fwbuilder/test/iosacl/testios5-1.fw.orig

!
!  This is automatically generated file. DO NOT MODIFY !
!
!  Firewall Builder  fwb_iosacl v4.2.0.3505
!
!  Generated Mon Mar 21 12:46:01 2011 PDT by vadim
!
! Compiled for iosacl 12.4
!
!# files: * testios5-1.fw
!
! mirrored rules,  using object-groups



!
! Prolog script:
!

!
! End of prolog script:
!

hostname testios5-1

! temporary access list for "safety net install"
no ip access-list extended tmp_acl
ip access-list extended tmp_acl
  permit ip 10.10.10.0 0.0.0.255 any 
  deny ip any any 
exit
interface ethernet1
  no ip access-group in
  no ip access-group out
  ip access-group tmp_acl in
exit
no ip access-list extended e0_in
no ip access-list extended e0_out
no ip access-list extended e1_in
no ip access-list extended e1_out
no object-group network id115980X79820.1.src.net.0
no object-group network id115999X79820.src.net.0
no object-group network id115999X79820.dst.net.0
no object-group service id116125X79820.srv.tcp.0
no object-group service id91445X81725.srv.tcp.0

object-group network id115980X79820.1.src.net.0
  host 1.1.1.1
  host 10.10.10.1
exit

object-group network id115999X79820.src.net.0
  22.22.21.0 /24
  22.22.22.0 /24
exit

object-group network id115999X79820.dst.net.0
  10.10.10.0 /24
  10.10.11.0 /24
exit

object-group service id116125X79820.srv.tcp.0
  tcp eq 80
  tcp eq 443
exit

object-group service id91445X81725.srv.tcp.0
  tcp range 0 65535
  tcp eq 80
exit

! ================ IPv4


ip access-list extended e0_in
! 
! Rule  -1 backup ssh access rule (automatic)
  permit tcp  10.10.10.0 0.0.0.255 object-group id115980X79820.1.src.net.0 eq 22 
! 
! Rule  0 (ethernet0)
  permit ip  object-group id115999X79820.src.net.0 object-group id115999X79820.dst.net.0 
! 
! Rule  1 (ethernet0)
  permit ip  object-group id115999X79820.dst.net.0 object-group id115999X79820.src.net.0 
! 
! Rule  2 (ethernet0)
  permit ip  object-group id115999X79820.src.net.0 object-group id115999X79820.dst.net.0 
  permit ip  object-group id115999X79820.dst.net.0 object-group id115999X79820.src.net.0 
! 
! Rule  3 (ethernet0)
  deny   ip  object-group id115999X79820.src.net.0 object-group id115999X79820.dst.net.0 
! 
! Rule  4 (ethernet0)
  permit tcp  object-group id115999X79820.src.net.0 eq 80 object-group id115999X79820.dst.net.0 established 
! 
! Rule  5 (ethernet0)
  permit tcp  object-group id115999X79820.dst.net.0 object-group id115999X79820.src.net.0 eq 80 
! 
! Rule  6 (ethernet0)
  permit tcp  object-group id115999X79820.src.net.0 object-group id115999X79820.dst.net.0 eq 80 
! 
! Rule  7 (ethernet0)
  permit udp  object-group id115999X79820.src.net.0 eq 123 object-group id115999X79820.dst.net.0 
! 
! Rule  8 (ethernet0)
  permit icmp  object-group id115999X79820.src.net.0 object-group id115999X79820.dst.net.0 0 
! 
! Rule  9 (ethernet0)
  permit icmp  object-group id115999X79820.src.net.0 object-group id115999X79820.dst.net.0 0 
  permit tcp  object-group id115999X79820.src.net.0 eq 80 object-group id115999X79820.dst.net.0 established 
  permit tcp  object-group id115999X79820.src.net.0 eq 443 object-group id115999X79820.dst.net.0 established 
  permit ip  object-group id115999X79820.src.net.0 object-group id115999X79820.dst.net.0 
  permit udp  object-group id115999X79820.src.net.0 eq 123 object-group id115999X79820.dst.net.0 
! 
! Rule  10 (ethernet0)
  permit tcp  object-group id115999X79820.src.net.0 object-group id115999X79820.dst.net.0 match-all -urg +ack -psh -rst -syn -fin 
  permit tcp  object-group id115999X79820.src.net.0 eq 80 object-group id115999X79820.dst.net.0 established 
  permit tcp  object-group id115999X79820.src.net.0 eq 443 object-group id115999X79820.dst.net.0 established 
  permit tcp  object-group id115999X79820.src.net.0 object-group id115999X79820.dst.net.0 match-all -urg +ack -psh -rst +syn -fin 
  permit ip  object-group id115999X79820.src.net.0 object-group id115999X79820.dst.net.0 
! 
! Rule  11 (ethernet0)
  permit object-group id91445X81725.srv.tcp.0 object-group id115999X79820.src.net.0 object-group id115999X79820.dst.net.0 
! 
! Rule  12 (ethernet0)
  permit ip  object-group id115999X79820.src.net.0 object-group id115999X79820.dst.net.0 
exit

ip access-list extended e0_out
! 
! Rule  -2 backup ssh access rule (out) (automatic)
  permit tcp  object-group id115980X79820.1.src.net.0 eq 22 10.10.10.0 0.0.0.255 
! 
! Rule  0 (ethernet0)
  permit ip  object-group id115999X79820.dst.net.0 object-group id115999X79820.src.net.0 
! 
! Rule  1 (ethernet0)
  permit ip  object-group id115999X79820.src.net.0 object-group id115999X79820.dst.net.0 
! 
! Rule  2 (ethernet0)
  permit ip  object-group id115999X79820.src.net.0 object-group id115999X79820.dst.net.0 
  permit ip  object-group id115999X79820.dst.net.0 object-group id115999X79820.src.net.0 
! 
! Rule  3 (ethernet0)
  deny   ip  object-group id115999X79820.dst.net.0 object-group id115999X79820.src.net.0 
! 
! Rule  4 (ethernet0)
  permit tcp  object-group id115999X79820.dst.net.0 object-group id115999X79820.src.net.0 eq 80 
! 
! Rule  5 (ethernet0)
  permit tcp  object-group id115999X79820.src.net.0 eq 80 object-group id115999X79820.dst.net.0 established 
! 
! Rule  6 (ethernet0)
  permit tcp  object-group id115999X79820.dst.net.0 eq 80 object-group id115999X79820.src.net.0 established 
! 
! Rule  7 (ethernet0)
  permit udp  object-group id115999X79820.dst.net.0 object-group id115999X79820.src.net.0 eq 123 
! 
! Rule  8 (ethernet0)
  permit icmp  object-group id115999X79820.dst.net.0 object-group id115999X79820.src.net.0 8 
! 
! Rule  9 (ethernet0)
  permit icmp  object-group id115999X79820.dst.net.0 object-group id115999X79820.src.net.0 8 
  permit object-group id116125X79820.srv.tcp.0 object-group id115999X79820.dst.net.0 object-group id115999X79820.src.net.0 
  permit udp  object-group id115999X79820.dst.net.0 object-group id115999X79820.src.net.0 eq 123 
! 
! Rule  10 (ethernet0)
  permit tcp  object-group id115999X79820.dst.net.0 object-group id115999X79820.src.net.0 match-all -urg +ack -psh -rst -syn -fin 
  permit tcp  object-group id115999X79820.dst.net.0 object-group id115999X79820.src.net.0 match-all -urg +ack -psh -rst +syn -fin 
  permit object-group id116125X79820.srv.tcp.0 object-group id115999X79820.dst.net.0 object-group id115999X79820.src.net.0 
! 
! Rule  11 (ethernet0)
  permit tcp  object-group id115999X79820.dst.net.0 object-group id115999X79820.src.net.0 established 
  permit tcp  object-group id115999X79820.dst.net.0 eq 80 object-group id115999X79820.src.net.0 established 
  permit ip  object-group id115999X79820.dst.net.0 object-group id115999X79820.src.net.0 
! 
! Rule  12 (ethernet0)
  permit ip  object-group id115999X79820.dst.net.0 object-group id115999X79820.src.net.0 
exit

ip access-list extended e1_in
! 
! Rule  -1 backup ssh access rule (automatic)
  permit tcp  10.10.10.0 0.0.0.255 object-group id115980X79820.1.src.net.0 eq 22 
exit

ip access-list extended e1_out
! 
! Rule  -2 backup ssh access rule (out) (automatic)
  permit tcp  object-group id115980X79820.1.src.net.0 eq 22 10.10.10.0 0.0.0.255 
exit


interface ethernet0
  ip access-group e0_in in
exit
interface ethernet0
  ip access-group e0_out out
exit
interface ethernet1
  ip access-group e1_in in
exit
interface ethernet1
  ip access-group e1_out out
exit





!
! Epilog script:
!

! End of epilog script:
!