onkelbeh/fwbuilder
1
0
Fork 0
mirror of https://github.com/fwbuilder/fwbuilder synced 2026-03-19 01:37:17 +01:00
Code Issues Releases Wiki Activity
fwbuilder/test/pix/firewall6.fw.orig
Vadim Kurland 126b561e32 * PolicyCompiler_cisco.cpp (processNext): see #2308 "ASA rules 
with service set to "http" and destination set to asa firewall
object should generate different command syntax". Policy rules
that have firewall object in Destination and http object in
Service now generate "http" commands. This is similar to how
fwbuilder generates "ssh", "telnet" and "icmp" commands to permit
corresponding services to the firewall itself.
2011-04-08 18:08:56 -07:00

125 lines
2.1 KiB
Plaintext
Executable File
Raw Blame History

!
! This is automatically generated file. DO NOT MODIFY !
!
! Firewall Builder fwb_pix v4.2.0.3522
!
! Generated Fri Apr 8 18:05:56 2011 PDT by vadim
!
! Compiled for pix 6.2
! Outbound ACLs: not supported
! Emulate outbound ACLs: yes
! Generating outbound ACLs: no
! Assume firewall is part of any: yes
!
!# files: * firewall6.fw
!
! testing rule with firewall in dst and negation
!
! Prolog script:
!
!
! End of prolog script:
!
nameif eth0 inside security100
nameif eth1 outside security0
nameif eth2 dmz security50
logging host outside 10.3.14.30
logging queue 512
logging facility 20
logging trap 4
logging buffered 5
logging console 0
logging timestamp
logging on
timeout xlate 3:0:0
timeout conn 1:0:0
timeout udp 0:2:0
timeout rpc 0:10:0
timeout h323 0:5:0
timeout sip 0:30:0
timeout sip_media 0:0:0
timeout uauth 2:0:0 absolute
clear ssh
aaa authentication ssh console LOCAL
clear snmp-server
no snmp-server enable traps
clear ntp
no service resetinbound
no service resetoutside
no sysopt connection timewait
no sysopt security fragguard
no sysopt nodnsalias inbound
no sysopt nodnsalias outbound
no sysopt route dnat
floodguard disable
clear xlate
clear static
clear global
clear nat
clear access-list
clear icmp
clear telnet
!################
!
! Rule 0 (eth1)
access-list outside_acl_in deny ip any host 22.22.22.22
!
! Rule 1 (global)
access-list inside_acl_in deny ip any host 192.168.1.1
access-list outside_acl_in deny ip any host 22.22.22.22
access-list dmz_acl_in deny ip any host 192.168.2.1
access-group dmz_acl_in in interface dmz
access-group inside_acl_in in interface inside
access-group outside_acl_in in interface outside
!
! Rule 0 (NAT)
static (inside,dmz) 192.168.10.0 192.168.10.0 netmask 255.255.255.0
static (inside,dmz) 192.168.20.0 192.168.20.0 netmask 255.255.255.0
!
! Rule 1 (NAT)
static (inside,outside) 192.168.1.1 192.168.1.1 netmask 255.255.255.255
!
! Rule 2 (NAT)
global (outside) 1 interface
nat (inside) 1 192.168.1.10 255.255.255.255 0 0
!
! Epilog script:
!
! End of epilog script:
!
Reference in New Issue View Git Blame Copy Permalink