! ! This is automatically generated file. DO NOT MODIFY ! ! ! Firewall Builder fwb_iosacl v5.0.1.3584 ! ! Generated Tue Nov 8 08:41:21 2011 PST by vadim ! ! Compiled for iosacl 12.4 ! !# files: * testios5-1.fw ! ! mirrored rules, using object-groups ! ! Prolog script: ! ! ! End of prolog script: ! hostname testios5-1 ! temporary access list for "safety net install" no ip access-list extended tmp_acl ip access-list extended tmp_acl permit ip 10.10.10.0 0.0.0.255 any deny ip any any exit interface ethernet1 no ip access-group in no ip access-group out ip access-group tmp_acl in exit no ip access-list extended e0_in no ip access-list extended e0_out no ip access-list extended e1_in no ip access-list extended e1_out no object-group network id115980X79820.1.src.net.0 no object-group network id115999X79820.src.net.0 no object-group network id115999X79820.dst.net.0 no object-group service id116125X79820.srv.tcp.0 no object-group service id91445X81725.srv.tcp.0 object-group network id115980X79820.1.src.net.0 host 1.1.1.1 host 10.10.10.1 exit object-group network id115999X79820.src.net.0 22.22.21.0 /24 22.22.22.0 /24 exit object-group network id115999X79820.dst.net.0 10.10.10.0 /24 10.10.11.0 /24 exit object-group service id116125X79820.srv.tcp.0 tcp eq 80 tcp eq 443 exit object-group service id91445X81725.srv.tcp.0 tcp range 0 65535 tcp eq 80 exit ! ================ IPv4 ip access-list extended e0_in ! ! Rule -1 backup ssh access rule (automatic) permit tcp 10.10.10.0 0.0.0.255 object-group id115980X79820.1.src.net.0 eq 22 ! ! Rule 0 (ethernet0) permit ip object-group id115999X79820.src.net.0 object-group id115999X79820.dst.net.0 ! ! Rule 1 (ethernet0) permit ip object-group id115999X79820.dst.net.0 object-group id115999X79820.src.net.0 ! ! Rule 2 (ethernet0) permit ip object-group id115999X79820.src.net.0 object-group id115999X79820.dst.net.0 permit ip object-group id115999X79820.dst.net.0 object-group id115999X79820.src.net.0 ! ! Rule 3 (ethernet0) deny ip object-group id115999X79820.src.net.0 object-group id115999X79820.dst.net.0 ! ! Rule 4 (ethernet0) permit tcp object-group id115999X79820.src.net.0 eq 80 object-group id115999X79820.dst.net.0 established ! ! Rule 5 (ethernet0) permit tcp object-group id115999X79820.dst.net.0 object-group id115999X79820.src.net.0 eq 80 ! ! Rule 6 (ethernet0) permit tcp object-group id115999X79820.src.net.0 object-group id115999X79820.dst.net.0 eq 80 ! ! Rule 7 (ethernet0) permit udp object-group id115999X79820.src.net.0 eq 123 object-group id115999X79820.dst.net.0 ! ! Rule 8 (ethernet0) permit icmp object-group id115999X79820.src.net.0 object-group id115999X79820.dst.net.0 0 ! ! Rule 9 (ethernet0) permit icmp object-group id115999X79820.src.net.0 object-group id115999X79820.dst.net.0 0 permit tcp object-group id115999X79820.src.net.0 eq 80 object-group id115999X79820.dst.net.0 established permit tcp object-group id115999X79820.src.net.0 eq 443 object-group id115999X79820.dst.net.0 established permit ip object-group id115999X79820.src.net.0 object-group id115999X79820.dst.net.0 permit udp object-group id115999X79820.src.net.0 eq 123 object-group id115999X79820.dst.net.0 ! ! Rule 10 (ethernet0) permit tcp object-group id115999X79820.src.net.0 object-group id115999X79820.dst.net.0 match-all -urg +ack -psh -rst -syn -fin permit tcp object-group id115999X79820.src.net.0 eq 80 object-group id115999X79820.dst.net.0 established permit tcp object-group id115999X79820.src.net.0 eq 443 object-group id115999X79820.dst.net.0 established permit tcp object-group id115999X79820.src.net.0 object-group id115999X79820.dst.net.0 match-all -urg +ack -psh -rst +syn -fin permit ip object-group id115999X79820.src.net.0 object-group id115999X79820.dst.net.0 ! ! Rule 11 (ethernet0) permit object-group id91445X81725.srv.tcp.0 object-group id115999X79820.src.net.0 object-group id115999X79820.dst.net.0 ! ! Rule 12 (ethernet0) permit ip object-group id115999X79820.src.net.0 object-group id115999X79820.dst.net.0 exit ip access-list extended e0_out ! ! Rule -2 backup ssh access rule (out) (automatic) permit tcp object-group id115980X79820.1.src.net.0 eq 22 10.10.10.0 0.0.0.255 ! ! Rule 0 (ethernet0) permit ip object-group id115999X79820.dst.net.0 object-group id115999X79820.src.net.0 ! ! Rule 1 (ethernet0) permit ip object-group id115999X79820.src.net.0 object-group id115999X79820.dst.net.0 ! ! Rule 2 (ethernet0) permit ip object-group id115999X79820.src.net.0 object-group id115999X79820.dst.net.0 permit ip object-group id115999X79820.dst.net.0 object-group id115999X79820.src.net.0 ! ! Rule 3 (ethernet0) deny ip object-group id115999X79820.dst.net.0 object-group id115999X79820.src.net.0 ! ! Rule 4 (ethernet0) permit tcp object-group id115999X79820.dst.net.0 object-group id115999X79820.src.net.0 eq 80 ! ! Rule 5 (ethernet0) permit tcp object-group id115999X79820.src.net.0 eq 80 object-group id115999X79820.dst.net.0 established ! ! Rule 6 (ethernet0) permit tcp object-group id115999X79820.dst.net.0 eq 80 object-group id115999X79820.src.net.0 established ! ! Rule 7 (ethernet0) permit udp object-group id115999X79820.dst.net.0 object-group id115999X79820.src.net.0 eq 123 ! ! Rule 8 (ethernet0) permit icmp object-group id115999X79820.dst.net.0 object-group id115999X79820.src.net.0 8 ! ! Rule 9 (ethernet0) permit icmp object-group id115999X79820.dst.net.0 object-group id115999X79820.src.net.0 8 permit object-group id116125X79820.srv.tcp.0 object-group id115999X79820.dst.net.0 object-group id115999X79820.src.net.0 permit udp object-group id115999X79820.dst.net.0 object-group id115999X79820.src.net.0 eq 123 ! ! Rule 10 (ethernet0) permit tcp object-group id115999X79820.dst.net.0 object-group id115999X79820.src.net.0 match-all -urg +ack -psh -rst -syn -fin permit tcp object-group id115999X79820.dst.net.0 object-group id115999X79820.src.net.0 match-all -urg +ack -psh -rst +syn -fin permit object-group id116125X79820.srv.tcp.0 object-group id115999X79820.dst.net.0 object-group id115999X79820.src.net.0 ! ! Rule 11 (ethernet0) permit tcp object-group id115999X79820.dst.net.0 object-group id115999X79820.src.net.0 established permit tcp object-group id115999X79820.dst.net.0 eq 80 object-group id115999X79820.src.net.0 established permit ip object-group id115999X79820.dst.net.0 object-group id115999X79820.src.net.0 ! ! Rule 12 (ethernet0) permit ip object-group id115999X79820.dst.net.0 object-group id115999X79820.src.net.0 exit ip access-list extended e1_in ! ! Rule -1 backup ssh access rule (automatic) permit tcp 10.10.10.0 0.0.0.255 object-group id115980X79820.1.src.net.0 eq 22 exit ip access-list extended e1_out ! ! Rule -2 backup ssh access rule (out) (automatic) permit tcp object-group id115980X79820.1.src.net.0 eq 22 10.10.10.0 0.0.0.255 exit interface ethernet0 ip access-group e0_in in exit interface ethernet0 ip access-group e0_out out exit interface ethernet1 ip access-group e1_in in exit interface ethernet1 ip access-group e1_out out exit ! ! Epilog script: ! ! End of epilog script: !