mirror of
https://github.com/fwbuilder/fwbuilder
synced 2025-10-16 15:38:43 +02:00
6e0654aaa6
use create_args_carp0 instead of ifconfig_carp0 to set up CARP interface vhid, pass and adskew parameters.
72 lines
3.2 KiB
Plaintext
72 lines
3.2 KiB
Plaintext
|
|
|
|
|
|
|
|
# Tables: (4)
|
|
table <tbl.r0> { 157.166.224.25 , 157.166.224.26 , 157.166.226.25 , 157.166.226.26 , 157.166.255.18 , 157.166.255.19 }
|
|
table <tbl.r10.d> { www.google.com , 157.166.224.25 , 157.166.224.26 , 157.166.226.25 , 157.166.226.26 , 157.166.255.18 , 157.166.255.19 }
|
|
table <tbl.r2> { www.google.com , www.cnn.com }
|
|
table <tbl.r8.d> { 74.125.224.112 , 74.125.224.113 , 74.125.224.114 , 74.125.224.115 , 74.125.224.116 , 157.166.224.25 , 157.166.224.26 , 157.166.226.25 , 157.166.226.26 , 157.166.255.18 , 157.166.255.19 }
|
|
|
|
#
|
|
# Rule 0 (NAT)
|
|
nat on eth0.100 from any to <tbl.r0> -> (eth0.100)
|
|
#
|
|
# Rule 1 (NAT)
|
|
nat on eth0.100 from any to www.cnn.com -> (eth0.100)
|
|
#
|
|
# Rule 2 (NAT)
|
|
nat on eth0.100 from any to <tbl.r2> -> (eth0.100)
|
|
#
|
|
# Rule 3 (NAT)
|
|
nat on eth0.100 from any to ! <tbl.r2> -> (eth0.100)
|
|
|
|
# Policy compiler errors and warnings:
|
|
# firewall33:Policy:2: error: DNSName object "buildmaster (ct)" (compile time) can not resolve dns name "buildmaster" (AF_INET): Host or network 'buildmaster' not found; last error: Unknown error Using dummy address in test mode
|
|
# firewall33:Policy:6: error: DNSName object "buildmaster (ct)" (compile time) can not resolve dns name "buildmaster" (AF_INET): Host or network 'buildmaster' not found; last error: Unknown error Using dummy address in test mode
|
|
#
|
|
# Rule 0 (global)
|
|
pass quick inet from <tbl.r0> to any keep state label "RULE 0 -- ACCEPT on global "
|
|
#
|
|
# Rule 1 (global)
|
|
pass quick inet from www.cnn.com to any keep state label "RULE 1 -- ACCEPT on global "
|
|
#
|
|
# Rule 2 (global)
|
|
# firewall33:Policy:2: error: DNSName object "buildmaster (ct)" (compile time) can not resolve dns name "buildmaster" (AF_INET): Host or network 'buildmaster' not found; last error: Unknown error Using dummy address in test mode
|
|
|
|
pass quick inet from 192.0.2.1 to any keep state label "RULE 2 -- ACCEPT on global "
|
|
#
|
|
# Rule 3 (global)
|
|
pass quick inet from buildmaster to any keep state label "RULE 3 -- ACCEPT on global "
|
|
#
|
|
# Rule 4 (global)
|
|
block quick inet from any to ! <tbl.r0> label "RULE 4 -- DROP on global "
|
|
#
|
|
# Rule 5 (global)
|
|
block quick inet from any to ! www.cnn.com label "RULE 5 -- DROP on global "
|
|
#
|
|
# Rule 6 (global)
|
|
# firewall33:Policy:6: error: DNSName object "buildmaster (ct)" (compile time) can not resolve dns name "buildmaster" (AF_INET): Host or network 'buildmaster' not found; last error: Unknown error Using dummy address in test mode
|
|
|
|
pass quick inet from any to ! 192.0.2.1 keep state label "RULE 6 -- ACCEPT on global "
|
|
#
|
|
# Rule 7 (global)
|
|
pass quick inet from any to ! buildmaster keep state label "RULE 7 -- ACCEPT on global "
|
|
#
|
|
# Rule 8 (global)
|
|
pass quick inet from any to ! <tbl.r8.d> keep state label "RULE 8 -- ACCEPT on global "
|
|
#
|
|
# Rule 9 (global)
|
|
pass quick inet from any to ! <tbl.r2> keep state label "RULE 9 -- ACCEPT on global "
|
|
#
|
|
# Rule 10 (global)
|
|
pass quick inet from any to ! <tbl.r10.d> keep state label "RULE 10 -- ACCEPT on global "
|
|
#
|
|
# Rule 11 (global)
|
|
block log quick inet from any to any label "RULE 11 -- DROP on global "
|
|
#
|
|
# Rule fallback rule
|
|
# fallback rule
|
|
block quick inet from any to any label "RULE 10000 -- DROP on global "
|
|
|