mirror of
https://github.com/fwbuilder/fwbuilder
synced 2026-03-19 01:37:17 +01:00
0aa3eac4d4
rule element by name after group is expanded, this helps ensure stable ordering of objects in generated configuration. * Compiler.cpp (replaceClusterInterfaceInItfRE::processNext): sorting objects in rule element after cluster interfaces have been replaced, this helps ensure stable ordering of objects in generated configuration. * FWObject.h (FWObjectNameCmpPredicate): moved this class from gui-specific module to libfwbuilder as it is universally useful. It can compare FWObject objects by name and can optionally can follow references; it can be used with std::sort() to sort lists of FWObject pointers or directly sort rule elements.
425 lines
27 KiB
Plaintext
Executable File
425 lines
27 KiB
Plaintext
Executable File
# Policy compiler errors and warnings:
|
|
# firewall:Policy:4: warning: Changing rule direction due to self reference
|
|
# firewall:Policy:8: warning: Changing rule direction due to self reference
|
|
# firewall:Policy:19: warning: Changing rule direction due to self reference
|
|
# firewall:Policy:19: warning: Changing rule direction due to self reference
|
|
# firewall:Policy:20: warning: Changing rule direction due to self reference
|
|
# firewall:Policy:: warning: ipfilter can not match "any IP option"
|
|
# firewall:Policy:: warning: ipfilter can not match "any IP option"
|
|
#
|
|
# Rule backup ssh access rule
|
|
# backup ssh access rule
|
|
pass in quick proto tcp from 192.168.1.100 to 192.168.1.1 port = 22 flags S keep state
|
|
pass in quick proto tcp from 192.168.1.100 to 222.222.222.222 port = 22 flags S keep state
|
|
#
|
|
# Rule 0 (eth1)
|
|
block in log level local0.warning quick on eth1 from any to 192.168.1.1 with short
|
|
block in log level local0.warning quick on eth1 from any to 222.222.222.222 with short
|
|
#
|
|
# Rule 1 (eth1)
|
|
# Automatically generated rule blocking short fragments
|
|
block in log level local0.warning quick on eth1 from any to any with short
|
|
#
|
|
# Rule 2 (eth1)
|
|
# Automatically generated anti-spoofing rule
|
|
block in log level local0.warning quick on eth1 from 192.168.1.1 to any
|
|
block in log level local0.warning quick on eth1 from 222.222.222.222 to any
|
|
block in log level local0.warning quick on eth1 from 192.168.1.0/24 to any
|
|
#
|
|
# Rule 3 (eth1)
|
|
# комментарий по-русски
|
|
pass in quick on eth1 proto icmp from 22.22.22.0/24 to any keep state
|
|
pass in quick on eth1 proto icmp from 33.33.33.0/24 to any keep state
|
|
pass in quick on eth1 proto tcp from 22.22.22.0/24 to any flags S keep state
|
|
pass in quick on eth1 proto tcp from 33.33.33.0/24 to any flags S keep state
|
|
pass in quick on eth1 proto udp from 22.22.22.0/24 to any keep state
|
|
pass in quick on eth1 proto udp from 33.33.33.0/24 to any keep state
|
|
pass in quick on eth1 from 22.22.22.0/24 to any
|
|
pass in quick on eth1 from 33.33.33.0/24 to any
|
|
#
|
|
# Rule 4 (eth0)
|
|
# firewall:Policy:4: warning: Changing rule direction due to self reference
|
|
|
|
pass in quick on eth0 proto udp from 192.168.1.0/24 to 192.168.1.1 port = 53 keep state
|
|
pass in quick on eth0 proto udp from 192.168.1.0/24 to 222.222.222.222 port = 53 keep state
|
|
#
|
|
# Rule 5 (eth0)
|
|
block in log level local0.warning quick on eth0 proto udp from any to 192.168.1.255 port = 53
|
|
#
|
|
# Rule 6 (global)
|
|
block in log level local0.warning quick proto icmp from any to any
|
|
block in log level local0.warning quick proto tcp from any to any flags S/UAPRSF
|
|
block in log level local0.warning quick proto tcp from any to any flags ARSF/UAPRSF
|
|
block out log level local0.warning quick proto icmp from any to any
|
|
block out log level local0.warning quick proto tcp from any to any flags S/UAPRSF
|
|
block out log level local0.warning quick proto tcp from any to any flags ARSF/UAPRSF
|
|
#
|
|
# Rule 7 (global)
|
|
block return-icmp-as-dest (3) in log level local0.warning quick from any to any with opt rr
|
|
block return-icmp-as-dest (3) in log level local0.warning quick from any to any with opt lsrr opt ssrr
|
|
block return-icmp-as-dest (3) in log level local0.warning quick from any to any with opt ts
|
|
block return-icmp-as-dest (3) in log level local0.warning quick from any to any
|
|
block out log level local0.warning quick from any to any with opt rr
|
|
block out log level local0.warning quick from any to any with opt lsrr opt ssrr
|
|
block out log level local0.warning quick from any to any with opt ts
|
|
block out log level local0.warning quick from any to any
|
|
#
|
|
# Rule 8 (global)
|
|
# firewall:Policy:8: warning: Changing rule direction due to self reference
|
|
|
|
block return-icmp-as-dest (3) in quick proto 50 from any to 192.168.1.1
|
|
block return-icmp-as-dest (3) in quick proto 50 from any to 222.222.222.222
|
|
#
|
|
# Rule 11 (global)
|
|
pass in quick proto tcp from 211.11.11.11 to 192.168.1.10 port = 53 flags S keep state
|
|
pass in quick proto tcp from 211.22.22.22 to 192.168.1.10 port = 53 flags S keep state
|
|
pass out quick proto tcp from 211.11.11.11 to 192.168.1.10 port = 53 flags S keep state
|
|
pass out quick proto tcp from 211.22.22.22 to 192.168.1.10 port = 53 flags S keep state
|
|
#
|
|
# Rule 12 (global)
|
|
pass in quick proto tcp from any to 192.168.1.10 port = 113 flags S keep state
|
|
pass in quick proto tcp from any to 192.168.1.10 port = 13 flags S keep state
|
|
pass in quick proto tcp from any to 192.168.1.10 port = 53 flags S keep state
|
|
pass in quick proto tcp from any to 192.168.1.10 port = 2105 flags S keep state
|
|
pass in quick proto tcp from any to 192.168.1.10 port = 21 flags S keep state
|
|
pass in quick proto tcp from any to 192.168.1.10 port = 70 flags S keep state
|
|
pass in quick proto tcp from any to 192.168.1.10 port = 80 flags S keep state
|
|
pass in quick proto tcp from any to 192.168.1.10 port = 443 flags S keep state
|
|
pass in quick proto tcp from any to 192.168.1.10 port = 143 flags S keep state
|
|
pass in quick proto tcp from any to 192.168.1.10 port = 993 flags S keep state
|
|
pass in quick proto tcp from any to 192.168.1.10 port = 6667 flags S keep state
|
|
pass in quick proto tcp from any to 192.168.1.10 port = 543 flags S keep state
|
|
pass in quick proto tcp from any to 192.168.1.10 port = 544 flags S keep state
|
|
pass in quick proto tcp from any to 192.168.1.10 port = 389 flags S keep state
|
|
pass in quick proto tcp from any to 192.168.1.10 port = 98 flags S keep state
|
|
pass in quick proto tcp from any to 192.168.1.10 port = 3306 flags S keep state
|
|
pass in quick proto tcp from any to 192.168.1.10 port = 2049 flags S keep state
|
|
pass in quick proto tcp from any to 192.168.1.10 port = 119 flags S keep state
|
|
pass in quick proto tcp from any to 192.168.1.10 port = 110 flags S keep state
|
|
pass in quick proto tcp from any to 192.168.1.10 port = 5432 flags S keep state
|
|
pass in quick proto tcp from any to 192.168.1.10 port = 515 flags S keep state
|
|
pass in quick proto tcp from any to 192.168.1.10 port = 26000 flags S keep state
|
|
pass in quick proto tcp from any to 192.168.1.10 port = 512 flags S keep state
|
|
pass in quick proto tcp from any to 192.168.1.10 port = 513 flags S keep state
|
|
pass in quick proto tcp from any to 192.168.1.10 port = 514 flags S keep state
|
|
pass in quick proto tcp from any to 192.168.1.10 port = 4321 flags S keep state
|
|
pass in quick proto tcp from any to 192.168.1.10 port = 25 flags S keep state
|
|
pass in quick proto tcp from any to 192.168.1.10 port = 465 flags S keep state
|
|
pass in quick proto tcp from any to 192.168.1.10 port = 1080 flags S keep state
|
|
pass in quick proto tcp from any to 192.168.1.10 port = 3128 flags S keep state
|
|
pass in quick proto tcp from any to 192.168.1.10 port = 22 flags S keep state
|
|
pass in quick proto tcp from any to 192.168.1.10 port = 111 flags S keep state
|
|
pass in quick proto tcp from any to 192.168.1.10 port = 23 flags S keep state
|
|
pass in quick proto tcp from any to 192.168.1.10 port 9999 >< 10041 flags S keep state
|
|
pass in quick proto tcp from any to 192.168.1.10 port = 540 flags S keep state
|
|
pass in quick proto tcp from any to 192.168.1.10 port = 7100 flags S keep state
|
|
pass out quick proto tcp from any to 192.168.1.10 port = 113 flags S keep state
|
|
pass out quick proto tcp from any to 192.168.1.10 port = 13 flags S keep state
|
|
pass out quick proto tcp from any to 192.168.1.10 port = 53 flags S keep state
|
|
pass out quick proto tcp from any to 192.168.1.10 port = 2105 flags S keep state
|
|
pass out quick proto tcp from any to 192.168.1.10 port = 21 flags S keep state
|
|
pass out quick proto tcp from any to 192.168.1.10 port = 70 flags S keep state
|
|
pass out quick proto tcp from any to 192.168.1.10 port = 80 flags S keep state
|
|
pass out quick proto tcp from any to 192.168.1.10 port = 443 flags S keep state
|
|
pass out quick proto tcp from any to 192.168.1.10 port = 143 flags S keep state
|
|
pass out quick proto tcp from any to 192.168.1.10 port = 993 flags S keep state
|
|
pass out quick proto tcp from any to 192.168.1.10 port = 6667 flags S keep state
|
|
pass out quick proto tcp from any to 192.168.1.10 port = 543 flags S keep state
|
|
pass out quick proto tcp from any to 192.168.1.10 port = 544 flags S keep state
|
|
pass out quick proto tcp from any to 192.168.1.10 port = 389 flags S keep state
|
|
pass out quick proto tcp from any to 192.168.1.10 port = 98 flags S keep state
|
|
pass out quick proto tcp from any to 192.168.1.10 port = 3306 flags S keep state
|
|
pass out quick proto tcp from any to 192.168.1.10 port = 2049 flags S keep state
|
|
pass out quick proto tcp from any to 192.168.1.10 port = 119 flags S keep state
|
|
pass out quick proto tcp from any to 192.168.1.10 port = 110 flags S keep state
|
|
pass out quick proto tcp from any to 192.168.1.10 port = 5432 flags S keep state
|
|
pass out quick proto tcp from any to 192.168.1.10 port = 515 flags S keep state
|
|
pass out quick proto tcp from any to 192.168.1.10 port = 26000 flags S keep state
|
|
pass out quick proto tcp from any to 192.168.1.10 port = 512 flags S keep state
|
|
pass out quick proto tcp from any to 192.168.1.10 port = 513 flags S keep state
|
|
pass out quick proto tcp from any to 192.168.1.10 port = 514 flags S keep state
|
|
pass out quick proto tcp from any to 192.168.1.10 port = 4321 flags S keep state
|
|
pass out quick proto tcp from any to 192.168.1.10 port = 25 flags S keep state
|
|
pass out quick proto tcp from any to 192.168.1.10 port = 465 flags S keep state
|
|
pass out quick proto tcp from any to 192.168.1.10 port = 1080 flags S keep state
|
|
pass out quick proto tcp from any to 192.168.1.10 port = 3128 flags S keep state
|
|
pass out quick proto tcp from any to 192.168.1.10 port = 22 flags S keep state
|
|
pass out quick proto tcp from any to 192.168.1.10 port = 111 flags S keep state
|
|
pass out quick proto tcp from any to 192.168.1.10 port = 23 flags S keep state
|
|
pass out quick proto tcp from any to 192.168.1.10 port 9999 >< 10041 flags S keep state
|
|
pass out quick proto tcp from any to 192.168.1.10 port = 540 flags S keep state
|
|
pass out quick proto tcp from any to 192.168.1.10 port = 7100 flags S keep state
|
|
#
|
|
# Rule 13 (global)
|
|
pass in quick proto icmp from any to 192.168.1.0/24 icmp-type 3 keep state
|
|
pass in quick proto icmp from any to 192.168.1.0/24 icmp-type 0 code 0 keep state
|
|
pass in quick proto icmp from any to 192.168.1.0/24 icmp-type 11 code 0 keep state
|
|
pass in quick proto icmp from any to 192.168.1.0/24 icmp-type 11 code 1 keep state
|
|
pass in quick proto tcp from any to 192.168.1.0/24 port = 3128 flags S keep state
|
|
pass out quick proto icmp from any to 192.168.1.0/24 icmp-type 3 keep state
|
|
pass out quick proto icmp from any to 192.168.1.0/24 icmp-type 0 code 0 keep state
|
|
pass out quick proto icmp from any to 192.168.1.0/24 icmp-type 11 code 0 keep state
|
|
pass out quick proto icmp from any to 192.168.1.0/24 icmp-type 11 code 1 keep state
|
|
pass out quick proto tcp from any to 192.168.1.0/24 port = 3128 flags S keep state
|
|
#
|
|
# Rule 14 (global)
|
|
skip 2 in from any to 192.168.1.11
|
|
skip 1 in from any to 192.168.1.12/30
|
|
skip 8 in from any to any
|
|
pass in quick proto tcp from any to any port = 113 flags S keep state
|
|
pass in quick proto tcp from any to any port = 80 flags S keep state
|
|
pass in quick proto tcp from any to any port = 443 flags S keep state
|
|
pass in quick proto tcp from any to any port = 143 flags S keep state
|
|
pass in quick proto tcp from any to any port = 25 flags S keep state
|
|
pass in quick proto tcp from any to any port = 3128 flags S keep state
|
|
pass in quick proto tcp from any to any port = 22 flags S keep state
|
|
pass in quick proto tcp from any to any port = 540 flags S keep state
|
|
skip 2 out from any to 192.168.1.11
|
|
skip 1 out from any to 192.168.1.12/30
|
|
skip 8 out from any to any
|
|
pass out quick proto tcp from any to any port = 113 flags S keep state
|
|
pass out quick proto tcp from any to any port = 80 flags S keep state
|
|
pass out quick proto tcp from any to any port = 443 flags S keep state
|
|
pass out quick proto tcp from any to any port = 143 flags S keep state
|
|
pass out quick proto tcp from any to any port = 25 flags S keep state
|
|
pass out quick proto tcp from any to any port = 3128 flags S keep state
|
|
pass out quick proto tcp from any to any port = 22 flags S keep state
|
|
pass out quick proto tcp from any to any port = 540 flags S keep state
|
|
#
|
|
# Rule 15 (global)
|
|
pass in quick proto tcp from any to 192.168.1.11 port = 113 flags S keep state
|
|
pass in quick proto tcp from any to 192.168.1.11 port = 80 flags S keep state
|
|
pass in quick proto tcp from any to 192.168.1.11 port = 443 flags S keep state
|
|
pass in quick proto tcp from any to 192.168.1.11 port = 143 flags S keep state
|
|
pass in quick proto tcp from any to 192.168.1.11 port = 25 flags S keep state
|
|
pass in quick proto tcp from any to 192.168.1.11 port = 3128 flags S keep state
|
|
pass in quick proto tcp from any to 192.168.1.11 port = 22 flags S keep state
|
|
pass in quick proto tcp from any to 192.168.1.11 port = 540 flags S keep state
|
|
pass out quick proto tcp from any to 192.168.1.11 port = 113 flags S keep state
|
|
pass out quick proto tcp from any to 192.168.1.11 port = 80 flags S keep state
|
|
pass out quick proto tcp from any to 192.168.1.11 port = 443 flags S keep state
|
|
pass out quick proto tcp from any to 192.168.1.11 port = 143 flags S keep state
|
|
pass out quick proto tcp from any to 192.168.1.11 port = 25 flags S keep state
|
|
pass out quick proto tcp from any to 192.168.1.11 port = 3128 flags S keep state
|
|
pass out quick proto tcp from any to 192.168.1.11 port = 22 flags S keep state
|
|
pass out quick proto tcp from any to 192.168.1.11 port = 540 flags S keep state
|
|
#
|
|
# Rule 16 (global)
|
|
skip 5 in from any to 192.168.1.11
|
|
skip 4 in from any to 192.168.1.12
|
|
skip 3 in from any to 192.168.1.13
|
|
skip 2 in from any to 192.168.1.14
|
|
skip 1 in from any to 192.168.1.15
|
|
skip 8 in from any to any
|
|
pass in quick proto tcp from any to any port = 113 flags S keep state
|
|
pass in quick proto tcp from any to any port = 80 flags S keep state
|
|
pass in quick proto tcp from any to any port = 443 flags S keep state
|
|
pass in quick proto tcp from any to any port = 143 flags S keep state
|
|
pass in quick proto tcp from any to any port = 25 flags S keep state
|
|
pass in quick proto tcp from any to any port = 3128 flags S keep state
|
|
pass in quick proto tcp from any to any port = 22 flags S keep state
|
|
pass in quick proto tcp from any to any port = 540 flags S keep state
|
|
skip 5 out from any to 192.168.1.11
|
|
skip 4 out from any to 192.168.1.12
|
|
skip 3 out from any to 192.168.1.13
|
|
skip 2 out from any to 192.168.1.14
|
|
skip 1 out from any to 192.168.1.15
|
|
skip 8 out from any to any
|
|
pass out quick proto tcp from any to any port = 113 flags S keep state
|
|
pass out quick proto tcp from any to any port = 80 flags S keep state
|
|
pass out quick proto tcp from any to any port = 443 flags S keep state
|
|
pass out quick proto tcp from any to any port = 143 flags S keep state
|
|
pass out quick proto tcp from any to any port = 25 flags S keep state
|
|
pass out quick proto tcp from any to any port = 3128 flags S keep state
|
|
pass out quick proto tcp from any to any port = 22 flags S keep state
|
|
pass out quick proto tcp from any to any port = 540 flags S keep state
|
|
#
|
|
# Rule 17 (global)
|
|
pass in log level local0.warning quick proto icmp from 192.168.1.1 to 192.168.1.1 keep state
|
|
pass in log level local0.warning quick proto icmp from 192.168.1.1 to 222.222.222.222 keep state
|
|
pass in log level local0.warning quick proto icmp from 222.222.222.222 to 192.168.1.1 keep state
|
|
pass in log level local0.warning quick proto icmp from 222.222.222.222 to 222.222.222.222 keep state
|
|
pass in log level local0.warning quick proto tcp from 192.168.1.1 to 192.168.1.1 flags S keep state
|
|
pass in log level local0.warning quick proto tcp from 192.168.1.1 to 222.222.222.222 flags S keep state
|
|
pass in log level local0.warning quick proto tcp from 222.222.222.222 to 192.168.1.1 flags S keep state
|
|
pass in log level local0.warning quick proto tcp from 222.222.222.222 to 222.222.222.222 flags S keep state
|
|
pass in log level local0.warning quick proto udp from 192.168.1.1 to 192.168.1.1 keep state
|
|
pass in log level local0.warning quick proto udp from 192.168.1.1 to 222.222.222.222 keep state
|
|
pass in log level local0.warning quick proto udp from 222.222.222.222 to 192.168.1.1 keep state
|
|
pass in log level local0.warning quick proto udp from 222.222.222.222 to 222.222.222.222 keep state
|
|
pass in log level local0.warning quick from 192.168.1.1 to 192.168.1.1
|
|
pass in log level local0.warning quick from 192.168.1.1 to 222.222.222.222
|
|
pass in log level local0.warning quick from 222.222.222.222 to 192.168.1.1
|
|
pass in log level local0.warning quick from 222.222.222.222 to 222.222.222.222
|
|
pass out log level local0.warning quick proto icmp from 192.168.1.1 to 192.168.1.1 keep state
|
|
pass out log level local0.warning quick proto icmp from 192.168.1.1 to 222.222.222.222 keep state
|
|
pass out log level local0.warning quick proto icmp from 222.222.222.222 to 192.168.1.1 keep state
|
|
pass out log level local0.warning quick proto icmp from 222.222.222.222 to 222.222.222.222 keep state
|
|
pass out log level local0.warning quick proto tcp from 192.168.1.1 to 192.168.1.1 flags S keep state
|
|
pass out log level local0.warning quick proto tcp from 192.168.1.1 to 222.222.222.222 flags S keep state
|
|
pass out log level local0.warning quick proto tcp from 222.222.222.222 to 192.168.1.1 flags S keep state
|
|
pass out log level local0.warning quick proto tcp from 222.222.222.222 to 222.222.222.222 flags S keep state
|
|
pass out log level local0.warning quick proto udp from 192.168.1.1 to 192.168.1.1 keep state
|
|
pass out log level local0.warning quick proto udp from 192.168.1.1 to 222.222.222.222 keep state
|
|
pass out log level local0.warning quick proto udp from 222.222.222.222 to 192.168.1.1 keep state
|
|
pass out log level local0.warning quick proto udp from 222.222.222.222 to 222.222.222.222 keep state
|
|
pass out log level local0.warning quick from 192.168.1.1 to 192.168.1.1
|
|
pass out log level local0.warning quick from 192.168.1.1 to 222.222.222.222
|
|
pass out log level local0.warning quick from 222.222.222.222 to 192.168.1.1
|
|
pass out log level local0.warning quick from 222.222.222.222 to 222.222.222.222
|
|
#
|
|
# Rule 19 (global)
|
|
# firewall:Policy:19: warning: Changing rule direction due to self reference
|
|
|
|
pass in quick proto icmp from 192.168.1.1 to 192.168.1.1 keep state
|
|
pass in quick proto icmp from 192.168.1.1 to 222.222.222.222 keep state
|
|
pass in quick proto icmp from 222.222.222.222 to 192.168.1.1 keep state
|
|
pass in quick proto icmp from 222.222.222.222 to 222.222.222.222 keep state
|
|
pass in quick proto tcp from 192.168.1.1 to 192.168.1.1 flags S keep state
|
|
pass in quick proto tcp from 192.168.1.1 to 222.222.222.222 flags S keep state
|
|
pass in quick proto tcp from 222.222.222.222 to 192.168.1.1 flags S keep state
|
|
pass in quick proto tcp from 222.222.222.222 to 222.222.222.222 flags S keep state
|
|
pass in quick proto udp from 192.168.1.1 to 192.168.1.1 keep state
|
|
pass in quick proto udp from 192.168.1.1 to 222.222.222.222 keep state
|
|
pass in quick proto udp from 222.222.222.222 to 192.168.1.1 keep state
|
|
pass in quick proto udp from 222.222.222.222 to 222.222.222.222 keep state
|
|
pass in quick from 192.168.1.1 to 192.168.1.1
|
|
pass in quick from 192.168.1.1 to 222.222.222.222
|
|
pass in quick from 222.222.222.222 to 192.168.1.1
|
|
pass in quick from 222.222.222.222 to 222.222.222.222
|
|
pass out quick proto icmp from 192.168.1.1 to 192.168.1.1 keep state
|
|
pass out quick proto icmp from 192.168.1.1 to 222.222.222.222 keep state
|
|
pass out quick proto icmp from 222.222.222.222 to 192.168.1.1 keep state
|
|
pass out quick proto icmp from 222.222.222.222 to 222.222.222.222 keep state
|
|
pass out quick proto tcp from 192.168.1.1 to 192.168.1.1 flags S keep state
|
|
pass out quick proto tcp from 192.168.1.1 to 222.222.222.222 flags S keep state
|
|
pass out quick proto tcp from 222.222.222.222 to 192.168.1.1 flags S keep state
|
|
pass out quick proto tcp from 222.222.222.222 to 222.222.222.222 flags S keep state
|
|
pass out quick proto udp from 192.168.1.1 to 192.168.1.1 keep state
|
|
pass out quick proto udp from 192.168.1.1 to 222.222.222.222 keep state
|
|
pass out quick proto udp from 222.222.222.222 to 192.168.1.1 keep state
|
|
pass out quick proto udp from 222.222.222.222 to 222.222.222.222 keep state
|
|
pass out quick from 192.168.1.1 to 192.168.1.1
|
|
pass out quick from 192.168.1.1 to 222.222.222.222
|
|
pass out quick from 222.222.222.222 to 192.168.1.1
|
|
pass out quick from 222.222.222.222 to 222.222.222.222
|
|
pass out quick proto icmp from 192.168.1.1 to 33.33.33.33 keep state
|
|
pass out quick proto icmp from 192.168.1.1 to 33.33.33.34 keep state
|
|
pass out quick proto icmp from 222.222.222.222 to 33.33.33.33 keep state
|
|
pass out quick proto icmp from 222.222.222.222 to 33.33.33.34 keep state
|
|
pass out quick proto tcp from 192.168.1.1 to 33.33.33.33 flags S keep state
|
|
pass out quick proto tcp from 192.168.1.1 to 33.33.33.34 flags S keep state
|
|
pass out quick proto tcp from 222.222.222.222 to 33.33.33.33 flags S keep state
|
|
pass out quick proto tcp from 222.222.222.222 to 33.33.33.34 flags S keep state
|
|
pass out quick proto udp from 192.168.1.1 to 33.33.33.33 keep state
|
|
pass out quick proto udp from 192.168.1.1 to 33.33.33.34 keep state
|
|
pass out quick proto udp from 222.222.222.222 to 33.33.33.33 keep state
|
|
pass out quick proto udp from 222.222.222.222 to 33.33.33.34 keep state
|
|
pass out quick from 192.168.1.1 to 33.33.33.33
|
|
pass out quick from 192.168.1.1 to 33.33.33.34
|
|
pass out quick from 222.222.222.222 to 33.33.33.33
|
|
pass out quick from 222.222.222.222 to 33.33.33.34
|
|
pass in quick proto icmp from 33.33.33.33 to 192.168.1.1 keep state
|
|
pass in quick proto icmp from 33.33.33.33 to 222.222.222.222 keep state
|
|
pass in quick proto icmp from 33.33.33.34 to 192.168.1.1 keep state
|
|
pass in quick proto icmp from 33.33.33.34 to 222.222.222.222 keep state
|
|
pass in quick proto tcp from 33.33.33.33 to 192.168.1.1 flags S keep state
|
|
pass in quick proto tcp from 33.33.33.33 to 222.222.222.222 flags S keep state
|
|
pass in quick proto tcp from 33.33.33.34 to 192.168.1.1 flags S keep state
|
|
pass in quick proto tcp from 33.33.33.34 to 222.222.222.222 flags S keep state
|
|
pass in quick proto udp from 33.33.33.33 to 192.168.1.1 keep state
|
|
pass in quick proto udp from 33.33.33.33 to 222.222.222.222 keep state
|
|
pass in quick proto udp from 33.33.33.34 to 192.168.1.1 keep state
|
|
pass in quick proto udp from 33.33.33.34 to 222.222.222.222 keep state
|
|
pass in quick from 33.33.33.33 to 192.168.1.1
|
|
pass in quick from 33.33.33.33 to 222.222.222.222
|
|
pass in quick from 33.33.33.34 to 192.168.1.1
|
|
pass in quick from 33.33.33.34 to 222.222.222.222
|
|
skip 3 in from 33.33.33.33 to any
|
|
skip 2 in from 33.33.33.34 to any
|
|
skip 1 in from 192.168.1.1 to any
|
|
skip 24 in from any to any
|
|
pass in quick proto icmp from any to 33.33.33.33 keep state
|
|
pass in quick proto icmp from any to 33.33.33.34 keep state
|
|
pass in quick proto icmp from any to 192.168.1.1 keep state
|
|
skip 3 in from 33.33.33.33 to any
|
|
skip 2 in from 33.33.33.34 to any
|
|
skip 1 in from 192.168.1.1 to any
|
|
skip 17 in from any to any
|
|
pass in quick proto tcp from any to 33.33.33.33 flags S keep state
|
|
pass in quick proto tcp from any to 33.33.33.34 flags S keep state
|
|
pass in quick proto tcp from any to 192.168.1.1 flags S keep state
|
|
skip 3 in from 33.33.33.33 to any
|
|
skip 2 in from 33.33.33.34 to any
|
|
skip 1 in from 192.168.1.1 to any
|
|
skip 10 in from any to any
|
|
pass in quick proto udp from any to 33.33.33.33 keep state
|
|
pass in quick proto udp from any to 33.33.33.34 keep state
|
|
pass in quick proto udp from any to 192.168.1.1 keep state
|
|
skip 3 in from 33.33.33.33 to any
|
|
skip 2 in from 33.33.33.34 to any
|
|
skip 1 in from 192.168.1.1 to any
|
|
skip 3 in from any to any
|
|
pass in quick from any to 33.33.33.33
|
|
pass in quick from any to 33.33.33.34
|
|
pass in quick from any to 192.168.1.1
|
|
skip 3 out from 33.33.33.33 to any
|
|
skip 2 out from 33.33.33.34 to any
|
|
skip 1 out from 192.168.1.1 to any
|
|
skip 24 out from any to any
|
|
pass out quick proto icmp from any to 33.33.33.33 keep state
|
|
pass out quick proto icmp from any to 33.33.33.34 keep state
|
|
pass out quick proto icmp from any to 192.168.1.1 keep state
|
|
skip 3 out from 33.33.33.33 to any
|
|
skip 2 out from 33.33.33.34 to any
|
|
skip 1 out from 192.168.1.1 to any
|
|
skip 17 out from any to any
|
|
pass out quick proto tcp from any to 33.33.33.33 flags S keep state
|
|
pass out quick proto tcp from any to 33.33.33.34 flags S keep state
|
|
pass out quick proto tcp from any to 192.168.1.1 flags S keep state
|
|
skip 3 out from 33.33.33.33 to any
|
|
skip 2 out from 33.33.33.34 to any
|
|
skip 1 out from 192.168.1.1 to any
|
|
skip 10 out from any to any
|
|
pass out quick proto udp from any to 33.33.33.33 keep state
|
|
pass out quick proto udp from any to 33.33.33.34 keep state
|
|
pass out quick proto udp from any to 192.168.1.1 keep state
|
|
skip 3 out from 33.33.33.33 to any
|
|
skip 2 out from 33.33.33.34 to any
|
|
skip 1 out from 192.168.1.1 to any
|
|
skip 3 out from any to any
|
|
pass out quick from any to 33.33.33.33
|
|
pass out quick from any to 33.33.33.34
|
|
pass out quick from any to 192.168.1.1
|
|
#
|
|
# Rule 20 (global)
|
|
# Automatically generated 'masquerading' rule
|
|
# firewall:Policy:20: warning: Changing rule direction due to self reference
|
|
|
|
pass out quick proto icmp from 192.168.1.1 to any keep state
|
|
pass out quick proto icmp from 222.222.222.222 to any keep state
|
|
pass out quick proto tcp from 192.168.1.1 to any flags S keep state
|
|
pass out quick proto tcp from 222.222.222.222 to any flags S keep state
|
|
pass out quick proto udp from 192.168.1.1 to any keep state
|
|
pass out quick proto udp from 222.222.222.222 to any keep state
|
|
pass out quick from 192.168.1.1 to any
|
|
pass out quick from 222.222.222.222 to any
|
|
pass in quick proto icmp from 192.168.1.0/24 to any keep state
|
|
pass in quick proto tcp from 192.168.1.0/24 to any flags S keep state
|
|
pass in quick proto udp from 192.168.1.0/24 to any keep state
|
|
pass in quick from 192.168.1.0/24 to any
|
|
pass out quick proto icmp from 192.168.1.0/24 to any keep state
|
|
pass out quick proto tcp from 192.168.1.0/24 to any flags S keep state
|
|
pass out quick proto udp from 192.168.1.0/24 to any keep state
|
|
pass out quick from 192.168.1.0/24 to any
|
|
#
|
|
# Rule 21 (global)
|
|
# Automatically generated 'catch all' rule
|
|
block in log level daemon.alert quick from any to any
|
|
block out log level daemon.alert quick from any to any
|
|
#
|
|
# Rule fallback rule
|
|
# fallback rule
|
|
block in quick from any to any
|
|
block out quick from any to any
|