onkelbeh/fwbuilder
1
0
Fork 0
mirror of https://github.com/fwbuilder/fwbuilder synced 2026-03-21 10:47:16 +01:00
Code Issues Releases Wiki Activity
fwbuilder/test/pix/firewall10.fw.orig
Vadim Kurland 59f40e5d71 * PolicyCompiler_pix.cpp (printPreambleCommands): see #2347 "FWSM 
move up the "access-list mode auto-commit" command". Command that
configures access list commit mode should be issued before any
commands that clear and configure access lists. Also in this
change moving commands that set up temporary access list to the
top of the script.
2011-04-14 12:11:15 -07:00

404 lines
12 KiB
Plaintext
Executable File
Raw Blame History

!
! This is automatically generated file. DO NOT MODIFY !
!
! Firewall Builder fwb_pix v4.2.0.3526
!
! Generated Thu Apr 14 12:07:13 2011 PDT by vadim
!
! Compiled for pix 6.3
! Outbound ACLs: not supported
! Emulate outbound ACLs: yes
! Generating outbound ACLs: no
! Assume firewall is part of any: yes
!
!# files: * firewall10.fw
!
! big policy. Testing compiler performance
! C firewall10:Policy:3: warning: Rule with direction 'Outbound' was suppressed because generation of outbound access lists is turned off in firewall object settings
!
! Prolog script:
!
!
! End of prolog script:
!
hostname firewall10
nameif ethernet1 outside security0
nameif ethernet0 inside security100
nameif ethernet2 dmz security50
logging host inside 192.168.1.30
logging queue 512
logging facility 16
no logging buffered
no logging console
no logging timestamp
logging on
timeout xlate 3:0:0
timeout conn 1:0:0
timeout udp 0:2:0
timeout rpc 0:10:0
timeout h323 0:5:0
timeout sip 0:30:0
timeout sip_media 0:0:0
timeout uauth 2:0:0 absolute
telnet timeout 5
clear ssh
aaa authentication ssh console LOCAL
ssh timeout 5
snmp-server community public
snmp-server enable traps
snmp-server host inside 192.168.1.20 trap
snmp-server host inside 192.168.1.22 poll
ntp server 192.168.1.20 source inside
no service resetinbound
no service resetoutside
sysopt connection tcpmss 1380
sysopt connection timewait
sysopt nodnsalias inbound
sysopt nodnsalias outbound
floodguard disable
fixup protocol ftp 21
fixup protocol h323 h225 1720
fixup protocol h323 ras 1718-1719
fixup protocol http 80
fixup protocol ils 389
fixup protocol rsh 514
fixup protocol rtsp 554
fixup protocol sip 5060
fixup protocol skinny 2000
fixup protocol smtp 25
fixup protocol sqlnet 1521
!################
clear object-group
object-group network id3DB0FA90.dst.net.0
network-object host 211.11.11.11
network-object host 211.22.22.22
exit
object-group service id3DB0FA90.srv.tcp.0 tcp
port-object eq 113
port-object eq 80
port-object eq 443
port-object eq 143
port-object eq 25
port-object eq 22
port-object eq 540
exit
object-group icmp-type id3DB0F9C7.srv.icmp.0
icmp-object 3
icmp-object 0
icmp-object 11
exit
object-group service id3DB0F9BD.srv.tcp.0 tcp
port-object eq 70
port-object eq 6667
port-object eq 3128
port-object eq 23
exit
object-group service id3DB0F9BD.srv.udp.0 udp
port-object eq 53
port-object eq 161
exit
object-group network id3DB0F9E6.dst.net.0
network-object host 192.168.1.10
network-object host 192.168.1.20
exit
object-group network id3DB10695.src.net.0
network-object 192.168.1.0 255.255.255.0
network-object 192.168.10.0 255.255.255.0
network-object 192.168.20.0 255.255.255.0
exit
object-group network id3DB10695.src.net.1
network-object 192.168.2.0 255.255.255.0
network-object 192.168.3.0 255.255.255.0
exit
object-group network id3DB10695.dst.net.0
network-object host 192.168.1.10
network-object host 192.168.1.11
network-object host 192.168.1.12
network-object host 192.168.1.13
network-object host 192.168.1.14
network-object host 192.168.1.15
network-object host 192.168.1.20
exit
object-group network id3DB0F9F2.dst.net.0
network-object 192.168.1.250 255.255.255.254
network-object 192.168.1.252 255.255.255.252
exit
object-group network id3DB0F9FC.dst.net.0
network-object host 192.168.1.11
network-object host 192.168.1.12
network-object host 192.168.1.13
network-object host 192.168.1.14
network-object host 192.168.1.15
exit
object-group service id3DB0F9FC.srv.tcp.0 tcp
port-object eq 113
port-object eq 80
port-object eq 443
port-object eq 143
port-object eq 25
port-object eq 3128
port-object eq 22
port-object eq 540
exit
object-group network id3DB0FA07.dst.net.0
network-object 192.168.1.11 255.255.255.255
network-object 192.168.1.12 255.255.255.252
exit
object-group service id3DB0FA12.srv.tcp.0 tcp
port-object eq 113
port-object eq 13
port-object eq 53
port-object eq 2105
port-object eq 21
port-object eq 70
port-object eq 80
port-object eq 443
port-object eq 143
port-object eq 993
port-object eq 6667
port-object eq 6667
port-object eq 543
port-object eq 544
port-object eq 389
port-object eq 98
port-object eq 3306
port-object eq 2049
port-object eq 119
port-object eq 110
port-object eq 5432
port-object eq 515
port-object eq 26000
port-object eq 512
port-object eq 513
port-object eq 514
port-object eq 4321
port-object eq 25
port-object eq 465
port-object eq 1080
port-object eq 3128
port-object eq 22
port-object eq 111
port-object eq 23
port-object range 10000 11000
port-object eq 540
port-object eq 7100
exit
!
! Rule 3 (ethernet1)
! anti-spoofing rule
! firewall10:Policy:3: warning: Rule with direction 'Outbound' was suppressed because generation of outbound access lists is turned off in firewall object settings
access-list inside_acl_in permit ip 192.168.1.0 255.255.255.0 any log 6 interval 300
!
! Rule 5 (ethernet0)
access-list inside_acl_in permit tcp any object-group id3DB0FA90.dst.net.0 object-group id3DB0FA90.srv.tcp.0
access-list inside_acl_in permit tcp any object-group id3DB0FA90.dst.net.0 object-group id3DB0FA90.srv.tcp.0
access-list dmz_acl_in permit tcp any object-group id3DB0FA90.dst.net.0 object-group id3DB0FA90.srv.tcp.0
!
! Rule 7 (global)
access-list outside_acl_in permit icmp any host 192.168.1.10 object-group id3DB0F9C7.srv.icmp.0
access-list inside_acl_in permit icmp any host 192.168.1.10 object-group id3DB0F9C7.srv.icmp.0
access-list dmz_acl_in permit icmp any host 192.168.1.10 object-group id3DB0F9C7.srv.icmp.0
!
! Rule 8 (global)
access-list outside_acl_in permit icmp any host 192.168.1.10
access-list inside_acl_in permit icmp any host 192.168.1.10
access-list dmz_acl_in permit icmp any host 192.168.1.10
access-list outside_acl_in permit tcp any host 192.168.1.10 object-group id3DB0F9BD.srv.tcp.0
access-list inside_acl_in permit tcp any host 192.168.1.10 object-group id3DB0F9BD.srv.tcp.0
access-list dmz_acl_in permit tcp any host 192.168.1.10 object-group id3DB0F9BD.srv.tcp.0
access-list outside_acl_in permit udp any host 192.168.1.10 object-group id3DB0F9BD.srv.udp.0
access-list inside_acl_in permit udp any host 192.168.1.10 object-group id3DB0F9BD.srv.udp.0
access-list dmz_acl_in permit udp any host 192.168.1.10 object-group id3DB0F9BD.srv.udp.0
access-list outside_acl_in permit 47 any host 192.168.1.10
access-list inside_acl_in permit 47 any host 192.168.1.10
access-list dmz_acl_in permit 47 any host 192.168.1.10
!
! Rule 9 (global)
icmp permit any 3 outside
access-list outside_acl_in permit icmp any host 22.22.22.22 3 log 6 interval 300
icmp permit any 3 inside
access-list inside_acl_in permit icmp any host 192.168.1.1 3 log 6 interval 300
icmp permit any 3 dmz
access-list dmz_acl_in permit icmp any host 192.168.2.1 3 log 6 interval 300
access-list outside_acl_in permit icmp any any 3 log 6 interval 300
access-list inside_acl_in permit icmp any any 3 log 6 interval 300
access-list dmz_acl_in permit icmp any any 3 log 6 interval 300
access-list outside_acl_in permit 47 any any log 6 interval 300
access-list inside_acl_in permit 47 any any log 6 interval 300
access-list dmz_acl_in permit 47 any any log 6 interval 300
access-list outside_acl_in permit 50 any any log 6 interval 300
access-list inside_acl_in permit 50 any any log 6 interval 300
access-list dmz_acl_in permit 50 any any log 6 interval 300
!
! Rule 11 (global)
access-list outside_acl_in permit ip object-group id3DB0FA90.dst.net.0 object-group id3DB0F9E6.dst.net.0
!
! Rule 12 (global)
access-list outside_acl_in permit ip 192.168.4.0 255.255.255.0 host 192.168.1.1
access-list inside_acl_in permit ip object-group id3DB10695.src.net.0 host 192.168.1.1
access-list dmz_acl_in permit ip object-group id3DB10695.src.net.1 host 192.168.1.1
access-list outside_acl_in permit ip 192.168.4.0 255.255.255.0 object-group id3DB10695.dst.net.0
access-list inside_acl_in permit ip object-group id3DB10695.src.net.0 object-group id3DB10695.dst.net.0
access-list dmz_acl_in permit ip object-group id3DB10695.src.net.1 object-group id3DB10695.dst.net.0
!
! Rule 13 (global)
access-list outside_acl_in permit tcp any object-group id3DB0F9F2.dst.net.0 eq 3128
access-list inside_acl_in permit tcp any object-group id3DB0F9F2.dst.net.0 eq 3128
access-list dmz_acl_in permit tcp any object-group id3DB0F9F2.dst.net.0 eq 3128
!
! Rule 14 (global)
access-list outside_acl_in permit tcp any object-group id3DB0F9FC.dst.net.0 object-group id3DB0F9FC.srv.tcp.0
access-list inside_acl_in permit tcp any object-group id3DB0F9FC.dst.net.0 object-group id3DB0F9FC.srv.tcp.0
access-list dmz_acl_in permit tcp any object-group id3DB0F9FC.dst.net.0 object-group id3DB0F9FC.srv.tcp.0
!
! Rule 15 (global)
access-list outside_acl_in permit tcp any object-group id3DB0FA07.dst.net.0 object-group id3DB0F9FC.srv.tcp.0
access-list inside_acl_in permit tcp any object-group id3DB0FA07.dst.net.0 object-group id3DB0F9FC.srv.tcp.0
access-list dmz_acl_in permit tcp any object-group id3DB0FA07.dst.net.0 object-group id3DB0F9FC.srv.tcp.0
!
! Rule 16 (global)
access-list outside_acl_in permit tcp any 192.168.1.0 255.255.255.0 object-group id3DB0FA12.srv.tcp.0
access-list inside_acl_in permit tcp any 192.168.1.0 255.255.255.0 object-group id3DB0FA12.srv.tcp.0
access-list dmz_acl_in permit tcp any 192.168.1.0 255.255.255.0 object-group id3DB0FA12.srv.tcp.0
!
! Rule 19 (global)
ssh 0.0.0.0 0.0.0.0 outside
ssh 0.0.0.0 0.0.0.0 inside
ssh 0.0.0.0 0.0.0.0 dmz
access-list outside_acl_in permit icmp any host 22.22.22.22 3
access-list inside_acl_in permit icmp any host 192.168.1.1 3
access-list dmz_acl_in permit icmp any host 192.168.2.1 3
!
! Rule 20 (global)
access-list outside_acl_in permit ip host 22.22.22.22 host 22.22.22.22 log 6 interval 300
access-list inside_acl_in permit ip host 192.168.1.1 host 192.168.1.1 log 6 interval 300
access-list dmz_acl_in permit ip host 192.168.2.1 host 192.168.2.1 log 6 interval 300
!
! Rule 21 (global)
access-list outside_acl_in permit ip host 22.22.22.22 any
access-list inside_acl_in permit ip host 192.168.1.1 any
access-list dmz_acl_in permit ip host 192.168.2.1 any
access-list inside_acl_in permit ip 192.168.1.0 255.255.255.0 any
!
! Rule 22 (global)
access-list outside_acl_in deny ip any any log 6 interval 300
access-list inside_acl_in deny ip any any log 6 interval 300
access-list dmz_acl_in deny ip any any log 6 interval 300
access-group dmz_acl_in in interface dmz
access-group inside_acl_in in interface inside
access-group outside_acl_in in interface outside
!
! Rule 0 (NAT)
global (outside) 1 interface
access-list id3DB0F916.0 permit ip 192.168.1.0 255.255.255.0 any
nat (inside) 1 access-list id3DB0F916.0 0 0
global (dmz) 1 interface
!
!
! Rule 1 (NAT)
access-list id3DB0F924.0 permit ip 192.168.2.0 255.255.255.0 any
access-list id3DB0F924.0 permit ip 192.168.3.0 255.255.255.0 any
nat (dmz) 1 access-list id3DB0F924.0 0 0
!
! Rule 2 (NAT)
global (outside) 1 22.22.22.0 netmask 255.255.255.0
!
!
! Rule 3 (NAT)
global (outside) 1 22.22.22.21-22.22.22.25 netmask 255.255.255.0
!
!
! Rule 4 (NAT)
access-list id3DB0F94E.0 permit tcp host 192.168.1.10 eq 25 any
static (inside,outside) tcp interface 25 access-list id3DB0F94E.0 0 0
!
! Rule 5 (NAT)
! policy NAT
! rule
global (inside) 7 interface
access-list id3DB0F95C.0 permit ip 192.168.2.0 255.255.255.0 192.168.1.0 255.255.255.0
access-list id3DB0F95C.0 permit ip 192.168.3.0 255.255.255.0 192.168.1.0 255.255.255.0
nat (dmz) 7 access-list id3DB0F95C.0 outside
!
! Rule 6 (NAT)
! policy NAT
! rule
access-list id3F9353DD.0 permit ip 192.168.1.0 255.255.255.0 192.168.2.0 255.255.255.0
access-list id3F9353DD.0 permit ip 192.168.1.0 255.255.255.0 192.168.3.0 255.255.255.0
nat (inside) 1 access-list id3F9353DD.0 0 0
!
! Rule 7 (NAT)
access-list nat0.inside permit ip 192.168.1.0 255.255.255.0 192.168.2.0 255.255.255.0
nat (inside) 0 access-list nat0.inside
access-list nat0.inside permit ip 192.168.1.0 255.255.255.0 192.168.3.0 255.255.255.0
!
! Rule 8 (NAT)
access-list nat0.inside permit ip host 192.168.1.10 192.168.2.0 255.255.255.0
access-list nat0.inside permit ip host 192.168.1.10 192.168.3.0 255.255.255.0
!
! Rule 9 (NAT)
static (inside,dmz) 192.168.1.0 192.168.1.0 netmask 255.255.255.0
!
! Rule 10 (NAT)
static (inside,dmz) 192.168.1.10 192.168.1.10 netmask 255.255.255.255
!
! Rule 11 (NAT)
static (inside,outside) 192.168.1.10 192.168.1.10 netmask 255.255.255.255
!
! Epilog script:
!
! End of epilog script:
!
Reference in New Issue View Git Blame Copy Permalink