# Policy compiler errors and warnings: # firewall4:Policy:6: warning: Changing rule direction due to self reference # firewall4:Policy:6: warning: Changing rule direction due to self reference # # Rule 0 (eth1) # Anti-spoofing rule block in log quick on eth1 from 192.168.1.1 to any block in log quick on eth1 from 192.168.2.1 to any block in log quick on eth1 from 222.222.222.222 to any block in log quick on eth1 from 192.168.1.0/24 to any # # Rule 1 (eth1) # Anti-spoofing rule skip 4 out on eth1 from 192.168.1.1 to any skip 3 out on eth1 from 192.168.2.1 to any skip 2 out on eth1 from 222.222.222.222 to any skip 1 out on eth1 from 192.168.1.0/24 to any block out log quick on eth1 from any to any # # Rule 2 (eth1) block in log quick on eth1 proto icmp from any to any icmp-type 8 code 0 block out log quick on eth1 proto icmp from any to any icmp-type 8 code 0 # # Rule 3 (eth1) skip 1 in on eth1 proto icmp from 192.168.2.0/24 to any icmp-type 8 code 0 skip 1 out on eth1 proto icmp from 192.168.2.0/24 to any icmp-type 8 code 0 block in log quick on eth1 proto icmp from any to any icmp-type 8 code 0 block out log quick on eth1 proto icmp from any to any icmp-type 8 code 0 # # Rule 4 (global) # hostF has the same IP address as firewal. pass in log quick proto icmp from any to 192.168.1.1 icmp-type 8 code 0 keep state pass out log quick proto icmp from any to 192.168.1.1 icmp-type 8 code 0 keep state # # Rule 5 (global) # testing negation in the policy rule skip 2 in proto icmp from 192.168.1.10 to any icmp-type 3 skip 1 in proto icmp from 192.168.1.20 to any icmp-type 3 skip 2 out proto icmp from 192.168.1.10 to any icmp-type 3 skip 1 out proto icmp from 192.168.1.20 to any icmp-type 3 block in log quick proto icmp from any to any icmp-type 3 block out log quick proto icmp from any to any icmp-type 3 # # Rule 6 (global) # firewall4:Policy:6: warning: Changing rule direction due to self reference skip 8 in proto icmp from 192.168.1.10 to 192.168.1.1 icmp-type 3 skip 7 in proto icmp from 192.168.1.10 to 192.168.2.1 icmp-type 3 skip 6 in proto icmp from 192.168.1.10 to 222.222.222.222 icmp-type 3 skip 5 in proto icmp from 192.168.1.20 to 192.168.1.1 icmp-type 3 skip 4 in proto icmp from 192.168.1.20 to 192.168.2.1 icmp-type 3 skip 3 in proto icmp from 192.168.1.20 to 222.222.222.222 icmp-type 3 block in log quick proto icmp from any to 192.168.1.1 icmp-type 3 block in log quick proto icmp from any to 192.168.2.1 icmp-type 3 block in log quick proto icmp from any to 222.222.222.222 icmp-type 3 # # Rule 8 (global) # 'masquerading' rule pass in quick proto icmp from 192.168.1.0/24 to any keep state pass in quick proto tcp from 192.168.1.0/24 to any keep state pass in quick proto udp from 192.168.1.0/24 to any keep state pass in quick from 192.168.1.0/24 to any pass out quick proto icmp from 192.168.1.0/24 to any keep state pass out quick proto tcp from 192.168.1.0/24 to any keep state pass out quick proto udp from 192.168.1.0/24 to any keep state pass out quick from 192.168.1.0/24 to any # # Rule 10 (global) # 'catch all' rule block in log quick from any to any block out log quick from any to any # # Rule fallback rule # fallback rule block in quick from any to any block out quick from any to any