mirror of
https://github.com/fwbuilder/fwbuilder
synced 2026-03-19 01:37:17 +01:00
126b561e32
with service set to "http" and destination set to asa firewall object should generate different command syntax". Policy rules that have firewall object in Destination and http object in Service now generate "http" commands. This is similar to how fwbuilder generates "ssh", "telnet" and "icmp" commands to permit corresponding services to the firewall itself.
116 lines
1.7 KiB
Plaintext
Executable File
116 lines
1.7 KiB
Plaintext
Executable File
!
|
|
! This is automatically generated file. DO NOT MODIFY !
|
|
!
|
|
! Firewall Builder fwb_pix v4.2.0.3522
|
|
!
|
|
! Generated Fri Apr 8 18:06:00 2011 PDT by vadim
|
|
!
|
|
! Compiled for pix 8.3
|
|
! Outbound ACLs: supported
|
|
! Emulate outbound ACLs: yes
|
|
! Generating outbound ACLs: no
|
|
! Assume firewall is part of any: yes
|
|
!
|
|
!# files: * firewall94.fw
|
|
!
|
|
! test using address ranges in policy rule
|
|
|
|
|
|
|
|
!
|
|
! Prolog script:
|
|
!
|
|
|
|
!
|
|
! End of prolog script:
|
|
!
|
|
|
|
|
|
|
|
|
|
interface Ethernet0/0
|
|
nameif outside
|
|
security-level 0
|
|
exit
|
|
|
|
interface Ethernet0/1
|
|
nameif inside
|
|
security-level 100
|
|
exit
|
|
|
|
|
|
no logging buffered
|
|
no logging console
|
|
no logging timestamp
|
|
no logging on
|
|
|
|
|
|
|
|
telnet timeout -1
|
|
|
|
clear config ssh
|
|
aaa authentication ssh console LOCAL
|
|
ssh timeout -1
|
|
|
|
clear config snmp-server
|
|
no snmp-server enable traps
|
|
|
|
clear config ntp
|
|
|
|
|
|
no service resetinbound
|
|
no service resetoutside
|
|
no sysopt connection timewait
|
|
no sysopt nodnsalias inbound
|
|
no sysopt nodnsalias outbound
|
|
|
|
|
|
class-map inspection_default
|
|
match default-inspection-traffic
|
|
|
|
policy-map global_policy
|
|
|
|
service-policy global_policy global
|
|
|
|
|
|
|
|
clear config access-list
|
|
clear config icmp
|
|
clear config telnet
|
|
clear config object-group
|
|
clear config object
|
|
|
|
|
|
object network inside-range-1.0
|
|
range 10.0.0.5 10.0.0.10
|
|
exit
|
|
|
|
object network inside-range-2.0
|
|
range 10.0.0.8 10.0.0.15
|
|
exit
|
|
|
|
object-group network id26782X14355.src.net.0
|
|
network-object object inside-range-1.0
|
|
network-object object inside-range-2.0
|
|
exit
|
|
|
|
!################
|
|
!
|
|
! Rule 0 (global)
|
|
access-list inside_acl_in remark 0 (global)
|
|
access-list inside_acl_in deny ip object-group id26782X14355.src.net.0 any log 6 interval 300
|
|
|
|
|
|
access-group inside_acl_in in interface inside
|
|
|
|
|
|
|
|
|
|
|
|
!
|
|
! Epilog script:
|
|
!
|
|
|
|
! End of epilog script:
|
|
!
|