onkelbeh/fwbuilder
1
0
Fork 0
mirror of https://github.com/fwbuilder/fwbuilder synced 2026-03-20 02:07:23 +01:00
Code Issues Releases Wiki Activity
fwbuilder/test/ipf/objects-for-regression-tests.fwb

15403 lines
283 KiB
XML
Raw Blame History

<?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE FWObjectDatabase SYSTEM "fwbuilder.dtd">
<FWObjectDatabase xmlns="http://www.fwbuilder.org/1.0/" version="9" id="root"><Library color="#FFFFFF" comment="" id="id40D07E7A" name="LAX" ro="True">
<ObjectGroup id="id40D07E7B" name="Objects">
<ObjectGroup id="id40D07E7B_og_ats_1" name="Address Tables"/>
<ObjectGroup id="id40D07E7C" name="Addresses">
<IPv4 address="10.1.10.10" comment="" id="id40E238E6" name="laxftp1" netmask="255.255.255.255"/>
<IPv4 address="10.1.10.11" comment="" id="id40E238E7" name="laxweb1" netmask="255.255.255.255"/>
</ObjectGroup>
<ObjectGroup id="id40D07E7D" name="Groups">
<ObjectGroup comment="" id="id40E23565" name="LAX Servers">
<ObjectRef ref="id40E238E6"/>
<ObjectRef ref="id40E238E7"/>
</ObjectGroup>
</ObjectGroup>
<ObjectGroup id="id40D07E7E" name="Hosts"/>
<ObjectGroup id="id40D07E7F" name="Networks"/>
<ObjectGroup id="id40D07E80" name="Address Ranges"/>
<ObjectGroup id="id4386560318752" name="DNS Names"/>
</ObjectGroup>
<ServiceGroup id="id40D07E81" name="Services">
<ServiceGroup id="id40D07E81_og_tag_1" name="TagServices">
</ServiceGroup>
<ServiceGroup id="id40D07E82" name="Groups"/>
<ServiceGroup id="id40D07E83" name="ICMP"/>
<ServiceGroup id="id40D07E84" name="IP"/>
<ServiceGroup id="id40D07E85" name="TCP"/>
<ServiceGroup id="id40D07E86" name="UDP"/>
<ServiceGroup id="id40D07E87" name="Custom"/>
<ServiceGroup id="id40D07E81_userservices" name="Users"/>
</ServiceGroup>
<ObjectGroup id="id40D07E88" name="Firewalls"/>
<IntervalGroup id="id40D07E89" name="Time"/>
</Library>
<Library color="#FFFFFF" comment="" id="id40E233F3" name="West Coast" ro="True">
<ObjectGroup id="id40E233F4" name="Objects">
<ObjectGroup id="id40E233F4_og_ats_1" name="Address Tables"/>
<ObjectGroup id="id40E233F5" name="Addresses"/>
<ObjectGroup id="id40E233F6" name="Groups">
<ObjectGroup comment="" id="id40E23403" name="West Coast Servers">
<ObjectRef ref="id40E23562"/>
<ObjectRef ref="id40E23565"/>
</ObjectGroup>
</ObjectGroup>
<ObjectGroup id="id40E233F7" name="Hosts"/>
<ObjectGroup id="id40E233F8" name="Networks"/>
<ObjectGroup id="id40E233F9" name="Address Ranges"/>
<ObjectGroup id="id4386560418752" name="DNS Names"/>
</ObjectGroup>
<ServiceGroup id="id40E233FA" name="Services">
<ServiceGroup id="id40E233FA_og_tag_1" name="TagServices">
</ServiceGroup>
<ServiceGroup id="id40E233FB" name="Groups"/>
<ServiceGroup id="id40E233FC" name="ICMP"/>
<ServiceGroup id="id40E233FD" name="IP"/>
<ServiceGroup id="id40E233FE" name="TCP"/>
<ServiceGroup id="id40E233FF" name="UDP"/>
<ServiceGroup id="id40E23400" name="Custom"/>
<ServiceGroup id="id40E233FA_userservices" name="Users"/>
</ServiceGroup>
<ObjectGroup id="id40E23401" name="Firewalls"/>
<IntervalGroup id="id40E23402" name="Time"/>
</Library>
<Library color="#d2ffd0" comment="User defined objects" id="syslib001" name="User" ro="False">
<ObjectGroup id="stdid01_1" name="Objects">
<ObjectGroup id="stdid01_1_og_ats_1" name="Address Tables">
<AddressTable comment="" filename="addr-table-1.tbl" id="id4389EE9018346" name="addr-table-1" run_time="False"/>
<AddressTable comment="this is run-time table" filename="block-hosts.tbl" id="id4389EE9118346" name="block these" run_time="True"/>
</ObjectGroup>
<ObjectGroup id="stdid16_1" name="Addresses">
<IPv4 address="61.150.47.112" comment="" id="id4388C37D674" name="sapmhost1" netmask="255.255.255.255"/>
</ObjectGroup>
<ObjectGroup id="stdid04_1" name="Groups">
<ObjectGroup id="id3B4572AF" name="group1">
<ObjectRef ref="host-hostA"/>
<ObjectRef ref="host-hostB"/>
</ObjectGroup>
<ObjectGroup id="id3B4572B5" name="platform">
<ObjectRef ref="id3AFC0F70"/>
<ObjectRef ref="id3AFC191C"/>
</ObjectGroup>
<ObjectGroup id="id3BBC0EFC" name="netgroup1">
<ObjectRef ref="net-Internal_net"/>
<ObjectRef ref="id3B022266"/>
</ObjectGroup>
<ObjectGroup id="id3CD87A9A" name="group-range-1">
<ObjectRef ref="id3CD87A53"/>
<ObjectRef ref="id3CD87A5E"/>
<ObjectRef ref="id3CD87A6D"/>
<ObjectRef ref="id3CD87A7C"/>
<ObjectRef ref="id3CD87A8B"/>
</ObjectGroup>
<ObjectGroup id="id3D8FF5EC" name="group2">
<ObjectRef ref="host-hostA"/>
</ObjectGroup>
<ObjectGroup id="id3DEA7FEE" name="lb group">
<ObjectRef ref="host-hostA"/>
<ObjectRef ref="host-hostB"/>
<ObjectRef ref="id3D58227A"/>
</ObjectGroup>
<ObjectGroup id="id3EDC2CF8" name="ext nets">
<ObjectRef ref="id3B665643"/>
<ObjectRef ref="id3B665641"/>
</ObjectGroup>
<ObjectGroup comment="this group is a combination of a regular address object and an address table in run-time mode" id="id4390C25525682" name="at group">
<ObjectRef ref="id4388C37D674"/>
<ObjectRef ref="id4389EE9118346"/>
</ObjectGroup>
</ObjectGroup>
<ObjectGroup id="stdid02_1" name="Hosts">
<Host comment="broadcast on internal subnet" id="id3B64FFAC" name="broadcast">
<Interface bridgeport="False" dyn="False" id="id3B64FFAC-i" name="unknown" security_level="100" unnum="False" unprotected="False">
<IPv4 address="192.168.1.255" id="id3B64FFAC-i-ipv4" name="address" netmask="255.255.255.255"/>
</Interface>
<HostOptions>
<Option name="use_mac_addr_filter">false</Option>
</HostOptions>
</Host>
<Host comment="" id="id3D265845" name="fw2-dmz-iface">
<Interface bridgeport="False" dyn="False" id="id3D265845-i" name="interface-1" security_level="0" unnum="False" unprotected="False">
<IPv4 address="192.168.2.1" id="id3D265845-i-1-addr" name="address" netmask="255.255.255.255"/>
</Interface>
<Management address="192.168.2.1">
<SNMPManagement enabled="False" snmp_read_community="" snmp_write_community=""/>
<FWBDManagement enabled="False" identity="" port="-1"/>
<PolicyInstallScript arguments="" command="" enabled="False"/>
</Management>
<HostOptions>
<Option name="snmp_contact"/>
<Option name="snmp_description"/>
<Option name="snmp_location"/>
<Option name="use_mac_addr">false</Option>
<Option name="use_mac_addr_filter">False</Option>
</HostOptions>
</Host>
<Host comment="the same address as internal iface of firewall1" id="id3AFC191C" name="fw2-int-iface">
<Interface bridgeport="False" dyn="False" id="id3AFC191C-i" name="unknown" security_level="100" unnum="False" unprotected="False">
<IPv4 address="192.168.1.1" id="id3AFC191C-i-ipv4" name="address" netmask="255.255.255.255"/>
</Interface>
<Management address="192.168.1.1">
<SNMPManagement enabled="False" snmp_read_community="" snmp_write_community=""/>
<FWBDManagement enabled="False" identity="" port="-1"/>
<PolicyInstallScript arguments="" command="" enabled="False"/>
</Management>
<HostOptions>
<Option name="snmp_contact"/>
<Option name="snmp_description"/>
<Option name="snmp_location"/>
<Option name="use_mac_addr_filter">False</Option>
</HostOptions>
</Host>
<Host comment="host on the DMZ net" id="id3D265477" name="host-dmz1">
<Interface bridgeport="False" dyn="False" id="id3D265477-i" name="interface-1" security_level="0" unnum="False" unprotected="False">
<IPv4 address="192.168.2.10" id="id3D265477-i-1-addr" name="address" netmask="255.255.255.255"/>
</Interface>
<Management address="192.168.2.10">
<SNMPManagement enabled="False" snmp_read_community="" snmp_write_community=""/>
<FWBDManagement enabled="False" identity="" port="-1"/>
<PolicyInstallScript arguments="" command="" enabled="False"/>
</Management>
<HostOptions>
<Option name="snmp_contact"/>
<Option name="snmp_description"/>
<Option name="snmp_location"/>
<Option name="use_mac_addr">false</Option>
<Option name="use_mac_addr_filter">False</Option>
</HostOptions>
</Host>
<Host comment="" id="id3D26547B" name="host-dmz1-NAT">
<Interface bridgeport="False" dyn="False" id="id3D26547B-i" name="interface-1" security_level="0" unnum="False" unprotected="False">
<IPv4 address="22.22.22.24" id="id3D26547B-i-1-addr" name="address" netmask="255.255.255.255"/>
</Interface>
<Management address="22.22.22.24">
<SNMPManagement enabled="False" snmp_read_community="" snmp_write_community=""/>
<FWBDManagement enabled="False" identity="" port="-1"/>
<PolicyInstallScript arguments="" command="" enabled="False"/>
</Management>
<HostOptions>
<Option name="snmp_contact"/>
<Option name="snmp_description"/>
<Option name="snmp_location"/>
<Option name="use_mac_addr">false</Option>
<Option name="use_mac_addr_filter">False</Option>
</HostOptions>
</Host>
<Host id="id3DEA665F" name="host-ext1">
<Interface bridgeport="False" dyn="False" id="id3DEA6663" name="interface1" security_level="0" unnum="False" unprotected="False">
<IPv4 address="22.22.22.24" id="id3DEA6664" name="host-ext1" netmask="255.255.255.255"/>
</Interface>
<Management address="0.0.0.0">
<SNMPManagement enabled="False" snmp_read_community="" snmp_write_community=""/>
<FWBDManagement enabled="False" identity="" port="-1"/>
<PolicyInstallScript arguments="" command="" enabled="False"/>
</Management>
<HostOptions>
<Option name="use_mac_addr">false</Option>
</HostOptions>
</Host>
<Host comment="this host has the same IP address as firewall1 and firewall2" id="id3AFC0F70" name="host-fw2">
<Interface bridgeport="False" dyn="False" id="id3AFC0F70-i" name="unknown" security_level="100" unnum="False" unprotected="False">
<IPv4 address="22.22.22.22" id="id3AFC0F70-i-ipv4" name="address" netmask="255.255.255.255"/>
</Interface>
<HostOptions>
<Option name="use_mac_addr_filter">false</Option>
</HostOptions>
</Host>
<Host comment="" id="id3BF1B3E1" name="host-with_mac">
<Interface bridgeport="False" dyn="False" id="id3BF1B3E2" label="" name="unknown" security_level="100" unnum="False" unprotected="False">
<IPv4 address="192.168.1.10" id="id3BF1B3E2-ipv4" name="address" netmask="255.255.255.0"/>
<physAddress address="00:10:4b:de:e9:6f" id="id3BF1B3E2-pa" name="unknown-pa"/>
</Interface>
<Management address="192.168.1.10">
<SNMPManagement enabled="False" snmp_read_community="" snmp_write_community=""/>
<FWBDManagement enabled="False" identity="" port="-1"/>
<PolicyInstallScript arguments="" command="" enabled="False"/>
</Management>
<HostOptions>
<Option name="use_mac_addr_filter">True</Option>
</HostOptions>
</Host>
<Host comment="" id="id3BF1B3E7" name="host-with_mac-2">
<Interface bridgeport="False" dyn="False" id="id3BF1B3E8" label="" name="unknown" security_level="100" unnum="False" unprotected="False">
<IPv4 address="0.0.0.0" id="id3BF1B3E8-ipv4" name="address" netmask="0.0.0.0"/>
<physAddress address="00:10:4b:de:e9:6f" id="id3BF1B3E8-pa" name="unknown-pa"/>
</Interface>
<Management address="0.0.0.0">
<SNMPManagement enabled="False" snmp_read_community="" snmp_write_community=""/>
<FWBDManagement enabled="False" identity="" port="-1"/>
<PolicyInstallScript arguments="" command="" enabled="False"/>
</Management>
<HostOptions>
<Option name="snmp_contact"/>
<Option name="snmp_description"/>
<Option name="snmp_location"/>
<Option name="use_mac_addr_filter">True</Option>
</HostOptions>
</Host>
<Host comment="" id="host-hostA" name="hostA">
<Interface bridgeport="False" comment="" dyn="False" id="host-hostA-i" label="" mgmt="False" name="int1" security_level="100" unnum="False" unprotected="False">
<IPv4 address="192.168.1.10" comment="" id="host-hostA-i-ipv4" name="hostA(ip)" netmask="255.255.255.255"/>
</Interface>
<Management address="192.168.1.10">
<SNMPManagement enabled="False" snmp_read_community="public" snmp_write_community=""/>
<FWBDManagement enabled="False" identity="" port="-1"/>
<PolicyInstallScript arguments="" command="" enabled="False"/>
</Management>
<HostOptions>
<Option name="use_mac_addr_filter">false</Option>
</HostOptions>
</Host>
<Host comment="" id="id3B3D5A3B" name="hostA">
<Interface bridgeport="False" comment="" dyn="False" id="id3B3D5A3B-i" label="" mgmt="False" name="int1" security_level="100" unnum="False" unprotected="False">
<IPv4 address="192.168.1.10" comment="" id="id3B3D5A3B-i-ipv4" name="hostA(ip)" netmask="255.255.255.255"/>
</Interface>
<Management address="192.168.1.10">
<SNMPManagement enabled="False" snmp_read_community="public" snmp_write_community=""/>
<FWBDManagement enabled="False" identity="" port="-1"/>
<PolicyInstallScript arguments="" command="" enabled="False"/>
</Management>
<HostOptions>
<Option name="use_mac_addr_filter">false</Option>
</HostOptions>
</Host>
<Host comment="translated address for hostA" id="id3AFADBF9" name="hostA-NAT">
<Interface bridgeport="False" dyn="False" id="id3AFADBF9-i" name="unknown" security_level="100" unnum="False" unprotected="False">
<IPv4 address="22.22.22.23" id="id3AFADBF9-i-ipv4" name="address" netmask="255.255.255.255"/>
</Interface>
<HostOptions>
<Option name="use_mac_addr_filter">false</Option>
</HostOptions>
</Host>
<Host comment="" id="host-hostB" name="hostB">
<Interface bridgeport="False" comment="" dyn="False" id="host-hostB-i" label="" mgmt="False" name="int1" security_level="100" unnum="False" unprotected="False">
<IPv4 address="192.168.1.20" comment="" id="host-hostB-i-ipv4" name="hostB(ip)" netmask="255.255.255.255"/>
</Interface>
<Management address="192.168.1.20">
<SNMPManagement enabled="False" snmp_read_community="public" snmp_write_community=""/>
<FWBDManagement enabled="False" identity="" port="-1"/>
<PolicyInstallScript arguments="" command="" enabled="False"/>
</Management>
<HostOptions>
<Option name="use_mac_addr_filter">false</Option>
</HostOptions>
</Host>
<Host comment="" id="id3BD6736B" name="hostB-NAT">
<Interface bridgeport="False" dyn="False" id="id3BD6736B-i" name="unknown" security_level="100" unnum="False" unprotected="False">
<IPv4 address="22.22.23.24" id="id3BD6736B-i-ipv4" name="address" netmask="255.255.255.255"/>
</Interface>
<HostOptions>
<Option name="use_mac_addr_filter">false</Option>
</HostOptions>
</Host>
<Host comment="" id="id3D58227A" name="hostC">
<Interface bridgeport="False" comment="" dyn="False" id="id3D58227A-i" label="" mgmt="False" name="int1" security_level="0" unnum="False" unprotected="False">
<IPv4 address="192.168.1.100" comment="" id="id3D58227A-i-1-addr" name="hostC(ip)" netmask="255.255.255.255"/>
</Interface>
<Management address="192.168.1.100">
<SNMPManagement enabled="False" snmp_read_community="" snmp_write_community=""/>
<FWBDManagement enabled="False" identity="" port="-1"/>
<PolicyInstallScript arguments="" command="" enabled="False"/>
</Management>
<HostOptions>
<Option name="snmp_contact"/>
<Option name="snmp_description"/>
<Option name="snmp_location"/>
<Option name="use_mac_addr">false</Option>
<Option name="use_mac_addr_filter">False</Option>
</HostOptions>
</Host>
<Host comment="" id="id3D58227E" name="hostC-1">
<Interface bridgeport="False" comment="" dyn="False" id="id3D582282" label="" name="eth0" security_level="0" unnum="False" unprotected="False">
<IPv4 address="192.168.1.100" comment="" id="id3D582283" name="hostC-1:eth0" netmask="255.255.255.0"/>
</Interface>
<Management address="192.168.1.100">
<SNMPManagement enabled="False" snmp_read_community="" snmp_write_community=""/>
<FWBDManagement enabled="False" identity="" port="-1"/>
<PolicyInstallScript arguments="" command="" enabled="False"/>
</Management>
<HostOptions>
<Option name="snmp_contact"/>
<Option name="snmp_description"/>
<Option name="snmp_location"/>
<Option name="use_mac_addr">false</Option>
<Option name="use_mac_addr_filter">False</Option>
</HostOptions>
</Host>
<Host comment="" id="id3CD87A53" name="n192.168.1.11">
<Interface bridgeport="False" dyn="False" id="id3CD87A53-i" name="interface-1" security_level="0" unnum="False" unprotected="False">
<IPv4 address="192.168.1.11" id="id3CD87A53-i-1-addr" name="address" netmask="255.255.255.255"/>
</Interface>
<Management address="192.168.1.11">
<SNMPManagement enabled="False" snmp_read_community="" snmp_write_community=""/>
<FWBDManagement enabled="False" identity="" port="-1"/>
<PolicyInstallScript arguments="" command="" enabled="False"/>
</Management>
<HostOptions>
<Option name="snmp_contact"/>
<Option name="snmp_description"/>
<Option name="snmp_location"/>
<Option name="use_mac_addr">False</Option>
<Option name="use_mac_addr_filter">False</Option>
</HostOptions>
</Host>
<Host comment="" id="id3CD87A5E" name="n192.168.1.12">
<Interface bridgeport="False" dyn="False" id="id3CD87A5E-i" name="interface-1" security_level="0" unnum="False" unprotected="False">
<IPv4 address="192.168.1.12" id="id3CD87A5E-i-1-addr" name="address" netmask="255.255.255.255"/>
</Interface>
<Management address="192.168.1.12">
<SNMPManagement enabled="False" snmp_read_community="" snmp_write_community=""/>
<FWBDManagement enabled="False" identity="" port="-1"/>
<PolicyInstallScript arguments="" command="" enabled="False"/>
</Management>
<HostOptions>
<Option name="snmp_contact"/>
<Option name="snmp_description"/>
<Option name="snmp_location"/>
<Option name="use_mac_addr">False</Option>
<Option name="use_mac_addr_filter">False</Option>
</HostOptions>
</Host>
<Host comment="" id="id3CD87A6D" name="n192.168.1.13">
<Interface bridgeport="False" dyn="False" id="id3CD87A6D-i" name="interface-1" security_level="0" unnum="False" unprotected="False">
<IPv4 address="192.168.1.13" id="id3CD87A6D-i-1-addr" name="address" netmask="255.255.255.255"/>
</Interface>
<Management address="192.168.1.13">
<SNMPManagement enabled="False" snmp_read_community="" snmp_write_community=""/>
<FWBDManagement enabled="False" identity="" port="-1"/>
<PolicyInstallScript arguments="" command="" enabled="False"/>
</Management>
<HostOptions>
<Option name="snmp_contact"/>
<Option name="snmp_description"/>
<Option name="snmp_location"/>
<Option name="use_mac_addr">False</Option>
<Option name="use_mac_addr_filter">False</Option>
</HostOptions>
</Host>
<Host comment="" id="id3CD87A7C" name="n192.168.1.14">
<Interface bridgeport="False" dyn="False" id="id3CD87A7C-i" name="interface-1" security_level="0" unnum="False" unprotected="False">
<IPv4 address="192.168.1.14" id="id3CD87A7C-i-1-addr" name="address" netmask="255.255.255.255"/>
</Interface>
<Management address="192.168.1.14">
<SNMPManagement enabled="False" snmp_read_community="" snmp_write_community=""/>
<FWBDManagement enabled="False" identity="" port="-1"/>
<PolicyInstallScript arguments="" command="" enabled="False"/>
</Management>
<HostOptions>
<Option name="snmp_contact"/>
<Option name="snmp_description"/>
<Option name="snmp_location"/>
<Option name="use_mac_addr">False</Option>
<Option name="use_mac_addr_filter">False</Option>
</HostOptions>
</Host>
<Host comment="" id="id3CD87A8B" name="n192.168.1.15">
<Interface bridgeport="False" dyn="False" id="id3CD87A8B-i" name="interface-1" security_level="0" unnum="False" unprotected="False">
<IPv4 address="192.168.1.15" id="id3CD87A8B-i-1-addr" name="address" netmask="255.255.255.255"/>
</Interface>
<Management address="192.168.1.15">
<SNMPManagement enabled="False" snmp_read_community="" snmp_write_community=""/>
<FWBDManagement enabled="False" identity="" port="-1"/>
<PolicyInstallScript arguments="" command="" enabled="False"/>
</Management>
<HostOptions>
<Option name="snmp_contact"/>
<Option name="snmp_description"/>
<Option name="snmp_location"/>
<Option name="use_mac_addr">False</Option>
<Option name="use_mac_addr_filter">False</Option>
</HostOptions>
</Host>
<Host comment="some host outside our network" id="id3B19C5EB" name="outside-host">
<Interface bridgeport="False" dyn="False" id="id3B19C5EB-i" name="unknown" security_level="100" unnum="False" unprotected="False">
<IPv4 address="200.200.200.200" id="id3B19C5EB-i-ipv4" name="address" netmask="255.255.255.255"/>
</Interface>
<HostOptions>
<Option name="use_mac_addr_filter">false</Option>
</HostOptions>
</Host>
<Host comment="" id="host-secondary1-com" name="secondary1.com">
<Interface bridgeport="False" dyn="False" id="host-secondary1-com-i" name="unknown" security_level="100" unnum="False" unprotected="False">
<IPv4 address="211.11.11.11" id="host-secondary1-com-i-ipv4" name="address" netmask="255.255.255.255"/>
</Interface>
<Management address="211.11.11.11">
<SNMPManagement enabled="False" snmp_read_community="public" snmp_write_community=""/>
<FWBDManagement enabled="False" identity="" port="-1"/>
<PolicyInstallScript arguments="" command="" enabled="False"/>
</Management>
<HostOptions>
<Option name="use_mac_addr_filter">false</Option>
</HostOptions>
</Host>
<Host comment="" id="host-secondary2-com" name="secondary2.com">
<Interface bridgeport="False" dyn="False" id="host-secondary2-com-i" name="unknown" security_level="100" unnum="False" unprotected="False">
<IPv4 address="211.22.22.22" id="host-secondary2-com-i-ipv4" name="address" netmask="255.255.255.255"/>
</Interface>
<Management address="211.22.22.22">
<SNMPManagement enabled="False" snmp_read_community="public" snmp_write_community=""/>
<FWBDManagement enabled="False" identity="" port="-1"/>
<PolicyInstallScript arguments="" command="" enabled="False"/>
</Management>
<HostOptions>
<Option name="use_mac_addr_filter">false</Option>
</HostOptions>
</Host>
<Host comment="" id="id3BF23930" name="z-host">
<Interface bridgeport="False" dyn="False" id="id3BF23931" label="" name="unknown" security_level="100" unnum="False" unprotected="False">
<IPv4 address="0.0.0.0" id="id3BF23931-ipv4" name="address" netmask="0.0.0.0"/>
<physAddress address="00:a0:24:53:06:8c" id="id3BF23931-pa" name="unknown-pa"/>
</Interface>
<Management address="0.0.0.0">
<SNMPManagement enabled="False" snmp_read_community="" snmp_write_community=""/>
<FWBDManagement enabled="False" identity="" port="-1"/>
<PolicyInstallScript arguments="" command="" enabled="False"/>
</Management>
<HostOptions>
<Option name="snmp_contact"/>
<Option name="snmp_description"/>
<Option name="snmp_location"/>
<Option name="use_mac_addr_filter">False</Option>
</HostOptions>
</Host>
<Host id="id3D850651" name="zero address">
<Interface bridgeport="False" dyn="False" id="id3D850655" name="interface1" security_level="0" unnum="False" unprotected="False">
<IPv4 address="0.0.0.0" id="id3D850656" name="zero address" netmask="255.0.0.0"/>
</Interface>
<Management address="0.0.0.0">
<SNMPManagement enabled="False" snmp_read_community="" snmp_write_community=""/>
<FWBDManagement enabled="False" identity="" port="-1"/>
<PolicyInstallScript arguments="" command="" enabled="False"/>
</Management>
<HostOptions>
<Option name="use_mac_addr">false</Option>
</HostOptions>
</Host>
<Host id="id3FCA558D" name="dmz host 1">
<Interface bridgeport="False" comment="" dyn="False" id="id3FCA558F" label="" mgmt="False" name="int1" security_level="0" unnum="False" unprotected="False">
<IPv4 address="192.168.2.10" comment="" id="id3FCA5590" name="dmz host 1:(ip)" netmask="255.255.255.255"/>
</Interface>
<Management address="0.0.0.0">
<SNMPManagement enabled="False" snmp_read_community="" snmp_write_community=""/>
<FWBDManagement enabled="False" identity="" port="-1"/>
<PolicyInstallScript arguments="" command="" enabled="False"/>
</Management>
<HostOptions>
<Option name="use_mac_addr">false</Option>
</HostOptions>
</Host>
<Host id="id3FCA5593" name="dmz host 2">
<Interface bridgeport="False" comment="" dyn="False" id="id3FCA5595" label="" mgmt="False" name="int1" security_level="0" unnum="False" unprotected="False">
<IPv4 address="192.168.2.20" comment="" id="id3FCA5596" name="dmz host 2:(ip)" netmask="255.255.255.255"/>
</Interface>
<Management address="0.0.0.0">
<SNMPManagement enabled="False" snmp_read_community="" snmp_write_community=""/>
<FWBDManagement enabled="False" identity="" port="-1"/>
<PolicyInstallScript arguments="" command="" enabled="False"/>
</Management>
<HostOptions>
<Option name="use_mac_addr">false</Option>
</HostOptions>
</Host>
<Host id="id3FCA52D5" name="hostD">
<Interface bridgeport="False" comment="" dyn="False" id="id3FCA52D7" label="" mgmt="False" name="int1" security_level="0" unnum="False" unprotected="False">
<IPv4 address="192.168.1.110" comment="" id="id3FCA52D8" name="hostD(ip)" netmask="255.255.255.255"/>
</Interface>
<Management address="0.0.0.0">
<SNMPManagement enabled="False" snmp_read_community="" snmp_write_community=""/>
<FWBDManagement enabled="False" identity="" port="-1"/>
<PolicyInstallScript arguments="" command="" enabled="False"/>
</Management>
<HostOptions>
<Option name="use_mac_addr">false</Option>
</HostOptions>
</Host>
<Host id="id3FCA52DB" name="hostE">
<Interface bridgeport="False" comment="" dyn="False" id="id3FCA52DD" label="" mgmt="False" name="int1" security_level="0" unnum="False" unprotected="False">
<IPv4 address="192.168.1.120" comment="" id="id3FCA52DE" name="hostE(ip)" netmask="255.255.255.255"/>
</Interface>
<Management address="0.0.0.0">
<SNMPManagement enabled="False" snmp_read_community="" snmp_write_community=""/>
<FWBDManagement enabled="False" identity="" port="-1"/>
<PolicyInstallScript arguments="" command="" enabled="False"/>
</Management>
<HostOptions>
<Option name="use_mac_addr">false</Option>
</HostOptions>
</Host>
<Host id="id3FCA534B" name="dmz host 3">
<Interface bridgeport="False" comment="" dyn="False" id="id3FCA534D" label="" mgmt="False" name="int1" security_level="0" unnum="False" unprotected="False">
<IPv4 address="192.168.2.30" comment="" id="id3FCA534E" name="dmz host 3(ip)" netmask="255.255.255.255"/>
</Interface>
<Management address="0.0.0.0">
<SNMPManagement enabled="False" snmp_read_community="" snmp_write_community=""/>
<FWBDManagement enabled="False" identity="" port="-1"/>
<PolicyInstallScript arguments="" command="" enabled="False"/>
</Management>
<HostOptions>
<Option name="use_mac_addr">false</Option>
</HostOptions>
</Host>
<Host id="id3FCA5351" name="dmz host 4">
<Interface bridgeport="False" comment="" dyn="False" id="id3FCA5353" label="" mgmt="False" name="int1" security_level="0" unnum="False" unprotected="False">
<IPv4 address="192.168.2.40" comment="" id="id3FCA5354" name="dmz host 4(ip)" netmask="255.255.255.255"/>
</Interface>
<Management address="0.0.0.0">
<SNMPManagement enabled="False" snmp_read_community="" snmp_write_community=""/>
<FWBDManagement enabled="False" identity="" port="-1"/>
<PolicyInstallScript arguments="" command="" enabled="False"/>
</Management>
<HostOptions>
<Option name="use_mac_addr">false</Option>
</HostOptions>
</Host>
<Host comment="" id="id43913DCB25682" name="hostAt">
<Interface bridgeport="False" dyn="False" id="id43913DCD25682" label="" name="hostA_eth0" security_level="100" unnum="False" unprotected="False">
<IPv4 address="192.168.1.10" id="id43913DCE25682" name="hostAt:hostA_eth0:ip" netmask="255.255.255.255"/>
</Interface>
<Management address="192.168.1.10">
<SNMPManagement enabled="False" snmp_read_community="public" snmp_write_community=""/>
<FWBDManagement enabled="False" identity="" port="-1"/>
<PolicyInstallScript arguments="" command="" enabled="False"/>
</Management>
<HostOptions>
<Option name="snmp_contact"/>
<Option name="snmp_description"/>
<Option name="snmp_location"/>
<Option name="use_mac_addr_filter">False</Option>
</HostOptions>
</Host>
</ObjectGroup>
<ObjectGroup id="stdid03_1" name="Networks">
<Network comment="" id="net-Internal_net" name="Internal_net" address="192.168.1.0" netmask="255.255.255.0"/>
<Network comment="DMZ net - using NAT" id="id3B022266" name="dmz_net" address="192.168.2.0" netmask="255.255.255.0"/>
<Network comment="" id="id3B665641" name="external_net" address="22.22.22.0" netmask="255.255.255.0"/>
<Network comment="" id="id3B665643" name="foreign_net" address="33.33.33.0" netmask="255.255.255.0"/>
<Network comment="" id="id3FF5DC23" name="n-10.0.0.0" address="10.0.0.0" netmask="255.255.255.0"/>
<Network comment="" id="id43913DEA25682" name="Internal_net_t" address="192.168.1.0" netmask="255.255.255.0"/>
</ObjectGroup>
<ObjectGroup id="stdid15_1" name="Address Ranges">
<AddressRange comment="" id="id3CD8769F" name="test_range_1" start_address="192.168.1.11" end_address="192.168.1.15"/>
<AddressRange comment="" id="id3D98E5AD" name="test_range_2" start_address="192.168.1.11" end_address="192.168.1.11"/>
</ObjectGroup>
<ObjectGroup id="id4386560518752" name="DNS Names">
<DNSName comment="an example of a local host" dnsrec="buildmaster" id="id43869E8E18346" name="buildmaster (ct)" run_time="False"/>
<DNSName comment="an example of a local host" dnsrec="buildmaster" id="id43869E8F18346" name="buildmaster (rt)" run_time="True"/>
<DNSName comment="" dnsrec="www.cnn.com" id="id43869E8C18346" name="cnn (ct)" run_time="False"/>
<DNSName comment="" dnsrec="www.cnn.com" id="id43869E8D18346" name="cnn (rt)" run_time="True"/>
<DNSName comment="" dnsrec="www.google.com" id="id4387287918346" name="google (ct)" run_time="False"/>
<DNSName comment="" dnsrec="www.google.com" id="id4387287A18346" name="google (rt)" run_time="True"/>
</ObjectGroup>
</ObjectGroup>
<ServiceGroup id="stdid05_1" name="Services">
<ServiceGroup id="stdid05_1_og_tag_1" name="TagServices">
</ServiceGroup>
<ServiceGroup id="stdid10_1" name="Groups">
<ServiceGroup id="id3B457567" name="svcgroup1">
<ServiceRef ref="id3B457561"/>
<ServiceRef ref="ip-IPSEC"/>
</ServiceGroup>
<ServiceGroup id="id3C1A66C9" name="large group TCP">
<ServiceRef ref="id3B20468D"/>
<ServiceRef ref="tcp-IRC"/>
<ServiceRef ref="id3B5009F7"/>
<ServiceRef ref="tcp-Auth"/>
<ServiceRef ref="tcp-DNS_zone_transf"/>
<ServiceRef ref="tcp-FTP"/>
<ServiceRef ref="tcp-HTTP"/>
<ServiceRef ref="tcp-NNTP"/>
<ServiceRef ref="tcp-SMTP"/>
<ServiceRef ref="tcp-SSH"/>
<ServiceRef ref="tcp-Telnet"/>
<ServiceRef ref="tcp-uucp"/>
<ServiceRef ref="id3C1A66EF"/>
<ServiceRef ref="id3AEDBE6E"/>
<ServiceRef ref="id3B4FEDA3"/>
<ServiceRef ref="id3B4FED69"/>
<ServiceRef ref="id3AECF776"/>
<ServiceRef ref="id3B4FED9F"/>
<ServiceRef ref="id3B4FF13C"/>
<ServiceRef ref="id3B4FEE21"/>
<ServiceRef ref="id3B4FEE23"/>
<ServiceRef ref="id3AECF778"/>
<ServiceRef ref="id3B4FF000"/>
<ServiceRef ref="id3B4FEEEE"/>
<ServiceRef ref="id3B4FEE7A"/>
<ServiceRef ref="id3B4FEE1D"/>
<ServiceRef ref="id3B4FF0EA"/>
<ServiceRef ref="id3AECF782"/>
<ServiceRef ref="id3B4FEF7C"/>
<ServiceRef ref="id3AECF77A"/>
<ServiceRef ref="id3AECF77C"/>
<ServiceRef ref="id3AECF77E"/>
<ServiceRef ref="id3B4FEF34"/>
<ServiceRef ref="id3B4FF04C"/>
<ServiceRef ref="id3B4FEE76"/>
<ServiceRef ref="id3AEDBE00"/>
<ServiceRef ref="id3B4FF1B8"/>
</ServiceGroup>
<ServiceGroup id="id3CD878C8" name="small group TCP">
<ServiceRef ref="tcp-Auth"/>
<ServiceRef ref="tcp-HTTP"/>
<ServiceRef ref="tcp-SMTP"/>
<ServiceRef ref="tcp-SSH"/>
<ServiceRef ref="tcp-uucp"/>
<ServiceRef ref="id3B4FED69"/>
<ServiceRef ref="id3AECF776"/>
</ServiceGroup>
</ServiceGroup>
<ServiceGroup id="stdid07_1" name="ICMP">
<ICMPService code="-1" comment="" id="id3C1A5D46" name="any ICMP" type="-1"/>
</ServiceGroup>
<ServiceGroup id="stdid06_1" name="IP">
<IPService comment="" fragm="False" id="id3B457561" lsrr="False" name="ICMP" protocol_num="1" rr="False" short_fragm="False" ssrr="False" ts="False"/>
<IPService comment="" fragm="False" id="id3B6659A5" lsrr="False" name="TS" protocol_num="0" rr="False" short_fragm="False" ssrr="False" ts="True"/>
</ServiceGroup>
<ServiceGroup id="stdid09_1" name="TCP">
<TCPService ack_flag="False" ack_flag_mask="False" comment="" dst_range_end="70" dst_range_start="70" fin_flag="False" fin_flag_mask="False" id="id3C1A66EF" name="gopher" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" src_range_end="0" src_range_start="0" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False"/>
<TCPService ack_flag="False" ack_flag_mask="False" comment="" dst_range_end="6667" dst_range_start="6667" fin_flag="False" fin_flag_mask="False" id="tcp-IRC" name="irc" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" src_range_end="0" src_range_start="0" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False"/>
<TCPService ack_flag="False" ack_flag_mask="False" comment="" dst_range_end="3128" dst_range_start="3128" fin_flag="False" fin_flag_mask="False" id="id3B5009F7" name="squid" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" src_range_end="0" src_range_start="0" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False"/>
<TCPService ack_flag="False" ack_flag_mask="False" comment="port range" dst_range_end="11000" dst_range_start="10000" fin_flag="False" fin_flag_mask="False" id="id3B20468D" name="test-TCP" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" src_range_end="0" src_range_start="0" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False"/>
<TCPService ack_flag="True" ack_flag_mask="True" comment="" dst_range_end="0" dst_range_start="0" fin_flag="True" fin_flag_mask="True" id="id3B58E3F1" name="xmas-tree" psh_flag="False" psh_flag_mask="True" rst_flag="True" rst_flag_mask="True" src_range_end="0" src_range_start="0" syn_flag="True" syn_flag_mask="True" urg_flag="False" urg_flag_mask="True"/>
</ServiceGroup>
<ServiceGroup id="stdid08_1" name="UDP">
<UDPService comment="" dst_range_end="500" dst_range_start="500" id="id3DEA6281" name="ISAKMP" src_range_end="0" src_range_start="0"/>
</ServiceGroup>
<ServiceGroup id="stdid13_1" name="Custom">
<CustomService comment="Talk support" id="id3B64FE22" name="talk">
<CustomServiceCommand platform="Undefined"/>
<CustomServiceCommand platform="ipfilter"/>
<CustomServiceCommand platform="iptables">-m ip_conntrack_talk -m ip_nat_talk</CustomServiceCommand>
</CustomService>
</ServiceGroup>
<ServiceGroup id="stdid05_1_userservices" name="Users"/>
</ServiceGroup>
<ObjectGroup id="stdid12_1" name="Firewalls">
<Firewall comment="this is simple firewall with two interfaces. Test regular policy rules, including IP_fragments rule" host_OS="freebsd" id="fw-firewall2" inactive="False" lastCompiled="1172982686" lastInstalled="0" lastModified="1156049375" name="firewall" platform="ipf" ro="False" version="">
<NAT id="nat-firewall2" name="NAT">
<NATRule comment="" disabled="False" id="nat-firewall2-0" position="0">
<OSrc neg="False">
<ObjectRef ref="net-Internal_net"/>
</OSrc>
<ODst neg="False">
<ObjectRef ref="sysid0"/>
</ODst>
<OSrv neg="False">
<ServiceRef ref="sysid1"/>
</OSrv>
<TSrc neg="False">
<ObjectRef ref="fw-firewall2"/>
</TSrc>
<TDst neg="False">
<ObjectRef ref="sysid0"/>
</TDst>
<TSrv neg="False">
<ServiceRef ref="sysid1"/>
</TSrv>
<NATRuleOptions/>
</NATRule>
<NATRule comment="" disabled="False" id="nat-firewall2-1" position="1">
<OSrc neg="False">
<ObjectRef ref="sysid0"/>
</OSrc>
<ODst neg="False">
<ObjectRef ref="fw-firewall2"/>
</ODst>
<OSrv neg="False">
<ServiceRef ref="tcp-SMTP"/>
</OSrv>
<TSrc neg="False">
<ObjectRef ref="sysid0"/>
</TSrc>
<TDst neg="False">
<ObjectRef ref="host-hostA"/>
</TDst>
<TSrv neg="False">
<ServiceRef ref="tcp-SMTP"/>
</TSrv>
<NATRuleOptions/>
</NATRule>
<NATRule disabled="False" id="id3CDB43B8" position="2">
<OSrc neg="False">
<ObjectRef ref="sysid0"/>
</OSrc>
<ODst neg="False">
<ObjectRef ref="sysid0"/>
</ODst>
<OSrv neg="False">
<ServiceRef ref="tcp-HTTP"/>
</OSrv>
<TSrc neg="False">
<ObjectRef ref="sysid0"/>
</TSrc>
<TDst neg="False">
<ObjectRef ref="fw-firewall2"/>
</TDst>
<TSrv neg="False">
<ServiceRef ref="id3B4FF09A"/>
</TSrv>
<NATRuleOptions/>
</NATRule>
<NATRule disabled="False" id="id3D7581A7" position="3">
<OSrc neg="False">
<ObjectRef ref="net-Internal_net"/>
</OSrc>
<ODst neg="False">
<ObjectRef ref="sysid0"/>
</ODst>
<OSrv neg="False">
<ServiceRef ref="tcp-HTTP"/>
<ServiceRef ref="id3B4FED69"/>
</OSrv>
<TSrc neg="False">
<ObjectRef ref="sysid0"/>
</TSrc>
<TDst neg="False">
<ObjectRef ref="if-FW-firewall2-eth0"/>
</TDst>
<TSrv neg="False">
<ServiceRef ref="id3B4FF09A"/>
</TSrv>
<NATRuleOptions/>
</NATRule>
<NATRule comment="" disabled="False" id="id3D75843D" position="4">
<OSrc neg="False">
<ObjectRef ref="net-Internal_net"/>
</OSrc>
<ODst neg="False">
<ObjectRef ref="sysid0"/>
</ODst>
<OSrv neg="False">
<ServiceRef ref="tcp-HTTP"/>
<ServiceRef ref="id3B4FED69"/>
</OSrv>
<TSrc neg="False">
<ObjectRef ref="sysid0"/>
</TSrc>
<TDst neg="False">
<ObjectRef ref="if-FW-firewall2-eth1"/>
</TDst>
<TSrv neg="False">
<ServiceRef ref="id3B4FF09A"/>
</TSrv>
<NATRuleOptions/>
</NATRule>
</NAT>
<Policy id="pol-firewall2" name="Policy">
<PolicyRule action="Deny" direction="Inbound" disabled="False" id="id3B09D29D" log="True" position="0">
<Src neg="False">
<ObjectRef ref="sysid0"/>
</Src>
<Dst neg="False">
<ObjectRef ref="fw-firewall2"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="ip-IP_Fragments"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="if-FW-firewall2-eth1"/>
</Itf>
<PolicyRuleOptions>
<Option name="stateless">True</Option>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule action="Deny" comment="Automatically generated rule blocking short fragments" direction="Inbound" disabled="False" id="pol-firewall2-0" log="True" position="1">
<Src neg="False">
<ObjectRef ref="sysid0"/>
</Src>
<Dst neg="False">
<ObjectRef ref="sysid0"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="ip-IP_Fragments"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="if-FW-firewall2-eth1"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions>
<Option name="stateless">True</Option>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule action="Deny" comment="Automatically generated anti-spoofing rule" direction="Inbound" disabled="False" id="pol-firewall2-1" log="True" position="2">
<Src neg="False">
<ObjectRef ref="net-Internal_net"/>
<ObjectRef ref="fw-firewall2"/>
</Src>
<Dst neg="False">
<ObjectRef ref="sysid0"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="sysid1"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="if-FW-firewall2-eth1"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions>
<Option name="stateless">True</Option>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule action="Accept" direction="Inbound" disabled="False" id="id3EDC2CC7" log="False" position="3">
<Src neg="False">
<ObjectRef ref="id3EDC2CF8"/>
</Src>
<Dst neg="False">
<ObjectRef ref="sysid0"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="sysid1"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="if-FW-firewall2-eth1"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions/>
</PolicyRule>
<PolicyRule action="Accept" direction="Both" disabled="False" id="id3B92DFC5" log="False" position="4">
<Src neg="False">
<ObjectRef ref="net-Internal_net"/>
</Src>
<Dst neg="False">
<ObjectRef ref="fw-firewall2"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="udp-DNS"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="if-FW-firewall2-eth0"/>
</Itf>
<PolicyRuleOptions/>
</PolicyRule>
<PolicyRule action="Deny" comment="" direction="Inbound" disabled="False" id="id3C4E4C38" log="True" position="5">
<Src neg="False">
<ObjectRef ref="sysid0"/>
</Src>
<Dst neg="False">
<ObjectRef ref="id3B64FFAC"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="udp-DNS"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="if-FW-firewall2-eth0"/>
</Itf>
<PolicyRuleOptions>
<Option name="stateless">True</Option>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule action="Deny" direction="Both" disabled="False" id="id3B58E39D" log="True" position="6">
<Src neg="False">
<ObjectRef ref="sysid0"/>
</Src>
<Dst neg="False">
<ObjectRef ref="sysid0"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="tcp-TCP-SYN"/>
<ServiceRef ref="id3B58E3F1"/>
<ServiceRef ref="id3C1A5D46"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="sysid0"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions>
<Option name="action_on_reject"/>
<Option name="limit_value">0</Option>
<Option name="log_limit_suffix"/>
<Option name="log_prefix"/>
<Option name="stateless">True</Option>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule action="Reject" direction="Both" disabled="False" id="id3B6659FC" log="True" position="7">
<Src neg="False">
<ObjectRef ref="sysid0"/>
</Src>
<Dst neg="False">
<ObjectRef ref="sysid0"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="ip-RR"/>
<ServiceRef ref="ip-SRR"/>
<ServiceRef ref="id3B6659A5"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="sysid0"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions>
<Option name="action_on_reject"/>
<Option name="ipf_keep_frags">False</Option>
<Option name="ipf_return_icmp_as_dest">True</Option>
<Option name="stateless">True</Option>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule action="Reject" direction="Both" disabled="False" id="id3CE74D81" log="False" position="8">
<Src neg="False">
<ObjectRef ref="sysid0"/>
</Src>
<Dst neg="False">
<ObjectRef ref="fw-firewall2"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="ip-IPSEC"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="sysid0"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions>
<Option name="stateless">True</Option>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule action="Accept" direction="Both" disabled="True" id="id3BF1B45E" log="False" position="9">
<Src neg="False">
<ObjectRef ref="id3BF1B3E1"/>
</Src>
<Dst neg="False">
<ObjectRef ref="host-hostA"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="sysid1"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="sysid0"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions>
<Option name="action_on_reject"/>
<Option name="limit_suffix"/>
<Option name="limit_value">0</Option>
<Option name="log_prefix"/>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule action="Accept" direction="Both" disabled="True" id="id3BF1B44E" log="False" position="10">
<Src neg="False">
<ObjectRef ref="id3BF1B3E7"/>
</Src>
<Dst neg="False">
<ObjectRef ref="host-hostA"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="sysid1"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="sysid0"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions>
<Option name="action_on_reject"/>
<Option name="limit_suffix"/>
<Option name="limit_value">0</Option>
<Option name="log_prefix"/>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule action="Accept" comment="" direction="Both" disabled="False" id="pol-firewall2-3" log="False" position="11">
<Src neg="False">
<ObjectRef ref="host-secondary1-com"/>
<ObjectRef ref="host-secondary2-com"/>
</Src>
<Dst neg="False">
<ObjectRef ref="host-hostA"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="tcp-DNS_zone_transf"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="sysid0"/>
</Itf>
<When neg="False">
<IntervalRef ref="int-afterhours"/>
<IntervalRef ref="id3C63479C"/>
<IntervalRef ref="id3C63479E"/>
</When>
<PolicyRuleOptions>
<Option name="action_on_reject"/>
<Option name="limit_suffix"/>
<Option name="limit_value">0</Option>
<Option name="log_prefix"/>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule action="Accept" comment="" direction="Both" disabled="False" id="pol-firewall2-2" log="False" position="12">
<Src neg="False">
<ObjectRef ref="sysid0"/>
</Src>
<Dst neg="False">
<ObjectRef ref="host-hostA"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="id3C1A66C9"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="sysid0"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions>
<Option name="action_on_reject"/>
<Option name="limit_suffix"/>
<Option name="limit_value">0</Option>
<Option name="log_prefix"/>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule action="Accept" comment="" direction="Both" disabled="False" id="pol-firewall2-4" log="False" position="13">
<Src neg="False">
<ObjectRef ref="sysid0"/>
</Src>
<Dst neg="False">
<ObjectRef ref="net-Internal_net"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="sg-Useful_ICMP"/>
<ServiceRef ref="id3B5009F7"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="sysid0"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions>
<Option name="action_on_reject"/>
<Option name="limit_suffix"/>
<Option name="limit_value">0</Option>
<Option name="log_prefix"/>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule action="Accept" comment="" direction="Both" disabled="False" id="id3CD8770E" log="False" position="14">
<Src neg="False">
<ObjectRef ref="sysid0"/>
</Src>
<Dst neg="False">
<ObjectRef ref="id3CD8769F"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="id3CD878C8"/>
<ServiceRef ref="id3B5009F7"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="sysid0"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions>
<Option name="action_on_reject"/>
<Option name="limit_suffix"/>
<Option name="limit_value">0</Option>
<Option name="log_prefix"/>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule action="Accept" comment="" direction="Both" disabled="False" id="id3D98E652" log="False" position="15">
<Src neg="False">
<ObjectRef ref="sysid0"/>
</Src>
<Dst neg="False">
<ObjectRef ref="id3D98E5AD"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="id3CD878C8"/>
<ServiceRef ref="id3B5009F7"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="sysid0"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions>
<Option name="action_on_reject"/>
<Option name="limit_suffix"/>
<Option name="limit_value">0</Option>
<Option name="log_prefix"/>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule action="Accept" comment="" direction="Both" disabled="False" id="id3CD87B1E" log="False" position="16">
<Src neg="False">
<ObjectRef ref="sysid0"/>
</Src>
<Dst neg="False">
<ObjectRef ref="id3CD87A9A"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="id3CD878C8"/>
<ServiceRef ref="id3B5009F7"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="sysid0"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions>
<Option name="action_on_reject"/>
<Option name="limit_suffix"/>
<Option name="limit_value">0</Option>
<Option name="log_prefix"/>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule action="Accept" direction="Both" disabled="False" id="id3B58E180" log="True" position="17">
<Src neg="False">
<ObjectRef ref="fw-firewall2"/>
</Src>
<Dst neg="False">
<ObjectRef ref="fw-firewall2"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="sysid1"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="sysid0"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions/>
</PolicyRule>
<PolicyRule action="Accept" comment="illegal rule - firewall8 has dynamic interface" direction="Both" disabled="True" id="id3EE262C2" log="False" position="18">
<Src neg="False">
<ObjectRef ref="fw-firewall2"/>
<ObjectRef ref="id3D582236"/>
</Src>
<Dst neg="False">
<ObjectRef ref="fw-firewall2"/>
<ObjectRef ref="id3D582236"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="sysid1"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="sysid0"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions/>
</PolicyRule>
<PolicyRule action="Accept" direction="Both" disabled="False" id="id3EE261FB" log="False" position="19">
<Src neg="False">
<ObjectRef ref="fw-firewall2"/>
<ObjectRef ref="id3D58223F"/>
<ObjectRef ref="id3D582242"/>
</Src>
<Dst neg="False">
<ObjectRef ref="fw-firewall2"/>
<ObjectRef ref="id3D58223F"/>
<ObjectRef ref="id3D582242"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="sysid1"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="sysid0"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions/>
</PolicyRule>
<PolicyRule action="Accept" comment="Automatically generated 'masquerading' rule" direction="Both" disabled="False" id="pol-firewall2-5" log="False" position="20">
<Src neg="False">
<ObjectRef ref="net-Internal_net"/>
<ObjectRef ref="fw-firewall2"/>
</Src>
<Dst neg="False">
<ObjectRef ref="sysid0"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="sysid1"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="sysid0"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions>
<Option name="action_on_reject"/>
<Option name="limit_suffix"/>
<Option name="limit_value">0</Option>
<Option name="log_prefix"/>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule action="Deny" comment="Automatically generated 'catch all' rule" direction="Both" disabled="False" id="pol-firewall2-7" log="True" position="21">
<Src neg="False">
<ObjectRef ref="sysid0"/>
</Src>
<Dst neg="False">
<ObjectRef ref="sysid0"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="sysid1"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="sysid0"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions>
<Option name="action_on_reject"/>
<Option name="ipf_keep_frags">False</Option>
<Option name="ipf_log_facility">daemon</Option>
<Option name="ipf_return_icmp_as_dest">False</Option>
<Option name="limit_suffix"/>
<Option name="limit_value">0</Option>
<Option name="log_level">alert</Option>
<Option name="log_limit_suffix"/>
<Option name="log_prefix"/>
<Option name="stateless">True</Option>
</PolicyRuleOptions>
</PolicyRule>
</Policy>
<Routing id="fw-firewall2-routing" name="Routing">
</Routing>
<Interface bridgeport="False" dyn="False" id="if-FW-firewall2-eth1" name="eth1" security_level="0" unnum="False" unprotected="False">
<IPv4 address="222.222.222.222" id="if-FW-firewall2-eth1-ipv4" name="address" netmask="255.255.255.0"/>
</Interface>
<Interface bridgeport="False" dyn="False" id="if-FW-firewall2-eth0" name="eth0" security_level="100" unnum="False" unprotected="False">
<IPv4 address="192.168.1.1" comment="" id="if-FW-firewall2-eth0-ipv4" name="firewall" netmask="255.255.255.0"/>
</Interface>
<Interface bridgeport="False" comment="" dyn="False" id="id3E5F1D8E" label="" mgmt="False" name="lo" security_level="0" unnum="False" unprotected="False">
<IPv4 address="127.0.0.1" comment="" id="id3E5F1DDA" name="firewall:lo(ip)" netmask="255.0.0.0"/>
</Interface>
<Management address="127.0.0.1">
<SNMPManagement enabled="False" snmp_read_community="public" snmp_write_community=""/>
<FWBDManagement enabled="True" identity="" port="9999"/>
<PolicyInstallScript arguments="" command="" enabled="False"/>
</Management>
<FirewallOptions>
<Option name="accept_established">False</Option>
<Option name="accept_new_tcp_with_no_syn">False</Option>
<Option name="action_on_reject">ICMP port unreachable</Option>
<Option name="activationCmd"/>
<Option name="admUser"/>
<Option name="altAddress"/>
<Option name="check_shading">False</Option>
<Option name="clamp_mss_to_mtu">False</Option>
<Option name="cmdline">-v</Option>
<Option name="compiler"/>
<Option name="configure_interfaces">True</Option>
<Option name="debug">False</Option>
<Option name="dyn_addr">False</Option>
<Option name="eliminate_duplicates">True</Option>
<Option name="firewall_dir"/>
<Option name="firewall_is_part_of_any">True</Option>
<Option name="firewall_is_part_of_any_and_networks">True</Option>
<Option name="freebsd_path_ipf"/>
<Option name="freebsd_path_ipnat"/>
<Option name="freebsd_path_sysctl"/>
<Option name="ignore_empty_groups">False</Option>
<Option name="in_out_code">True</Option>
<Option name="inst_cmdline"/>
<Option name="inst_script"/>
<Option name="install_script"/>
<Option name="ipf_log_body">False</Option>
<Option name="ipf_log_facility">local0</Option>
<Option name="ipf_log_level">warning</Option>
<Option name="ipf_log_or_block">False</Option>
<Option name="ipf_nat_ftp_proxy">False</Option>
<Option name="ipf_nat_h323_proxy">False</Option>
<Option name="ipf_nat_ipsec_proxy">False</Option>
<Option name="ipf_nat_raudio_proxy">False</Option>
<Option name="ipf_nat_rcmd_proxy">False</Option>
<Option name="ipf_return_icmp_as_dest">True</Option>
<Option name="limit_suffix">/second</Option>
<Option name="limit_value">0</Option>
<Option name="linux24_ip_forward">0</Option>
<Option name="linux24_tcp_fin_timeout">30</Option>
<Option name="linux24_tcp_keepalive_interval">1800</Option>
<Option name="load_modules">False</Option>
<Option name="log_all_dropped">True</Option>
<Option name="log_ip_opt">False</Option>
<Option name="log_level">debug</Option>
<Option name="log_limit_suffix">/second</Option>
<Option name="log_limit_value">0</Option>
<Option name="log_prefix"/>
<Option name="log_tcp_opt">False</Option>
<Option name="log_tcp_seq">False</Option>
<Option name="manage_virtual_addr">True</Option>
<Option name="mgmt_addr">192.168.1.100</Option>
<Option name="mgmt_ssh">True</Option>
<Option name="modulate_state">False</Option>
<Option name="no_iochains_for_any">False</Option>
<Option name="no_optimisation">False</Option>
<Option name="openbsd_ip_directed_broadcast">0</Option>
<Option name="openbsd_ip_forward">1</Option>
<Option name="openbsd_ip_redirect">0</Option>
<Option name="openbsd_ip_sourceroute">0</Option>
<Option name="optimize">True</Option>
<Option name="pass_all_out">False</Option>
<Option name="platform">iptables</Option>
<Option name="script_env_path"/>
<Option name="snmp_contact"/>
<Option name="snmp_description"/>
<Option name="snmp_location"/>
<Option name="use_numeric_log_levels">False</Option>
</FirewallOptions>
</Firewall>
<Firewall comment="this object is used to test all kinds of negation in policy rules&#10;&#10;Currently negation in NAT is not supported for ipf, therefore all rules in NAT with&#10;negation are disabled&#10;" host_OS="freebsd" id="id3AF5AA0A" inactive="False" lastCompiled="1157929195" lastInstalled="0" lastModified="1156049383" name="firewall1" platform="ipf" ro="False" version="">
<NAT id="id3AF5AA0D" name="NAT">
<NATRule disabled="True" id="id3C98491C" position="0">
<OSrc neg="False">
<ObjectRef ref="net-Internal_net"/>
</OSrc>
<ODst neg="False">
<ObjectRef ref="id3B022266"/>
</ODst>
<OSrv neg="False">
<ServiceRef ref="sysid1"/>
</OSrv>
<TSrc neg="False">
<ObjectRef ref="sysid0"/>
</TSrc>
<TDst neg="False">
<ObjectRef ref="sysid0"/>
</TDst>
<TSrv neg="False">
<ServiceRef ref="sysid1"/>
</TSrv>
<NATRuleOptions/>
</NATRule>
<NATRule disabled="False" id="id3AFADC09" position="1">
<OSrc neg="False">
<ObjectRef ref="host-hostA"/>
</OSrc>
<ODst neg="False">
<ObjectRef ref="sysid0"/>
</ODst>
<OSrv neg="False">
<ServiceRef ref="sysid1"/>
</OSrv>
<TSrc neg="False">
<ObjectRef ref="id3AFADBF9"/>
</TSrc>
<TDst neg="False">
<ObjectRef ref="sysid0"/>
</TDst>
<TSrv neg="False">
<ServiceRef ref="sysid1"/>
</TSrv>
<NATRuleOptions/>
</NATRule>
<NATRule disabled="True" id="id3CD23959" position="2">
<OSrc neg="True">
<ObjectRef ref="net-Internal_net"/>
</OSrc>
<ODst neg="False">
<ObjectRef ref="id3B19C5EB"/>
</ODst>
<OSrv neg="False">
<ServiceRef ref="sysid1"/>
</OSrv>
<TSrc neg="False">
<ObjectRef ref="id3AFADBF9"/>
</TSrc>
<TDst neg="False">
<ObjectRef ref="sysid0"/>
</TDst>
<TSrv neg="False">
<ServiceRef ref="sysid1"/>
</TSrv>
<NATRuleOptions/>
</NATRule>
<NATRule disabled="False" id="id3B1328FB" position="3">
<OSrc neg="False">
<ObjectRef ref="net-Internal_net"/>
</OSrc>
<ODst neg="False">
<ObjectRef ref="sysid0"/>
</ODst>
<OSrv neg="False">
<ServiceRef ref="sysid1"/>
</OSrv>
<TSrc neg="False">
<ObjectRef ref="id3AF5AA0A"/>
</TSrc>
<TDst neg="False">
<ObjectRef ref="sysid0"/>
</TDst>
<TSrv neg="False">
<ServiceRef ref="sysid1"/>
</TSrv>
<NATRuleOptions/>
</NATRule>
<NATRule comment="" disabled="False" id="id3E7ABF0A" position="4">
<OSrc neg="False">
<ObjectRef ref="net-Internal_net"/>
</OSrc>
<ODst neg="False">
<ObjectRef ref="sysid0"/>
</ODst>
<OSrv neg="False">
<ServiceRef ref="sysid1"/>
</OSrv>
<TSrc neg="False">
<ObjectRef ref="id3AF5AA99"/>
<ObjectRef ref="id3B11F434"/>
</TSrc>
<TDst neg="False">
<ObjectRef ref="sysid0"/>
</TDst>
<TSrv neg="False">
<ServiceRef ref="sysid1"/>
</TSrv>
<NATRuleOptions/>
</NATRule>
<NATRule disabled="True" id="id3AF5AAD3" position="5">
<OSrc neg="False">
<ObjectRef ref="net-Internal_net"/>
</OSrc>
<ODst neg="True">
<ObjectRef ref="id3B022266"/>
</ODst>
<OSrv neg="False">
<ServiceRef ref="sysid1"/>
</OSrv>
<TSrc neg="False">
<ObjectRef ref="id3AF5AA0A"/>
</TSrc>
<TDst neg="False">
<ObjectRef ref="sysid0"/>
</TDst>
<TSrv neg="False">
<ServiceRef ref="sysid1"/>
</TSrv>
<NATRuleOptions/>
</NATRule>
<NATRule comment="" disabled="True" id="id3CCA1B57" position="6">
<OSrc neg="False">
<ObjectRef ref="net-Internal_net"/>
</OSrc>
<ODst neg="True">
<ObjectRef ref="id3BBC0EFC"/>
</ODst>
<OSrv neg="False">
<ServiceRef ref="sysid1"/>
</OSrv>
<TSrc neg="False">
<ObjectRef ref="id3AF5AA0A"/>
</TSrc>
<TDst neg="False">
<ObjectRef ref="sysid0"/>
</TDst>
<TSrv neg="False">
<ServiceRef ref="sysid1"/>
</TSrv>
<NATRuleOptions/>
</NATRule>
<NATRule disabled="True" id="id3B50F7CB" position="7">
<OSrc neg="True">
<ObjectRef ref="id3B022266"/>
</OSrc>
<ODst neg="False">
<ObjectRef ref="sysid0"/>
</ODst>
<OSrv neg="False">
<ServiceRef ref="sysid1"/>
</OSrv>
<TSrc neg="False">
<ObjectRef ref="id3AF5AA0A"/>
</TSrc>
<TDst neg="False">
<ObjectRef ref="sysid0"/>
</TDst>
<TSrv neg="False">
<ServiceRef ref="sysid1"/>
</TSrv>
<NATRuleOptions/>
</NATRule>
<NATRule disabled="True" id="id3BD8D94B" position="8">
<OSrc neg="False">
<ObjectRef ref="net-Internal_net"/>
</OSrc>
<ODst neg="True">
<ObjectRef ref="id3AF5AA0A"/>
</ODst>
<OSrv neg="False">
<ServiceRef ref="tcp-HTTP"/>
</OSrv>
<TSrc neg="False">
<ObjectRef ref="sysid0"/>
</TSrc>
<TDst neg="False">
<ObjectRef ref="id3AF5AA0A"/>
</TDst>
<TSrv neg="False">
<ServiceRef ref="id3B5009F7"/>
</TSrv>
<NATRuleOptions/>
</NATRule>
<NATRule disabled="True" id="id3BD8D9DD" position="9">
<OSrc neg="False">
<ObjectRef ref="net-Internal_net"/>
</OSrc>
<ODst neg="True">
<ObjectRef ref="id3AFC191C"/>
</ODst>
<OSrv neg="False">
<ServiceRef ref="tcp-HTTP"/>
</OSrv>
<TSrc neg="False">
<ObjectRef ref="sysid0"/>
</TSrc>
<TDst neg="False">
<ObjectRef ref="id3AF5AA0A"/>
</TDst>
<TSrv neg="False">
<ServiceRef ref="id3B5009F7"/>
</TSrv>
<NATRuleOptions/>
</NATRule>
<NATRule disabled="True" id="id3BBC0EA4" position="10">
<OSrc neg="False">
<ObjectRef ref="id3B4572AF"/>
</OSrc>
<ODst neg="True">
<ObjectRef ref="id3BBC0EFC"/>
</ODst>
<OSrv neg="False">
<ServiceRef ref="tcp-HTTP"/>
</OSrv>
<TSrc neg="False">
<ObjectRef ref="sysid0"/>
</TSrc>
<TDst neg="False">
<ObjectRef ref="id3AF5AA0A"/>
</TDst>
<TSrv neg="False">
<ServiceRef ref="id3B5009F7"/>
</TSrv>
<NATRuleOptions/>
</NATRule>
<NATRule disabled="True" id="id3BBC0F93" position="11">
<OSrc neg="True">
<ObjectRef ref="id3B4572AF"/>
</OSrc>
<ODst neg="False">
<ObjectRef ref="id3BBC0EFC"/>
</ODst>
<OSrv neg="False">
<ServiceRef ref="tcp-HTTP"/>
</OSrv>
<TSrc neg="False">
<ObjectRef ref="sysid0"/>
</TSrc>
<TDst neg="False">
<ObjectRef ref="id3AF5AA0A"/>
</TDst>
<TSrv neg="False">
<ServiceRef ref="id3B5009F7"/>
</TSrv>
<NATRuleOptions/>
</NATRule>
<NATRule disabled="True" id="id3BC6BCE5" position="12">
<OSrc neg="True">
<ObjectRef ref="host-hostA"/>
</OSrc>
<ODst neg="False">
<ObjectRef ref="sysid0"/>
</ODst>
<OSrv neg="False">
<ServiceRef ref="tcp-HTTP"/>
</OSrv>
<TSrc neg="False">
<ObjectRef ref="sysid0"/>
</TSrc>
<TDst neg="False">
<ObjectRef ref="id3AF5AA0A"/>
</TDst>
<TSrv neg="False">
<ServiceRef ref="id3B5009F7"/>
</TSrv>
<NATRuleOptions/>
</NATRule>
</NAT>
<Policy id="id3AF5AA0C" name="Policy">
<PolicyRule action="Deny" direction="Both" disabled="False" id="id3C5987DC" log="True" position="0">
<Src neg="False">
<ObjectRef ref="id3B4572B5"/>
</Src>
<Dst neg="True">
<ObjectRef ref="id3B4572B5"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="id3B457567"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="id3AF5AA96"/>
</Itf>
<PolicyRuleOptions>
<Option name="stateless">True</Option>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule action="Deny" direction="Both" disabled="False" id="id3CD34BEF" log="False" position="1">
<Src neg="False">
<ObjectRef ref="id3B4572AF"/>
</Src>
<Dst neg="True">
<ObjectRef ref="id3B4572AF"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="id3B457567"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="id3AF5AA96"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions>
<Option name="stateless">True</Option>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule action="Deny" comment="Anti-spoofing rule" direction="Inbound" disabled="False" id="id3AF5AAB4" log="True" position="2">
<Src neg="False">
<ObjectRef ref="net-Internal_net"/>
<ObjectRef ref="id3AF5AA0A"/>
</Src>
<Dst neg="False">
<ObjectRef ref="sysid0"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="sysid1"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="id3AF5AA99"/>
</Itf>
<PolicyRuleOptions>
<Option name="stateless">True</Option>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule action="Deny" comment="Anti-spoofing rule" direction="Outbound" disabled="False" id="id3AF5AAAB" log="True" position="3">
<Src neg="True">
<ObjectRef ref="net-Internal_net"/>
</Src>
<Dst neg="False">
<ObjectRef ref="sysid0"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="sysid1"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="id3AF5AA99"/>
</Itf>
<PolicyRuleOptions>
<Option name="stateless">True</Option>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule action="Accept" direction="Both" disabled="False" id="id3CDDF2FA" log="False" position="4">
<Src neg="False">
<ObjectRef ref="sysid0"/>
</Src>
<Dst neg="False">
<ObjectRef ref="sysid0"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="sysid1"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="id3B0B4D35"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions/>
</PolicyRule>
<PolicyRule action="Deny" comment="" direction="Both" disabled="False" id="id3CCA26E4" log="True" position="5">
<Src neg="False">
<ObjectRef ref="sysid0"/>
</Src>
<Dst neg="False">
<ObjectRef ref="sysid0"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="tcp-TCP-SYN"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="sysid0"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions>
<Option name="stateless">True</Option>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule action="Deny" direction="Both" disabled="True" id="id3B9AB902" log="True" position="6">
<Src neg="False">
<ObjectRef ref="sysid0"/>
</Src>
<Dst neg="False">
<ObjectRef ref="sysid0"/>
</Dst>
<Srv neg="True">
<ServiceRef ref="tcp-TCP-SYN"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="sysid0"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions>
<Option name="stateless">True</Option>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule action="Accept" comment="hostF has the same IP address as firewal." direction="Both" disabled="False" id="id3AFC0F90" log="True" position="7">
<Src neg="False">
<ObjectRef ref="sysid0"/>
</Src>
<Dst neg="False">
<ObjectRef ref="id3AFC191C"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="icmp-ping_request"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="sysid0"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions/>
</PolicyRule>
<PolicyRule action="Deny" comment="testing negation in the policy rule" direction="Both" disabled="False" id="id3B021E10" log="True" position="8">
<Src neg="True">
<ObjectRef ref="host-hostA"/>
<ObjectRef ref="host-hostB"/>
</Src>
<Dst neg="False">
<ObjectRef ref="sysid0"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="icmp-Unreachables"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="sysid0"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions>
<Option name="action_on_reject"/>
<Option name="limit_suffix">/minute</Option>
<Option name="limit_value">10</Option>
<Option name="log_prefix"/>
<Option name="stateless">True</Option>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule action="Deny" comment="" direction="Both" disabled="False" id="id3B0B4A13" log="True" position="9">
<Src neg="True">
<ObjectRef ref="host-hostA"/>
<ObjectRef ref="host-hostB"/>
</Src>
<Dst neg="False">
<ObjectRef ref="id3AF5AA0A"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="icmp-Unreachables"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="sysid0"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions>
<Option name="stateless">True</Option>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule action="Deny" direction="Both" disabled="False" id="id3B5535B7" log="True" position="10">
<Src neg="True">
<ObjectRef ref="id3B022266"/>
<ObjectRef ref="id3AF5AA0A"/>
</Src>
<Dst neg="False">
<ObjectRef ref="net-Internal_net"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="sysid1"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="sysid0"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions>
<Option name="stateless">True</Option>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule action="Deny" direction="Both" disabled="False" id="id3B11F63D" log="True" position="11">
<Src neg="False">
<ObjectRef ref="net-Internal_net"/>
<ObjectRef ref="id3B022266"/>
</Src>
<Dst neg="True">
<ObjectRef ref="host-hostA"/>
<ObjectRef ref="host-hostB"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="sysid1"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="sysid0"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions>
<Option name="stateless">True</Option>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule action="Deny" comment="" direction="Both" disabled="False" id="id3CDDF0AA" log="False" position="12">
<Src neg="False">
<ObjectRef ref="sysid0"/>
</Src>
<Dst neg="True">
<ObjectRef ref="id3AF5AA0A"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="sysid1"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="sysid0"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions>
<Option name="stateless">True</Option>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule action="Deny" comment="testing negation in service field" direction="Both" disabled="True" id="id3B021E6F" log="True" position="13">
<Src neg="False">
<ObjectRef ref="sysid0"/>
</Src>
<Dst neg="False">
<ObjectRef ref="host-hostA"/>
<ObjectRef ref="host-hostB"/>
</Dst>
<Srv neg="True">
<ServiceRef ref="tcp-SMTP"/>
<ServiceRef ref="tcp-SSH"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="sysid0"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions>
<Option name="stateless">True</Option>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule action="Accept" comment="testing negation in service field" direction="Both" disabled="True" id="id3CCA2CF4" log="True" position="14">
<Src neg="False">
<ObjectRef ref="sysid0"/>
</Src>
<Dst neg="False">
<ObjectRef ref="host-hostA"/>
<ObjectRef ref="host-hostB"/>
</Dst>
<Srv neg="True">
<ServiceRef ref="tcp-SMTP"/>
<ServiceRef ref="tcp-SSH"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="sysid0"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions/>
</PolicyRule>
<PolicyRule action="Deny" direction="Both" disabled="False" id="id3B45739A" log="True" position="15">
<Src neg="False">
<ObjectRef ref="id3B4572B5"/>
</Src>
<Dst neg="True">
<ObjectRef ref="id3B4572B5"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="id3B457567"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="sysid0"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions>
<Option name="stateless">True</Option>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule action="Accept" comment="'masquerading' rule" direction="Both" disabled="False" id="id3AF5AAC8" log="False" position="16">
<Src neg="False">
<ObjectRef ref="net-Internal_net"/>
</Src>
<Dst neg="False">
<ObjectRef ref="sysid0"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="sysid1"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="sysid0"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions/>
</PolicyRule>
<PolicyRule action="Deny" comment="'catch all' rule" direction="Both" disabled="False" id="id3AF5AAE3" log="True" position="17">
<Src neg="False">
<ObjectRef ref="sysid0"/>
</Src>
<Dst neg="False">
<ObjectRef ref="sysid0"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="sysid1"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="sysid0"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions>
<Option name="stateless">True</Option>
</PolicyRuleOptions>
</PolicyRule>
</Policy>
<Routing id="id3AF5AA0A-routing" name="Routing">
</Routing>
<Interface bridgeport="False" dyn="False" id="id3AF5AA96" name="eth0" security_level="100" unnum="False" unprotected="False">
<IPv4 address="192.168.1.1" id="id3AF5AA96-ipv4" name="address" netmask="255.255.255.0"/>
</Interface>
<Interface bridgeport="False" dyn="False" id="id3AF5AA99" name="eth1" security_level="0" unnum="False" unprotected="False">
<IPv4 address="22.22.22.22" id="id3AF5AA99-ipv4" name="address" netmask="255.255.255.0"/>
</Interface>
<Interface bridgeport="False" dyn="False" id="id3B0B4BC8" name="eth2" security_level="100" unnum="False" unprotected="False">
<IPv4 address="192.168.2.1" id="id3B0B4BC8-ipv4" name="address" netmask="255.255.255.0"/>
</Interface>
<Interface bridgeport="False" dyn="False" id="id3B0B4D35" name="lo" security_level="100" unnum="False" unprotected="False">
<IPv4 address="127.0.0.1" id="id3B0B4D35-ipv4" name="address" netmask="255.0.0.0"/>
</Interface>
<Interface bridgeport="False" dyn="False" id="id3B11F434" name="eth3" security_level="0" unnum="False" unprotected="False">
<IPv4 address="22.22.23.23" id="id3B11F434-ipv4" name="address" netmask="255.255.255.0"/>
</Interface>
<Management address="22.22.23.23">
<SNMPManagement enabled="False" snmp_read_community="public" snmp_write_community=""/>
<FWBDManagement enabled="True" identity="" port="9999"/>
<PolicyInstallScript arguments="" command="" enabled="False"/>
</Management>
<FirewallOptions>
<Option name="accept_established">True</Option>
<Option name="accept_new_tcp_with_no_syn">True</Option>
<Option name="action_on_reject">ICMP net unreachable</Option>
<Option name="check_shading">False</Option>
<Option name="clamp_mss_to_mtu">False</Option>
<Option name="cmdline"/>
<Option name="compiler"/>
<Option name="debug">False</Option>
<Option name="dyn_addr">False</Option>
<Option name="eliminate_duplicates">True</Option>
<Option name="firewall_dir"/>
<Option name="firewall_is_part_of_any">True</Option>
<Option name="firewall_is_part_of_any_and_networks">True</Option>
<Option name="freebsd_path_ipf"/>
<Option name="freebsd_path_ipnat"/>
<Option name="freebsd_path_sysctl"/>
<Option name="in_out_code">True</Option>
<Option name="inst_cmdline"/>
<Option name="inst_script"/>
<Option name="install_script"/>
<Option name="ipf_log_body">False</Option>
<Option name="ipf_log_facility"/>
<Option name="ipf_log_level"/>
<Option name="ipf_log_or_block">False</Option>
<Option name="ipf_nat_ftp_proxy">False</Option>
<Option name="ipf_nat_raudio_proxy">False</Option>
<Option name="ipf_nat_rcmd_proxy">False</Option>
<Option name="ipf_return_icmp_as_dest">False</Option>
<Option name="limit_suffix">/day</Option>
<Option name="limit_value">0</Option>
<Option name="linux24_ip_forward">0</Option>
<Option name="linux24_tcp_fin_timeout">30</Option>
<Option name="linux24_tcp_keepalive_interval">1800</Option>
<Option name="load_modules">False</Option>
<Option name="log_all_dropped">False</Option>
<Option name="log_ip_opt">False</Option>
<Option name="log_level">debug</Option>
<Option name="log_limit_suffix">/second</Option>
<Option name="log_limit_value">0</Option>
<Option name="log_prefix"/>
<Option name="log_tcp_opt">False</Option>
<Option name="log_tcp_seq">False</Option>
<Option name="manage_virtual_addr">True</Option>
<Option name="modulate_state">False</Option>
<Option name="no_iochains_for_any">False</Option>
<Option name="no_optimisation">False</Option>
<Option name="pass_all_out">False</Option>
<Option name="platform">iptables</Option>
<Option name="proxy_arp">False</Option>
<Option name="script_env_path"/>
<Option name="snmp_contact"/>
<Option name="snmp_description"/>
<Option name="snmp_location"/>
<Option name="use_ip_tool">False</Option>
<Option name="use_numeric_log_levels">False</Option>
</FirewallOptions>
</Firewall>
<Firewall comment="this object has several interfaces and shows different rules for NAT. Also testing policy rule options " host_OS="freebsd" id="id3AFB66C6" inactive="False" lastCompiled="0" lastInstalled="0" lastModified="1188008480" name="firewall2" platform="ipf" ro="False" version="">
<NAT id="id3AFB66C7" name="NAT">
<NATRule disabled="False" id="id3AFB66C8" position="0">
<OSrc neg="False">
<ObjectRef ref="net-Internal_net"/>
</OSrc>
<ODst neg="False">
<ObjectRef ref="sysid0"/>
</ODst>
<OSrv neg="False">
<ServiceRef ref="sysid1"/>
</OSrv>
<TSrc neg="False">
<ObjectRef ref="id3AFB66C6"/>
</TSrc>
<TDst neg="False">
<ObjectRef ref="sysid0"/>
</TDst>
<TSrv neg="False">
<ServiceRef ref="sysid1"/>
</TSrv>
<NATRuleOptions>
<Option name="id"/>
</NATRuleOptions>
</NATRule>
<NATRule disabled="False" id="id3AFB66D6" position="1">
<OSrc neg="False">
<ObjectRef ref="host-hostA"/>
<ObjectRef ref="id3B4572AF"/>
</OSrc>
<ODst neg="False">
<ObjectRef ref="sysid0"/>
</ODst>
<OSrv neg="False">
<ServiceRef ref="sysid1"/>
</OSrv>
<TSrc neg="False">
<ObjectRef ref="id3AFADBF9"/>
</TSrc>
<TDst neg="False">
<ObjectRef ref="sysid0"/>
</TDst>
<TSrv neg="False">
<ServiceRef ref="sysid1"/>
</TSrv>
<NATRuleOptions>
<Option name="id"/>
</NATRuleOptions>
</NATRule>
<NATRule disabled="False" id="id3DE9CA86" position="2">
<OSrc neg="False">
<ObjectRef ref="net-Internal_net"/>
</OSrc>
<ODst neg="False">
<ObjectRef ref="sysid0"/>
</ODst>
<OSrv neg="False">
<ServiceRef ref="tcp-SSH"/>
<ServiceRef ref="tcp-FTP"/>
</OSrv>
<TSrc neg="False">
<ObjectRef ref="id3AFB66C6"/>
</TSrc>
<TDst neg="False">
<ObjectRef ref="sysid0"/>
</TDst>
<TSrv neg="False">
<ServiceRef ref="sysid1"/>
</TSrv>
<NATRuleOptions/>
</NATRule>
<NATRule comment="" disabled="False" id="id3DE9CD88" position="3">
<OSrc neg="False">
<ObjectRef ref="net-Internal_net"/>
</OSrc>
<ODst neg="False">
<ObjectRef ref="sysid0"/>
</ODst>
<OSrv neg="False">
<ServiceRef ref="tcp-SSH"/>
</OSrv>
<TSrc neg="False">
<ObjectRef ref="id3AFB6706"/>
</TSrc>
<TDst neg="False">
<ObjectRef ref="sysid0"/>
</TDst>
<TSrv neg="False">
<ServiceRef ref="tcp-SSH"/>
</TSrv>
<NATRuleOptions/>
</NATRule>
<NATRule comment="" disabled="False" id="id3DEA6375" position="4">
<OSrc neg="False">
<ObjectRef ref="net-Internal_net"/>
</OSrc>
<ODst neg="False">
<ObjectRef ref="sysid0"/>
</ODst>
<OSrv neg="False">
<ServiceRef ref="id3DEA6281"/>
</OSrv>
<TSrc neg="False">
<ObjectRef ref="id3AFB6706"/>
</TSrc>
<TDst neg="False">
<ObjectRef ref="sysid0"/>
</TDst>
<TSrv neg="False">
<ServiceRef ref="sysid1"/>
</TSrv>
<NATRuleOptions/>
</NATRule>
<NATRule disabled="False" id="id3CABE6DF" position="5">
<OSrc neg="False">
<ObjectRef ref="net-Internal_net"/>
</OSrc>
<ODst neg="False">
<ObjectRef ref="host-hostA"/>
<ObjectRef ref="id3B4572AF"/>
</ODst>
<OSrv neg="False">
<ServiceRef ref="sysid1"/>
</OSrv>
<TSrc neg="False">
<ObjectRef ref="id3AFC191C"/>
</TSrc>
<TDst neg="False">
<ObjectRef ref="sysid0"/>
</TDst>
<TSrv neg="False">
<ServiceRef ref="sysid1"/>
</TSrv>
<NATRuleOptions/>
</NATRule>
<NATRule disabled="True" id="id3E894DE7" position="6">
<OSrc neg="False">
<ObjectRef ref="sysid0"/>
</OSrc>
<ODst neg="False">
<ObjectRef ref="id3AFADBF9"/>
</ODst>
<OSrv neg="False">
<ServiceRef ref="sysid1"/>
</OSrv>
<TSrc neg="False">
<ObjectRef ref="sysid0"/>
</TSrc>
<TDst neg="False">
<ObjectRef ref="host-hostA"/>
</TDst>
<TSrv neg="False">
<ServiceRef ref="sysid1"/>
</TSrv>
<NATRuleOptions/>
</NATRule>
<NATRule disabled="False" id="id3AFB69BD" position="7">
<OSrc neg="False">
<ObjectRef ref="sysid0"/>
</OSrc>
<ODst neg="False">
<ObjectRef ref="id3AFADBF9"/>
</ODst>
<OSrv neg="False">
<ServiceRef ref="tcp-HTTP"/>
<ServiceRef ref="tcp-NNTP"/>
</OSrv>
<TSrc neg="False">
<ObjectRef ref="sysid0"/>
</TSrc>
<TDst neg="False">
<ObjectRef ref="host-hostA"/>
</TDst>
<TSrv neg="False">
<ServiceRef ref="sysid1"/>
</TSrv>
<NATRuleOptions/>
</NATRule>
<NATRule comment="load balancing rule" disabled="False" id="id3DEA6769" position="8">
<OSrc neg="False">
<ObjectRef ref="sysid0"/>
</OSrc>
<ODst neg="False">
<ObjectRef ref="id3AFADBF9"/>
</ODst>
<OSrv neg="False">
<ServiceRef ref="tcp-HTTP"/>
</OSrv>
<TSrc neg="False">
<ObjectRef ref="sysid0"/>
</TSrc>
<TDst neg="False">
<ObjectRef ref="host-hostA"/>
<ObjectRef ref="host-hostB"/>
<ObjectRef ref="id3D58227A"/>
</TDst>
<TSrv neg="False">
<ServiceRef ref="sysid1"/>
</TSrv>
<NATRuleOptions/>
</NATRule>
<NATRule comment="load balancing rule" disabled="False" id="id3DEA8105" position="9">
<OSrc neg="False">
<ObjectRef ref="sysid0"/>
</OSrc>
<ODst neg="False">
<ObjectRef ref="id3AFADBF9"/>
</ODst>
<OSrv neg="False">
<ServiceRef ref="tcp-HTTP"/>
</OSrv>
<TSrc neg="False">
<ObjectRef ref="sysid0"/>
</TSrc>
<TDst neg="False">
<ObjectRef ref="id3DEA7FEE"/>
</TDst>
<TSrv neg="False">
<ServiceRef ref="sysid1"/>
</TSrv>
<NATRuleOptions/>
</NATRule>
<NATRule disabled="False" id="id3D265545" position="10">
<OSrc neg="False">
<ObjectRef ref="net-Internal_net"/>
</OSrc>
<ODst neg="False">
<ObjectRef ref="id3D265477"/>
</ODst>
<OSrv neg="False">
<ServiceRef ref="sysid1"/>
</OSrv>
<TSrc neg="False">
<ObjectRef ref="id3D265845"/>
</TSrc>
<TDst neg="False">
<ObjectRef ref="sysid0"/>
</TDst>
<TSrv neg="False">
<ServiceRef ref="sysid1"/>
</TSrv>
<NATRuleOptions/>
</NATRule>
<NATRule disabled="False" id="id3D265556" position="11">
<OSrc neg="False">
<ObjectRef ref="sysid0"/>
</OSrc>
<ODst neg="False">
<ObjectRef ref="id3D26547B"/>
</ODst>
<OSrv neg="False">
<ServiceRef ref="tcp-HTTP"/>
</OSrv>
<TSrc neg="False">
<ObjectRef ref="sysid0"/>
</TSrc>
<TDst neg="False">
<ObjectRef ref="id3D265477"/>
</TDst>
<TSrv neg="False">
<ServiceRef ref="sysid1"/>
</TSrv>
<NATRuleOptions/>
</NATRule>
<NATRule disabled="False" id="id3BEEF6D2" position="12">
<OSrc neg="False">
<ObjectRef ref="sysid0"/>
</OSrc>
<ODst neg="False">
<ObjectRef ref="id3AFC0F70"/>
</ODst>
<OSrv neg="False">
<ServiceRef ref="tcp-NNTP"/>
</OSrv>
<TSrc neg="False">
<ObjectRef ref="sysid0"/>
</TSrc>
<TDst neg="False">
<ObjectRef ref="host-hostA"/>
</TDst>
<TSrv neg="False">
<ServiceRef ref="sysid1"/>
</TSrv>
<NATRuleOptions/>
</NATRule>
<NATRule disabled="False" id="id3BD67563" position="13">
<OSrc neg="False">
<ObjectRef ref="host-hostB"/>
</OSrc>
<ODst neg="False">
<ObjectRef ref="sysid0"/>
</ODst>
<OSrv neg="False">
<ServiceRef ref="sysid1"/>
</OSrv>
<TSrc neg="False">
<ObjectRef ref="id3BD6736B"/>
</TSrc>
<TDst neg="False">
<ObjectRef ref="sysid0"/>
</TDst>
<TSrv neg="False">
<ServiceRef ref="sysid1"/>
</TSrv>
<NATRuleOptions>
<Option name="id"/>
</NATRuleOptions>
</NATRule>
<NATRule disabled="True" id="id3BD6757E" position="14">
<OSrc neg="False">
<ObjectRef ref="sysid0"/>
</OSrc>
<ODst neg="False">
<ObjectRef ref="id3BD6736B"/>
</ODst>
<OSrv neg="False">
<ServiceRef ref="sysid1"/>
</OSrv>
<TSrc neg="False">
<ObjectRef ref="sysid0"/>
</TSrc>
<TDst neg="False">
<ObjectRef ref="host-hostB"/>
</TDst>
<TSrv neg="False">
<ServiceRef ref="sysid1"/>
</TSrv>
<NATRuleOptions/>
</NATRule>
<NATRule comment="NETMAP " disabled="False" id="id3B66568B" position="15">
<OSrc neg="False">
<ObjectRef ref="net-Internal_net"/>
</OSrc>
<ODst neg="False">
<ObjectRef ref="sysid0"/>
</ODst>
<OSrv neg="False">
<ServiceRef ref="sysid1"/>
</OSrv>
<TSrc neg="False">
<ObjectRef ref="id3B665641"/>
</TSrc>
<TDst neg="False">
<ObjectRef ref="sysid0"/>
</TDst>
<TSrv neg="False">
<ServiceRef ref="sysid1"/>
</TSrv>
<NATRuleOptions/>
</NATRule>
<NATRule comment="NETMAP" disabled="True" id="id3B6656EF" position="16">
<OSrc neg="False">
<ObjectRef ref="sysid0"/>
</OSrc>
<ODst neg="False">
<ObjectRef ref="id3B665641"/>
</ODst>
<OSrv neg="False">
<ServiceRef ref="sysid1"/>
</OSrv>
<TSrc neg="False">
<ObjectRef ref="sysid0"/>
</TSrc>
<TDst neg="False">
<ObjectRef ref="net-Internal_net"/>
</TDst>
<TSrv neg="False">
<ServiceRef ref="sysid1"/>
</TSrv>
<NATRuleOptions/>
</NATRule>
<NATRule disabled="False" id="id3AFB69F7" position="17">
<OSrc neg="False">
<ObjectRef ref="sysid0"/>
</OSrc>
<ODst neg="False">
<ObjectRef ref="id3AFB66C6"/>
</ODst>
<OSrv neg="False">
<ServiceRef ref="id3B20468D"/>
</OSrv>
<TSrc neg="False">
<ObjectRef ref="sysid0"/>
</TSrc>
<TDst neg="False">
<ObjectRef ref="host-hostA"/>
</TDst>
<TSrv neg="False">
<ServiceRef ref="id3B20468D"/>
</TSrv>
<NATRuleOptions/>
</NATRule>
<NATRule disabled="False" id="id3B7313C4" position="18">
<OSrc neg="False">
<ObjectRef ref="sysid0"/>
</OSrc>
<ODst neg="False">
<ObjectRef ref="id3AFADBF9"/>
</ODst>
<OSrv neg="False">
<ServiceRef ref="tcp-HTTP"/>
</OSrv>
<TSrc neg="False">
<ObjectRef ref="sysid0"/>
</TSrc>
<TDst neg="False">
<ObjectRef ref="host-hostA"/>
</TDst>
<TSrv neg="False">
<ServiceRef ref="tcp-SMTP"/>
</TSrv>
<NATRuleOptions/>
</NATRule>
<NATRule disabled="False" id="id3DF6D103" position="19">
<OSrc neg="False">
<ObjectRef ref="net-Internal_net"/>
</OSrc>
<ODst neg="False">
<ObjectRef ref="id3B022266"/>
</ODst>
<OSrv neg="False">
<ServiceRef ref="tcp-FTP"/>
</OSrv>
<TSrc neg="False">
<ObjectRef ref="sysid0"/>
</TSrc>
<TDst neg="False">
<ObjectRef ref="sysid0"/>
</TDst>
<TSrv neg="False">
<ServiceRef ref="sysid1"/>
</TSrv>
<NATRuleOptions/>
</NATRule>
<NATRule comment="" disabled="False" id="id3DF6D242" position="20">
<OSrc neg="False">
<ObjectRef ref="net-Internal_net"/>
</OSrc>
<ODst neg="False">
<ObjectRef ref="id3B022266"/>
</ODst>
<OSrv neg="False">
<ServiceRef ref="tcp-FTP"/>
<ServiceRef ref="id3AEDBEAC"/>
</OSrv>
<TSrc neg="False">
<ObjectRef ref="sysid0"/>
</TSrc>
<TDst neg="False">
<ObjectRef ref="sysid0"/>
</TDst>
<TSrv neg="False">
<ServiceRef ref="sysid1"/>
</TSrv>
<NATRuleOptions/>
</NATRule>
<NATRule comment="" disabled="False" id="id3F2E9A08" position="21">
<OSrc neg="False">
<ObjectRef ref="net-Internal_net"/>
</OSrc>
<ODst neg="False">
<ObjectRef ref="id3B022266"/>
</ODst>
<OSrv neg="False">
<ServiceRef ref="tcp-HTTP"/>
</OSrv>
<TSrc neg="False">
<ObjectRef ref="sysid0"/>
</TSrc>
<TDst neg="False">
<ObjectRef ref="sysid0"/>
</TDst>
<TSrv neg="False">
<ServiceRef ref="sysid1"/>
</TSrv>
<NATRuleOptions/>
</NATRule>
<NATRule comment="" disabled="False" id="id3F2E9B78" position="22">
<OSrc neg="False">
<ObjectRef ref="net-Internal_net"/>
</OSrc>
<ODst neg="False">
<ObjectRef ref="id3B022266"/>
</ODst>
<OSrv neg="False">
<ServiceRef ref="tcp-All_TCP"/>
</OSrv>
<TSrc neg="False">
<ObjectRef ref="sysid0"/>
</TSrc>
<TDst neg="False">
<ObjectRef ref="sysid0"/>
</TDst>
<TSrv neg="False">
<ServiceRef ref="sysid1"/>
</TSrv>
<NATRuleOptions/>
</NATRule>
<NATRule comment="" disabled="False" id="id3F2E9CF2" position="23">
<OSrc neg="False">
<ObjectRef ref="net-Internal_net"/>
</OSrc>
<ODst neg="False">
<ObjectRef ref="id3B022266"/>
</ODst>
<OSrv neg="False">
<ServiceRef ref="sysid1"/>
</OSrv>
<TSrc neg="False">
<ObjectRef ref="sysid0"/>
</TSrc>
<TDst neg="False">
<ObjectRef ref="sysid0"/>
</TDst>
<TSrv neg="False">
<ServiceRef ref="sysid1"/>
</TSrv>
<NATRuleOptions/>
</NATRule>
</NAT>
<Policy id="id3AFB66E4" name="Policy">
<PolicyRule action="Deny" comment="Anti-spoofing rule" direction="Inbound" disabled="False" id="id3AFB6708" log="True" position="0">
<Src neg="False">
<ObjectRef ref="net-Internal_net"/>
<ObjectRef ref="id3AFB66C6"/>
</Src>
<Dst neg="False">
<ObjectRef ref="sysid0"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="sysid1"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="id3AFB6706"/>
</Itf>
<PolicyRuleOptions>
<Option name="action_on_reject"/>
<Option name="limit_suffix"/>
<Option name="limit_value">0</Option>
<Option name="log_prefix">Iface: %I RULE %N -- %A **</Option>
<Option name="stateless">True</Option>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule action="Deny" comment="Anti-spoofing rule" direction="Outbound" disabled="False" id="id3AFB6710" log="True" position="1">
<Src neg="True">
<ObjectRef ref="net-Internal_net"/>
<ObjectRef ref="id3AFB66C6"/>
</Src>
<Dst neg="False">
<ObjectRef ref="sysid0"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="sysid1"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="id3AFB6706"/>
</Itf>
<PolicyRuleOptions>
<Option name="action_on_reject"/>
<Option name="limit_suffix"/>
<Option name="limit_value">0</Option>
<Option name="log_prefix">Iface: %I RULE %N -- %A **</Option>
<Option name="stateless">True</Option>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule action="Deny" comment="block fragments" direction="Both" disabled="False" id="id3AFB66E5" log="True" position="2">
<Src neg="False">
<ObjectRef ref="sysid0"/>
</Src>
<Dst neg="False">
<ObjectRef ref="sysid0"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="ip-IP_Fragments"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="sysid0"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions>
<Option name="id"/>
<Option name="stateless">True</Option>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule action="Reject" comment="sends TCP RST and makes custom record in the log" direction="Both" disabled="False" id="id3B0C6FD2" log="True" position="3">
<Src neg="False">
<ObjectRef ref="sysid0"/>
</Src>
<Dst neg="False">
<ObjectRef ref="sysid0"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="tcp-Auth"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="sysid0"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions>
<Option name="action_on_reject">TCP RST</Option>
<Option name="ipf_keep_frags">False</Option>
<Option name="ipf_return_icmp_as_dest">False</Option>
<Option name="limit_suffix"/>
<Option name="limit_value">0</Option>
<Option name="log_prefix">IDENT</Option>
<Option name="stateless">True</Option>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule action="Reject" comment="sends TCP RST and makes custom record in the log" direction="Both" disabled="False" id="id3D333A66" log="True" position="4">
<Src neg="False">
<ObjectRef ref="sysid0"/>
</Src>
<Dst neg="False">
<ObjectRef ref="sysid0"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="udp-SNMP"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="sysid0"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions>
<Option name="action_on_reject"/>
<Option name="ipf_keep_frags">False</Option>
<Option name="ipf_return_icmp_as_dest">False</Option>
<Option name="limit_suffix"/>
<Option name="limit_value">0</Option>
<Option name="log_prefix">IDENT</Option>
<Option name="stateless">True</Option>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule action="Accept" direction="Both" disabled="False" id="id3D8FF63F" log="False" position="5">
<Src neg="False">
<ObjectRef ref="id3B4572AF"/>
<ObjectRef ref="id3D8FF5EC"/>
</Src>
<Dst neg="False">
<ObjectRef ref="id3B19C5EB"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="sysid1"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="sysid0"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions/>
</PolicyRule>
<PolicyRule action="Accept" comment="" direction="Both" disabled="False" id="id3D8FF660" log="False" position="6">
<Src neg="False">
<ObjectRef ref="id3B19C5EB"/>
</Src>
<Dst neg="False">
<ObjectRef ref="id3B4572AF"/>
<ObjectRef ref="id3D8FF5EC"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="sysid1"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="sysid0"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions/>
</PolicyRule>
<PolicyRule action="Accept" comment="'masquerading' rule" direction="Both" disabled="False" id="id3AFB66EF" log="False" position="7">
<Src neg="False">
<ObjectRef ref="net-Internal_net"/>
</Src>
<Dst neg="False">
<ObjectRef ref="sysid0"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="sysid1"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="sysid0"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions>
<Option name="id"/>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule action="Accept" comment="host-fw2 has the same address as &#10; one of the firewall's interfaces" direction="Both" disabled="False" id="id3C447B8D" log="True" position="8">
<Src neg="False">
<ObjectRef ref="sysid0"/>
</Src>
<Dst neg="False">
<ObjectRef ref="id3AFC0F70"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="tcp-FTP"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="sysid0"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions/>
</PolicyRule>
<PolicyRule action="Accept" direction="Both" disabled="False" id="id3C447BCB" log="True" position="9">
<Src neg="False">
<ObjectRef ref="sysid0"/>
</Src>
<Dst neg="False">
<ObjectRef ref="id3AFB66C6"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="tcp-FTP"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="sysid0"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions/>
</PolicyRule>
<PolicyRule action="Deny" comment="'catch all' rule" direction="Both" disabled="False" id="id3AFB66F9" log="True" position="10">
<Src neg="False">
<ObjectRef ref="sysid0"/>
</Src>
<Dst neg="False">
<ObjectRef ref="sysid0"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="sysid1"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="sysid0"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions>
<Option name="id"/>
<Option name="stateless">True</Option>
</PolicyRuleOptions>
</PolicyRule>
</Policy>
<Routing id="id3AFB66C6-routing" name="Routing">
</Routing>
<Interface bridgeport="False" dyn="False" id="id3AFB6703" name="eth0" security_level="100" unnum="False" unprotected="False">
<IPv4 address="192.168.1.1" id="id3AFB6703-ipv4" name="address" netmask="255.255.255.0"/>
</Interface>
<Interface bridgeport="False" dyn="False" id="id3AFB6706" name="eth1" security_level="0" unnum="False" unprotected="False">
<IPv4 address="22.22.22.22" id="id3AFB6706-ipv4" name="address" netmask="255.255.255.0"/>
</Interface>
<Interface bridgeport="False" dyn="False" id="id3AFB68D2" name="eth3" security_level="0" unnum="False" unprotected="False">
<IPv4 address="22.22.23.23" id="id3AFB68D2-ipv4" name="address" netmask="255.255.255.0"/>
</Interface>
<Interface bridgeport="False" dyn="False" id="id3B0221F1" name="eth2" security_level="100" unnum="False" unprotected="False">
<IPv4 address="192.168.2.1" id="id3B0221F1-ipv4" name="address" netmask="255.255.255.0"/>
</Interface>
<Interface bridgeport="False" dyn="False" id="id3CD2449F" label="" name="lo" security_level="100" unnum="False" unprotected="False">
<IPv4 address="127.0.0.1" id="id3CD2449F-ipv4" name="address" netmask="255.0.0.0"/>
</Interface>
<Management address="127.0.0.1">
<SNMPManagement enabled="False" snmp_read_community="public" snmp_write_community=""/>
<FWBDManagement enabled="True" identity="" port="9999"/>
<PolicyInstallScript arguments="" command="" enabled="False"/>
</Management>
<FirewallOptions>
<Option name="accept_established">True</Option>
<Option name="accept_new_tcp_with_no_syn">True</Option>
<Option name="action_on_reject">ICMP net unreachable</Option>
<Option name="check_shading">False</Option>
<Option name="clamp_mss_to_mtu">False</Option>
<Option name="cmdline"/>
<Option name="compiler"/>
<Option name="debug">False</Option>
<Option name="dyn_addr">False</Option>
<Option name="eliminate_duplicates">True</Option>
<Option name="firewall_dir"/>
<Option name="firewall_is_part_of_any">True</Option>
<Option name="firewall_is_part_of_any_and_networks">True</Option>
<Option name="freebsd_path_ipf"/>
<Option name="freebsd_path_ipnat"/>
<Option name="freebsd_path_sysctl"/>
<Option name="id"/>
<Option name="ignore_empty_groups">False</Option>
<Option name="in_out_code">True</Option>
<Option name="inst_cmdline"/>
<Option name="inst_script"/>
<Option name="install_script"/>
<Option name="ipf_log_body">False</Option>
<Option name="ipf_log_facility"/>
<Option name="ipf_log_level"/>
<Option name="ipf_log_or_block">False</Option>
<Option name="ipf_nat_ftp_proxy">True</Option>
<Option name="ipf_nat_h323_proxy">True</Option>
<Option name="ipf_nat_ipsec_proxy">True</Option>
<Option name="ipf_nat_raudio_proxy">True</Option>
<Option name="ipf_nat_rcmd_proxy">True</Option>
<Option name="ipf_return_icmp_as_dest">True</Option>
<Option name="limit_suffix">/second</Option>
<Option name="limit_value">0</Option>
<Option name="linux24_accept_redirects">0</Option>
<Option name="linux24_accept_source_route">0</Option>
<Option name="linux24_icmp_echo_ignore_all">1</Option>
<Option name="linux24_icmp_ignore_bogus_error_responses">1</Option>
<Option name="linux24_ip_forward">1</Option>
<Option name="linux24_log_martians">1</Option>
<Option name="linux24_rp_filter">1</Option>
<Option name="linux24_tcp_fin_timeout">30</Option>
<Option name="linux24_tcp_keepalive_interval">1800</Option>
<Option name="load_modules">False</Option>
<Option name="log_all_dropped">True</Option>
<Option name="log_ip_opt">False</Option>
<Option name="log_level">debug</Option>
<Option name="log_limit_suffix">/second</Option>
<Option name="log_limit_value">0</Option>
<Option name="log_prefix">RULE %N - %A **</Option>
<Option name="log_tcp_opt">False</Option>
<Option name="log_tcp_seq">False</Option>
<Option name="manage_virtual_addr">True</Option>
<Option name="modulate_state">False</Option>
<Option name="no_iochains_for_any">False</Option>
<Option name="no_optimisation">False</Option>
<Option name="pass_all_out">False</Option>
<Option name="pf_return_icmp_as_dest">True</Option>
<Option name="platform">iptables</Option>
<Option name="proxy_arp">True</Option>
<Option name="script_env_path"/>
<Option name="snmp_contact"/>
<Option name="snmp_description"/>
<Option name="snmp_location"/>
<Option name="use_ip_tool">True</Option>
<Option name="use_numeric_log_levels">False</Option>
</FirewallOptions>
</Firewall>
<Firewall comment="this object is used to test a configuration where firewall has dynamic address " host_OS="freebsd" id="id3B0C6380" inactive="False" lastCompiled="1157929207" lastInstalled="0" lastModified="1188008818" name="firewall4" platform="ipf" ro="False" version="">
<NAT id="id3B0C6381" name="NAT">
<NATRule disabled="False" id="id3B0C6382" position="0">
<OSrc neg="False">
<ObjectRef ref="host-hostA"/>
</OSrc>
<ODst neg="False">
<ObjectRef ref="sysid0"/>
</ODst>
<OSrv neg="False">
<ServiceRef ref="sysid1"/>
</OSrv>
<TSrc neg="False">
<ObjectRef ref="id3B0C6380"/>
</TSrc>
<TDst neg="False">
<ObjectRef ref="sysid0"/>
</TDst>
<TSrv neg="False">
<ServiceRef ref="sysid1"/>
</TSrv>
<NATRuleOptions>
<Option name="id"/>
</NATRuleOptions>
</NATRule>
<NATRule comment="" disabled="False" id="id3D758531" position="1">
<OSrc neg="False">
<ObjectRef ref="host-hostA"/>
</OSrc>
<ODst neg="False">
<ObjectRef ref="sysid0"/>
</ODst>
<OSrv neg="False">
<ServiceRef ref="sysid1"/>
</OSrv>
<TSrc neg="False">
<ObjectRef ref="id3CD88A77"/>
</TSrc>
<TDst neg="False">
<ObjectRef ref="sysid0"/>
</TDst>
<TSrv neg="False">
<ServiceRef ref="sysid1"/>
</TSrv>
<NATRuleOptions>
<Option name="id"/>
</NATRuleOptions>
</NATRule>
<NATRule comment="" disabled="False" id="id3D75869D" position="2">
<OSrc neg="False">
<ObjectRef ref="host-hostA"/>
</OSrc>
<ODst neg="False">
<ObjectRef ref="sysid0"/>
</ODst>
<OSrv neg="False">
<ServiceRef ref="sysid1"/>
</OSrv>
<TSrc neg="False">
<ObjectRef ref="id3CD88A77-ipv4"/>
</TSrc>
<TDst neg="False">
<ObjectRef ref="sysid0"/>
</TDst>
<TSrv neg="False">
<ServiceRef ref="sysid1"/>
</TSrv>
<NATRuleOptions>
<Option name="id"/>
</NATRuleOptions>
</NATRule>
<NATRule comment="" disabled="False" id="id3D7586D1" position="3">
<OSrc neg="False">
<ObjectRef ref="host-hostA"/>
</OSrc>
<ODst neg="False">
<ObjectRef ref="sysid0"/>
</ODst>
<OSrv neg="False">
<ServiceRef ref="sysid1"/>
</OSrv>
<TSrc neg="False">
<ObjectRef ref="id3B0C63E1"/>
</TSrc>
<TDst neg="False">
<ObjectRef ref="sysid0"/>
</TDst>
<TSrv neg="False">
<ServiceRef ref="sysid1"/>
</TSrv>
<NATRuleOptions>
<Option name="id"/>
</NATRuleOptions>
</NATRule>
<NATRule comment="negation in NAT is not supported&#10;in ipf yet" disabled="True" id="id3B0C6390" position="4">
<OSrc neg="False">
<ObjectRef ref="net-Internal_net"/>
</OSrc>
<ODst neg="True">
<ObjectRef ref="id3B022266"/>
</ODst>
<OSrv neg="False">
<ServiceRef ref="sysid1"/>
</OSrv>
<TSrc neg="False">
<ObjectRef ref="id3B0C6380"/>
</TSrc>
<TDst neg="False">
<ObjectRef ref="sysid0"/>
</TDst>
<TSrv neg="False">
<ServiceRef ref="sysid1"/>
</TSrv>
<NATRuleOptions>
<Option name="id"/>
</NATRuleOptions>
</NATRule>
<NATRule disabled="False" id="id3B202AFF" position="5">
<OSrc neg="False">
<ObjectRef ref="sysid0"/>
</OSrc>
<ODst neg="False">
<ObjectRef ref="id3B0C6380"/>
</ODst>
<OSrv neg="False">
<ServiceRef ref="tcp-SSH"/>
</OSrv>
<TSrc neg="False">
<ObjectRef ref="sysid0"/>
</TSrc>
<TDst neg="False">
<ObjectRef ref="host-hostA"/>
</TDst>
<TSrv neg="False">
<ServiceRef ref="tcp-SSH"/>
</TSrv>
<NATRuleOptions/>
</NATRule>
<NATRule comment="" disabled="False" id="id3D757CC5" position="6">
<OSrc neg="False">
<ObjectRef ref="net-Internal_net"/>
</OSrc>
<ODst neg="False">
<ObjectRef ref="sysid0"/>
</ODst>
<OSrv neg="False">
<ServiceRef ref="tcp-HTTP"/>
<ServiceRef ref="id3B4FED69"/>
</OSrv>
<TSrc neg="False">
<ObjectRef ref="sysid0"/>
</TSrc>
<TDst neg="False">
<ObjectRef ref="id3B0C63F3-ipv4"/>
</TDst>
<TSrv neg="False">
<ServiceRef ref="id3B4FF09A"/>
</TSrv>
<NATRuleOptions/>
</NATRule>
<NATRule comment="" disabled="False" id="id3D757E01" position="7">
<OSrc neg="False">
<ObjectRef ref="net-Internal_net"/>
</OSrc>
<ODst neg="False">
<ObjectRef ref="sysid0"/>
</ODst>
<OSrv neg="False">
<ServiceRef ref="tcp-HTTP"/>
<ServiceRef ref="id3B4FED69"/>
</OSrv>
<TSrc neg="False">
<ObjectRef ref="sysid0"/>
</TSrc>
<TDst neg="False">
<ObjectRef ref="id3B0C63F3"/>
</TDst>
<TSrv neg="False">
<ServiceRef ref="id3B4FF09A"/>
</TSrv>
<NATRuleOptions/>
</NATRule>
<NATRule comment="" disabled="False" id="id3D757F29" position="8">
<OSrc neg="False">
<ObjectRef ref="net-Internal_net"/>
</OSrc>
<ODst neg="False">
<ObjectRef ref="sysid0"/>
</ODst>
<OSrv neg="False">
<ServiceRef ref="tcp-HTTP"/>
<ServiceRef ref="id3B4FED69"/>
</OSrv>
<TSrc neg="False">
<ObjectRef ref="sysid0"/>
</TSrc>
<TDst neg="False">
<ObjectRef ref="id3B0C6380"/>
</TDst>
<TSrv neg="False">
<ServiceRef ref="id3B4FF09A"/>
</TSrv>
<NATRuleOptions/>
</NATRule>
<NATRule disabled="True" id="id3E798041" position="9">
<OSrc neg="False">
<ObjectRef ref="net-Internal_net"/>
</OSrc>
<ODst neg="False">
<ObjectRef ref="id3CD88A77"/>
</ODst>
<OSrv neg="False">
<ServiceRef ref="tcp-HTTP"/>
</OSrv>
<TSrc neg="False">
<ObjectRef ref="id3B0C63DF"/>
</TSrc>
<TDst neg="False">
<ObjectRef ref="host-hostA"/>
</TDst>
<TSrv neg="False">
<ServiceRef ref="sysid1"/>
</TSrv>
<NATRuleOptions/>
</NATRule>
<NATRule comment="" disabled="False" id="id46CFC34328618" position="10">
<OSrc neg="False">
<ObjectRef ref="sysid0"/>
</OSrc>
<ODst neg="False">
<ObjectRef ref="sysid0"/>
</ODst>
<OSrv neg="False">
<ServiceRef ref="id3AECF77E"/>
</OSrv>
<TSrc neg="False">
<ObjectRef ref="id3B0C63E1"/>
</TSrc>
<TDst neg="False">
<ObjectRef ref="sysid0"/>
</TDst>
<TSrv neg="False">
<ServiceRef ref="sysid1"/>
</TSrv>
<NATRuleOptions/>
</NATRule>
</NAT>
<Policy id="id3B0C639E" name="Policy">
<PolicyRule action="Deny" comment="Anti-spoofing rule" direction="Inbound" disabled="False" id="id3B0C63E3" log="True" position="0">
<Src neg="False">
<ObjectRef ref="net-Internal_net"/>
<ObjectRef ref="id3B0C6380"/>
</Src>
<Dst neg="False">
<ObjectRef ref="sysid0"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="sysid1"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="id3B0C63E1"/>
</Itf>
<PolicyRuleOptions>
<Option name="stateless">True</Option>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule action="Deny" comment="Anti-spoofing rule" direction="Outbound" disabled="False" id="id3B0C63EB" log="True" position="1">
<Src neg="True">
<ObjectRef ref="net-Internal_net"/>
<ObjectRef ref="id3B0C6380"/>
</Src>
<Dst neg="False">
<ObjectRef ref="sysid0"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="sysid1"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="id3B0C63E1"/>
</Itf>
<PolicyRuleOptions>
<Option name="stateless">True</Option>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule action="Deny" direction="Both" disabled="False" id="id3B54C977" log="True" position="2">
<Src neg="False">
<ObjectRef ref="sysid0"/>
</Src>
<Dst neg="False">
<ObjectRef ref="sysid0"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="icmp-ping_request"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="id3B0C63E1"/>
</Itf>
<PolicyRuleOptions>
<Option name="stateless">True</Option>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule action="Deny" direction="Both" disabled="False" id="id3B54F071" log="True" position="3">
<Src neg="True">
<ObjectRef ref="id3B022266"/>
</Src>
<Dst neg="False">
<ObjectRef ref="sysid0"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="icmp-ping_request"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="id3B0C63E1"/>
</Itf>
<PolicyRuleOptions>
<Option name="stateless">True</Option>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule action="Accept" comment="hostF has the same IP address as firewal." disabled="False" id="id3B0C639F" log="True" position="4">
<Src neg="False">
<ObjectRef ref="sysid0"/>
</Src>
<Dst neg="False">
<ObjectRef ref="id3AFC191C"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="icmp-ping_request"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="sysid0"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions>
<Option name="id"/>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule action="Deny" comment="testing negation in the policy rule" disabled="False" id="id3B0C63A9" log="True" position="5">
<Src neg="True">
<ObjectRef ref="host-hostA"/>
<ObjectRef ref="host-hostB"/>
</Src>
<Dst neg="False">
<ObjectRef ref="sysid0"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="icmp-Unreachables"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="sysid0"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions>
<Option name="id"/>
<Option name="stateless">True</Option>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule action="Deny" comment="" disabled="False" id="id3B0C63B4" log="True" position="6">
<Src neg="True">
<ObjectRef ref="host-hostA"/>
<ObjectRef ref="host-hostB"/>
</Src>
<Dst neg="False">
<ObjectRef ref="id3B0C6380"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="icmp-Unreachables"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="sysid0"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions>
<Option name="id"/>
<Option name="stateless">True</Option>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule action="Deny" comment="testing negation in service field" disabled="True" id="id3B0C63BF" log="True" position="7">
<Src neg="False">
<ObjectRef ref="sysid0"/>
</Src>
<Dst neg="False">
<ObjectRef ref="host-hostA"/>
<ObjectRef ref="host-hostB"/>
</Dst>
<Srv neg="True">
<ServiceRef ref="tcp-SMTP"/>
<ServiceRef ref="tcp-SSH"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="sysid0"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions>
<Option name="id"/>
<Option name="stateless">True</Option>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule action="Accept" comment="'masquerading' rule" disabled="False" id="id3B0C63CB" log="False" position="8">
<Src neg="False">
<ObjectRef ref="net-Internal_net"/>
</Src>
<Dst neg="False">
<ObjectRef ref="sysid0"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="sysid1"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="sysid0"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions>
<Option name="id"/>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule action="Accept" disabled="True" id="id3D85069A" log="True" position="9">
<Src neg="False">
<ObjectRef ref="sysid0"/>
</Src>
<Dst neg="False">
<ObjectRef ref="id3D850651"/>
<ObjectRef ref="id3D58227E"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="sysid1"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="sysid0"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions/>
</PolicyRule>
<PolicyRule action="Deny" comment="'catch all' rule" disabled="False" id="id3B0C63D5" log="True" position="10">
<Src neg="False">
<ObjectRef ref="sysid0"/>
</Src>
<Dst neg="False">
<ObjectRef ref="sysid0"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="sysid1"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="sysid0"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions>
<Option name="id"/>
<Option name="stateless">True</Option>
</PolicyRuleOptions>
</PolicyRule>
</Policy>
<Routing id="id3B0C6380-routing" name="Routing">
</Routing>
<Interface bridgeport="False" dyn="False" id="id3B0C63DF" name="eth0" security_level="100" unnum="False" unprotected="False">
<IPv4 address="192.168.1.1" id="id3B0C63DF-ipv4" name="address" netmask="255.255.255.0"/>
</Interface>
<Interface bridgeport="False" dyn="True" id="id3B0C63E1" label="" name="eth1" security_level="0" unnum="False" unprotected="False">
<IPv4 address="0.0.0.0" comment="" id="id3B0C63E1-ipv4" name="firewall4:eth1" netmask="0.0.0.0"/>
</Interface>
<Interface bridgeport="False" dyn="False" id="id3B0C63F3" name="eth2" security_level="100" unnum="False" unprotected="False">
<IPv4 address="192.168.2.1" comment="" id="id3B0C63F3-ipv4" name="firewall4:eth2" netmask="255.255.255.0"/>
</Interface>
<Interface bridgeport="False" dyn="False" id="id3B0C63F5" name="lo" security_level="100" unnum="False" unprotected="False">
<IPv4 address="127.0.0.1" id="id3B0C63F5-ipv4" name="address" netmask="255.0.0.0"/>
</Interface>
<Interface bridgeport="False" dyn="False" id="id3CD88A77" label="" name="eth3" security_level="0" unnum="False" unprotected="False">
<IPv4 address="222.222.222.222" comment="" id="id3CD88A77-ipv4" name="firewall4:eth3" netmask="255.255.255.0"/>
</Interface>
<Management address="222.222.222.222">
<SNMPManagement enabled="False" snmp_read_community="public" snmp_write_community=""/>
<FWBDManagement enabled="True" identity="" port="9999"/>
<PolicyInstallScript arguments="" command="" enabled="False"/>
</Management>
<FirewallOptions>
<Option name="accept_established">False</Option>
<Option name="accept_new_tcp_with_no_syn">True</Option>
<Option name="action_on_reject">ICMP net unreachable</Option>
<Option name="activationCmd"/>
<Option name="admUser"/>
<Option name="altAddress"/>
<Option name="check_shading">False</Option>
<Option name="clamp_mss_to_mtu">False</Option>
<Option name="cmdline"/>
<Option name="compiler"/>
<Option name="configure_interfaces">False</Option>
<Option name="debug">False</Option>
<Option name="dynAddr">False</Option>
<Option name="dyn_addr">False</Option>
<Option name="eliminate_duplicates">True</Option>
<Option name="epilog_script"/>
<Option name="firewall_dir"/>
<Option name="firewall_is_part_of_any">True</Option>
<Option name="firewall_is_part_of_any_and_networks">True</Option>
<Option name="freebsd_path_ipf">/usr/sbin/ipf</Option>
<Option name="freebsd_path_ipnat">/usr/sbin/ipnat</Option>
<Option name="freebsd_path_sysctl"/>
<Option name="id"/>
<Option name="ignore_empty_groups">False</Option>
<Option name="in_out_code">True</Option>
<Option name="inst_cmdline"/>
<Option name="inst_script"/>
<Option name="install_script"/>
<Option name="ipf_log_body">False</Option>
<Option name="ipf_log_facility"/>
<Option name="ipf_log_level"/>
<Option name="ipf_log_or_block">False</Option>
<Option name="ipf_nat_ftp_proxy">True</Option>
<Option name="ipf_nat_h323_proxy">True</Option>
<Option name="ipf_nat_ipsec_proxy">True</Option>
<Option name="ipf_nat_irc_proxy">True</Option>
<Option name="ipf_nat_pptp_proxy">True</Option>
<Option name="ipf_nat_raudio_proxy">True</Option>
<Option name="ipf_nat_rcmd_proxy">True</Option>
<Option name="ipf_return_icmp_as_dest">False</Option>
<Option name="limit_suffix">/day</Option>
<Option name="limit_value">0</Option>
<Option name="linux24_ip_forward">0</Option>
<Option name="linux24_tcp_fin_timeout">30</Option>
<Option name="linux24_tcp_keepalive_interval">1800</Option>
<Option name="load_modules">False</Option>
<Option name="log_all_dropped">False</Option>
<Option name="log_ip_opt">False</Option>
<Option name="log_level">debug</Option>
<Option name="log_limit_suffix">/second</Option>
<Option name="log_limit_value">0</Option>
<Option name="log_prefix"/>
<Option name="log_tcp_opt">False</Option>
<Option name="log_tcp_seq">False</Option>
<Option name="manage_virtual_addr">True</Option>
<Option name="mgmt_addr"/>
<Option name="mgmt_ssh">False</Option>
<Option name="modulate_state">False</Option>
<Option name="no_iochains_for_any">False</Option>
<Option name="no_optimisation">False</Option>
<Option name="optimize">False</Option>
<Option name="output_file"/>
<Option name="pass_all_out">False</Option>
<Option name="platform">iptables</Option>
<Option name="prolog_script"/>
<Option name="proxy_arp">False</Option>
<Option name="script_env_path"/>
<Option name="snmp_contact"/>
<Option name="snmp_description"/>
<Option name="snmp_location"/>
<Option name="sshArgs"/>
<Option name="use_numeric_log_levels">False</Option>
</FirewallOptions>
</Firewall>
<Firewall comment="testing rules with broadcasts" host_OS="freebsd" id="id3C69BD4F" lastCompiled="1157929210" lastInstalled="0" lastModified="0" name="firewall7" platform="ipf" ro="False">
<NAT id="id3C69BD50" name="NAT">
</NAT>
<Policy id="id3C69BD51" name="Policy">
<PolicyRule action="Deny" direction="Inbound" disabled="False" id="id3C69BDE1" log="True" position="0">
<Src neg="False">
<ObjectRef ref="sysid0"/>
</Src>
<Dst neg="False">
<ObjectRef ref="id3B64FFAC"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="sysid1"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="id3C69BD5C"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions>
<Option name="stateless">True</Option>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule action="Deny" direction="Inbound" disabled="False" id="id3CF5B373" log="True" position="1">
<Src neg="False">
<ObjectRef ref="sysid0"/>
</Src>
<Dst neg="False">
<ObjectRef ref="id3C69BD4F"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="sysid1"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="id3C69BD5E"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions>
<Option name="stateless">True</Option>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule action="Accept" comment="" disabled="False" id="id3C69BF13" log="False" position="2">
<Src neg="False">
<ObjectRef ref="sysid0"/>
</Src>
<Dst neg="False">
<ObjectRef ref="id3B64FFAC"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="udp-bootpc"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="sysid0"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions/>
</PolicyRule>
</Policy>
<Routing id="id3C69BD4F-routing" name="Routing">
</Routing>
<Interface bridgeport="False" dyn="False" id="id3C69BD5C" name="eth0" security_level="100" unnum="False" unprotected="False">
<IPv4 address="192.168.1.1" id="id3C69BD5C-ipv4" name="address" netmask="255.255.255.0"/>
</Interface>
<Interface bridgeport="False" dyn="False" id="id3C69BD5E" name="eth1" security_level="0" unnum="False" unprotected="False">
<IPv4 address="22.22.22.22" id="id3C69BD5E-ipv4" name="address" netmask="255.255.255.0"/>
</Interface>
<Interface bridgeport="False" dyn="False" id="id3C69BD68" name="eth2" security_level="100" unnum="False" unprotected="False">
<IPv4 address="192.168.2.1" id="id3C69BD68-ipv4" name="address" netmask="255.255.255.0"/>
</Interface>
<Interface bridgeport="False" dyn="False" id="id3C69BD6A" name="lo" security_level="100" unnum="False" unprotected="False">
<IPv4 address="127.0.0.1" id="id3C69BD6A-ipv4" name="address" netmask="255.0.0.0"/>
</Interface>
<Interface bridgeport="False" dyn="False" id="id3C69BD6C" name="eth3" security_level="0" unnum="False" unprotected="False">
<IPv4 address="22.22.23.23" id="id3C69BD6C-ipv4" name="address" netmask="255.255.255.0"/>
</Interface>
<Management address="22.22.23.23">
<SNMPManagement enabled="False" snmp_read_community="public" snmp_write_community=""/>
<FWBDManagement enabled="True" identity="" port="9999"/>
<PolicyInstallScript arguments="" command="" enabled="False"/>
</Management>
<FirewallOptions>
<Option name="accept_established">True</Option>
<Option name="accept_new_tcp_with_no_syn">True</Option>
<Option name="action_on_reject">ICMP net unreachable</Option>
<Option name="check_shading">True</Option>
<Option name="clamp_mss_to_mtu">False</Option>
<Option name="cmdline"/>
<Option name="compiler"/>
<Option name="debug">False</Option>
<Option name="dyn_addr">False</Option>
<Option name="eliminate_duplicates">True</Option>
<Option name="firewall_dir"/>
<Option name="firewall_is_part_of_any">True</Option>
<Option name="firewall_is_part_of_any_and_networks">True</Option>
<Option name="freebsd_path_ipf"/>
<Option name="freebsd_path_ipnat"/>
<Option name="freebsd_path_sysctl"/>
<Option name="in_out_code">True</Option>
<Option name="inst_cmdline"/>
<Option name="inst_script"/>
<Option name="install_script"/>
<Option name="ipf_log_body">False</Option>
<Option name="ipf_log_facility"/>
<Option name="ipf_log_level"/>
<Option name="ipf_log_or_block">False</Option>
<Option name="ipf_nat_ftp_proxy">False</Option>
<Option name="ipf_nat_raudio_proxy">False</Option>
<Option name="ipf_nat_rcmd_proxy">False</Option>
<Option name="ipf_return_icmp_as_dest">False</Option>
<Option name="limit_suffix">/day</Option>
<Option name="limit_value">0</Option>
<Option name="linux24_ip_forward">0</Option>
<Option name="linux24_tcp_fin_timeout">30</Option>
<Option name="linux24_tcp_keepalive_interval">1800</Option>
<Option name="load_modules">False</Option>
<Option name="log_all_dropped">False</Option>
<Option name="log_ip_opt">False</Option>
<Option name="log_level">debug</Option>
<Option name="log_limit_suffix">/second</Option>
<Option name="log_limit_value">0</Option>
<Option name="log_prefix"/>
<Option name="log_tcp_opt">False</Option>
<Option name="log_tcp_seq">False</Option>
<Option name="manage_virtual_addr">True</Option>
<Option name="modulate_state">False</Option>
<Option name="no_iochains_for_any">False</Option>
<Option name="no_optimisation">False</Option>
<Option name="pass_all_out">False</Option>
<Option name="platform">iptables</Option>
<Option name="proxy_arp">False</Option>
<Option name="script_env_path"/>
<Option name="snmp_contact"/>
<Option name="snmp_description"/>
<Option name="snmp_location"/>
<Option name="use_ip_tool">False</Option>
<Option name="use_numeric_log_levels">False</Option>
</FirewallOptions>
</Firewall>
<Firewall comment="firewall protects host it is running on" host_OS="freebsd" id="id3AF5A2BA" lastCompiled="1157929215" lastInstalled="0" lastModified="0" name="host" platform="ipf" ro="False">
<NAT id="id3AF5A2BD" name="NAT">
</NAT>
<Policy id="id3AF5A2BC" name="Policy">
<PolicyRule action="Accept" direction="Both" disabled="False" id="id3BD8ECD0" log="True" position="0">
<Src neg="False">
<ObjectRef ref="id3AF5A2BA"/>
</Src>
<Dst neg="False">
<ObjectRef ref="id3AF5A2BA"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="sysid1"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="id3AF5A2CB"/>
</Itf>
<PolicyRuleOptions/>
</PolicyRule>
<PolicyRule action="Accept" comment="allow everything on loopback" direction="Inbound" disabled="False" id="id3AFB70C7" log="False" position="1">
<Src neg="False">
<ObjectRef ref="sysid0"/>
</Src>
<Dst neg="False">
<ObjectRef ref="id3AF5A2BA"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="sysid1"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="id3AFB7090"/>
</Itf>
<PolicyRuleOptions/>
</PolicyRule>
<PolicyRule action="Accept" comment="allow everything on loopback" direction="Outbound" disabled="False" id="id3AFB70CF" log="False" position="2">
<Src neg="False">
<ObjectRef ref="id3AF5A2BA"/>
</Src>
<Dst neg="False">
<ObjectRef ref="sysid0"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="sysid1"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="id3AFB7090"/>
</Itf>
<PolicyRuleOptions/>
</PolicyRule>
<PolicyRule action="Accept" direction="Both" disabled="False" id="id3BD8ECC6" log="True" position="3">
<Src neg="False">
<ObjectRef ref="id3AF5A2BA"/>
</Src>
<Dst neg="False">
<ObjectRef ref="id3AF5A2BA"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="sysid1"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="id3AFB7090"/>
</Itf>
<PolicyRuleOptions/>
</PolicyRule>
<PolicyRule action="Deny" comment="block fragments" direction="Both" disabled="False" id="id3AF5A74B" log="True" position="4">
<Src neg="False">
<ObjectRef ref="sysid0"/>
</Src>
<Dst neg="False">
<ObjectRef ref="id3AF5A2BA"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="ip-IP_Fragments"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="sysid0"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions>
<Option name="stateless">True</Option>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule action="Accept" direction="Both" disabled="False" id="id3AF5A73A" log="False" position="5">
<Src neg="False">
<ObjectRef ref="sysid0"/>
</Src>
<Dst neg="False">
<ObjectRef ref="id3AF5A2BA"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="tcp-SMTP"/>
<ServiceRef ref="tcp-HTTP"/>
<ServiceRef ref="tcp-SSH"/>
<ServiceRef ref="tcp-FTP"/>
<ServiceRef ref="tcp-Telnet"/>
<ServiceRef ref="icmp-Unreachables"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="sysid0"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions/>
</PolicyRule>
<PolicyRule action="Accept" comment="allow all outgoing connections" direction="Both" disabled="False" id="id3AF5A757" log="False" position="6">
<Src neg="False">
<ObjectRef ref="id3AF5A2BA"/>
</Src>
<Dst neg="False">
<ObjectRef ref="sysid0"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="sysid1"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="sysid0"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions/>
</PolicyRule>
<PolicyRule action="Deny" comment="'catch all' rule" direction="Both" disabled="False" id="id3AF5A762" log="True" position="7">
<Src neg="False">
<ObjectRef ref="sysid0"/>
</Src>
<Dst neg="False">
<ObjectRef ref="sysid0"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="sysid1"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="sysid0"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions>
<Option name="stateless">True</Option>
</PolicyRuleOptions>
</PolicyRule>
</Policy>
<Routing id="id3AF5A2BA-routing" name="Routing">
</Routing>
<Interface bridgeport="False" dyn="False" id="id3AF5A2CB" name="eth0" security_level="0" unnum="False" unprotected="False">
<IPv4 address="22.22.22.22" id="id3AF5A2CB-ipv4" name="address" netmask="255.255.255.0"/>
</Interface>
<Interface bridgeport="False" dyn="False" id="id3AFB7090" name="lo" security_level="100" unnum="False" unprotected="False">
<IPv4 address="127.0.0.1" id="id3AFB7090-ipv4" name="address" netmask="255.0.0.0"/>
</Interface>
<Management address="127.0.0.1">
<SNMPManagement enabled="False" snmp_read_community="public" snmp_write_community=""/>
<FWBDManagement enabled="True" identity="" port="9999"/>
<PolicyInstallScript arguments="" command="" enabled="False"/>
</Management>
<FirewallOptions>
<Option name="accept_established">True</Option>
<Option name="accept_new_tcp_with_no_syn">True</Option>
<Option name="action_on_reject">ICMP host prohibited</Option>
<Option name="check_shading">False</Option>
<Option name="clamp_mss_to_mtu">False</Option>
<Option name="cmdline"/>
<Option name="compiler"/>
<Option name="debug">False</Option>
<Option name="dyn_addr">False</Option>
<Option name="firewall_dir"/>
<Option name="firewall_is_part_of_any">True</Option>
<Option name="firewall_is_part_of_any_and_networks">True</Option>
<Option name="freebsd_path_ipf"/>
<Option name="freebsd_path_ipnat"/>
<Option name="freebsd_path_sysctl"/>
<Option name="in_out_code">True</Option>
<Option name="inst_cmdline"/>
<Option name="inst_script"/>
<Option name="install_script"/>
<Option name="ipf_log_body">False</Option>
<Option name="ipf_log_facility"/>
<Option name="ipf_log_level"/>
<Option name="ipf_log_or_block">False</Option>
<Option name="ipf_nat_ftp_proxy">False</Option>
<Option name="ipf_nat_raudio_proxy">False</Option>
<Option name="ipf_nat_rcmd_proxy">False</Option>
<Option name="ipf_return_icmp_as_dest">False</Option>
<Option name="limit_suffix">/day</Option>
<Option name="limit_value">0</Option>
<Option name="linux24_ip_forward">0</Option>
<Option name="linux24_tcp_fin_timeout">30</Option>
<Option name="linux24_tcp_keepalive_interval">1800</Option>
<Option name="load_modules">False</Option>
<Option name="log_all_dropped">False</Option>
<Option name="log_ip_opt">False</Option>
<Option name="log_level">debug</Option>
<Option name="log_limit_suffix"/>
<Option name="log_limit_value">0</Option>
<Option name="log_prefix"/>
<Option name="log_tcp_opt">False</Option>
<Option name="log_tcp_seq">False</Option>
<Option name="manage_virtual_addr">False</Option>
<Option name="modulate_state">False</Option>
<Option name="no_iochains_for_any">False</Option>
<Option name="no_optimisation">False</Option>
<Option name="pass_all_out">False</Option>
<Option name="platform">iptables</Option>
<Option name="script_env_path"/>
<Option name="snmp_contact"/>
<Option name="snmp_description"/>
<Option name="snmp_location"/>
<Option name="use_ip_tool">False</Option>
<Option name="use_numeric_log_levels">False</Option>
</FirewallOptions>
</Firewall>
<Firewall comment="" host_OS="freebsd" id="id3D582236" lastCompiled="1157929212" lastInstalled="0" lastModified="0" name="firewall8" platform="ipf" ro="False">
<NAT id="id3D58223A" name="NAT">
<NATRule disabled="False" id="id3D58237B" position="0">
<OSrc neg="False">
<ObjectRef ref="net-Internal_net"/>
</OSrc>
<ODst neg="False">
<ObjectRef ref="sysid0"/>
</ODst>
<OSrv neg="False">
<ServiceRef ref="sysid1"/>
</OSrv>
<TSrc neg="False">
<ObjectRef ref="id3D582236"/>
</TSrc>
<TDst neg="False">
<ObjectRef ref="sysid0"/>
</TDst>
<TSrv neg="False">
<ServiceRef ref="sysid1"/>
</TSrv>
<NATRuleOptions/>
</NATRule>
<NATRule comment="" disabled="False" id="id3D5823A5" position="1">
<OSrc neg="False">
<ObjectRef ref="net-Internal_net"/>
</OSrc>
<ODst neg="False">
<ObjectRef ref="sysid0"/>
</ODst>
<OSrv neg="False">
<ServiceRef ref="sysid1"/>
</OSrv>
<TSrc neg="False">
<ObjectRef ref="id3D582242"/>
</TSrc>
<TDst neg="False">
<ObjectRef ref="sysid0"/>
</TDst>
<TSrv neg="False">
<ServiceRef ref="sysid1"/>
</TSrv>
<NATRuleOptions/>
</NATRule>
<NATRule comment="" disabled="False" id="id3D5823B9" position="2">
<OSrc neg="False">
<ObjectRef ref="net-Internal_net"/>
</OSrc>
<ODst neg="False">
<ObjectRef ref="sysid0"/>
</ODst>
<OSrv neg="False">
<ServiceRef ref="sysid1"/>
</OSrv>
<TSrc neg="False">
<ObjectRef ref="id3D582244"/>
</TSrc>
<TDst neg="False">
<ObjectRef ref="sysid0"/>
</TDst>
<TSrv neg="False">
<ServiceRef ref="sysid1"/>
</TSrv>
<NATRuleOptions/>
</NATRule>
<NATRule disabled="False" id="id3D58245E" position="3">
<OSrc neg="False">
<ObjectRef ref="sysid0"/>
</OSrc>
<ODst neg="False">
<ObjectRef ref="id3D582236"/>
</ODst>
<OSrv neg="False">
<ServiceRef ref="tcp-SSH"/>
</OSrv>
<TSrc neg="False">
<ObjectRef ref="sysid0"/>
</TSrc>
<TDst neg="False">
<ObjectRef ref="id3D58227A"/>
</TDst>
<TSrv neg="False">
<ServiceRef ref="sysid1"/>
</TSrv>
<NATRuleOptions/>
</NATRule>
<NATRule disabled="False" id="id3D58236D" position="4">
<OSrc neg="False">
<ObjectRef ref="sysid0"/>
</OSrc>
<ODst neg="False">
<ObjectRef ref="id3D582236"/>
</ODst>
<OSrv neg="False">
<ServiceRef ref="tcp-SSH"/>
</OSrv>
<TSrc neg="False">
<ObjectRef ref="sysid0"/>
</TSrc>
<TDst neg="False">
<ObjectRef ref="id3D58227E"/>
</TDst>
<TSrv neg="False">
<ServiceRef ref="sysid1"/>
</TSrv>
<NATRuleOptions/>
</NATRule>
<NATRule disabled="False" id="id3D58235F" position="5">
<OSrc neg="False">
<ObjectRef ref="sysid0"/>
</OSrc>
<ODst neg="False">
<ObjectRef ref="id3D582236"/>
</ODst>
<OSrv neg="False">
<ServiceRef ref="tcp-SSH"/>
</OSrv>
<TSrc neg="False">
<ObjectRef ref="sysid0"/>
</TSrc>
<TDst neg="False">
<ObjectRef ref="id3D582282"/>
</TDst>
<TSrv neg="False">
<ServiceRef ref="sysid1"/>
</TSrv>
<NATRuleOptions/>
</NATRule>
<NATRule disabled="False" id="id3D582472" position="6">
<OSrc neg="False">
<ObjectRef ref="sysid0"/>
</OSrc>
<ODst neg="False">
<ObjectRef ref="id3D582236"/>
</ODst>
<OSrv neg="False">
<ServiceRef ref="tcp-SSH"/>
</OSrv>
<TSrc neg="False">
<ObjectRef ref="sysid0"/>
</TSrc>
<TDst neg="False">
<ObjectRef ref="id3D582283"/>
</TDst>
<TSrv neg="False">
<ServiceRef ref="sysid1"/>
</TSrv>
<NATRuleOptions/>
</NATRule>
<NATRule comment="" disabled="False" id="id3D58249D" position="7">
<OSrc neg="False">
<ObjectRef ref="sysid0"/>
</OSrc>
<ODst neg="False">
<ObjectRef ref="id3D582242"/>
</ODst>
<OSrv neg="False">
<ServiceRef ref="tcp-SSH"/>
</OSrv>
<TSrc neg="False">
<ObjectRef ref="sysid0"/>
</TSrc>
<TDst neg="False">
<ObjectRef ref="id3D582283"/>
</TDst>
<TSrv neg="False">
<ServiceRef ref="sysid1"/>
</TSrv>
<NATRuleOptions/>
</NATRule>
<NATRule comment="" disabled="False" id="id3D5825CC" position="8">
<OSrc neg="False">
<ObjectRef ref="sysid0"/>
</OSrc>
<ODst neg="False">
<ObjectRef ref="id3D582245"/>
</ODst>
<OSrv neg="False">
<ServiceRef ref="tcp-SSH"/>
</OSrv>
<TSrc neg="False">
<ObjectRef ref="sysid0"/>
</TSrc>
<TDst neg="False">
<ObjectRef ref="id3D582283"/>
</TDst>
<TSrv neg="False">
<ServiceRef ref="sysid1"/>
</TSrv>
<NATRuleOptions/>
</NATRule>
</NAT>
<Policy id="id3D582239" name="Policy">
<PolicyRule action="Accept" disabled="False" id="id3D5822AA" log="False" position="0">
<Src neg="False">
<ObjectRef ref="sysid0"/>
</Src>
<Dst neg="False">
<ObjectRef ref="id3D582236"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="tcp-SSH"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="sysid0"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions/>
</PolicyRule>
<PolicyRule action="Accept" disabled="False" id="id3D5822B5" log="False" position="1">
<Src neg="False">
<ObjectRef ref="sysid0"/>
</Src>
<Dst neg="False">
<ObjectRef ref="id3D582242"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="tcp-SSH"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="sysid0"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions/>
</PolicyRule>
<PolicyRule action="Accept" disabled="False" id="id3D582294" log="False" position="2">
<Src neg="False">
<ObjectRef ref="sysid0"/>
</Src>
<Dst neg="False">
<ObjectRef ref="id3D582244"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="tcp-SSH"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="sysid0"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions/>
</PolicyRule>
<PolicyRule action="Accept" disabled="False" id="id3D58228A" log="False" position="3">
<Src neg="False">
<ObjectRef ref="sysid0"/>
</Src>
<Dst neg="False">
<ObjectRef ref="id3D582245"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="tcp-SSH"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="sysid0"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions/>
</PolicyRule>
<PolicyRule action="Deny" disabled="False" id="id3D5822A0" log="True" position="4">
<Src neg="False">
<ObjectRef ref="sysid0"/>
</Src>
<Dst neg="False">
<ObjectRef ref="sysid0"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="sysid1"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="sysid0"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions>
<Option name="stateless">True</Option>
</PolicyRuleOptions>
</PolicyRule>
</Policy>
<Routing id="id3D582236-routing" name="Routing">
</Routing>
<Interface bridgeport="False" comment="" dyn="False" id="id3D58223F" label="" name="eth0" security_level="100" unnum="False" unprotected="False">
<IPv4 address="192.168.1.1" comment="" id="id3D582241" name="firewall8:eth0" netmask="255.255.255.0"/>
</Interface>
<Interface bridgeport="False" comment="" dyn="False" id="id3D582242" label="" name="eth1" security_level="0" unnum="False" unprotected="False">
<IPv4 address="33.33.33.33" comment="" id="id3D582244" name="firewall8:eth1:0" netmask="255.255.255.0"/>
<IPv4 address="33.33.33.34" comment="" id="id3D582245" name="firewall8:eth1:1" netmask="255.255.255.0"/>
</Interface>
<Interface bridgeport="False" comment="" dyn="False" id="id3E5F1E5D" label="" mgmt="False" name="lo" security_level="0" unnum="False" unprotected="False">
<IPv4 address="127.0.0.1" comment="" id="id3E5F1E5F" name="firewall8:lo(ip)" netmask="255.0.0.0"/>
</Interface>
<Interface bridgeport="False" comment="" dyn="True" id="id3EE260BD" label="" mgmt="False" name="ppp0" security_level="0" unnum="False" unprotected="False"/>
<Management address="33.33.33.33">
<SNMPManagement enabled="False" snmp_read_community="" snmp_write_community=""/>
<FWBDManagement enabled="True" identity="" port="9999"/>
<PolicyInstallScript arguments="" command="" enabled="False"/>
</Management>
<FirewallOptions>
<Option name="action_on_reject">ICMP host prohibited</Option>
<Option name="check_shading">False</Option>
<Option name="cmdline"/>
<Option name="compiler"/>
<Option name="debug">False</Option>
<Option name="eliminate_duplicates">True</Option>
<Option name="firewall_dir">/etc</Option>
<Option name="freebsd_ip_forward">1</Option>
<Option name="freebsd_path_ipf"/>
<Option name="freebsd_path_ipnat"/>
<Option name="freebsd_path_sysctl"/>
<Option name="ignore_empty_groups">False</Option>
<Option name="in_out_code">True</Option>
<Option name="ipf_log_body">False</Option>
<Option name="ipf_log_facility"/>
<Option name="ipf_log_level"/>
<Option name="ipf_log_or_block">False</Option>
<Option name="ipf_nat_ftp_proxy">False</Option>
<Option name="ipf_nat_raudio_proxy">False</Option>
<Option name="ipf_nat_rcmd_proxy">False</Option>
<Option name="ipf_return_icmp_as_dest">False</Option>
<Option name="manage_virtual_addr">False</Option>
<Option name="pass_all_out">False</Option>
<Option name="snmp_contact"/>
<Option name="snmp_description"/>
<Option name="snmp_location"/>
</FirewallOptions>
</Firewall>
<Firewall comment="" host_OS="freebsd" id="id3DF3D0AD" lastCompiled="1157929213" lastInstalled="0" lastModified="0" name="firewall9" platform="ipf" ro="False">
<NAT id="id3DF3D0AE" name="NAT">
<NATRule disabled="False" id="id3DF3D0AF" position="0">
<OSrc neg="False">
<ObjectRef ref="net-Internal_net"/>
</OSrc>
<ODst neg="False">
<ObjectRef ref="sysid0"/>
</ODst>
<OSrv neg="False">
<ServiceRef ref="sysid1"/>
</OSrv>
<TSrc neg="False">
<ObjectRef ref="id3DF3D0AD"/>
</TSrc>
<TDst neg="False">
<ObjectRef ref="sysid0"/>
</TDst>
<TSrv neg="False">
<ServiceRef ref="sysid1"/>
</TSrv>
<NATRuleOptions/>
</NATRule>
<NATRule comment="" disabled="False" id="id3DF3D0BD" position="1">
<OSrc neg="False">
<ObjectRef ref="net-Internal_net"/>
</OSrc>
<ODst neg="False">
<ObjectRef ref="sysid0"/>
</ODst>
<OSrv neg="False">
<ServiceRef ref="sysid1"/>
</OSrv>
<TSrc neg="False">
<ObjectRef ref="id3DF3D163"/>
</TSrc>
<TDst neg="False">
<ObjectRef ref="sysid0"/>
</TDst>
<TSrv neg="False">
<ServiceRef ref="sysid1"/>
</TSrv>
<NATRuleOptions/>
</NATRule>
<NATRule comment="" disabled="False" id="id3DF3D0CB" position="2">
<OSrc neg="False">
<ObjectRef ref="net-Internal_net"/>
</OSrc>
<ODst neg="False">
<ObjectRef ref="sysid0"/>
</ODst>
<OSrv neg="False">
<ServiceRef ref="sysid1"/>
</OSrv>
<TSrc neg="False">
<ObjectRef ref="sysid0"/>
</TSrc>
<TDst neg="False">
<ObjectRef ref="sysid0"/>
</TDst>
<TSrv neg="False">
<ServiceRef ref="sysid1"/>
</TSrv>
<NATRuleOptions/>
</NATRule>
<NATRule disabled="False" id="id3DF3D0D9" position="3">
<OSrc neg="False">
<ObjectRef ref="sysid0"/>
</OSrc>
<ODst neg="False">
<ObjectRef ref="id3DF3D0AD"/>
</ODst>
<OSrv neg="False">
<ServiceRef ref="tcp-SSH"/>
</OSrv>
<TSrc neg="False">
<ObjectRef ref="sysid0"/>
</TSrc>
<TDst neg="False">
<ObjectRef ref="id3D58227A"/>
</TDst>
<TSrv neg="False">
<ServiceRef ref="sysid1"/>
</TSrv>
<NATRuleOptions/>
</NATRule>
<NATRule disabled="False" id="id3DF3D0E7" position="4">
<OSrc neg="False">
<ObjectRef ref="sysid0"/>
</OSrc>
<ODst neg="False">
<ObjectRef ref="id3DF3D0AD"/>
</ODst>
<OSrv neg="False">
<ServiceRef ref="tcp-SSH"/>
</OSrv>
<TSrc neg="False">
<ObjectRef ref="sysid0"/>
</TSrc>
<TDst neg="False">
<ObjectRef ref="id3D58227E"/>
</TDst>
<TSrv neg="False">
<ServiceRef ref="sysid1"/>
</TSrv>
<NATRuleOptions/>
</NATRule>
<NATRule disabled="False" id="id3DF3D0F5" position="5">
<OSrc neg="False">
<ObjectRef ref="sysid0"/>
</OSrc>
<ODst neg="False">
<ObjectRef ref="id3DF3D0AD"/>
</ODst>
<OSrv neg="False">
<ServiceRef ref="tcp-SSH"/>
</OSrv>
<TSrc neg="False">
<ObjectRef ref="sysid0"/>
</TSrc>
<TDst neg="False">
<ObjectRef ref="id3DF3D160"/>
</TDst>
<TSrv neg="False">
<ServiceRef ref="sysid1"/>
</TSrv>
<NATRuleOptions/>
</NATRule>
<NATRule disabled="False" id="id3DF3D103" position="6">
<OSrc neg="False">
<ObjectRef ref="sysid0"/>
</OSrc>
<ODst neg="False">
<ObjectRef ref="id3DF3D0AD"/>
</ODst>
<OSrv neg="False">
<ServiceRef ref="tcp-SSH"/>
</OSrv>
<TSrc neg="False">
<ObjectRef ref="sysid0"/>
</TSrc>
<TDst neg="False">
<ObjectRef ref="id3D582283"/>
</TDst>
<TSrv neg="False">
<ServiceRef ref="sysid1"/>
</TSrv>
<NATRuleOptions/>
</NATRule>
<NATRule comment="" disabled="False" id="id3DF3D111" position="7">
<OSrc neg="False">
<ObjectRef ref="sysid0"/>
</OSrc>
<ODst neg="False">
<ObjectRef ref="id3DF3D163"/>
</ODst>
<OSrv neg="False">
<ServiceRef ref="tcp-SSH"/>
</OSrv>
<TSrc neg="False">
<ObjectRef ref="sysid0"/>
</TSrc>
<TDst neg="False">
<ObjectRef ref="id3D582283"/>
</TDst>
<TSrv neg="False">
<ServiceRef ref="sysid1"/>
</TSrv>
<NATRuleOptions/>
</NATRule>
<NATRule comment="" disabled="False" id="id3E65B753" position="8">
<OSrc neg="False">
<ObjectRef ref="sysid0"/>
</OSrc>
<ODst neg="False">
<ObjectRef ref="id3DF3D163"/>
</ODst>
<OSrv neg="False">
<ServiceRef ref="tcp-SSH"/>
</OSrv>
<TSrc neg="False">
<ObjectRef ref="sysid0"/>
</TSrc>
<TDst neg="False">
<ObjectRef ref="id3DF3D160"/>
</TDst>
<TSrv neg="False">
<ServiceRef ref="sysid1"/>
</TSrv>
<NATRuleOptions/>
</NATRule>
<NATRule comment="" disabled="False" id="id3DF3D11F" position="9">
<OSrc neg="False">
<ObjectRef ref="sysid0"/>
</OSrc>
<ODst neg="False">
<ObjectRef ref="sysid0"/>
</ODst>
<OSrv neg="False">
<ServiceRef ref="tcp-SSH"/>
</OSrv>
<TSrc neg="False">
<ObjectRef ref="sysid0"/>
</TSrc>
<TDst neg="False">
<ObjectRef ref="id3D582283"/>
</TDst>
<TSrv neg="False">
<ServiceRef ref="sysid1"/>
</TSrv>
<NATRuleOptions/>
</NATRule>
</NAT>
<Policy id="id3DF3D12D" name="Policy">
<PolicyRule action="Deny" direction="Inbound" disabled="False" id="id3DF3DFB0" log="True" position="0">
<Src neg="True">
<ObjectRef ref="id3B665643"/>
</Src>
<Dst neg="False">
<ObjectRef ref="sysid0"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="sysid1"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="id3DF3D163"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions>
<Option name="stateless">True</Option>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule action="Accept" direction="Inbound" disabled="False" id="id3DF3E09E" log="False" position="1">
<Src neg="False">
<ObjectRef ref="id3B665643"/>
</Src>
<Dst neg="False">
<ObjectRef ref="host-hostA"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="tcp-SSH"/>
<ServiceRef ref="sg-Useful_ICMP"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="id3DF3D163"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions/>
</PolicyRule>
<PolicyRule action="Accept" direction="Inbound" disabled="False" id="id3DF3D16E" log="False" position="2">
<Src neg="True">
<ObjectRef ref="net-Internal_net"/>
<ObjectRef ref="id3DF3D0AD"/>
</Src>
<Dst neg="False">
<ObjectRef ref="sysid0"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="sysid1"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="id3DF3D163"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions/>
</PolicyRule>
<PolicyRule action="Accounting" direction="Both" disabled="False" id="id3E5F1BBD" log="False" position="3">
<Src neg="False">
<ObjectRef ref="sysid0"/>
</Src>
<Dst neg="False">
<ObjectRef ref="sysid0"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="sysid1"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="sysid0"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions>
<Option name="stateless">True</Option>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule action="Accounting" direction="Both" disabled="False" id="id3E5F1BB3" log="True" position="4">
<Src neg="False">
<ObjectRef ref="sysid0"/>
</Src>
<Dst neg="False">
<ObjectRef ref="sysid0"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="sysid1"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="sysid0"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions>
<Option name="stateless">True</Option>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule action="Accept" direction="Both" disabled="False" id="id3DF3D12E" log="False" position="5">
<Src neg="False">
<ObjectRef ref="sysid0"/>
</Src>
<Dst neg="False">
<ObjectRef ref="id3DF3D0AD"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="tcp-SSH"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="sysid0"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions/>
</PolicyRule>
<PolicyRule action="Accept" direction="Both" disabled="False" id="id3DF3D563" log="False" position="6">
<Src neg="False">
<ObjectRef ref="net-Internal_net"/>
</Src>
<Dst neg="False">
<ObjectRef ref="sysid0"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="sysid1"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="sysid0"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions/>
</PolicyRule>
<PolicyRule action="Deny" direction="Both" disabled="False" id="id3DF3D156" log="True" position="7">
<Src neg="False">
<ObjectRef ref="sysid0"/>
</Src>
<Dst neg="False">
<ObjectRef ref="sysid0"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="sysid1"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="sysid0"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions>
<Option name="stateless">True</Option>
</PolicyRuleOptions>
</PolicyRule>
</Policy>
<Routing id="id3DF3D0AD-routing" name="Routing">
</Routing>
<Interface bridgeport="False" comment="" dyn="False" id="id3DF3D160" label="" mgmt="False" name="le0" security_level="100" unnum="False" unprotected="False">
<IPv4 address="192.168.1.1" comment="" id="id3DF3D161" name="firewall9:le0:ip" netmask="255.255.255.0"/>
</Interface>
<Interface bridgeport="False" comment="" dyn="False" id="id3DF3D163" label="" mgmt="False" name="le1" security_level="0" unnum="False" unprotected="False">
<IPv4 address="22.22.22.22" comment="" id="id3DF3D164" name="firewall9:le1:ip" netmask="255.255.255.0"/>
</Interface>
<Interface bridgeport="False" comment="" dyn="False" id="id3E5F2278" label="" mgmt="False" name="lo0" security_level="100" unnum="False" unprotected="False">
<IPv4 address="127.0.0.1" comment="" id="id3E5F227A" name="firewall9:lo(ip)" netmask="255.0.0.0"/>
</Interface>
<Management address="22.22.22.22">
<SNMPManagement enabled="False" snmp_read_community="" snmp_write_community=""/>
<FWBDManagement enabled="True" identity="" port="9999"/>
<PolicyInstallScript arguments="" command="" enabled="False"/>
</Management>
<FirewallOptions>
<Option name="action_on_reject">ICMP host prohibited</Option>
<Option name="check_shading">False</Option>
<Option name="cmdline"/>
<Option name="compiler"/>
<Option name="debug">False</Option>
<Option name="eliminate_duplicates">True</Option>
<Option name="firewall_dir">/etc</Option>
<Option name="freebsd_ip_forward">1</Option>
<Option name="freebsd_path_ipf"/>
<Option name="freebsd_path_ipnat"/>
<Option name="freebsd_path_sysctl"/>
<Option name="ignore_empty_groups">False</Option>
<Option name="in_out_code">True</Option>
<Option name="ipf_log_body">False</Option>
<Option name="ipf_log_facility"/>
<Option name="ipf_log_level"/>
<Option name="ipf_log_or_block">False</Option>
<Option name="ipf_nat_ftp_proxy">False</Option>
<Option name="ipf_nat_h323_proxy">False</Option>
<Option name="ipf_nat_ipsec_proxy">False</Option>
<Option name="ipf_nat_raudio_proxy">False</Option>
<Option name="ipf_nat_rcmd_proxy">False</Option>
<Option name="ipf_return_icmp_as_dest">False</Option>
<Option name="manage_virtual_addr">False</Option>
<Option name="pass_all_out">False</Option>
<Option name="snmp_contact"/>
<Option name="snmp_description"/>
<Option name="snmp_location"/>
</FirewallOptions>
</Firewall>
<Firewall comment="" host_OS="freebsd" id="id3FCA516A" inactive="False" lastCompiled="1157929196" lastInstalled="0" lastModified="1156049389" name="firewall10" platform="ipf" ro="False" version="">
<NAT id="id3FCA516B" name="NAT">
</NAT>
<Policy id="id3FCA51F8" name="Policy">
<PolicyRule action="Accounting" disabled="False" id="id3FCA51F9" log="False" position="0">
<Src neg="False">
<ObjectRef ref="sysid0"/>
</Src>
<Dst neg="False">
<ObjectRef ref="sysid0"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="sysid1"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="sysid0"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions>
<Option name="stateless">True</Option>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule action="Accept" disabled="False" id="id3FCA520D" log="False" position="1">
<Src neg="True">
<ObjectRef ref="host-hostA"/>
<ObjectRef ref="host-hostB"/>
<ObjectRef ref="id3D58227A"/>
<ObjectRef ref="id3FCA52D5"/>
<ObjectRef ref="id3FCA52DB"/>
</Src>
<Dst neg="False">
<ObjectRef ref="id3FCA558D"/>
<ObjectRef ref="id3FCA5593"/>
<ObjectRef ref="id3FCA534B"/>
<ObjectRef ref="id3FCA5351"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="tcp-HTTP"/>
<ServiceRef ref="tcp-FTP"/>
<ServiceRef ref="tcp-SMTP"/>
<ServiceRef ref="tcp-NNTP"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="sysid0"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions/>
</PolicyRule>
<PolicyRule action="Accept" disabled="False" id="id3FCC3AD6" log="False" position="2">
<Src neg="False">
<ObjectRef ref="net-Internal_net"/>
</Src>
<Dst neg="False">
<ObjectRef ref="id3FCA516A"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="sg-Useful_ICMP"/>
<ServiceRef ref="tcp-SSH"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="sysid0"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions/>
</PolicyRule>
<PolicyRule action="Deny" disabled="False" id="id3FCA5217" log="False" position="3">
<Src neg="False">
<ObjectRef ref="host-hostA"/>
<ObjectRef ref="host-hostB"/>
<ObjectRef ref="id3D58227A"/>
<ObjectRef ref="id3FCA52D5"/>
<ObjectRef ref="id3FCA52DB"/>
</Src>
<Dst neg="False">
<ObjectRef ref="id3FCA558D"/>
<ObjectRef ref="id3FCA5593"/>
<ObjectRef ref="id3FCA534B"/>
<ObjectRef ref="id3FCA5351"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="tcp-HTTP"/>
<ServiceRef ref="tcp-FTP"/>
<ServiceRef ref="tcp-SMTP"/>
<ServiceRef ref="tcp-NNTP"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="sysid0"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions>
<Option name="stateless">True</Option>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule action="Deny" comment="" disabled="False" id="id3FCC1E1A" log="False" position="4">
<Src neg="False">
<ObjectRef ref="host-hostA"/>
</Src>
<Dst neg="False">
<ObjectRef ref="id3FCA558D"/>
<ObjectRef ref="id3FCA5593"/>
<ObjectRef ref="id3FCA534B"/>
<ObjectRef ref="id3FCA5351"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="tcp-HTTP"/>
<ServiceRef ref="tcp-FTP"/>
<ServiceRef ref="tcp-SMTP"/>
<ServiceRef ref="tcp-NNTP"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="sysid0"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions>
<Option name="stateless">True</Option>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule action="Deny" comment="" disabled="False" id="id3FCC1E4F" log="False" position="5">
<Src neg="False">
<ObjectRef ref="host-hostA"/>
<ObjectRef ref="host-hostB"/>
<ObjectRef ref="id3D58227A"/>
<ObjectRef ref="id3FCA52D5"/>
<ObjectRef ref="id3FCA52DB"/>
</Src>
<Dst neg="False">
<ObjectRef ref="id3FCA558D"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="tcp-HTTP"/>
<ServiceRef ref="tcp-FTP"/>
<ServiceRef ref="tcp-SMTP"/>
<ServiceRef ref="tcp-NNTP"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="sysid0"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions>
<Option name="stateless">True</Option>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule action="Deny" comment="" disabled="False" id="id3FCC1EC3" log="False" position="6">
<Src neg="False">
<ObjectRef ref="host-hostA"/>
<ObjectRef ref="host-hostB"/>
<ObjectRef ref="id3D58227A"/>
<ObjectRef ref="id3FCA52D5"/>
<ObjectRef ref="id3FCA52DB"/>
</Src>
<Dst neg="False">
<ObjectRef ref="id3FCA558D"/>
<ObjectRef ref="id3FCA5593"/>
<ObjectRef ref="id3FCA534B"/>
<ObjectRef ref="id3FCA5351"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="tcp-HTTP"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="sysid0"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions>
<Option name="stateless">True</Option>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule action="Deny" disabled="False" id="id3FCA5221" log="True" position="7">
<Src neg="False">
<ObjectRef ref="sysid0"/>
</Src>
<Dst neg="False">
<ObjectRef ref="sysid0"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="sysid1"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="sysid0"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions>
<Option name="stateless">True</Option>
</PolicyRuleOptions>
</PolicyRule>
</Policy>
<Routing id="id3FCA516A-routing" name="Routing">
</Routing>
<Interface bridgeport="False" comment="" dyn="False" id="id3FCA522B" label="fw10:fxp0" mgmt="False" name="fxp0" security_level="100" unnum="False" unprotected="False">
<IPv4 address="192.168.1.1" comment="" id="id3FCA522C" name="firewall9:eth0" netmask="255.255.255.0"/>
</Interface>
<Interface bridgeport="False" comment="" dyn="False" id="id3FCA522E" label="fw10:fxp1" mgmt="False" name="fxp1" security_level="0" unnum="False" unprotected="False">
<IPv4 address="22.22.22.22" comment="" id="id3FCA522F" name="firewall9:eth1:0" netmask="255.255.255.0"/>
</Interface>
<Interface bridgeport="False" comment="" dyn="False" id="id3FCA5251" label="" mgmt="False" name="lo0" security_level="0" unnum="False" unprotected="False">
<IPv4 address="127.0.0.1" comment="" id="id3FCA5252" name="firewall9:lo(ip)" netmask="255.0.0.0"/>
</Interface>
<Interface bridgeport="False" comment="" dyn="False" id="id3FCA5535" label="fw10:fxp2" mgmt="False" name="fxp2" security_level="0" unnum="False" unprotected="False">
<IPv4 address="192.168.2.0" comment="" id="id3FCA5537" name="firewall10:fw10:fxp2(ip)" netmask="255.255.255.0"/>
</Interface>
<Management address="192.168.2.0">
<SNMPManagement enabled="False" snmp_read_community="" snmp_write_community=""/>
<FWBDManagement enabled="True" identity="" port="9999"/>
<PolicyInstallScript arguments="" command="" enabled="False"/>
</Management>
<FirewallOptions>
<Option name="accept_new_tcp_with_no_syn">False</Option>
<Option name="action_on_reject">ICMP host prohibited</Option>
<Option name="check_shading">False</Option>
<Option name="cmdline"/>
<Option name="compiler"/>
<Option name="configure_interfaces">False</Option>
<Option name="debug">False</Option>
<Option name="eliminate_duplicates">False</Option>
<Option name="firewall_dir">/etc</Option>
<Option name="freebsd_ip_forward">1</Option>
<Option name="freebsd_path_ipf"/>
<Option name="freebsd_path_ipnat"/>
<Option name="freebsd_path_sysctl"/>
<Option name="ignore_empty_groups">False</Option>
<Option name="in_out_code">False</Option>
<Option name="ipf_log_body">False</Option>
<Option name="ipf_log_facility"/>
<Option name="ipf_log_level"/>
<Option name="ipf_log_or_block">False</Option>
<Option name="ipf_nat_ftp_proxy">False</Option>
<Option name="ipf_nat_h323_proxy">False</Option>
<Option name="ipf_nat_ipsec_proxy">False</Option>
<Option name="ipf_nat_raudio_proxy">False</Option>
<Option name="ipf_nat_rcmd_proxy">False</Option>
<Option name="ipf_return_icmp_as_dest">False</Option>
<Option name="manage_virtual_addr">False</Option>
<Option name="optimize">True</Option>
<Option name="pass_all_out">True</Option>
<Option name="snmp_contact"/>
<Option name="snmp_description"/>
<Option name="snmp_location"/>
</FirewallOptions>
</Firewall>
<Firewall comment="" host_OS="freebsd" id="id3FF5DC0E" lastCompiled="1172425374" lastInstalled="0" lastModified="0" name="firewall11" platform="ipf" ro="False">
<NAT id="id3FF5DC12" name="NAT">
<NATRule disabled="False" id="id3FF5DC26" position="0">
<OSrc neg="False">
<ObjectRef ref="sysid0"/>
</OSrc>
<ODst neg="False">
<ObjectRef ref="id3FF5DC0E"/>
</ODst>
<OSrv neg="False">
<ServiceRef ref="sysid1"/>
</OSrv>
<TSrc neg="False">
<ObjectRef ref="sysid0"/>
</TSrc>
<TDst neg="False">
<ObjectRef ref="id3FF5DC1B"/>
</TDst>
<TSrv neg="False">
<ServiceRef ref="sysid1"/>
</TSrv>
<NATRuleOptions/>
</NATRule>
</NAT>
<Policy id="id3FF5DC11" name="Policy">
<PolicyRule action="Accept" direction="Inbound" disabled="False" id="id3FF5DC82" log="False" position="0">
<Src neg="False">
<ObjectRef ref="sysid0"/>
</Src>
<Dst neg="False">
<ObjectRef ref="id3FF5DC19"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="sysid1"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="id3FF5DC19"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions/>
</PolicyRule>
<PolicyRule action="Accept" direction="Both" disabled="False" id="id3FF5DC56" log="False" position="1">
<Src neg="False">
<ObjectRef ref="sysid0"/>
</Src>
<Dst neg="False">
<ObjectRef ref="id3FF5DC0E"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="sysid1"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="sysid0"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions/>
</PolicyRule>
<PolicyRule action="Accept" direction="Both" disabled="False" id="id3FF5DC61" log="False" position="2">
<Src neg="False">
<ObjectRef ref="sysid0"/>
</Src>
<Dst neg="False">
<ObjectRef ref="id3FF5DC19"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="sysid1"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="sysid0"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions/>
</PolicyRule>
</Policy>
<Routing id="id3FF5DC0E-routing" name="Routing">
</Routing>
<Interface bridgeport="False" comment="" dyn="False" id="id3FF5DC15" label="" mgmt="False" name="fxp1" network_zone="sysid0" security_level="100" unnum="True" unprotected="False"/>
<Interface bridgeport="False" comment="" dyn="True" id="id3FF5DC17" label="" mgmt="False" name="ng1" network_zone="sysid0" security_level="100" unnum="False" unprotected="False"/>
<Interface bridgeport="False" comment="" dyn="True" id="id3FF5DC19" label="" mgmt="False" name="ng0" network_zone="sysid0" security_level="0" unnum="False" unprotected="False"/>
<Interface bridgeport="False" comment="" dyn="False" id="id3FF5DC1B" label="" mgmt="False" name="fxp0" network_zone="sysid0" security_level="100" unnum="False" unprotected="False">
<IPv4 address="10.0.0.1" id="id3FF5DC1D" name="firewall11:fxp0(ip)" netmask="255.255.255.0"/>
</Interface>
<Interface bridgeport="False" dyn="False" id="id3FF5DC1E" label="" name="lo0" network_zone="sysid0" security_level="100" unnum="False" unprotected="False">
<IPv4 address="127.0.0.1" id="id3FF5DC20" name="firewall11:lo0(ip)" netmask="255.0.0.0"/>
</Interface>
<Management address="127.0.0.1">
<SNMPManagement enabled="False" snmp_read_community="public" snmp_write_community=""/>
<FWBDManagement enabled="True" identity="" port="9999"/>
<PolicyInstallScript arguments="" command="" enabled="False"/>
</Management>
<FirewallOptions>
<Option name="accept_new_tcp_with_no_syn">True</Option>
<Option name="action_on_reject">ICMP host prohibited</Option>
<Option name="check_shading">False</Option>
<Option name="cmdline"/>
<Option name="compiler"/>
<Option name="configure_interfaces">True</Option>
<Option name="debug">False</Option>
<Option name="eliminate_duplicates">True</Option>
<Option name="firewall_dir">/etc</Option>
<Option name="freebsd_ip_forward">1</Option>
<Option name="freebsd_path_ipf"/>
<Option name="freebsd_path_ipnat"/>
<Option name="freebsd_path_sysctl"/>
<Option name="ignore_empty_groups">False</Option>
<Option name="in_out_code">True</Option>
<Option name="ipf_log_body">False</Option>
<Option name="ipf_log_facility"/>
<Option name="ipf_log_level"/>
<Option name="ipf_log_or_block">False</Option>
<Option name="ipf_nat_ftp_proxy">False</Option>
<Option name="ipf_nat_h323_proxy">False</Option>
<Option name="ipf_nat_ipsec_proxy">False</Option>
<Option name="ipf_nat_raudio_proxy">False</Option>
<Option name="ipf_nat_rcmd_proxy">False</Option>
<Option name="ipf_return_icmp_as_dest">False</Option>
<Option name="log_prefix">RULE %N -- %A </Option>
<Option name="loopback_interface">lo0</Option>
<Option name="manage_virtual_addr">True</Option>
<Option name="optimize">False</Option>
<Option name="pass_all_out">False</Option>
<Option name="snmp_contact"/>
<Option name="snmp_description"/>
<Option name="snmp_location"/>
</FirewallOptions>
</Firewall>
<Firewall comment="Dynamic interface ppp0" host_OS="freebsd" id="id424A636E" lastCompiled="1157929209" lastInstalled="0" lastModified="0" name="firewall5" platform="ipf" ro="False" version="">
<NAT id="id424A63A6" name="NAT">
<NATRule disabled="False" id="id424A63A7" position="0">
<OSrc neg="False">
<ObjectRef ref="net-Internal_net"/>
</OSrc>
<ODst neg="False">
<ObjectRef ref="sysid0"/>
</ODst>
<OSrv neg="False">
<ServiceRef ref="sysid1"/>
</OSrv>
<TSrc neg="False">
<ObjectRef ref="id424A636E"/>
</TSrc>
<TDst neg="False">
<ObjectRef ref="sysid0"/>
</TDst>
<TSrv neg="False">
<ServiceRef ref="sysid1"/>
</TSrv>
<NATRuleOptions/>
</NATRule>
<NATRule comment="" disabled="False" id="id424A63B5" position="1">
<OSrc neg="False">
<ObjectRef ref="net-Internal_net"/>
</OSrc>
<ODst neg="False">
<ObjectRef ref="sysid0"/>
</ODst>
<OSrv neg="False">
<ServiceRef ref="sysid1"/>
</OSrv>
<TSrc neg="False">
<ObjectRef ref="id424A642A"/>
</TSrc>
<TDst neg="False">
<ObjectRef ref="sysid0"/>
</TDst>
<TSrv neg="False">
<ServiceRef ref="sysid1"/>
</TSrv>
<NATRuleOptions/>
</NATRule>
<NATRule comment="" disabled="False" id="id424A63C3" position="2">
<OSrc neg="False">
<ObjectRef ref="net-Internal_net"/>
</OSrc>
<ODst neg="False">
<ObjectRef ref="sysid0"/>
</ODst>
<OSrv neg="False">
<ServiceRef ref="sysid1"/>
</OSrv>
<TSrc neg="False">
<ObjectRef ref="id424A642F"/>
</TSrc>
<TDst neg="False">
<ObjectRef ref="sysid0"/>
</TDst>
<TSrv neg="False">
<ServiceRef ref="sysid1"/>
</TSrv>
<NATRuleOptions/>
</NATRule>
<NATRule disabled="False" id="id424A63D1" position="3">
<OSrc neg="False">
<ObjectRef ref="sysid0"/>
</OSrc>
<ODst neg="False">
<ObjectRef ref="id424A636E"/>
</ODst>
<OSrv neg="False">
<ServiceRef ref="tcp-SSH"/>
</OSrv>
<TSrc neg="False">
<ObjectRef ref="sysid0"/>
</TSrc>
<TDst neg="False">
<ObjectRef ref="id3D58227A"/>
</TDst>
<TSrv neg="False">
<ServiceRef ref="sysid1"/>
</TSrv>
<NATRuleOptions/>
</NATRule>
<NATRule disabled="False" id="id424A63DF" position="4">
<OSrc neg="False">
<ObjectRef ref="sysid0"/>
</OSrc>
<ODst neg="False">
<ObjectRef ref="id424A636E"/>
</ODst>
<OSrv neg="False">
<ServiceRef ref="tcp-SSH"/>
</OSrv>
<TSrc neg="False">
<ObjectRef ref="sysid0"/>
</TSrc>
<TDst neg="False">
<ObjectRef ref="id3D58227E"/>
</TDst>
<TSrv neg="False">
<ServiceRef ref="sysid1"/>
</TSrv>
<NATRuleOptions/>
</NATRule>
<NATRule disabled="False" id="id424A63ED" position="5">
<OSrc neg="False">
<ObjectRef ref="sysid0"/>
</OSrc>
<ODst neg="False">
<ObjectRef ref="id424A636E"/>
</ODst>
<OSrv neg="False">
<ServiceRef ref="tcp-SSH"/>
</OSrv>
<TSrc neg="False">
<ObjectRef ref="sysid0"/>
</TSrc>
<TDst neg="False">
<ObjectRef ref="id3D582282"/>
</TDst>
<TSrv neg="False">
<ServiceRef ref="sysid1"/>
</TSrv>
<NATRuleOptions/>
</NATRule>
<NATRule disabled="False" id="id424A63FB" position="6">
<OSrc neg="False">
<ObjectRef ref="sysid0"/>
</OSrc>
<ODst neg="False">
<ObjectRef ref="id424A636E"/>
</ODst>
<OSrv neg="False">
<ServiceRef ref="tcp-SSH"/>
</OSrv>
<TSrc neg="False">
<ObjectRef ref="sysid0"/>
</TSrc>
<TDst neg="False">
<ObjectRef ref="id3D582283"/>
</TDst>
<TSrv neg="False">
<ServiceRef ref="sysid1"/>
</TSrv>
<NATRuleOptions/>
</NATRule>
<NATRule comment="" disabled="False" id="id424A6409" position="7">
<OSrc neg="False">
<ObjectRef ref="sysid0"/>
</OSrc>
<ODst neg="False">
<ObjectRef ref="id424A642A"/>
</ODst>
<OSrv neg="False">
<ServiceRef ref="tcp-SSH"/>
</OSrv>
<TSrc neg="False">
<ObjectRef ref="sysid0"/>
</TSrc>
<TDst neg="False">
<ObjectRef ref="id3D582283"/>
</TDst>
<TSrv neg="False">
<ServiceRef ref="sysid1"/>
</TSrv>
<NATRuleOptions/>
</NATRule>
<NATRule comment="" disabled="False" id="id424A6417" position="8">
<OSrc neg="False">
<ObjectRef ref="sysid0"/>
</OSrc>
<ODst neg="False">
<ObjectRef ref="id424A6430"/>
</ODst>
<OSrv neg="False">
<ServiceRef ref="tcp-SSH"/>
</OSrv>
<TSrc neg="False">
<ObjectRef ref="sysid0"/>
</TSrc>
<TDst neg="False">
<ObjectRef ref="id3D582283"/>
</TDst>
<TSrv neg="False">
<ServiceRef ref="sysid1"/>
</TSrv>
<NATRuleOptions/>
</NATRule>
</NAT>
<Policy id="id424A6373" name="Policy">
<PolicyRule action="Accept" disabled="False" id="id424A6374" log="False" position="0">
<Src neg="False">
<ObjectRef ref="sysid0"/>
</Src>
<Dst neg="False">
<ObjectRef ref="id424A636E"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="tcp-SSH"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="sysid0"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions/>
</PolicyRule>
<PolicyRule action="Accept" disabled="False" id="id424A96DA" log="False" position="1">
<Src neg="False">
<ObjectRef ref="sysid0"/>
</Src>
<Dst neg="False">
<ObjectRef ref="id424A6436"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="tcp-SSH"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="sysid0"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions/>
</PolicyRule>
<PolicyRule action="Accept" disabled="False" id="id424A637E" log="False" position="2">
<Src neg="False">
<ObjectRef ref="sysid0"/>
</Src>
<Dst neg="False">
<ObjectRef ref="id424A642A"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="tcp-SSH"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="sysid0"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions/>
</PolicyRule>
<PolicyRule action="Accept" disabled="False" id="id424A6388" log="False" position="3">
<Src neg="False">
<ObjectRef ref="sysid0"/>
</Src>
<Dst neg="False">
<ObjectRef ref="id424A642F"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="tcp-SSH"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="sysid0"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions/>
</PolicyRule>
<PolicyRule action="Accept" disabled="False" id="id424A6392" log="False" position="4">
<Src neg="False">
<ObjectRef ref="sysid0"/>
</Src>
<Dst neg="False">
<ObjectRef ref="id424A6430"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="tcp-SSH"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="sysid0"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions/>
</PolicyRule>
<PolicyRule action="Deny" disabled="False" id="id424A639C" log="True" position="5">
<Src neg="False">
<ObjectRef ref="sysid0"/>
</Src>
<Dst neg="False">
<ObjectRef ref="sysid0"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="sysid1"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="sysid0"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions>
<Option name="stateless">True</Option>
</PolicyRuleOptions>
</PolicyRule>
</Policy>
<Routing id="id424A636E-routing" name="Routing">
</Routing>
<Interface bridgeport="False" comment="" dyn="False" id="id424A6425" label="" name="eth0" security_level="100" unnum="False" unprotected="False">
<IPv4 address="192.168.1.1" comment="" id="id424A6429" name="firewall5:eth0:ip" netmask="255.255.255.0"/>
</Interface>
<Interface bridgeport="False" comment="" dyn="False" id="id424A642A" label="" name="eth1" security_level="0" unnum="False" unprotected="False">
<IPv4 address="33.33.33.33" comment="" id="id424A642F" name="firewall5:eth1:ip1" netmask="255.255.255.0"/>
<IPv4 address="33.33.33.34" comment="" id="id424A6430" name="firewall5:eth1:ip2" netmask="255.255.255.0"/>
</Interface>
<Interface bridgeport="False" comment="" dyn="False" id="id424A6431" label="" mgmt="False" name="lo" security_level="0" unnum="False" unprotected="False">
<IPv4 address="127.0.0.1" comment="" id="id424A6435" name="firewall5:lo:ip" netmask="255.0.0.0"/>
</Interface>
<Interface bridgeport="False" comment="" dyn="True" id="id424A6436" label="" mgmt="False" name="ppp0" security_level="0" unnum="False" unprotected="False"/>
<Management address="33.33.33.33">
<SNMPManagement enabled="False" snmp_read_community="" snmp_write_community=""/>
<FWBDManagement enabled="True" identity="" port="9999"/>
<PolicyInstallScript arguments="" command="" enabled="False"/>
</Management>
<FirewallOptions>
<Option name="accept_new_tcp_with_no_syn">False</Option>
<Option name="action_on_reject">ICMP host prohibited</Option>
<Option name="activationCmd"/>
<Option name="admUser"/>
<Option name="altAddress"/>
<Option name="check_shading">False</Option>
<Option name="cmdline"/>
<Option name="compiler"/>
<Option name="configure_interfaces">False</Option>
<Option name="debug">False</Option>
<Option name="dynAddr">True</Option>
<Option name="eliminate_duplicates">True</Option>
<Option name="epilog_script"/>
<Option name="firewall_dir">/etc</Option>
<Option name="freebsd_ip_forward">1</Option>
<Option name="freebsd_path_ipf"/>
<Option name="freebsd_path_ipnat"/>
<Option name="freebsd_path_sysctl"/>
<Option name="ignore_empty_groups">False</Option>
<Option name="in_out_code">True</Option>
<Option name="ipf_log_body">False</Option>
<Option name="ipf_log_facility"/>
<Option name="ipf_log_level"/>
<Option name="ipf_log_or_block">False</Option>
<Option name="ipf_nat_ftp_proxy">False</Option>
<Option name="ipf_nat_h323_proxy">False</Option>
<Option name="ipf_nat_ipsec_proxy">False</Option>
<Option name="ipf_nat_raudio_proxy">False</Option>
<Option name="ipf_nat_rcmd_proxy">False</Option>
<Option name="ipf_return_icmp_as_dest">False</Option>
<Option name="manage_virtual_addr">False</Option>
<Option name="mgmt_addr"/>
<Option name="mgmt_ssh">False</Option>
<Option name="optimize">False</Option>
<Option name="output_file"/>
<Option name="pass_all_out">False</Option>
<Option name="prolog_script"/>
<Option name="snmp_contact"/>
<Option name="snmp_description"/>
<Option name="snmp_location"/>
</FirewallOptions>
</Firewall>
<Firewall comment="testing DNSName object" host_OS="freebsd" id="id43867C1018346" lastCompiled="1157929202" lastInstalled="0" lastModified="0" name="firewall33" platform="ipf" ro="False" version="">
<NAT id="id43867C4818346" name="NAT">
<NATRule disabled="False" id="id43876E2618346" position="0">
<OSrc neg="False">
<ObjectRef ref="sysid0"/>
</OSrc>
<ODst neg="False">
<ObjectRef ref="id43869E8C18346"/>
</ODst>
<OSrv neg="False">
<ServiceRef ref="sysid1"/>
</OSrv>
<TSrc neg="False">
<ObjectRef ref="id43867C5818346"/>
</TSrc>
<TDst neg="False">
<ObjectRef ref="sysid0"/>
</TDst>
<TSrv neg="False">
<ServiceRef ref="sysid1"/>
</TSrv>
<NATRuleOptions/>
</NATRule>
<NATRule comment="" disabled="False" id="id43876E5218346" position="1">
<OSrc neg="False">
<ObjectRef ref="sysid0"/>
</OSrc>
<ODst neg="False">
<ObjectRef ref="id43869E8D18346"/>
</ODst>
<OSrv neg="False">
<ServiceRef ref="sysid1"/>
</OSrv>
<TSrc neg="False">
<ObjectRef ref="id43867C5818346"/>
</TSrc>
<TDst neg="False">
<ObjectRef ref="sysid0"/>
</TDst>
<TSrv neg="False">
<ServiceRef ref="sysid1"/>
</TSrv>
<NATRuleOptions/>
</NATRule>
<NATRule disabled="False" id="id43876E6918346" position="2">
<OSrc neg="False">
<ObjectRef ref="sysid0"/>
</OSrc>
<ODst neg="False">
<ObjectRef ref="id43869E8D18346"/>
<ObjectRef ref="id4387287A18346"/>
</ODst>
<OSrv neg="False">
<ServiceRef ref="sysid1"/>
</OSrv>
<TSrc neg="False">
<ObjectRef ref="id43867C5818346"/>
</TSrc>
<TDst neg="False">
<ObjectRef ref="sysid0"/>
</TDst>
<TSrv neg="False">
<ServiceRef ref="sysid1"/>
</TSrv>
<NATRuleOptions/>
</NATRule>
<NATRule disabled="True" id="id43876E7B18346" position="3">
<OSrc neg="False">
<ObjectRef ref="sysid0"/>
</OSrc>
<ODst neg="True">
<ObjectRef ref="id43869E8D18346"/>
<ObjectRef ref="id4387287A18346"/>
</ODst>
<OSrv neg="False">
<ServiceRef ref="sysid1"/>
</OSrv>
<TSrc neg="False">
<ObjectRef ref="id43867C5818346"/>
</TSrc>
<TDst neg="False">
<ObjectRef ref="sysid0"/>
</TDst>
<TSrv neg="False">
<ServiceRef ref="sysid1"/>
</TSrv>
<NATRuleOptions/>
</NATRule>
</NAT>
<Policy id="id43867C1618346" name="Policy">
<PolicyRule action="Accept" direction="Both" disabled="False" id="id43867C2418346" log="False" position="0">
<Src neg="False">
<ObjectRef ref="id43869E8C18346"/>
</Src>
<Dst neg="False">
<ObjectRef ref="sysid0"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="sysid1"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="sysid0"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions/>
</PolicyRule>
<PolicyRule action="Accept" direction="Both" disabled="False" id="id43869E9018346" log="False" position="1">
<Src neg="False">
<ObjectRef ref="id43869E8D18346"/>
</Src>
<Dst neg="False">
<ObjectRef ref="sysid0"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="sysid1"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="sysid0"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions/>
</PolicyRule>
<PolicyRule action="Accept" direction="Both" disabled="False" id="id43869E9E18346" log="False" position="2">
<Src neg="False">
<ObjectRef ref="id43869E8E18346"/>
</Src>
<Dst neg="False">
<ObjectRef ref="sysid0"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="sysid1"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="sysid0"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions/>
</PolicyRule>
<PolicyRule action="Accept" direction="Both" disabled="False" id="id43869EAA18346" log="False" position="3">
<Src neg="False">
<ObjectRef ref="id43869E8F18346"/>
</Src>
<Dst neg="False">
<ObjectRef ref="sysid0"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="sysid1"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="sysid0"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions/>
</PolicyRule>
<PolicyRule action="Deny" direction="Both" disabled="False" id="id4386E38318346" log="False" position="4">
<Src neg="False">
<ObjectRef ref="sysid0"/>
</Src>
<Dst neg="True">
<ObjectRef ref="id43869E8C18346"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="sysid1"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="sysid0"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions>
<Option name="stateless">True</Option>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule action="Deny" direction="Both" disabled="False" id="id4386E37718346" log="False" position="5">
<Src neg="False">
<ObjectRef ref="sysid0"/>
</Src>
<Dst neg="True">
<ObjectRef ref="id43869E8D18346"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="sysid1"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="sysid0"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions>
<Option name="stateless">True</Option>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule action="Accept" direction="Both" disabled="False" id="id43867C3018346" log="False" position="6">
<Src neg="False">
<ObjectRef ref="sysid0"/>
</Src>
<Dst neg="True">
<ObjectRef ref="id43869E8E18346"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="sysid1"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="sysid0"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions/>
</PolicyRule>
<PolicyRule action="Accept" direction="Both" disabled="False" id="id4386C10D18346" log="False" position="7">
<Src neg="False">
<ObjectRef ref="sysid0"/>
</Src>
<Dst neg="True">
<ObjectRef ref="id43869E8F18346"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="sysid1"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="sysid0"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions/>
</PolicyRule>
<PolicyRule action="Accept" comment="" direction="Both" disabled="False" id="id438728A918346" log="False" position="8">
<Src neg="False">
<ObjectRef ref="sysid0"/>
</Src>
<Dst neg="True">
<ObjectRef ref="id43869E8C18346"/>
<ObjectRef ref="id4387287918346"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="sysid1"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="sysid0"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions/>
</PolicyRule>
<PolicyRule action="Accept" comment="" direction="Both" disabled="False" id="id438728BA18346" log="False" position="9">
<Src neg="False">
<ObjectRef ref="sysid0"/>
</Src>
<Dst neg="True">
<ObjectRef ref="id43869E8D18346"/>
<ObjectRef ref="id4387287A18346"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="sysid1"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="sysid0"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions/>
</PolicyRule>
<PolicyRule action="Accept" comment="" direction="Both" disabled="False" id="id438728CD18346" log="False" position="10">
<Src neg="False">
<ObjectRef ref="sysid0"/>
</Src>
<Dst neg="True">
<ObjectRef ref="id43869E8C18346"/>
<ObjectRef ref="id4387287A18346"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="sysid1"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="sysid0"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions/>
</PolicyRule>
<PolicyRule action="Deny" direction="Both" disabled="False" id="id43867C3C18346" log="True" position="11">
<Src neg="False">
<ObjectRef ref="sysid0"/>
</Src>
<Dst neg="False">
<ObjectRef ref="sysid0"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="sysid1"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="sysid0"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions>
<Option name="stateless">True</Option>
</PolicyRuleOptions>
</PolicyRule>
</Policy>
<Routing id="id43867C5718346" name="Routing">
</Routing>
<Interface bridgeport="False" comment="VLAN interface" dyn="True" id="id43867C5818346" label="" mgmt="False" name="eth0.100" security_level="0" unnum="False" unprotected="False"/>
<Interface bridgeport="False" dyn="False" id="id43867C5918346" name="lo" security_level="100" unnum="False" unprotected="False">
<IPv4 address="127.0.0.1" id="id43867C5B18346" name="firewall33:lo:ip" netmask="255.0.0.0"/>
</Interface>
<Interface bridgeport="False" comment="" dyn="False" id="id43867C5C18346" label="" mgmt="True" name="eth1" security_level="100" unnum="False" unprotected="False">
<IPv4 address="192.168.1.100" comment="" id="id43867C5E18346" name="firewall33:eth1:ip" netmask="255.255.255.0"/>
</Interface>
<Management address="192.168.1.100">
<SNMPManagement enabled="False" snmp_read_community="public" snmp_write_community=""/>
<FWBDManagement enabled="True" identity="" port="9999"/>
<PolicyInstallScript arguments="" command="" enabled="False"/>
</Management>
<FirewallOptions>
<Option name="accept_established">True</Option>
<Option name="accept_new_tcp_with_no_syn">True</Option>
<Option name="action_on_reject">ICMP net unreachable</Option>
<Option name="activationCmd"/>
<Option name="admUser"/>
<Option name="altAddress"/>
<Option name="bridging_fw">False</Option>
<Option name="check_shading">False</Option>
<Option name="clamp_mss_to_mtu">False</Option>
<Option name="cmdline"/>
<Option name="compiler"/>
<Option name="configure_interfaces">True</Option>
<Option name="debug">False</Option>
<Option name="drop_invalid">False</Option>
<Option name="dyn_addr">False</Option>
<Option name="epilog_script"/>
<Option name="firewall_dir"/>
<Option name="firewall_is_part_of_any">True</Option>
<Option name="firewall_is_part_of_any_and_networks">True</Option>
<Option name="ignore_empty_groups">False</Option>
<Option name="inst_cmdline"/>
<Option name="inst_script"/>
<Option name="install_script"/>
<Option name="limit_suffix">/day</Option>
<Option name="limit_value">0</Option>
<Option name="linux24_accept_redirects"/>
<Option name="linux24_accept_source_route"/>
<Option name="linux24_icmp_echo_ignore_all"/>
<Option name="linux24_icmp_echo_ignore_broadcasts"/>
<Option name="linux24_icmp_ignore_bogus_error_responses"/>
<Option name="linux24_ip_dynaddr"/>
<Option name="linux24_ip_forward"/>
<Option name="linux24_log_martians"/>
<Option name="linux24_path_ip"/>
<Option name="linux24_path_iptables"/>
<Option name="linux24_path_logger"/>
<Option name="linux24_path_lsmod"/>
<Option name="linux24_path_modprobe"/>
<Option name="linux24_rp_filter"/>
<Option name="linux24_tcp_ecn"/>
<Option name="linux24_tcp_fack"/>
<Option name="linux24_tcp_fin_timeout">30</Option>
<Option name="linux24_tcp_keepalive_interval">1800</Option>
<Option name="linux24_tcp_sack"/>
<Option name="linux24_tcp_syncookies"/>
<Option name="linux24_tcp_timestamps"/>
<Option name="linux24_tcp_window_scaling"/>
<Option name="load_modules">False</Option>
<Option name="local_nat">False</Option>
<Option name="log_all">False</Option>
<Option name="log_all_dropped">False</Option>
<Option name="log_invalid">False</Option>
<Option name="log_ip_opt">False</Option>
<Option name="log_level">debug</Option>
<Option name="log_limit_suffix">/second</Option>
<Option name="log_limit_value">0</Option>
<Option name="log_prefix">RULE %N -- %A on %I </Option>
<Option name="log_tcp_opt">False</Option>
<Option name="log_tcp_seq">False</Option>
<Option name="manage_virtual_addr">True</Option>
<Option name="mgmt_addr"/>
<Option name="mgmt_ssh">False</Option>
<Option name="no_iochains_for_any">False</Option>
<Option name="no_optimisation">False</Option>
<Option name="output_file"/>
<Option name="platform">iptables</Option>
<Option name="prolog_place">top</Option>
<Option name="prolog_script"/>
<Option name="proxy_arp">False</Option>
<Option name="script_env_path"/>
<Option name="snmp_contact"/>
<Option name="snmp_description"/>
<Option name="snmp_location"/>
<Option name="sshArgs"/>
<Option name="ulog_cprange">0</Option>
<Option name="ulog_nlgroup">1</Option>
<Option name="ulog_qthreshold">1</Option>
<Option name="use_ULOG">False</Option>
<Option name="use_ip_tool">False</Option>
<Option name="use_iptables_restore">False</Option>
<Option name="use_numeric_log_levels">False</Option>
<Option name="verify_interfaces">False</Option>
</FirewallOptions>
</Firewall>
<Firewall comment="testing AddressTable object" host_OS="freebsd" id="id4389EDAE18346" lastCompiled="1157929203" lastInstalled="0" lastModified="0" name="firewall34" platform="ipf" ro="False" version="">
<NAT id="id4389EE4818346" name="NAT">
<NATRule disabled="True" id="id4389EEB018346" position="0">
<OSrc neg="True">
<ObjectRef ref="id4389EE9118346"/>
</OSrc>
<ODst neg="False">
<ObjectRef ref="id4389EE8418346"/>
</ODst>
<OSrv neg="False">
<ServiceRef ref="tcp-SMTP"/>
</OSrv>
<TSrc neg="False">
<ObjectRef ref="sysid0"/>
</TSrc>
<TDst neg="False">
<ObjectRef ref="id43913DCB25682"/>
</TDst>
<TSrv neg="False">
<ServiceRef ref="sysid1"/>
</TSrv>
<NATRuleOptions/>
</NATRule>
<NATRule disabled="True" id="id43891B6E674" position="1">
<OSrc neg="False">
<ObjectRef ref="id43913DEA25682"/>
</OSrc>
<ODst neg="True">
<ObjectRef ref="id4389EE9118346"/>
</ODst>
<OSrv neg="False">
<ServiceRef ref="sysid1"/>
</OSrv>
<TSrc neg="False">
<ObjectRef ref="id4389EE8418346"/>
</TSrc>
<TDst neg="False">
<ObjectRef ref="sysid0"/>
</TDst>
<TSrv neg="False">
<ServiceRef ref="sysid1"/>
</TSrv>
<NATRuleOptions/>
</NATRule>
</NAT>
<Policy id="id4389EDB418346" name="Policy">
<PolicyRule action="Accept" direction="Both" disabled="False" id="id4389EDB518346" log="False" position="0">
<Src neg="False">
<ObjectRef ref="sysid0"/>
</Src>
<Dst neg="False">
<ObjectRef ref="id4389EE9018346"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="sysid1"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="sysid0"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions/>
</PolicyRule>
<PolicyRule action="Deny" direction="Both" disabled="True" id="id4388CFEA674" log="True" position="1">
<Src neg="False">
<ObjectRef ref="sysid0"/>
</Src>
<Dst neg="False">
<ObjectRef ref="id4389EE9118346"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="sysid1"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="sysid0"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions>
<Option name="stateless">True</Option>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule action="Deny" direction="Both" disabled="True" id="id4390C25825682" log="True" position="2">
<Src neg="False">
<ObjectRef ref="sysid0"/>
</Src>
<Dst neg="False">
<ObjectRef ref="id4390C25525682"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="sysid1"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="sysid0"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions>
<Option name="stateless">True</Option>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule action="Deny" direction="Both" disabled="True" id="id4389EDC118346" log="False" position="3">
<Src neg="False">
<ObjectRef ref="sysid0"/>
</Src>
<Dst neg="False">
<ObjectRef ref="id4389EE9118346"/>
<ObjectRef ref="id4388C37D674"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="tcp-SMTP"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="sysid0"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions>
<Option name="stateless">True</Option>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule action="Deny" direction="Both" disabled="True" id="id4388CFF8674" log="True" position="4">
<Src neg="False">
<ObjectRef ref="id4389EE9118346"/>
</Src>
<Dst neg="False">
<ObjectRef ref="sysid0"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="sysid1"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="sysid0"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions>
<Option name="stateless">True</Option>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule action="Deny" direction="Both" disabled="True" id="id4388C36F674" log="True" position="5">
<Src neg="False">
<ObjectRef ref="id4389EE9118346"/>
<ObjectRef ref="id4388C37D674"/>
</Src>
<Dst neg="False">
<ObjectRef ref="sysid0"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="sysid1"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="sysid0"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions>
<Option name="stateless">True</Option>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule action="Accept" comment="" direction="Both" disabled="True" id="id4388F5A9674" log="False" position="6">
<Src neg="True">
<ObjectRef ref="id4389EE9118346"/>
<ObjectRef ref="id4388C37D674"/>
</Src>
<Dst neg="False">
<ObjectRef ref="sysid0"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="sysid1"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="sysid0"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions/>
</PolicyRule>
<PolicyRule action="Accept" direction="Both" disabled="False" id="id4389EEA118346" log="False" position="7">
<Src neg="False">
<ObjectRef ref="sysid0"/>
</Src>
<Dst neg="False">
<ObjectRef ref="id43913DCB25682"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="tcp-SMTP"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="sysid0"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions/>
</PolicyRule>
<PolicyRule action="Accept" direction="Both" disabled="False" id="id4389EDCD18346" log="False" position="8">
<Src neg="False">
<ObjectRef ref="id43913DEA25682"/>
</Src>
<Dst neg="False">
<ObjectRef ref="sysid0"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="sysid1"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="sysid0"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions/>
</PolicyRule>
<PolicyRule action="Deny" direction="Both" disabled="False" id="id4389EE3C18346" log="True" position="9">
<Src neg="False">
<ObjectRef ref="sysid0"/>
</Src>
<Dst neg="False">
<ObjectRef ref="sysid0"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="sysid1"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="sysid0"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions>
<Option name="stateless">True</Option>
</PolicyRuleOptions>
</PolicyRule>
</Policy>
<Routing id="id4389EE8318346" name="Routing">
</Routing>
<Interface bridgeport="False" comment="VLAN interface" dyn="True" id="id4389EE8418346" label="" mgmt="False" name="eth0.100" security_level="0" unnum="False" unprotected="False"/>
<Interface bridgeport="False" dyn="False" id="id4389EE8518346" name="lo" security_level="100" unnum="False" unprotected="False">
<IPv4 address="127.0.0.1" id="id4389EE8718346" name="firewall34:lo:ip" netmask="255.0.0.0"/>
</Interface>
<Interface bridgeport="False" comment="" dyn="False" id="id4389EE8818346" label="" mgmt="True" name="eth1" security_level="100" unnum="False" unprotected="False">
<IPv4 address="192.168.1.100" comment="" id="id4389EE8A18346" name="firewall34:eth1:ip" netmask="255.255.255.0"/>
</Interface>
<Management address="192.168.1.100">
<SNMPManagement enabled="False" snmp_read_community="public" snmp_write_community=""/>
<FWBDManagement enabled="True" identity="" port="9999"/>
<PolicyInstallScript arguments="" command="" enabled="False"/>
</Management>
<FirewallOptions>
<Option name="accept_established">True</Option>
<Option name="accept_new_tcp_with_no_syn">True</Option>
<Option name="action_on_reject">ICMP net unreachable</Option>
<Option name="activationCmd"/>
<Option name="admUser"/>
<Option name="altAddress"/>
<Option name="bridging_fw">False</Option>
<Option name="check_shading">False</Option>
<Option name="clamp_mss_to_mtu">False</Option>
<Option name="cmdline"/>
<Option name="compiler"/>
<Option name="configure_interfaces">True</Option>
<Option name="debug">False</Option>
<Option name="drop_invalid">False</Option>
<Option name="dyn_addr">False</Option>
<Option name="epilog_script"/>
<Option name="firewall_dir"/>
<Option name="firewall_is_part_of_any">True</Option>
<Option name="firewall_is_part_of_any_and_networks">True</Option>
<Option name="ignore_empty_groups">False</Option>
<Option name="inst_cmdline"/>
<Option name="inst_script"/>
<Option name="install_script"/>
<Option name="limit_suffix">/day</Option>
<Option name="limit_value">0</Option>
<Option name="linux24_accept_redirects"/>
<Option name="linux24_accept_source_route"/>
<Option name="linux24_icmp_echo_ignore_all"/>
<Option name="linux24_icmp_echo_ignore_broadcasts"/>
<Option name="linux24_icmp_ignore_bogus_error_responses"/>
<Option name="linux24_ip_dynaddr"/>
<Option name="linux24_ip_forward"/>
<Option name="linux24_log_martians"/>
<Option name="linux24_path_ip"/>
<Option name="linux24_path_iptables"/>
<Option name="linux24_path_logger"/>
<Option name="linux24_path_lsmod"/>
<Option name="linux24_path_modprobe"/>
<Option name="linux24_rp_filter"/>
<Option name="linux24_tcp_ecn"/>
<Option name="linux24_tcp_fack"/>
<Option name="linux24_tcp_fin_timeout">30</Option>
<Option name="linux24_tcp_keepalive_interval">1800</Option>
<Option name="linux24_tcp_sack"/>
<Option name="linux24_tcp_syncookies"/>
<Option name="linux24_tcp_timestamps"/>
<Option name="linux24_tcp_window_scaling"/>
<Option name="load_modules">False</Option>
<Option name="local_nat">False</Option>
<Option name="log_all">False</Option>
<Option name="log_all_dropped">False</Option>
<Option name="log_invalid">False</Option>
<Option name="log_ip_opt">False</Option>
<Option name="log_level">debug</Option>
<Option name="log_limit_suffix">/second</Option>
<Option name="log_limit_value">0</Option>
<Option name="log_prefix">RULE %N -- %A on %I </Option>
<Option name="log_tcp_opt">False</Option>
<Option name="log_tcp_seq">False</Option>
<Option name="manage_virtual_addr">True</Option>
<Option name="mgmt_addr"/>
<Option name="mgmt_ssh">False</Option>
<Option name="no_iochains_for_any">False</Option>
<Option name="no_optimisation">False</Option>
<Option name="output_file"/>
<Option name="platform">iptables</Option>
<Option name="prolog_place">top</Option>
<Option name="prolog_script"/>
<Option name="proxy_arp">False</Option>
<Option name="script_env_path"/>
<Option name="snmp_contact"/>
<Option name="snmp_description"/>
<Option name="snmp_location"/>
<Option name="sshArgs"/>
<Option name="ulog_cprange">0</Option>
<Option name="ulog_nlgroup">1</Option>
<Option name="ulog_qthreshold">1</Option>
<Option name="use_ULOG">False</Option>
<Option name="use_ip_tool">False</Option>
<Option name="use_iptables_restore">False</Option>
<Option name="use_numeric_log_levels">False</Option>
<Option name="verify_interfaces">False</Option>
</FirewallOptions>
</Firewall>
<Firewall comment="Testing action Custom" host_OS="freebsd" id="id43F7C93131168" lastCompiled="1157929205" lastInstalled="0" lastModified="0" name="firewall35" platform="ipf" ro="False" version="">
<NAT id="id43F7C99A31168" name="NAT">
<NATRule disabled="False" id="id43F7C99B31168" position="0">
<OSrc neg="False">
<ObjectRef ref="net-Internal_net"/>
</OSrc>
<ODst neg="False">
<ObjectRef ref="sysid0"/>
</ODst>
<OSrv neg="False">
<ServiceRef ref="sysid1"/>
</OSrv>
<TSrc neg="False">
<ObjectRef ref="id43F7C93131168"/>
</TSrc>
<TDst neg="False">
<ObjectRef ref="sysid0"/>
</TDst>
<TSrv neg="False">
<ServiceRef ref="sysid1"/>
</TSrv>
<NATRuleOptions/>
</NATRule>
<NATRule comment="" disabled="False" id="id43F7C9A931168" position="1">
<OSrc neg="False">
<ObjectRef ref="net-Internal_net"/>
</OSrc>
<ODst neg="False">
<ObjectRef ref="sysid0"/>
</ODst>
<OSrv neg="False">
<ServiceRef ref="sysid1"/>
</OSrv>
<TSrc neg="False">
<ObjectRef ref="id43F7CA2B31168"/>
</TSrc>
<TDst neg="False">
<ObjectRef ref="sysid0"/>
</TDst>
<TSrv neg="False">
<ServiceRef ref="sysid1"/>
</TSrv>
<NATRuleOptions/>
</NATRule>
<NATRule comment="" disabled="False" id="id43F7C9B731168" position="2">
<OSrc neg="False">
<ObjectRef ref="net-Internal_net"/>
</OSrc>
<ODst neg="False">
<ObjectRef ref="sysid0"/>
</ODst>
<OSrv neg="False">
<ServiceRef ref="sysid1"/>
</OSrv>
<TSrc neg="False">
<ObjectRef ref="sysid0"/>
</TSrc>
<TDst neg="False">
<ObjectRef ref="sysid0"/>
</TDst>
<TSrv neg="False">
<ServiceRef ref="sysid1"/>
</TSrv>
<NATRuleOptions/>
</NATRule>
<NATRule disabled="False" id="id43F7C9C531168" position="3">
<OSrc neg="False">
<ObjectRef ref="sysid0"/>
</OSrc>
<ODst neg="False">
<ObjectRef ref="id43F7C93131168"/>
</ODst>
<OSrv neg="False">
<ServiceRef ref="tcp-SSH"/>
</OSrv>
<TSrc neg="False">
<ObjectRef ref="sysid0"/>
</TSrc>
<TDst neg="False">
<ObjectRef ref="id3D58227A"/>
</TDst>
<TSrv neg="False">
<ServiceRef ref="sysid1"/>
</TSrv>
<NATRuleOptions/>
</NATRule>
<NATRule disabled="False" id="id43F7C9D331168" position="4">
<OSrc neg="False">
<ObjectRef ref="sysid0"/>
</OSrc>
<ODst neg="False">
<ObjectRef ref="id43F7C93131168"/>
</ODst>
<OSrv neg="False">
<ServiceRef ref="tcp-SSH"/>
</OSrv>
<TSrc neg="False">
<ObjectRef ref="sysid0"/>
</TSrc>
<TDst neg="False">
<ObjectRef ref="id3D58227E"/>
</TDst>
<TSrv neg="False">
<ServiceRef ref="sysid1"/>
</TSrv>
<NATRuleOptions/>
</NATRule>
<NATRule disabled="False" id="id43F7C9E131168" position="5">
<OSrc neg="False">
<ObjectRef ref="sysid0"/>
</OSrc>
<ODst neg="False">
<ObjectRef ref="id43F7C93131168"/>
</ODst>
<OSrv neg="False">
<ServiceRef ref="tcp-SSH"/>
</OSrv>
<TSrc neg="False">
<ObjectRef ref="sysid0"/>
</TSrc>
<TDst neg="False">
<ObjectRef ref="id43F7CA2831168"/>
</TDst>
<TSrv neg="False">
<ServiceRef ref="sysid1"/>
</TSrv>
<NATRuleOptions/>
</NATRule>
<NATRule disabled="False" id="id43F7C9EF31168" position="6">
<OSrc neg="False">
<ObjectRef ref="sysid0"/>
</OSrc>
<ODst neg="False">
<ObjectRef ref="id43F7C93131168"/>
</ODst>
<OSrv neg="False">
<ServiceRef ref="tcp-SSH"/>
</OSrv>
<TSrc neg="False">
<ObjectRef ref="sysid0"/>
</TSrc>
<TDst neg="False">
<ObjectRef ref="id3D582283"/>
</TDst>
<TSrv neg="False">
<ServiceRef ref="sysid1"/>
</TSrv>
<NATRuleOptions/>
</NATRule>
<NATRule comment="" disabled="False" id="id43F7C9FD31168" position="7">
<OSrc neg="False">
<ObjectRef ref="sysid0"/>
</OSrc>
<ODst neg="False">
<ObjectRef ref="id43F7CA2B31168"/>
</ODst>
<OSrv neg="False">
<ServiceRef ref="tcp-SSH"/>
</OSrv>
<TSrc neg="False">
<ObjectRef ref="sysid0"/>
</TSrc>
<TDst neg="False">
<ObjectRef ref="id3D582283"/>
</TDst>
<TSrv neg="False">
<ServiceRef ref="sysid1"/>
</TSrv>
<NATRuleOptions/>
</NATRule>
<NATRule comment="" disabled="False" id="id43F7CA0B31168" position="8">
<OSrc neg="False">
<ObjectRef ref="sysid0"/>
</OSrc>
<ODst neg="False">
<ObjectRef ref="id43F7CA2B31168"/>
</ODst>
<OSrv neg="False">
<ServiceRef ref="tcp-SSH"/>
</OSrv>
<TSrc neg="False">
<ObjectRef ref="sysid0"/>
</TSrc>
<TDst neg="False">
<ObjectRef ref="id43F7CA2831168"/>
</TDst>
<TSrv neg="False">
<ServiceRef ref="sysid1"/>
</TSrv>
<NATRuleOptions/>
</NATRule>
<NATRule comment="" disabled="False" id="id43F7CA1931168" position="9">
<OSrc neg="False">
<ObjectRef ref="sysid0"/>
</OSrc>
<ODst neg="False">
<ObjectRef ref="sysid0"/>
</ODst>
<OSrv neg="False">
<ServiceRef ref="tcp-SSH"/>
</OSrv>
<TSrc neg="False">
<ObjectRef ref="sysid0"/>
</TSrc>
<TDst neg="False">
<ObjectRef ref="id3D582283"/>
</TDst>
<TSrv neg="False">
<ServiceRef ref="sysid1"/>
</TSrv>
<NATRuleOptions/>
</NATRule>
</NAT>
<Policy id="id43F7C93731168" name="Policy">
<PolicyRule action="Custom" direction="Inbound" disabled="False" id="id43F7C93831168" log="False" position="0">
<Src neg="False">
<ObjectRef ref="net-Internal_net"/>
</Src>
<Dst neg="False">
<ObjectRef ref="sysid0"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="sysid1"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="id43F7CA2B31168"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions>
<Option name="action_on_reject"/>
<Option name="classify_str"/>
<Option name="custom_str">auth</Option>
<Option name="ipfw_classify_method">2</Option>
<Option name="ipfw_pipe_port_num">0</Option>
<Option name="ipfw_pipe_queue_num">0</Option>
<Option name="rule_name_accounting"/>
<Option name="stateless">True</Option>
<Option name="tagvalue"/>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule action="Custom" comment="" direction="Inbound" disabled="False" id="id43F7D90631168" log="False" position="1">
<Src neg="True">
<ObjectRef ref="net-Internal_net"/>
</Src>
<Dst neg="False">
<ObjectRef ref="sysid0"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="sysid1"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="id43F7CA2B31168"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions>
<Option name="action_on_reject"/>
<Option name="classify_str"/>
<Option name="custom_str">auth</Option>
<Option name="ipfw_classify_method">2</Option>
<Option name="ipfw_pipe_port_num">0</Option>
<Option name="ipfw_pipe_queue_num">0</Option>
<Option name="rule_name_accounting"/>
<Option name="stateless">True</Option>
<Option name="tagvalue"/>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule action="Accept" comment="" direction="Inbound" disabled="False" id="id43F7D91731168" log="False" position="2">
<Src neg="False">
<ObjectRef ref="net-Internal_net"/>
</Src>
<Dst neg="False">
<ObjectRef ref="sysid0"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="sysid1"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="id43F7CA2B31168"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions/>
</PolicyRule>
<PolicyRule action="Deny" direction="Both" disabled="False" id="id43F7C98E31168" log="True" position="3">
<Src neg="False">
<ObjectRef ref="sysid0"/>
</Src>
<Dst neg="False">
<ObjectRef ref="sysid0"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="sysid1"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="sysid0"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions>
<Option name="stateless">True</Option>
</PolicyRuleOptions>
</PolicyRule>
</Policy>
<Routing id="id43F7CA2731168" name="Routing">
</Routing>
<Interface bridgeport="False" comment="" dyn="False" id="id43F7CA2831168" label="" mgmt="False" name="le0" security_level="100" unnum="False" unprotected="False">
<IPv4 address="192.168.1.1" comment="" id="id43F7CA2A31168" name="firewall35:le0:ip" netmask="255.255.255.0"/>
</Interface>
<Interface bridgeport="False" comment="" dyn="False" id="id43F7CA2B31168" label="" mgmt="False" name="le1" security_level="0" unnum="False" unprotected="False">
<IPv4 address="22.22.22.22" comment="" id="id43F7CA2D31168" name="firewall35:le1:ip" netmask="255.255.255.0"/>
</Interface>
<Interface bridgeport="False" comment="" dyn="False" id="id43F7CA2E31168" label="" mgmt="False" name="lo0" security_level="100" unnum="False" unprotected="False">
<IPv4 address="127.0.0.1" comment="" id="id43F7CA3031168" name="firewall35:lo0:ip" netmask="255.0.0.0"/>
</Interface>
<Management address="22.22.22.22">
<SNMPManagement enabled="False" snmp_read_community="" snmp_write_community=""/>
<FWBDManagement enabled="True" identity="" port="9999"/>
<PolicyInstallScript arguments="" command="" enabled="False"/>
</Management>
<FirewallOptions>
<Option name="action_on_reject">ICMP host prohibited</Option>
<Option name="check_shading">False</Option>
<Option name="cmdline"/>
<Option name="compiler"/>
<Option name="debug">False</Option>
<Option name="eliminate_duplicates">True</Option>
<Option name="firewall_dir">/etc</Option>
<Option name="freebsd_ip_forward">1</Option>
<Option name="freebsd_path_ipf"/>
<Option name="freebsd_path_ipnat"/>
<Option name="freebsd_path_sysctl"/>
<Option name="ignore_empty_groups">False</Option>
<Option name="in_out_code">True</Option>
<Option name="ipf_log_body">False</Option>
<Option name="ipf_log_facility"/>
<Option name="ipf_log_level"/>
<Option name="ipf_log_or_block">False</Option>
<Option name="ipf_nat_ftp_proxy">False</Option>
<Option name="ipf_nat_h323_proxy">False</Option>
<Option name="ipf_nat_ipsec_proxy">False</Option>
<Option name="ipf_nat_raudio_proxy">False</Option>
<Option name="ipf_nat_rcmd_proxy">False</Option>
<Option name="ipf_return_icmp_as_dest">False</Option>
<Option name="manage_virtual_addr">False</Option>
<Option name="pass_all_out">False</Option>
<Option name="snmp_contact"/>
<Option name="snmp_description"/>
<Option name="snmp_location"/>
</FirewallOptions>
</Firewall>
</ObjectGroup>
<IntervalGroup id="stdid11_1" name="Time"/>
</Library>
<Library color="#FFFFFF" comment="" id="id40C3E07E" name="SFO" ro="True">
<ObjectGroup id="id40C3E07F" name="Objects">
<ObjectGroup id="id40C3E07F_og_ats_1" name="Address Tables"/>
<ObjectGroup id="id40C3E081" name="Groups">
<ObjectGroup comment="" id="id40E23562" name="SFO Servers">
<ObjectRef ref="id40E238E9"/>
<ObjectRef ref="id40E238E8"/>
</ObjectGroup>
</ObjectGroup>
<ObjectGroup id="id40C3E080" name="Addresses">
<IPv4 address="10.2.10.11" comment="" id="id40E238E9" name="sfoweb1" netmask="255.255.255.255"/>
<IPv4 address="10.2.10.10" comment="" id="id40E238E8" name="sfoftp1" netmask="255.255.255.255"/>
</ObjectGroup>
<ObjectGroup id="id4386560618752" name="DNS Names"/>
<ObjectGroup id="id4386560718752" name="Hosts"/>
<ObjectGroup id="id4386560818752" name="Networks"/>
<ObjectGroup id="id4386560918752" name="Address Ranges"/>
</ObjectGroup>
<ServiceGroup id="id4386560A18752" name="Services">
<ServiceGroup id="id4386560A18752_og_tag_1" name="TagServices">
</ServiceGroup>
<ServiceGroup id="id4386560B18752" name="Groups"/>
<ServiceGroup id="id4386560C18752" name="ICMP"/>
<ServiceGroup id="id4386560D18752" name="IP"/>
<ServiceGroup id="id4386560E18752" name="TCP"/>
<ServiceGroup id="id4386560F18752" name="UDP"/>
<ServiceGroup id="id4386561018752" name="Custom"/>
<ServiceGroup id="id4386560A18752_userservices" name="Users"/>
</ServiceGroup>
<ObjectGroup id="id4386561118752" name="Firewalls"/>
<IntervalGroup id="id4386561218752" name="Time"/>
</Library>
<Library id="sysid99" name="Deleted Objects" ro="False">
<ObjectRef ref="sysid0"/>
</Library>
<Library color="#FFFFFF" comment="" id="id4387B43718346" name="transfer" ro="False">
<ObjectGroup id="id4387B43818346" name="Objects">
<ObjectGroup id="id4387B43918346" name="Addresses"/>
<ObjectGroup id="id4387B43A18346" name="DNS Names"/>
<ObjectGroup id="id4387B43B18346" name="Address Tables"/>
<ObjectGroup id="id4387B43C18346" name="Groups"/>
<ObjectGroup id="id4387B43D18346" name="Hosts"/>
<ObjectGroup id="id4387B43E18346" name="Networks"/>
<ObjectGroup id="id4387B43F18346" name="Address Ranges"/>
</ObjectGroup>
<ServiceGroup id="id4387B44018346" name="Services">
<ServiceGroup id="id4387B44018346_og_tag_1" name="TagServices">
</ServiceGroup>
<ServiceGroup id="id4387B44118346" name="Groups"/>
<ServiceGroup id="id4387B44218346" name="ICMP"/>
<ServiceGroup id="id4387B44318346" name="IP"/>
<ServiceGroup id="id4387B44418346" name="TCP"/>
<ServiceGroup id="id4387B44518346" name="UDP"/>
<ServiceGroup id="id4387B44618346" name="Custom"/>
<ServiceGroup id="id4387B44018346_userservices" name="Users"/>
</ServiceGroup>
<ObjectGroup id="id4387B44718346" name="Firewalls"/>
<IntervalGroup id="id4387B44818346" name="Time"/>
</Library>
<Library color="#d4f8ff" comment="Standard objects" id="syslib000" name="Standard" ro="True">
<ServiceGroup id="stdid05" name="Services">
<ServiceGroup id="stdid06" name="IP">
<IPService comment="IPSEC Encapsulating Security Payload Protocol" fragm="False" id="ip-IPSEC" lsrr="False" name="ESP" protocol_num="50" rr="False" short_fragm="False" ssrr="False" ts="False"/>
<IPService comment="'Short' fragments" fragm="False" id="ip-IP_Fragments" lsrr="False" name="ip_fragments" protocol_num="0" rr="False" short_fragm="True" ssrr="False" ts="False"/>
<IPService comment="Route recording packets" fragm="False" id="ip-RR" lsrr="False" name="RR" protocol_num="0" rr="True" short_fragm="False" ssrr="False" ts="False"/>
<IPService comment="All sorts of Source Routing Packets" fragm="False" id="ip-SRR" lsrr="True" name="SRR" protocol_num="0" rr="False" short_fragm="False" ssrr="True" ts="False"/>
</ServiceGroup>
<ServiceGroup id="stdid09" name="TCP">
<TCPService ack_flag="False" ack_flag_mask="False" comment="" dst_range_end="113" dst_range_start="113" fin_flag="False" fin_flag_mask="False" id="tcp-Auth" name="auth" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" src_range_end="0" src_range_start="0" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False"/>
<TCPService ack_flag="False" ack_flag_mask="False" comment="" dst_range_end="53" dst_range_start="53" fin_flag="False" fin_flag_mask="False" id="tcp-DNS_zone_transf" name="dns-tcp" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" src_range_end="0" src_range_start="0" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False"/>
<TCPService ack_flag="False" ack_flag_mask="False" comment="" dst_range_end="21" dst_range_start="21" fin_flag="False" fin_flag_mask="False" id="tcp-FTP" name="ftp" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" src_range_end="0" src_range_start="0" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False"/>
<TCPService ack_flag="False" ack_flag_mask="False" comment="" dst_range_end="80" dst_range_start="80" fin_flag="False" fin_flag_mask="False" id="tcp-HTTP" name="http" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" src_range_end="0" src_range_start="0" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False"/>
<TCPService ack_flag="False" ack_flag_mask="False" comment="" dst_range_end="119" dst_range_start="119" fin_flag="False" fin_flag_mask="False" id="tcp-NNTP" name="nntp" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" src_range_end="0" src_range_start="0" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False"/>
<TCPService ack_flag="False" ack_flag_mask="False" comment="" dst_range_end="25" dst_range_start="25" fin_flag="False" fin_flag_mask="False" id="tcp-SMTP" name="smtp" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" src_range_end="0" src_range_start="0" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False"/>
<TCPService ack_flag="False" ack_flag_mask="False" comment="" dst_range_end="22" dst_range_start="22" fin_flag="False" fin_flag_mask="False" id="tcp-SSH" name="ssh" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" src_range_end="0" src_range_start="0" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False"/>
<TCPService ack_flag="False" ack_flag_mask="False" comment="" dst_range_end="23" dst_range_start="23" fin_flag="False" fin_flag_mask="False" id="tcp-Telnet" name="telnet" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" src_range_end="0" src_range_start="0" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False"/>
<TCPService ack_flag="False" ack_flag_mask="False" comment="" dst_range_end="540" dst_range_start="540" fin_flag="False" fin_flag_mask="False" id="tcp-uucp" name="uucp" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" src_range_end="0" src_range_start="0" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False"/>
<TCPService ack_flag="False" ack_flag_mask="False" comment="" dst_range_end="13" dst_range_start="13" fin_flag="False" fin_flag_mask="False" id="id3AEDBE6E" name="daytime" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" src_range_end="0" src_range_start="0" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False"/>
<TCPService ack_flag="False" ack_flag_mask="False" comment="" dst_range_end="2105" dst_range_start="2105" fin_flag="False" fin_flag_mask="False" id="id3B4FEDA3" name="eklogin" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" src_range_end="0" src_range_start="0" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False"/>
<TCPService ack_flag="False" ack_flag_mask="False" comment="" dst_range_end="443" dst_range_start="443" fin_flag="False" fin_flag_mask="False" id="id3B4FED69" name="https" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" src_range_end="0" src_range_start="0" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False"/>
<TCPService ack_flag="False" ack_flag_mask="False" comment="" dst_range_end="143" dst_range_start="143" fin_flag="False" fin_flag_mask="False" id="id3AECF776" name="imap" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" src_range_end="0" src_range_start="0" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False"/>
<TCPService ack_flag="False" ack_flag_mask="False" comment="" dst_range_end="993" dst_range_start="993" fin_flag="False" fin_flag_mask="False" id="id3B4FED9F" name="imaps" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" src_range_end="0" src_range_start="0" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False"/>
<TCPService ack_flag="False" ack_flag_mask="False" comment="" dst_range_end="6667" dst_range_start="6667" fin_flag="False" fin_flag_mask="False" id="id3B4FF13C" name="irc" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" src_range_end="0" src_range_start="0" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False"/>
<TCPService ack_flag="False" ack_flag_mask="False" comment="" dst_range_end="543" dst_range_start="543" fin_flag="False" fin_flag_mask="False" id="id3B4FEE21" name="klogin" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" src_range_end="0" src_range_start="0" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False"/>
<TCPService ack_flag="False" ack_flag_mask="False" comment="" dst_range_end="544" dst_range_start="544" fin_flag="False" fin_flag_mask="False" id="id3B4FEE23" name="ksh" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" src_range_end="0" src_range_start="0" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False"/>
<TCPService ack_flag="False" ack_flag_mask="False" comment="" dst_range_end="389" dst_range_start="389" fin_flag="False" fin_flag_mask="False" id="id3AECF778" name="ldap" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" src_range_end="0" src_range_start="0" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False"/>
<TCPService ack_flag="False" ack_flag_mask="False" comment="" dst_range_end="98" dst_range_start="98" fin_flag="False" fin_flag_mask="False" id="id3B4FF000" name="linuxconf" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" src_range_end="0" src_range_start="0" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False"/>
<TCPService ack_flag="False" ack_flag_mask="False" comment="" dst_range_end="3306" dst_range_start="3306" fin_flag="False" fin_flag_mask="False" id="id3B4FEEEE" name="mysql" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" src_range_end="0" src_range_start="0" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False"/>
<TCPService ack_flag="False" ack_flag_mask="False" comment="" dst_range_end="2049" dst_range_start="2049" fin_flag="False" fin_flag_mask="False" id="id3B4FEE7A" name="nfs" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" src_range_end="0" src_range_start="0" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False"/>
<TCPService ack_flag="False" ack_flag_mask="False" comment="" dst_range_end="110" dst_range_start="110" fin_flag="False" fin_flag_mask="False" id="id3B4FEE1D" name="pop3" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" src_range_end="0" src_range_start="0" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False"/>
<TCPService ack_flag="False" ack_flag_mask="False" comment="" dst_range_end="5432" dst_range_start="5432" fin_flag="False" fin_flag_mask="False" id="id3B4FF0EA" name="postgres" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" src_range_end="0" src_range_start="0" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False"/>
<TCPService ack_flag="False" ack_flag_mask="False" comment="" dst_range_end="515" dst_range_start="515" fin_flag="False" fin_flag_mask="False" id="id3AECF782" name="printer" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" src_range_end="0" src_range_start="0" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False"/>
<TCPService ack_flag="False" ack_flag_mask="False" comment="" dst_range_end="26000" dst_range_start="26000" fin_flag="False" fin_flag_mask="False" id="id3B4FEF7C" name="quake" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" src_range_end="0" src_range_start="0" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False"/>
<TCPService ack_flag="False" ack_flag_mask="False" comment="" dst_range_end="512" dst_range_start="512" fin_flag="False" fin_flag_mask="False" id="id3AECF77A" name="rexec" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" src_range_end="0" src_range_start="0" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False"/>
<TCPService ack_flag="False" ack_flag_mask="False" comment="" dst_range_end="513" dst_range_start="513" fin_flag="False" fin_flag_mask="False" id="id3AECF77C" name="rlogin" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" src_range_end="0" src_range_start="0" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False"/>
<TCPService ack_flag="False" ack_flag_mask="False" comment="" dst_range_end="514" dst_range_start="514" fin_flag="False" fin_flag_mask="False" id="id3AECF77E" name="rshell" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" src_range_end="0" src_range_start="0" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False"/>
<TCPService ack_flag="False" ack_flag_mask="False" comment="" dst_range_end="4321" dst_range_start="4321" fin_flag="False" fin_flag_mask="False" id="id3B4FEF34" name="rwhois" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" src_range_end="0" src_range_start="0" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False"/>
<TCPService ack_flag="False" ack_flag_mask="False" comment="" dst_range_end="465" dst_range_start="465" fin_flag="False" fin_flag_mask="False" id="id3B4FF04C" name="smtps" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" src_range_end="0" src_range_start="0" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False"/>
<TCPService ack_flag="False" ack_flag_mask="False" comment="" dst_range_end="1080" dst_range_start="1080" fin_flag="False" fin_flag_mask="False" id="id3B4FEE76" name="socks" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" src_range_end="0" src_range_start="0" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False"/>
<TCPService ack_flag="False" ack_flag_mask="False" comment="" dst_range_end="111" dst_range_start="111" fin_flag="False" fin_flag_mask="False" id="id3AEDBE00" name="sunrpc" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" src_range_end="0" src_range_start="0" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False"/>
<TCPService ack_flag="False" ack_flag_mask="False" comment="" dst_range_end="7100" dst_range_start="7100" fin_flag="False" fin_flag_mask="False" id="id3B4FF1B8" name="xfs" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" src_range_end="0" src_range_start="0" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False"/>
<TCPService ack_flag="False" ack_flag_mask="True" comment="" dst_range_end="0" dst_range_start="0" fin_flag="False" fin_flag_mask="True" id="tcp-TCP-SYN" name="tcp-syn" psh_flag="False" psh_flag_mask="True" rst_flag="False" rst_flag_mask="True" src_range_end="0" src_range_start="0" syn_flag="True" syn_flag_mask="True" urg_flag="False" urg_flag_mask="True"/>
<TCPService ack_flag="False" ack_flag_mask="False" comment="" dst_range_end="3128" dst_range_start="3128" fin_flag="False" fin_flag_mask="False" id="id3B4FF09A" name="squid" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" src_range_end="0" src_range_start="0" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False"/>
<TCPService ack_flag="False" ack_flag_mask="False" comment="" dst_range_end="1720" dst_range_start="1720" fin_flag="False" fin_flag_mask="False" id="id3AEDBEAC" name="H323" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" src_range_end="0" src_range_start="0" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False"/>
<TCPService ack_flag="False" ack_flag_mask="False" comment="" dst_range_end="0" dst_range_start="0" fin_flag="False" fin_flag_mask="False" id="tcp-All_TCP" name="All TCP" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" src_range_end="0" src_range_start="0" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False"/>
</ServiceGroup>
<ServiceGroup id="stdid08" name="UDP">
<UDPService comment="" dst_range_end="53" dst_range_start="53" id="udp-DNS" name="domain" src_range_end="0" src_range_start="0"/>
<UDPService comment="" dst_range_end="161" dst_range_start="161" id="udp-SNMP" name="snmp" src_range_end="0" src_range_start="0"/>
<UDPService comment="" dst_range_end="68" dst_range_start="68" id="udp-bootpc" name="bootpc" src_range_end="0" src_range_start="0"/>
</ServiceGroup>
<ServiceGroup id="stdid10" name="Groups">
<ServiceGroup comment="" id="sg-Useful_ICMP" name="Useful_ICMP">
<ServiceRef ref="icmp-Time_exceeded"/>
<ServiceRef ref="icmp-Time_exceeded_in_transit"/>
<ServiceRef ref="icmp-ping_reply"/>
<ServiceRef ref="icmp-Unreachables"/>
</ServiceGroup>
</ServiceGroup>
<ServiceGroup id="stdid07" name="ICMP">
<ICMPService code="0" comment="" id="icmp-ping_request" name="ping request" type="8"/>
<ICMPService code="-1" comment="" id="icmp-Unreachables" name="all ICMP unreachables" type="3"/>
<ICMPService code="0" comment="ICMP messages of this type are needed for traceroute" id="icmp-Time_exceeded" name="time exceeded" type="11"/>
<ICMPService code="1" comment="" id="icmp-Time_exceeded_in_transit" name="time exceeded in transit" type="11"/>
<ICMPService code="0" comment="" id="icmp-ping_reply" name="ping reply" type="0"/>
</ServiceGroup>
<ServiceGroup id="stdid05_userservices" name="Users"/>
</ServiceGroup>
<AnyNetwork comment="Any Network" id="sysid0" name="Any" address="0.0.0.0" netmask="0.0.0.0"/>
<AnyInterval comment="Any Interval" from_day="-1" from_hour="-1" from_minute="-1" from_month="-1" from_weekday="-1" from_year="-1" id="sysid2" name="Any" to_day="-1" to_hour="-1" to_minute="-1" to_month="-1" to_weekday="-1" to_year="-1"/>
<AnyIPService comment="Any IP Service" id="sysid1" name="Any" protocol_num="0"/>
<IntervalGroup id="stdid11" name="Time">
<Interval comment="any day 6:00pm - 12:00am" from_day="-1" from_hour="18" from_minute="0" from_month="-1" from_weekday="-1" from_year="-1" id="int-afterhours" name="afterhours" to_day="-1" to_hour="23" to_minute="59" to_month="-1" to_weekday="-1" to_year="-1"/>
<Interval comment="" from_day="-1" from_hour="0" from_minute="0" from_month="-1" from_weekday="6" from_year="-1" id="id3C63479C" name="Sat" to_day="-1" to_hour="23" to_minute="59" to_month="-1" to_weekday="6" to_year="-1"/>
<Interval comment="" from_day="-1" from_hour="0" from_minute="0" from_month="-1" from_weekday="0" from_year="-1" id="id3C63479E" name="Sun" to_day="-1" to_hour="23" to_minute="59" to_month="-1" to_weekday="0" to_year="-1"/>
</IntervalGroup>
</Library>
</FWObjectDatabase>
Reference in New Issue View Git Blame Copy Permalink