onkelbeh/fwbuilder
1
0
Fork 0
mirror of https://github.com/fwbuilder/fwbuilder synced 2026-03-19 01:37:17 +01:00
Code Issues Releases Wiki Activity
fwbuilder/test/pix/firewall92.fw.orig
Vadim Kurland 126b561e32 * PolicyCompiler_cisco.cpp (processNext): see #2308 "ASA rules 
with service set to "http" and destination set to asa firewall
object should generate different command syntax". Policy rules
that have firewall object in Destination and http object in
Service now generate "http" commands. This is similar to how
fwbuilder generates "ssh", "telnet" and "icmp" commands to permit
corresponding services to the firewall itself.
2011-04-08 18:08:56 -07:00

170 lines
3.2 KiB
Plaintext
Executable File
Raw Blame History

!
! This is automatically generated file. DO NOT MODIFY !
!
! Firewall Builder fwb_pix v4.2.0.3522
!
! Generated Fri Apr 8 18:05:59 2011 PDT by vadim
!
! Compiled for pix 8.3
! Outbound ACLs: supported
! Emulate outbound ACLs: yes
! Generating outbound ACLs: no
! Assume firewall is part of any: yes
!
!# files: * firewall92.fw
!
! testing new style ASA 8.3 nat commands
! no-nat rules ("identity nat")
!
! Prolog script:
!
!
! End of prolog script:
!
interface FastEthernet0
nameif inside
security-level 100
exit
interface FastEthernet1
nameif outside
security-level 0
exit
no logging buffered
no logging console
no logging timestamp
no logging on
timeout xlate 3:0:0
timeout conn 1:0:0
timeout udp 0:2:0
timeout sunrpc 0:10:0
timeout h323 0:5:0
timeout sip 0:30:0
timeout sip_media 0:0:0
timeout half-closed 0:0:0
timeout uauth 2:0:0 absolute
clear config ssh
aaa authentication ssh console LOCAL
clear config snmp-server
no snmp-server enable traps
clear config ntp
no service resetinbound
no service resetoutside
no sysopt connection timewait
no sysopt nodnsalias inbound
no sysopt nodnsalias outbound
class-map inspection_default
match default-inspection-traffic
policy-map global_policy
class inspection_default
service-policy global_policy global
policy-map type inspect ip-options ip-options-map
parameters
eool action allow
router-alert action clear
clear xlate
clear config nat
clear config access-list
clear config icmp
clear config telnet
clear config object-group
clear config object
object service http.0
service tcp destination eq 80
exit
object service smtp.0
service tcp destination eq 25
exit
object network spamhost1.0
host 61.150.47.112
exit
object network hostA:eth0.0
host 192.168.1.10
exit
object network Internal_net.0
subnet 192.168.1.0 255.255.255.0
exit
object network internal_subnet_1.0
subnet 192.168.1.0 255.255.255.192
exit
object network internal_subnet_2.0
subnet 192.168.1.64 255.255.255.192
exit
object network test_range_1.0
range 192.168.1.11 192.168.1.15
exit
object-group network id20655X6113.osrc.net.0
network-object object internal_subnet_1.0
network-object object internal_subnet_2.0
exit
!################
!
! Rule 0 (global)
access-list inside_acl_in deny ip any any
access-list outside_acl_in deny ip any any
access-group inside_acl_in in interface inside
access-group outside_acl_in in interface outside
!
! Rule 0 (NAT)
nat (inside,outside) source static Internal_net.0 Internal_net.0 service http.0 http.0 description "0 (NAT)"
!
! Rule 1 (NAT)
nat (inside,outside) source static hostA:eth0.0 hostA:eth0.0 service smtp.0 smtp.0 description "1 (NAT)"
!
! Rule 2 (NAT)
nat (inside,outside) source static hostA:eth0.0 hostA:eth0.0 destination static spamhost1.0 spamhost1.0 service smtp.0 smtp.0 description "2 (NAT)"
!
! Rule 3 (NAT)
nat (inside,outside) source static id20655X6113.osrc.net.0 id20655X6113.osrc.net.0 service smtp.0 smtp.0 description "3 (NAT)"
!
! Rule 4 (NAT)
nat (inside,outside) source static test_range_1.0 test_range_1.0 destination static spamhost1.0 spamhost1.0 service smtp.0 smtp.0 description "4 (NAT)"
!
! Epilog script:
!
! End of epilog script:
!
Reference in New Issue View Git Blame Copy Permalink