mirror of
https://github.com/fwbuilder/fwbuilder
synced 2026-03-18 17:27:20 +01:00
59f40e5d71
move up the "access-list mode auto-commit" command". Command that configures access list commit mode should be issued before any commands that clear and configure access lists. Also in this change moving commands that set up temporary access list to the top of the script.
96 lines
2.0 KiB
Plaintext
Executable File
96 lines
2.0 KiB
Plaintext
Executable File
!
|
|
! This is automatically generated file. DO NOT MODIFY !
|
|
!
|
|
! Firewall Builder fwb_pix v4.2.0.3526
|
|
!
|
|
! Generated Thu Apr 14 12:07:25 2011 PDT by vadim
|
|
!
|
|
! Compiled for pix 6.1
|
|
! Outbound ACLs: not supported
|
|
! Emulate outbound ACLs: no
|
|
! Generating outbound ACLs: no
|
|
! Assume firewall is part of any: no
|
|
!
|
|
!# files: * test_net_zone_2.fw
|
|
!
|
|
! testing security levels and labels
|
|
|
|
! N test_net_zone_2:NAT:0: warning: Objects used in Original Source and Translated Source of the rule dictate that the same interface 'outside' is going to be used as real and mapped interface in the generated nat command.
|
|
! N test_net_zone_2:NAT:0: warning: Objects used in Original Source and Translated Source of the rule dictate that the same interface 'outside' is going to be used as real and mapped interface in the generated nat command.
|
|
|
|
!
|
|
! Prolog script:
|
|
!
|
|
|
|
!
|
|
! End of prolog script:
|
|
!
|
|
|
|
|
|
|
|
|
|
nameif ethernet0 outside security0
|
|
|
|
nameif ethernet1 inside security100
|
|
|
|
|
|
no logging buffered
|
|
no logging console
|
|
no logging timestamp
|
|
no logging on
|
|
|
|
|
|
|
|
telnet timeout -1
|
|
|
|
clear ssh
|
|
aaa authentication ssh console LOCAL
|
|
ssh timeout -1
|
|
|
|
no snmp-server enable traps
|
|
|
|
|
|
|
|
|
|
no service resetinbound
|
|
no service resetoutside
|
|
no sysopt connection timewait
|
|
no sysopt security fragguard
|
|
no sysopt nodnsalias inbound
|
|
no sysopt nodnsalias outbound
|
|
no sysopt route dnat
|
|
floodguard disable
|
|
|
|
|
|
|
|
!################
|
|
|
|
|
|
|
|
|
|
!
|
|
! Rule 0 (global)
|
|
access-list outside_acl_in deny ip any any
|
|
access-list inside_acl_in deny ip any any
|
|
|
|
|
|
access-group inside_acl_in in interface inside
|
|
access-group outside_acl_in in interface outside
|
|
|
|
!
|
|
! Rule 0 (NAT)
|
|
! test_net_zone_2:NAT:0: warning: Objects used in Original Source and Translated Source of the rule dictate that the same interface 'outside' is going to be used as real and mapped interface in the generated nat command.
|
|
|
|
global (outside) 1 interface
|
|
nat (outside) 1 192.168.1.0 255.255.255.0 0 0
|
|
nat (outside) 1 192.168.1.11 255.255.255.255 0 0
|
|
|
|
|
|
|
|
!
|
|
! Epilog script:
|
|
!
|
|
|
|
! End of epilog script:
|
|
!
|