onkelbeh/fwbuilder
1
0
Fork 0
mirror of https://github.com/fwbuilder/fwbuilder synced 2026-03-20 18:27:16 +01:00
Code Issues Releases Wiki Activity
fwbuilder/test/pix/firewall80.fw.orig
Vadim Kurland 59f40e5d71 * PolicyCompiler_pix.cpp (printPreambleCommands): see #2347 "FWSM 
move up the "access-list mode auto-commit" command". Command that
configures access list commit mode should be issued before any
commands that clear and configure access lists. Also in this
change moving commands that set up temporary access list to the
top of the script.
2011-04-14 12:11:15 -07:00

212 lines
5.5 KiB
Plaintext
Executable File
Raw Blame History

!
! This is automatically generated file. DO NOT MODIFY !
!
! Firewall Builder fwb_pix v4.2.0.3526
!
! Generated Thu Apr 14 12:07:20 2011 PDT by vadim
!
! Compiled for pix 8.2
! Outbound ACLs: supported
! Emulate outbound ACLs: yes
! Generating outbound ACLs: no
! Assume firewall is part of any: yes
!
!# files: * firewall80.fw
!
! testing rules with broadcasts
! N firewall80:NAT:0: error: CustomService objects are not supported in NAT rules
!
! Prolog script:
!
!
! End of prolog script:
!
interface FastEthernet0
nameif outside
security-level 100
exit
interface FastEthernet1
nameif inside
security-level 0
exit
no logging buffered
no logging console
no logging timestamp
no logging on
timeout xlate 3:0:0
timeout conn 1:0:0
timeout udp 0:2:0
timeout sunrpc 0:10:0
timeout h323 0:5:0
timeout sip 0:30:0
timeout sip_media 0:0:0
timeout half-closed 0:0:0
timeout uauth 2:0:0 absolute
clear config ssh
aaa authentication ssh console LOCAL
clear config snmp-server
no snmp-server enable traps
clear config ntp
no service resetinbound
no service resetoutside
no sysopt connection timewait
no sysopt nodnsalias inbound
no sysopt nodnsalias outbound
class-map inspection_default
match default-inspection-traffic
policy-map global_policy
class inspection_default
service-policy global_policy global
policy-map type inspect ip-options ip-options-map
parameters
eool action allow
router-alert action clear
!################
clear xlate
clear config static
clear config global
clear config nat
clear config access-list
clear config icmp
clear config telnet
clear config object-group
clear config object
object-group icmp-type id19186X29796.srv.icmp.0
icmp-object 0
icmp-object 8
exit
object-group service id19186X29796.srv.tcp.0 tcp
port-object eq 53
port-object eq 25
exit
object-group service id19186X29796.srv.udp.0 udp
port-object eq 53
port-object eq 123
exit
object-group icmp-type id21447X11252.srv.icmp.0
icmp-object 3
icmp-object 8
exit
!
! Rule 0 (FastEthernet1)
ssh 0.0.0.0 0.0.0.0 inside
!
! Rule 1 (FastEthernet1)
access-list inside_acl_in permit tcp any host 22.22.22.22 eq 22
!
! Rule 2 (global)
access-list outside_acl_in permit tcp any host 192.168.1.10 eq 22
access-list inside_acl_in permit tcp any host 192.168.1.10 eq 22
!
! Rule 3 (FastEthernet1)
icmp permit any 3 inside
access-list inside_acl_in permit icmp any host 192.168.1.1 3
!
! Rule 4 (global)
access-list outside_acl_in permit icmp any host 192.168.1.10 object-group id19186X29796.srv.icmp.0
access-list inside_acl_in permit icmp any host 192.168.1.10 object-group id19186X29796.srv.icmp.0
access-list outside_acl_in permit tcp any host 192.168.1.10 object-group id19186X29796.srv.tcp.0
access-list inside_acl_in permit tcp any host 192.168.1.10 object-group id19186X29796.srv.tcp.0
access-list outside_acl_in permit udp any host 192.168.1.10 object-group id19186X29796.srv.udp.0
access-list inside_acl_in permit udp any host 192.168.1.10 object-group id19186X29796.srv.udp.0
access-list outside_acl_in permit 50 any host 192.168.1.10
access-list inside_acl_in permit 50 any host 192.168.1.10
access-list outside_acl_in permit 51 any host 192.168.1.10
access-list inside_acl_in permit 51 any host 192.168.1.10
!
! Rule 5 (global)
! matching source ports
access-list outside_acl_in deny udp any range 10000 10010 host 192.168.1.10
access-list inside_acl_in deny udp any range 10000 10010 host 192.168.1.10
access-list outside_acl_in deny tcp any gt 1023 host 192.168.1.10 eq 80
access-list inside_acl_in deny tcp any gt 1023 host 192.168.1.10 eq 80
!
! Rule 6 (global)
access-list outside_acl_in deny tcp any range 20000 20020 host 192.168.1.10
access-list inside_acl_in deny tcp any range 20000 20020 host 192.168.1.10
access-list outside_acl_in deny tcp any range 30000 30030 host 192.168.1.10
access-list inside_acl_in deny tcp any range 30000 30030 host 192.168.1.10
!
! Rule 7 (global)
! matching "any" icmp and "all" tcp
! in one service-group
!
access-list outside_acl_in deny icmp any host 192.168.1.10
access-list inside_acl_in deny icmp any host 192.168.1.10
access-list outside_acl_in deny tcp any host 192.168.1.10
access-list inside_acl_in deny tcp any host 192.168.1.10
!
! Rule 8 (global)
! for #1938 matching
! mixed services
icmp permit 192.168.1.0 255.255.255.192 3 inside
icmp permit 192.168.1.0 255.255.255.192 8 inside
access-list inside_acl_in permit icmp 192.168.1.0 255.255.255.192 host 192.168.1.1 object-group id21447X11252.srv.icmp.0
access-list inside_acl_in permit icmp 192.168.1.0 255.255.255.192 any object-group id21447X11252.srv.icmp.0
access-list inside_acl_in permit tcp 192.168.1.0 255.255.255.192 any eq 3128
access-list inside_acl_in permit udp 192.168.1.0 255.255.255.192 any eq 53
!
! Rule 9 (global)
! for #1942
! using custom service
access-list outside_acl_in deny tcp any host 192.168.1.10 neq 8080
access-list inside_acl_in deny tcp any host 192.168.1.10 neq 8080
!
! Rule 10 (global)
! for #1942
! using custom service
access-list outside_acl_in deny tcp any host 192.168.1.10 neq 8080
access-list inside_acl_in deny tcp any host 192.168.1.10 neq 8080
access-list outside_acl_in deny tcp any host 192.168.1.10 eq 3128
access-list inside_acl_in deny tcp any host 192.168.1.10 eq 3128
!
! Rule 11 (global)
access-list outside_acl_in deny ip any any
access-list inside_acl_in deny ip any any
access-group inside_acl_in in interface inside
access-group outside_acl_in in interface outside
!
! Epilog script:
!
! End of epilog script:
!
Reference in New Issue View Git Blame Copy Permalink