! ! This is automatically generated file. DO NOT MODIFY ! ! ! Firewall Builder fwb_pix v4.2.0.3446 ! ! Generated Tue Jan 25 11:22:41 2011 PST by vadim ! ! Compiled for pix 8.2 ! Outbound ACLs: supported ! Emulate outbound ACLs: yes ! Generating outbound ACLs: no ! Assume firewall is part of any: yes ! !# files: * firewall80.fw ! ! testing rules with broadcasts ! N firewall80:NAT:0: error: CustomService objects are not supported in NAT rules ! ! Prolog script: ! ! ! End of prolog script: ! interface FastEthernet0 nameif outside security-level 100 exit interface FastEthernet1 nameif inside security-level 0 exit no logging buffered no logging console no logging timestamp no logging on timeout xlate 3:0:0 timeout conn 1:0:0 timeout udp 0:2:0 timeout sunrpc 0:10:0 timeout h323 0:5:0 timeout sip 0:30:0 timeout sip_media 0:0:0 timeout half-closed 0:0:0 timeout uauth 2:0:0 absolute clear config ssh aaa authentication ssh console LOCAL clear config snmp-server no snmp-server enable traps clear config ntp no service resetinbound no service resetoutside no sysopt connection timewait no sysopt nodnsalias inbound no sysopt nodnsalias outbound class-map inspection_default match default-inspection-traffic policy-map global_policy class inspection_default service-policy global_policy global policy-map type inspect ip-options ip-options-map parameters eool action allow router-alert action clear clear xlate clear config static clear config global clear config nat clear config access-list clear config icmp clear config telnet clear conf object-group clear conf object object-group icmp-type id19186X29796.srv.icmp.0 icmp-object 8 icmp-object 0 exit object-group service id19186X29796.srv.tcp.0 tcp port-object eq 53 port-object eq 25 exit object-group service id19186X29796.srv.udp.0 udp port-object eq 123 port-object eq 53 exit object-group icmp-type id21447X11252.srv.icmp.0 icmp-object 8 icmp-object 3 exit !################ ! ! Rule 0 (FastEthernet1) ssh 0.0.0.0 0.0.0.0 inside ! ! Rule 1 (FastEthernet1) ssh 0.0.0.0 0.0.0.0 inside ! ! Rule 2 (global) access-list outside_acl_in permit tcp any host 192.168.1.10 eq 22 access-list inside_acl_in permit tcp any host 192.168.1.10 eq 22 ! ! Rule 3 (FastEthernet1) icmp permit any 3 inside access-list inside_acl_in permit icmp any host 192.168.1.1 3 ! ! Rule 4 (global) access-list outside_acl_in permit icmp any host 192.168.1.10 object-group id19186X29796.srv.icmp.0 access-list inside_acl_in permit icmp any host 192.168.1.10 object-group id19186X29796.srv.icmp.0 access-list outside_acl_in permit tcp any host 192.168.1.10 object-group id19186X29796.srv.tcp.0 access-list inside_acl_in permit tcp any host 192.168.1.10 object-group id19186X29796.srv.tcp.0 access-list outside_acl_in permit udp any host 192.168.1.10 object-group id19186X29796.srv.udp.0 access-list inside_acl_in permit udp any host 192.168.1.10 object-group id19186X29796.srv.udp.0 access-list outside_acl_in permit 50 any host 192.168.1.10 access-list inside_acl_in permit 50 any host 192.168.1.10 access-list outside_acl_in permit 51 any host 192.168.1.10 access-list inside_acl_in permit 51 any host 192.168.1.10 ! ! Rule 5 (global) ! matching source ports access-list outside_acl_in deny tcp any gt 1024 host 192.168.1.10 eq 80 access-list inside_acl_in deny tcp any gt 1024 host 192.168.1.10 eq 80 access-list outside_acl_in deny udp any range 10000 10010 host 192.168.1.10 access-list inside_acl_in deny udp any range 10000 10010 host 192.168.1.10 ! ! Rule 6 (global) access-list outside_acl_in deny tcp any range 20000 20020 host 192.168.1.10 access-list inside_acl_in deny tcp any range 20000 20020 host 192.168.1.10 access-list outside_acl_in deny tcp any range 30000 30030 host 192.168.1.10 access-list inside_acl_in deny tcp any range 30000 30030 host 192.168.1.10 ! ! Rule 7 (global) ! matching "any" icmp and "all" tcp ! in one service-group ! access-list outside_acl_in deny icmp any host 192.168.1.10 access-list inside_acl_in deny icmp any host 192.168.1.10 access-list outside_acl_in deny tcp any host 192.168.1.10 access-list inside_acl_in deny tcp any host 192.168.1.10 ! ! Rule 8 (global) ! for #1938 matching ! mixed services icmp permit 192.168.1.0 255.255.255.192 8 inside icmp permit 192.168.1.0 255.255.255.192 3 inside access-list inside_acl_in permit icmp 192.168.1.0 255.255.255.192 host 192.168.1.1 object-group id21447X11252.srv.icmp.0 access-list inside_acl_in permit icmp 192.168.1.0 255.255.255.192 any object-group id21447X11252.srv.icmp.0 access-list inside_acl_in permit tcp 192.168.1.0 255.255.255.192 any eq 3128 access-list inside_acl_in permit udp 192.168.1.0 255.255.255.192 any eq 53 ! ! Rule 9 (global) ! for #1942 ! using custom service access-list outside_acl_in deny tcp any host 192.168.1.10 neq 8080 access-list inside_acl_in deny tcp any host 192.168.1.10 neq 8080 ! ! Rule 10 (global) ! for #1942 ! using custom service access-list outside_acl_in deny tcp any host 192.168.1.10 neq 8080 access-list inside_acl_in deny tcp any host 192.168.1.10 neq 8080 access-list outside_acl_in deny tcp any host 192.168.1.10 eq 3128 access-list inside_acl_in deny tcp any host 192.168.1.10 eq 3128 ! ! Rule 11 (global) access-list outside_acl_in deny ip any any access-list inside_acl_in deny ip any any access-group inside_acl_in in interface inside access-group outside_acl_in in interface outside ! ! Epilog script: ! ! End of epilog script: !