onkelbeh/fwbuilder
1
0
Fork 0
mirror of https://github.com/fwbuilder/fwbuilder synced 2026-03-19 17:57:22 +01:00
Code Issues Releases Wiki Activity
fwbuilder/test/iosacl/testios2.fw.orig

385 lines
13 KiB
Plaintext
Executable File
Raw Blame History

!
! This is automatically generated file. DO NOT MODIFY !
!
! Firewall Builder fwb_iosacl v4.2.0.3505
!
! Generated Mon Mar 21 12:46:00 2011 PDT by vadim
!
! Compiled for iosacl 12.1
!
!# files: * testios2.fw
!
! testios2:Routing:0: error: Object "test-addr-1" used as gateway in the routing rule 0 (main) is not reachable because it is not in any local network of the firewall
! testios2:Routing:1: error: Can not use both gateway address and interface in IOS routing rule
! testios2:Routing:0: error: MultiPath routing not supported by platform
! testios2:Routing:1: error: MultiPath routing not supported by platform
!
! Prolog script:
!
!
! End of prolog script:
!
hostname testios2
! temporary access list for "safety net install"
no ip access-list extended tmp_acl
ip access-list extended tmp_acl
permit ip 10.10.10.0 0.0.0.255 any
deny ip any any
exit
interface ethernet1
no ip access-group in
no ip access-group out
ip access-group tmp_acl in
exit
no ip access-list extended e0_in
no ip access-list extended e0_out
no ip access-list extended e1_in
no ip access-list extended e1_out
! ================ IPv4
ip access-list extended e0_in
!
! Rule -1 backup ssh access rule (automatic)
permit tcp 10.10.10.0 0.0.0.255 host 1.1.1.1 eq 22
permit tcp 10.10.10.0 0.0.0.255 host 10.10.10.1 eq 22
!
! Rule 0 (ethernet0)
! anti-spoofing
deny ip 10.10.10.0 0.0.0.255 any log
deny ip 10.10.11.0 0.0.0.255 any log
deny ip 10.10.12.0 0.0.0.255 any log
!
! Rule 1 (global)
deny ip any any log fragments
!
! Rule 2 (global)
permit ip any 10.10.10.0 0.0.0.255
permit ip any 10.10.11.0 0.0.0.255
permit ip any 10.10.12.0 0.0.0.255
!
! Rule 3 (ethernet0,ethernet1)
permit ip any 10.10.10.0 0.0.0.255
permit ip any 10.10.11.0 0.0.0.255
permit ip any 10.10.12.0 0.0.0.255
!
! Rule 5 (ethernet0)
permit ip any 10.10.10.0 0.0.0.255
permit ip any 10.10.11.0 0.0.0.255
permit ip any 10.10.12.0 0.0.0.255
!
! Rule 6 (global)
permit ip any 10.10.10.0 0.0.0.255
permit ip any 10.10.11.0 0.0.0.255
permit ip any 10.10.12.0 0.0.0.255
!
! Rule 8 (ethernet0)
permit ip any 10.10.10.0 0.0.0.255
permit ip any 10.10.11.0 0.0.0.255
permit ip any 10.10.12.0 0.0.0.255
!
! Rule 9 (global)
permit ip 22.22.21.0 0.0.0.255 10.10.10.0 0.0.0.255
permit ip 22.22.21.0 0.0.0.255 10.10.11.0 0.0.0.255
permit ip 22.22.21.0 0.0.0.255 10.10.12.0 0.0.0.255
permit ip 22.22.22.0 0.0.0.255 10.10.10.0 0.0.0.255
permit ip 22.22.22.0 0.0.0.255 10.10.11.0 0.0.0.255
permit ip 22.22.22.0 0.0.0.255 10.10.12.0 0.0.0.255
permit ip 22.22.23.0 0.0.0.255 10.10.10.0 0.0.0.255
permit ip 22.22.23.0 0.0.0.255 10.10.11.0 0.0.0.255
permit ip 22.22.23.0 0.0.0.255 10.10.12.0 0.0.0.255
!
! Rule 11 (ethernet0)
permit ip 22.22.21.0 0.0.0.255 10.10.10.0 0.0.0.255
permit ip 22.22.21.0 0.0.0.255 10.10.11.0 0.0.0.255
permit ip 22.22.21.0 0.0.0.255 10.10.12.0 0.0.0.255
permit ip 22.22.22.0 0.0.0.255 10.10.10.0 0.0.0.255
permit ip 22.22.22.0 0.0.0.255 10.10.11.0 0.0.0.255
permit ip 22.22.22.0 0.0.0.255 10.10.12.0 0.0.0.255
permit ip 22.22.23.0 0.0.0.255 10.10.10.0 0.0.0.255
permit ip 22.22.23.0 0.0.0.255 10.10.11.0 0.0.0.255
permit ip 22.22.23.0 0.0.0.255 10.10.12.0 0.0.0.255
!
! Rule 12 (global)
permit 47 22.22.21.0 0.0.0.255 10.10.10.0 0.0.0.255
permit 50 22.22.21.0 0.0.0.255 10.10.10.0 0.0.0.255
permit 51 22.22.21.0 0.0.0.255 10.10.10.0 0.0.0.255
!
! Rule 13 (global)
permit icmp 22.22.21.0 0.0.0.255 10.10.10.0 0.0.0.255 3
permit icmp 22.22.21.0 0.0.0.255 10.10.10.0 0.0.0.255 11
!
! Rule 14 (global)
permit tcp 22.22.21.0 0.0.0.255 10.10.10.0 0.0.0.255 eq 79
permit tcp 22.22.21.0 0.0.0.255 10.10.10.0 0.0.0.255 eq 21
permit tcp 22.22.21.0 0.0.0.255 10.10.10.0 0.0.0.255 eq 80
!
! Rule 15 (global)
permit udp 22.22.21.0 0.0.0.255 10.10.10.0 0.0.0.255 eq 4000
permit udp 22.22.21.0 0.0.0.255 10.10.10.0 0.0.0.255 eq 500
permit udp 22.22.21.0 0.0.0.255 10.10.10.0 0.0.0.255 eq 53
!
! Rule 16 (global)
permit tcp 22.22.21.0 0.0.0.255 10.10.10.0 0.0.0.255 established
!
! Rule 17 (global)
permit tcp 22.22.21.0 0.0.0.255 eq 80 10.10.10.0 0.0.0.255 established
!
! Rule 18 (global)
permit icmp 22.22.21.0 0.0.0.255 10.10.10.0 0.0.0.255 0
permit tcp 22.22.21.0 0.0.0.255 10.10.10.0 0.0.0.255 eq 179
permit tcp 22.22.21.0 0.0.0.255 10.10.10.0 0.0.0.255 eq 79
permit udp 22.22.21.0 0.0.0.255 10.10.10.0 0.0.0.255 eq 123
permit udp 22.22.21.0 0.0.0.255 10.10.10.0 0.0.0.255 eq 26000
!
! Rule 19 (global)
deny ip any any log
exit
ip access-list extended e0_out
!
! Rule -2 backup ssh access rule (out) (automatic)
permit tcp host 1.1.1.1 eq 22 10.10.10.0 0.0.0.255
permit tcp host 10.10.10.1 eq 22 10.10.10.0 0.0.0.255
!
! Rule 1 (global)
deny ip any any log fragments
!
! Rule 3 (ethernet0,ethernet1)
permit ip any 10.10.10.0 0.0.0.255
permit ip any 10.10.11.0 0.0.0.255
permit ip any 10.10.12.0 0.0.0.255
!
! Rule 5 (ethernet0)
permit ip any 10.10.10.0 0.0.0.255
permit ip any 10.10.11.0 0.0.0.255
permit ip any 10.10.12.0 0.0.0.255
!
! Rule 11 (ethernet0)
permit ip 22.22.21.0 0.0.0.255 10.10.10.0 0.0.0.255
permit ip 22.22.21.0 0.0.0.255 10.10.11.0 0.0.0.255
permit ip 22.22.21.0 0.0.0.255 10.10.12.0 0.0.0.255
permit ip 22.22.22.0 0.0.0.255 10.10.10.0 0.0.0.255
permit ip 22.22.22.0 0.0.0.255 10.10.11.0 0.0.0.255
permit ip 22.22.22.0 0.0.0.255 10.10.12.0 0.0.0.255
permit ip 22.22.23.0 0.0.0.255 10.10.10.0 0.0.0.255
permit ip 22.22.23.0 0.0.0.255 10.10.11.0 0.0.0.255
permit ip 22.22.23.0 0.0.0.255 10.10.12.0 0.0.0.255
!
! Rule 19 (global)
deny ip any any log
exit
ip access-list extended e1_in
!
! Rule -1 backup ssh access rule (automatic)
permit tcp 10.10.10.0 0.0.0.255 host 1.1.1.1 eq 22
permit tcp 10.10.10.0 0.0.0.255 host 10.10.10.1 eq 22
!
! Rule 1 (global)
deny ip any any log fragments
!
! Rule 2 (global)
permit ip any 10.10.10.0 0.0.0.255
permit ip any 10.10.11.0 0.0.0.255
permit ip any 10.10.12.0 0.0.0.255
!
! Rule 3 (ethernet0,ethernet1)
permit ip any 10.10.10.0 0.0.0.255
permit ip any 10.10.11.0 0.0.0.255
permit ip any 10.10.12.0 0.0.0.255
!
! Rule 4 (ethernet1)
permit ip any 10.10.10.0 0.0.0.255
permit ip any 10.10.11.0 0.0.0.255
permit ip any 10.10.12.0 0.0.0.255
!
! Rule 6 (global)
permit ip any 10.10.10.0 0.0.0.255
permit ip any 10.10.11.0 0.0.0.255
permit ip any 10.10.12.0 0.0.0.255
!
! Rule 7 (ethernet1)
permit ip any 10.10.10.0 0.0.0.255
permit ip any 10.10.11.0 0.0.0.255
permit ip any 10.10.12.0 0.0.0.255
!
! Rule 9 (global)
permit ip 22.22.21.0 0.0.0.255 10.10.10.0 0.0.0.255
permit ip 22.22.21.0 0.0.0.255 10.10.11.0 0.0.0.255
permit ip 22.22.21.0 0.0.0.255 10.10.12.0 0.0.0.255
permit ip 22.22.22.0 0.0.0.255 10.10.10.0 0.0.0.255
permit ip 22.22.22.0 0.0.0.255 10.10.11.0 0.0.0.255
permit ip 22.22.22.0 0.0.0.255 10.10.12.0 0.0.0.255
permit ip 22.22.23.0 0.0.0.255 10.10.10.0 0.0.0.255
permit ip 22.22.23.0 0.0.0.255 10.10.11.0 0.0.0.255
permit ip 22.22.23.0 0.0.0.255 10.10.12.0 0.0.0.255
!
! Rule 10 (ethernet1)
permit ip 22.22.21.0 0.0.0.255 10.10.10.0 0.0.0.255
permit ip 22.22.21.0 0.0.0.255 10.10.11.0 0.0.0.255
permit ip 22.22.21.0 0.0.0.255 10.10.12.0 0.0.0.255
permit ip 22.22.22.0 0.0.0.255 10.10.10.0 0.0.0.255
permit ip 22.22.22.0 0.0.0.255 10.10.11.0 0.0.0.255
permit ip 22.22.22.0 0.0.0.255 10.10.12.0 0.0.0.255
permit ip 22.22.23.0 0.0.0.255 10.10.10.0 0.0.0.255
permit ip 22.22.23.0 0.0.0.255 10.10.11.0 0.0.0.255
permit ip 22.22.23.0 0.0.0.255 10.10.12.0 0.0.0.255
!
! Rule 12 (global)
permit 47 22.22.21.0 0.0.0.255 10.10.10.0 0.0.0.255
permit 50 22.22.21.0 0.0.0.255 10.10.10.0 0.0.0.255
permit 51 22.22.21.0 0.0.0.255 10.10.10.0 0.0.0.255
!
! Rule 13 (global)
permit icmp 22.22.21.0 0.0.0.255 10.10.10.0 0.0.0.255 3
permit icmp 22.22.21.0 0.0.0.255 10.10.10.0 0.0.0.255 11
!
! Rule 14 (global)
permit tcp 22.22.21.0 0.0.0.255 10.10.10.0 0.0.0.255 eq 79
permit tcp 22.22.21.0 0.0.0.255 10.10.10.0 0.0.0.255 eq 21
permit tcp 22.22.21.0 0.0.0.255 10.10.10.0 0.0.0.255 eq 80
!
! Rule 15 (global)
permit udp 22.22.21.0 0.0.0.255 10.10.10.0 0.0.0.255 eq 4000
permit udp 22.22.21.0 0.0.0.255 10.10.10.0 0.0.0.255 eq 500
permit udp 22.22.21.0 0.0.0.255 10.10.10.0 0.0.0.255 eq 53
!
! Rule 16 (global)
permit tcp 22.22.21.0 0.0.0.255 10.10.10.0 0.0.0.255 established
!
! Rule 17 (global)
permit tcp 22.22.21.0 0.0.0.255 eq 80 10.10.10.0 0.0.0.255 established
!
! Rule 18 (global)
permit icmp 22.22.21.0 0.0.0.255 10.10.10.0 0.0.0.255 0
permit tcp 22.22.21.0 0.0.0.255 10.10.10.0 0.0.0.255 eq 179
permit tcp 22.22.21.0 0.0.0.255 10.10.10.0 0.0.0.255 eq 79
permit udp 22.22.21.0 0.0.0.255 10.10.10.0 0.0.0.255 eq 123
permit udp 22.22.21.0 0.0.0.255 10.10.10.0 0.0.0.255 eq 26000
!
! Rule 19 (global)
deny ip any any log
exit
ip access-list extended e1_out
!
! Rule -2 backup ssh access rule (out) (automatic)
permit tcp host 1.1.1.1 eq 22 10.10.10.0 0.0.0.255
permit tcp host 10.10.10.1 eq 22 10.10.10.0 0.0.0.255
!
! Rule 1 (global)
deny ip any any log fragments
!
! Rule 2 (global)
permit ip any 10.10.10.0 0.0.0.255
permit ip any 10.10.11.0 0.0.0.255
permit ip any 10.10.12.0 0.0.0.255
!
! Rule 3 (ethernet0,ethernet1)
permit ip any 10.10.10.0 0.0.0.255
permit ip any 10.10.11.0 0.0.0.255
permit ip any 10.10.12.0 0.0.0.255
!
! Rule 4 (ethernet1)
permit ip any 10.10.10.0 0.0.0.255
permit ip any 10.10.11.0 0.0.0.255
permit ip any 10.10.12.0 0.0.0.255
!
! Rule 9 (global)
permit ip 22.22.21.0 0.0.0.255 10.10.10.0 0.0.0.255
permit ip 22.22.21.0 0.0.0.255 10.10.11.0 0.0.0.255
permit ip 22.22.21.0 0.0.0.255 10.10.12.0 0.0.0.255
permit ip 22.22.22.0 0.0.0.255 10.10.10.0 0.0.0.255
permit ip 22.22.22.0 0.0.0.255 10.10.11.0 0.0.0.255
permit ip 22.22.22.0 0.0.0.255 10.10.12.0 0.0.0.255
permit ip 22.22.23.0 0.0.0.255 10.10.10.0 0.0.0.255
permit ip 22.22.23.0 0.0.0.255 10.10.11.0 0.0.0.255
permit ip 22.22.23.0 0.0.0.255 10.10.12.0 0.0.0.255
!
! Rule 10 (ethernet1)
permit ip 22.22.21.0 0.0.0.255 10.10.10.0 0.0.0.255
permit ip 22.22.21.0 0.0.0.255 10.10.11.0 0.0.0.255
permit ip 22.22.21.0 0.0.0.255 10.10.12.0 0.0.0.255
permit ip 22.22.22.0 0.0.0.255 10.10.10.0 0.0.0.255
permit ip 22.22.22.0 0.0.0.255 10.10.11.0 0.0.0.255
permit ip 22.22.22.0 0.0.0.255 10.10.12.0 0.0.0.255
permit ip 22.22.23.0 0.0.0.255 10.10.10.0 0.0.0.255
permit ip 22.22.23.0 0.0.0.255 10.10.11.0 0.0.0.255
permit ip 22.22.23.0 0.0.0.255 10.10.12.0 0.0.0.255
!
! Rule 12 (global)
permit 47 22.22.21.0 0.0.0.255 10.10.10.0 0.0.0.255
permit 50 22.22.21.0 0.0.0.255 10.10.10.0 0.0.0.255
permit 51 22.22.21.0 0.0.0.255 10.10.10.0 0.0.0.255
!
! Rule 13 (global)
permit icmp 22.22.21.0 0.0.0.255 10.10.10.0 0.0.0.255 3
permit icmp 22.22.21.0 0.0.0.255 10.10.10.0 0.0.0.255 11
!
! Rule 14 (global)
permit tcp 22.22.21.0 0.0.0.255 10.10.10.0 0.0.0.255 eq 79
permit tcp 22.22.21.0 0.0.0.255 10.10.10.0 0.0.0.255 eq 21
permit tcp 22.22.21.0 0.0.0.255 10.10.10.0 0.0.0.255 eq 80
!
! Rule 15 (global)
permit udp 22.22.21.0 0.0.0.255 10.10.10.0 0.0.0.255 eq 4000
permit udp 22.22.21.0 0.0.0.255 10.10.10.0 0.0.0.255 eq 500
permit udp 22.22.21.0 0.0.0.255 10.10.10.0 0.0.0.255 eq 53
!
! Rule 16 (global)
permit tcp 22.22.21.0 0.0.0.255 10.10.10.0 0.0.0.255 established
!
! Rule 17 (global)
permit tcp 22.22.21.0 0.0.0.255 eq 80 10.10.10.0 0.0.0.255 established
!
! Rule 18 (global)
permit icmp 22.22.21.0 0.0.0.255 10.10.10.0 0.0.0.255 0
permit tcp 22.22.21.0 0.0.0.255 10.10.10.0 0.0.0.255 eq 179
permit tcp 22.22.21.0 0.0.0.255 10.10.10.0 0.0.0.255 eq 79
permit udp 22.22.21.0 0.0.0.255 10.10.10.0 0.0.0.255 eq 123
permit udp 22.22.21.0 0.0.0.255 10.10.10.0 0.0.0.255 eq 26000
!
! Rule 19 (global)
deny ip any any log
exit
interface ethernet0
ip access-group e0_in in
exit
interface ethernet0
ip access-group e0_out out
exit
interface ethernet1
ip access-group e1_in in
exit
interface ethernet1
ip access-group e1_out out
exit
!
! Rule 0 (main)
!
! testios2:Routing:0: error: Object "test-addr-1" used as gateway in the routing rule 0 (main) is not reachable because it is not in any local network of the firewall
!
! Rule 1 (main)
!
! testios2:Routing:1: error: Can not use both gateway address and interface in IOS routing rule
!
! Epilog script:
!
! End of epilog script:
!
Reference in New Issue View Git Blame Copy Permalink