onkelbeh/fwbuilder
1
0
Fork 0
mirror of https://github.com/fwbuilder/fwbuilder synced 2026-03-19 17:57:22 +01:00
Code Issues Releases Wiki Activity
fwbuilder/test/pix/firewall80.fw.orig

213 lines
5.5 KiB
Plaintext
Executable File
Raw Blame History

!
! This is automatically generated file. DO NOT MODIFY !
!
! Firewall Builder fwb_pix v4.2.0.3446
!
! Generated Tue Jan 25 11:22:41 2011 PST by vadim
!
! Compiled for pix 8.2
! Outbound ACLs: supported
! Emulate outbound ACLs: yes
! Generating outbound ACLs: no
! Assume firewall is part of any: yes
!
!# files: * firewall80.fw
!
! testing rules with broadcasts
! N firewall80:NAT:0: error: CustomService objects are not supported in NAT rules
!
! Prolog script:
!
!
! End of prolog script:
!
interface FastEthernet0
nameif outside
security-level 100
exit
interface FastEthernet1
nameif inside
security-level 0
exit
no logging buffered
no logging console
no logging timestamp
no logging on
timeout xlate 3:0:0
timeout conn 1:0:0
timeout udp 0:2:0
timeout sunrpc 0:10:0
timeout h323 0:5:0
timeout sip 0:30:0
timeout sip_media 0:0:0
timeout half-closed 0:0:0
timeout uauth 2:0:0 absolute
clear config ssh
aaa authentication ssh console LOCAL
clear config snmp-server
no snmp-server enable traps
clear config ntp
no service resetinbound
no service resetoutside
no sysopt connection timewait
no sysopt nodnsalias inbound
no sysopt nodnsalias outbound
class-map inspection_default
match default-inspection-traffic
policy-map global_policy
class inspection_default
service-policy global_policy global
policy-map type inspect ip-options ip-options-map
parameters
eool action allow
router-alert action clear
clear xlate
clear config static
clear config global
clear config nat
clear config access-list
clear config icmp
clear config telnet
clear conf object-group
clear conf object
object-group icmp-type id19186X29796.srv.icmp.0
icmp-object 8
icmp-object 0
exit
object-group service id19186X29796.srv.tcp.0 tcp
port-object eq 53
port-object eq 25
exit
object-group service id19186X29796.srv.udp.0 udp
port-object eq 123
port-object eq 53
exit
object-group icmp-type id21447X11252.srv.icmp.0
icmp-object 8
icmp-object 3
exit
!################
!
! Rule 0 (FastEthernet1)
ssh 0.0.0.0 0.0.0.0 inside
!
! Rule 1 (FastEthernet1)
ssh 0.0.0.0 0.0.0.0 inside
!
! Rule 2 (global)
access-list outside_acl_in permit tcp any host 192.168.1.10 eq 22
access-list inside_acl_in permit tcp any host 192.168.1.10 eq 22
!
! Rule 3 (FastEthernet1)
icmp permit any 3 inside
access-list inside_acl_in permit icmp any host 192.168.1.1 3
!
! Rule 4 (global)
access-list outside_acl_in permit icmp any host 192.168.1.10 object-group id19186X29796.srv.icmp.0
access-list inside_acl_in permit icmp any host 192.168.1.10 object-group id19186X29796.srv.icmp.0
access-list outside_acl_in permit tcp any host 192.168.1.10 object-group id19186X29796.srv.tcp.0
access-list inside_acl_in permit tcp any host 192.168.1.10 object-group id19186X29796.srv.tcp.0
access-list outside_acl_in permit udp any host 192.168.1.10 object-group id19186X29796.srv.udp.0
access-list inside_acl_in permit udp any host 192.168.1.10 object-group id19186X29796.srv.udp.0
access-list outside_acl_in permit 50 any host 192.168.1.10
access-list inside_acl_in permit 50 any host 192.168.1.10
access-list outside_acl_in permit 51 any host 192.168.1.10
access-list inside_acl_in permit 51 any host 192.168.1.10
!
! Rule 5 (global)
! matching source ports
access-list outside_acl_in deny tcp any gt 1024 host 192.168.1.10 eq 80
access-list inside_acl_in deny tcp any gt 1024 host 192.168.1.10 eq 80
access-list outside_acl_in deny udp any range 10000 10010 host 192.168.1.10
access-list inside_acl_in deny udp any range 10000 10010 host 192.168.1.10
!
! Rule 6 (global)
access-list outside_acl_in deny tcp any range 20000 20020 host 192.168.1.10
access-list inside_acl_in deny tcp any range 20000 20020 host 192.168.1.10
access-list outside_acl_in deny tcp any range 30000 30030 host 192.168.1.10
access-list inside_acl_in deny tcp any range 30000 30030 host 192.168.1.10
!
! Rule 7 (global)
! matching "any" icmp and "all" tcp
! in one service-group
!
access-list outside_acl_in deny icmp any host 192.168.1.10
access-list inside_acl_in deny icmp any host 192.168.1.10
access-list outside_acl_in deny tcp any host 192.168.1.10
access-list inside_acl_in deny tcp any host 192.168.1.10
!
! Rule 8 (global)
! for #1938 matching
! mixed services
icmp permit 192.168.1.0 255.255.255.192 8 inside
icmp permit 192.168.1.0 255.255.255.192 3 inside
access-list inside_acl_in permit icmp 192.168.1.0 255.255.255.192 host 192.168.1.1 object-group id21447X11252.srv.icmp.0
access-list inside_acl_in permit icmp 192.168.1.0 255.255.255.192 any object-group id21447X11252.srv.icmp.0
access-list inside_acl_in permit tcp 192.168.1.0 255.255.255.192 any eq 3128
access-list inside_acl_in permit udp 192.168.1.0 255.255.255.192 any eq 53
!
! Rule 9 (global)
! for #1942
! using custom service
access-list outside_acl_in deny tcp any host 192.168.1.10 neq 8080
access-list inside_acl_in deny tcp any host 192.168.1.10 neq 8080
!
! Rule 10 (global)
! for #1942
! using custom service
access-list outside_acl_in deny tcp any host 192.168.1.10 neq 8080
access-list inside_acl_in deny tcp any host 192.168.1.10 neq 8080
access-list outside_acl_in deny tcp any host 192.168.1.10 eq 3128
access-list inside_acl_in deny tcp any host 192.168.1.10 eq 3128
!
! Rule 11 (global)
access-list outside_acl_in deny ip any any
access-list inside_acl_in deny ip any any
access-group inside_acl_in in interface inside
access-group outside_acl_in in interface outside
!
! Epilog script:
!
! End of epilog script:
!
Reference in New Issue View Git Blame Copy Permalink