! ! This is automatically generated file. DO NOT MODIFY ! ! ! Firewall Builder fwb_iosacl v4.2.0.3505 ! ! Generated Mon Mar 21 12:46:00 2011 PDT by vadim ! ! Compiled for iosacl 12.1 ! !# files: * testios2.fw ! ! testios2:Routing:0: error: Object "test-addr-1" used as gateway in the routing rule 0 (main) is not reachable because it is not in any local network of the firewall ! testios2:Routing:1: error: Can not use both gateway address and interface in IOS routing rule ! testios2:Routing:0: error: MultiPath routing not supported by platform ! testios2:Routing:1: error: MultiPath routing not supported by platform ! ! Prolog script: ! ! ! End of prolog script: ! hostname testios2 ! temporary access list for "safety net install" no ip access-list extended tmp_acl ip access-list extended tmp_acl permit ip 10.10.10.0 0.0.0.255 any deny ip any any exit interface ethernet1 no ip access-group in no ip access-group out ip access-group tmp_acl in exit no ip access-list extended e0_in no ip access-list extended e0_out no ip access-list extended e1_in no ip access-list extended e1_out ! ================ IPv4 ip access-list extended e0_in ! ! Rule -1 backup ssh access rule (automatic) permit tcp 10.10.10.0 0.0.0.255 host 1.1.1.1 eq 22 permit tcp 10.10.10.0 0.0.0.255 host 10.10.10.1 eq 22 ! ! Rule 0 (ethernet0) ! anti-spoofing deny ip 10.10.10.0 0.0.0.255 any log deny ip 10.10.11.0 0.0.0.255 any log deny ip 10.10.12.0 0.0.0.255 any log ! ! Rule 1 (global) deny ip any any log fragments ! ! Rule 2 (global) permit ip any 10.10.10.0 0.0.0.255 permit ip any 10.10.11.0 0.0.0.255 permit ip any 10.10.12.0 0.0.0.255 ! ! Rule 3 (ethernet0,ethernet1) permit ip any 10.10.10.0 0.0.0.255 permit ip any 10.10.11.0 0.0.0.255 permit ip any 10.10.12.0 0.0.0.255 ! ! Rule 5 (ethernet0) permit ip any 10.10.10.0 0.0.0.255 permit ip any 10.10.11.0 0.0.0.255 permit ip any 10.10.12.0 0.0.0.255 ! ! Rule 6 (global) permit ip any 10.10.10.0 0.0.0.255 permit ip any 10.10.11.0 0.0.0.255 permit ip any 10.10.12.0 0.0.0.255 ! ! Rule 8 (ethernet0) permit ip any 10.10.10.0 0.0.0.255 permit ip any 10.10.11.0 0.0.0.255 permit ip any 10.10.12.0 0.0.0.255 ! ! Rule 9 (global) permit ip 22.22.21.0 0.0.0.255 10.10.10.0 0.0.0.255 permit ip 22.22.21.0 0.0.0.255 10.10.11.0 0.0.0.255 permit ip 22.22.21.0 0.0.0.255 10.10.12.0 0.0.0.255 permit ip 22.22.22.0 0.0.0.255 10.10.10.0 0.0.0.255 permit ip 22.22.22.0 0.0.0.255 10.10.11.0 0.0.0.255 permit ip 22.22.22.0 0.0.0.255 10.10.12.0 0.0.0.255 permit ip 22.22.23.0 0.0.0.255 10.10.10.0 0.0.0.255 permit ip 22.22.23.0 0.0.0.255 10.10.11.0 0.0.0.255 permit ip 22.22.23.0 0.0.0.255 10.10.12.0 0.0.0.255 ! ! Rule 11 (ethernet0) permit ip 22.22.21.0 0.0.0.255 10.10.10.0 0.0.0.255 permit ip 22.22.21.0 0.0.0.255 10.10.11.0 0.0.0.255 permit ip 22.22.21.0 0.0.0.255 10.10.12.0 0.0.0.255 permit ip 22.22.22.0 0.0.0.255 10.10.10.0 0.0.0.255 permit ip 22.22.22.0 0.0.0.255 10.10.11.0 0.0.0.255 permit ip 22.22.22.0 0.0.0.255 10.10.12.0 0.0.0.255 permit ip 22.22.23.0 0.0.0.255 10.10.10.0 0.0.0.255 permit ip 22.22.23.0 0.0.0.255 10.10.11.0 0.0.0.255 permit ip 22.22.23.0 0.0.0.255 10.10.12.0 0.0.0.255 ! ! Rule 12 (global) permit 47 22.22.21.0 0.0.0.255 10.10.10.0 0.0.0.255 permit 50 22.22.21.0 0.0.0.255 10.10.10.0 0.0.0.255 permit 51 22.22.21.0 0.0.0.255 10.10.10.0 0.0.0.255 ! ! Rule 13 (global) permit icmp 22.22.21.0 0.0.0.255 10.10.10.0 0.0.0.255 3 permit icmp 22.22.21.0 0.0.0.255 10.10.10.0 0.0.0.255 11 ! ! Rule 14 (global) permit tcp 22.22.21.0 0.0.0.255 10.10.10.0 0.0.0.255 eq 79 permit tcp 22.22.21.0 0.0.0.255 10.10.10.0 0.0.0.255 eq 21 permit tcp 22.22.21.0 0.0.0.255 10.10.10.0 0.0.0.255 eq 80 ! ! Rule 15 (global) permit udp 22.22.21.0 0.0.0.255 10.10.10.0 0.0.0.255 eq 4000 permit udp 22.22.21.0 0.0.0.255 10.10.10.0 0.0.0.255 eq 500 permit udp 22.22.21.0 0.0.0.255 10.10.10.0 0.0.0.255 eq 53 ! ! Rule 16 (global) permit tcp 22.22.21.0 0.0.0.255 10.10.10.0 0.0.0.255 established ! ! Rule 17 (global) permit tcp 22.22.21.0 0.0.0.255 eq 80 10.10.10.0 0.0.0.255 established ! ! Rule 18 (global) permit icmp 22.22.21.0 0.0.0.255 10.10.10.0 0.0.0.255 0 permit tcp 22.22.21.0 0.0.0.255 10.10.10.0 0.0.0.255 eq 179 permit tcp 22.22.21.0 0.0.0.255 10.10.10.0 0.0.0.255 eq 79 permit udp 22.22.21.0 0.0.0.255 10.10.10.0 0.0.0.255 eq 123 permit udp 22.22.21.0 0.0.0.255 10.10.10.0 0.0.0.255 eq 26000 ! ! Rule 19 (global) deny ip any any log exit ip access-list extended e0_out ! ! Rule -2 backup ssh access rule (out) (automatic) permit tcp host 1.1.1.1 eq 22 10.10.10.0 0.0.0.255 permit tcp host 10.10.10.1 eq 22 10.10.10.0 0.0.0.255 ! ! Rule 1 (global) deny ip any any log fragments ! ! Rule 3 (ethernet0,ethernet1) permit ip any 10.10.10.0 0.0.0.255 permit ip any 10.10.11.0 0.0.0.255 permit ip any 10.10.12.0 0.0.0.255 ! ! Rule 5 (ethernet0) permit ip any 10.10.10.0 0.0.0.255 permit ip any 10.10.11.0 0.0.0.255 permit ip any 10.10.12.0 0.0.0.255 ! ! Rule 11 (ethernet0) permit ip 22.22.21.0 0.0.0.255 10.10.10.0 0.0.0.255 permit ip 22.22.21.0 0.0.0.255 10.10.11.0 0.0.0.255 permit ip 22.22.21.0 0.0.0.255 10.10.12.0 0.0.0.255 permit ip 22.22.22.0 0.0.0.255 10.10.10.0 0.0.0.255 permit ip 22.22.22.0 0.0.0.255 10.10.11.0 0.0.0.255 permit ip 22.22.22.0 0.0.0.255 10.10.12.0 0.0.0.255 permit ip 22.22.23.0 0.0.0.255 10.10.10.0 0.0.0.255 permit ip 22.22.23.0 0.0.0.255 10.10.11.0 0.0.0.255 permit ip 22.22.23.0 0.0.0.255 10.10.12.0 0.0.0.255 ! ! Rule 19 (global) deny ip any any log exit ip access-list extended e1_in ! ! Rule -1 backup ssh access rule (automatic) permit tcp 10.10.10.0 0.0.0.255 host 1.1.1.1 eq 22 permit tcp 10.10.10.0 0.0.0.255 host 10.10.10.1 eq 22 ! ! Rule 1 (global) deny ip any any log fragments ! ! Rule 2 (global) permit ip any 10.10.10.0 0.0.0.255 permit ip any 10.10.11.0 0.0.0.255 permit ip any 10.10.12.0 0.0.0.255 ! ! Rule 3 (ethernet0,ethernet1) permit ip any 10.10.10.0 0.0.0.255 permit ip any 10.10.11.0 0.0.0.255 permit ip any 10.10.12.0 0.0.0.255 ! ! Rule 4 (ethernet1) permit ip any 10.10.10.0 0.0.0.255 permit ip any 10.10.11.0 0.0.0.255 permit ip any 10.10.12.0 0.0.0.255 ! ! Rule 6 (global) permit ip any 10.10.10.0 0.0.0.255 permit ip any 10.10.11.0 0.0.0.255 permit ip any 10.10.12.0 0.0.0.255 ! ! Rule 7 (ethernet1) permit ip any 10.10.10.0 0.0.0.255 permit ip any 10.10.11.0 0.0.0.255 permit ip any 10.10.12.0 0.0.0.255 ! ! Rule 9 (global) permit ip 22.22.21.0 0.0.0.255 10.10.10.0 0.0.0.255 permit ip 22.22.21.0 0.0.0.255 10.10.11.0 0.0.0.255 permit ip 22.22.21.0 0.0.0.255 10.10.12.0 0.0.0.255 permit ip 22.22.22.0 0.0.0.255 10.10.10.0 0.0.0.255 permit ip 22.22.22.0 0.0.0.255 10.10.11.0 0.0.0.255 permit ip 22.22.22.0 0.0.0.255 10.10.12.0 0.0.0.255 permit ip 22.22.23.0 0.0.0.255 10.10.10.0 0.0.0.255 permit ip 22.22.23.0 0.0.0.255 10.10.11.0 0.0.0.255 permit ip 22.22.23.0 0.0.0.255 10.10.12.0 0.0.0.255 ! ! Rule 10 (ethernet1) permit ip 22.22.21.0 0.0.0.255 10.10.10.0 0.0.0.255 permit ip 22.22.21.0 0.0.0.255 10.10.11.0 0.0.0.255 permit ip 22.22.21.0 0.0.0.255 10.10.12.0 0.0.0.255 permit ip 22.22.22.0 0.0.0.255 10.10.10.0 0.0.0.255 permit ip 22.22.22.0 0.0.0.255 10.10.11.0 0.0.0.255 permit ip 22.22.22.0 0.0.0.255 10.10.12.0 0.0.0.255 permit ip 22.22.23.0 0.0.0.255 10.10.10.0 0.0.0.255 permit ip 22.22.23.0 0.0.0.255 10.10.11.0 0.0.0.255 permit ip 22.22.23.0 0.0.0.255 10.10.12.0 0.0.0.255 ! ! Rule 12 (global) permit 47 22.22.21.0 0.0.0.255 10.10.10.0 0.0.0.255 permit 50 22.22.21.0 0.0.0.255 10.10.10.0 0.0.0.255 permit 51 22.22.21.0 0.0.0.255 10.10.10.0 0.0.0.255 ! ! Rule 13 (global) permit icmp 22.22.21.0 0.0.0.255 10.10.10.0 0.0.0.255 3 permit icmp 22.22.21.0 0.0.0.255 10.10.10.0 0.0.0.255 11 ! ! Rule 14 (global) permit tcp 22.22.21.0 0.0.0.255 10.10.10.0 0.0.0.255 eq 79 permit tcp 22.22.21.0 0.0.0.255 10.10.10.0 0.0.0.255 eq 21 permit tcp 22.22.21.0 0.0.0.255 10.10.10.0 0.0.0.255 eq 80 ! ! Rule 15 (global) permit udp 22.22.21.0 0.0.0.255 10.10.10.0 0.0.0.255 eq 4000 permit udp 22.22.21.0 0.0.0.255 10.10.10.0 0.0.0.255 eq 500 permit udp 22.22.21.0 0.0.0.255 10.10.10.0 0.0.0.255 eq 53 ! ! Rule 16 (global) permit tcp 22.22.21.0 0.0.0.255 10.10.10.0 0.0.0.255 established ! ! Rule 17 (global) permit tcp 22.22.21.0 0.0.0.255 eq 80 10.10.10.0 0.0.0.255 established ! ! Rule 18 (global) permit icmp 22.22.21.0 0.0.0.255 10.10.10.0 0.0.0.255 0 permit tcp 22.22.21.0 0.0.0.255 10.10.10.0 0.0.0.255 eq 179 permit tcp 22.22.21.0 0.0.0.255 10.10.10.0 0.0.0.255 eq 79 permit udp 22.22.21.0 0.0.0.255 10.10.10.0 0.0.0.255 eq 123 permit udp 22.22.21.0 0.0.0.255 10.10.10.0 0.0.0.255 eq 26000 ! ! Rule 19 (global) deny ip any any log exit ip access-list extended e1_out ! ! Rule -2 backup ssh access rule (out) (automatic) permit tcp host 1.1.1.1 eq 22 10.10.10.0 0.0.0.255 permit tcp host 10.10.10.1 eq 22 10.10.10.0 0.0.0.255 ! ! Rule 1 (global) deny ip any any log fragments ! ! Rule 2 (global) permit ip any 10.10.10.0 0.0.0.255 permit ip any 10.10.11.0 0.0.0.255 permit ip any 10.10.12.0 0.0.0.255 ! ! Rule 3 (ethernet0,ethernet1) permit ip any 10.10.10.0 0.0.0.255 permit ip any 10.10.11.0 0.0.0.255 permit ip any 10.10.12.0 0.0.0.255 ! ! Rule 4 (ethernet1) permit ip any 10.10.10.0 0.0.0.255 permit ip any 10.10.11.0 0.0.0.255 permit ip any 10.10.12.0 0.0.0.255 ! ! Rule 9 (global) permit ip 22.22.21.0 0.0.0.255 10.10.10.0 0.0.0.255 permit ip 22.22.21.0 0.0.0.255 10.10.11.0 0.0.0.255 permit ip 22.22.21.0 0.0.0.255 10.10.12.0 0.0.0.255 permit ip 22.22.22.0 0.0.0.255 10.10.10.0 0.0.0.255 permit ip 22.22.22.0 0.0.0.255 10.10.11.0 0.0.0.255 permit ip 22.22.22.0 0.0.0.255 10.10.12.0 0.0.0.255 permit ip 22.22.23.0 0.0.0.255 10.10.10.0 0.0.0.255 permit ip 22.22.23.0 0.0.0.255 10.10.11.0 0.0.0.255 permit ip 22.22.23.0 0.0.0.255 10.10.12.0 0.0.0.255 ! ! Rule 10 (ethernet1) permit ip 22.22.21.0 0.0.0.255 10.10.10.0 0.0.0.255 permit ip 22.22.21.0 0.0.0.255 10.10.11.0 0.0.0.255 permit ip 22.22.21.0 0.0.0.255 10.10.12.0 0.0.0.255 permit ip 22.22.22.0 0.0.0.255 10.10.10.0 0.0.0.255 permit ip 22.22.22.0 0.0.0.255 10.10.11.0 0.0.0.255 permit ip 22.22.22.0 0.0.0.255 10.10.12.0 0.0.0.255 permit ip 22.22.23.0 0.0.0.255 10.10.10.0 0.0.0.255 permit ip 22.22.23.0 0.0.0.255 10.10.11.0 0.0.0.255 permit ip 22.22.23.0 0.0.0.255 10.10.12.0 0.0.0.255 ! ! Rule 12 (global) permit 47 22.22.21.0 0.0.0.255 10.10.10.0 0.0.0.255 permit 50 22.22.21.0 0.0.0.255 10.10.10.0 0.0.0.255 permit 51 22.22.21.0 0.0.0.255 10.10.10.0 0.0.0.255 ! ! Rule 13 (global) permit icmp 22.22.21.0 0.0.0.255 10.10.10.0 0.0.0.255 3 permit icmp 22.22.21.0 0.0.0.255 10.10.10.0 0.0.0.255 11 ! ! Rule 14 (global) permit tcp 22.22.21.0 0.0.0.255 10.10.10.0 0.0.0.255 eq 79 permit tcp 22.22.21.0 0.0.0.255 10.10.10.0 0.0.0.255 eq 21 permit tcp 22.22.21.0 0.0.0.255 10.10.10.0 0.0.0.255 eq 80 ! ! Rule 15 (global) permit udp 22.22.21.0 0.0.0.255 10.10.10.0 0.0.0.255 eq 4000 permit udp 22.22.21.0 0.0.0.255 10.10.10.0 0.0.0.255 eq 500 permit udp 22.22.21.0 0.0.0.255 10.10.10.0 0.0.0.255 eq 53 ! ! Rule 16 (global) permit tcp 22.22.21.0 0.0.0.255 10.10.10.0 0.0.0.255 established ! ! Rule 17 (global) permit tcp 22.22.21.0 0.0.0.255 eq 80 10.10.10.0 0.0.0.255 established ! ! Rule 18 (global) permit icmp 22.22.21.0 0.0.0.255 10.10.10.0 0.0.0.255 0 permit tcp 22.22.21.0 0.0.0.255 10.10.10.0 0.0.0.255 eq 179 permit tcp 22.22.21.0 0.0.0.255 10.10.10.0 0.0.0.255 eq 79 permit udp 22.22.21.0 0.0.0.255 10.10.10.0 0.0.0.255 eq 123 permit udp 22.22.21.0 0.0.0.255 10.10.10.0 0.0.0.255 eq 26000 ! ! Rule 19 (global) deny ip any any log exit interface ethernet0 ip access-group e0_in in exit interface ethernet0 ip access-group e0_out out exit interface ethernet1 ip access-group e1_in in exit interface ethernet1 ip access-group e1_out out exit ! ! Rule 0 (main) ! ! testios2:Routing:0: error: Object "test-addr-1" used as gateway in the routing rule 0 (main) is not reachable because it is not in any local network of the firewall ! ! Rule 1 (main) ! ! testios2:Routing:1: error: Can not use both gateway address and interface in IOS routing rule ! ! Epilog script: ! ! End of epilog script: !