<Option name="pix_rule_syslog_settings">false</Option>
|
||||
<Option name="pix_security_fragguard_supported">true</Option>
|
||||
<Option name="pix_set_communities_from_object_data">False</Option>
|
||||
<Option name="pix_set_host_name">True</Option>
|
||||
<Option name="pix_snmp_poll_traps_1"></Option>
|
||||
<Option name="pix_snmp_poll_traps_2"></Option>
|
||||
<Option name="pix_snmp_server1"></Option>
|
||||
<Option name="pix_snmp_server2"></Option>
|
||||
<Option name="pix_snmp_poll_traps_1"/>
|
||||
<Option name="pix_snmp_poll_traps_2"/>
|
||||
<Option name="pix_snmp_server1"/>
|
||||
<Option name="pix_snmp_server2"/>
|
||||
<Option name="pix_syslog_device_id_supported">false</Option>
|
||||
<Option name="pix_tcpmss">False</Option>
|
||||
<Option name="pix_tcpmss_value">0</Option>
|
||||
<Option name="pix_use_acl_remarks">true</Option>
|
||||
<Option name="pptp_fixup">2 1723 0 nil 0</Option>
|
||||
<Option name="prolog_place">top</Option>
|
||||
<Option name="prolog_script"></Option>
|
||||
<Option name="prolog_script"/>
|
||||
<Option name="rsh_fixup">2 514 0 nil 0</Option>
|
||||
<Option name="rtsp_fixup">2 554 0 nil 0</Option>
|
||||
<Option name="scpArgs"></Option>
|
||||
<Option name="scpArgs"/>
|
||||
<Option name="secuwall_add_files">False</Option>
|
||||
<Option name="secuwall_add_files_dir">/opt/secuwall/templates/default</Option>
|
||||
<Option name="secuwall_dns_reso1">files</Option>
|
||||
@ -677,7 +677,7 @@
|
||||
<Option name="smtp_fixup">2 25 25 nil 0</Option>
|
||||
<Option name="solaris_ip_forward">1</Option>
|
||||
<Option name="sqlnet_fixup">2 1521 1521 nil 0</Option>
|
||||
<Option name="sshArgs"></Option>
|
||||
<Option name="sshArgs"/>
|
||||
<Option name="tftp_fixup">2 69 0 nil 0</Option>
|
||||
<Option name="ulog_cprange">0</Option>
|
||||
<Option name="ulog_nlgroup">1</Option>
|
||||
@ -715,6 +715,9 @@
|
||||
<TSrv neg="False">
|
||||
<ServiceRef ref="sysid1"/>
|
||||
</TSrv>
|
||||
<ItfInb neg="False"><ObjectRef ref="sysid0"/></ItfInb>
|
||||
<ItfOutb neg="False"><ObjectRef ref="sysid0"/></ItfOutb>
|
||||
|
||||
<NATRuleOptions/>
|
||||
</NATRule>
|
||||
<RuleSetOptions/>
|
||||
@ -1029,6 +1032,9 @@
|
||||
<TSrv neg="False">
|
||||
<ServiceRef ref="sysid1"/>
|
||||
</TSrv>
|
||||
<ItfInb neg="False"><ObjectRef ref="sysid0"/></ItfInb>
|
||||
<ItfOutb neg="False"><ObjectRef ref="sysid0"/></ItfOutb>
|
||||
|
||||
<NATRuleOptions/>
|
||||
</NATRule>
|
||||
<RuleSetOptions/>
|
||||
@ -1217,6 +1223,9 @@
|
||||
<TSrv neg="False">
|
||||
<ServiceRef ref="sysid1"/>
|
||||
</TSrv>
|
||||
<ItfInb neg="False"><ObjectRef ref="sysid0"/></ItfInb>
|
||||
<ItfOutb neg="False"><ObjectRef ref="sysid0"/></ItfOutb>
|
||||
|
||||
<NATRuleOptions/>
|
||||
</NATRule>
|
||||
<RuleSetOptions/>
|
||||
@ -1492,12 +1501,12 @@
|
||||
<Interface id="id3814X97641" dedicated_failover="False" dyn="False" label="outside" mgmt="False" network_zone="sysid0" security_level="0" unnum="False" unprotected="False" name="Ethernet0.101" comment="" ro="False">
|
||||
<IPv4 id="id3816X97641" name="pix1:Ethernet0:Ethernet0.101:ip" comment="" ro="False" address="192.0.2.253" netmask="255.255.255.0"/>
|
||||
<InterfaceOptions>
|
||||
<Option name="bonding_policy"></Option>
|
||||
<Option name="bondng_driver_options"></Option>
|
||||
<Option name="bonding_policy"/>
|
||||
<Option name="bondng_driver_options"/>
|
||||
<Option name="enable_stp">False</Option>
|
||||
<Option name="type">8021q</Option>
|
||||
<Option name="vlan_id">101</Option>
|
||||
<Option name="xmit_hash_policy"></Option>
|
||||
<Option name="xmit_hash_policy"/>
|
||||
</InterfaceOptions>
|
||||
</Interface>
|
||||
<Interface id="id3817X97641" dedicated_failover="False" dyn="False" label="" mgmt="False" network_zone="id11817X97641" security_level="20" unnum="False" unprotected="False" name="Ethernet0.102" comment="" ro="False">
|
||||
@ -1522,16 +1531,16 @@
|
||||
<FirewallOptions>
|
||||
<Option name="accept_established">True</Option>
|
||||
<Option name="accept_new_tcp_with_no_syn">True</Option>
|
||||
<Option name="action_on_reject"></Option>
|
||||
<Option name="activationCmd"></Option>
|
||||
<Option name="admUser"></Option>
|
||||
<Option name="altAddress"></Option>
|
||||
<Option name="action_on_reject"/>
|
||||
<Option name="activationCmd"/>
|
||||
<Option name="admUser"/>
|
||||
<Option name="altAddress"/>
|
||||
<Option name="bridging_fw">False</Option>
|
||||
<Option name="check_shading">False</Option>
|
||||
<Option name="clamp_mss_to_mtu">False</Option>
|
||||
<Option name="classify_mark_terminating">False</Option>
|
||||
<Option name="cmdline"></Option>
|
||||
<Option name="compiler"></Option>
|
||||
<Option name="cmdline"/>
|
||||
<Option name="compiler"/>
|
||||
<Option name="configure_interfaces">True</Option>
|
||||
<Option name="configure_vlan_interfaces">True</Option>
|
||||
<Option name="conn_hh">0</Option>
|
||||
@ -1542,7 +1551,7 @@
|
||||
<Option name="dns_fixup">2 65535 0 nil 0</Option>
|
||||
<Option name="drop_invalid">False</Option>
|
||||
<Option name="eliminate_duplicates">true</Option>
|
||||
<Option name="epilog_script"></Option>
|
||||
<Option name="epilog_script"/>
|
||||
<Option name="espike_fixup">2 0 0 nil 0</Option>
|
||||
<Option name="firewall_dir">/etc</Option>
|
||||
<Option name="firewall_is_part_of_any_and_networks">True</Option>
|
||||
@ -1561,9 +1570,9 @@
|
||||
<Option name="icmp_error_fixup">2 0 0 nil 0</Option>
|
||||
<Option name="ignore_empty_groups">False</Option>
|
||||
<Option name="ils_fixup">2 389 389 nil 0</Option>
|
||||
<Option name="ipt_mangle_only_rulesets"></Option>
|
||||
<Option name="ipt_mangle_only_rulesets"/>
|
||||
<Option name="ipv4_6_order">ipv4_first</Option>
|
||||
<Option name="limit_suffix"></Option>
|
||||
<Option name="limit_suffix"/>
|
||||
<Option name="limit_value">0</Option>
|
||||
<Option name="linux24_ip_forward">1</Option>
|
||||
<Option name="load_modules">True</Option>
|
||||
@ -1579,11 +1588,11 @@
|
||||
<Option name="macosx_ip_forward">1</Option>
|
||||
<Option name="manage_virtual_addr">True</Option>
|
||||
<Option name="mgcp_fixup">2 2427 2727 nil 0</Option>
|
||||
<Option name="mgmt_addr"></Option>
|
||||
<Option name="mgmt_addr"/>
|
||||
<Option name="mgmt_ssh">False</Option>
|
||||
<Option name="modules_dir">/lib/modules/`uname -r`/kernel/net/</Option>
|
||||
<Option name="openbsd_ip_forward">1</Option>
|
||||
<Option name="output_file"></Option>
|
||||
<Option name="output_file"/>
|
||||
<Option name="pf_limit_frags">5000</Option>
|
||||
<Option name="pf_limit_states">10000</Option>
|
||||
<Option name="pf_timeout_frag">30</Option>
|
||||
@ -1591,7 +1600,7 @@
|
||||
<Option name="pix_acl_basic">True</Option>
|
||||
<Option name="pix_acl_no_clear">False</Option>
|
||||
<Option name="pix_acl_substitution">False</Option>
|
||||
<Option name="pix_acl_temp_addr"></Option>
|
||||
<Option name="pix_acl_temp_addr"/>
|
||||
<Option name="pix_add_clear_statements">true</Option>
|
||||
<Option name="pix_assume_fw_part_of_any">True</Option>
|
||||
<Option name="pix_check_duplicate_nat">False</Option>
|
||||
@ -1605,7 +1614,7 @@
|
||||
<Option name="pix_emblem_log_format">False</Option>
|
||||
<Option name="pix_emulate_out_acl">True</Option>
|
||||
<Option name="pix_enable_snmp_traps">False</Option>
|
||||
<Option name="pix_epilog_script"></Option>
|
||||
<Option name="pix_epilog_script"/>
|
||||
<Option name="pix_floodguard">True</Option>
|
||||
<Option name="pix_fragguard">False</Option>
|
||||
<Option name="pix_generate_out_acl">True</Option>
|
||||
@ -1620,14 +1629,14 @@
|
||||
<Option name="pix_max_conns">0</Option>
|
||||
<Option name="pix_nodnsalias_inbound">False</Option>
|
||||
<Option name="pix_nodnsalias_outbound">False</Option>
|
||||
<Option name="pix_ntp1"></Option>
|
||||
<Option name="pix_ntp1"/>
|
||||
<Option name="pix_ntp1_pref">False</Option>
|
||||
<Option name="pix_ntp2"></Option>
|
||||
<Option name="pix_ntp2"/>
|
||||
<Option name="pix_ntp2_pref">False</Option>
|
||||
<Option name="pix_ntp3"></Option>
|
||||
<Option name="pix_ntp3"/>
|
||||
<Option name="pix_ntp3_pref">False</Option>
|
||||
<Option name="pix_optimize_default_nat">False</Option>
|
||||
<Option name="pix_prolog_script"></Option>
|
||||
<Option name="pix_prolog_script"/>
|
||||
<Option name="pix_regroup_commands">False</Option>
|
||||
<Option name="pix_replace_natted_objects">False</Option>
|
||||
<Option name="pix_resetinbound">False</Option>
|
||||
@ -1638,16 +1647,16 @@
|
||||
<Option name="pix_security_fragguard_supported">true</Option>
|
||||
<Option name="pix_set_communities_from_object_data">False</Option>
|
||||
<Option name="pix_set_host_name">True</Option>
|
||||
<Option name="pix_snmp_poll_traps_1"></Option>
|
||||
<Option name="pix_snmp_poll_traps_2"></Option>
|
||||
<Option name="pix_snmp_server1"></Option>
|
||||
<Option name="pix_snmp_server2"></Option>
|
||||
<Option name="pix_snmp_poll_traps_1"/>
|
||||
<Option name="pix_snmp_poll_traps_2"/>
|
||||
<Option name="pix_snmp_server1"/>
|
||||
<Option name="pix_snmp_server2"/>
|
||||
<Option name="pix_ssh_timeout">0</Option>
|
||||
<Option name="pix_syslog_device_id_opt"></Option>
|
||||
<Option name="pix_syslog_device_id_opt"/>
|
||||
<Option name="pix_syslog_device_id_supported">false</Option>
|
||||
<Option name="pix_syslog_device_id_val"></Option>
|
||||
<Option name="pix_syslog_facility"></Option>
|
||||
<Option name="pix_syslog_host"></Option>
|
||||
<Option name="pix_syslog_device_id_val"/>
|
||||
<Option name="pix_syslog_facility"/>
|
||||
<Option name="pix_syslog_host"/>
|
||||
<Option name="pix_syslog_queue_size">0</Option>
|
||||
<Option name="pix_tcpmss">False</Option>
|
||||
<Option name="pix_tcpmss_value">0</Option>
|
||||
@ -1656,13 +1665,13 @@
|
||||
<Option name="pix_use_manual_commit">False</Option>
|
||||
<Option name="pptp_fixup">2 1723 0 nil 0</Option>
|
||||
<Option name="prolog_place">top</Option>
|
||||
<Option name="prolog_script"></Option>
|
||||
<Option name="prolog_script"/>
|
||||
<Option name="rpc_hh">0</Option>
|
||||
<Option name="rpc_mm">0</Option>
|
||||
<Option name="rpc_ss">0</Option>
|
||||
<Option name="rsh_fixup">2 514 0 nil 0</Option>
|
||||
<Option name="rtsp_fixup">2 554 0 nil 0</Option>
|
||||
<Option name="scpArgs"></Option>
|
||||
<Option name="scpArgs"/>
|
||||
<Option name="secuwall_add_files">False</Option>
|
||||
<Option name="secuwall_add_files_dir">/opt/secuwall/templates/default</Option>
|
||||
<Option name="secuwall_dns_reso1">files</Option>
|
||||
@ -1678,7 +1687,7 @@
|
||||
<Option name="smtp_fixup">2 25 25 nil 0</Option>
|
||||
<Option name="solaris_ip_forward">1</Option>
|
||||
<Option name="sqlnet_fixup">2 1521 1521 nil 0</Option>
|
||||
<Option name="sshArgs"></Option>
|
||||
<Option name="sshArgs"/>
|
||||
<Option name="tftp_fixup">2 69 0 nil 0</Option>
|
||||
<Option name="uauth_abs">False</Option>
|
||||
<Option name="uauth_hh">0</Option>
|
||||
@ -1725,12 +1734,12 @@
|
||||
<Interface id="id2818X95537" dedicated_failover="False" dyn="False" label="outside" mgmt="False" network_zone="sysid0" security_level="0" unnum="False" unprotected="False" name="Ethernet0.101" comment="" ro="False">
|
||||
<IPv4 id="id2826X97641" name="pix2:Ethernet0:Ethernet0.101:ip" comment="" ro="False" address="192.0.2.254" netmask="255.255.255.0"/>
|
||||
<InterfaceOptions>
|
||||
<Option name="bonding_policy"></Option>
|
||||
<Option name="bondng_driver_options"></Option>
|
||||
<Option name="bonding_policy"/>
|
||||
<Option name="bondng_driver_options"/>
|
||||
<Option name="enable_stp">False</Option>
|
||||
<Option name="type">8021q</Option>
|
||||
<Option name="vlan_id">101</Option>
|
||||
<Option name="xmit_hash_policy"></Option>
|
||||
<Option name="xmit_hash_policy"/>
|
||||
</InterfaceOptions>
|
||||
</Interface>
|
||||
<Interface id="id3315X97641" dedicated_failover="False" dyn="False" label="" mgmt="False" network_zone="id11817X97641" security_level="20" unnum="False" unprotected="False" name="Ethernet0.102" comment="" ro="False">
|
||||
@ -1755,16 +1764,16 @@
|
||||
<FirewallOptions>
|
||||
<Option name="accept_established">True</Option>
|
||||
<Option name="accept_new_tcp_with_no_syn">True</Option>
|
||||
<Option name="action_on_reject"></Option>
|
||||
<Option name="activationCmd"></Option>
|
||||
<Option name="admUser"></Option>
|
||||
<Option name="altAddress"></Option>
|
||||
<Option name="action_on_reject"/>
|
||||
<Option name="activationCmd"/>
|
||||
<Option name="admUser"/>
|
||||
<Option name="altAddress"/>
|
||||
<Option name="bridging_fw">False</Option>
|
||||
<Option name="check_shading">False</Option>
|
||||
<Option name="clamp_mss_to_mtu">False</Option>
|
||||
<Option name="classify_mark_terminating">False</Option>
|
||||
<Option name="cmdline"></Option>
|
||||
<Option name="compiler"></Option>
|
||||
<Option name="cmdline"/>
|
||||
<Option name="compiler"/>
|
||||
<Option name="configure_interfaces">True</Option>
|
||||
<Option name="configure_vlan_interfaces">True</Option>
|
||||
<Option name="conn_hh">0</Option>
|
||||
@ -1775,7 +1784,7 @@
|
||||
<Option name="dns_fixup">2 65535 0 nil 0</Option>
|
||||
<Option name="drop_invalid">False</Option>
|
||||
<Option name="eliminate_duplicates">true</Option>
|
||||
<Option name="epilog_script"></Option>
|
||||
<Option name="epilog_script"/>
|
||||
<Option name="espike_fixup">2 0 0 nil 0</Option>
|
||||
<Option name="firewall_dir">/etc</Option>
|
||||
<Option name="firewall_is_part_of_any_and_networks">True</Option>
|
||||
@ -1794,9 +1803,9 @@
|
||||
<Option name="icmp_error_fixup">2 0 0 nil 0</Option>
|
||||
<Option name="ignore_empty_groups">False</Option>
|
||||
<Option name="ils_fixup">2 389 389 nil 0</Option>
|
||||
<Option name="ipt_mangle_only_rulesets"></Option>
|
||||
<Option name="ipt_mangle_only_rulesets"/>
|
||||
<Option name="ipv4_6_order">ipv4_first</Option>
|
||||
<Option name="limit_suffix"></Option>
|
||||
<Option name="limit_suffix"/>
|
||||
<Option name="limit_value">0</Option>
|
||||
<Option name="linux24_ip_forward">1</Option>
|
||||
<Option name="load_modules">True</Option>
|
||||
@ -1812,11 +1821,11 @@
|
||||
<Option name="macosx_ip_forward">1</Option>
|
||||
<Option name="manage_virtual_addr">True</Option>
|
||||
<Option name="mgcp_fixup">2 2427 2727 nil 0</Option>
|
||||
<Option name="mgmt_addr"></Option>
|
||||
<Option name="mgmt_addr"/>
|
||||
<Option name="mgmt_ssh">False</Option>
|
||||
<Option name="modules_dir">/lib/modules/`uname -r`/kernel/net/</Option>
|
||||
<Option name="openbsd_ip_forward">1</Option>
|
||||
<Option name="output_file"></Option>
|
||||
<Option name="output_file"/>
|
||||
<Option name="pf_limit_frags">5000</Option>
|
||||
<Option name="pf_limit_states">10000</Option>
|
||||
<Option name="pf_timeout_frag">30</Option>
|
||||
@ -1824,7 +1833,7 @@
|
||||
<Option name="pix_acl_basic">True</Option>
|
||||
<Option name="pix_acl_no_clear">False</Option>
|
||||
<Option name="pix_acl_substitution">False</Option>
|
||||
<Option name="pix_acl_temp_addr"></Option>
|
||||
<Option name="pix_acl_temp_addr"/>
|
||||
<Option name="pix_add_clear_statements">true</Option>
|
||||
<Option name="pix_assume_fw_part_of_any">True</Option>
|
||||
<Option name="pix_check_duplicate_nat">False</Option>
|
||||
@ -1838,7 +1847,7 @@
|
||||
<Option name="pix_emblem_log_format">False</Option>
|
||||
<Option name="pix_emulate_out_acl">True</Option>
|
||||
<Option name="pix_enable_snmp_traps">False</Option>
|
||||
<Option name="pix_epilog_script"></Option>
|
||||
<Option name="pix_epilog_script"/>
|
||||
<Option name="pix_floodguard">True</Option>
|
||||
<Option name="pix_fragguard">False</Option>
|
||||
<Option name="pix_generate_out_acl">True</Option>
|
||||
@ -1853,14 +1862,14 @@
|
||||
<Option name="pix_max_conns">0</Option>
|
||||
<Option name="pix_nodnsalias_inbound">False</Option>
|
||||
<Option name="pix_nodnsalias_outbound">False</Option>
|
||||
<Option name="pix_ntp1"></Option>
|
||||
<Option name="pix_ntp1"/>
|
||||
<Option name="pix_ntp1_pref">False</Option>
|
||||
<Option name="pix_ntp2"></Option>
|
||||
<Option name="pix_ntp2"/>
|
||||
<Option name="pix_ntp2_pref">False</Option>
|
||||
<Option name="pix_ntp3"></Option>
|
||||
<Option name="pix_ntp3"/>
|
||||
<Option name="pix_ntp3_pref">False</Option>
|
||||
<Option name="pix_optimize_default_nat">False</Option>
|
||||
<Option name="pix_prolog_script"></Option>
|
||||
<Option name="pix_prolog_script"/>
|
||||
<Option name="pix_regroup_commands">False</Option>
|
||||
<Option name="pix_replace_natted_objects">False</Option>
|
||||
<Option name="pix_resetinbound">False</Option>
|
||||
@ -1871,16 +1880,16 @@
|
||||
<Option name="pix_security_fragguard_supported">true</Option>
|
||||
<Option name="pix_set_communities_from_object_data">False</Option>
|
||||
<Option name="pix_set_host_name">True</Option>
|
||||
<Option name="pix_snmp_poll_traps_1"></Option>
|
||||
<Option name="pix_snmp_poll_traps_2"></Option>
|
||||
<Option name="pix_snmp_server1"></Option>
|
||||
<Option name="pix_snmp_server2"></Option>
|
||||
<Option name="pix_snmp_poll_traps_1"/>
|
||||
<Option name="pix_snmp_poll_traps_2"/>
|
||||
<Option name="pix_snmp_server1"/>
|
||||
<Option name="pix_snmp_server2"/>
|
||||
<Option name="pix_ssh_timeout">0</Option>
|
||||
<Option name="pix_syslog_device_id_opt"></Option>
|
||||
<Option name="pix_syslog_device_id_opt"/>
|
||||
<Option name="pix_syslog_device_id_supported">false</Option>
|
||||
<Option name="pix_syslog_device_id_val"></Option>
|
||||
<Option name="pix_syslog_facility"></Option>
|
||||
<Option name="pix_syslog_host"></Option>
|
||||
<Option name="pix_syslog_device_id_val"/>
|
||||
<Option name="pix_syslog_facility"/>
|
||||
<Option name="pix_syslog_host"/>
|
||||
<Option name="pix_syslog_queue_size">0</Option>
|
||||
<Option name="pix_tcpmss">False</Option>
|
||||
<Option name="pix_tcpmss_value">0</Option>
|
||||
@ -1889,13 +1898,13 @@
|
||||
<Option name="pix_use_manual_commit">False</Option>
|
||||
<Option name="pptp_fixup">2 1723 0 nil 0</Option>
|
||||
<Option name="prolog_place">top</Option>
|
||||
<Option name="prolog_script"></Option>
|
||||
<Option name="prolog_script"/>
|
||||
<Option name="rpc_hh">0</Option>
|
||||
<Option name="rpc_mm">0</Option>
|
||||
<Option name="rpc_ss">0</Option>
|
||||
<Option name="rsh_fixup">2 514 0 nil 0</Option>
|
||||
<Option name="rtsp_fixup">2 554 0 nil 0</Option>
|
||||
<Option name="scpArgs"></Option>
|
||||
<Option name="scpArgs"/>
|
||||
<Option name="secuwall_add_files">False</Option>
|
||||
<Option name="secuwall_add_files_dir">/opt/secuwall/templates/default</Option>
|
||||
<Option name="secuwall_dns_reso1">files</Option>
|
||||
@ -1911,7 +1920,7 @@
|
||||
<Option name="smtp_fixup">2 25 25 nil 0</Option>
|
||||
<Option name="solaris_ip_forward">1</Option>
|
||||
<Option name="sqlnet_fixup">2 1521 1521 nil 0</Option>
|
||||
<Option name="sshArgs"></Option>
|
||||
<Option name="sshArgs"/>
|
||||
<Option name="tftp_fixup">2 69 0 nil 0</Option>
|
||||
<Option name="uauth_abs">False</Option>
|
||||
<Option name="uauth_hh">0</Option>
|
||||
@ -1971,16 +1980,16 @@
|
||||
<FirewallOptions>
|
||||
<Option name="accept_established">True</Option>
|
||||
<Option name="accept_new_tcp_with_no_syn">True</Option>
|
||||
<Option name="action_on_reject"></Option>
|
||||
<Option name="activationCmd"></Option>
|
||||
<Option name="admUser"></Option>
|
||||
<Option name="altAddress"></Option>
|
||||
<Option name="action_on_reject"/>
|
||||
<Option name="activationCmd"/>
|
||||
<Option name="admUser"/>
|
||||
<Option name="altAddress"/>
|
||||
<Option name="bridging_fw">False</Option>
|
||||
<Option name="check_shading">False</Option>
|
||||
<Option name="clamp_mss_to_mtu">False</Option>
|
||||
<Option name="classify_mark_terminating">False</Option>
|
||||
<Option name="cmdline"></Option>
|
||||
<Option name="compiler"></Option>
|
||||
<Option name="cmdline"/>
|
||||
<Option name="compiler"/>
|
||||
<Option name="configure_interfaces">True</Option>
|
||||
<Option name="configure_vlan_interfaces">True</Option>
|
||||
<Option name="ctiqbe_fixup">2 2748 0 nil 0</Option>
|
||||
@ -1988,7 +1997,7 @@
|
||||
<Option name="dns_fixup">2 65535 0 nil 0</Option>
|
||||
<Option name="drop_invalid">False</Option>
|
||||
<Option name="eliminate_duplicates">true</Option>
|
||||
<Option name="epilog_script"></Option>
|
||||
<Option name="epilog_script"/>
|
||||
<Option name="espike_fixup">2 0 0 nil 0</Option>
|
||||
<Option name="firewall_dir">/etc</Option>
|
||||
<Option name="firewall_is_part_of_any_and_networks">True</Option>
|
||||
@ -2001,9 +2010,9 @@
|
||||
<Option name="icmp_error_fixup">2 0 0 nil 0</Option>
|
||||
<Option name="ignore_empty_groups">False</Option>
|
||||
<Option name="ils_fixup">2 389 389 nil 0</Option>
|
||||
<Option name="ipt_mangle_only_rulesets"></Option>
|
||||
<Option name="ipt_mangle_only_rulesets"/>
|
||||
<Option name="ipv4_6_order">ipv4_first</Option>
|
||||
<Option name="limit_suffix"></Option>
|
||||
<Option name="limit_suffix"/>
|
||||
<Option name="limit_value">0</Option>
|
||||
<Option name="linux24_ip_forward">1</Option>
|
||||
<Option name="load_modules">True</Option>
|
||||
@ -2019,11 +2028,11 @@
|
||||
<Option name="macosx_ip_forward">1</Option>
|
||||
<Option name="manage_virtual_addr">True</Option>
|
||||
<Option name="mgcp_fixup">2 2427 2727 nil 0</Option>
|
||||
<Option name="mgmt_addr"></Option>
|
||||
<Option name="mgmt_addr"/>
|
||||
<Option name="mgmt_ssh">False</Option>
|
||||
<Option name="modules_dir">/lib/modules/`uname -r`/kernel/net/</Option>
|
||||
<Option name="openbsd_ip_forward">1</Option>
|
||||
<Option name="output_file"></Option>
|
||||
<Option name="output_file"/>
|
||||
<Option name="pf_limit_frags">5000</Option>
|
||||
<Option name="pf_limit_states">10000</Option>
|
||||
<Option name="pf_timeout_frag">30</Option>
|
||||
@ -2039,31 +2048,31 @@
|
||||
<Option name="pix_floodguard">true</Option>
|
||||
<Option name="pix_include_comments">true</Option>
|
||||
<Option name="pix_ip_address">True</Option>
|
||||
<Option name="pix_ntp1"></Option>
|
||||
<Option name="pix_ntp1"/>
|
||||
<Option name="pix_ntp1_pref">False</Option>
|
||||
<Option name="pix_ntp2"></Option>
|
||||
<Option name="pix_ntp2"/>
|
||||
<Option name="pix_ntp2_pref">False</Option>
|
||||
<Option name="pix_ntp3"></Option>
|
||||
<Option name="pix_ntp3"/>
|
||||
<Option name="pix_ntp3_pref">False</Option>
|
||||
<Option name="pix_route_dnat_supported">true</Option>
|
||||
<Option name="pix_rule_syslog_settings">false</Option>
|
||||
<Option name="pix_security_fragguard_supported">true</Option>
|
||||
<Option name="pix_set_communities_from_object_data">False</Option>
|
||||
<Option name="pix_set_host_name">True</Option>
|
||||
<Option name="pix_snmp_poll_traps_1"></Option>
|
||||
<Option name="pix_snmp_poll_traps_2"></Option>
|
||||
<Option name="pix_snmp_server1"></Option>
|
||||
<Option name="pix_snmp_server2"></Option>
|
||||
<Option name="pix_snmp_poll_traps_1"/>
|
||||
<Option name="pix_snmp_poll_traps_2"/>
|
||||
<Option name="pix_snmp_server1"/>
|
||||
<Option name="pix_snmp_server2"/>
|
||||
<Option name="pix_syslog_device_id_supported">false</Option>
|
||||
<Option name="pix_tcpmss">False</Option>
|
||||
<Option name="pix_tcpmss_value">0</Option>
|
||||
<Option name="pix_use_acl_remarks">true</Option>
|
||||
<Option name="pptp_fixup">2 1723 0 nil 0</Option>
|
||||
<Option name="prolog_place">top</Option>
|
||||
<Option name="prolog_script"></Option>
|
||||
<Option name="prolog_script"/>
|
||||
<Option name="rsh_fixup">2 514 0 nil 0</Option>
|
||||
<Option name="rtsp_fixup">2 554 0 nil 0</Option>
|
||||
<Option name="scpArgs"></Option>
|
||||
<Option name="scpArgs"/>
|
||||
<Option name="secuwall_add_files">False</Option>
|
||||
<Option name="secuwall_add_files_dir">/opt/secuwall/templates/default</Option>
|
||||
<Option name="secuwall_dns_reso1">files</Option>
|
||||
@ -2073,7 +2082,7 @@
|
||||
<Option name="smtp_fixup">2 25 25 nil 0</Option>
|
||||
<Option name="solaris_ip_forward">1</Option>
|
||||
<Option name="sqlnet_fixup">2 1521 1521 nil 0</Option>
|
||||
<Option name="sshArgs"></Option>
|
||||
<Option name="sshArgs"/>
|
||||
<Option name="tftp_fixup">2 69 0 nil 0</Option>
|
||||
<Option name="ulog_cprange">0</Option>
|
||||
<Option name="ulog_nlgroup">1</Option>
|
||||
@ -2122,16 +2131,16 @@
|
||||
<FirewallOptions>
|
||||
<Option name="accept_established">True</Option>
|
||||
<Option name="accept_new_tcp_with_no_syn">True</Option>
|
||||
<Option name="action_on_reject"></Option>
|
||||
<Option name="activationCmd"></Option>
|
||||
<Option name="admUser"></Option>
|
||||
<Option name="altAddress"></Option>
|
||||
<Option name="action_on_reject"/>
|
||||
<Option name="activationCmd"/>
|
||||
<Option name="admUser"/>
|
||||
<Option name="altAddress"/>
|
||||
<Option name="bridging_fw">False</Option>
|
||||
<Option name="check_shading">False</Option>
|
||||
<Option name="clamp_mss_to_mtu">False</Option>
|
||||
<Option name="classify_mark_terminating">False</Option>
|
||||
<Option name="cmdline"></Option>
|
||||
<Option name="compiler"></Option>
|
||||
<Option name="cmdline"/>
|
||||
<Option name="compiler"/>
|
||||
<Option name="configure_interfaces">True</Option>
|
||||
<Option name="configure_vlan_interfaces">True</Option>
|
||||
<Option name="ctiqbe_fixup">2 2748 0 nil 0</Option>
|
||||
@ -2139,7 +2148,7 @@
|
||||
<Option name="dns_fixup">2 65535 0 nil 0</Option>
|
||||
<Option name="drop_invalid">False</Option>
|
||||
<Option name="eliminate_duplicates">true</Option>
|
||||
<Option name="epilog_script"></Option>
|
||||
<Option name="epilog_script"/>
|
||||
<Option name="espike_fixup">2 0 0 nil 0</Option>
|
||||
<Option name="firewall_dir">/etc</Option>
|
||||
<Option name="firewall_is_part_of_any_and_networks">True</Option>
|
||||
@ -2152,9 +2161,9 @@
|
||||
<Option name="icmp_error_fixup">2 0 0 nil 0</Option>
|
||||
<Option name="ignore_empty_groups">False</Option>
|
||||
<Option name="ils_fixup">2 389 389 nil 0</Option>
|
||||
<Option name="ipt_mangle_only_rulesets"></Option>
|
||||
<Option name="ipt_mangle_only_rulesets"/>
|
||||
<Option name="ipv4_6_order">ipv4_first</Option>
|
||||
<Option name="limit_suffix"></Option>
|
||||
<Option name="limit_suffix"/>
|
||||
<Option name="limit_value">0</Option>
|
||||
<Option name="linux24_ip_forward">1</Option>
|
||||
<Option name="load_modules">True</Option>
|
||||
@ -2170,11 +2179,11 @@
|
||||
<Option name="macosx_ip_forward">1</Option>
|
||||
<Option name="manage_virtual_addr">True</Option>
|
||||
<Option name="mgcp_fixup">2 2427 2727 nil 0</Option>
|
||||
<Option name="mgmt_addr"></Option>
|
||||
<Option name="mgmt_addr"/>
|
||||
<Option name="mgmt_ssh">False</Option>
|
||||
<Option name="modules_dir">/lib/modules/`uname -r`/kernel/net/</Option>
|
||||
<Option name="openbsd_ip_forward">1</Option>
|
||||
<Option name="output_file"></Option>
|
||||
<Option name="output_file"/>
|
||||
<Option name="pf_limit_frags">5000</Option>
|
||||
<Option name="pf_limit_states">10000</Option>
|
||||
<Option name="pf_timeout_frag">30</Option>
|
||||
@ -2190,31 +2199,31 @@
|
||||
<Option name="pix_floodguard">true</Option>
|
||||
<Option name="pix_include_comments">true</Option>
|
||||
<Option name="pix_ip_address">True</Option>
|
||||
<Option name="pix_ntp1"></Option>
|
||||
<Option name="pix_ntp1"/>
|
||||
<Option name="pix_ntp1_pref">False</Option>
|
||||
<Option name="pix_ntp2"></Option>
|
||||
<Option name="pix_ntp2"/>
|
||||
<Option name="pix_ntp2_pref">False</Option>
|
||||
<Option name="pix_ntp3"></Option>
|
||||
<Option name="pix_ntp3"/>
|
||||
<Option name="pix_ntp3_pref">False</Option>
|
||||
<Option name="pix_route_dnat_supported">true</Option>
|
||||
<Option name="pix_rule_syslog_settings">false</Option>
|
||||
<Option name="pix_security_fragguard_supported">true</Option>
|
||||
<Option name="pix_set_communities_from_object_data">False</Option>
|
||||
<Option name="pix_set_host_name">True</Option>
|
||||
<Option name="pix_snmp_poll_traps_1"></Option>
|
||||
<Option name="pix_snmp_poll_traps_2"></Option>
|
||||
<Option name="pix_snmp_server1"></Option>
|
||||
<Option name="pix_snmp_server2"></Option>
|
||||
<Option name="pix_snmp_poll_traps_1"/>
|
||||
<Option name="pix_snmp_poll_traps_2"/>
|
||||
<Option name="pix_snmp_server1"/>
|
||||
<Option name="pix_snmp_server2"/>
|
||||
<Option name="pix_syslog_device_id_supported">false</Option>
|
||||
<Option name="pix_tcpmss">False</Option>
|
||||
<Option name="pix_tcpmss_value">0</Option>
|
||||
<Option name="pix_use_acl_remarks">true</Option>
|
||||
<Option name="pptp_fixup">2 1723 0 nil 0</Option>
|
||||
<Option name="prolog_place">top</Option>
|
||||
<Option name="prolog_script"></Option>
|
||||
<Option name="prolog_script"/>
|
||||
<Option name="rsh_fixup">2 514 0 nil 0</Option>
|
||||
<Option name="rtsp_fixup">2 554 0 nil 0</Option>
|
||||
<Option name="scpArgs"></Option>
|
||||
<Option name="scpArgs"/>
|
||||
<Option name="secuwall_add_files">False</Option>
|
||||
<Option name="secuwall_add_files_dir">/opt/secuwall/templates/default</Option>
|
||||
<Option name="secuwall_dns_reso1">files</Option>
|
||||
@ -2224,7 +2233,7 @@
|
||||
<Option name="smtp_fixup">2 25 25 nil 0</Option>
|
||||
<Option name="solaris_ip_forward">1</Option>
|
||||
<Option name="sqlnet_fixup">2 1521 1521 nil 0</Option>
|
||||
<Option name="sshArgs"></Option>
|
||||
<Option name="sshArgs"/>
|
||||
<Option name="tftp_fixup">2 69 0 nil 0</Option>
|
||||
<Option name="ulog_cprange">0</Option>
|
||||
<Option name="ulog_nlgroup">1</Option>
|
||||
|
||||
File diff suppressed because it is too large
Load Diff
Loading…
x
Reference in New Issue
Block a user