onkelbeh/fwbuilder
1
0
Fork 0
mirror of https://github.com/fwbuilder/fwbuilder synced 2026-03-21 18:57:14 +01:00
Code Issues Releases Wiki Activity
fwbuilder/test/ipf/objects-for-regression-tests.fwb

6637 lines
299 KiB
XML
Raw Blame History

<?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE FWObjectDatabase SYSTEM "fwbuilder.dtd">
<FWObjectDatabase xmlns="http://www.fwbuilder.org/1.0/" version="15" lastModified="1257363322" id="root">
<Library id="sysid99" name="Deleted Objects" comment="" ro="False">
<ICMP6Service id="idE0C27650" code="0" type="1" name="ipv6 dest unreachable" comment="No route to destination" ro="False"/>
</Library>
<Library id="id40D07E7A" color="#FFFFFF" name="LAX" comment="" ro="True">
<ObjectGroup id="id40D07E7B_clusters" name="Clusters" comment="" ro="False"/>
<ObjectGroup id="id40D07E7B" name="Objects" comment="" ro="False">
<ObjectGroup id="id40D07E7B_og_ats_1" name="Address Tables" comment="" ro="False"/>
<ObjectGroup id="id40D07E7C" name="Addresses" comment="" ro="False">
<IPv4 id="id40E238E6" name="laxftp1" comment="" ro="False" address="10.1.10.10" netmask="255.255.255.255"/>
<IPv4 id="id40E238E7" name="laxweb1" comment="" ro="False" address="10.1.10.11" netmask="255.255.255.255"/>
</ObjectGroup>
<ObjectGroup id="id40D07E7D" name="Groups" comment="" ro="False">
<ObjectGroup id="id40E23565" name="LAX Servers" comment="" ro="False">
<ObjectRef ref="id40E238E6"/>
<ObjectRef ref="id40E238E7"/>
</ObjectGroup>
</ObjectGroup>
<ObjectGroup id="id40D07E7E" name="Hosts" comment="" ro="False"/>
<ObjectGroup id="id40D07E7F" name="Networks" comment="" ro="False"/>
<ObjectGroup id="id40D07E80" name="Address Ranges" comment="" ro="False"/>
<ObjectGroup id="id4386560318752" name="DNS Names" comment="" ro="False"/>
</ObjectGroup>
<ServiceGroup id="id40D07E81" name="Services" comment="" ro="False">
<ServiceGroup id="id40D07E81_og_tag_1" name="TagServices" comment="" ro="False"/>
<ServiceGroup id="id40D07E82" name="Groups" comment="" ro="False"/>
<ServiceGroup id="id40D07E83" name="ICMP" comment="" ro="False"/>
<ServiceGroup id="id40D07E84" name="IP" comment="" ro="False"/>
<ServiceGroup id="id40D07E85" name="TCP" comment="" ro="False"/>
<ServiceGroup id="id40D07E86" name="UDP" comment="" ro="False"/>
<ServiceGroup id="id40D07E87" name="Custom" comment="" ro="False"/>
<ServiceGroup id="id40D07E81_userservices" name="Users" comment="" ro="False"/>
</ServiceGroup>
<ObjectGroup id="id40D07E88" name="Firewalls" comment="" ro="False"/>
<IntervalGroup id="id40D07E89" name="Time" comment="" ro="False"/>
</Library>
<Library id="id40E233F3" color="#FFFFFF" name="West Coast" comment="" ro="True">
<ObjectGroup id="id40E233F4_clusters" name="Clusters" comment="" ro="False"/>
<ObjectGroup id="id40E233F4" name="Objects" comment="" ro="False">
<ObjectGroup id="id40E233F4_og_ats_1" name="Address Tables" comment="" ro="False"/>
<ObjectGroup id="id40E233F5" name="Addresses" comment="" ro="False"/>
<ObjectGroup id="id40E233F6" name="Groups" comment="" ro="False">
<ObjectGroup id="id40E23403" name="West Coast Servers" comment="" ro="False">
<ObjectRef ref="id40E23562"/>
<ObjectRef ref="id40E23565"/>
</ObjectGroup>
</ObjectGroup>
<ObjectGroup id="id40E233F7" name="Hosts" comment="" ro="False"/>
<ObjectGroup id="id40E233F8" name="Networks" comment="" ro="False"/>
<ObjectGroup id="id40E233F9" name="Address Ranges" comment="" ro="False"/>
<ObjectGroup id="id4386560418752" name="DNS Names" comment="" ro="False"/>
</ObjectGroup>
<ServiceGroup id="id40E233FA" name="Services" comment="" ro="False">
<ServiceGroup id="id40E233FA_og_tag_1" name="TagServices" comment="" ro="False"/>
<ServiceGroup id="id40E233FB" name="Groups" comment="" ro="False"/>
<ServiceGroup id="id40E233FC" name="ICMP" comment="" ro="False"/>
<ServiceGroup id="id40E233FD" name="IP" comment="" ro="False"/>
<ServiceGroup id="id40E233FE" name="TCP" comment="" ro="False"/>
<ServiceGroup id="id40E233FF" name="UDP" comment="" ro="False"/>
<ServiceGroup id="id40E23400" name="Custom" comment="" ro="False"/>
<ServiceGroup id="id40E233FA_userservices" name="Users" comment="" ro="False"/>
</ServiceGroup>
<ObjectGroup id="id40E23401" name="Firewalls" comment="" ro="False"/>
<IntervalGroup id="id40E23402" name="Time" comment="" ro="False"/>
</Library>
<Library id="syslib001" color="#d2ffd0" name="User" comment="User defined objects" ro="False">
<ObjectGroup id="stdid01_1_clusters" name="Clusters" comment="" ro="False"/>
<ObjectGroup id="stdid01_1" name="Objects" comment="" ro="False">
<ObjectGroup id="stdid01_1_og_ats_1" name="Address Tables" comment="" ro="False">
<AddressTable id="id4389EE9018346" filename="addr-table-1.tbl" run_time="False" name="addr-table-1" comment="" ro="False"/>
<AddressTable id="id4389EE9118346" filename="block-hosts.tbl" run_time="True" name="block these" comment="this is run-time table" ro="False"/>
</ObjectGroup>
<ObjectGroup id="stdid16_1" name="Addresses" comment="" ro="False">
<IPv4 id="id4388C37D674" name="sapmhost1" comment="" ro="False" address="61.150.47.112" netmask="255.255.255.255"/>
</ObjectGroup>
<ObjectGroup id="stdid04_1" name="Groups" comment="" ro="False">
<ObjectGroup id="id3B4572AF" name="group1" comment="" ro="False">
<ObjectRef ref="host-hostA"/>
<ObjectRef ref="host-hostB"/>
</ObjectGroup>
<ObjectGroup id="id3B4572B5" name="platform" comment="" ro="False">
<ObjectRef ref="id3AFC0F70"/>
<ObjectRef ref="id3AFC191C"/>
</ObjectGroup>
<ObjectGroup id="id3BBC0EFC" name="netgroup1" comment="" ro="False">
<ObjectRef ref="net-Internal_net"/>
<ObjectRef ref="id3B022266"/>
</ObjectGroup>
<ObjectGroup id="id3CD87A9A" name="group-range-1" comment="" ro="False">
<ObjectRef ref="id3CD87A53"/>
<ObjectRef ref="id3CD87A5E"/>
<ObjectRef ref="id3CD87A6D"/>
<ObjectRef ref="id3CD87A7C"/>
<ObjectRef ref="id3CD87A8B"/>
</ObjectGroup>
<ObjectGroup id="id3D8FF5EC" name="group2" comment="" ro="False">
<ObjectRef ref="host-hostA"/>
</ObjectGroup>
<ObjectGroup id="id3DEA7FEE" name="lb group" comment="" ro="False">
<ObjectRef ref="host-hostA"/>
<ObjectRef ref="host-hostB"/>
<ObjectRef ref="id3D58227A"/>
</ObjectGroup>
<ObjectGroup id="id3EDC2CF8" name="ext nets" comment="" ro="False">
<ObjectRef ref="id3B665643"/>
<ObjectRef ref="id3B665641"/>
</ObjectGroup>
<ObjectGroup id="id4390C25525682" name="at group" comment="this group is a combination of a regular address object and an address table in run-time mode" ro="False">
<ObjectRef ref="id4388C37D674"/>
<ObjectRef ref="id4389EE9118346"/>
</ObjectGroup>
</ObjectGroup>
<ObjectGroup id="stdid02_1" name="Hosts" comment="" ro="False">
<Host id="id3B64FFAC" name="broadcast" comment="broadcast on internal subnet" ro="False">
<Interface id="id3B64FFAC-i" dyn="False" security_level="100" unnum="False" unprotected="False" name="unknown" comment="" ro="False">
<IPv4 id="id3B64FFAC-i-ipv4" name="address" comment="" ro="False" address="192.168.1.255" netmask="255.255.255.255"/>
<InterfaceOptions/>
</Interface>
<HostOptions>
<Option name="use_mac_addr_filter">false</Option>
</HostOptions>
</Host>
<Host id="id3D265845" name="fw2-dmz-iface" comment="" ro="False">
<Interface id="id3D265845-i" dyn="False" security_level="0" unnum="False" unprotected="False" name="interface-1" comment="" ro="False">
<IPv4 id="id3D265845-i-1-addr" name="address" comment="" ro="False" address="192.168.2.1" netmask="255.255.255.255"/>
<InterfaceOptions/>
</Interface>
<Management address="192.168.2.1">
<SNMPManagement enabled="False" snmp_read_community="" snmp_write_community=""/>
<FWBDManagement enabled="False" identity="" port="-1"/>
<PolicyInstallScript arguments="" command="" enabled="False"/>
</Management>
<HostOptions>
<Option name="snmp_contact"/>
<Option name="snmp_description"/>
<Option name="snmp_location"/>
<Option name="use_mac_addr">false</Option>
<Option name="use_mac_addr_filter">False</Option>
</HostOptions>
</Host>
<Host id="id3AFC191C" name="fw2-int-iface" comment="the same address as internal iface of firewall1" ro="False">
<Interface id="id3AFC191C-i" dyn="False" security_level="100" unnum="False" unprotected="False" name="unknown" comment="" ro="False">
<IPv4 id="id3AFC191C-i-ipv4" name="address" comment="" ro="False" address="192.168.1.1" netmask="255.255.255.255"/>
<InterfaceOptions/>
</Interface>
<Management address="192.168.1.1">
<SNMPManagement enabled="False" snmp_read_community="" snmp_write_community=""/>
<FWBDManagement enabled="False" identity="" port="-1"/>
<PolicyInstallScript arguments="" command="" enabled="False"/>
</Management>
<HostOptions>
<Option name="snmp_contact"/>
<Option name="snmp_description"/>
<Option name="snmp_location"/>
<Option name="use_mac_addr_filter">False</Option>
</HostOptions>
</Host>
<Host id="id3D265477" name="host-dmz1" comment="host on the DMZ net" ro="False">
<Interface id="id3D265477-i" dyn="False" security_level="0" unnum="False" unprotected="False" name="interface-1" comment="" ro="False">
<IPv4 id="id3D265477-i-1-addr" name="address" comment="" ro="False" address="192.168.2.10" netmask="255.255.255.255"/>
<InterfaceOptions/>
</Interface>
<Management address="192.168.2.10">
<SNMPManagement enabled="False" snmp_read_community="" snmp_write_community=""/>
<FWBDManagement enabled="False" identity="" port="-1"/>
<PolicyInstallScript arguments="" command="" enabled="False"/>
</Management>
<HostOptions>
<Option name="snmp_contact"/>
<Option name="snmp_description"/>
<Option name="snmp_location"/>
<Option name="use_mac_addr">false</Option>
<Option name="use_mac_addr_filter">False</Option>
</HostOptions>
</Host>
<Host id="id3D26547B" name="host-dmz1-NAT" comment="" ro="False">
<Interface id="id3D26547B-i" dyn="False" security_level="0" unnum="False" unprotected="False" name="interface-1" comment="" ro="False">
<IPv4 id="id3D26547B-i-1-addr" name="address" comment="" ro="False" address="22.22.22.24" netmask="255.255.255.255"/>
<InterfaceOptions/>
</Interface>
<Management address="22.22.22.24">
<SNMPManagement enabled="False" snmp_read_community="" snmp_write_community=""/>
<FWBDManagement enabled="False" identity="" port="-1"/>
<PolicyInstallScript arguments="" command="" enabled="False"/>
</Management>
<HostOptions>
<Option name="snmp_contact"/>
<Option name="snmp_description"/>
<Option name="snmp_location"/>
<Option name="use_mac_addr">false</Option>
<Option name="use_mac_addr_filter">False</Option>
</HostOptions>
</Host>
<Host id="id3DEA665F" name="host-ext1" comment="" ro="False">
<Interface id="id3DEA6663" dyn="False" security_level="0" unnum="False" unprotected="False" name="interface1" comment="" ro="False">
<IPv4 id="id3DEA6664" name="host-ext1" comment="" ro="False" address="22.22.22.24" netmask="255.255.255.255"/>
<InterfaceOptions/>
</Interface>
<Management address="0.0.0.0">
<SNMPManagement enabled="False" snmp_read_community="" snmp_write_community=""/>
<FWBDManagement enabled="False" identity="" port="-1"/>
<PolicyInstallScript arguments="" command="" enabled="False"/>
</Management>
<HostOptions>
<Option name="use_mac_addr">false</Option>
</HostOptions>
</Host>
<Host id="id3AFC0F70" name="host-fw2" comment="this host has the same IP address as firewall1 and firewall2" ro="False">
<Interface id="id3AFC0F70-i" dyn="False" security_level="100" unnum="False" unprotected="False" name="unknown" comment="" ro="False">
<IPv4 id="id3AFC0F70-i-ipv4" name="address" comment="" ro="False" address="22.22.22.22" netmask="255.255.255.255"/>
<InterfaceOptions/>
</Interface>
<HostOptions>
<Option name="use_mac_addr_filter">false</Option>
</HostOptions>
</Host>
<Host id="id3BF1B3E1" name="host-with_mac" comment="" ro="False">
<Interface id="id3BF1B3E2" dyn="False" label="" security_level="100" unnum="False" unprotected="False" name="unknown" comment="" ro="False">
<IPv4 id="id3BF1B3E2-ipv4" name="address" comment="" ro="False" address="192.168.1.10" netmask="255.255.255.0"/>
<physAddress id="id3BF1B3E2-pa" address="00:10:4b:de:e9:6f" name="unknown-pa" comment="" ro="False"/>
<InterfaceOptions/>
</Interface>
<Management address="192.168.1.10">
<SNMPManagement enabled="False" snmp_read_community="" snmp_write_community=""/>
<FWBDManagement enabled="False" identity="" port="-1"/>
<PolicyInstallScript arguments="" command="" enabled="False"/>
</Management>
<HostOptions>
<Option name="use_mac_addr_filter">True</Option>
</HostOptions>
</Host>
<Host id="id3BF1B3E7" name="host-with_mac-2" comment="" ro="False">
<Interface id="id3BF1B3E8" dyn="False" label="" security_level="100" unnum="False" unprotected="False" name="unknown" comment="" ro="False">
<IPv4 id="id3BF1B3E8-ipv4" name="address" comment="" ro="False" address="0.0.0.0" netmask="0.0.0.0"/>
<physAddress id="id3BF1B3E8-pa" address="00:10:4b:de:e9:6f" name="unknown-pa" comment="" ro="False"/>
<InterfaceOptions/>
</Interface>
<Management address="0.0.0.0">
<SNMPManagement enabled="False" snmp_read_community="" snmp_write_community=""/>
<FWBDManagement enabled="False" identity="" port="-1"/>
<PolicyInstallScript arguments="" command="" enabled="False"/>
</Management>
<HostOptions>
<Option name="snmp_contact"/>
<Option name="snmp_description"/>
<Option name="snmp_location"/>
<Option name="use_mac_addr_filter">True</Option>
</HostOptions>
</Host>
<Host id="host-hostA" name="hostA" comment="" ro="False">
<Interface id="host-hostA-i" dyn="False" label="" mgmt="False" security_level="100" unnum="False" unprotected="False" name="int1" comment="" ro="False">
<IPv4 id="host-hostA-i-ipv4" name="hostA(ip)" comment="" ro="False" address="192.168.1.10" netmask="255.255.255.255"/>
<InterfaceOptions/>
</Interface>
<Management address="192.168.1.10">
<SNMPManagement enabled="False" snmp_read_community="public" snmp_write_community=""/>
<FWBDManagement enabled="False" identity="" port="-1"/>
<PolicyInstallScript arguments="" command="" enabled="False"/>
</Management>
<HostOptions>
<Option name="use_mac_addr_filter">false</Option>
</HostOptions>
</Host>
<Host id="id3B3D5A3B" name="hostA" comment="" ro="False">
<Interface id="id3B3D5A3B-i" dyn="False" label="" mgmt="False" security_level="100" unnum="False" unprotected="False" name="int1" comment="" ro="False">
<IPv4 id="id3B3D5A3B-i-ipv4" name="hostA(ip)" comment="" ro="False" address="192.168.1.10" netmask="255.255.255.255"/>
<InterfaceOptions/>
</Interface>
<Management address="192.168.1.10">
<SNMPManagement enabled="False" snmp_read_community="public" snmp_write_community=""/>
<FWBDManagement enabled="False" identity="" port="-1"/>
<PolicyInstallScript arguments="" command="" enabled="False"/>
</Management>
<HostOptions>
<Option name="use_mac_addr_filter">false</Option>
</HostOptions>
</Host>
<Host id="id3AFADBF9" name="hostA-NAT" comment="translated address for hostA" ro="False">
<Interface id="id3AFADBF9-i" dyn="False" security_level="100" unnum="False" unprotected="False" name="unknown" comment="" ro="False">
<IPv4 id="id3AFADBF9-i-ipv4" name="address" comment="" ro="False" address="22.22.22.23" netmask="255.255.255.255"/>
<InterfaceOptions/>
</Interface>
<HostOptions>
<Option name="use_mac_addr_filter">false</Option>
</HostOptions>
</Host>
<Host id="host-hostB" name="hostB" comment="" ro="False">
<Interface id="host-hostB-i" dyn="False" label="" mgmt="False" security_level="100" unnum="False" unprotected="False" name="int1" comment="" ro="False">
<IPv4 id="host-hostB-i-ipv4" name="hostB(ip)" comment="" ro="False" address="192.168.1.20" netmask="255.255.255.255"/>
<InterfaceOptions/>
</Interface>
<Management address="192.168.1.20">
<SNMPManagement enabled="False" snmp_read_community="public" snmp_write_community=""/>
<FWBDManagement enabled="False" identity="" port="-1"/>
<PolicyInstallScript arguments="" command="" enabled="False"/>
</Management>
<HostOptions>
<Option name="use_mac_addr_filter">false</Option>
</HostOptions>
</Host>
<Host id="id3BD6736B" name="hostB-NAT" comment="" ro="False">
<Interface id="id3BD6736B-i" dyn="False" security_level="100" unnum="False" unprotected="False" name="unknown" comment="" ro="False">
<IPv4 id="id3BD6736B-i-ipv4" name="address" comment="" ro="False" address="22.22.23.24" netmask="255.255.255.255"/>
<InterfaceOptions/>
</Interface>
<HostOptions>
<Option name="use_mac_addr_filter">false</Option>
</HostOptions>
</Host>
<Host id="id3D58227A" name="hostC" comment="" ro="False">
<Interface id="id3D58227A-i" dyn="False" label="" mgmt="False" security_level="0" unnum="False" unprotected="False" name="int1" comment="" ro="False">
<IPv4 id="id3D58227A-i-1-addr" name="hostC(ip)" comment="" ro="False" address="192.168.1.100" netmask="255.255.255.255"/>
<InterfaceOptions/>
</Interface>
<Management address="192.168.1.100">
<SNMPManagement enabled="False" snmp_read_community="" snmp_write_community=""/>
<FWBDManagement enabled="False" identity="" port="-1"/>
<PolicyInstallScript arguments="" command="" enabled="False"/>
</Management>
<HostOptions>
<Option name="snmp_contact"/>
<Option name="snmp_description"/>
<Option name="snmp_location"/>
<Option name="use_mac_addr">false</Option>
<Option name="use_mac_addr_filter">False</Option>
</HostOptions>
</Host>
<Host id="id3D58227E" name="hostC-1" comment="" ro="False">
<Interface id="id3D582282" dyn="False" label="" security_level="0" unnum="False" unprotected="False" name="eth0" comment="" ro="False">
<IPv4 id="id3D582283" name="hostC-1:eth0" comment="" ro="False" address="192.168.1.100" netmask="255.255.255.0"/>
<InterfaceOptions/>
</Interface>
<Management address="192.168.1.100">
<SNMPManagement enabled="False" snmp_read_community="" snmp_write_community=""/>
<FWBDManagement enabled="False" identity="" port="-1"/>
<PolicyInstallScript arguments="" command="" enabled="False"/>
</Management>
<HostOptions>
<Option name="snmp_contact"/>
<Option name="snmp_description"/>
<Option name="snmp_location"/>
<Option name="use_mac_addr">false</Option>
<Option name="use_mac_addr_filter">False</Option>
</HostOptions>
</Host>
<Host id="id3CD87A53" name="n192.168.1.11" comment="" ro="False">
<Interface id="id3CD87A53-i" dyn="False" security_level="0" unnum="False" unprotected="False" name="interface-1" comment="" ro="False">
<IPv4 id="id3CD87A53-i-1-addr" name="address" comment="" ro="False" address="192.168.1.11" netmask="255.255.255.255"/>
<InterfaceOptions/>
</Interface>
<Management address="192.168.1.11">
<SNMPManagement enabled="False" snmp_read_community="" snmp_write_community=""/>
<FWBDManagement enabled="False" identity="" port="-1"/>
<PolicyInstallScript arguments="" command="" enabled="False"/>
</Management>
<HostOptions>
<Option name="snmp_contact"/>
<Option name="snmp_description"/>
<Option name="snmp_location"/>
<Option name="use_mac_addr">False</Option>
<Option name="use_mac_addr_filter">False</Option>
</HostOptions>
</Host>
<Host id="id3CD87A5E" name="n192.168.1.12" comment="" ro="False">
<Interface id="id3CD87A5E-i" dyn="False" security_level="0" unnum="False" unprotected="False" name="interface-1" comment="" ro="False">
<IPv4 id="id3CD87A5E-i-1-addr" name="address" comment="" ro="False" address="192.168.1.12" netmask="255.255.255.255"/>
<InterfaceOptions/>
</Interface>
<Management address="192.168.1.12">
<SNMPManagement enabled="False" snmp_read_community="" snmp_write_community=""/>
<FWBDManagement enabled="False" identity="" port="-1"/>
<PolicyInstallScript arguments="" command="" enabled="False"/>
</Management>
<HostOptions>
<Option name="snmp_contact"/>
<Option name="snmp_description"/>
<Option name="snmp_location"/>
<Option name="use_mac_addr">False</Option>
<Option name="use_mac_addr_filter">False</Option>
</HostOptions>
</Host>
<Host id="id3CD87A6D" name="n192.168.1.13" comment="" ro="False">
<Interface id="id3CD87A6D-i" dyn="False" security_level="0" unnum="False" unprotected="False" name="interface-1" comment="" ro="False">
<IPv4 id="id3CD87A6D-i-1-addr" name="address" comment="" ro="False" address="192.168.1.13" netmask="255.255.255.255"/>
<InterfaceOptions/>
</Interface>
<Management address="192.168.1.13">
<SNMPManagement enabled="False" snmp_read_community="" snmp_write_community=""/>
<FWBDManagement enabled="False" identity="" port="-1"/>
<PolicyInstallScript arguments="" command="" enabled="False"/>
</Management>
<HostOptions>
<Option name="snmp_contact"/>
<Option name="snmp_description"/>
<Option name="snmp_location"/>
<Option name="use_mac_addr">False</Option>
<Option name="use_mac_addr_filter">False</Option>
</HostOptions>
</Host>
<Host id="id3CD87A7C" name="n192.168.1.14" comment="" ro="False">
<Interface id="id3CD87A7C-i" dyn="False" security_level="0" unnum="False" unprotected="False" name="interface-1" comment="" ro="False">
<IPv4 id="id3CD87A7C-i-1-addr" name="address" comment="" ro="False" address="192.168.1.14" netmask="255.255.255.255"/>
<InterfaceOptions/>
</Interface>
<Management address="192.168.1.14">
<SNMPManagement enabled="False" snmp_read_community="" snmp_write_community=""/>
<FWBDManagement enabled="False" identity="" port="-1"/>
<PolicyInstallScript arguments="" command="" enabled="False"/>
</Management>
<HostOptions>
<Option name="snmp_contact"/>
<Option name="snmp_description"/>
<Option name="snmp_location"/>
<Option name="use_mac_addr">False</Option>
<Option name="use_mac_addr_filter">False</Option>
</HostOptions>
</Host>
<Host id="id3CD87A8B" name="n192.168.1.15" comment="" ro="False">
<Interface id="id3CD87A8B-i" dyn="False" security_level="0" unnum="False" unprotected="False" name="interface-1" comment="" ro="False">
<IPv4 id="id3CD87A8B-i-1-addr" name="address" comment="" ro="False" address="192.168.1.15" netmask="255.255.255.255"/>
<InterfaceOptions/>
</Interface>
<Management address="192.168.1.15">
<SNMPManagement enabled="False" snmp_read_community="" snmp_write_community=""/>
<FWBDManagement enabled="False" identity="" port="-1"/>
<PolicyInstallScript arguments="" command="" enabled="False"/>
</Management>
<HostOptions>
<Option name="snmp_contact"/>
<Option name="snmp_description"/>
<Option name="snmp_location"/>
<Option name="use_mac_addr">False</Option>
<Option name="use_mac_addr_filter">False</Option>
</HostOptions>
</Host>
<Host id="id3B19C5EB" name="outside-host" comment="some host outside our network" ro="False">
<Interface id="id3B19C5EB-i" dyn="False" security_level="100" unnum="False" unprotected="False" name="unknown" comment="" ro="False">
<IPv4 id="id3B19C5EB-i-ipv4" name="address" comment="" ro="False" address="200.200.200.200" netmask="255.255.255.255"/>
<InterfaceOptions/>
</Interface>
<HostOptions>
<Option name="use_mac_addr_filter">false</Option>
</HostOptions>
</Host>
<Host id="host-secondary1-com" name="secondary1.com" comment="" ro="False">
<Interface id="host-secondary1-com-i" dyn="False" security_level="100" unnum="False" unprotected="False" name="unknown" comment="" ro="False">
<IPv4 id="host-secondary1-com-i-ipv4" name="address" comment="" ro="False" address="211.11.11.11" netmask="255.255.255.255"/>
<InterfaceOptions/>
</Interface>
<Management address="211.11.11.11">
<SNMPManagement enabled="False" snmp_read_community="public" snmp_write_community=""/>
<FWBDManagement enabled="False" identity="" port="-1"/>
<PolicyInstallScript arguments="" command="" enabled="False"/>
</Management>
<HostOptions>
<Option name="use_mac_addr_filter">false</Option>
</HostOptions>
</Host>
<Host id="host-secondary2-com" name="secondary2.com" comment="" ro="False">
<Interface id="host-secondary2-com-i" dyn="False" security_level="100" unnum="False" unprotected="False" name="unknown" comment="" ro="False">
<IPv4 id="host-secondary2-com-i-ipv4" name="address" comment="" ro="False" address="211.22.22.22" netmask="255.255.255.255"/>
<InterfaceOptions/>
</Interface>
<Management address="211.22.22.22">
<SNMPManagement enabled="False" snmp_read_community="public" snmp_write_community=""/>
<FWBDManagement enabled="False" identity="" port="-1"/>
<PolicyInstallScript arguments="" command="" enabled="False"/>
</Management>
<HostOptions>
<Option name="use_mac_addr_filter">false</Option>
</HostOptions>
</Host>
<Host id="id3BF23930" name="z-host" comment="" ro="False">
<Interface id="id3BF23931" dyn="False" label="" security_level="100" unnum="False" unprotected="False" name="unknown" comment="" ro="False">
<IPv4 id="id3BF23931-ipv4" name="address" comment="" ro="False" address="0.0.0.0" netmask="0.0.0.0"/>
<physAddress id="id3BF23931-pa" address="00:a0:24:53:06:8c" name="unknown-pa" comment="" ro="False"/>
<InterfaceOptions/>
</Interface>
<Management address="0.0.0.0">
<SNMPManagement enabled="False" snmp_read_community="" snmp_write_community=""/>
<FWBDManagement enabled="False" identity="" port="-1"/>
<PolicyInstallScript arguments="" command="" enabled="False"/>
</Management>
<HostOptions>
<Option name="snmp_contact"/>
<Option name="snmp_description"/>
<Option name="snmp_location"/>
<Option name="use_mac_addr_filter">False</Option>
</HostOptions>
</Host>
<Host id="id3D850651" name="zero address" comment="" ro="False">
<Interface id="id3D850655" dyn="False" security_level="0" unnum="False" unprotected="False" name="interface1" comment="" ro="False">
<IPv4 id="id3D850656" name="zero address" comment="" ro="False" address="0.0.0.0" netmask="255.0.0.0"/>
<InterfaceOptions/>
</Interface>
<Management address="0.0.0.0">
<SNMPManagement enabled="False" snmp_read_community="" snmp_write_community=""/>
<FWBDManagement enabled="False" identity="" port="-1"/>
<PolicyInstallScript arguments="" command="" enabled="False"/>
</Management>
<HostOptions>
<Option name="use_mac_addr">false</Option>
</HostOptions>
</Host>
<Host id="id3FCA558D" name="dmz host 1" comment="" ro="False">
<Interface id="id3FCA558F" dyn="False" label="" mgmt="False" security_level="0" unnum="False" unprotected="False" name="int1" comment="" ro="False">
<IPv4 id="id3FCA5590" name="dmz host 1:(ip)" comment="" ro="False" address="192.168.2.10" netmask="255.255.255.255"/>
<InterfaceOptions/>
</Interface>
<Management address="0.0.0.0">
<SNMPManagement enabled="False" snmp_read_community="" snmp_write_community=""/>
<FWBDManagement enabled="False" identity="" port="-1"/>
<PolicyInstallScript arguments="" command="" enabled="False"/>
</Management>
<HostOptions>
<Option name="use_mac_addr">false</Option>
</HostOptions>
</Host>
<Host id="id3FCA5593" name="dmz host 2" comment="" ro="False">
<Interface id="id3FCA5595" dyn="False" label="" mgmt="False" security_level="0" unnum="False" unprotected="False" name="int1" comment="" ro="False">
<IPv4 id="id3FCA5596" name="dmz host 2:(ip)" comment="" ro="False" address="192.168.2.20" netmask="255.255.255.255"/>
<InterfaceOptions/>
</Interface>
<Management address="0.0.0.0">
<SNMPManagement enabled="False" snmp_read_community="" snmp_write_community=""/>
<FWBDManagement enabled="False" identity="" port="-1"/>
<PolicyInstallScript arguments="" command="" enabled="False"/>
</Management>
<HostOptions>
<Option name="use_mac_addr">false</Option>
</HostOptions>
</Host>
<Host id="id3FCA52D5" name="hostD" comment="" ro="False">
<Interface id="id3FCA52D7" dyn="False" label="" mgmt="False" security_level="0" unnum="False" unprotected="False" name="int1" comment="" ro="False">
<IPv4 id="id3FCA52D8" name="hostD(ip)" comment="" ro="False" address="192.168.1.110" netmask="255.255.255.255"/>
<InterfaceOptions/>
</Interface>
<Management address="0.0.0.0">
<SNMPManagement enabled="False" snmp_read_community="" snmp_write_community=""/>
<FWBDManagement enabled="False" identity="" port="-1"/>
<PolicyInstallScript arguments="" command="" enabled="False"/>
</Management>
<HostOptions>
<Option name="use_mac_addr">false</Option>
</HostOptions>
</Host>
<Host id="id3FCA52DB" name="hostE" comment="" ro="False">
<Interface id="id3FCA52DD" dyn="False" label="" mgmt="False" security_level="0" unnum="False" unprotected="False" name="int1" comment="" ro="False">
<IPv4 id="id3FCA52DE" name="hostE(ip)" comment="" ro="False" address="192.168.1.120" netmask="255.255.255.255"/>
<InterfaceOptions/>
</Interface>
<Management address="0.0.0.0">
<SNMPManagement enabled="False" snmp_read_community="" snmp_write_community=""/>
<FWBDManagement enabled="False" identity="" port="-1"/>
<PolicyInstallScript arguments="" command="" enabled="False"/>
</Management>
<HostOptions>
<Option name="use_mac_addr">false</Option>
</HostOptions>
</Host>
<Host id="id3FCA534B" name="dmz host 3" comment="" ro="False">
<Interface id="id3FCA534D" dyn="False" label="" mgmt="False" security_level="0" unnum="False" unprotected="False" name="int1" comment="" ro="False">
<IPv4 id="id3FCA534E" name="dmz host 3(ip)" comment="" ro="False" address="192.168.2.30" netmask="255.255.255.255"/>
<InterfaceOptions/>
</Interface>
<Management address="0.0.0.0">
<SNMPManagement enabled="False" snmp_read_community="" snmp_write_community=""/>
<FWBDManagement enabled="False" identity="" port="-1"/>
<PolicyInstallScript arguments="" command="" enabled="False"/>
</Management>
<HostOptions>
<Option name="use_mac_addr">false</Option>
</HostOptions>
</Host>
<Host id="id3FCA5351" name="dmz host 4" comment="" ro="False">
<Interface id="id3FCA5353" dyn="False" label="" mgmt="False" security_level="0" unnum="False" unprotected="False" name="int1" comment="" ro="False">
<IPv4 id="id3FCA5354" name="dmz host 4(ip)" comment="" ro="False" address="192.168.2.40" netmask="255.255.255.255"/>
<InterfaceOptions/>
</Interface>
<Management address="0.0.0.0">
<SNMPManagement enabled="False" snmp_read_community="" snmp_write_community=""/>
<FWBDManagement enabled="False" identity="" port="-1"/>
<PolicyInstallScript arguments="" command="" enabled="False"/>
</Management>
<HostOptions>
<Option name="use_mac_addr">false</Option>
</HostOptions>
</Host>
<Host id="id43913DCB25682" name="hostAt" comment="" ro="False">
<Interface id="id43913DCD25682" dyn="False" label="" security_level="100" unnum="False" unprotected="False" name="hostA_eth0" comment="" ro="False">
<IPv4 id="id43913DCE25682" name="hostAt:hostA_eth0:ip" comment="" ro="False" address="192.168.1.10" netmask="255.255.255.255"/>
<InterfaceOptions/>
</Interface>
<Management address="192.168.1.10">
<SNMPManagement enabled="False" snmp_read_community="public" snmp_write_community=""/>
<FWBDManagement enabled="False" identity="" port="-1"/>
<PolicyInstallScript arguments="" command="" enabled="False"/>
</Management>
<HostOptions>
<Option name="snmp_contact"/>
<Option name="snmp_description"/>
<Option name="snmp_location"/>
<Option name="use_mac_addr_filter">False</Option>
</HostOptions>
</Host>
</ObjectGroup>
<ObjectGroup id="stdid03_1" name="Networks" comment="" ro="False">
<Network id="net-Internal_net" name="Internal_net" comment="" ro="False" address="192.168.1.0" netmask="255.255.255.0"/>
<Network id="id3B022266" name="dmz_net" comment="DMZ net - using NAT" ro="False" address="192.168.2.0" netmask="255.255.255.0"/>
<Network id="id3B665641" name="external_net" comment="" ro="False" address="22.22.22.0" netmask="255.255.255.0"/>
<Network id="id3B665643" name="foreign_net" comment="" ro="False" address="33.33.33.0" netmask="255.255.255.0"/>
<Network id="id3FF5DC23" name="n-10.0.0.0" comment="" ro="False" address="10.0.0.0" netmask="255.255.255.0"/>
<Network id="id43913DEA25682" name="Internal_net_t" comment="" ro="False" address="192.168.1.0" netmask="255.255.255.0"/>
</ObjectGroup>
<ObjectGroup id="stdid15_1" name="Address Ranges" comment="" ro="False">
<AddressRange id="id3CD8769F" name="test_range_1" comment="" ro="False" start_address="192.168.1.11" end_address="192.168.1.15"/>
<AddressRange id="id3D98E5AD" name="test_range_2" comment="" ro="False" start_address="192.168.1.11" end_address="192.168.1.11"/>
</ObjectGroup>
<ObjectGroup id="id4386560518752" name="DNS Names" comment="" ro="False">
<DNSName id="id43869E8E18346" dnsrec="buildmaster" dnsrectype="A" run_time="False" name="buildmaster (ct)" comment="an example of a local host" ro="False"/>
<DNSName id="id43869E8F18346" dnsrec="buildmaster" dnsrectype="A" run_time="True" name="buildmaster (rt)" comment="an example of a local host" ro="False"/>
<DNSName id="id43869E8C18346" dnsrec="www.cnn.com" dnsrectype="A" run_time="False" name="cnn (ct)" comment="" ro="False"/>
<DNSName id="id43869E8D18346" dnsrec="www.cnn.com" dnsrectype="A" run_time="True" name="cnn (rt)" comment="" ro="False"/>
<DNSName id="id4387287918346" dnsrec="www.google.com" dnsrectype="A" run_time="False" name="google (ct)" comment="" ro="False"/>
<DNSName id="id4387287A18346" dnsrec="www.google.com" dnsrectype="A" run_time="True" name="google (rt)" comment="" ro="False"/>
</ObjectGroup>
</ObjectGroup>
<ServiceGroup id="stdid05_1" name="Services" comment="" ro="False">
<ServiceGroup id="stdid05_1_og_tag_1" name="TagServices" comment="" ro="False"/>
<ServiceGroup id="stdid10_1" name="Groups" comment="" ro="False">
<ServiceGroup id="id3B457567" name="svcgroup1" comment="" ro="False">
<ServiceRef ref="id3B457561"/>
<ServiceRef ref="ip-IPSEC"/>
</ServiceGroup>
<ServiceGroup id="id3C1A66C9" name="large group TCP" comment="" ro="False">
<ServiceRef ref="id3B20468D"/>
<ServiceRef ref="tcp-IRC"/>
<ServiceRef ref="id3B5009F7"/>
<ServiceRef ref="tcp-Auth"/>
<ServiceRef ref="tcp-DNS_zone_transf"/>
<ServiceRef ref="tcp-FTP"/>
<ServiceRef ref="tcp-HTTP"/>
<ServiceRef ref="tcp-NNTP"/>
<ServiceRef ref="tcp-SMTP"/>
<ServiceRef ref="tcp-SSH"/>
<ServiceRef ref="tcp-Telnet"/>
<ServiceRef ref="tcp-uucp"/>
<ServiceRef ref="id3C1A66EF"/>
<ServiceRef ref="id3AEDBE6E"/>
<ServiceRef ref="id3B4FEDA3"/>
<ServiceRef ref="id3B4FED69"/>
<ServiceRef ref="id3AECF776"/>
<ServiceRef ref="id3B4FED9F"/>
<ServiceRef ref="id3B4FF13C"/>
<ServiceRef ref="id3B4FEE21"/>
<ServiceRef ref="id3B4FEE23"/>
<ServiceRef ref="id3AECF778"/>
<ServiceRef ref="id3B4FF000"/>
<ServiceRef ref="id3B4FEEEE"/>
<ServiceRef ref="id3B4FEE7A"/>
<ServiceRef ref="id3B4FEE1D"/>
<ServiceRef ref="id3B4FF0EA"/>
<ServiceRef ref="id3AECF782"/>
<ServiceRef ref="id3B4FEF7C"/>
<ServiceRef ref="id3AECF77A"/>
<ServiceRef ref="id3AECF77C"/>
<ServiceRef ref="id3AECF77E"/>
<ServiceRef ref="id3B4FEF34"/>
<ServiceRef ref="id3B4FF04C"/>
<ServiceRef ref="id3B4FEE76"/>
<ServiceRef ref="id3AEDBE00"/>
<ServiceRef ref="id3B4FF1B8"/>
</ServiceGroup>
<ServiceGroup id="id3CD878C8" name="small group TCP" comment="" ro="False">
<ServiceRef ref="tcp-Auth"/>
<ServiceRef ref="tcp-HTTP"/>
<ServiceRef ref="tcp-SMTP"/>
<ServiceRef ref="tcp-SSH"/>
<ServiceRef ref="tcp-uucp"/>
<ServiceRef ref="id3B4FED69"/>
<ServiceRef ref="id3AECF776"/>
</ServiceGroup>
</ServiceGroup>
<ServiceGroup id="stdid07_1" name="ICMP" comment="" ro="False">
<ICMPService id="id3C1A5D46" code="-1" type="-1" name="any ICMP" comment="" ro="False"/>
</ServiceGroup>
<ServiceGroup id="stdid06_1" name="IP" comment="" ro="False">
<IPService id="id3B457561" fragm="False" lsrr="False" protocol_num="1" rr="False" short_fragm="False" ssrr="False" ts="False" name="ICMP" comment="" ro="False"/>
<IPService id="id3B6659A5" fragm="False" lsrr="False" protocol_num="0" rr="False" short_fragm="False" ssrr="False" ts="True" name="TS" comment="" ro="False"/>
<IPService id="id31904X24387" any_opt="True" dscp="" fragm="False" lsrr="False" protocol_num="0" rr="False" rtralt="False" short_fragm="False" ssrr="False" tos="" ts="False" name="any opt" comment="" ro="False"/>
</ServiceGroup>
<ServiceGroup id="stdid09_1" name="TCP" comment="" ro="False">
<TCPService id="id3C1A66EF" ack_flag="False" ack_flag_mask="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="gopher" comment="" ro="False" src_range_start="0" src_range_end="0" dst_range_start="70" dst_range_end="70"/>
<TCPService id="tcp-IRC" ack_flag="False" ack_flag_mask="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="irc" comment="" ro="False" src_range_start="0" src_range_end="0" dst_range_start="6667" dst_range_end="6667"/>
<TCPService id="id3B5009F7" ack_flag="False" ack_flag_mask="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="squid" comment="" ro="False" src_range_start="0" src_range_end="0" dst_range_start="3128" dst_range_end="3128"/>
<TCPService id="id3B20468D" ack_flag="False" ack_flag_mask="False" established="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="test-TCP" comment="port range" ro="False" src_range_start="0" src_range_end="0" dst_range_start="10000" dst_range_end="10040"/>
<TCPService id="id3B58E3F1" ack_flag="True" ack_flag_mask="True" fin_flag="True" fin_flag_mask="True" psh_flag="False" psh_flag_mask="True" rst_flag="True" rst_flag_mask="True" syn_flag="True" syn_flag_mask="True" urg_flag="False" urg_flag_mask="True" name="xmas-tree" comment="" ro="False" src_range_start="0" src_range_end="0" dst_range_start="0" dst_range_end="0"/>
</ServiceGroup>
<ServiceGroup id="stdid08_1" name="UDP" comment="" ro="False">
<UDPService id="id3DEA6281" name="ISAKMP" comment="" ro="False" src_range_start="0" src_range_end="0" dst_range_start="500" dst_range_end="500"/>
</ServiceGroup>
<ServiceGroup id="stdid13_1" name="Custom" comment="" ro="False">
<CustomService id="id3B64FE22" name="talk" comment="Talk support" ro="False" protocol="any" address_family="ipv4">
<CustomServiceCommand platform="Undefined"/>
<CustomServiceCommand platform="ipfilter"/>
<CustomServiceCommand platform="iptables">-m ip_conntrack_talk -m ip_nat_talk</CustomServiceCommand>
</CustomService>
</ServiceGroup>
<ServiceGroup id="stdid05_1_userservices" name="Users" comment="" ro="False"/>
</ServiceGroup>
<ObjectGroup id="stdid12_1" name="Firewalls" comment="" ro="False">
<Firewall id="fw-firewall2" host_OS="freebsd" inactive="False" lastCompiled="1249841462" lastInstalled="0" lastModified="1257708838" platform="ipf" version="" name="firewall" comment="this is simple firewall with two interfaces. Test regular policy rules, including IP_fragments rule" ro="False">
<NAT id="nat-firewall2" name="NAT" comment="" ro="False" ipv4_rule_set="False" ipv6_rule_set="False" top_rule_set="True">
<NATRule id="nat-firewall2-0" disabled="False" position="0" action="Translate" comment="">
<OSrc neg="False">
<ObjectRef ref="net-Internal_net"/>
</OSrc>
<ODst neg="False">
<ObjectRef ref="sysid0"/>
</ODst>
<OSrv neg="False">
<ServiceRef ref="sysid1"/>
</OSrv>
<TSrc neg="False">
<ObjectRef ref="fw-firewall2"/>
</TSrc>
<TDst neg="False">
<ObjectRef ref="sysid0"/>
</TDst>
<TSrv neg="False">
<ServiceRef ref="sysid1"/>
</TSrv>
<NATRuleOptions/>
</NATRule>
<NATRule id="nat-firewall2-1" disabled="False" position="1" action="Translate" comment="">
<OSrc neg="False">
<ObjectRef ref="sysid0"/>
</OSrc>
<ODst neg="False">
<ObjectRef ref="fw-firewall2"/>
</ODst>
<OSrv neg="False">
<ServiceRef ref="tcp-SMTP"/>
</OSrv>
<TSrc neg="False">
<ObjectRef ref="sysid0"/>
</TSrc>
<TDst neg="False">
<ObjectRef ref="host-hostA"/>
</TDst>
<TSrv neg="False">
<ServiceRef ref="tcp-SMTP"/>
</TSrv>
<NATRuleOptions/>
</NATRule>
<NATRule id="id3CDB43B8" disabled="False" position="2" action="Translate" comment="">
<OSrc neg="False">
<ObjectRef ref="sysid0"/>
</OSrc>
<ODst neg="False">
<ObjectRef ref="sysid0"/>
</ODst>
<OSrv neg="False">
<ServiceRef ref="tcp-HTTP"/>
</OSrv>
<TSrc neg="False">
<ObjectRef ref="sysid0"/>
</TSrc>
<TDst neg="False">
<ObjectRef ref="fw-firewall2"/>
</TDst>
<TSrv neg="False">
<ServiceRef ref="id3B4FF09A"/>
</TSrv>
<NATRuleOptions/>
</NATRule>
<NATRule id="id3D7581A7" disabled="False" position="3" action="Translate" comment="">
<OSrc neg="False">
<ObjectRef ref="net-Internal_net"/>
</OSrc>
<ODst neg="False">
<ObjectRef ref="sysid0"/>
</ODst>
<OSrv neg="False">
<ServiceRef ref="tcp-HTTP"/>
<ServiceRef ref="id3B4FED69"/>
</OSrv>
<TSrc neg="False">
<ObjectRef ref="sysid0"/>
</TSrc>
<TDst neg="False">
<ObjectRef ref="if-FW-firewall2-eth0"/>
</TDst>
<TSrv neg="False">
<ServiceRef ref="id3B4FF09A"/>
</TSrv>
<NATRuleOptions/>
</NATRule>
<NATRule id="id3D75843D" disabled="False" position="4" action="Translate" comment="">
<OSrc neg="False">
<ObjectRef ref="net-Internal_net"/>
</OSrc>
<ODst neg="False">
<ObjectRef ref="sysid0"/>
</ODst>
<OSrv neg="False">
<ServiceRef ref="tcp-HTTP"/>
<ServiceRef ref="id3B4FED69"/>
</OSrv>
<TSrc neg="False">
<ObjectRef ref="sysid0"/>
</TSrc>
<TDst neg="False">
<ObjectRef ref="if-FW-firewall2-eth1"/>
</TDst>
<TSrv neg="False">
<ServiceRef ref="id3B4FF09A"/>
</TSrv>
<NATRuleOptions/>
</NATRule>
<RuleSetOptions/>
</NAT>
<Policy id="pol-firewall2" name="Policy" comment="" ro="False" ipv4_rule_set="False" ipv6_rule_set="False" top_rule_set="True">
<PolicyRule id="id3B09D29D" disabled="False" log="True" position="0" action="Deny" direction="Inbound" comment="">
<Src neg="False">
<ObjectRef ref="sysid0"/>
</Src>
<Dst neg="False">
<ObjectRef ref="fw-firewall2"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="ip-IP_Fragments"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="if-FW-firewall2-eth1"/>
</Itf>
<PolicyRuleOptions>
<Option name="stateless">True</Option>
</PolicyRuleOptions>
</PolicyRule><PolicyRule id="pol-firewall2-0" disabled="False" log="True" position="1" action="Deny" direction="Inbound" comment="Automatically generated rule blocking short fragments">
<Src neg="False">
<ObjectRef ref="sysid0"/>
</Src>
<Dst neg="False">
<ObjectRef ref="sysid0"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="ip-IP_Fragments"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="if-FW-firewall2-eth1"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions>
<Option name="stateless">True</Option>
</PolicyRuleOptions>
</PolicyRule><PolicyRule id="pol-firewall2-1" disabled="False" log="True" position="2" action="Deny" direction="Inbound" comment="Automatically generated anti-spoofing rule">
<Src neg="False">
<ObjectRef ref="net-Internal_net"/>
<ObjectRef ref="fw-firewall2"/>
</Src>
<Dst neg="False">
<ObjectRef ref="sysid0"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="sysid1"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="if-FW-firewall2-eth1"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions>
<Option name="stateless">True</Option>
</PolicyRuleOptions>
</PolicyRule><PolicyRule id="id3EDC2CC7" disabled="False" log="False" position="3" action="Accept" direction="Inbound" comment="">
<Src neg="False">
<ObjectRef ref="id3EDC2CF8"/>
</Src>
<Dst neg="False">
<ObjectRef ref="sysid0"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="sysid1"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="if-FW-firewall2-eth1"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions/>
</PolicyRule><PolicyRule id="id3B92DFC5" disabled="False" log="False" position="4" action="Accept" direction="Both" comment="">
<Src neg="False">
<ObjectRef ref="net-Internal_net"/>
</Src>
<Dst neg="False">
<ObjectRef ref="fw-firewall2"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="udp-DNS"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="if-FW-firewall2-eth0"/>
</Itf>
<PolicyRuleOptions/>
</PolicyRule><PolicyRule id="id3C4E4C38" disabled="False" log="True" position="5" action="Deny" direction="Inbound" comment="">
<Src neg="False">
<ObjectRef ref="sysid0"/>
</Src>
<Dst neg="False">
<ObjectRef ref="id3B64FFAC"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="udp-DNS"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="if-FW-firewall2-eth0"/>
</Itf>
<PolicyRuleOptions>
<Option name="stateless">True</Option>
</PolicyRuleOptions>
</PolicyRule><PolicyRule id="id3B58E39D" disabled="False" log="True" position="6" action="Deny" direction="Both" comment="">
<Src neg="False">
<ObjectRef ref="sysid0"/>
</Src>
<Dst neg="False">
<ObjectRef ref="sysid0"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="tcp-TCP-SYN"/>
<ServiceRef ref="id3B58E3F1"/>
<ServiceRef ref="id3C1A5D46"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="sysid0"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions>
<Option name="action_on_reject"/>
<Option name="limit_value">0</Option>
<Option name="log_limit_suffix"/>
<Option name="log_prefix"/>
<Option name="stateless">True</Option>
</PolicyRuleOptions>
</PolicyRule><PolicyRule id="id3B6659FC" disabled="False" log="True" position="7" action="Reject" direction="Both" comment="">
<Src neg="False">
<ObjectRef ref="sysid0"/>
</Src>
<Dst neg="False">
<ObjectRef ref="sysid0"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="ip-RR"/>
<ServiceRef ref="ip-SRR"/>
<ServiceRef ref="id3B6659A5"/>
<ServiceRef ref="id31904X24387"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="sysid0"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions>
<Option name="action_on_reject"/>
<Option name="ipf_keep_frags">False</Option>
<Option name="ipf_return_icmp_as_dest">True</Option>
<Option name="stateless">True</Option>
</PolicyRuleOptions>
</PolicyRule><PolicyRule id="id3CE74D81" disabled="False" log="False" position="8" action="Reject" direction="Both" comment="">
<Src neg="False">
<ObjectRef ref="sysid0"/>
</Src>
<Dst neg="False">
<ObjectRef ref="fw-firewall2"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="ip-IPSEC"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="sysid0"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions>
<Option name="stateless">True</Option>
</PolicyRuleOptions>
</PolicyRule><PolicyRule id="id3BF1B45E" disabled="True" log="False" position="9" action="Accept" direction="Both" comment="">
<Src neg="False">
<ObjectRef ref="id3BF1B3E1"/>
</Src>
<Dst neg="False">
<ObjectRef ref="host-hostA"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="sysid1"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="sysid0"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions>
<Option name="action_on_reject"/>
<Option name="limit_suffix"/>
<Option name="limit_value">0</Option>
<Option name="log_prefix"/>
</PolicyRuleOptions>
</PolicyRule><PolicyRule id="id3BF1B44E" disabled="True" log="False" position="10" action="Accept" direction="Both" comment="">
<Src neg="False">
<ObjectRef ref="id3BF1B3E7"/>
</Src>
<Dst neg="False">
<ObjectRef ref="host-hostA"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="sysid1"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="sysid0"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions>
<Option name="action_on_reject"/>
<Option name="limit_suffix"/>
<Option name="limit_value">0</Option>
<Option name="log_prefix"/>
</PolicyRuleOptions>
</PolicyRule><PolicyRule id="pol-firewall2-3" disabled="False" log="False" position="11" action="Accept" direction="Both" comment="">
<Src neg="False">
<ObjectRef ref="host-secondary1-com"/>
<ObjectRef ref="host-secondary2-com"/>
</Src>
<Dst neg="False">
<ObjectRef ref="host-hostA"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="tcp-DNS_zone_transf"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="sysid0"/>
</Itf>
<When neg="False">
<IntervalRef ref="int-afterhours"/>
<IntervalRef ref="id3C63479C"/>
<IntervalRef ref="id3C63479E"/>
</When>
<PolicyRuleOptions>
<Option name="action_on_reject"/>
<Option name="limit_suffix"/>
<Option name="limit_value">0</Option>
<Option name="log_prefix"/>
</PolicyRuleOptions>
</PolicyRule><PolicyRule id="pol-firewall2-2" disabled="False" log="False" position="12" action="Accept" direction="Both" comment="">
<Src neg="False">
<ObjectRef ref="sysid0"/>
</Src>
<Dst neg="False">
<ObjectRef ref="host-hostA"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="id3C1A66C9"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="sysid0"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions>
<Option name="action_on_reject"/>
<Option name="limit_suffix"/>
<Option name="limit_value">0</Option>
<Option name="log_prefix"/>
</PolicyRuleOptions>
</PolicyRule><PolicyRule id="pol-firewall2-4" disabled="False" log="False" position="13" action="Accept" direction="Both" comment="">
<Src neg="False">
<ObjectRef ref="sysid0"/>
</Src>
<Dst neg="False">
<ObjectRef ref="net-Internal_net"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="sg-Useful_ICMP"/>
<ServiceRef ref="id3B5009F7"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="sysid0"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions>
<Option name="action_on_reject"/>
<Option name="limit_suffix"/>
<Option name="limit_value">0</Option>
<Option name="log_prefix"/>
</PolicyRuleOptions>
</PolicyRule><PolicyRule id="id3CD8770E" disabled="False" log="False" position="14" action="Accept" direction="Both" comment="">
<Src neg="False">
<ObjectRef ref="sysid0"/>
</Src>
<Dst neg="False">
<ObjectRef ref="id3CD8769F"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="id3CD878C8"/>
<ServiceRef ref="id3B5009F7"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="sysid0"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions>
<Option name="action_on_reject"/>
<Option name="limit_suffix"/>
<Option name="limit_value">0</Option>
<Option name="log_prefix"/>
</PolicyRuleOptions>
</PolicyRule><PolicyRule id="id3D98E652" disabled="False" log="False" position="15" action="Accept" direction="Both" comment="">
<Src neg="False">
<ObjectRef ref="sysid0"/>
</Src>
<Dst neg="False">
<ObjectRef ref="id3D98E5AD"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="id3CD878C8"/>
<ServiceRef ref="id3B5009F7"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="sysid0"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions>
<Option name="action_on_reject"/>
<Option name="limit_suffix"/>
<Option name="limit_value">0</Option>
<Option name="log_prefix"/>
</PolicyRuleOptions>
</PolicyRule><PolicyRule id="id3CD87B1E" disabled="False" log="False" position="16" action="Accept" direction="Both" comment="">
<Src neg="False">
<ObjectRef ref="sysid0"/>
</Src>
<Dst neg="False">
<ObjectRef ref="id3CD87A9A"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="id3CD878C8"/>
<ServiceRef ref="id3B5009F7"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="sysid0"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions>
<Option name="action_on_reject"/>
<Option name="limit_suffix"/>
<Option name="limit_value">0</Option>
<Option name="log_prefix"/>
</PolicyRuleOptions>
</PolicyRule><PolicyRule id="id3B58E180" disabled="False" log="True" position="17" action="Accept" direction="Both" comment="">
<Src neg="False">
<ObjectRef ref="fw-firewall2"/>
</Src>
<Dst neg="False">
<ObjectRef ref="fw-firewall2"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="sysid1"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="sysid0"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions/>
</PolicyRule><PolicyRule id="id3EE262C2" disabled="True" log="False" position="18" action="Accept" direction="Both" comment="illegal rule - firewall8 has dynamic interface">
<Src neg="False">
<ObjectRef ref="fw-firewall2"/>
<ObjectRef ref="id3D582236"/>
</Src>
<Dst neg="False">
<ObjectRef ref="fw-firewall2"/>
<ObjectRef ref="id3D582236"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="sysid1"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="sysid0"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions/>
</PolicyRule><PolicyRule id="id3EE261FB" disabled="False" log="False" position="19" action="Accept" direction="Both" comment="">
<Src neg="False">
<ObjectRef ref="fw-firewall2"/>
<ObjectRef ref="id3D58223F"/>
<ObjectRef ref="id3D582242"/>
</Src>
<Dst neg="False">
<ObjectRef ref="fw-firewall2"/>
<ObjectRef ref="id3D58223F"/>
<ObjectRef ref="id3D582242"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="sysid1"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="sysid0"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions/>
</PolicyRule><PolicyRule id="pol-firewall2-5" disabled="False" log="False" position="20" action="Accept" direction="Both" comment="Automatically generated 'masquerading' rule">
<Src neg="False">
<ObjectRef ref="net-Internal_net"/>
<ObjectRef ref="fw-firewall2"/>
</Src>
<Dst neg="False">
<ObjectRef ref="sysid0"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="sysid1"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="sysid0"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions>
<Option name="action_on_reject"/>
<Option name="limit_suffix"/>
<Option name="limit_value">0</Option>
<Option name="log_prefix"/>
</PolicyRuleOptions>
</PolicyRule><PolicyRule id="pol-firewall2-7" disabled="False" log="True" position="21" action="Deny" direction="Both" comment="Automatically generated 'catch all' rule">
<Src neg="False">
<ObjectRef ref="sysid0"/>
</Src>
<Dst neg="False">
<ObjectRef ref="sysid0"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="sysid1"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="sysid0"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions>
<Option name="action_on_reject"/>
<Option name="ipf_keep_frags">False</Option>
<Option name="ipf_log_facility">daemon</Option>
<Option name="ipf_return_icmp_as_dest">False</Option>
<Option name="limit_suffix"/>
<Option name="limit_value">0</Option>
<Option name="log_level">alert</Option>
<Option name="log_limit_suffix"/>
<Option name="log_prefix"/>
<Option name="stateless">True</Option>
</PolicyRuleOptions>
</PolicyRule><RuleSetOptions/></Policy>
<Routing id="fw-firewall2-routing" name="Routing" comment="" ro="False" ipv4_rule_set="False" ipv6_rule_set="False" top_rule_set="True"><RuleSetOptions/>
</Routing>
<Interface id="if-FW-firewall2-eth1" dyn="False" security_level="0" unnum="False" unprotected="False" name="eth1" comment="" ro="False">
<IPv4 id="if-FW-firewall2-eth1-ipv4" name="address" comment="" ro="False" address="222.222.222.222" netmask="255.255.255.0"/>
<InterfaceOptions/>
</Interface>
<Interface id="if-FW-firewall2-eth0" dyn="False" security_level="100" unnum="False" unprotected="False" name="eth0" comment="" ro="False">
<IPv4 id="if-FW-firewall2-eth0-ipv4" name="firewall" comment="" ro="False" address="192.168.1.1" netmask="255.255.255.0"/>
<InterfaceOptions/>
</Interface>
<Interface id="id3E5F1D8E" dyn="False" label="" mgmt="False" security_level="0" unnum="False" unprotected="False" name="lo" comment="" ro="False">
<IPv4 id="id3E5F1DDA" name="firewall:lo(ip)" comment="" ro="False" address="127.0.0.1" netmask="255.0.0.0"/>
<InterfaceOptions/>
</Interface>
<Management address="127.0.0.1">
<SNMPManagement enabled="False" snmp_read_community="public" snmp_write_community=""/>
<FWBDManagement enabled="True" identity="" port="9999"/>
<PolicyInstallScript arguments="" command="" enabled="False"/>
</Management>
<FirewallOptions>
<Option name="accept_established">False</Option>
<Option name="accept_new_tcp_with_no_syn">False</Option>
<Option name="action_on_reject">ICMP port unreachable</Option>
<Option name="activationCmd"/>
<Option name="admUser"/>
<Option name="altAddress"/>
<Option name="check_shading">False</Option>
<Option name="clamp_mss_to_mtu">False</Option>
<Option name="cmdline">-v</Option>
<Option name="compiler"/>
<Option name="configure_interfaces">True</Option>
<Option name="debug">False</Option>
<Option name="dynAddr">False</Option>
<Option name="dyn_addr">False</Option>
<Option name="eliminate_duplicates">True</Option>
<Option name="epilog_script"/>
<Option name="firewall_dir"/>
<Option name="firewall_is_part_of_any">True</Option>
<Option name="firewall_is_part_of_any_and_networks">True</Option>
<Option name="freebsd_path_ipf"/>
<Option name="freebsd_path_ipnat"/>
<Option name="freebsd_path_sysctl"/>
<Option name="ignore_empty_groups">False</Option>
<Option name="in_out_code">True</Option>
<Option name="inst_cmdline"/>
<Option name="inst_script"/>
<Option name="install_script"/>
<Option name="ipf_conf_file_name_on_firewall">ipf.conf</Option>
<Option name="ipf_log_body">False</Option>
<Option name="ipf_log_facility">local0</Option>
<Option name="ipf_log_level">warning</Option>
<Option name="ipf_log_or_block">False</Option>
<Option name="ipf_nat_ekshell_proxy">False</Option>
<Option name="ipf_nat_ftp_proxy">False</Option>
<Option name="ipf_nat_h323_proxy">False</Option>
<Option name="ipf_nat_ipsec_proxy">False</Option>
<Option name="ipf_nat_irc_proxy">False</Option>
<Option name="ipf_nat_krcmd_proxy">False</Option>
<Option name="ipf_nat_pptp_proxy">False</Option>
<Option name="ipf_nat_raudio_proxy">False</Option>
<Option name="ipf_nat_rcmd_proxy">False</Option>
<Option name="ipf_return_icmp_as_dest">True</Option>
<Option name="ipv4_6_order">ipv4_first</Option>
<Option name="limit_suffix">/second</Option>
<Option name="limit_value">0</Option>
<Option name="linux24_ip_forward">0</Option>
<Option name="linux24_tcp_fin_timeout">30</Option>
<Option name="linux24_tcp_keepalive_interval">1800</Option>
<Option name="load_modules">False</Option>
<Option name="log_all_dropped">True</Option>
<Option name="log_ip_opt">False</Option>
<Option name="log_level">debug</Option>
<Option name="log_limit_suffix">/second</Option>
<Option name="log_limit_value">0</Option>
<Option name="log_prefix"/>
<Option name="log_tcp_opt">False</Option>
<Option name="log_tcp_seq">False</Option>
<Option name="manage_virtual_addr">True</Option>
<Option name="mgmt_addr">192.168.1.100</Option>
<Option name="mgmt_ssh">True</Option>
<Option name="modulate_state">False</Option>
<Option name="nat_conf_file_name_on_firewall">nat.conf</Option>
<Option name="no_iochains_for_any">False</Option>
<Option name="no_optimisation">False</Option>
<Option name="openbsd_ip_directed_broadcast">0</Option>
<Option name="openbsd_ip_forward">1</Option>
<Option name="openbsd_ip_redirect">0</Option>
<Option name="openbsd_ip_sourceroute">0</Option>
<Option name="optimize">True</Option>
<Option name="output_file"/>
<Option name="pass_all_out">False</Option>
<Option name="platform">iptables</Option>
<Option name="prolog_script"/>
<Option name="scpArgs"/>
<Option name="script_env_path"/>
<Option name="script_name_on_firewall">ipf.fw</Option>
<Option name="snmp_contact"/>
<Option name="snmp_description"/>
<Option name="snmp_location"/>
<Option name="sshArgs"/>
<Option name="use_numeric_log_levels">False</Option>
</FirewallOptions>
</Firewall>
<Firewall id="id3AF5AA0A" host_OS="freebsd" inactive="False" lastCompiled="1249841494" lastInstalled="0" lastModified="1249841490" platform="ipf" version="" name="firewall1" comment="this object is used to test all kinds of negation in policy rules&#10;&#10;Currently negation in NAT is not supported for ipf, therefore all rules in NAT with&#10;negation are disabled&#10;" ro="False">
<NAT id="id3AF5AA0D" name="NAT" comment="" ro="False" ipv4_rule_set="False" ipv6_rule_set="False" top_rule_set="True">
<NATRule id="id3C98491C" disabled="True" position="0" action="Translate" comment="">
<OSrc neg="False">
<ObjectRef ref="net-Internal_net"/>
</OSrc>
<ODst neg="False">
<ObjectRef ref="id3B022266"/>
</ODst>
<OSrv neg="False">
<ServiceRef ref="sysid1"/>
</OSrv>
<TSrc neg="False">
<ObjectRef ref="sysid0"/>
</TSrc>
<TDst neg="False">
<ObjectRef ref="sysid0"/>
</TDst>
<TSrv neg="False">
<ServiceRef ref="sysid1"/>
</TSrv>
<NATRuleOptions/>
</NATRule>
<NATRule id="id3AFADC09" disabled="False" position="1" action="Translate" comment="">
<OSrc neg="False">
<ObjectRef ref="host-hostA"/>
</OSrc>
<ODst neg="False">
<ObjectRef ref="sysid0"/>
</ODst>
<OSrv neg="False">
<ServiceRef ref="sysid1"/>
</OSrv>
<TSrc neg="False">
<ObjectRef ref="id3AFADBF9"/>
</TSrc>
<TDst neg="False">
<ObjectRef ref="sysid0"/>
</TDst>
<TSrv neg="False">
<ServiceRef ref="sysid1"/>
</TSrv>
<NATRuleOptions/>
</NATRule>
<NATRule id="id3CD23959" disabled="True" position="2" action="Translate" comment="">
<OSrc neg="True">
<ObjectRef ref="net-Internal_net"/>
</OSrc>
<ODst neg="False">
<ObjectRef ref="id3B19C5EB"/>
</ODst>
<OSrv neg="False">
<ServiceRef ref="sysid1"/>
</OSrv>
<TSrc neg="False">
<ObjectRef ref="id3AFADBF9"/>
</TSrc>
<TDst neg="False">
<ObjectRef ref="sysid0"/>
</TDst>
<TSrv neg="False">
<ServiceRef ref="sysid1"/>
</TSrv>
<NATRuleOptions/>
</NATRule>
<NATRule id="id3B1328FB" disabled="False" position="3" action="Translate" comment="">
<OSrc neg="False">
<ObjectRef ref="net-Internal_net"/>
</OSrc>
<ODst neg="False">
<ObjectRef ref="sysid0"/>
</ODst>
<OSrv neg="False">
<ServiceRef ref="sysid1"/>
</OSrv>
<TSrc neg="False">
<ObjectRef ref="id3AF5AA0A"/>
</TSrc>
<TDst neg="False">
<ObjectRef ref="sysid0"/>
</TDst>
<TSrv neg="False">
<ServiceRef ref="sysid1"/>
</TSrv>
<NATRuleOptions/>
</NATRule>
<NATRule id="id3E7ABF0A" disabled="False" position="4" action="Translate" comment="">
<OSrc neg="False">
<ObjectRef ref="net-Internal_net"/>
</OSrc>
<ODst neg="False">
<ObjectRef ref="sysid0"/>
</ODst>
<OSrv neg="False">
<ServiceRef ref="sysid1"/>
</OSrv>
<TSrc neg="False">
<ObjectRef ref="id3AF5AA99"/>
<ObjectRef ref="id3B11F434"/>
</TSrc>
<TDst neg="False">
<ObjectRef ref="sysid0"/>
</TDst>
<TSrv neg="False">
<ServiceRef ref="sysid1"/>
</TSrv>
<NATRuleOptions/>
</NATRule>
<NATRule id="id3AF5AAD3" disabled="True" position="5" action="Translate" comment="">
<OSrc neg="False">
<ObjectRef ref="net-Internal_net"/>
</OSrc>
<ODst neg="True">
<ObjectRef ref="id3B022266"/>
</ODst>
<OSrv neg="False">
<ServiceRef ref="sysid1"/>
</OSrv>
<TSrc neg="False">
<ObjectRef ref="id3AF5AA0A"/>
</TSrc>
<TDst neg="False">
<ObjectRef ref="sysid0"/>
</TDst>
<TSrv neg="False">
<ServiceRef ref="sysid1"/>
</TSrv>
<NATRuleOptions/>
</NATRule>
<NATRule id="id3CCA1B57" disabled="True" position="6" action="Translate" comment="">
<OSrc neg="False">
<ObjectRef ref="net-Internal_net"/>
</OSrc>
<ODst neg="True">
<ObjectRef ref="id3BBC0EFC"/>
</ODst>
<OSrv neg="False">
<ServiceRef ref="sysid1"/>
</OSrv>
<TSrc neg="False">
<ObjectRef ref="id3AF5AA0A"/>
</TSrc>
<TDst neg="False">
<ObjectRef ref="sysid0"/>
</TDst>
<TSrv neg="False">
<ServiceRef ref="sysid1"/>
</TSrv>
<NATRuleOptions/>
</NATRule>
<NATRule id="id3B50F7CB" disabled="True" position="7" action="Translate" comment="">
<OSrc neg="True">
<ObjectRef ref="id3B022266"/>
</OSrc>
<ODst neg="False">
<ObjectRef ref="sysid0"/>
</ODst>
<OSrv neg="False">
<ServiceRef ref="sysid1"/>
</OSrv>
<TSrc neg="False">
<ObjectRef ref="id3AF5AA0A"/>
</TSrc>
<TDst neg="False">
<ObjectRef ref="sysid0"/>
</TDst>
<TSrv neg="False">
<ServiceRef ref="sysid1"/>
</TSrv>
<NATRuleOptions/>
</NATRule>
<NATRule id="id3BD8D94B" disabled="True" position="8" action="Translate" comment="">
<OSrc neg="False">
<ObjectRef ref="net-Internal_net"/>
</OSrc>
<ODst neg="True">
<ObjectRef ref="id3AF5AA0A"/>
</ODst>
<OSrv neg="False">
<ServiceRef ref="tcp-HTTP"/>
</OSrv>
<TSrc neg="False">
<ObjectRef ref="sysid0"/>
</TSrc>
<TDst neg="False">
<ObjectRef ref="id3AF5AA0A"/>
</TDst>
<TSrv neg="False">
<ServiceRef ref="id3B5009F7"/>
</TSrv>
<NATRuleOptions/>
</NATRule>
<NATRule id="id3BD8D9DD" disabled="True" position="9" action="Translate" comment="">
<OSrc neg="False">
<ObjectRef ref="net-Internal_net"/>
</OSrc>
<ODst neg="True">
<ObjectRef ref="id3AFC191C"/>
</ODst>
<OSrv neg="False">
<ServiceRef ref="tcp-HTTP"/>
</OSrv>
<TSrc neg="False">
<ObjectRef ref="sysid0"/>
</TSrc>
<TDst neg="False">
<ObjectRef ref="id3AF5AA0A"/>
</TDst>
<TSrv neg="False">
<ServiceRef ref="id3B5009F7"/>
</TSrv>
<NATRuleOptions/>
</NATRule>
<NATRule id="id3BBC0EA4" disabled="True" position="10" action="Translate" comment="">
<OSrc neg="False">
<ObjectRef ref="id3B4572AF"/>
</OSrc>
<ODst neg="True">
<ObjectRef ref="id3BBC0EFC"/>
</ODst>
<OSrv neg="False">
<ServiceRef ref="tcp-HTTP"/>
</OSrv>
<TSrc neg="False">
<ObjectRef ref="sysid0"/>
</TSrc>
<TDst neg="False">
<ObjectRef ref="id3AF5AA0A"/>
</TDst>
<TSrv neg="False">
<ServiceRef ref="id3B5009F7"/>
</TSrv>
<NATRuleOptions/>
</NATRule>
<NATRule id="id3BBC0F93" disabled="True" position="11" action="Translate" comment="">
<OSrc neg="True">
<ObjectRef ref="id3B4572AF"/>
</OSrc>
<ODst neg="False">
<ObjectRef ref="id3BBC0EFC"/>
</ODst>
<OSrv neg="False">
<ServiceRef ref="tcp-HTTP"/>
</OSrv>
<TSrc neg="False">
<ObjectRef ref="sysid0"/>
</TSrc>
<TDst neg="False">
<ObjectRef ref="id3AF5AA0A"/>
</TDst>
<TSrv neg="False">
<ServiceRef ref="id3B5009F7"/>
</TSrv>
<NATRuleOptions/>
</NATRule>
<NATRule id="id3BC6BCE5" disabled="True" position="12" action="Translate" comment="">
<OSrc neg="True">
<ObjectRef ref="host-hostA"/>
</OSrc>
<ODst neg="False">
<ObjectRef ref="sysid0"/>
</ODst>
<OSrv neg="False">
<ServiceRef ref="tcp-HTTP"/>
</OSrv>
<TSrc neg="False">
<ObjectRef ref="sysid0"/>
</TSrc>
<TDst neg="False">
<ObjectRef ref="id3AF5AA0A"/>
</TDst>
<TSrv neg="False">
<ServiceRef ref="id3B5009F7"/>
</TSrv>
<NATRuleOptions/>
</NATRule>
<RuleSetOptions/>
</NAT>
<Policy id="id3AF5AA0C" name="Policy" comment="" ro="False" ipv4_rule_set="False" ipv6_rule_set="False" top_rule_set="True">
<PolicyRule id="id3C5987DC" disabled="False" log="True" position="0" action="Deny" direction="Both" comment="">
<Src neg="False">
<ObjectRef ref="id3B4572B5"/>
</Src>
<Dst neg="True">
<ObjectRef ref="id3B4572B5"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="id3B457567"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="id3AF5AA96"/>
</Itf>
<PolicyRuleOptions>
<Option name="stateless">True</Option>
</PolicyRuleOptions>
</PolicyRule><PolicyRule id="id3CD34BEF" disabled="False" log="False" position="1" action="Deny" direction="Both" comment="">
<Src neg="False">
<ObjectRef ref="id3B4572AF"/>
</Src>
<Dst neg="True">
<ObjectRef ref="id3B4572AF"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="id3B457567"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="id3AF5AA96"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions>
<Option name="stateless">True</Option>
</PolicyRuleOptions>
</PolicyRule><PolicyRule id="id3AF5AAB4" disabled="False" log="True" position="2" action="Deny" direction="Inbound" comment="Anti-spoofing rule">
<Src neg="False">
<ObjectRef ref="net-Internal_net"/>
<ObjectRef ref="id3AF5AA0A"/>
</Src>
<Dst neg="False">
<ObjectRef ref="sysid0"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="sysid1"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="id3AF5AA99"/>
</Itf>
<PolicyRuleOptions>
<Option name="stateless">True</Option>
</PolicyRuleOptions>
</PolicyRule><PolicyRule id="id3AF5AAAB" disabled="False" log="True" position="3" action="Deny" direction="Outbound" comment="Anti-spoofing rule">
<Src neg="True">
<ObjectRef ref="net-Internal_net"/>
</Src>
<Dst neg="False">
<ObjectRef ref="sysid0"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="sysid1"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="id3AF5AA99"/>
</Itf>
<PolicyRuleOptions>
<Option name="stateless">True</Option>
</PolicyRuleOptions>
</PolicyRule><PolicyRule id="id3CDDF2FA" disabled="False" log="False" position="4" action="Accept" direction="Both" comment="">
<Src neg="False">
<ObjectRef ref="sysid0"/>
</Src>
<Dst neg="False">
<ObjectRef ref="sysid0"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="sysid1"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="id3B0B4D35"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions/>
</PolicyRule><PolicyRule id="id3CCA26E4" disabled="False" log="True" position="5" action="Deny" direction="Both" comment="">
<Src neg="False">
<ObjectRef ref="sysid0"/>
</Src>
<Dst neg="False">
<ObjectRef ref="sysid0"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="tcp-TCP-SYN"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="sysid0"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions>
<Option name="stateless">True</Option>
</PolicyRuleOptions>
</PolicyRule><PolicyRule id="id3B9AB902" disabled="True" log="True" position="6" action="Deny" direction="Both" comment="">
<Src neg="False">
<ObjectRef ref="sysid0"/>
</Src>
<Dst neg="False">
<ObjectRef ref="sysid0"/>
</Dst>
<Srv neg="True">
<ServiceRef ref="tcp-TCP-SYN"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="sysid0"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions>
<Option name="stateless">True</Option>
</PolicyRuleOptions>
</PolicyRule><PolicyRule id="id3AFC0F90" disabled="False" log="True" position="7" action="Accept" direction="Both" comment="hostF has the same IP address as firewal.">
<Src neg="False">
<ObjectRef ref="sysid0"/>
</Src>
<Dst neg="False">
<ObjectRef ref="id3AFC191C"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="icmp-ping_request"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="sysid0"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions/>
</PolicyRule><PolicyRule id="id3B021E10" disabled="False" log="True" position="8" action="Deny" direction="Both" comment="testing negation in the policy rule">
<Src neg="True">
<ObjectRef ref="host-hostA"/>
<ObjectRef ref="host-hostB"/>
</Src>
<Dst neg="False">
<ObjectRef ref="sysid0"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="icmp-Unreachables"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="sysid0"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions>
<Option name="action_on_reject"/>
<Option name="limit_suffix">/minute</Option>
<Option name="limit_value">10</Option>
<Option name="log_prefix"/>
<Option name="stateless">True</Option>
</PolicyRuleOptions>
</PolicyRule><PolicyRule id="id3B0B4A13" disabled="False" log="True" position="9" action="Deny" direction="Both" comment="">
<Src neg="True">
<ObjectRef ref="host-hostA"/>
<ObjectRef ref="host-hostB"/>
</Src>
<Dst neg="False">
<ObjectRef ref="id3AF5AA0A"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="icmp-Unreachables"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="sysid0"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions>
<Option name="stateless">True</Option>
</PolicyRuleOptions>
</PolicyRule><PolicyRule id="id3B5535B7" disabled="False" log="True" position="10" action="Deny" direction="Both" comment="">
<Src neg="True">
<ObjectRef ref="id3B022266"/>
<ObjectRef ref="id3AF5AA0A"/>
</Src>
<Dst neg="False">
<ObjectRef ref="net-Internal_net"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="sysid1"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="sysid0"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions>
<Option name="stateless">True</Option>
</PolicyRuleOptions>
</PolicyRule><PolicyRule id="id3B11F63D" disabled="False" log="True" position="11" action="Deny" direction="Both" comment="">
<Src neg="False">
<ObjectRef ref="net-Internal_net"/>
<ObjectRef ref="id3B022266"/>
</Src>
<Dst neg="True">
<ObjectRef ref="host-hostA"/>
<ObjectRef ref="host-hostB"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="sysid1"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="sysid0"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions>
<Option name="stateless">True</Option>
</PolicyRuleOptions>
</PolicyRule><PolicyRule id="id3CDDF0AA" disabled="False" log="False" position="12" action="Deny" direction="Both" comment="">
<Src neg="False">
<ObjectRef ref="sysid0"/>
</Src>
<Dst neg="True">
<ObjectRef ref="id3AF5AA0A"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="sysid1"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="sysid0"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions>
<Option name="stateless">True</Option>
</PolicyRuleOptions>
</PolicyRule><PolicyRule id="id3B021E6F" disabled="True" log="True" position="13" action="Deny" direction="Both" comment="testing negation in service field">
<Src neg="False">
<ObjectRef ref="sysid0"/>
</Src>
<Dst neg="False">
<ObjectRef ref="host-hostA"/>
<ObjectRef ref="host-hostB"/>
</Dst>
<Srv neg="True">
<ServiceRef ref="tcp-SMTP"/>
<ServiceRef ref="tcp-SSH"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="sysid0"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions>
<Option name="stateless">True</Option>
</PolicyRuleOptions>
</PolicyRule><PolicyRule id="id3CCA2CF4" disabled="True" log="True" position="14" action="Accept" direction="Both" comment="testing negation in service field">
<Src neg="False">
<ObjectRef ref="sysid0"/>
</Src>
<Dst neg="False">
<ObjectRef ref="host-hostA"/>
<ObjectRef ref="host-hostB"/>
</Dst>
<Srv neg="True">
<ServiceRef ref="tcp-SMTP"/>
<ServiceRef ref="tcp-SSH"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="sysid0"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions/>
</PolicyRule><PolicyRule id="id3B45739A" disabled="False" log="True" position="15" action="Deny" direction="Both" comment="">
<Src neg="False">
<ObjectRef ref="id3B4572B5"/>
</Src>
<Dst neg="True">
<ObjectRef ref="id3B4572B5"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="id3B457567"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="sysid0"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions>
<Option name="stateless">True</Option>
</PolicyRuleOptions>
</PolicyRule><PolicyRule id="id3AF5AAC8" disabled="False" log="False" position="16" action="Accept" direction="Both" comment="'masquerading' rule">
<Src neg="False">
<ObjectRef ref="net-Internal_net"/>
</Src>
<Dst neg="False">
<ObjectRef ref="sysid0"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="sysid1"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="sysid0"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions/>
</PolicyRule><PolicyRule id="id3AF5AAE3" disabled="False" log="True" position="17" action="Deny" direction="Both" comment="'catch all' rule">
<Src neg="False">
<ObjectRef ref="sysid0"/>
</Src>
<Dst neg="False">
<ObjectRef ref="sysid0"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="sysid1"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="sysid0"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions>
<Option name="stateless">True</Option>
</PolicyRuleOptions>
</PolicyRule><RuleSetOptions/></Policy>
<Routing id="id3AF5AA0A-routing" name="Routing" comment="" ro="False" ipv4_rule_set="False" ipv6_rule_set="False" top_rule_set="True"><RuleSetOptions/>
</Routing>
<Interface id="id3AF5AA96" dyn="False" security_level="100" unnum="False" unprotected="False" name="eth0" comment="" ro="False">
<IPv4 id="id3AF5AA96-ipv4" name="address" comment="" ro="False" address="192.168.1.1" netmask="255.255.255.0"/>
<InterfaceOptions/>
</Interface>
<Interface id="id3AF5AA99" dyn="False" security_level="0" unnum="False" unprotected="False" name="eth1" comment="" ro="False">
<IPv4 id="id3AF5AA99-ipv4" name="address" comment="" ro="False" address="22.22.22.22" netmask="255.255.255.0"/>
<InterfaceOptions/>
</Interface>
<Interface id="id3B0B4BC8" dyn="False" security_level="100" unnum="False" unprotected="False" name="eth2" comment="" ro="False">
<IPv4 id="id3B0B4BC8-ipv4" name="address" comment="" ro="False" address="192.168.2.1" netmask="255.255.255.0"/>
<InterfaceOptions/>
</Interface>
<Interface id="id3B0B4D35" dyn="False" security_level="100" unnum="False" unprotected="False" name="lo" comment="" ro="False">
<IPv4 id="id3B0B4D35-ipv4" name="address" comment="" ro="False" address="127.0.0.1" netmask="255.0.0.0"/>
<InterfaceOptions/>
</Interface>
<Interface id="id3B11F434" dyn="False" security_level="0" unnum="False" unprotected="False" name="eth3" comment="" ro="False">
<IPv4 id="id3B11F434-ipv4" name="address" comment="" ro="False" address="22.22.23.23" netmask="255.255.255.0"/>
<InterfaceOptions/>
</Interface>
<Management address="22.22.23.23">
<SNMPManagement enabled="False" snmp_read_community="public" snmp_write_community=""/>
<FWBDManagement enabled="True" identity="" port="9999"/>
<PolicyInstallScript arguments="" command="" enabled="False"/>
</Management>
<FirewallOptions>
<Option name="accept_established">True</Option>
<Option name="accept_new_tcp_with_no_syn">True</Option>
<Option name="action_on_reject">ICMP net unreachable</Option>
<Option name="activationCmd"/>
<Option name="admUser"/>
<Option name="altAddress"/>
<Option name="check_shading">False</Option>
<Option name="clamp_mss_to_mtu">False</Option>
<Option name="cmdline"/>
<Option name="compiler"/>
<Option name="configure_interfaces">False</Option>
<Option name="debug">False</Option>
<Option name="dynAddr">False</Option>
<Option name="dyn_addr">False</Option>
<Option name="eliminate_duplicates">True</Option>
<Option name="epilog_script"/>
<Option name="firewall_dir"/>
<Option name="firewall_is_part_of_any">True</Option>
<Option name="firewall_is_part_of_any_and_networks">True</Option>
<Option name="freebsd_path_ipf"/>
<Option name="freebsd_path_ipnat"/>
<Option name="freebsd_path_sysctl"/>
<Option name="ignore_empty_groups">False</Option>
<Option name="in_out_code">True</Option>
<Option name="inst_cmdline"/>
<Option name="inst_script"/>
<Option name="install_script"/>
<Option name="ipf_conf_file_name_on_firewall">/etc/fw/ipf.conf</Option>
<Option name="ipf_log_body">False</Option>
<Option name="ipf_log_facility"/>
<Option name="ipf_log_level"/>
<Option name="ipf_log_or_block">False</Option>
<Option name="ipf_nat_ekshell_proxy">False</Option>
<Option name="ipf_nat_ftp_proxy">False</Option>
<Option name="ipf_nat_h323_proxy">False</Option>
<Option name="ipf_nat_ipsec_proxy">False</Option>
<Option name="ipf_nat_irc_proxy">False</Option>
<Option name="ipf_nat_krcmd_proxy">False</Option>
<Option name="ipf_nat_pptp_proxy">False</Option>
<Option name="ipf_nat_raudio_proxy">False</Option>
<Option name="ipf_nat_rcmd_proxy">False</Option>
<Option name="ipf_return_icmp_as_dest">False</Option>
<Option name="ipv4_6_order">ipv4_first</Option>
<Option name="limit_suffix">/day</Option>
<Option name="limit_value">0</Option>
<Option name="linux24_ip_forward">0</Option>
<Option name="linux24_tcp_fin_timeout">30</Option>
<Option name="linux24_tcp_keepalive_interval">1800</Option>
<Option name="load_modules">False</Option>
<Option name="log_all_dropped">False</Option>
<Option name="log_ip_opt">False</Option>
<Option name="log_level">debug</Option>
<Option name="log_limit_suffix">/second</Option>
<Option name="log_limit_value">0</Option>
<Option name="log_prefix"/>
<Option name="log_tcp_opt">False</Option>
<Option name="log_tcp_seq">False</Option>
<Option name="manage_virtual_addr">True</Option>
<Option name="mgmt_addr"/>
<Option name="mgmt_ssh">False</Option>
<Option name="modulate_state">False</Option>
<Option name="nat_conf_file_name_on_firewall">/etc/fw/nat.conf</Option>
<Option name="no_iochains_for_any">False</Option>
<Option name="no_optimisation">False</Option>
<Option name="optimize">False</Option>
<Option name="output_file"/>
<Option name="pass_all_out">False</Option>
<Option name="platform">iptables</Option>
<Option name="prolog_script"/>
<Option name="proxy_arp">False</Option>
<Option name="scpArgs"/>
<Option name="script_env_path"/>
<Option name="script_name_on_firewall">/etc/ipf.fw</Option>
<Option name="snmp_contact"/>
<Option name="snmp_description"/>
<Option name="snmp_location"/>
<Option name="sshArgs"/>
<Option name="use_ip_tool">False</Option>
<Option name="use_numeric_log_levels">False</Option>
</FirewallOptions>
</Firewall>
<Firewall id="id3AFB66C6" host_OS="freebsd" inactive="False" lastCompiled="0" lastInstalled="0" lastModified="1257708838" platform="ipf" version="" name="firewall2" comment="this object has several interfaces and shows different rules for NAT. Also testing policy rule options " ro="False">
<NAT id="id3AFB66C7" name="NAT" comment="" ro="False" ipv4_rule_set="False" ipv6_rule_set="False" top_rule_set="True">
<NATRule id="id3AFB66C8" disabled="False" position="0" action="Translate" comment="">
<OSrc neg="False">
<ObjectRef ref="net-Internal_net"/>
</OSrc>
<ODst neg="False">
<ObjectRef ref="sysid0"/>
</ODst>
<OSrv neg="False">
<ServiceRef ref="sysid1"/>
</OSrv>
<TSrc neg="False">
<ObjectRef ref="id3AFB66C6"/>
</TSrc>
<TDst neg="False">
<ObjectRef ref="sysid0"/>
</TDst>
<TSrv neg="False">
<ServiceRef ref="sysid1"/>
</TSrv>
<NATRuleOptions>
<Option name="id"/>
</NATRuleOptions>
</NATRule>
<NATRule id="id3AFB66D6" disabled="False" position="1" action="Translate" comment="">
<OSrc neg="False">
<ObjectRef ref="host-hostA"/>
<ObjectRef ref="id3B4572AF"/>
</OSrc>
<ODst neg="False">
<ObjectRef ref="sysid0"/>
</ODst>
<OSrv neg="False">
<ServiceRef ref="sysid1"/>
</OSrv>
<TSrc neg="False">
<ObjectRef ref="id3AFADBF9"/>
</TSrc>
<TDst neg="False">
<ObjectRef ref="sysid0"/>
</TDst>
<TSrv neg="False">
<ServiceRef ref="sysid1"/>
</TSrv>
<NATRuleOptions>
<Option name="id"/>
</NATRuleOptions>
</NATRule>
<NATRule id="id3DE9CA86" disabled="False" position="2" action="Translate" comment="">
<OSrc neg="False">
<ObjectRef ref="net-Internal_net"/>
</OSrc>
<ODst neg="False">
<ObjectRef ref="sysid0"/>
</ODst>
<OSrv neg="False">
<ServiceRef ref="tcp-SSH"/>
<ServiceRef ref="tcp-FTP"/>
</OSrv>
<TSrc neg="False">
<ObjectRef ref="id3AFB66C6"/>
</TSrc>
<TDst neg="False">
<ObjectRef ref="sysid0"/>
</TDst>
<TSrv neg="False">
<ServiceRef ref="sysid1"/>
</TSrv>
<NATRuleOptions/>
</NATRule>
<NATRule id="id3DE9CD88" disabled="False" position="3" action="Translate" comment="">
<OSrc neg="False">
<ObjectRef ref="net-Internal_net"/>
</OSrc>
<ODst neg="False">
<ObjectRef ref="sysid0"/>
</ODst>
<OSrv neg="False">
<ServiceRef ref="tcp-SSH"/>
</OSrv>
<TSrc neg="False">
<ObjectRef ref="id3AFB6706"/>
</TSrc>
<TDst neg="False">
<ObjectRef ref="sysid0"/>
</TDst>
<TSrv neg="False">
<ServiceRef ref="tcp-SSH"/>
</TSrv>
<NATRuleOptions/>
</NATRule>
<NATRule id="id3DEA6375" disabled="False" position="4" action="Translate" comment="">
<OSrc neg="False">
<ObjectRef ref="net-Internal_net"/>
</OSrc>
<ODst neg="False">
<ObjectRef ref="sysid0"/>
</ODst>
<OSrv neg="False">
<ServiceRef ref="id3DEA6281"/>
</OSrv>
<TSrc neg="False">
<ObjectRef ref="id3AFB6706"/>
</TSrc>
<TDst neg="False">
<ObjectRef ref="sysid0"/>
</TDst>
<TSrv neg="False">
<ServiceRef ref="sysid1"/>
</TSrv>
<NATRuleOptions/>
</NATRule>
<NATRule id="id3CABE6DF" disabled="False" position="5" action="Translate" comment="">
<OSrc neg="False">
<ObjectRef ref="net-Internal_net"/>
</OSrc>
<ODst neg="False">
<ObjectRef ref="host-hostA"/>
<ObjectRef ref="id3B4572AF"/>
</ODst>
<OSrv neg="False">
<ServiceRef ref="sysid1"/>
</OSrv>
<TSrc neg="False">
<ObjectRef ref="id3AFC191C"/>
</TSrc>
<TDst neg="False">
<ObjectRef ref="sysid0"/>
</TDst>
<TSrv neg="False">
<ServiceRef ref="sysid1"/>
</TSrv>
<NATRuleOptions/>
</NATRule>
<NATRule id="id3E894DE7" disabled="True" position="6" action="Translate" comment="">
<OSrc neg="False">
<ObjectRef ref="sysid0"/>
</OSrc>
<ODst neg="False">
<ObjectRef ref="id3AFADBF9"/>
</ODst>
<OSrv neg="False">
<ServiceRef ref="sysid1"/>
</OSrv>
<TSrc neg="False">
<ObjectRef ref="sysid0"/>
</TSrc>
<TDst neg="False">
<ObjectRef ref="host-hostA"/>
</TDst>
<TSrv neg="False">
<ServiceRef ref="sysid1"/>
</TSrv>
<NATRuleOptions/>
</NATRule>
<NATRule id="id3AFB69BD" disabled="False" position="7" action="Translate" comment="">
<OSrc neg="False">
<ObjectRef ref="sysid0"/>
</OSrc>
<ODst neg="False">
<ObjectRef ref="id3AFADBF9"/>
</ODst>
<OSrv neg="False">
<ServiceRef ref="tcp-HTTP"/>
<ServiceRef ref="tcp-NNTP"/>
</OSrv>
<TSrc neg="False">
<ObjectRef ref="sysid0"/>
</TSrc>
<TDst neg="False">
<ObjectRef ref="host-hostA"/>
</TDst>
<TSrv neg="False">
<ServiceRef ref="sysid1"/>
</TSrv>
<NATRuleOptions/>
</NATRule>
<NATRule id="id3DEA6769" disabled="False" position="8" action="Translate" comment="load balancing rule">
<OSrc neg="False">
<ObjectRef ref="sysid0"/>
</OSrc>
<ODst neg="False">
<ObjectRef ref="id3AFADBF9"/>
</ODst>
<OSrv neg="False">
<ServiceRef ref="tcp-HTTP"/>
</OSrv>
<TSrc neg="False">
<ObjectRef ref="sysid0"/>
</TSrc>
<TDst neg="False">
<ObjectRef ref="host-hostA"/>
<ObjectRef ref="host-hostB"/>
<ObjectRef ref="id3D58227A"/>
</TDst>
<TSrv neg="False">
<ServiceRef ref="sysid1"/>
</TSrv>
<NATRuleOptions/>
</NATRule>
<NATRule id="id3DEA8105" disabled="False" position="9" action="Translate" comment="load balancing rule">
<OSrc neg="False">
<ObjectRef ref="sysid0"/>
</OSrc>
<ODst neg="False">
<ObjectRef ref="id3AFADBF9"/>
</ODst>
<OSrv neg="False">
<ServiceRef ref="tcp-HTTP"/>
</OSrv>
<TSrc neg="False">
<ObjectRef ref="sysid0"/>
</TSrc>
<TDst neg="False">
<ObjectRef ref="id3DEA7FEE"/>
</TDst>
<TSrv neg="False">
<ServiceRef ref="sysid1"/>
</TSrv>
<NATRuleOptions/>
</NATRule>
<NATRule id="id3D265545" disabled="False" position="10" action="Translate" comment="">
<OSrc neg="False">
<ObjectRef ref="net-Internal_net"/>
</OSrc>
<ODst neg="False">
<ObjectRef ref="id3D265477"/>
</ODst>
<OSrv neg="False">
<ServiceRef ref="sysid1"/>
</OSrv>
<TSrc neg="False">
<ObjectRef ref="id3D265845"/>
</TSrc>
<TDst neg="False">
<ObjectRef ref="sysid0"/>
</TDst>
<TSrv neg="False">
<ServiceRef ref="sysid1"/>
</TSrv>
<NATRuleOptions/>
</NATRule>
<NATRule id="id3D265556" disabled="False" position="11" action="Translate" comment="">
<OSrc neg="False">
<ObjectRef ref="sysid0"/>
</OSrc>
<ODst neg="False">
<ObjectRef ref="id3D26547B"/>
</ODst>
<OSrv neg="False">
<ServiceRef ref="tcp-HTTP"/>
</OSrv>
<TSrc neg="False">
<ObjectRef ref="sysid0"/>
</TSrc>
<TDst neg="False">
<ObjectRef ref="id3D265477"/>
</TDst>
<TSrv neg="False">
<ServiceRef ref="sysid1"/>
</TSrv>
<NATRuleOptions/>
</NATRule>
<NATRule id="id3BEEF6D2" disabled="False" position="12" action="Translate" comment="">
<OSrc neg="False">
<ObjectRef ref="sysid0"/>
</OSrc>
<ODst neg="False">
<ObjectRef ref="id3AFC0F70"/>
</ODst>
<OSrv neg="False">
<ServiceRef ref="tcp-NNTP"/>
</OSrv>
<TSrc neg="False">
<ObjectRef ref="sysid0"/>
</TSrc>
<TDst neg="False">
<ObjectRef ref="host-hostA"/>
</TDst>
<TSrv neg="False">
<ServiceRef ref="sysid1"/>
</TSrv>
<NATRuleOptions/>
</NATRule>
<NATRule id="id3BD67563" disabled="False" position="13" action="Translate" comment="">
<OSrc neg="False">
<ObjectRef ref="host-hostB"/>
</OSrc>
<ODst neg="False">
<ObjectRef ref="sysid0"/>
</ODst>
<OSrv neg="False">
<ServiceRef ref="sysid1"/>
</OSrv>
<TSrc neg="False">
<ObjectRef ref="id3BD6736B"/>
</TSrc>
<TDst neg="False">
<ObjectRef ref="sysid0"/>
</TDst>
<TSrv neg="False">
<ServiceRef ref="sysid1"/>
</TSrv>
<NATRuleOptions>
<Option name="id"/>
</NATRuleOptions>
</NATRule>
<NATRule id="id3BD6757E" disabled="True" position="14" action="Translate" comment="">
<OSrc neg="False">
<ObjectRef ref="sysid0"/>
</OSrc>
<ODst neg="False">
<ObjectRef ref="id3BD6736B"/>
</ODst>
<OSrv neg="False">
<ServiceRef ref="sysid1"/>
</OSrv>
<TSrc neg="False">
<ObjectRef ref="sysid0"/>
</TSrc>
<TDst neg="False">
<ObjectRef ref="host-hostB"/>
</TDst>
<TSrv neg="False">
<ServiceRef ref="sysid1"/>
</TSrv>
<NATRuleOptions/>
</NATRule>
<NATRule id="id3B66568B" disabled="False" position="15" action="Translate" comment="NETMAP ">
<OSrc neg="False">
<ObjectRef ref="net-Internal_net"/>
</OSrc>
<ODst neg="False">
<ObjectRef ref="sysid0"/>
</ODst>
<OSrv neg="False">
<ServiceRef ref="sysid1"/>
</OSrv>
<TSrc neg="False">
<ObjectRef ref="id3B665641"/>
</TSrc>
<TDst neg="False">
<ObjectRef ref="sysid0"/>
</TDst>
<TSrv neg="False">
<ServiceRef ref="sysid1"/>
</TSrv>
<NATRuleOptions/>
</NATRule>
<NATRule id="id3B6656EF" disabled="True" position="16" action="Translate" comment="NETMAP">
<OSrc neg="False">
<ObjectRef ref="sysid0"/>
</OSrc>
<ODst neg="False">
<ObjectRef ref="id3B665641"/>
</ODst>
<OSrv neg="False">
<ServiceRef ref="sysid1"/>
</OSrv>
<TSrc neg="False">
<ObjectRef ref="sysid0"/>
</TSrc>
<TDst neg="False">
<ObjectRef ref="net-Internal_net"/>
</TDst>
<TSrv neg="False">
<ServiceRef ref="sysid1"/>
</TSrv>
<NATRuleOptions/>
</NATRule>
<NATRule id="id3AFB69F7" disabled="False" position="17" action="Translate" comment="">
<OSrc neg="False">
<ObjectRef ref="sysid0"/>
</OSrc>
<ODst neg="False">
<ObjectRef ref="id3AFB66C6"/>
</ODst>
<OSrv neg="False">
<ServiceRef ref="id3B20468D"/>
</OSrv>
<TSrc neg="False">
<ObjectRef ref="sysid0"/>
</TSrc>
<TDst neg="False">
<ObjectRef ref="host-hostA"/>
</TDst>
<TSrv neg="False">
<ServiceRef ref="id3B20468D"/>
</TSrv>
<NATRuleOptions/>
</NATRule>
<NATRule id="id3B7313C4" disabled="False" position="18" action="Translate" comment="">
<OSrc neg="False">
<ObjectRef ref="sysid0"/>
</OSrc>
<ODst neg="False">
<ObjectRef ref="id3AFADBF9"/>
</ODst>
<OSrv neg="False">
<ServiceRef ref="tcp-HTTP"/>
</OSrv>
<TSrc neg="False">
<ObjectRef ref="sysid0"/>
</TSrc>
<TDst neg="False">
<ObjectRef ref="host-hostA"/>
</TDst>
<TSrv neg="False">
<ServiceRef ref="tcp-SMTP"/>
</TSrv>
<NATRuleOptions/>
</NATRule>
<NATRule id="id3DF6D103" disabled="False" position="19" action="Translate" comment="">
<OSrc neg="False">
<ObjectRef ref="net-Internal_net"/>
</OSrc>
<ODst neg="False">
<ObjectRef ref="id3B022266"/>
</ODst>
<OSrv neg="False">
<ServiceRef ref="tcp-FTP"/>
</OSrv>
<TSrc neg="False">
<ObjectRef ref="sysid0"/>
</TSrc>
<TDst neg="False">
<ObjectRef ref="sysid0"/>
</TDst>
<TSrv neg="False">
<ServiceRef ref="sysid1"/>
</TSrv>
<NATRuleOptions/>
</NATRule>
<NATRule id="id3DF6D242" disabled="False" position="20" action="Translate" comment="">
<OSrc neg="False">
<ObjectRef ref="net-Internal_net"/>
</OSrc>
<ODst neg="False">
<ObjectRef ref="id3B022266"/>
</ODst>
<OSrv neg="False">
<ServiceRef ref="tcp-FTP"/>
<ServiceRef ref="id3AEDBEAC"/>
</OSrv>
<TSrc neg="False">
<ObjectRef ref="sysid0"/>
</TSrc>
<TDst neg="False">
<ObjectRef ref="sysid0"/>
</TDst>
<TSrv neg="False">
<ServiceRef ref="sysid1"/>
</TSrv>
<NATRuleOptions/>
</NATRule>
<NATRule id="id3F2E9A08" disabled="False" position="21" action="Translate" comment="">
<OSrc neg="False">
<ObjectRef ref="net-Internal_net"/>
</OSrc>
<ODst neg="False">
<ObjectRef ref="id3B022266"/>
</ODst>
<OSrv neg="False">
<ServiceRef ref="tcp-HTTP"/>
</OSrv>
<TSrc neg="False">
<ObjectRef ref="sysid0"/>
</TSrc>
<TDst neg="False">
<ObjectRef ref="sysid0"/>
</TDst>
<TSrv neg="False">
<ServiceRef ref="sysid1"/>
</TSrv>
<NATRuleOptions/>
</NATRule>
<NATRule id="id3F2E9B78" disabled="False" position="22" action="Translate" comment="">
<OSrc neg="False">
<ObjectRef ref="net-Internal_net"/>
</OSrc>
<ODst neg="False">
<ObjectRef ref="id3B022266"/>
</ODst>
<OSrv neg="False">
<ServiceRef ref="tcp-All_TCP"/>
</OSrv>
<TSrc neg="False">
<ObjectRef ref="sysid0"/>
</TSrc>
<TDst neg="False">
<ObjectRef ref="sysid0"/>
</TDst>
<TSrv neg="False">
<ServiceRef ref="sysid1"/>
</TSrv>
<NATRuleOptions/>
</NATRule>
<NATRule id="id3F2E9CF2" disabled="False" position="23" action="Translate" comment="">
<OSrc neg="False">
<ObjectRef ref="net-Internal_net"/>
</OSrc>
<ODst neg="False">
<ObjectRef ref="id3B022266"/>
</ODst>
<OSrv neg="False">
<ServiceRef ref="sysid1"/>
</OSrv>
<TSrc neg="False">
<ObjectRef ref="sysid0"/>
</TSrc>
<TDst neg="False">
<ObjectRef ref="sysid0"/>
</TDst>
<TSrv neg="False">
<ServiceRef ref="sysid1"/>
</TSrv>
<NATRuleOptions/>
</NATRule>
<RuleSetOptions/>
</NAT>
<Policy id="id3AFB66E4" name="Policy" comment="" ro="False" ipv4_rule_set="False" ipv6_rule_set="False" top_rule_set="True">
<PolicyRule id="id3AFB6708" disabled="False" log="True" position="0" action="Deny" direction="Inbound" comment="Anti-spoofing rule">
<Src neg="False">
<ObjectRef ref="net-Internal_net"/>
<ObjectRef ref="id3AFB66C6"/>
</Src>
<Dst neg="False">
<ObjectRef ref="sysid0"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="sysid1"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="id3AFB6706"/>
</Itf>
<PolicyRuleOptions>
<Option name="action_on_reject"/>
<Option name="limit_suffix"/>
<Option name="limit_value">0</Option>
<Option name="log_prefix">Iface: %I RULE %N -- %A **</Option>
<Option name="stateless">True</Option>
</PolicyRuleOptions>
</PolicyRule><PolicyRule id="id3AFB6710" disabled="False" log="True" position="1" action="Deny" direction="Outbound" comment="Anti-spoofing rule">
<Src neg="True">
<ObjectRef ref="net-Internal_net"/>
<ObjectRef ref="id3AFB66C6"/>
</Src>
<Dst neg="False">
<ObjectRef ref="sysid0"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="sysid1"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="id3AFB6706"/>
</Itf>
<PolicyRuleOptions>
<Option name="action_on_reject"/>
<Option name="limit_suffix"/>
<Option name="limit_value">0</Option>
<Option name="log_prefix">Iface: %I RULE %N -- %A **</Option>
<Option name="stateless">True</Option>
</PolicyRuleOptions>
</PolicyRule><PolicyRule id="id3AFB66E5" disabled="False" log="True" position="2" action="Deny" direction="Both" comment="block fragments">
<Src neg="False">
<ObjectRef ref="sysid0"/>
</Src>
<Dst neg="False">
<ObjectRef ref="sysid0"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="ip-IP_Fragments"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="sysid0"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions>
<Option name="id"/>
<Option name="stateless">True</Option>
</PolicyRuleOptions>
</PolicyRule><PolicyRule id="id3B0C6FD2" disabled="False" log="True" position="3" action="Reject" direction="Both" comment="sends TCP RST and makes custom record in the log">
<Src neg="False">
<ObjectRef ref="sysid0"/>
</Src>
<Dst neg="False">
<ObjectRef ref="sysid0"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="tcp-Auth"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="sysid0"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions>
<Option name="action_on_reject">TCP RST</Option>
<Option name="ipf_keep_frags">False</Option>
<Option name="ipf_return_icmp_as_dest">False</Option>
<Option name="limit_suffix"/>
<Option name="limit_value">0</Option>
<Option name="log_prefix">IDENT</Option>
<Option name="stateless">True</Option>
</PolicyRuleOptions>
</PolicyRule><PolicyRule id="id3D333A66" disabled="False" log="True" position="4" action="Reject" direction="Both" comment="sends TCP RST and makes custom record in the log">
<Src neg="False">
<ObjectRef ref="sysid0"/>
</Src>
<Dst neg="False">
<ObjectRef ref="sysid0"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="udp-SNMP"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="sysid0"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions>
<Option name="action_on_reject"/>
<Option name="ipf_keep_frags">False</Option>
<Option name="ipf_return_icmp_as_dest">False</Option>
<Option name="limit_suffix"/>
<Option name="limit_value">0</Option>
<Option name="log_prefix">IDENT</Option>
<Option name="stateless">True</Option>
</PolicyRuleOptions>
</PolicyRule><PolicyRule id="id3D8FF63F" disabled="False" log="False" position="5" action="Accept" direction="Both" comment="">
<Src neg="False">
<ObjectRef ref="id3B4572AF"/>
<ObjectRef ref="id3D8FF5EC"/>
</Src>
<Dst neg="False">
<ObjectRef ref="id3B19C5EB"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="sysid1"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="sysid0"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions/>
</PolicyRule><PolicyRule id="id3D8FF660" disabled="False" log="False" position="6" action="Accept" direction="Both" comment="">
<Src neg="False">
<ObjectRef ref="id3B19C5EB"/>
</Src>
<Dst neg="False">
<ObjectRef ref="id3B4572AF"/>
<ObjectRef ref="id3D8FF5EC"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="sysid1"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="sysid0"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions/>
</PolicyRule><PolicyRule id="id3AFB66EF" disabled="False" log="False" position="7" action="Accept" direction="Both" comment="'masquerading' rule">
<Src neg="False">
<ObjectRef ref="net-Internal_net"/>
</Src>
<Dst neg="False">
<ObjectRef ref="sysid0"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="sysid1"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="sysid0"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions>
<Option name="id"/>
</PolicyRuleOptions>
</PolicyRule><PolicyRule id="id3C447B8D" disabled="False" log="True" position="8" action="Accept" direction="Both" comment="host-fw2 has the same address as &#10; one of the firewall's interfaces">
<Src neg="False">
<ObjectRef ref="sysid0"/>
</Src>
<Dst neg="False">
<ObjectRef ref="id3AFC0F70"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="tcp-FTP"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="sysid0"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions/>
</PolicyRule><PolicyRule id="id3C447BCB" disabled="False" log="True" position="9" action="Accept" direction="Both" comment="">
<Src neg="False">
<ObjectRef ref="sysid0"/>
</Src>
<Dst neg="False">
<ObjectRef ref="id3AFB66C6"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="tcp-FTP"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="sysid0"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions/>
</PolicyRule><PolicyRule id="id3AFB66F9" disabled="False" log="True" position="10" action="Deny" direction="Both" comment="'catch all' rule">
<Src neg="False">
<ObjectRef ref="sysid0"/>
</Src>
<Dst neg="False">
<ObjectRef ref="sysid0"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="sysid1"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="sysid0"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions>
<Option name="id"/>
<Option name="stateless">True</Option>
</PolicyRuleOptions>
</PolicyRule><RuleSetOptions/></Policy>
<Routing id="id3AFB66C6-routing" name="Routing" comment="" ro="False" ipv4_rule_set="False" ipv6_rule_set="False" top_rule_set="True"><RuleSetOptions/>
</Routing>
<Interface id="id3AFB6703" dyn="False" security_level="100" unnum="False" unprotected="False" name="eth0" comment="" ro="False">
<IPv4 id="id3AFB6703-ipv4" name="address" comment="" ro="False" address="192.168.1.1" netmask="255.255.255.0"/>
<InterfaceOptions/>
</Interface>
<Interface id="id3AFB6706" dyn="False" security_level="0" unnum="False" unprotected="False" name="eth1" comment="" ro="False">
<IPv4 id="id3AFB6706-ipv4" name="address" comment="" ro="False" address="22.22.22.22" netmask="255.255.255.0"/>
<InterfaceOptions/>
</Interface>
<Interface id="id3AFB68D2" dyn="False" security_level="0" unnum="False" unprotected="False" name="eth3" comment="" ro="False">
<IPv4 id="id3AFB68D2-ipv4" name="address" comment="" ro="False" address="22.22.23.23" netmask="255.255.255.0"/>
<InterfaceOptions/>
</Interface>
<Interface id="id3B0221F1" dyn="False" security_level="100" unnum="False" unprotected="False" name="eth2" comment="" ro="False">
<IPv4 id="id3B0221F1-ipv4" name="address" comment="" ro="False" address="192.168.2.1" netmask="255.255.255.0"/>
<InterfaceOptions/>
</Interface>
<Interface id="id3CD2449F" dyn="False" label="" security_level="100" unnum="False" unprotected="False" name="lo" comment="" ro="False">
<IPv4 id="id3CD2449F-ipv4" name="address" comment="" ro="False" address="127.0.0.1" netmask="255.0.0.0"/>
<InterfaceOptions/>
</Interface>
<Management address="127.0.0.1">
<SNMPManagement enabled="False" snmp_read_community="public" snmp_write_community=""/>
<FWBDManagement enabled="True" identity="" port="9999"/>
<PolicyInstallScript arguments="" command="" enabled="False"/>
</Management>
<FirewallOptions>
<Option name="accept_established">True</Option>
<Option name="accept_new_tcp_with_no_syn">True</Option>
<Option name="action_on_reject">ICMP net unreachable</Option>
<Option name="check_shading">False</Option>
<Option name="clamp_mss_to_mtu">False</Option>
<Option name="cmdline"/>
<Option name="compiler"/>
<Option name="debug">False</Option>
<Option name="dyn_addr">False</Option>
<Option name="eliminate_duplicates">True</Option>
<Option name="firewall_dir"/>
<Option name="firewall_is_part_of_any">True</Option>
<Option name="firewall_is_part_of_any_and_networks">True</Option>
<Option name="freebsd_path_ipf"/>
<Option name="freebsd_path_ipnat"/>
<Option name="freebsd_path_sysctl"/>
<Option name="id"/>
<Option name="ignore_empty_groups">False</Option>
<Option name="in_out_code">True</Option>
<Option name="inst_cmdline"/>
<Option name="inst_script"/>
<Option name="install_script"/>
<Option name="ipf_log_body">False</Option>
<Option name="ipf_log_facility"/>
<Option name="ipf_log_level"/>
<Option name="ipf_log_or_block">False</Option>
<Option name="ipf_nat_ftp_proxy">True</Option>
<Option name="ipf_nat_h323_proxy">True</Option>
<Option name="ipf_nat_ipsec_proxy">True</Option>
<Option name="ipf_nat_raudio_proxy">True</Option>
<Option name="ipf_nat_rcmd_proxy">True</Option>
<Option name="ipf_return_icmp_as_dest">True</Option>
<Option name="limit_suffix">/second</Option>
<Option name="limit_value">0</Option>
<Option name="linux24_accept_redirects">0</Option>
<Option name="linux24_accept_source_route">0</Option>
<Option name="linux24_icmp_echo_ignore_all">1</Option>
<Option name="linux24_icmp_ignore_bogus_error_responses">1</Option>
<Option name="linux24_ip_forward">1</Option>
<Option name="linux24_log_martians">1</Option>
<Option name="linux24_rp_filter">1</Option>
<Option name="linux24_tcp_fin_timeout">30</Option>
<Option name="linux24_tcp_keepalive_interval">1800</Option>
<Option name="load_modules">False</Option>
<Option name="log_all_dropped">True</Option>
<Option name="log_ip_opt">False</Option>
<Option name="log_level">debug</Option>
<Option name="log_limit_suffix">/second</Option>
<Option name="log_limit_value">0</Option>
<Option name="log_prefix">RULE %N - %A **</Option>
<Option name="log_tcp_opt">False</Option>
<Option name="log_tcp_seq">False</Option>
<Option name="manage_virtual_addr">True</Option>
<Option name="modulate_state">False</Option>
<Option name="no_iochains_for_any">False</Option>
<Option name="no_optimisation">False</Option>
<Option name="pass_all_out">False</Option>
<Option name="pf_return_icmp_as_dest">True</Option>
<Option name="platform">iptables</Option>
<Option name="proxy_arp">True</Option>
<Option name="script_env_path"/>
<Option name="snmp_contact"/>
<Option name="snmp_description"/>
<Option name="snmp_location"/>
<Option name="use_ip_tool">True</Option>
<Option name="use_numeric_log_levels">False</Option>
</FirewallOptions>
</Firewall>
<Firewall id="id3B0C6380" host_OS="freebsd" inactive="False" lastCompiled="1157929207" lastInstalled="0" lastModified="1188008818" platform="ipf" version="" name="firewall4" comment="this object is used to test a configuration where firewall has dynamic address " ro="False">
<NAT id="id3B0C6381" name="NAT" comment="" ro="False" ipv4_rule_set="False" ipv6_rule_set="False" top_rule_set="True">
<NATRule id="id3B0C6382" disabled="False" position="0" action="Translate" comment="">
<OSrc neg="False">
<ObjectRef ref="host-hostA"/>
</OSrc>
<ODst neg="False">
<ObjectRef ref="sysid0"/>
</ODst>
<OSrv neg="False">
<ServiceRef ref="sysid1"/>
</OSrv>
<TSrc neg="False">
<ObjectRef ref="id3B0C6380"/>
</TSrc>
<TDst neg="False">
<ObjectRef ref="sysid0"/>
</TDst>
<TSrv neg="False">
<ServiceRef ref="sysid1"/>
</TSrv>
<NATRuleOptions>
<Option name="id"/>
</NATRuleOptions>
</NATRule>
<NATRule id="id3D758531" disabled="False" position="1" action="Translate" comment="">
<OSrc neg="False">
<ObjectRef ref="host-hostA"/>
</OSrc>
<ODst neg="False">
<ObjectRef ref="sysid0"/>
</ODst>
<OSrv neg="False">
<ServiceRef ref="sysid1"/>
</OSrv>
<TSrc neg="False">
<ObjectRef ref="id3CD88A77"/>
</TSrc>
<TDst neg="False">
<ObjectRef ref="sysid0"/>
</TDst>
<TSrv neg="False">
<ServiceRef ref="sysid1"/>
</TSrv>
<NATRuleOptions>
<Option name="id"/>
</NATRuleOptions>
</NATRule>
<NATRule id="id3D75869D" disabled="False" position="2" action="Translate" comment="">
<OSrc neg="False">
<ObjectRef ref="host-hostA"/>
</OSrc>
<ODst neg="False">
<ObjectRef ref="sysid0"/>
</ODst>
<OSrv neg="False">
<ServiceRef ref="sysid1"/>
</OSrv>
<TSrc neg="False">
<ObjectRef ref="id3CD88A77-ipv4"/>
</TSrc>
<TDst neg="False">
<ObjectRef ref="sysid0"/>
</TDst>
<TSrv neg="False">
<ServiceRef ref="sysid1"/>
</TSrv>
<NATRuleOptions>
<Option name="id"/>
</NATRuleOptions>
</NATRule>
<NATRule id="id3D7586D1" disabled="False" position="3" action="Translate" comment="">
<OSrc neg="False">
<ObjectRef ref="host-hostA"/>
</OSrc>
<ODst neg="False">
<ObjectRef ref="sysid0"/>
</ODst>
<OSrv neg="False">
<ServiceRef ref="sysid1"/>
</OSrv>
<TSrc neg="False">
<ObjectRef ref="id3B0C63E1"/>
</TSrc>
<TDst neg="False">
<ObjectRef ref="sysid0"/>
</TDst>
<TSrv neg="False">
<ServiceRef ref="sysid1"/>
</TSrv>
<NATRuleOptions>
<Option name="id"/>
</NATRuleOptions>
</NATRule>
<NATRule id="id3B0C6390" disabled="True" position="4" action="Translate" comment="negation in NAT is not supported&#10;in ipf yet">
<OSrc neg="False">
<ObjectRef ref="net-Internal_net"/>
</OSrc>
<ODst neg="True">
<ObjectRef ref="id3B022266"/>
</ODst>
<OSrv neg="False">
<ServiceRef ref="sysid1"/>
</OSrv>
<TSrc neg="False">
<ObjectRef ref="id3B0C6380"/>
</TSrc>
<TDst neg="False">
<ObjectRef ref="sysid0"/>
</TDst>
<TSrv neg="False">
<ServiceRef ref="sysid1"/>
</TSrv>
<NATRuleOptions>
<Option name="id"/>
</NATRuleOptions>
</NATRule>
<NATRule id="id3B202AFF" disabled="False" position="5" action="Translate" comment="">
<OSrc neg="False">
<ObjectRef ref="sysid0"/>
</OSrc>
<ODst neg="False">
<ObjectRef ref="id3B0C6380"/>
</ODst>
<OSrv neg="False">
<ServiceRef ref="tcp-SSH"/>
</OSrv>
<TSrc neg="False">
<ObjectRef ref="sysid0"/>
</TSrc>
<TDst neg="False">
<ObjectRef ref="host-hostA"/>
</TDst>
<TSrv neg="False">
<ServiceRef ref="tcp-SSH"/>
</TSrv>
<NATRuleOptions/>
</NATRule>
<NATRule id="id3D757CC5" disabled="False" position="6" action="Translate" comment="">
<OSrc neg="False">
<ObjectRef ref="net-Internal_net"/>
</OSrc>
<ODst neg="False">
<ObjectRef ref="sysid0"/>
</ODst>
<OSrv neg="False">
<ServiceRef ref="tcp-HTTP"/>
<ServiceRef ref="id3B4FED69"/>
</OSrv>
<TSrc neg="False">
<ObjectRef ref="sysid0"/>
</TSrc>
<TDst neg="False">
<ObjectRef ref="id3B0C63F3-ipv4"/>
</TDst>
<TSrv neg="False">
<ServiceRef ref="id3B4FF09A"/>
</TSrv>
<NATRuleOptions/>
</NATRule>
<NATRule id="id3D757E01" disabled="False" position="7" action="Translate" comment="">
<OSrc neg="False">
<ObjectRef ref="net-Internal_net"/>
</OSrc>
<ODst neg="False">
<ObjectRef ref="sysid0"/>
</ODst>
<OSrv neg="False">
<ServiceRef ref="tcp-HTTP"/>
<ServiceRef ref="id3B4FED69"/>
</OSrv>
<TSrc neg="False">
<ObjectRef ref="sysid0"/>
</TSrc>
<TDst neg="False">
<ObjectRef ref="id3B0C63F3"/>
</TDst>
<TSrv neg="False">
<ServiceRef ref="id3B4FF09A"/>
</TSrv>
<NATRuleOptions/>
</NATRule>
<NATRule id="id3D757F29" disabled="False" position="8" action="Translate" comment="">
<OSrc neg="False">
<ObjectRef ref="net-Internal_net"/>
</OSrc>
<ODst neg="False">
<ObjectRef ref="sysid0"/>
</ODst>
<OSrv neg="False">
<ServiceRef ref="tcp-HTTP"/>
<ServiceRef ref="id3B4FED69"/>
</OSrv>
<TSrc neg="False">
<ObjectRef ref="sysid0"/>
</TSrc>
<TDst neg="False">
<ObjectRef ref="id3B0C6380"/>
</TDst>
<TSrv neg="False">
<ServiceRef ref="id3B4FF09A"/>
</TSrv>
<NATRuleOptions/>
</NATRule>
<NATRule id="id3E798041" disabled="True" position="9" action="Translate" comment="">
<OSrc neg="False">
<ObjectRef ref="net-Internal_net"/>
</OSrc>
<ODst neg="False">
<ObjectRef ref="id3CD88A77"/>
</ODst>
<OSrv neg="False">
<ServiceRef ref="tcp-HTTP"/>
</OSrv>
<TSrc neg="False">
<ObjectRef ref="id3B0C63DF"/>
</TSrc>
<TDst neg="False">
<ObjectRef ref="host-hostA"/>
</TDst>
<TSrv neg="False">
<ServiceRef ref="sysid1"/>
</TSrv>
<NATRuleOptions/>
</NATRule>
<NATRule id="id46CFC34328618" disabled="False" position="10" action="Translate" comment="">
<OSrc neg="False">
<ObjectRef ref="sysid0"/>
</OSrc>
<ODst neg="False">
<ObjectRef ref="sysid0"/>
</ODst>
<OSrv neg="False">
<ServiceRef ref="id3AECF77E"/>
</OSrv>
<TSrc neg="False">
<ObjectRef ref="id3B0C63E1"/>
</TSrc>
<TDst neg="False">
<ObjectRef ref="sysid0"/>
</TDst>
<TSrv neg="False">
<ServiceRef ref="sysid1"/>
</TSrv>
<NATRuleOptions/>
</NATRule>
<RuleSetOptions/>
</NAT>
<Policy id="id3B0C639E" name="Policy" comment="" ro="False" ipv4_rule_set="False" ipv6_rule_set="False" top_rule_set="True">
<PolicyRule id="id3B0C63E3" disabled="False" log="True" position="0" action="Deny" direction="Inbound" comment="Anti-spoofing rule">
<Src neg="False">
<ObjectRef ref="net-Internal_net"/>
<ObjectRef ref="id3B0C6380"/>
</Src>
<Dst neg="False">
<ObjectRef ref="sysid0"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="sysid1"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="id3B0C63E1"/>
</Itf>
<PolicyRuleOptions>
<Option name="stateless">True</Option>
</PolicyRuleOptions>
</PolicyRule><PolicyRule id="id3B0C63EB" disabled="False" log="True" position="1" action="Deny" direction="Outbound" comment="Anti-spoofing rule">
<Src neg="True">
<ObjectRef ref="net-Internal_net"/>
<ObjectRef ref="id3B0C6380"/>
</Src>
<Dst neg="False">
<ObjectRef ref="sysid0"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="sysid1"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="id3B0C63E1"/>
</Itf>
<PolicyRuleOptions>
<Option name="stateless">True</Option>
</PolicyRuleOptions>
</PolicyRule><PolicyRule id="id3B54C977" disabled="False" log="True" position="2" action="Deny" direction="Both" comment="">
<Src neg="False">
<ObjectRef ref="sysid0"/>
</Src>
<Dst neg="False">
<ObjectRef ref="sysid0"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="icmp-ping_request"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="id3B0C63E1"/>
</Itf>
<PolicyRuleOptions>
<Option name="stateless">True</Option>
</PolicyRuleOptions>
</PolicyRule><PolicyRule id="id3B54F071" disabled="False" log="True" position="3" action="Deny" direction="Both" comment="">
<Src neg="True">
<ObjectRef ref="id3B022266"/>
</Src>
<Dst neg="False">
<ObjectRef ref="sysid0"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="icmp-ping_request"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="id3B0C63E1"/>
</Itf>
<PolicyRuleOptions>
<Option name="stateless">True</Option>
</PolicyRuleOptions>
</PolicyRule><PolicyRule id="id3B0C639F" disabled="False" log="True" position="4" action="Accept" direction="Both" comment="hostF has the same IP address as firewal.">
<Src neg="False">
<ObjectRef ref="sysid0"/>
</Src>
<Dst neg="False">
<ObjectRef ref="id3AFC191C"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="icmp-ping_request"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="sysid0"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions>
<Option name="id"/>
</PolicyRuleOptions>
</PolicyRule><PolicyRule id="id3B0C63A9" disabled="False" log="True" position="5" action="Deny" direction="Both" comment="testing negation in the policy rule">
<Src neg="True">
<ObjectRef ref="host-hostA"/>
<ObjectRef ref="host-hostB"/>
</Src>
<Dst neg="False">
<ObjectRef ref="sysid0"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="icmp-Unreachables"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="sysid0"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions>
<Option name="id"/>
<Option name="stateless">True</Option>
</PolicyRuleOptions>
</PolicyRule><PolicyRule id="id3B0C63B4" disabled="False" log="True" position="6" action="Deny" direction="Both" comment="">
<Src neg="True">
<ObjectRef ref="host-hostA"/>
<ObjectRef ref="host-hostB"/>
</Src>
<Dst neg="False">
<ObjectRef ref="id3B0C6380"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="icmp-Unreachables"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="sysid0"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions>
<Option name="id"/>
<Option name="stateless">True</Option>
</PolicyRuleOptions>
</PolicyRule><PolicyRule id="id3B0C63BF" disabled="True" log="True" position="7" action="Deny" direction="Both" comment="testing negation in service field">
<Src neg="False">
<ObjectRef ref="sysid0"/>
</Src>
<Dst neg="False">
<ObjectRef ref="host-hostA"/>
<ObjectRef ref="host-hostB"/>
</Dst>
<Srv neg="True">
<ServiceRef ref="tcp-SMTP"/>
<ServiceRef ref="tcp-SSH"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="sysid0"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions>
<Option name="id"/>
<Option name="stateless">True</Option>
</PolicyRuleOptions>
</PolicyRule><PolicyRule id="id3B0C63CB" disabled="False" log="False" position="8" action="Accept" direction="Both" comment="'masquerading' rule">
<Src neg="False">
<ObjectRef ref="net-Internal_net"/>
</Src>
<Dst neg="False">
<ObjectRef ref="sysid0"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="sysid1"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="sysid0"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions>
<Option name="id"/>
</PolicyRuleOptions>
</PolicyRule><PolicyRule id="id3D85069A" disabled="True" log="True" position="9" action="Accept" direction="Both" comment="">
<Src neg="False">
<ObjectRef ref="sysid0"/>
</Src>
<Dst neg="False">
<ObjectRef ref="id3D850651"/>
<ObjectRef ref="id3D58227E"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="sysid1"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="sysid0"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions/>
</PolicyRule><PolicyRule id="id3B0C63D5" disabled="False" log="True" position="10" action="Deny" direction="Both" comment="'catch all' rule">
<Src neg="False">
<ObjectRef ref="sysid0"/>
</Src>
<Dst neg="False">
<ObjectRef ref="sysid0"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="sysid1"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="sysid0"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions>
<Option name="id"/>
<Option name="stateless">True</Option>
</PolicyRuleOptions>
</PolicyRule><RuleSetOptions/></Policy>
<Routing id="id3B0C6380-routing" name="Routing" comment="" ro="False" ipv4_rule_set="False" ipv6_rule_set="False" top_rule_set="True"><RuleSetOptions/>
</Routing>
<Interface id="id3B0C63DF" dyn="False" security_level="100" unnum="False" unprotected="False" name="eth0" comment="" ro="False">
<IPv4 id="id3B0C63DF-ipv4" name="address" comment="" ro="False" address="192.168.1.1" netmask="255.255.255.0"/>
<InterfaceOptions/>
</Interface>
<Interface id="id3B0C63E1" dyn="True" label="" security_level="0" unnum="False" unprotected="False" name="eth1" comment="" ro="False">
<IPv4 id="id3B0C63E1-ipv4" name="firewall4:eth1" comment="" ro="False" address="0.0.0.0" netmask="0.0.0.0"/>
<InterfaceOptions/>
</Interface>
<Interface id="id3B0C63F3" dyn="False" security_level="100" unnum="False" unprotected="False" name="eth2" comment="" ro="False">
<IPv4 id="id3B0C63F3-ipv4" name="firewall4:eth2" comment="" ro="False" address="192.168.2.1" netmask="255.255.255.0"/>
<InterfaceOptions/>
</Interface>
<Interface id="id3B0C63F5" dyn="False" security_level="100" unnum="False" unprotected="False" name="lo" comment="" ro="False">
<IPv4 id="id3B0C63F5-ipv4" name="address" comment="" ro="False" address="127.0.0.1" netmask="255.0.0.0"/>
<InterfaceOptions/>
</Interface>
<Interface id="id3CD88A77" dyn="False" label="" security_level="0" unnum="False" unprotected="False" name="eth3" comment="" ro="False">
<IPv4 id="id3CD88A77-ipv4" name="firewall4:eth3" comment="" ro="False" address="222.222.222.222" netmask="255.255.255.0"/>
<InterfaceOptions/>
</Interface>
<Management address="222.222.222.222">
<SNMPManagement enabled="False" snmp_read_community="public" snmp_write_community=""/>
<FWBDManagement enabled="True" identity="" port="9999"/>
<PolicyInstallScript arguments="" command="" enabled="False"/>
</Management>
<FirewallOptions>
<Option name="accept_established">False</Option>
<Option name="accept_new_tcp_with_no_syn">True</Option>
<Option name="action_on_reject">ICMP net unreachable</Option>
<Option name="activationCmd"/>
<Option name="admUser"/>
<Option name="altAddress"/>
<Option name="check_shading">False</Option>
<Option name="clamp_mss_to_mtu">False</Option>
<Option name="cmdline"/>
<Option name="compiler"/>
<Option name="configure_interfaces">False</Option>
<Option name="debug">False</Option>
<Option name="dynAddr">False</Option>
<Option name="dyn_addr">False</Option>
<Option name="eliminate_duplicates">True</Option>
<Option name="epilog_script"/>
<Option name="firewall_dir"/>
<Option name="firewall_is_part_of_any">True</Option>
<Option name="firewall_is_part_of_any_and_networks">True</Option>
<Option name="freebsd_path_ipf">/usr/sbin/ipf</Option>
<Option name="freebsd_path_ipnat">/usr/sbin/ipnat</Option>
<Option name="freebsd_path_sysctl"/>
<Option name="id"/>
<Option name="ignore_empty_groups">False</Option>
<Option name="in_out_code">True</Option>
<Option name="inst_cmdline"/>
<Option name="inst_script"/>
<Option name="install_script"/>
<Option name="ipf_log_body">False</Option>
<Option name="ipf_log_facility"/>
<Option name="ipf_log_level"/>
<Option name="ipf_log_or_block">False</Option>
<Option name="ipf_nat_ftp_proxy">True</Option>
<Option name="ipf_nat_h323_proxy">True</Option>
<Option name="ipf_nat_ipsec_proxy">True</Option>
<Option name="ipf_nat_irc_proxy">True</Option>
<Option name="ipf_nat_pptp_proxy">True</Option>
<Option name="ipf_nat_raudio_proxy">True</Option>
<Option name="ipf_nat_rcmd_proxy">True</Option>
<Option name="ipf_return_icmp_as_dest">False</Option>
<Option name="limit_suffix">/day</Option>
<Option name="limit_value">0</Option>
<Option name="linux24_ip_forward">0</Option>
<Option name="linux24_tcp_fin_timeout">30</Option>
<Option name="linux24_tcp_keepalive_interval">1800</Option>
<Option name="load_modules">False</Option>
<Option name="log_all_dropped">False</Option>
<Option name="log_ip_opt">False</Option>
<Option name="log_level">debug</Option>
<Option name="log_limit_suffix">/second</Option>
<Option name="log_limit_value">0</Option>
<Option name="log_prefix"/>
<Option name="log_tcp_opt">False</Option>
<Option name="log_tcp_seq">False</Option>
<Option name="manage_virtual_addr">True</Option>
<Option name="mgmt_addr"/>
<Option name="mgmt_ssh">False</Option>
<Option name="modulate_state">False</Option>
<Option name="no_iochains_for_any">False</Option>
<Option name="no_optimisation">False</Option>
<Option name="optimize">False</Option>
<Option name="output_file"/>
<Option name="pass_all_out">False</Option>
<Option name="platform">iptables</Option>
<Option name="prolog_script"/>
<Option name="proxy_arp">False</Option>
<Option name="script_env_path"/>
<Option name="snmp_contact"/>
<Option name="snmp_description"/>
<Option name="snmp_location"/>
<Option name="sshArgs"/>
<Option name="use_numeric_log_levels">False</Option>
</FirewallOptions>
</Firewall>
<Firewall id="id3C69BD4F" host_OS="freebsd" lastCompiled="1157929210" lastInstalled="0" lastModified="0" platform="ipf" name="firewall7" comment="testing rules with broadcasts" ro="False">
<NAT id="id3C69BD50" name="NAT" comment="" ro="False" ipv4_rule_set="False" ipv6_rule_set="False" top_rule_set="True"><RuleSetOptions/>
</NAT>
<Policy id="id3C69BD51" name="Policy" comment="" ro="False" ipv4_rule_set="False" ipv6_rule_set="False" top_rule_set="True">
<PolicyRule id="id3C69BDE1" disabled="False" log="True" position="0" action="Deny" direction="Inbound" comment="">
<Src neg="False">
<ObjectRef ref="sysid0"/>
</Src>
<Dst neg="False">
<ObjectRef ref="id3B64FFAC"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="sysid1"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="id3C69BD5C"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions>
<Option name="stateless">True</Option>
</PolicyRuleOptions>
</PolicyRule><PolicyRule id="id3CF5B373" disabled="False" log="True" position="1" action="Deny" direction="Inbound" comment="">
<Src neg="False">
<ObjectRef ref="sysid0"/>
</Src>
<Dst neg="False">
<ObjectRef ref="id3C69BD4F"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="sysid1"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="id3C69BD5E"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions>
<Option name="stateless">True</Option>
</PolicyRuleOptions>
</PolicyRule><PolicyRule id="id3C69BF13" disabled="False" log="False" position="2" action="Accept" direction="Both" comment="">
<Src neg="False">
<ObjectRef ref="sysid0"/>
</Src>
<Dst neg="False">
<ObjectRef ref="id3B64FFAC"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="udp-bootpc"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="sysid0"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions/>
</PolicyRule><RuleSetOptions/></Policy>
<Routing id="id3C69BD4F-routing" name="Routing" comment="" ro="False" ipv4_rule_set="False" ipv6_rule_set="False" top_rule_set="True"><RuleSetOptions/>
</Routing>
<Interface id="id3C69BD5C" dyn="False" security_level="100" unnum="False" unprotected="False" name="eth0" comment="" ro="False">
<IPv4 id="id3C69BD5C-ipv4" name="address" comment="" ro="False" address="192.168.1.1" netmask="255.255.255.0"/>
<InterfaceOptions/>
</Interface>
<Interface id="id3C69BD5E" dyn="False" security_level="0" unnum="False" unprotected="False" name="eth1" comment="" ro="False">
<IPv4 id="id3C69BD5E-ipv4" name="address" comment="" ro="False" address="22.22.22.22" netmask="255.255.255.0"/>
<InterfaceOptions/>
</Interface>
<Interface id="id3C69BD68" dyn="False" security_level="100" unnum="False" unprotected="False" name="eth2" comment="" ro="False">
<IPv4 id="id3C69BD68-ipv4" name="address" comment="" ro="False" address="192.168.2.1" netmask="255.255.255.0"/>
<InterfaceOptions/>
</Interface>
<Interface id="id3C69BD6A" dyn="False" security_level="100" unnum="False" unprotected="False" name="lo" comment="" ro="False">
<IPv4 id="id3C69BD6A-ipv4" name="address" comment="" ro="False" address="127.0.0.1" netmask="255.0.0.0"/>
<InterfaceOptions/>
</Interface>
<Interface id="id3C69BD6C" dyn="False" security_level="0" unnum="False" unprotected="False" name="eth3" comment="" ro="False">
<IPv4 id="id3C69BD6C-ipv4" name="address" comment="" ro="False" address="22.22.23.23" netmask="255.255.255.0"/>
<InterfaceOptions/>
</Interface>
<Management address="22.22.23.23">
<SNMPManagement enabled="False" snmp_read_community="public" snmp_write_community=""/>
<FWBDManagement enabled="True" identity="" port="9999"/>
<PolicyInstallScript arguments="" command="" enabled="False"/>
</Management>
<FirewallOptions>
<Option name="accept_established">True</Option>
<Option name="accept_new_tcp_with_no_syn">True</Option>
<Option name="action_on_reject">ICMP net unreachable</Option>
<Option name="check_shading">True</Option>
<Option name="clamp_mss_to_mtu">False</Option>
<Option name="cmdline"/>
<Option name="compiler"/>
<Option name="debug">False</Option>
<Option name="dyn_addr">False</Option>
<Option name="eliminate_duplicates">True</Option>
<Option name="firewall_dir"/>
<Option name="firewall_is_part_of_any">True</Option>
<Option name="firewall_is_part_of_any_and_networks">True</Option>
<Option name="freebsd_path_ipf"/>
<Option name="freebsd_path_ipnat"/>
<Option name="freebsd_path_sysctl"/>
<Option name="in_out_code">True</Option>
<Option name="inst_cmdline"/>
<Option name="inst_script"/>
<Option name="install_script"/>
<Option name="ipf_log_body">False</Option>
<Option name="ipf_log_facility"/>
<Option name="ipf_log_level"/>
<Option name="ipf_log_or_block">False</Option>
<Option name="ipf_nat_ftp_proxy">False</Option>
<Option name="ipf_nat_raudio_proxy">False</Option>
<Option name="ipf_nat_rcmd_proxy">False</Option>
<Option name="ipf_return_icmp_as_dest">False</Option>
<Option name="limit_suffix">/day</Option>
<Option name="limit_value">0</Option>
<Option name="linux24_ip_forward">0</Option>
<Option name="linux24_tcp_fin_timeout">30</Option>
<Option name="linux24_tcp_keepalive_interval">1800</Option>
<Option name="load_modules">False</Option>
<Option name="log_all_dropped">False</Option>
<Option name="log_ip_opt">False</Option>
<Option name="log_level">debug</Option>
<Option name="log_limit_suffix">/second</Option>
<Option name="log_limit_value">0</Option>
<Option name="log_prefix"/>
<Option name="log_tcp_opt">False</Option>
<Option name="log_tcp_seq">False</Option>
<Option name="manage_virtual_addr">True</Option>
<Option name="modulate_state">False</Option>
<Option name="no_iochains_for_any">False</Option>
<Option name="no_optimisation">False</Option>
<Option name="pass_all_out">False</Option>
<Option name="platform">iptables</Option>
<Option name="proxy_arp">False</Option>
<Option name="script_env_path"/>
<Option name="snmp_contact"/>
<Option name="snmp_description"/>
<Option name="snmp_location"/>
<Option name="use_ip_tool">False</Option>
<Option name="use_numeric_log_levels">False</Option>
</FirewallOptions>
</Firewall>
<Firewall id="id3AF5A2BA" host_OS="freebsd" lastCompiled="1157929215" lastInstalled="0" lastModified="0" platform="ipf" name="host" comment="firewall protects host it is running on" ro="False">
<NAT id="id3AF5A2BD" name="NAT" comment="" ro="False" ipv4_rule_set="False" ipv6_rule_set="False" top_rule_set="True"><RuleSetOptions/>
</NAT>
<Policy id="id3AF5A2BC" name="Policy" comment="" ro="False" ipv4_rule_set="False" ipv6_rule_set="False" top_rule_set="True">
<PolicyRule id="id3BD8ECD0" disabled="False" log="True" position="0" action="Accept" direction="Both" comment="">
<Src neg="False">
<ObjectRef ref="id3AF5A2BA"/>
</Src>
<Dst neg="False">
<ObjectRef ref="id3AF5A2BA"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="sysid1"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="id3AF5A2CB"/>
</Itf>
<PolicyRuleOptions/>
</PolicyRule><PolicyRule id="id3AFB70C7" disabled="False" log="False" position="1" action="Accept" direction="Inbound" comment="allow everything on loopback">
<Src neg="False">
<ObjectRef ref="sysid0"/>
</Src>
<Dst neg="False">
<ObjectRef ref="id3AF5A2BA"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="sysid1"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="id3AFB7090"/>
</Itf>
<PolicyRuleOptions/>
</PolicyRule><PolicyRule id="id3AFB70CF" disabled="False" log="False" position="2" action="Accept" direction="Outbound" comment="allow everything on loopback">
<Src neg="False">
<ObjectRef ref="id3AF5A2BA"/>
</Src>
<Dst neg="False">
<ObjectRef ref="sysid0"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="sysid1"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="id3AFB7090"/>
</Itf>
<PolicyRuleOptions/>
</PolicyRule><PolicyRule id="id3BD8ECC6" disabled="False" log="True" position="3" action="Accept" direction="Both" comment="">
<Src neg="False">
<ObjectRef ref="id3AF5A2BA"/>
</Src>
<Dst neg="False">
<ObjectRef ref="id3AF5A2BA"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="sysid1"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="id3AFB7090"/>
</Itf>
<PolicyRuleOptions/>
</PolicyRule><PolicyRule id="id3AF5A74B" disabled="False" log="True" position="4" action="Deny" direction="Both" comment="block fragments">
<Src neg="False">
<ObjectRef ref="sysid0"/>
</Src>
<Dst neg="False">
<ObjectRef ref="id3AF5A2BA"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="ip-IP_Fragments"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="sysid0"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions>
<Option name="stateless">True</Option>
</PolicyRuleOptions>
</PolicyRule><PolicyRule id="id3AF5A73A" disabled="False" log="False" position="5" action="Accept" direction="Both" comment="">
<Src neg="False">
<ObjectRef ref="sysid0"/>
</Src>
<Dst neg="False">
<ObjectRef ref="id3AF5A2BA"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="tcp-SMTP"/>
<ServiceRef ref="tcp-HTTP"/>
<ServiceRef ref="tcp-SSH"/>
<ServiceRef ref="tcp-FTP"/>
<ServiceRef ref="tcp-Telnet"/>
<ServiceRef ref="icmp-Unreachables"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="sysid0"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions/>
</PolicyRule><PolicyRule id="id3AF5A757" disabled="False" log="False" position="6" action="Accept" direction="Both" comment="allow all outgoing connections">
<Src neg="False">
<ObjectRef ref="id3AF5A2BA"/>
</Src>
<Dst neg="False">
<ObjectRef ref="sysid0"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="sysid1"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="sysid0"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions/>
</PolicyRule><PolicyRule id="id3AF5A762" disabled="False" log="True" position="7" action="Deny" direction="Both" comment="'catch all' rule">
<Src neg="False">
<ObjectRef ref="sysid0"/>
</Src>
<Dst neg="False">
<ObjectRef ref="sysid0"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="sysid1"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="sysid0"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions>
<Option name="stateless">True</Option>
</PolicyRuleOptions>
</PolicyRule><RuleSetOptions/></Policy>
<Routing id="id3AF5A2BA-routing" name="Routing" comment="" ro="False" ipv4_rule_set="False" ipv6_rule_set="False" top_rule_set="True"><RuleSetOptions/>
</Routing>
<Interface id="id3AF5A2CB" dyn="False" security_level="0" unnum="False" unprotected="False" name="eth0" comment="" ro="False">
<IPv4 id="id3AF5A2CB-ipv4" name="address" comment="" ro="False" address="22.22.22.22" netmask="255.255.255.0"/>
<InterfaceOptions/>
</Interface>
<Interface id="id3AFB7090" dyn="False" security_level="100" unnum="False" unprotected="False" name="lo" comment="" ro="False">
<IPv4 id="id3AFB7090-ipv4" name="address" comment="" ro="False" address="127.0.0.1" netmask="255.0.0.0"/>
<InterfaceOptions/>
</Interface>
<Management address="127.0.0.1">
<SNMPManagement enabled="False" snmp_read_community="public" snmp_write_community=""/>
<FWBDManagement enabled="True" identity="" port="9999"/>
<PolicyInstallScript arguments="" command="" enabled="False"/>
</Management>
<FirewallOptions>
<Option name="accept_established">True</Option>
<Option name="accept_new_tcp_with_no_syn">True</Option>
<Option name="action_on_reject">ICMP host prohibited</Option>
<Option name="check_shading">False</Option>
<Option name="clamp_mss_to_mtu">False</Option>
<Option name="cmdline"/>
<Option name="compiler"/>
<Option name="debug">False</Option>
<Option name="dyn_addr">False</Option>
<Option name="firewall_dir"/>
<Option name="firewall_is_part_of_any">True</Option>
<Option name="firewall_is_part_of_any_and_networks">True</Option>
<Option name="freebsd_path_ipf"/>
<Option name="freebsd_path_ipnat"/>
<Option name="freebsd_path_sysctl"/>
<Option name="in_out_code">True</Option>
<Option name="inst_cmdline"/>
<Option name="inst_script"/>
<Option name="install_script"/>
<Option name="ipf_log_body">False</Option>
<Option name="ipf_log_facility"/>
<Option name="ipf_log_level"/>
<Option name="ipf_log_or_block">False</Option>
<Option name="ipf_nat_ftp_proxy">False</Option>
<Option name="ipf_nat_raudio_proxy">False</Option>
<Option name="ipf_nat_rcmd_proxy">False</Option>
<Option name="ipf_return_icmp_as_dest">False</Option>
<Option name="limit_suffix">/day</Option>
<Option name="limit_value">0</Option>
<Option name="linux24_ip_forward">0</Option>
<Option name="linux24_tcp_fin_timeout">30</Option>
<Option name="linux24_tcp_keepalive_interval">1800</Option>
<Option name="load_modules">False</Option>
<Option name="log_all_dropped">False</Option>
<Option name="log_ip_opt">False</Option>
<Option name="log_level">debug</Option>
<Option name="log_limit_suffix"/>
<Option name="log_limit_value">0</Option>
<Option name="log_prefix"/>
<Option name="log_tcp_opt">False</Option>
<Option name="log_tcp_seq">False</Option>
<Option name="manage_virtual_addr">False</Option>
<Option name="modulate_state">False</Option>
<Option name="no_iochains_for_any">False</Option>
<Option name="no_optimisation">False</Option>
<Option name="pass_all_out">False</Option>
<Option name="platform">iptables</Option>
<Option name="script_env_path"/>
<Option name="snmp_contact"/>
<Option name="snmp_description"/>
<Option name="snmp_location"/>
<Option name="use_ip_tool">False</Option>
<Option name="use_numeric_log_levels">False</Option>
</FirewallOptions>
</Firewall>
<Firewall id="id3D582236" host_OS="freebsd" lastCompiled="1157929212" lastInstalled="0" lastModified="0" platform="ipf" name="firewall8" comment="" ro="False">
<NAT id="id3D58223A" name="NAT" comment="" ro="False" ipv4_rule_set="False" ipv6_rule_set="False" top_rule_set="True">
<NATRule id="id3D58237B" disabled="False" position="0" action="Translate" comment="">
<OSrc neg="False">
<ObjectRef ref="net-Internal_net"/>
</OSrc>
<ODst neg="False">
<ObjectRef ref="sysid0"/>
</ODst>
<OSrv neg="False">
<ServiceRef ref="sysid1"/>
</OSrv>
<TSrc neg="False">
<ObjectRef ref="id3D582236"/>
</TSrc>
<TDst neg="False">
<ObjectRef ref="sysid0"/>
</TDst>
<TSrv neg="False">
<ServiceRef ref="sysid1"/>
</TSrv>
<NATRuleOptions/>
</NATRule>
<NATRule id="id3D5823A5" disabled="False" position="1" action="Translate" comment="">
<OSrc neg="False">
<ObjectRef ref="net-Internal_net"/>
</OSrc>
<ODst neg="False">
<ObjectRef ref="sysid0"/>
</ODst>
<OSrv neg="False">
<ServiceRef ref="sysid1"/>
</OSrv>
<TSrc neg="False">
<ObjectRef ref="id3D582242"/>
</TSrc>
<TDst neg="False">
<ObjectRef ref="sysid0"/>
</TDst>
<TSrv neg="False">
<ServiceRef ref="sysid1"/>
</TSrv>
<NATRuleOptions/>
</NATRule>
<NATRule id="id3D5823B9" disabled="False" position="2" action="Translate" comment="">
<OSrc neg="False">
<ObjectRef ref="net-Internal_net"/>
</OSrc>
<ODst neg="False">
<ObjectRef ref="sysid0"/>
</ODst>
<OSrv neg="False">
<ServiceRef ref="sysid1"/>
</OSrv>
<TSrc neg="False">
<ObjectRef ref="id3D582244"/>
</TSrc>
<TDst neg="False">
<ObjectRef ref="sysid0"/>
</TDst>
<TSrv neg="False">
<ServiceRef ref="sysid1"/>
</TSrv>
<NATRuleOptions/>
</NATRule>
<NATRule id="id3D58245E" disabled="False" position="3" action="Translate" comment="">
<OSrc neg="False">
<ObjectRef ref="sysid0"/>
</OSrc>
<ODst neg="False">
<ObjectRef ref="id3D582236"/>
</ODst>
<OSrv neg="False">
<ServiceRef ref="tcp-SSH"/>
</OSrv>
<TSrc neg="False">
<ObjectRef ref="sysid0"/>
</TSrc>
<TDst neg="False">
<ObjectRef ref="id3D58227A"/>
</TDst>
<TSrv neg="False">
<ServiceRef ref="sysid1"/>
</TSrv>
<NATRuleOptions/>
</NATRule>
<NATRule id="id3D58236D" disabled="False" position="4" action="Translate" comment="">
<OSrc neg="False">
<ObjectRef ref="sysid0"/>
</OSrc>
<ODst neg="False">
<ObjectRef ref="id3D582236"/>
</ODst>
<OSrv neg="False">
<ServiceRef ref="tcp-SSH"/>
</OSrv>
<TSrc neg="False">
<ObjectRef ref="sysid0"/>
</TSrc>
<TDst neg="False">
<ObjectRef ref="id3D58227E"/>
</TDst>
<TSrv neg="False">
<ServiceRef ref="sysid1"/>
</TSrv>
<NATRuleOptions/>
</NATRule>
<NATRule id="id3D58235F" disabled="False" position="5" action="Translate" comment="">
<OSrc neg="False">
<ObjectRef ref="sysid0"/>
</OSrc>
<ODst neg="False">
<ObjectRef ref="id3D582236"/>
</ODst>
<OSrv neg="False">
<ServiceRef ref="tcp-SSH"/>
</OSrv>
<TSrc neg="False">
<ObjectRef ref="sysid0"/>
</TSrc>
<TDst neg="False">
<ObjectRef ref="id3D582282"/>
</TDst>
<TSrv neg="False">
<ServiceRef ref="sysid1"/>
</TSrv>
<NATRuleOptions/>
</NATRule>
<NATRule id="id3D582472" disabled="False" position="6" action="Translate" comment="">
<OSrc neg="False">
<ObjectRef ref="sysid0"/>
</OSrc>
<ODst neg="False">
<ObjectRef ref="id3D582236"/>
</ODst>
<OSrv neg="False">
<ServiceRef ref="tcp-SSH"/>
</OSrv>
<TSrc neg="False">
<ObjectRef ref="sysid0"/>
</TSrc>
<TDst neg="False">
<ObjectRef ref="id3D582283"/>
</TDst>
<TSrv neg="False">
<ServiceRef ref="sysid1"/>
</TSrv>
<NATRuleOptions/>
</NATRule>
<NATRule id="id3D58249D" disabled="False" position="7" action="Translate" comment="">
<OSrc neg="False">
<ObjectRef ref="sysid0"/>
</OSrc>
<ODst neg="False">
<ObjectRef ref="id3D582242"/>
</ODst>
<OSrv neg="False">
<ServiceRef ref="tcp-SSH"/>
</OSrv>
<TSrc neg="False">
<ObjectRef ref="sysid0"/>
</TSrc>
<TDst neg="False">
<ObjectRef ref="id3D582283"/>
</TDst>
<TSrv neg="False">
<ServiceRef ref="sysid1"/>
</TSrv>
<NATRuleOptions/>
</NATRule>
<NATRule id="id3D5825CC" disabled="False" position="8" action="Translate" comment="">
<OSrc neg="False">
<ObjectRef ref="sysid0"/>
</OSrc>
<ODst neg="False">
<ObjectRef ref="id3D582245"/>
</ODst>
<OSrv neg="False">
<ServiceRef ref="tcp-SSH"/>
</OSrv>
<TSrc neg="False">
<ObjectRef ref="sysid0"/>
</TSrc>
<TDst neg="False">
<ObjectRef ref="id3D582283"/>
</TDst>
<TSrv neg="False">
<ServiceRef ref="sysid1"/>
</TSrv>
<NATRuleOptions/>
</NATRule>
<RuleSetOptions/>
</NAT>
<Policy id="id3D582239" name="Policy" comment="" ro="False" ipv4_rule_set="False" ipv6_rule_set="False" top_rule_set="True">
<PolicyRule id="id3D5822AA" disabled="False" log="False" position="0" action="Accept" direction="Both" comment="">
<Src neg="False">
<ObjectRef ref="sysid0"/>
</Src>
<Dst neg="False">
<ObjectRef ref="id3D582236"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="tcp-SSH"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="sysid0"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions/>
</PolicyRule><PolicyRule id="id3D5822B5" disabled="False" log="False" position="1" action="Accept" direction="Both" comment="">
<Src neg="False">
<ObjectRef ref="sysid0"/>
</Src>
<Dst neg="False">
<ObjectRef ref="id3D582242"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="tcp-SSH"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="sysid0"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions/>
</PolicyRule><PolicyRule id="id3D582294" disabled="False" log="False" position="2" action="Accept" direction="Both" comment="">
<Src neg="False">
<ObjectRef ref="sysid0"/>
</Src>
<Dst neg="False">
<ObjectRef ref="id3D582244"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="tcp-SSH"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="sysid0"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions/>
</PolicyRule><PolicyRule id="id3D58228A" disabled="False" log="False" position="3" action="Accept" direction="Both" comment="">
<Src neg="False">
<ObjectRef ref="sysid0"/>
</Src>
<Dst neg="False">
<ObjectRef ref="id3D582245"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="tcp-SSH"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="sysid0"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions/>
</PolicyRule><PolicyRule id="id3D5822A0" disabled="False" log="True" position="4" action="Deny" direction="Both" comment="">
<Src neg="False">
<ObjectRef ref="sysid0"/>
</Src>
<Dst neg="False">
<ObjectRef ref="sysid0"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="sysid1"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="sysid0"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions>
<Option name="stateless">True</Option>
</PolicyRuleOptions>
</PolicyRule><RuleSetOptions/></Policy>
<Routing id="id3D582236-routing" name="Routing" comment="" ro="False" ipv4_rule_set="False" ipv6_rule_set="False" top_rule_set="True"><RuleSetOptions/>
</Routing>
<Interface id="id3D58223F" dyn="False" label="" security_level="100" unnum="False" unprotected="False" name="eth0" comment="" ro="False">
<IPv4 id="id3D582241" name="firewall8:eth0" comment="" ro="False" address="192.168.1.1" netmask="255.255.255.0"/>
<InterfaceOptions/>
</Interface>
<Interface id="id3D582242" dyn="False" label="" security_level="0" unnum="False" unprotected="False" name="eth1" comment="" ro="False">
<IPv4 id="id3D582244" name="firewall8:eth1:0" comment="" ro="False" address="33.33.33.33" netmask="255.255.255.0"/>
<IPv4 id="id3D582245" name="firewall8:eth1:1" comment="" ro="False" address="33.33.33.34" netmask="255.255.255.0"/>
<InterfaceOptions/>
</Interface>
<Interface id="id3E5F1E5D" dyn="False" label="" mgmt="False" security_level="0" unnum="False" unprotected="False" name="lo" comment="" ro="False">
<IPv4 id="id3E5F1E5F" name="firewall8:lo(ip)" comment="" ro="False" address="127.0.0.1" netmask="255.0.0.0"/>
<InterfaceOptions/>
</Interface>
<Interface id="id3EE260BD" dyn="True" label="" mgmt="False" security_level="0" unnum="False" unprotected="False" name="ppp0" comment="" ro="False">
<InterfaceOptions/>
</Interface>
<Management address="33.33.33.33">
<SNMPManagement enabled="False" snmp_read_community="" snmp_write_community=""/>
<FWBDManagement enabled="True" identity="" port="9999"/>
<PolicyInstallScript arguments="" command="" enabled="False"/>
</Management>
<FirewallOptions>
<Option name="action_on_reject">ICMP host prohibited</Option>
<Option name="check_shading">False</Option>
<Option name="cmdline"/>
<Option name="compiler"/>
<Option name="debug">False</Option>
<Option name="eliminate_duplicates">True</Option>
<Option name="firewall_dir">/etc</Option>
<Option name="freebsd_ip_forward">1</Option>
<Option name="freebsd_path_ipf"/>
<Option name="freebsd_path_ipnat"/>
<Option name="freebsd_path_sysctl"/>
<Option name="ignore_empty_groups">False</Option>
<Option name="in_out_code">True</Option>
<Option name="ipf_log_body">False</Option>
<Option name="ipf_log_facility"/>
<Option name="ipf_log_level"/>
<Option name="ipf_log_or_block">False</Option>
<Option name="ipf_nat_ftp_proxy">False</Option>
<Option name="ipf_nat_raudio_proxy">False</Option>
<Option name="ipf_nat_rcmd_proxy">False</Option>
<Option name="ipf_return_icmp_as_dest">False</Option>
<Option name="manage_virtual_addr">False</Option>
<Option name="pass_all_out">False</Option>
<Option name="snmp_contact"/>
<Option name="snmp_description"/>
<Option name="snmp_location"/>
</FirewallOptions>
</Firewall>
<Firewall id="id3DF3D0AD" host_OS="freebsd" lastCompiled="1157929213" lastInstalled="0" lastModified="0" platform="ipf" name="firewall9" comment="" ro="False">
<NAT id="id3DF3D0AE" name="NAT" comment="" ro="False" ipv4_rule_set="False" ipv6_rule_set="False" top_rule_set="True">
<NATRule id="id3DF3D0AF" disabled="False" position="0" action="Translate" comment="">
<OSrc neg="False">
<ObjectRef ref="net-Internal_net"/>
</OSrc>
<ODst neg="False">
<ObjectRef ref="sysid0"/>
</ODst>
<OSrv neg="False">
<ServiceRef ref="sysid1"/>
</OSrv>
<TSrc neg="False">
<ObjectRef ref="id3DF3D0AD"/>
</TSrc>
<TDst neg="False">
<ObjectRef ref="sysid0"/>
</TDst>
<TSrv neg="False">
<ServiceRef ref="sysid1"/>
</TSrv>
<NATRuleOptions/>
</NATRule>
<NATRule id="id3DF3D0BD" disabled="False" position="1" action="Translate" comment="">
<OSrc neg="False">
<ObjectRef ref="net-Internal_net"/>
</OSrc>
<ODst neg="False">
<ObjectRef ref="sysid0"/>
</ODst>
<OSrv neg="False">
<ServiceRef ref="sysid1"/>
</OSrv>
<TSrc neg="False">
<ObjectRef ref="id3DF3D163"/>
</TSrc>
<TDst neg="False">
<ObjectRef ref="sysid0"/>
</TDst>
<TSrv neg="False">
<ServiceRef ref="sysid1"/>
</TSrv>
<NATRuleOptions/>
</NATRule>
<NATRule id="id3DF3D0CB" disabled="False" position="2" action="Translate" comment="">
<OSrc neg="False">
<ObjectRef ref="net-Internal_net"/>
</OSrc>
<ODst neg="False">
<ObjectRef ref="sysid0"/>
</ODst>
<OSrv neg="False">
<ServiceRef ref="sysid1"/>
</OSrv>
<TSrc neg="False">
<ObjectRef ref="sysid0"/>
</TSrc>
<TDst neg="False">
<ObjectRef ref="sysid0"/>
</TDst>
<TSrv neg="False">
<ServiceRef ref="sysid1"/>
</TSrv>
<NATRuleOptions/>
</NATRule>
<NATRule id="id3DF3D0D9" disabled="False" position="3" action="Translate" comment="">
<OSrc neg="False">
<ObjectRef ref="sysid0"/>
</OSrc>
<ODst neg="False">
<ObjectRef ref="id3DF3D0AD"/>
</ODst>
<OSrv neg="False">
<ServiceRef ref="tcp-SSH"/>
</OSrv>
<TSrc neg="False">
<ObjectRef ref="sysid0"/>
</TSrc>
<TDst neg="False">
<ObjectRef ref="id3D58227A"/>
</TDst>
<TSrv neg="False">
<ServiceRef ref="sysid1"/>
</TSrv>
<NATRuleOptions/>
</NATRule>
<NATRule id="id3DF3D0E7" disabled="False" position="4" action="Translate" comment="">
<OSrc neg="False">
<ObjectRef ref="sysid0"/>
</OSrc>
<ODst neg="False">
<ObjectRef ref="id3DF3D0AD"/>
</ODst>
<OSrv neg="False">
<ServiceRef ref="tcp-SSH"/>
</OSrv>
<TSrc neg="False">
<ObjectRef ref="sysid0"/>
</TSrc>
<TDst neg="False">
<ObjectRef ref="id3D58227E"/>
</TDst>
<TSrv neg="False">
<ServiceRef ref="sysid1"/>
</TSrv>
<NATRuleOptions/>
</NATRule>
<NATRule id="id3DF3D0F5" disabled="False" position="5" action="Translate" comment="">
<OSrc neg="False">
<ObjectRef ref="sysid0"/>
</OSrc>
<ODst neg="False">
<ObjectRef ref="id3DF3D0AD"/>
</ODst>
<OSrv neg="False">
<ServiceRef ref="tcp-SSH"/>
</OSrv>
<TSrc neg="False">
<ObjectRef ref="sysid0"/>
</TSrc>
<TDst neg="False">
<ObjectRef ref="id3DF3D160"/>
</TDst>
<TSrv neg="False">
<ServiceRef ref="sysid1"/>
</TSrv>
<NATRuleOptions/>
</NATRule>
<NATRule id="id3DF3D103" disabled="False" position="6" action="Translate" comment="">
<OSrc neg="False">
<ObjectRef ref="sysid0"/>
</OSrc>
<ODst neg="False">
<ObjectRef ref="id3DF3D0AD"/>
</ODst>
<OSrv neg="False">
<ServiceRef ref="tcp-SSH"/>
</OSrv>
<TSrc neg="False">
<ObjectRef ref="sysid0"/>
</TSrc>
<TDst neg="False">
<ObjectRef ref="id3D582283"/>
</TDst>
<TSrv neg="False">
<ServiceRef ref="sysid1"/>
</TSrv>
<NATRuleOptions/>
</NATRule>
<NATRule id="id3DF3D111" disabled="False" position="7" action="Translate" comment="">
<OSrc neg="False">
<ObjectRef ref="sysid0"/>
</OSrc>
<ODst neg="False">
<ObjectRef ref="id3DF3D163"/>
</ODst>
<OSrv neg="False">
<ServiceRef ref="tcp-SSH"/>
</OSrv>
<TSrc neg="False">
<ObjectRef ref="sysid0"/>
</TSrc>
<TDst neg="False">
<ObjectRef ref="id3D582283"/>
</TDst>
<TSrv neg="False">
<ServiceRef ref="sysid1"/>
</TSrv>
<NATRuleOptions/>
</NATRule>
<NATRule id="id3E65B753" disabled="False" position="8" action="Translate" comment="">
<OSrc neg="False">
<ObjectRef ref="sysid0"/>
</OSrc>
<ODst neg="False">
<ObjectRef ref="id3DF3D163"/>
</ODst>
<OSrv neg="False">
<ServiceRef ref="tcp-SSH"/>
</OSrv>
<TSrc neg="False">
<ObjectRef ref="sysid0"/>
</TSrc>
<TDst neg="False">
<ObjectRef ref="id3DF3D160"/>
</TDst>
<TSrv neg="False">
<ServiceRef ref="sysid1"/>
</TSrv>
<NATRuleOptions/>
</NATRule>
<NATRule id="id3DF3D11F" disabled="False" position="9" action="Translate" comment="">
<OSrc neg="False">
<ObjectRef ref="sysid0"/>
</OSrc>
<ODst neg="False">
<ObjectRef ref="sysid0"/>
</ODst>
<OSrv neg="False">
<ServiceRef ref="tcp-SSH"/>
</OSrv>
<TSrc neg="False">
<ObjectRef ref="sysid0"/>
</TSrc>
<TDst neg="False">
<ObjectRef ref="id3D582283"/>
</TDst>
<TSrv neg="False">
<ServiceRef ref="sysid1"/>
</TSrv>
<NATRuleOptions/>
</NATRule>
<RuleSetOptions/>
</NAT>
<Policy id="id3DF3D12D" name="Policy" comment="" ro="False" ipv4_rule_set="False" ipv6_rule_set="False" top_rule_set="True">
<PolicyRule id="id3DF3DFB0" disabled="False" log="True" position="0" action="Deny" direction="Inbound" comment="">
<Src neg="True">
<ObjectRef ref="id3B665643"/>
</Src>
<Dst neg="False">
<ObjectRef ref="sysid0"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="sysid1"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="id3DF3D163"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions>
<Option name="stateless">True</Option>
</PolicyRuleOptions>
</PolicyRule><PolicyRule id="id3DF3E09E" disabled="False" log="False" position="1" action="Accept" direction="Inbound" comment="">
<Src neg="False">
<ObjectRef ref="id3B665643"/>
</Src>
<Dst neg="False">
<ObjectRef ref="host-hostA"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="tcp-SSH"/>
<ServiceRef ref="sg-Useful_ICMP"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="id3DF3D163"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions/>
</PolicyRule><PolicyRule id="id3DF3D16E" disabled="False" log="False" position="2" action="Accept" direction="Inbound" comment="">
<Src neg="True">
<ObjectRef ref="net-Internal_net"/>
<ObjectRef ref="id3DF3D0AD"/>
</Src>
<Dst neg="False">
<ObjectRef ref="sysid0"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="sysid1"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="id3DF3D163"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions/>
</PolicyRule><PolicyRule id="id3E5F1BBD" disabled="False" log="False" position="3" action="Accounting" direction="Both" comment="">
<Src neg="False">
<ObjectRef ref="sysid0"/>
</Src>
<Dst neg="False">
<ObjectRef ref="sysid0"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="sysid1"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="sysid0"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions>
<Option name="stateless">True</Option>
</PolicyRuleOptions>
</PolicyRule><PolicyRule id="id3E5F1BB3" disabled="False" log="True" position="4" action="Accounting" direction="Both" comment="">
<Src neg="False">
<ObjectRef ref="sysid0"/>
</Src>
<Dst neg="False">
<ObjectRef ref="sysid0"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="sysid1"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="sysid0"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions>
<Option name="stateless">True</Option>
</PolicyRuleOptions>
</PolicyRule><PolicyRule id="id3DF3D12E" disabled="False" log="False" position="5" action="Accept" direction="Both" comment="">
<Src neg="False">
<ObjectRef ref="sysid0"/>
</Src>
<Dst neg="False">
<ObjectRef ref="id3DF3D0AD"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="tcp-SSH"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="sysid0"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions/>
</PolicyRule><PolicyRule id="id3DF3D563" disabled="False" log="False" position="6" action="Accept" direction="Both" comment="">
<Src neg="False">
<ObjectRef ref="net-Internal_net"/>
</Src>
<Dst neg="False">
<ObjectRef ref="sysid0"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="sysid1"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="sysid0"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions/>
</PolicyRule><PolicyRule id="id3DF3D156" disabled="False" log="True" position="7" action="Deny" direction="Both" comment="">
<Src neg="False">
<ObjectRef ref="sysid0"/>
</Src>
<Dst neg="False">
<ObjectRef ref="sysid0"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="sysid1"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="sysid0"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions>
<Option name="stateless">True</Option>
</PolicyRuleOptions>
</PolicyRule><RuleSetOptions/></Policy>
<Routing id="id3DF3D0AD-routing" name="Routing" comment="" ro="False" ipv4_rule_set="False" ipv6_rule_set="False" top_rule_set="True"><RuleSetOptions/>
</Routing>
<Interface id="id3DF3D160" dyn="False" label="" mgmt="False" security_level="100" unnum="False" unprotected="False" name="le0" comment="" ro="False">
<IPv4 id="id3DF3D161" name="firewall9:le0:ip" comment="" ro="False" address="192.168.1.1" netmask="255.255.255.0"/>
<InterfaceOptions/>
</Interface>
<Interface id="id3DF3D163" dyn="False" label="" mgmt="False" security_level="0" unnum="False" unprotected="False" name="le1" comment="" ro="False">
<IPv4 id="id3DF3D164" name="firewall9:le1:ip" comment="" ro="False" address="22.22.22.22" netmask="255.255.255.0"/>
<InterfaceOptions/>
</Interface>
<Interface id="id3E5F2278" dyn="False" label="" mgmt="False" security_level="100" unnum="False" unprotected="False" name="lo0" comment="" ro="False">
<IPv4 id="id3E5F227A" name="firewall9:lo(ip)" comment="" ro="False" address="127.0.0.1" netmask="255.0.0.0"/>
<InterfaceOptions/>
</Interface>
<Management address="22.22.22.22">
<SNMPManagement enabled="False" snmp_read_community="" snmp_write_community=""/>
<FWBDManagement enabled="True" identity="" port="9999"/>
<PolicyInstallScript arguments="" command="" enabled="False"/>
</Management>
<FirewallOptions>
<Option name="action_on_reject">ICMP host prohibited</Option>
<Option name="check_shading">False</Option>
<Option name="cmdline"/>
<Option name="compiler"/>
<Option name="debug">False</Option>
<Option name="eliminate_duplicates">True</Option>
<Option name="firewall_dir">/etc</Option>
<Option name="freebsd_ip_forward">1</Option>
<Option name="freebsd_path_ipf"/>
<Option name="freebsd_path_ipnat"/>
<Option name="freebsd_path_sysctl"/>
<Option name="ignore_empty_groups">False</Option>
<Option name="in_out_code">True</Option>
<Option name="ipf_log_body">False</Option>
<Option name="ipf_log_facility"/>
<Option name="ipf_log_level"/>
<Option name="ipf_log_or_block">False</Option>
<Option name="ipf_nat_ftp_proxy">False</Option>
<Option name="ipf_nat_h323_proxy">False</Option>
<Option name="ipf_nat_ipsec_proxy">False</Option>
<Option name="ipf_nat_raudio_proxy">False</Option>
<Option name="ipf_nat_rcmd_proxy">False</Option>
<Option name="ipf_return_icmp_as_dest">False</Option>
<Option name="manage_virtual_addr">False</Option>
<Option name="pass_all_out">False</Option>
<Option name="snmp_contact"/>
<Option name="snmp_description"/>
<Option name="snmp_location"/>
</FirewallOptions>
</Firewall>
<Firewall id="id3FCA516A" host_OS="freebsd" inactive="False" lastCompiled="1157929196" lastInstalled="0" lastModified="1156049389" platform="ipf" version="" name="firewall10" comment="" ro="False">
<NAT id="id3FCA516B" name="NAT" comment="" ro="False" ipv4_rule_set="False" ipv6_rule_set="False" top_rule_set="True"><RuleSetOptions/>
</NAT>
<Policy id="id3FCA51F8" name="Policy" comment="" ro="False" ipv4_rule_set="False" ipv6_rule_set="False" top_rule_set="True">
<PolicyRule id="id3FCA51F9" disabled="False" log="False" position="0" action="Accounting" direction="Both" comment="">
<Src neg="False">
<ObjectRef ref="sysid0"/>
</Src>
<Dst neg="False">
<ObjectRef ref="sysid0"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="sysid1"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="sysid0"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions>
<Option name="stateless">True</Option>
</PolicyRuleOptions>
</PolicyRule><PolicyRule id="id3FCA520D" disabled="False" log="False" position="1" action="Accept" direction="Both" comment="">
<Src neg="True">
<ObjectRef ref="host-hostA"/>
<ObjectRef ref="host-hostB"/>
<ObjectRef ref="id3D58227A"/>
<ObjectRef ref="id3FCA52D5"/>
<ObjectRef ref="id3FCA52DB"/>
</Src>
<Dst neg="False">
<ObjectRef ref="id3FCA558D"/>
<ObjectRef ref="id3FCA5593"/>
<ObjectRef ref="id3FCA534B"/>
<ObjectRef ref="id3FCA5351"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="tcp-HTTP"/>
<ServiceRef ref="tcp-FTP"/>
<ServiceRef ref="tcp-SMTP"/>
<ServiceRef ref="tcp-NNTP"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="sysid0"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions/>
</PolicyRule><PolicyRule id="id3FCC3AD6" disabled="False" log="False" position="2" action="Accept" direction="Both" comment="">
<Src neg="False">
<ObjectRef ref="net-Internal_net"/>
</Src>
<Dst neg="False">
<ObjectRef ref="id3FCA516A"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="sg-Useful_ICMP"/>
<ServiceRef ref="tcp-SSH"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="sysid0"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions/>
</PolicyRule><PolicyRule id="id3FCA5217" disabled="False" log="False" position="3" action="Deny" direction="Both" comment="">
<Src neg="False">
<ObjectRef ref="host-hostA"/>
<ObjectRef ref="host-hostB"/>
<ObjectRef ref="id3D58227A"/>
<ObjectRef ref="id3FCA52D5"/>
<ObjectRef ref="id3FCA52DB"/>
</Src>
<Dst neg="False">
<ObjectRef ref="id3FCA558D"/>
<ObjectRef ref="id3FCA5593"/>
<ObjectRef ref="id3FCA534B"/>
<ObjectRef ref="id3FCA5351"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="tcp-HTTP"/>
<ServiceRef ref="tcp-FTP"/>
<ServiceRef ref="tcp-SMTP"/>
<ServiceRef ref="tcp-NNTP"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="sysid0"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions>
<Option name="stateless">True</Option>
</PolicyRuleOptions>
</PolicyRule><PolicyRule id="id3FCC1E1A" disabled="False" log="False" position="4" action="Deny" direction="Both" comment="">
<Src neg="False">
<ObjectRef ref="host-hostA"/>
</Src>
<Dst neg="False">
<ObjectRef ref="id3FCA558D"/>
<ObjectRef ref="id3FCA5593"/>
<ObjectRef ref="id3FCA534B"/>
<ObjectRef ref="id3FCA5351"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="tcp-HTTP"/>
<ServiceRef ref="tcp-FTP"/>
<ServiceRef ref="tcp-SMTP"/>
<ServiceRef ref="tcp-NNTP"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="sysid0"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions>
<Option name="stateless">True</Option>
</PolicyRuleOptions>
</PolicyRule><PolicyRule id="id3FCC1E4F" disabled="False" log="False" position="5" action="Deny" direction="Both" comment="">
<Src neg="False">
<ObjectRef ref="host-hostA"/>
<ObjectRef ref="host-hostB"/>
<ObjectRef ref="id3D58227A"/>
<ObjectRef ref="id3FCA52D5"/>
<ObjectRef ref="id3FCA52DB"/>
</Src>
<Dst neg="False">
<ObjectRef ref="id3FCA558D"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="tcp-HTTP"/>
<ServiceRef ref="tcp-FTP"/>
<ServiceRef ref="tcp-SMTP"/>
<ServiceRef ref="tcp-NNTP"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="sysid0"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions>
<Option name="stateless">True</Option>
</PolicyRuleOptions>
</PolicyRule><PolicyRule id="id3FCC1EC3" disabled="False" log="False" position="6" action="Deny" direction="Both" comment="">
<Src neg="False">
<ObjectRef ref="host-hostA"/>
<ObjectRef ref="host-hostB"/>
<ObjectRef ref="id3D58227A"/>
<ObjectRef ref="id3FCA52D5"/>
<ObjectRef ref="id3FCA52DB"/>
</Src>
<Dst neg="False">
<ObjectRef ref="id3FCA558D"/>
<ObjectRef ref="id3FCA5593"/>
<ObjectRef ref="id3FCA534B"/>
<ObjectRef ref="id3FCA5351"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="tcp-HTTP"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="sysid0"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions>
<Option name="stateless">True</Option>
</PolicyRuleOptions>
</PolicyRule><PolicyRule id="id3FCA5221" disabled="False" log="True" position="7" action="Deny" direction="Both" comment="">
<Src neg="False">
<ObjectRef ref="sysid0"/>
</Src>
<Dst neg="False">
<ObjectRef ref="sysid0"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="sysid1"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="sysid0"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions>
<Option name="stateless">True</Option>
</PolicyRuleOptions>
</PolicyRule><RuleSetOptions/></Policy>
<Routing id="id3FCA516A-routing" name="Routing" comment="" ro="False" ipv4_rule_set="False" ipv6_rule_set="False" top_rule_set="True"><RuleSetOptions/>
</Routing>
<Interface id="id3FCA522B" dyn="False" label="fw10:fxp0" mgmt="False" security_level="100" unnum="False" unprotected="False" name="fxp0" comment="" ro="False">
<IPv4 id="id3FCA522C" name="firewall9:eth0" comment="" ro="False" address="192.168.1.1" netmask="255.255.255.0"/>
<InterfaceOptions/>
</Interface>
<Interface id="id3FCA522E" dyn="False" label="fw10:fxp1" mgmt="False" security_level="0" unnum="False" unprotected="False" name="fxp1" comment="" ro="False">
<IPv4 id="id3FCA522F" name="firewall9:eth1:0" comment="" ro="False" address="22.22.22.22" netmask="255.255.255.0"/>
<InterfaceOptions/>
</Interface>
<Interface id="id3FCA5251" dyn="False" label="" mgmt="False" security_level="0" unnum="False" unprotected="False" name="lo0" comment="" ro="False">
<IPv4 id="id3FCA5252" name="firewall9:lo(ip)" comment="" ro="False" address="127.0.0.1" netmask="255.0.0.0"/>
<InterfaceOptions/>
</Interface>
<Interface id="id3FCA5535" dyn="False" label="fw10:fxp2" mgmt="False" security_level="0" unnum="False" unprotected="False" name="fxp2" comment="" ro="False">
<IPv4 id="id3FCA5537" name="firewall10:fw10:fxp2(ip)" comment="" ro="False" address="192.168.2.0" netmask="255.255.255.0"/>
<InterfaceOptions/>
</Interface>
<Management address="192.168.2.0">
<SNMPManagement enabled="False" snmp_read_community="" snmp_write_community=""/>
<FWBDManagement enabled="True" identity="" port="9999"/>
<PolicyInstallScript arguments="" command="" enabled="False"/>
</Management>
<FirewallOptions>
<Option name="accept_new_tcp_with_no_syn">False</Option>
<Option name="action_on_reject">ICMP host prohibited</Option>
<Option name="check_shading">False</Option>
<Option name="cmdline"/>
<Option name="compiler"/>
<Option name="configure_interfaces">False</Option>
<Option name="debug">False</Option>
<Option name="eliminate_duplicates">False</Option>
<Option name="firewall_dir">/etc</Option>
<Option name="freebsd_ip_forward">1</Option>
<Option name="freebsd_path_ipf"/>
<Option name="freebsd_path_ipnat"/>
<Option name="freebsd_path_sysctl"/>
<Option name="ignore_empty_groups">False</Option>
<Option name="in_out_code">False</Option>
<Option name="ipf_log_body">False</Option>
<Option name="ipf_log_facility"/>
<Option name="ipf_log_level"/>
<Option name="ipf_log_or_block">False</Option>
<Option name="ipf_nat_ftp_proxy">False</Option>
<Option name="ipf_nat_h323_proxy">False</Option>
<Option name="ipf_nat_ipsec_proxy">False</Option>
<Option name="ipf_nat_raudio_proxy">False</Option>
<Option name="ipf_nat_rcmd_proxy">False</Option>
<Option name="ipf_return_icmp_as_dest">False</Option>
<Option name="manage_virtual_addr">False</Option>
<Option name="optimize">True</Option>
<Option name="pass_all_out">True</Option>
<Option name="snmp_contact"/>
<Option name="snmp_description"/>
<Option name="snmp_location"/>
</FirewallOptions>
</Firewall>
<Firewall id="id3FF5DC0E" host_OS="freebsd" lastCompiled="1172425374" lastInstalled="0" lastModified="0" platform="ipf" name="firewall11" comment="" ro="False">
<NAT id="id3FF5DC12" name="NAT" comment="" ro="False" ipv4_rule_set="False" ipv6_rule_set="False" top_rule_set="True">
<NATRule id="id3FF5DC26" disabled="False" position="0" action="Translate" comment="">
<OSrc neg="False">
<ObjectRef ref="sysid0"/>
</OSrc>
<ODst neg="False">
<ObjectRef ref="id3FF5DC0E"/>
</ODst>
<OSrv neg="False">
<ServiceRef ref="sysid1"/>
</OSrv>
<TSrc neg="False">
<ObjectRef ref="sysid0"/>
</TSrc>
<TDst neg="False">
<ObjectRef ref="id3FF5DC1B"/>
</TDst>
<TSrv neg="False">
<ServiceRef ref="sysid1"/>
</TSrv>
<NATRuleOptions/>
</NATRule>
<RuleSetOptions/>
</NAT>
<Policy id="id3FF5DC11" name="Policy" comment="" ro="False" ipv4_rule_set="False" ipv6_rule_set="False" top_rule_set="True">
<PolicyRule id="id3FF5DC82" disabled="False" log="False" position="0" action="Accept" direction="Inbound" comment="">
<Src neg="False">
<ObjectRef ref="sysid0"/>
</Src>
<Dst neg="False">
<ObjectRef ref="id3FF5DC19"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="sysid1"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="id3FF5DC19"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions/>
</PolicyRule><PolicyRule id="id3FF5DC56" disabled="False" log="False" position="1" action="Accept" direction="Both" comment="">
<Src neg="False">
<ObjectRef ref="sysid0"/>
</Src>
<Dst neg="False">
<ObjectRef ref="id3FF5DC0E"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="sysid1"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="sysid0"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions/>
</PolicyRule><PolicyRule id="id3FF5DC61" disabled="False" log="False" position="2" action="Accept" direction="Both" comment="">
<Src neg="False">
<ObjectRef ref="sysid0"/>
</Src>
<Dst neg="False">
<ObjectRef ref="id3FF5DC19"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="sysid1"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="sysid0"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions/>
</PolicyRule><RuleSetOptions/></Policy>
<Routing id="id3FF5DC0E-routing" name="Routing" comment="" ro="False" ipv4_rule_set="False" ipv6_rule_set="False" top_rule_set="True"><RuleSetOptions/>
</Routing>
<Interface id="id3FF5DC15" dyn="False" label="" mgmt="False" network_zone="sysid0" security_level="100" unnum="True" unprotected="False" name="fxp1" comment="" ro="False">
<InterfaceOptions/>
</Interface>
<Interface id="id3FF5DC17" dyn="True" label="" mgmt="False" network_zone="sysid0" security_level="100" unnum="False" unprotected="False" name="ng1" comment="" ro="False">
<InterfaceOptions/>
</Interface>
<Interface id="id3FF5DC19" dyn="True" label="" mgmt="False" network_zone="sysid0" security_level="0" unnum="False" unprotected="False" name="ng0" comment="" ro="False">
<InterfaceOptions/>
</Interface>
<Interface id="id3FF5DC1B" dyn="False" label="" mgmt="False" network_zone="sysid0" security_level="100" unnum="False" unprotected="False" name="fxp0" comment="" ro="False">
<IPv4 id="id3FF5DC1D" name="firewall11:fxp0(ip)" comment="" ro="False" address="10.0.0.1" netmask="255.255.255.0"/>
<InterfaceOptions/>
</Interface>
<Interface id="id3FF5DC1E" dyn="False" label="" network_zone="sysid0" security_level="100" unnum="False" unprotected="False" name="lo0" comment="" ro="False">
<IPv4 id="id3FF5DC20" name="firewall11:lo0(ip)" comment="" ro="False" address="127.0.0.1" netmask="255.0.0.0"/>
<InterfaceOptions/>
</Interface>
<Management address="127.0.0.1">
<SNMPManagement enabled="False" snmp_read_community="public" snmp_write_community=""/>
<FWBDManagement enabled="True" identity="" port="9999"/>
<PolicyInstallScript arguments="" command="" enabled="False"/>
</Management>
<FirewallOptions>
<Option name="accept_new_tcp_with_no_syn">True</Option>
<Option name="action_on_reject">ICMP host prohibited</Option>
<Option name="check_shading">False</Option>
<Option name="cmdline"/>
<Option name="compiler"/>
<Option name="configure_interfaces">True</Option>
<Option name="debug">False</Option>
<Option name="eliminate_duplicates">True</Option>
<Option name="firewall_dir">/etc</Option>
<Option name="freebsd_ip_forward">1</Option>
<Option name="freebsd_path_ipf"/>
<Option name="freebsd_path_ipnat"/>
<Option name="freebsd_path_sysctl"/>
<Option name="ignore_empty_groups">False</Option>
<Option name="in_out_code">True</Option>
<Option name="ipf_log_body">False</Option>
<Option name="ipf_log_facility"/>
<Option name="ipf_log_level"/>
<Option name="ipf_log_or_block">False</Option>
<Option name="ipf_nat_ftp_proxy">False</Option>
<Option name="ipf_nat_h323_proxy">False</Option>
<Option name="ipf_nat_ipsec_proxy">False</Option>
<Option name="ipf_nat_raudio_proxy">False</Option>
<Option name="ipf_nat_rcmd_proxy">False</Option>
<Option name="ipf_return_icmp_as_dest">False</Option>
<Option name="log_prefix">RULE %N -- %A </Option>
<Option name="loopback_interface">lo0</Option>
<Option name="manage_virtual_addr">True</Option>
<Option name="optimize">False</Option>
<Option name="pass_all_out">False</Option>
<Option name="snmp_contact"/>
<Option name="snmp_description"/>
<Option name="snmp_location"/>
</FirewallOptions>
</Firewall>
<Firewall id="id424A636E" host_OS="freebsd" lastCompiled="1157929209" lastInstalled="0" lastModified="0" platform="ipf" version="" name="firewall5" comment="Dynamic interface ppp0" ro="False">
<NAT id="id424A63A6" name="NAT" comment="" ro="False" ipv4_rule_set="False" ipv6_rule_set="False" top_rule_set="True">
<NATRule id="id424A63A7" disabled="False" position="0" action="Translate" comment="">
<OSrc neg="False">
<ObjectRef ref="net-Internal_net"/>
</OSrc>
<ODst neg="False">
<ObjectRef ref="sysid0"/>
</ODst>
<OSrv neg="False">
<ServiceRef ref="sysid1"/>
</OSrv>
<TSrc neg="False">
<ObjectRef ref="id424A636E"/>
</TSrc>
<TDst neg="False">
<ObjectRef ref="sysid0"/>
</TDst>
<TSrv neg="False">
<ServiceRef ref="sysid1"/>
</TSrv>
<NATRuleOptions/>
</NATRule>
<NATRule id="id424A63B5" disabled="False" position="1" action="Translate" comment="">
<OSrc neg="False">
<ObjectRef ref="net-Internal_net"/>
</OSrc>
<ODst neg="False">
<ObjectRef ref="sysid0"/>
</ODst>
<OSrv neg="False">
<ServiceRef ref="sysid1"/>
</OSrv>
<TSrc neg="False">
<ObjectRef ref="id424A642A"/>
</TSrc>
<TDst neg="False">
<ObjectRef ref="sysid0"/>
</TDst>
<TSrv neg="False">
<ServiceRef ref="sysid1"/>
</TSrv>
<NATRuleOptions/>
</NATRule>
<NATRule id="id424A63C3" disabled="False" position="2" action="Translate" comment="">
<OSrc neg="False">
<ObjectRef ref="net-Internal_net"/>
</OSrc>
<ODst neg="False">
<ObjectRef ref="sysid0"/>
</ODst>
<OSrv neg="False">
<ServiceRef ref="sysid1"/>
</OSrv>
<TSrc neg="False">
<ObjectRef ref="id424A642F"/>
</TSrc>
<TDst neg="False">
<ObjectRef ref="sysid0"/>
</TDst>
<TSrv neg="False">
<ServiceRef ref="sysid1"/>
</TSrv>
<NATRuleOptions/>
</NATRule>
<NATRule id="id424A63D1" disabled="False" position="3" action="Translate" comment="">
<OSrc neg="False">
<ObjectRef ref="sysid0"/>
</OSrc>
<ODst neg="False">
<ObjectRef ref="id424A636E"/>
</ODst>
<OSrv neg="False">
<ServiceRef ref="tcp-SSH"/>
</OSrv>
<TSrc neg="False">
<ObjectRef ref="sysid0"/>
</TSrc>
<TDst neg="False">
<ObjectRef ref="id3D58227A"/>
</TDst>
<TSrv neg="False">
<ServiceRef ref="sysid1"/>
</TSrv>
<NATRuleOptions/>
</NATRule>
<NATRule id="id424A63DF" disabled="False" position="4" action="Translate" comment="">
<OSrc neg="False">
<ObjectRef ref="sysid0"/>
</OSrc>
<ODst neg="False">
<ObjectRef ref="id424A636E"/>
</ODst>
<OSrv neg="False">
<ServiceRef ref="tcp-SSH"/>
</OSrv>
<TSrc neg="False">
<ObjectRef ref="sysid0"/>
</TSrc>
<TDst neg="False">
<ObjectRef ref="id3D58227E"/>
</TDst>
<TSrv neg="False">
<ServiceRef ref="sysid1"/>
</TSrv>
<NATRuleOptions/>
</NATRule>
<NATRule id="id424A63ED" disabled="False" position="5" action="Translate" comment="">
<OSrc neg="False">
<ObjectRef ref="sysid0"/>
</OSrc>
<ODst neg="False">
<ObjectRef ref="id424A636E"/>
</ODst>
<OSrv neg="False">
<ServiceRef ref="tcp-SSH"/>
</OSrv>
<TSrc neg="False">
<ObjectRef ref="sysid0"/>
</TSrc>
<TDst neg="False">
<ObjectRef ref="id3D582282"/>
</TDst>
<TSrv neg="False">
<ServiceRef ref="sysid1"/>
</TSrv>
<NATRuleOptions/>
</NATRule>
<NATRule id="id424A63FB" disabled="False" position="6" action="Translate" comment="">
<OSrc neg="False">
<ObjectRef ref="sysid0"/>
</OSrc>
<ODst neg="False">
<ObjectRef ref="id424A636E"/>
</ODst>
<OSrv neg="False">
<ServiceRef ref="tcp-SSH"/>
</OSrv>
<TSrc neg="False">
<ObjectRef ref="sysid0"/>
</TSrc>
<TDst neg="False">
<ObjectRef ref="id3D582283"/>
</TDst>
<TSrv neg="False">
<ServiceRef ref="sysid1"/>
</TSrv>
<NATRuleOptions/>
</NATRule>
<NATRule id="id424A6409" disabled="False" position="7" action="Translate" comment="">
<OSrc neg="False">
<ObjectRef ref="sysid0"/>
</OSrc>
<ODst neg="False">
<ObjectRef ref="id424A642A"/>
</ODst>
<OSrv neg="False">
<ServiceRef ref="tcp-SSH"/>
</OSrv>
<TSrc neg="False">
<ObjectRef ref="sysid0"/>
</TSrc>
<TDst neg="False">
<ObjectRef ref="id3D582283"/>
</TDst>
<TSrv neg="False">
<ServiceRef ref="sysid1"/>
</TSrv>
<NATRuleOptions/>
</NATRule>
<NATRule id="id424A6417" disabled="False" position="8" action="Translate" comment="">
<OSrc neg="False">
<ObjectRef ref="sysid0"/>
</OSrc>
<ODst neg="False">
<ObjectRef ref="id424A6430"/>
</ODst>
<OSrv neg="False">
<ServiceRef ref="tcp-SSH"/>
</OSrv>
<TSrc neg="False">
<ObjectRef ref="sysid0"/>
</TSrc>
<TDst neg="False">
<ObjectRef ref="id3D582283"/>
</TDst>
<TSrv neg="False">
<ServiceRef ref="sysid1"/>
</TSrv>
<NATRuleOptions/>
</NATRule>
<RuleSetOptions/>
</NAT>
<Policy id="id424A6373" name="Policy" comment="" ro="False" ipv4_rule_set="False" ipv6_rule_set="False" top_rule_set="True">
<PolicyRule id="id424A6374" disabled="False" log="False" position="0" action="Accept" direction="Both" comment="">
<Src neg="False">
<ObjectRef ref="sysid0"/>
</Src>
<Dst neg="False">
<ObjectRef ref="id424A636E"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="tcp-SSH"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="sysid0"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions/>
</PolicyRule><PolicyRule id="id424A96DA" disabled="False" log="False" position="1" action="Accept" direction="Both" comment="">
<Src neg="False">
<ObjectRef ref="sysid0"/>
</Src>
<Dst neg="False">
<ObjectRef ref="id424A6436"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="tcp-SSH"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="sysid0"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions/>
</PolicyRule><PolicyRule id="id424A637E" disabled="False" log="False" position="2" action="Accept" direction="Both" comment="">
<Src neg="False">
<ObjectRef ref="sysid0"/>
</Src>
<Dst neg="False">
<ObjectRef ref="id424A642A"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="tcp-SSH"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="sysid0"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions/>
</PolicyRule><PolicyRule id="id424A6388" disabled="False" log="False" position="3" action="Accept" direction="Both" comment="">
<Src neg="False">
<ObjectRef ref="sysid0"/>
</Src>
<Dst neg="False">
<ObjectRef ref="id424A642F"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="tcp-SSH"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="sysid0"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions/>
</PolicyRule><PolicyRule id="id424A6392" disabled="False" log="False" position="4" action="Accept" direction="Both" comment="">
<Src neg="False">
<ObjectRef ref="sysid0"/>
</Src>
<Dst neg="False">
<ObjectRef ref="id424A6430"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="tcp-SSH"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="sysid0"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions/>
</PolicyRule><PolicyRule id="id424A639C" disabled="False" log="True" position="5" action="Deny" direction="Both" comment="">
<Src neg="False">
<ObjectRef ref="sysid0"/>
</Src>
<Dst neg="False">
<ObjectRef ref="sysid0"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="sysid1"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="sysid0"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions>
<Option name="stateless">True</Option>
</PolicyRuleOptions>
</PolicyRule><RuleSetOptions/></Policy>
<Routing id="id424A636E-routing" name="Routing" comment="" ro="False" ipv4_rule_set="False" ipv6_rule_set="False" top_rule_set="True"><RuleSetOptions/>
</Routing>
<Interface id="id424A6425" dyn="False" label="" security_level="100" unnum="False" unprotected="False" name="eth0" comment="" ro="False">
<IPv4 id="id424A6429" name="firewall5:eth0:ip" comment="" ro="False" address="192.168.1.1" netmask="255.255.255.0"/>
<InterfaceOptions/>
</Interface>
<Interface id="id424A642A" dyn="False" label="" security_level="0" unnum="False" unprotected="False" name="eth1" comment="" ro="False">
<IPv4 id="id424A642F" name="firewall5:eth1:ip1" comment="" ro="False" address="33.33.33.33" netmask="255.255.255.0"/>
<IPv4 id="id424A6430" name="firewall5:eth1:ip2" comment="" ro="False" address="33.33.33.34" netmask="255.255.255.0"/>
<InterfaceOptions/>
</Interface>
<Interface id="id424A6431" dyn="False" label="" mgmt="False" security_level="0" unnum="False" unprotected="False" name="lo" comment="" ro="False">
<IPv4 id="id424A6435" name="firewall5:lo:ip" comment="" ro="False" address="127.0.0.1" netmask="255.0.0.0"/>
<InterfaceOptions/>
</Interface>
<Interface id="id424A6436" dyn="True" label="" mgmt="False" security_level="0" unnum="False" unprotected="False" name="ppp0" comment="" ro="False">
<InterfaceOptions/>
</Interface>
<Management address="33.33.33.33">
<SNMPManagement enabled="False" snmp_read_community="" snmp_write_community=""/>
<FWBDManagement enabled="True" identity="" port="9999"/>
<PolicyInstallScript arguments="" command="" enabled="False"/>
</Management>
<FirewallOptions>
<Option name="accept_new_tcp_with_no_syn">False</Option>
<Option name="action_on_reject">ICMP host prohibited</Option>
<Option name="activationCmd"/>
<Option name="admUser"/>
<Option name="altAddress"/>
<Option name="check_shading">False</Option>
<Option name="cmdline"/>
<Option name="compiler"/>
<Option name="configure_interfaces">False</Option>
<Option name="debug">False</Option>
<Option name="dynAddr">True</Option>
<Option name="eliminate_duplicates">True</Option>
<Option name="epilog_script"/>
<Option name="firewall_dir">/etc</Option>
<Option name="freebsd_ip_forward">1</Option>
<Option name="freebsd_path_ipf"/>
<Option name="freebsd_path_ipnat"/>
<Option name="freebsd_path_sysctl"/>
<Option name="ignore_empty_groups">False</Option>
<Option name="in_out_code">True</Option>
<Option name="ipf_log_body">False</Option>
<Option name="ipf_log_facility"/>
<Option name="ipf_log_level"/>
<Option name="ipf_log_or_block">False</Option>
<Option name="ipf_nat_ftp_proxy">False</Option>
<Option name="ipf_nat_h323_proxy">False</Option>
<Option name="ipf_nat_ipsec_proxy">False</Option>
<Option name="ipf_nat_raudio_proxy">False</Option>
<Option name="ipf_nat_rcmd_proxy">False</Option>
<Option name="ipf_return_icmp_as_dest">False</Option>
<Option name="manage_virtual_addr">False</Option>
<Option name="mgmt_addr"/>
<Option name="mgmt_ssh">False</Option>
<Option name="optimize">False</Option>
<Option name="output_file"/>
<Option name="pass_all_out">False</Option>
<Option name="prolog_script"/>
<Option name="snmp_contact"/>
<Option name="snmp_description"/>
<Option name="snmp_location"/>
</FirewallOptions>
</Firewall>
<Firewall id="id43867C1018346" host_OS="freebsd" lastCompiled="1157929202" lastInstalled="0" lastModified="0" platform="ipf" version="" name="firewall33" comment="testing DNSName object" ro="False">
<NAT id="id43867C4818346" name="NAT" comment="" ro="False" ipv4_rule_set="False" ipv6_rule_set="False" top_rule_set="True">
<NATRule id="id43876E2618346" disabled="False" position="0" action="Translate" comment="">
<OSrc neg="False">
<ObjectRef ref="sysid0"/>
</OSrc>
<ODst neg="False">
<ObjectRef ref="id43869E8C18346"/>
</ODst>
<OSrv neg="False">
<ServiceRef ref="sysid1"/>
</OSrv>
<TSrc neg="False">
<ObjectRef ref="id43867C5818346"/>
</TSrc>
<TDst neg="False">
<ObjectRef ref="sysid0"/>
</TDst>
<TSrv neg="False">
<ServiceRef ref="sysid1"/>
</TSrv>
<NATRuleOptions/>
</NATRule>
<NATRule id="id43876E5218346" disabled="False" position="1" action="Translate" comment="">
<OSrc neg="False">
<ObjectRef ref="sysid0"/>
</OSrc>
<ODst neg="False">
<ObjectRef ref="id43869E8D18346"/>
</ODst>
<OSrv neg="False">
<ServiceRef ref="sysid1"/>
</OSrv>
<TSrc neg="False">
<ObjectRef ref="id43867C5818346"/>
</TSrc>
<TDst neg="False">
<ObjectRef ref="sysid0"/>
</TDst>
<TSrv neg="False">
<ServiceRef ref="sysid1"/>
</TSrv>
<NATRuleOptions/>
</NATRule>
<NATRule id="id43876E6918346" disabled="False" position="2" action="Translate" comment="">
<OSrc neg="False">
<ObjectRef ref="sysid0"/>
</OSrc>
<ODst neg="False">
<ObjectRef ref="id43869E8D18346"/>
<ObjectRef ref="id4387287A18346"/>
</ODst>
<OSrv neg="False">
<ServiceRef ref="sysid1"/>
</OSrv>
<TSrc neg="False">
<ObjectRef ref="id43867C5818346"/>
</TSrc>
<TDst neg="False">
<ObjectRef ref="sysid0"/>
</TDst>
<TSrv neg="False">
<ServiceRef ref="sysid1"/>
</TSrv>
<NATRuleOptions/>
</NATRule>
<NATRule id="id43876E7B18346" disabled="True" position="3" action="Translate" comment="">
<OSrc neg="False">
<ObjectRef ref="sysid0"/>
</OSrc>
<ODst neg="True">
<ObjectRef ref="id43869E8D18346"/>
<ObjectRef ref="id4387287A18346"/>
</ODst>
<OSrv neg="False">
<ServiceRef ref="sysid1"/>
</OSrv>
<TSrc neg="False">
<ObjectRef ref="id43867C5818346"/>
</TSrc>
<TDst neg="False">
<ObjectRef ref="sysid0"/>
</TDst>
<TSrv neg="False">
<ServiceRef ref="sysid1"/>
</TSrv>
<NATRuleOptions/>
</NATRule>
<RuleSetOptions/>
</NAT>
<Policy id="id43867C1618346" name="Policy" comment="" ro="False" ipv4_rule_set="False" ipv6_rule_set="False" top_rule_set="True">
<PolicyRule id="id43867C2418346" disabled="False" log="False" position="0" action="Accept" direction="Both" comment="">
<Src neg="False">
<ObjectRef ref="id43869E8C18346"/>
</Src>
<Dst neg="False">
<ObjectRef ref="sysid0"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="sysid1"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="sysid0"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions/>
</PolicyRule><PolicyRule id="id43869E9018346" disabled="False" log="False" position="1" action="Accept" direction="Both" comment="">
<Src neg="False">
<ObjectRef ref="id43869E8D18346"/>
</Src>
<Dst neg="False">
<ObjectRef ref="sysid0"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="sysid1"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="sysid0"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions/>
</PolicyRule><PolicyRule id="id43869E9E18346" disabled="False" log="False" position="2" action="Accept" direction="Both" comment="">
<Src neg="False">
<ObjectRef ref="id43869E8E18346"/>
</Src>
<Dst neg="False">
<ObjectRef ref="sysid0"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="sysid1"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="sysid0"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions/>
</PolicyRule><PolicyRule id="id43869EAA18346" disabled="False" log="False" position="3" action="Accept" direction="Both" comment="">
<Src neg="False">
<ObjectRef ref="id43869E8F18346"/>
</Src>
<Dst neg="False">
<ObjectRef ref="sysid0"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="sysid1"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="sysid0"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions/>
</PolicyRule><PolicyRule id="id4386E38318346" disabled="False" log="False" position="4" action="Deny" direction="Both" comment="">
<Src neg="False">
<ObjectRef ref="sysid0"/>
</Src>
<Dst neg="True">
<ObjectRef ref="id43869E8C18346"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="sysid1"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="sysid0"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions>
<Option name="stateless">True</Option>
</PolicyRuleOptions>
</PolicyRule><PolicyRule id="id4386E37718346" disabled="False" log="False" position="5" action="Deny" direction="Both" comment="">
<Src neg="False">
<ObjectRef ref="sysid0"/>
</Src>
<Dst neg="True">
<ObjectRef ref="id43869E8D18346"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="sysid1"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="sysid0"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions>
<Option name="stateless">True</Option>
</PolicyRuleOptions>
</PolicyRule><PolicyRule id="id43867C3018346" disabled="False" log="False" position="6" action="Accept" direction="Both" comment="">
<Src neg="False">
<ObjectRef ref="sysid0"/>
</Src>
<Dst neg="True">
<ObjectRef ref="id43869E8E18346"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="sysid1"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="sysid0"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions/>
</PolicyRule><PolicyRule id="id4386C10D18346" disabled="False" log="False" position="7" action="Accept" direction="Both" comment="">
<Src neg="False">
<ObjectRef ref="sysid0"/>
</Src>
<Dst neg="True">
<ObjectRef ref="id43869E8F18346"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="sysid1"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="sysid0"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions/>
</PolicyRule><PolicyRule id="id438728A918346" disabled="False" log="False" position="8" action="Accept" direction="Both" comment="">
<Src neg="False">
<ObjectRef ref="sysid0"/>
</Src>
<Dst neg="True">
<ObjectRef ref="id43869E8C18346"/>
<ObjectRef ref="id4387287918346"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="sysid1"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="sysid0"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions/>
</PolicyRule><PolicyRule id="id438728BA18346" disabled="False" log="False" position="9" action="Accept" direction="Both" comment="">
<Src neg="False">
<ObjectRef ref="sysid0"/>
</Src>
<Dst neg="True">
<ObjectRef ref="id43869E8D18346"/>
<ObjectRef ref="id4387287A18346"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="sysid1"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="sysid0"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions/>
</PolicyRule><PolicyRule id="id438728CD18346" disabled="False" log="False" position="10" action="Accept" direction="Both" comment="">
<Src neg="False">
<ObjectRef ref="sysid0"/>
</Src>
<Dst neg="True">
<ObjectRef ref="id43869E8C18346"/>
<ObjectRef ref="id4387287A18346"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="sysid1"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="sysid0"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions/>
</PolicyRule><PolicyRule id="id43867C3C18346" disabled="False" log="True" position="11" action="Deny" direction="Both" comment="">
<Src neg="False">
<ObjectRef ref="sysid0"/>
</Src>
<Dst neg="False">
<ObjectRef ref="sysid0"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="sysid1"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="sysid0"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions>
<Option name="stateless">True</Option>
</PolicyRuleOptions>
</PolicyRule><RuleSetOptions/></Policy>
<Routing id="id43867C5718346" name="Routing" comment="" ro="False" ipv4_rule_set="False" ipv6_rule_set="False" top_rule_set="True"><RuleSetOptions/>
</Routing>
<Interface id="id43867C5818346" dyn="True" label="" mgmt="False" security_level="0" unnum="False" unprotected="False" name="eth0.100" comment="VLAN interface" ro="False">
<InterfaceOptions/>
</Interface>
<Interface id="id43867C5918346" dyn="False" security_level="100" unnum="False" unprotected="False" name="lo" comment="" ro="False">
<IPv4 id="id43867C5B18346" name="firewall33:lo:ip" comment="" ro="False" address="127.0.0.1" netmask="255.0.0.0"/>
<InterfaceOptions/>
</Interface>
<Interface id="id43867C5C18346" dyn="False" label="" mgmt="True" security_level="100" unnum="False" unprotected="False" name="eth1" comment="" ro="False">
<IPv4 id="id43867C5E18346" name="firewall33:eth1:ip" comment="" ro="False" address="192.168.1.100" netmask="255.255.255.0"/>
<InterfaceOptions/>
</Interface>
<Management address="192.168.1.100">
<SNMPManagement enabled="False" snmp_read_community="public" snmp_write_community=""/>
<FWBDManagement enabled="True" identity="" port="9999"/>
<PolicyInstallScript arguments="" command="" enabled="False"/>
</Management>
<FirewallOptions>
<Option name="accept_established">True</Option>
<Option name="accept_new_tcp_with_no_syn">True</Option>
<Option name="action_on_reject">ICMP net unreachable</Option>
<Option name="activationCmd"/>
<Option name="admUser"/>
<Option name="altAddress"/>
<Option name="bridging_fw">False</Option>
<Option name="check_shading">False</Option>
<Option name="clamp_mss_to_mtu">False</Option>
<Option name="cmdline"/>
<Option name="compiler"/>
<Option name="configure_interfaces">True</Option>
<Option name="debug">False</Option>
<Option name="drop_invalid">False</Option>
<Option name="dyn_addr">False</Option>
<Option name="epilog_script"/>
<Option name="firewall_dir"/>
<Option name="firewall_is_part_of_any">True</Option>
<Option name="firewall_is_part_of_any_and_networks">True</Option>
<Option name="ignore_empty_groups">False</Option>
<Option name="inst_cmdline"/>
<Option name="inst_script"/>
<Option name="install_script"/>
<Option name="limit_suffix">/day</Option>
<Option name="limit_value">0</Option>
<Option name="linux24_accept_redirects"/>
<Option name="linux24_accept_source_route"/>
<Option name="linux24_icmp_echo_ignore_all"/>
<Option name="linux24_icmp_echo_ignore_broadcasts"/>
<Option name="linux24_icmp_ignore_bogus_error_responses"/>
<Option name="linux24_ip_dynaddr"/>
<Option name="linux24_ip_forward"/>
<Option name="linux24_log_martians"/>
<Option name="linux24_path_ip"/>
<Option name="linux24_path_iptables"/>
<Option name="linux24_path_logger"/>
<Option name="linux24_path_lsmod"/>
<Option name="linux24_path_modprobe"/>
<Option name="linux24_rp_filter"/>
<Option name="linux24_tcp_ecn"/>
<Option name="linux24_tcp_fack"/>
<Option name="linux24_tcp_fin_timeout">30</Option>
<Option name="linux24_tcp_keepalive_interval">1800</Option>
<Option name="linux24_tcp_sack"/>
<Option name="linux24_tcp_syncookies"/>
<Option name="linux24_tcp_timestamps"/>
<Option name="linux24_tcp_window_scaling"/>
<Option name="load_modules">False</Option>
<Option name="local_nat">False</Option>
<Option name="log_all">False</Option>
<Option name="log_all_dropped">False</Option>
<Option name="log_invalid">False</Option>
<Option name="log_ip_opt">False</Option>
<Option name="log_level">debug</Option>
<Option name="log_limit_suffix">/second</Option>
<Option name="log_limit_value">0</Option>
<Option name="log_prefix">RULE %N -- %A on %I </Option>
<Option name="log_tcp_opt">False</Option>
<Option name="log_tcp_seq">False</Option>
<Option name="manage_virtual_addr">True</Option>
<Option name="mgmt_addr"/>
<Option name="mgmt_ssh">False</Option>
<Option name="no_iochains_for_any">False</Option>
<Option name="no_optimisation">False</Option>
<Option name="output_file"/>
<Option name="platform">iptables</Option>
<Option name="prolog_place">top</Option>
<Option name="prolog_script"/>
<Option name="proxy_arp">False</Option>
<Option name="script_env_path"/>
<Option name="snmp_contact"/>
<Option name="snmp_description"/>
<Option name="snmp_location"/>
<Option name="sshArgs"/>
<Option name="ulog_cprange">0</Option>
<Option name="ulog_nlgroup">1</Option>
<Option name="ulog_qthreshold">1</Option>
<Option name="use_ULOG">False</Option>
<Option name="use_ip_tool">False</Option>
<Option name="use_iptables_restore">False</Option>
<Option name="use_numeric_log_levels">False</Option>
<Option name="verify_interfaces">False</Option>
</FirewallOptions>
</Firewall>
<Firewall id="id4389EDAE18346" host_OS="freebsd" lastCompiled="1157929203" lastInstalled="0" lastModified="0" platform="ipf" version="" name="firewall34" comment="testing AddressTable object" ro="False">
<NAT id="id4389EE4818346" name="NAT" comment="" ro="False" ipv4_rule_set="False" ipv6_rule_set="False" top_rule_set="True">
<NATRule id="id4389EEB018346" disabled="True" position="0" action="Translate" comment="">
<OSrc neg="True">
<ObjectRef ref="id4389EE9118346"/>
</OSrc>
<ODst neg="False">
<ObjectRef ref="id4389EE8418346"/>
</ODst>
<OSrv neg="False">
<ServiceRef ref="tcp-SMTP"/>
</OSrv>
<TSrc neg="False">
<ObjectRef ref="sysid0"/>
</TSrc>
<TDst neg="False">
<ObjectRef ref="id43913DCB25682"/>
</TDst>
<TSrv neg="False">
<ServiceRef ref="sysid1"/>
</TSrv>
<NATRuleOptions/>
</NATRule>
<NATRule id="id43891B6E674" disabled="True" position="1" action="Translate" comment="">
<OSrc neg="False">
<ObjectRef ref="id43913DEA25682"/>
</OSrc>
<ODst neg="True">
<ObjectRef ref="id4389EE9118346"/>
</ODst>
<OSrv neg="False">
<ServiceRef ref="sysid1"/>
</OSrv>
<TSrc neg="False">
<ObjectRef ref="id4389EE8418346"/>
</TSrc>
<TDst neg="False">
<ObjectRef ref="sysid0"/>
</TDst>
<TSrv neg="False">
<ServiceRef ref="sysid1"/>
</TSrv>
<NATRuleOptions/>
</NATRule>
<RuleSetOptions/>
</NAT>
<Policy id="id4389EDB418346" name="Policy" comment="" ro="False" ipv4_rule_set="False" ipv6_rule_set="False" top_rule_set="True">
<PolicyRule id="id4389EDB518346" disabled="False" log="False" position="0" action="Accept" direction="Both" comment="">
<Src neg="False">
<ObjectRef ref="sysid0"/>
</Src>
<Dst neg="False">
<ObjectRef ref="id4389EE9018346"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="sysid1"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="sysid0"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions/>
</PolicyRule><PolicyRule id="id4388CFEA674" disabled="True" log="True" position="1" action="Deny" direction="Both" comment="">
<Src neg="False">
<ObjectRef ref="sysid0"/>
</Src>
<Dst neg="False">
<ObjectRef ref="id4389EE9118346"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="sysid1"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="sysid0"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions>
<Option name="stateless">True</Option>
</PolicyRuleOptions>
</PolicyRule><PolicyRule id="id4390C25825682" disabled="True" log="True" position="2" action="Deny" direction="Both" comment="">
<Src neg="False">
<ObjectRef ref="sysid0"/>
</Src>
<Dst neg="False">
<ObjectRef ref="id4390C25525682"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="sysid1"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="sysid0"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions>
<Option name="stateless">True</Option>
</PolicyRuleOptions>
</PolicyRule><PolicyRule id="id4389EDC118346" disabled="True" log="False" position="3" action="Deny" direction="Both" comment="">
<Src neg="False">
<ObjectRef ref="sysid0"/>
</Src>
<Dst neg="False">
<ObjectRef ref="id4389EE9118346"/>
<ObjectRef ref="id4388C37D674"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="tcp-SMTP"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="sysid0"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions>
<Option name="stateless">True</Option>
</PolicyRuleOptions>
</PolicyRule><PolicyRule id="id4388CFF8674" disabled="True" log="True" position="4" action="Deny" direction="Both" comment="">
<Src neg="False">
<ObjectRef ref="id4389EE9118346"/>
</Src>
<Dst neg="False">
<ObjectRef ref="sysid0"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="sysid1"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="sysid0"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions>
<Option name="stateless">True</Option>
</PolicyRuleOptions>
</PolicyRule><PolicyRule id="id4388C36F674" disabled="True" log="True" position="5" action="Deny" direction="Both" comment="">
<Src neg="False">
<ObjectRef ref="id4389EE9118346"/>
<ObjectRef ref="id4388C37D674"/>
</Src>
<Dst neg="False">
<ObjectRef ref="sysid0"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="sysid1"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="sysid0"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions>
<Option name="stateless">True</Option>
</PolicyRuleOptions>
</PolicyRule><PolicyRule id="id4388F5A9674" disabled="True" log="False" position="6" action="Accept" direction="Both" comment="">
<Src neg="True">
<ObjectRef ref="id4389EE9118346"/>
<ObjectRef ref="id4388C37D674"/>
</Src>
<Dst neg="False">
<ObjectRef ref="sysid0"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="sysid1"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="sysid0"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions/>
</PolicyRule><PolicyRule id="id4389EEA118346" disabled="False" log="False" position="7" action="Accept" direction="Both" comment="">
<Src neg="False">
<ObjectRef ref="sysid0"/>
</Src>
<Dst neg="False">
<ObjectRef ref="id43913DCB25682"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="tcp-SMTP"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="sysid0"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions/>
</PolicyRule><PolicyRule id="id4389EDCD18346" disabled="False" log="False" position="8" action="Accept" direction="Both" comment="">
<Src neg="False">
<ObjectRef ref="id43913DEA25682"/>
</Src>
<Dst neg="False">
<ObjectRef ref="sysid0"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="sysid1"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="sysid0"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions/>
</PolicyRule><PolicyRule id="id4389EE3C18346" disabled="False" log="True" position="9" action="Deny" direction="Both" comment="">
<Src neg="False">
<ObjectRef ref="sysid0"/>
</Src>
<Dst neg="False">
<ObjectRef ref="sysid0"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="sysid1"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="sysid0"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions>
<Option name="stateless">True</Option>
</PolicyRuleOptions>
</PolicyRule><RuleSetOptions/></Policy>
<Routing id="id4389EE8318346" name="Routing" comment="" ro="False" ipv4_rule_set="False" ipv6_rule_set="False" top_rule_set="True"><RuleSetOptions/>
</Routing>
<Interface id="id4389EE8418346" dyn="True" label="" mgmt="False" security_level="0" unnum="False" unprotected="False" name="eth0.100" comment="VLAN interface" ro="False">
<InterfaceOptions/>
</Interface>
<Interface id="id4389EE8518346" dyn="False" security_level="100" unnum="False" unprotected="False" name="lo" comment="" ro="False">
<IPv4 id="id4389EE8718346" name="firewall34:lo:ip" comment="" ro="False" address="127.0.0.1" netmask="255.0.0.0"/>
<InterfaceOptions/>
</Interface>
<Interface id="id4389EE8818346" dyn="False" label="" mgmt="True" security_level="100" unnum="False" unprotected="False" name="eth1" comment="" ro="False">
<IPv4 id="id4389EE8A18346" name="firewall34:eth1:ip" comment="" ro="False" address="192.168.1.100" netmask="255.255.255.0"/>
<InterfaceOptions/>
</Interface>
<Management address="192.168.1.100">
<SNMPManagement enabled="False" snmp_read_community="public" snmp_write_community=""/>
<FWBDManagement enabled="True" identity="" port="9999"/>
<PolicyInstallScript arguments="" command="" enabled="False"/>
</Management>
<FirewallOptions>
<Option name="accept_established">True</Option>
<Option name="accept_new_tcp_with_no_syn">True</Option>
<Option name="action_on_reject">ICMP net unreachable</Option>
<Option name="activationCmd"/>
<Option name="admUser"/>
<Option name="altAddress"/>
<Option name="bridging_fw">False</Option>
<Option name="check_shading">False</Option>
<Option name="clamp_mss_to_mtu">False</Option>
<Option name="cmdline"/>
<Option name="compiler"/>
<Option name="configure_interfaces">True</Option>
<Option name="debug">False</Option>
<Option name="drop_invalid">False</Option>
<Option name="dyn_addr">False</Option>
<Option name="epilog_script"/>
<Option name="firewall_dir"/>
<Option name="firewall_is_part_of_any">True</Option>
<Option name="firewall_is_part_of_any_and_networks">True</Option>
<Option name="ignore_empty_groups">False</Option>
<Option name="inst_cmdline"/>
<Option name="inst_script"/>
<Option name="install_script"/>
<Option name="limit_suffix">/day</Option>
<Option name="limit_value">0</Option>
<Option name="linux24_accept_redirects"/>
<Option name="linux24_accept_source_route"/>
<Option name="linux24_icmp_echo_ignore_all"/>
<Option name="linux24_icmp_echo_ignore_broadcasts"/>
<Option name="linux24_icmp_ignore_bogus_error_responses"/>
<Option name="linux24_ip_dynaddr"/>
<Option name="linux24_ip_forward"/>
<Option name="linux24_log_martians"/>
<Option name="linux24_path_ip"/>
<Option name="linux24_path_iptables"/>
<Option name="linux24_path_logger"/>
<Option name="linux24_path_lsmod"/>
<Option name="linux24_path_modprobe"/>
<Option name="linux24_rp_filter"/>
<Option name="linux24_tcp_ecn"/>
<Option name="linux24_tcp_fack"/>
<Option name="linux24_tcp_fin_timeout">30</Option>
<Option name="linux24_tcp_keepalive_interval">1800</Option>
<Option name="linux24_tcp_sack"/>
<Option name="linux24_tcp_syncookies"/>
<Option name="linux24_tcp_timestamps"/>
<Option name="linux24_tcp_window_scaling"/>
<Option name="load_modules">False</Option>
<Option name="local_nat">False</Option>
<Option name="log_all">False</Option>
<Option name="log_all_dropped">False</Option>
<Option name="log_invalid">False</Option>
<Option name="log_ip_opt">False</Option>
<Option name="log_level">debug</Option>
<Option name="log_limit_suffix">/second</Option>
<Option name="log_limit_value">0</Option>
<Option name="log_prefix">RULE %N -- %A on %I </Option>
<Option name="log_tcp_opt">False</Option>
<Option name="log_tcp_seq">False</Option>
<Option name="manage_virtual_addr">True</Option>
<Option name="mgmt_addr"/>
<Option name="mgmt_ssh">False</Option>
<Option name="no_iochains_for_any">False</Option>
<Option name="no_optimisation">False</Option>
<Option name="output_file"/>
<Option name="platform">iptables</Option>
<Option name="prolog_place">top</Option>
<Option name="prolog_script"/>
<Option name="proxy_arp">False</Option>
<Option name="script_env_path"/>
<Option name="snmp_contact"/>
<Option name="snmp_description"/>
<Option name="snmp_location"/>
<Option name="sshArgs"/>
<Option name="ulog_cprange">0</Option>
<Option name="ulog_nlgroup">1</Option>
<Option name="ulog_qthreshold">1</Option>
<Option name="use_ULOG">False</Option>
<Option name="use_ip_tool">False</Option>
<Option name="use_iptables_restore">False</Option>
<Option name="use_numeric_log_levels">False</Option>
<Option name="verify_interfaces">False</Option>
</FirewallOptions>
</Firewall>
<Firewall id="id43F7C93131168" host_OS="freebsd" lastCompiled="1157929205" lastInstalled="0" lastModified="0" platform="ipf" version="" name="firewall35" comment="Testing action Custom" ro="False">
<NAT id="id43F7C99A31168" name="NAT" comment="" ro="False" ipv4_rule_set="False" ipv6_rule_set="False" top_rule_set="True">
<NATRule id="id43F7C99B31168" disabled="False" position="0" action="Translate" comment="">
<OSrc neg="False">
<ObjectRef ref="net-Internal_net"/>
</OSrc>
<ODst neg="False">
<ObjectRef ref="sysid0"/>
</ODst>
<OSrv neg="False">
<ServiceRef ref="sysid1"/>
</OSrv>
<TSrc neg="False">
<ObjectRef ref="id43F7C93131168"/>
</TSrc>
<TDst neg="False">
<ObjectRef ref="sysid0"/>
</TDst>
<TSrv neg="False">
<ServiceRef ref="sysid1"/>
</TSrv>
<NATRuleOptions/>
</NATRule>
<NATRule id="id43F7C9A931168" disabled="False" position="1" action="Translate" comment="">
<OSrc neg="False">
<ObjectRef ref="net-Internal_net"/>
</OSrc>
<ODst neg="False">
<ObjectRef ref="sysid0"/>
</ODst>
<OSrv neg="False">
<ServiceRef ref="sysid1"/>
</OSrv>
<TSrc neg="False">
<ObjectRef ref="id43F7CA2B31168"/>
</TSrc>
<TDst neg="False">
<ObjectRef ref="sysid0"/>
</TDst>
<TSrv neg="False">
<ServiceRef ref="sysid1"/>
</TSrv>
<NATRuleOptions/>
</NATRule>
<NATRule id="id43F7C9B731168" disabled="False" position="2" action="Translate" comment="">
<OSrc neg="False">
<ObjectRef ref="net-Internal_net"/>
</OSrc>
<ODst neg="False">
<ObjectRef ref="sysid0"/>
</ODst>
<OSrv neg="False">
<ServiceRef ref="sysid1"/>
</OSrv>
<TSrc neg="False">
<ObjectRef ref="sysid0"/>
</TSrc>
<TDst neg="False">
<ObjectRef ref="sysid0"/>
</TDst>
<TSrv neg="False">
<ServiceRef ref="sysid1"/>
</TSrv>
<NATRuleOptions/>
</NATRule>
<NATRule id="id43F7C9C531168" disabled="False" position="3" action="Translate" comment="">
<OSrc neg="False">
<ObjectRef ref="sysid0"/>
</OSrc>
<ODst neg="False">
<ObjectRef ref="id43F7C93131168"/>
</ODst>
<OSrv neg="False">
<ServiceRef ref="tcp-SSH"/>
</OSrv>
<TSrc neg="False">
<ObjectRef ref="sysid0"/>
</TSrc>
<TDst neg="False">
<ObjectRef ref="id3D58227A"/>
</TDst>
<TSrv neg="False">
<ServiceRef ref="sysid1"/>
</TSrv>
<NATRuleOptions/>
</NATRule>
<NATRule id="id43F7C9D331168" disabled="False" position="4" action="Translate" comment="">
<OSrc neg="False">
<ObjectRef ref="sysid0"/>
</OSrc>
<ODst neg="False">
<ObjectRef ref="id43F7C93131168"/>
</ODst>
<OSrv neg="False">
<ServiceRef ref="tcp-SSH"/>
</OSrv>
<TSrc neg="False">
<ObjectRef ref="sysid0"/>
</TSrc>
<TDst neg="False">
<ObjectRef ref="id3D58227E"/>
</TDst>
<TSrv neg="False">
<ServiceRef ref="sysid1"/>
</TSrv>
<NATRuleOptions/>
</NATRule>
<NATRule id="id43F7C9E131168" disabled="False" position="5" action="Translate" comment="">
<OSrc neg="False">
<ObjectRef ref="sysid0"/>
</OSrc>
<ODst neg="False">
<ObjectRef ref="id43F7C93131168"/>
</ODst>
<OSrv neg="False">
<ServiceRef ref="tcp-SSH"/>
</OSrv>
<TSrc neg="False">
<ObjectRef ref="sysid0"/>
</TSrc>
<TDst neg="False">
<ObjectRef ref="id43F7CA2831168"/>
</TDst>
<TSrv neg="False">
<ServiceRef ref="sysid1"/>
</TSrv>
<NATRuleOptions/>
</NATRule>
<NATRule id="id43F7C9EF31168" disabled="False" position="6" action="Translate" comment="">
<OSrc neg="False">
<ObjectRef ref="sysid0"/>
</OSrc>
<ODst neg="False">
<ObjectRef ref="id43F7C93131168"/>
</ODst>
<OSrv neg="False">
<ServiceRef ref="tcp-SSH"/>
</OSrv>
<TSrc neg="False">
<ObjectRef ref="sysid0"/>
</TSrc>
<TDst neg="False">
<ObjectRef ref="id3D582283"/>
</TDst>
<TSrv neg="False">
<ServiceRef ref="sysid1"/>
</TSrv>
<NATRuleOptions/>
</NATRule>
<NATRule id="id43F7C9FD31168" disabled="False" position="7" action="Translate" comment="">
<OSrc neg="False">
<ObjectRef ref="sysid0"/>
</OSrc>
<ODst neg="False">
<ObjectRef ref="id43F7CA2B31168"/>
</ODst>
<OSrv neg="False">
<ServiceRef ref="tcp-SSH"/>
</OSrv>
<TSrc neg="False">
<ObjectRef ref="sysid0"/>
</TSrc>
<TDst neg="False">
<ObjectRef ref="id3D582283"/>
</TDst>
<TSrv neg="False">
<ServiceRef ref="sysid1"/>
</TSrv>
<NATRuleOptions/>
</NATRule>
<NATRule id="id43F7CA0B31168" disabled="False" position="8" action="Translate" comment="">
<OSrc neg="False">
<ObjectRef ref="sysid0"/>
</OSrc>
<ODst neg="False">
<ObjectRef ref="id43F7CA2B31168"/>
</ODst>
<OSrv neg="False">
<ServiceRef ref="tcp-SSH"/>
</OSrv>
<TSrc neg="False">
<ObjectRef ref="sysid0"/>
</TSrc>
<TDst neg="False">
<ObjectRef ref="id43F7CA2831168"/>
</TDst>
<TSrv neg="False">
<ServiceRef ref="sysid1"/>
</TSrv>
<NATRuleOptions/>
</NATRule>
<NATRule id="id43F7CA1931168" disabled="False" position="9" action="Translate" comment="">
<OSrc neg="False">
<ObjectRef ref="sysid0"/>
</OSrc>
<ODst neg="False">
<ObjectRef ref="sysid0"/>
</ODst>
<OSrv neg="False">
<ServiceRef ref="tcp-SSH"/>
</OSrv>
<TSrc neg="False">
<ObjectRef ref="sysid0"/>
</TSrc>
<TDst neg="False">
<ObjectRef ref="id3D582283"/>
</TDst>
<TSrv neg="False">
<ServiceRef ref="sysid1"/>
</TSrv>
<NATRuleOptions/>
</NATRule>
<RuleSetOptions/>
</NAT>
<Policy id="id43F7C93731168" name="Policy" comment="" ro="False" ipv4_rule_set="False" ipv6_rule_set="False" top_rule_set="True">
<PolicyRule id="id43F7C93831168" disabled="False" log="False" position="0" action="Custom" direction="Inbound" comment="">
<Src neg="False">
<ObjectRef ref="net-Internal_net"/>
</Src>
<Dst neg="False">
<ObjectRef ref="sysid0"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="sysid1"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="id43F7CA2B31168"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions>
<Option name="action_on_reject"/>
<Option name="classify_str"/>
<Option name="custom_str">auth</Option>
<Option name="ipfw_classify_method">2</Option>
<Option name="ipfw_pipe_port_num">0</Option>
<Option name="ipfw_pipe_queue_num">0</Option>
<Option name="rule_name_accounting"/>
<Option name="stateless">True</Option>
<Option name="tagvalue"/>
</PolicyRuleOptions>
</PolicyRule><PolicyRule id="id43F7D90631168" disabled="False" log="False" position="1" action="Custom" direction="Inbound" comment="">
<Src neg="True">
<ObjectRef ref="net-Internal_net"/>
</Src>
<Dst neg="False">
<ObjectRef ref="sysid0"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="sysid1"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="id43F7CA2B31168"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions>
<Option name="action_on_reject"/>
<Option name="classify_str"/>
<Option name="custom_str">auth</Option>
<Option name="ipfw_classify_method">2</Option>
<Option name="ipfw_pipe_port_num">0</Option>
<Option name="ipfw_pipe_queue_num">0</Option>
<Option name="rule_name_accounting"/>
<Option name="stateless">True</Option>
<Option name="tagvalue"/>
</PolicyRuleOptions>
</PolicyRule><PolicyRule id="id43F7D91731168" disabled="False" log="False" position="2" action="Accept" direction="Inbound" comment="">
<Src neg="False">
<ObjectRef ref="net-Internal_net"/>
</Src>
<Dst neg="False">
<ObjectRef ref="sysid0"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="sysid1"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="id43F7CA2B31168"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions/>
</PolicyRule><PolicyRule id="id43F7C98E31168" disabled="False" log="True" position="3" action="Deny" direction="Both" comment="">
<Src neg="False">
<ObjectRef ref="sysid0"/>
</Src>
<Dst neg="False">
<ObjectRef ref="sysid0"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="sysid1"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="sysid0"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions>
<Option name="stateless">True</Option>
</PolicyRuleOptions>
</PolicyRule><RuleSetOptions/></Policy>
<Routing id="id43F7CA2731168" name="Routing" comment="" ro="False" ipv4_rule_set="False" ipv6_rule_set="False" top_rule_set="True"><RuleSetOptions/>
</Routing>
<Interface id="id43F7CA2831168" dyn="False" label="" mgmt="False" security_level="100" unnum="False" unprotected="False" name="le0" comment="" ro="False">
<IPv4 id="id43F7CA2A31168" name="firewall35:le0:ip" comment="" ro="False" address="192.168.1.1" netmask="255.255.255.0"/>
<InterfaceOptions/>
</Interface>
<Interface id="id43F7CA2B31168" dyn="False" label="" mgmt="False" security_level="0" unnum="False" unprotected="False" name="le1" comment="" ro="False">
<IPv4 id="id43F7CA2D31168" name="firewall35:le1:ip" comment="" ro="False" address="22.22.22.22" netmask="255.255.255.0"/>
<InterfaceOptions/>
</Interface>
<Interface id="id43F7CA2E31168" dyn="False" label="" mgmt="False" security_level="100" unnum="False" unprotected="False" name="lo0" comment="" ro="False">
<IPv4 id="id43F7CA3031168" name="firewall35:lo0:ip" comment="" ro="False" address="127.0.0.1" netmask="255.0.0.0"/>
<InterfaceOptions/>
</Interface>
<Management address="22.22.22.22">
<SNMPManagement enabled="False" snmp_read_community="" snmp_write_community=""/>
<FWBDManagement enabled="True" identity="" port="9999"/>
<PolicyInstallScript arguments="" command="" enabled="False"/>
</Management>
<FirewallOptions>
<Option name="action_on_reject">ICMP host prohibited</Option>
<Option name="check_shading">False</Option>
<Option name="cmdline"/>
<Option name="compiler"/>
<Option name="debug">False</Option>
<Option name="eliminate_duplicates">True</Option>
<Option name="firewall_dir">/etc</Option>
<Option name="freebsd_ip_forward">1</Option>
<Option name="freebsd_path_ipf"/>
<Option name="freebsd_path_ipnat"/>
<Option name="freebsd_path_sysctl"/>
<Option name="ignore_empty_groups">False</Option>
<Option name="in_out_code">True</Option>
<Option name="ipf_log_body">False</Option>
<Option name="ipf_log_facility"/>
<Option name="ipf_log_level"/>
<Option name="ipf_log_or_block">False</Option>
<Option name="ipf_nat_ftp_proxy">False</Option>
<Option name="ipf_nat_h323_proxy">False</Option>
<Option name="ipf_nat_ipsec_proxy">False</Option>
<Option name="ipf_nat_raudio_proxy">False</Option>
<Option name="ipf_nat_rcmd_proxy">False</Option>
<Option name="ipf_return_icmp_as_dest">False</Option>
<Option name="manage_virtual_addr">False</Option>
<Option name="pass_all_out">False</Option>
<Option name="snmp_contact"/>
<Option name="snmp_description"/>
<Option name="snmp_location"/>
</FirewallOptions>
</Firewall>
</ObjectGroup>
<IntervalGroup id="stdid11_1" name="Time" comment="" ro="False"/>
</Library>
<Library id="id40C3E07E" color="#FFFFFF" name="SFO" comment="" ro="True">
<ObjectGroup id="id40C3E07F_clusters" name="Clusters" comment="" ro="False"/>
<ObjectGroup id="id40C3E07F" name="Objects" comment="" ro="False">
<ObjectGroup id="id40C3E07F_og_ats_1" name="Address Tables" comment="" ro="False"/>
<ObjectGroup id="id40C3E081" name="Groups" comment="" ro="False">
<ObjectGroup id="id40E23562" name="SFO Servers" comment="" ro="False">
<ObjectRef ref="id40E238E9"/>
<ObjectRef ref="id40E238E8"/>
</ObjectGroup>
</ObjectGroup>
<ObjectGroup id="id40C3E080" name="Addresses" comment="" ro="False">
<IPv4 id="id40E238E9" name="sfoweb1" comment="" ro="False" address="10.2.10.11" netmask="255.255.255.255"/>
<IPv4 id="id40E238E8" name="sfoftp1" comment="" ro="False" address="10.2.10.10" netmask="255.255.255.255"/>
</ObjectGroup>
<ObjectGroup id="id4386560618752" name="DNS Names" comment="" ro="False"/>
<ObjectGroup id="id4386560718752" name="Hosts" comment="" ro="False"/>
<ObjectGroup id="id4386560818752" name="Networks" comment="" ro="False"/>
<ObjectGroup id="id4386560918752" name="Address Ranges" comment="" ro="False"/>
</ObjectGroup>
<ServiceGroup id="id4386560A18752" name="Services" comment="" ro="False">
<ServiceGroup id="id4386560A18752_og_tag_1" name="TagServices" comment="" ro="False"/>
<ServiceGroup id="id4386560B18752" name="Groups" comment="" ro="False"/>
<ServiceGroup id="id4386560C18752" name="ICMP" comment="" ro="False"/>
<ServiceGroup id="id4386560D18752" name="IP" comment="" ro="False"/>
<ServiceGroup id="id4386560E18752" name="TCP" comment="" ro="False"/>
<ServiceGroup id="id4386560F18752" name="UDP" comment="" ro="False"/>
<ServiceGroup id="id4386561018752" name="Custom" comment="" ro="False"/>
<ServiceGroup id="id4386560A18752_userservices" name="Users" comment="" ro="False"/>
</ServiceGroup>
<ObjectGroup id="id4386561118752" name="Firewalls" comment="" ro="False"/>
<IntervalGroup id="id4386561218752" name="Time" comment="" ro="False"/>
</Library>
<Library id="id4387B43718346" color="#FFFFFF" name="transfer" comment="" ro="False">
<ObjectGroup id="id4387B43818346_clusters" name="Clusters" comment="" ro="False"/>
<ObjectGroup id="id4387B43818346" name="Objects" comment="" ro="False">
<ObjectGroup id="id4387B43918346" name="Addresses" comment="" ro="False"/>
<ObjectGroup id="id4387B43A18346" name="DNS Names" comment="" ro="False"/>
<ObjectGroup id="id4387B43B18346" name="Address Tables" comment="" ro="False"/>
<ObjectGroup id="id4387B43C18346" name="Groups" comment="" ro="False"/>
<ObjectGroup id="id4387B43D18346" name="Hosts" comment="" ro="False"/>
<ObjectGroup id="id4387B43E18346" name="Networks" comment="" ro="False"/>
<ObjectGroup id="id4387B43F18346" name="Address Ranges" comment="" ro="False"/>
</ObjectGroup>
<ServiceGroup id="id4387B44018346" name="Services" comment="" ro="False">
<ServiceGroup id="id4387B44018346_og_tag_1" name="TagServices" comment="" ro="False"/>
<ServiceGroup id="id4387B44118346" name="Groups" comment="" ro="False"/>
<ServiceGroup id="id4387B44218346" name="ICMP" comment="" ro="False"/>
<ServiceGroup id="id4387B44318346" name="IP" comment="" ro="False"/>
<ServiceGroup id="id4387B44418346" name="TCP" comment="" ro="False"/>
<ServiceGroup id="id4387B44518346" name="UDP" comment="" ro="False"/>
<ServiceGroup id="id4387B44618346" name="Custom" comment="" ro="False"/>
<ServiceGroup id="id4387B44018346_userservices" name="Users" comment="" ro="False"/>
</ServiceGroup>
<ObjectGroup id="id4387B44718346" name="Firewalls" comment="" ro="False"/>
<IntervalGroup id="id4387B44818346" name="Time" comment="" ro="False"/>
</Library>
<Library id="syslib000" color="#d4f8ff" name="Standard" comment="Standard objects" ro="True">
<ServiceGroup id="stdid05" name="Services" comment="" ro="False">
<ServiceGroup id="stdid06" name="IP" comment="" ro="False">
<IPService id="ip-IPSEC" fragm="False" lsrr="False" protocol_num="50" rr="False" short_fragm="False" ssrr="False" ts="False" name="ESP" comment="IPSEC Encapsulating Security Payload Protocol" ro="False"/>
<IPService id="ip-IP_Fragments" fragm="False" lsrr="False" protocol_num="0" rr="False" short_fragm="True" ssrr="False" ts="False" name="ip_fragments" comment="'Short' fragments" ro="False"/>
<IPService id="ip-RR" fragm="False" lsrr="False" protocol_num="0" rr="True" short_fragm="False" ssrr="False" ts="False" name="RR" comment="Route recording packets" ro="False"/>
<IPService id="ip-SRR" fragm="False" lsrr="True" protocol_num="0" rr="False" short_fragm="False" ssrr="True" ts="False" name="SRR" comment="All sorts of Source Routing Packets" ro="False"/>
</ServiceGroup>
<ServiceGroup id="stdid09" name="TCP" comment="" ro="False">
<TCPService id="tcp-Auth" ack_flag="False" ack_flag_mask="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="auth" comment="" ro="False" src_range_start="0" src_range_end="0" dst_range_start="113" dst_range_end="113"/>
<TCPService id="tcp-DNS_zone_transf" ack_flag="False" ack_flag_mask="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="dns-tcp" comment="" ro="False" src_range_start="0" src_range_end="0" dst_range_start="53" dst_range_end="53"/>
<TCPService id="tcp-FTP" ack_flag="False" ack_flag_mask="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="ftp" comment="" ro="False" src_range_start="0" src_range_end="0" dst_range_start="21" dst_range_end="21"/>
<TCPService id="tcp-HTTP" ack_flag="False" ack_flag_mask="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="http" comment="" ro="False" src_range_start="0" src_range_end="0" dst_range_start="80" dst_range_end="80"/>
<TCPService id="tcp-NNTP" ack_flag="False" ack_flag_mask="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="nntp" comment="" ro="False" src_range_start="0" src_range_end="0" dst_range_start="119" dst_range_end="119"/>
<TCPService id="tcp-SMTP" ack_flag="False" ack_flag_mask="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="smtp" comment="" ro="False" src_range_start="0" src_range_end="0" dst_range_start="25" dst_range_end="25"/>
<TCPService id="tcp-SSH" ack_flag="False" ack_flag_mask="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="ssh" comment="" ro="False" src_range_start="0" src_range_end="0" dst_range_start="22" dst_range_end="22"/>
<TCPService id="tcp-Telnet" ack_flag="False" ack_flag_mask="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="telnet" comment="" ro="False" src_range_start="0" src_range_end="0" dst_range_start="23" dst_range_end="23"/>
<TCPService id="tcp-uucp" ack_flag="False" ack_flag_mask="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="uucp" comment="" ro="False" src_range_start="0" src_range_end="0" dst_range_start="540" dst_range_end="540"/>
<TCPService id="id3AEDBE6E" ack_flag="False" ack_flag_mask="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="daytime" comment="" ro="False" src_range_start="0" src_range_end="0" dst_range_start="13" dst_range_end="13"/>
<TCPService id="id3B4FEDA3" ack_flag="False" ack_flag_mask="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="eklogin" comment="" ro="False" src_range_start="0" src_range_end="0" dst_range_start="2105" dst_range_end="2105"/>
<TCPService id="id3B4FED69" ack_flag="False" ack_flag_mask="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="https" comment="" ro="False" src_range_start="0" src_range_end="0" dst_range_start="443" dst_range_end="443"/>
<TCPService id="id3AECF776" ack_flag="False" ack_flag_mask="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="imap" comment="" ro="False" src_range_start="0" src_range_end="0" dst_range_start="143" dst_range_end="143"/>
<TCPService id="id3B4FED9F" ack_flag="False" ack_flag_mask="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="imaps" comment="" ro="False" src_range_start="0" src_range_end="0" dst_range_start="993" dst_range_end="993"/>
<TCPService id="id3B4FF13C" ack_flag="False" ack_flag_mask="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="irc" comment="" ro="False" src_range_start="0" src_range_end="0" dst_range_start="6667" dst_range_end="6667"/>
<TCPService id="id3B4FEE21" ack_flag="False" ack_flag_mask="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="klogin" comment="" ro="False" src_range_start="0" src_range_end="0" dst_range_start="543" dst_range_end="543"/>
<TCPService id="id3B4FEE23" ack_flag="False" ack_flag_mask="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="ksh" comment="" ro="False" src_range_start="0" src_range_end="0" dst_range_start="544" dst_range_end="544"/>
<TCPService id="id3AECF778" ack_flag="False" ack_flag_mask="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="ldap" comment="" ro="False" src_range_start="0" src_range_end="0" dst_range_start="389" dst_range_end="389"/>
<TCPService id="id3B4FF000" ack_flag="False" ack_flag_mask="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="linuxconf" comment="" ro="False" src_range_start="0" src_range_end="0" dst_range_start="98" dst_range_end="98"/>
<TCPService id="id3B4FEEEE" ack_flag="False" ack_flag_mask="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="mysql" comment="" ro="False" src_range_start="0" src_range_end="0" dst_range_start="3306" dst_range_end="3306"/>
<TCPService id="id3B4FEE7A" ack_flag="False" ack_flag_mask="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="nfs" comment="" ro="False" src_range_start="0" src_range_end="0" dst_range_start="2049" dst_range_end="2049"/>
<TCPService id="id3B4FEE1D" ack_flag="False" ack_flag_mask="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="pop3" comment="" ro="False" src_range_start="0" src_range_end="0" dst_range_start="110" dst_range_end="110"/>
<TCPService id="id3B4FF0EA" ack_flag="False" ack_flag_mask="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="postgres" comment="" ro="False" src_range_start="0" src_range_end="0" dst_range_start="5432" dst_range_end="5432"/>
<TCPService id="id3AECF782" ack_flag="False" ack_flag_mask="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="printer" comment="" ro="False" src_range_start="0" src_range_end="0" dst_range_start="515" dst_range_end="515"/>
<TCPService id="id3B4FEF7C" ack_flag="False" ack_flag_mask="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="quake" comment="" ro="False" src_range_start="0" src_range_end="0" dst_range_start="26000" dst_range_end="26000"/>
<TCPService id="id3AECF77A" ack_flag="False" ack_flag_mask="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="rexec" comment="" ro="False" src_range_start="0" src_range_end="0" dst_range_start="512" dst_range_end="512"/>
<TCPService id="id3AECF77C" ack_flag="False" ack_flag_mask="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="rlogin" comment="" ro="False" src_range_start="0" src_range_end="0" dst_range_start="513" dst_range_end="513"/>
<TCPService id="id3AECF77E" ack_flag="False" ack_flag_mask="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="rshell" comment="" ro="False" src_range_start="0" src_range_end="0" dst_range_start="514" dst_range_end="514"/>
<TCPService id="id3B4FEF34" ack_flag="False" ack_flag_mask="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="rwhois" comment="" ro="False" src_range_start="0" src_range_end="0" dst_range_start="4321" dst_range_end="4321"/>
<TCPService id="id3B4FF04C" ack_flag="False" ack_flag_mask="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="smtps" comment="" ro="False" src_range_start="0" src_range_end="0" dst_range_start="465" dst_range_end="465"/>
<TCPService id="id3B4FEE76" ack_flag="False" ack_flag_mask="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="socks" comment="" ro="False" src_range_start="0" src_range_end="0" dst_range_start="1080" dst_range_end="1080"/>
<TCPService id="id3AEDBE00" ack_flag="False" ack_flag_mask="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="sunrpc" comment="" ro="False" src_range_start="0" src_range_end="0" dst_range_start="111" dst_range_end="111"/>
<TCPService id="id3B4FF1B8" ack_flag="False" ack_flag_mask="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="xfs" comment="" ro="False" src_range_start="0" src_range_end="0" dst_range_start="7100" dst_range_end="7100"/>
<TCPService id="tcp-TCP-SYN" ack_flag="False" ack_flag_mask="True" fin_flag="False" fin_flag_mask="True" psh_flag="False" psh_flag_mask="True" rst_flag="False" rst_flag_mask="True" syn_flag="True" syn_flag_mask="True" urg_flag="False" urg_flag_mask="True" name="tcp-syn" comment="" ro="False" src_range_start="0" src_range_end="0" dst_range_start="0" dst_range_end="0"/>
<TCPService id="id3B4FF09A" ack_flag="False" ack_flag_mask="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="squid" comment="" ro="False" src_range_start="0" src_range_end="0" dst_range_start="3128" dst_range_end="3128"/>
<TCPService id="id3AEDBEAC" ack_flag="False" ack_flag_mask="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="H323" comment="" ro="False" src_range_start="0" src_range_end="0" dst_range_start="1720" dst_range_end="1720"/>
<TCPService id="tcp-All_TCP" ack_flag="False" ack_flag_mask="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="All TCP" comment="" ro="False" src_range_start="0" src_range_end="0" dst_range_start="0" dst_range_end="0"/>
</ServiceGroup>
<ServiceGroup id="stdid08" name="UDP" comment="" ro="False">
<UDPService id="udp-DNS" name="domain" comment="" ro="False" src_range_start="0" src_range_end="0" dst_range_start="53" dst_range_end="53"/>
<UDPService id="udp-SNMP" name="snmp" comment="" ro="False" src_range_start="0" src_range_end="0" dst_range_start="161" dst_range_end="161"/>
<UDPService id="udp-bootpc" name="bootpc" comment="" ro="False" src_range_start="0" src_range_end="0" dst_range_start="68" dst_range_end="68"/>
</ServiceGroup>
<ServiceGroup id="stdid10" name="Groups" comment="" ro="False">
<ServiceGroup id="sg-Useful_ICMP" name="Useful_ICMP" comment="" ro="False">
<ServiceRef ref="icmp-Time_exceeded"/>
<ServiceRef ref="icmp-Time_exceeded_in_transit"/>
<ServiceRef ref="icmp-ping_reply"/>
<ServiceRef ref="icmp-Unreachables"/>
</ServiceGroup>
</ServiceGroup>
<ServiceGroup id="stdid07" name="ICMP" comment="" ro="False">
<ICMPService id="icmp-ping_request" code="0" type="8" name="ping request" comment="" ro="False"/>
<ICMPService id="icmp-Unreachables" code="-1" type="3" name="all ICMP unreachables" comment="" ro="False"/>
<ICMPService id="icmp-Time_exceeded" code="0" type="11" name="time exceeded" comment="ICMP messages of this type are needed for traceroute" ro="False"/>
<ICMPService id="icmp-Time_exceeded_in_transit" code="1" type="11" name="time exceeded in transit" comment="" ro="False"/>
<ICMPService id="icmp-ping_reply" code="0" type="0" name="ping reply" comment="" ro="False"/>
</ServiceGroup>
</ServiceGroup>
<AnyNetwork id="sysid0" name="Any" comment="Any Network" ro="False" address="0.0.0.0" netmask="0.0.0.0"/>
<AnyInterval id="sysid2" days_of_week="0,1,2,3,4,5,6" from_day="-1" from_hour="-1" from_minute="-1" from_month="-1" from_weekday="-1" from_year="-1" to_day="-1" to_hour="-1" to_minute="-1" to_month="-1" to_weekday="-1" to_year="-1" name="Any" comment="Any Interval" ro="False"/>
<AnyIPService id="sysid1" protocol_num="0" name="Any" comment="Any IP Service" ro="False"/>
<IntervalGroup id="stdid11" name="Time" comment="" ro="False">
<Interval id="int-afterhours" days_of_week="0,1,2,3,4,5,6" from_day="-1" from_hour="18" from_minute="0" from_month="-1" from_weekday="-1" from_year="-1" to_day="-1" to_hour="23" to_minute="59" to_month="-1" to_weekday="-1" to_year="-1" name="afterhours" comment="any day 6:00pm - 12:00am" ro="False"/>
<Interval id="id3C63479C" days_of_week="6" from_day="-1" from_hour="0" from_minute="0" from_month="-1" from_weekday="6" from_year="-1" to_day="-1" to_hour="23" to_minute="59" to_month="-1" to_weekday="6" to_year="-1" name="Sat" comment="" ro="False"/>
<Interval id="id3C63479E" days_of_week="0" from_day="-1" from_hour="0" from_minute="0" from_month="-1" from_weekday="0" from_year="-1" to_day="-1" to_hour="23" to_minute="59" to_month="-1" to_weekday="0" to_year="-1" name="Sun" comment="" ro="False"/>
</IntervalGroup>
</Library>
</FWObjectDatabase>
Reference in New Issue View Git Blame Copy Permalink