fwbuilder/test/pix/firewall2.fw.orig

!
!  This is automatically generated file. DO NOT MODIFY !
!
!  Firewall Builder  fwb_pix v4.2.0.3470
!
!  Generated Thu Feb 10 15:07:08 2011 PST by vadim
!
! Compiled for pix 6.3
! Outbound ACLs: not supported
! Emulate outbound ACLs: yes
! Generating outbound ACLs: no
! Assume firewall is part of any: yes
!
!# files: * firewall2.fw
!
! lots of different combinations of objects in the NAT rules

! C firewall2:Policy:1: warning: Rule with direction 'Outbound' was suppressed because generation of outbound access lists is turned off in firewall object settings

!
! Prolog script:
!

!
! End of prolog script:
!




nameif eth0 inside security100

nameif eth1 outside security0

nameif eth2 dmz security50


no logging buffered
no logging console
no logging timestamp
no logging on



telnet timeout 5

clear ssh
aaa authentication ssh console LOCAL
ssh timeout 5

clear snmp-server
no snmp-server enable traps

clear ntp


no service resetinbound
no service resetoutside
no sysopt connection timewait
no sysopt nodnsalias inbound
no sysopt nodnsalias outbound
floodguard disable



clear xlate
clear static
clear global
clear nat
clear access-list
clear icmp
clear telnet
clear object-group



object-group service id3D6EF08C.srv.tcp.0 tcp
  port-object eq 80
  port-object eq 119
exit

object-group network id3D8FCCDE.src.net.0
  network-object host 192.168.1.10 
  network-object host 192.168.1.20 
exit


!################
! 
! Rule  0 (eth1)
! Anti-spoofing rule
access-list outside_acl_in deny   ip host 192.168.1.1 any log 6 interval 300
access-list outside_acl_in deny   ip host 22.22.22.22 any log 6 interval 300
access-list outside_acl_in deny   ip host 192.168.2.1 any log 6 interval 300
access-list outside_acl_in deny   ip 192.168.1.0 255.255.255.0 any log 6 interval 300
! 
! Rule  1 (eth1)
! Anti-spoofing rule
access-list inside_acl_in deny   ip 192.168.1.0 255.255.255.0 any log 6 interval 300
! 
! Rule  2 (global)
access-list inside_acl_in permit tcp any host 192.168.1.10 object-group id3D6EF08C.srv.tcp.0 
access-list outside_acl_in permit tcp any host 22.22.22.22 eq 80 
access-list outside_acl_in permit tcp any host 22.22.22.22 eq 119 
access-list outside_acl_in permit tcp any host 192.168.1.10 object-group id3D6EF08C.srv.tcp.0 
access-list dmz_acl_in permit tcp any host 192.168.1.10 object-group id3D6EF08C.srv.tcp.0 
! 
! Rule  3 (global)
access-list inside_acl_in permit ip object-group id3D8FCCDE.src.net.0 host 200.200.200.200 
! 
! Rule  4 (global)
access-list outside_acl_in permit ip host 200.200.200.200 object-group id3D8FCCDE.src.net.0 
! 
! Rule  6 (global)
access-list inside_acl_in deny   ip any any 
access-list outside_acl_in deny   ip any any 
access-list dmz_acl_in deny   ip any any 


access-group dmz_acl_in in interface dmz
access-group inside_acl_in in interface inside
access-group outside_acl_in in interface outside

! 
! Rule  0 (NAT)

access-list nat0.inside permit ip 192.168.1.0 255.255.255.0 192.168.2.0 255.255.255.0
nat (inside) 0 access-list nat0.inside
! 
! Rule  1 (NAT)
static (inside,dmz) 192.168.1.0 192.168.1.0 netmask 255.255.255.0
! 
! Rule  2 (NAT)
global (outside) 1 interface
access-list id3AFB66C8.0 permit ip 192.168.1.0 255.255.255.0  any 
global (dmz) 1 interface
! 
! 
! Rule  3 (NAT)
access-list id3AFB66C8.0 permit ip host 192.168.1.10   any 
! 
access-list id3AFB66C8.0 permit ip host 192.168.1.20   any 
! 
! 
! Rule  4 (NAT)
access-list id3AFB66C8.0 permit ip host 192.168.1.11   any 
! 
access-list id3AFB66C8.0 permit ip 192.168.1.12 255.255.255.252  any 
! 
! 
! Rule  5 (NAT)
access-list id3D1C2292.0 permit ip 192.168.2.0 255.255.255.0  any 
nat (dmz) 1 access-list id3D1C2292.0 0 0
! 
! Rule  6 (NAT)
! 
! 
! Rule  7 (NAT)
global (outside) 1 interface
! 
! 
! Rule  8 (NAT)
! 
! 
! Rule  9 (NAT)
! 
! 
! 
! Rule  10 (NAT)
global (outside) 1 22.22.22.0 netmask 255.255.255.0
! 
! 
! Rule  11 (NAT)
global (outside) 1 22.22.22.21-22.22.22.25 netmask 255.255.255.0
! 
! 
! 
! Rule  12 (NAT)
global (dmz) 1 interface
access-list id3D1C1104.0 permit ip host 192.168.1.10   192.168.2.0 255.255.255.0 
! 
! Rule  13 (NAT)
access-list id3D1C1D30.0 permit ip 192.168.1.0 255.255.255.0  192.168.2.0 255.255.255.0 
nat (inside) 1 access-list id3D1C1D30.0 0 0
! 
! Rule  14 (NAT)
! 
! 
! Rule  16 (NAT)
access-list id3D1BFFA4.0 permit ip host 192.168.1.10   any 
static (inside,outside) interface  access-list id3D1BFFA4.0 0 0
! 
! Rule  17 (NAT)
access-list id3D1C0835.0 permit tcp host 192.168.1.10  eq 6667 any 
static (inside,outside) tcp interface 6667  access-list id3D1C0835.0 0 0
! 
! Rule  18 (NAT)
access-list id16986X27842.0 permit tcp host 192.168.1.1  eq 6667 any 
static (inside,outside) tcp interface 6667  access-list id16986X27842.0 0 0
! 
! Rule  19 (NAT)
access-list id414351C7.0 permit tcp host 192.168.1.10  eq 80 any 
! 
! Rule  20 (NAT)
access-list id414351C7.0 permit tcp host 192.168.1.10  eq 80 any 
static (inside,outside) tcp interface 80  access-list id414351C7.0 0 0
! 
! Rule  21 (NAT)
access-list id3AFB69BD.0 permit ip host 192.168.1.10   any 
static (inside,outside) interface  access-list id3AFB69BD.0 0 0
! 
! Rule  22 (NAT)
access-list id3D1BFFCE.0 permit ip 192.168.1.0 255.255.255.0  any 
static (inside,outside) 22.22.22.0  access-list id3D1BFFCE.0 0 0
! 
! Rule  24 (NAT)
access-list id3D1BFFF6.0 permit ip host 192.168.1.10   192.168.2.0 255.255.255.0 
static (inside,dmz) interface  access-list id3D1BFFF6.0 0 0
! 
! Rule  25 (NAT)
access-list id3BEEF6D2.0 permit tcp host 192.168.1.10  eq 119 any 
static (inside,outside) tcp interface 119  access-list id3BEEF6D2.0 0 0
! 
! Rule  27 (NAT)
access-list id3B7313C4.0 permit tcp host 192.168.1.10  eq 3128 any 
static (inside,outside) tcp interface 80  access-list id3B7313C4.0 0 0
! 
! Rule  28 (NAT)
access-list id47B6CF3421818.0 permit tcp host 192.168.1.10  eq 3128 any 
! 
! Rule  29 (NAT)
access-list id47B6CF3421818.0 permit tcp host 192.168.1.10  eq 3128 any 
static (inside,outside) tcp interface 80  access-list id47B6CF3421818.0 0 0



!
! Epilog script:
!

! End of epilog script:
!