onkelbeh/fwbuilder
1
0
Fork 0
mirror of https://github.com/fwbuilder/fwbuilder synced 2026-03-24 04:07:55 +01:00
Code Issues Releases Wiki Activity
fwbuilder/test/iosacl/objects.fwb
Vadim Kurland 41d6790592 compiler for ipfw works with getAddressPtr
2008-05-19 23:06:34 +00:00

1923 lines
100 KiB
XML
Raw Blame History

<?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE FWObjectDatabase SYSTEM "fwbuilder.dtd">
<FWObjectDatabase xmlns="http://www.fwbuilder.org/1.0/" version="6" id="root">
<Library color="#d2ffd0" id="id4511636323682" name="User">
<ObjectGroup id="id4511636423682" name="Objects">
<ObjectGroup id="id4511636523682" name="Addresses">
<IPv4 id="id451164E423682" name="baby.vk.crocodile.org" address="10.3.14.10" netmask="255.255.255.255"/>
<IPv4 id="id451164F923682" name="h-10.3.14.102" address="10.3.14.102" netmask="255.255.255.255"/>
<IPv4 id="id451164FA23682" name="h-10.3.14.255" address="10.3.14.255" netmask="255.255.255.255"/>
<IPv4 id="id451164FB23682" name="h-10.3.14.53" address="10.3.14.53" netmask="255.255.255.255"/>
<IPv4 id="id451164FC23682" name="h-10.3.14.65" address="10.3.14.65" netmask="255.255.255.255"/>
<IPv4 id="id451164FD23682" name="neo.vk.crocodile.org" address="10.3.14.43" netmask="255.255.255.255"/>
<IPv4 id="id4511653423682" name="tower.vk.crocodile.org" address="10.3.14.30" netmask="255.255.255.255"/>
<IPv4 id="id4511653523682" name="x1.vk.crocodile.org" address="10.3.14.41" netmask="255.255.255.255"/>
</ObjectGroup>
<ObjectGroup id="id4511636623682" name="DNS Names"/>
<ObjectGroup id="id4511636723682" name="Address Tables"/>
<ObjectGroup id="id4511636823682" name="Groups">
<ObjectGroup comment="" id="id46412C4226611" name="networks behind router">
<ObjectRef ref="id46412C4126611"/>
<ObjectRef ref="id46412C3F26611"/>
<ObjectRef ref="id46412C4026611"/>
</ObjectGroup>
<ObjectGroup comment="" id="id4641456929061" name="networks outside">
<ObjectRef ref="id4641456629061"/>
<ObjectRef ref="id4641456729061"/>
<ObjectRef ref="id4641456829061"/>
</ObjectGroup>
</ObjectGroup>
<ObjectGroup id="id4511636923682" name="Hosts">
<Host id="id451164EB23682" name="beaver">
<Interface bridgeport="False" dyn="False" id="id451164EF23682" name="lo" security_level="100" unnum="False" unprotected="False">
<IPv4 id="id451164F023682" name="beaver:lo:ip" address="127.0.0.1" netmask="255.0.0.0"/>
</Interface>
<Interface bridgeport="False" dyn="False" id="id451164F523682" name="eth0" security_level="0" unnum="False" unprotected="False">
<IPv4 id="id451164F723682" name="beaver:eth0:ip1" address="10.3.14.40" netmask="255.255.255.0"/>
<IPv4 id="id451164F823682" name="beaver:eth0:ip2" address="192.168.123.123" netmask="255.255.255.0"/>
<physAddress address="00:30:48:20:16:10" id="id451164F623682" name="beaver:eth0:mac"/>
</Interface>
<HostOptions>
<Option name="snmp_contact">Root &lt;root@localhost&gt; (configure /etc/snmp/snmp.local.conf)</Option>
<Option name="snmp_description">Linux beaver 2.4.20-8smp #1 SMP Thu Mar 13 17:45:54 EST 2003 i686</Option>
<Option name="snmp_location">Unknown (edit /etc/snmp/snmpd.conf)</Option>
</HostOptions>
</Host>
</ObjectGroup>
<ObjectGroup id="id4511636A23682" name="Networks">
<Network id="id451164E323682" name="10.3.14.0/255.255.255.0" address="10.3.14.0" netmask="255.0.0.0"/>
<Network comment="" id="id46412C3F26611" name="net-10.10.10" address="10.10.10.0" netmask="255.255.255.0"/>
<Network comment="" id="id46412C4026611" name="net-10.10.11" address="10.10.11.0" netmask="255.255.255.0"/>
<Network comment="" id="id46412C4126611" name="net-10.10.12" address="10.10.12.0" netmask="255.255.255.0"/>
<Network comment="" id="id4641456629061" name="network_outside_1" address="22.22.21.0" netmask="255.255.255.0"/>
<Network comment="" id="id4641456729061" name="network_outside_2" address="22.22.22.0" netmask="255.255.255.0"/>
<Network comment="" id="id4641456829061" name="network_outside_3" address="22.22.23.0" netmask="255.255.255.0"/>
<Network comment="" id="id46435A0F16989" name="net-10.3.14" address="10.3.14.0" netmask="255.255.255.0"/>
</ObjectGroup>
<ObjectGroup id="id4511636B23682" name="Address Ranges"/>
</ObjectGroup>
<ServiceGroup id="id4511636C23682" name="Services">
<ServiceGroup id="id4511636D23682" name="Groups">
<ServiceGroup comment="" id="id464147DA29061" name="mixed bag">
<ServiceRef ref="id4127F04F"/>
<ServiceRef ref="id3AECF774"/>
<ServiceRef ref="udp-ntp"/>
<ServiceRef ref="id3B4FEF7E"/>
<ServiceRef ref="icmp-ping_reply"/>
</ServiceGroup>
<ServiceGroup comment="" id="id464147DB29061" name="tcp services 1">
<ServiceRef ref="id3AECF774"/>
<ServiceRef ref="tcp-FTP"/>
<ServiceRef ref="tcp-HTTP"/>
</ServiceGroup>
<ServiceGroup comment="" id="id464147DC29061" name="udp services 1">
<ServiceRef ref="id3D703C96"/>
<ServiceRef ref="id3CB129D2"/>
<ServiceRef ref="udp-DNS"/>
</ServiceGroup>
<ServiceGroup comment="" id="id464147DD29061" name="icmp services 1">
<ServiceRef ref="icmp-Host_unreach"/>
<ServiceRef ref="icmp-Port_unreach"/>
<ServiceRef ref="icmp-Time_exceeded"/>
<ServiceRef ref="icmp-Time_exceeded_in_transit"/>
</ServiceGroup>
<ServiceGroup comment="" id="id464147DE29061" name="ip services 1">
<ServiceRef ref="id3CB12797"/>
<ServiceRef ref="ip-IPSEC"/>
<ServiceRef ref="id3D703C8F"/>
</ServiceGroup>
</ServiceGroup><ServiceGroup id="id4511636E23682" name="ICMP"/><ServiceGroup id="id4511636F23682" name="IP"/><ServiceGroup id="id4511637023682" name="TCP">
<TCPService ack_flag="False" ack_flag_mask="False" comment="" dst_range_end="0" dst_range_start="0" established="True" fin_flag="False" fin_flag_mask="False" id="id4641521729061" name="http established" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" src_range_end="80" src_range_start="80" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False"/>
</ServiceGroup><ServiceGroup id="id4511637123682" name="UDP"/><ServiceGroup id="id4511637223682" name="Custom"/><ServiceGroup id="id4511637323682" name="TagServices"/>
<ServiceGroup id="id4511636C23682_userservices" name="User"/>
</ServiceGroup>
<ObjectGroup id="id4511637423682" name="Firewalls">
<Firewall comment="" host_OS="ios" id="id46412B5226577" inactive="False" lastCompiled="1185060662" lastInstalled="0" lastModified="1208635848" name="testios1" platform="iosacl" ro="False" version="12.x">
<NAT id="id46412B5626577" name="NAT">
</NAT>
<Policy id="id46412B5526577" name="Policy">
<PolicyRule action="Deny" comment="anti-spoofing" direction="Inbound" disabled="False" id="id464154BB29061" log="True" position="0">
<Src neg="False">
<ObjectRef ref="id46412C4226611"/>
</Src><Dst neg="False">
<ObjectRef ref="sysid0"/>
</Dst><Srv neg="False">
<ServiceRef ref="sysid1"/>
</Srv><Itf neg="False">
<ObjectRef ref="id46412B5826577"/>
</Itf><When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions>
<Option name="stateless">True</Option>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule action="Deny" direction="Both" disabled="False" id="id4641623D29061" log="True" position="1">
<Src neg="False">
<ObjectRef ref="sysid0"/>
</Src><Dst neg="False">
<ObjectRef ref="sysid0"/>
</Dst><Srv neg="False">
<ServiceRef ref="ip-IP_Fragments"/>
</Srv><Itf neg="False">
<ObjectRef ref="sysid0"/>
</Itf><When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions>
<Option name="stateless">True</Option>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule action="Accept" direction="Both" disabled="False" id="id46412C3326611" log="False" position="2">
<Src neg="False">
<ObjectRef ref="sysid0"/>
</Src><Dst neg="False">
<ObjectRef ref="id46412C4226611"/>
</Dst><Srv neg="False">
<ServiceRef ref="sysid1"/>
</Srv><Itf neg="False">
<ObjectRef ref="sysid0"/>
</Itf><When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions>
<Option name="color">#C0BA44</Option>
<Option name="stateless">False</Option>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule action="Accept" comment="" direction="Both" disabled="False" id="id46415A0129061" log="False" position="3">
<Src neg="False">
<ObjectRef ref="sysid0"/>
</Src><Dst neg="False">
<ObjectRef ref="id46412C4226611"/>
</Dst><Srv neg="False">
<ServiceRef ref="sysid1"/>
</Srv><Itf neg="False">
<ObjectRef ref="id46412B5826577"/>
<ObjectRef ref="id46412B5A26577"/>
</Itf><When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions>
<Option name="color">#C0BA44</Option>
<Option name="stateless">False</Option>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule action="Accept" comment="" direction="Both" disabled="False" id="id4641356226611" log="False" position="4">
<Src neg="False">
<ObjectRef ref="sysid0"/>
</Src><Dst neg="False">
<ObjectRef ref="id46412C4226611"/>
</Dst><Srv neg="False">
<ServiceRef ref="sysid1"/>
</Srv><Itf neg="False">
<ObjectRef ref="id46412B5A26577"/>
</Itf><When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions>
<Option name="color">#C0BA44</Option>
<Option name="stateless">False</Option>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule action="Accept" comment="" direction="Both" disabled="False" id="id4641359926611" log="False" position="5">
<Src neg="False">
<ObjectRef ref="sysid0"/>
</Src><Dst neg="False">
<ObjectRef ref="id46412C4226611"/>
</Dst><Srv neg="False">
<ServiceRef ref="sysid1"/>
</Srv><Itf neg="False">
<ObjectRef ref="id46412B5826577"/>
</Itf><When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions>
<Option name="color">#C0BA44</Option>
<Option name="stateless">False</Option>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule action="Accept" direction="Inbound" disabled="False" id="id46412F0326611" log="False" position="6">
<Src neg="False">
<ObjectRef ref="sysid0"/>
</Src><Dst neg="False">
<ObjectRef ref="id46412C4226611"/>
</Dst><Srv neg="False">
<ServiceRef ref="sysid1"/>
</Srv><Itf neg="False">
<ObjectRef ref="sysid0"/>
</Itf><When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions>
<Option name="color">#8BC065</Option>
<Option name="stateless">False</Option>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule action="Accept" comment="" direction="Inbound" disabled="False" id="id4641357426611" log="False" position="7">
<Src neg="False">
<ObjectRef ref="sysid0"/>
</Src><Dst neg="False">
<ObjectRef ref="id46412C4226611"/>
</Dst><Srv neg="False">
<ServiceRef ref="sysid1"/>
</Srv><Itf neg="False">
<ObjectRef ref="id46412B5A26577"/>
</Itf><When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions>
<Option name="color">#8BC065</Option>
<Option name="stateless">False</Option>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule action="Accept" comment="" direction="Inbound" disabled="False" id="id4641358626611" log="False" position="8">
<Src neg="False">
<ObjectRef ref="sysid0"/>
</Src><Dst neg="False">
<ObjectRef ref="id46412C4226611"/>
</Dst><Srv neg="False">
<ServiceRef ref="sysid1"/>
</Srv><Itf neg="False">
<ObjectRef ref="id46412B5826577"/>
</Itf><When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions>
<Option name="color">#8BC065</Option>
<Option name="stateless">False</Option>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule action="Accept" comment="" direction="Both" disabled="False" id="id4641456D29061" log="False" position="9">
<Src neg="False">
<ObjectRef ref="id4641456929061"/>
</Src><Dst neg="False">
<ObjectRef ref="id46412C4226611"/>
</Dst><Srv neg="False">
<ServiceRef ref="sysid1"/>
</Srv><Itf neg="False">
<ObjectRef ref="sysid0"/>
</Itf><When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions>
<Option name="color">#C0BA44</Option>
<Option name="stateless">False</Option>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule action="Accept" comment="" direction="Both" disabled="False" id="id4641457E29061" log="False" position="10">
<Src neg="False">
<ObjectRef ref="id4641456929061"/>
</Src><Dst neg="False">
<ObjectRef ref="id46412C4226611"/>
</Dst><Srv neg="False">
<ServiceRef ref="sysid1"/>
</Srv><Itf neg="False">
<ObjectRef ref="id46412B5A26577"/>
</Itf><When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions>
<Option name="color">#C0BA44</Option>
<Option name="stateless">False</Option>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule action="Accept" comment="" direction="Both" disabled="False" id="id4641458F29061" log="False" position="11">
<Src neg="False">
<ObjectRef ref="id4641456929061"/>
</Src><Dst neg="False">
<ObjectRef ref="id46412C4226611"/>
</Dst><Srv neg="False">
<ServiceRef ref="sysid1"/>
</Srv><Itf neg="False">
<ObjectRef ref="id46412B5826577"/>
</Itf><When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions>
<Option name="color">#C0BA44</Option>
<Option name="stateless">False</Option>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule action="Accept" comment="interface ethernet1 has address on network 10.10.10.0/24,&#10;therefore net-10.10.10 is behind the router and we do&#10;not need to put rules 12-18 in outbound acl of eth0" direction="Both" disabled="False" id="id464147C929061" log="False" position="12">
<Src neg="False">
<ObjectRef ref="id4641456629061"/>
</Src><Dst neg="False">
<ObjectRef ref="id46412C3F26611"/>
</Dst><Srv neg="False">
<ServiceRef ref="id464147DE29061"/>
</Srv><Itf neg="False">
<ObjectRef ref="sysid0"/>
</Itf><When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions>
<Option name="color">#C86E6E</Option>
<Option name="stateless">False</Option>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule action="Accept" comment="" direction="Both" disabled="False" id="id46414A3E29061" log="False" position="13">
<Src neg="False">
<ObjectRef ref="id4641456629061"/>
</Src><Dst neg="False">
<ObjectRef ref="id46412C3F26611"/>
</Dst><Srv neg="False">
<ServiceRef ref="id464147DD29061"/>
</Srv><Itf neg="False">
<ObjectRef ref="sysid0"/>
</Itf><When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions>
<Option name="color">#C86E6E</Option>
<Option name="stateless">False</Option>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule action="Accept" comment="" direction="Both" disabled="False" id="id46414A4F29061" log="False" position="14">
<Src neg="False">
<ObjectRef ref="id4641456629061"/>
</Src><Dst neg="False">
<ObjectRef ref="id46412C3F26611"/>
</Dst><Srv neg="False">
<ServiceRef ref="id464147DB29061"/>
</Srv><Itf neg="False">
<ObjectRef ref="sysid0"/>
</Itf><When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions>
<Option name="color">#C86E6E</Option>
<Option name="stateless">False</Option>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule action="Accept" comment="" direction="Both" disabled="False" id="id46414A6029061" log="False" position="15">
<Src neg="False">
<ObjectRef ref="id4641456629061"/>
</Src><Dst neg="False">
<ObjectRef ref="id46412C3F26611"/>
</Dst><Srv neg="False">
<ServiceRef ref="id464147DC29061"/>
</Srv><Itf neg="False">
<ObjectRef ref="sysid0"/>
</Itf><When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions>
<Option name="color">#C86E6E</Option>
<Option name="stateless">False</Option>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule action="Accept" comment="" direction="Both" disabled="False" id="id46414CEB29061" log="False" position="16">
<Src neg="False">
<ObjectRef ref="id4641456629061"/>
</Src><Dst neg="False">
<ObjectRef ref="id46412C3F26611"/>
</Dst><Srv neg="False">
<ServiceRef ref="id463FE5FE11008"/>
</Srv><Itf neg="False">
<ObjectRef ref="sysid0"/>
</Itf><When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions>
<Option name="color">#C86E6E</Option>
<Option name="stateless">False</Option>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule action="Accept" comment="" direction="Both" disabled="False" id="id4641521829061" log="False" position="17">
<Src neg="False">
<ObjectRef ref="id4641456629061"/>
</Src><Dst neg="False">
<ObjectRef ref="id46412C3F26611"/>
</Dst><Srv neg="False">
<ServiceRef ref="id4641521729061"/>
</Srv><Itf neg="False">
<ObjectRef ref="sysid0"/>
</Itf><When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions>
<Option name="color">#C86E6E</Option>
<Option name="stateless">False</Option>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule action="Accept" comment="" direction="Both" disabled="False" id="id46415F6729061" log="False" position="18">
<Src neg="False">
<ObjectRef ref="id4641456629061"/>
</Src><Dst neg="False">
<ObjectRef ref="id46412C3F26611"/>
</Dst><Srv neg="False">
<ServiceRef ref="id464147DA29061"/>
</Srv><Itf neg="False">
<ObjectRef ref="sysid0"/>
</Itf><When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions>
<Option name="color">#C86E6E</Option>
<Option name="stateless">False</Option>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule action="Deny" direction="Both" disabled="False" id="id46412C2726611" log="True" position="19">
<Src neg="False">
<ObjectRef ref="sysid0"/>
</Src><Dst neg="False">
<ObjectRef ref="sysid0"/>
</Dst><Srv neg="False">
<ServiceRef ref="sysid1"/>
</Srv><Itf neg="False">
<ObjectRef ref="sysid0"/>
</Itf><When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions>
<Option name="stateless">True</Option>
</PolicyRuleOptions>
</PolicyRule>
</Policy>
<Routing id="id46412B5726577" name="Routing">
</Routing>
<Interface bridgeport="False" dyn="False" id="id46412B5826577" label="" name="ethernet0" security_level="50" unnum="False" unprotected="False">
<IPv4 id="id46412B5926577" name="testios1:ethernet0:ip" address="1.1.1.1" netmask="255.255.255.0"/>
</Interface><Interface bridgeport="False" comment="" dyn="False" id="id46412B5A26577" label="" mgmt="False" name="ethernet1" security_level="100" unnum="False" unprotected="True">
<IPv4 id="id46412B5B26577" name="testios1:ethernet1:ip" address="10.10.10.1" netmask="255.255.255.0"/>
</Interface><Interface bridgeport="False" comment="" dyn="False" id="id4642828219184" label="" mgmt="False" name="ethernet2" security_level="100" unnum="False" unprotected="True">
<IPv4 comment="" id="id4642828319184" name="testios1:ethernet2:ip" address="3.3.3.3" netmask="255.255.255.0"/>
</Interface>
<Management address="10.10.10.1">
<SNMPManagement enabled="False" snmp_read_community="" snmp_write_community=""/>
<FWBDManagement enabled="False" identity="" port="-1"/>
<PolicyInstallScript arguments="" command="" enabled="False"/>
</Management>
<FirewallOptions>
<Option name="accept_established">true</Option>
<Option name="accept_new_tcp_with_no_syn">true</Option>
<Option name="add_check_state_rule">true</Option>
<Option name="admUser"/>
<Option name="altAddress"/>
<Option name="check_shading">False</Option>
<Option name="compiler"/>
<Option name="configure_interfaces">true</Option>
<Option name="eliminate_duplicates">true</Option>
<Option name="firewall_dir">/etc</Option>
<Option name="firewall_is_part_of_any_and_networks">true</Option>
<Option name="freebsd_ip_forward">1</Option>
<Option name="ignore_empty_groups">False</Option>
<Option name="in_out_code">true</Option>
<Option name="ios_ip_address">True</Option>
<Option name="ios_set_host_name">True</Option>
<Option name="iosacl_acl_basic">True</Option>
<Option name="iosacl_acl_no_clear">False</Option>
<Option name="iosacl_acl_substitution">False</Option>
<Option name="iosacl_acl_temp_addr"/>
<Option name="iosacl_add_clear_statements">true</Option>
<Option name="iosacl_assume_fw_part_of_any">true</Option>
<Option name="iosacl_epilog_script"/>
<Option name="iosacl_include_comments">True</Option>
<Option name="iosacl_logging_buffered">False</Option>
<Option name="iosacl_logging_buffered_level"/>
<Option name="iosacl_logging_console">False</Option>
<Option name="iosacl_logging_console_level"/>
<Option name="iosacl_logging_timestamp">False</Option>
<Option name="iosacl_logging_trap_level"/>
<Option name="iosacl_prolog_script"/>
<Option name="iosacl_regroup_commands">False</Option>
<Option name="iosacl_syslog_facility"/>
<Option name="iosacl_syslog_host"/>
<Option name="limit_value">0</Option>
<Option name="linux24_ip_forward">1</Option>
<Option name="load_modules">true</Option>
<Option name="local_nat">false</Option>
<Option name="log_level">info</Option>
<Option name="log_prefix">RULE %N -- %A </Option>
<Option name="loopback_interface">lo0</Option>
<Option name="macosx_ip_forward">1</Option>
<Option name="manage_virtual_addr">true</Option>
<Option name="mgmt_addr"/>
<Option name="mgmt_ssh">False</Option>
<Option name="openbsd_ip_forward">1</Option>
<Option name="output_file"/>
<Option name="pass_all_out">false</Option>
<Option name="pf_limit_frags">5000</Option>
<Option name="pf_limit_states">10000</Option>
<Option name="pf_scrub_maxmss">1460</Option>
<Option name="pf_timeout_frag">30</Option>
<Option name="pf_timeout_interval">10</Option>
<Option name="pix_add_clear_statements">true</Option>
<Option name="pix_assume_fw_part_of_any">true</Option>
<Option name="pix_default_logint">300</Option>
<Option name="pix_emblem_log_format">false</Option>
<Option name="pix_emulate_out_acl">true</Option>
<Option name="pix_floodguard">true</Option>
<Option name="pix_include_comments">true</Option>
<Option name="pix_route_dnat_supported">true</Option>
<Option name="pix_rule_syslog_settings">false</Option>
<Option name="pix_security_fragguard_supported">true</Option>
<Option name="pix_syslog_device_id_supported">false</Option>
<Option name="pix_use_acl_remarks">true</Option>
<Option name="prompt1">$ </Option>
<Option name="prompt2"> # </Option>
<Option name="solaris_ip_forward">1</Option>
<Option name="sshArgs"/>
<Option name="ulog_nlgroup">1</Option>
<Option name="verify_interfaces">true</Option>
</FirewallOptions>
</Firewall>
<Firewall comment="" host_OS="ios" id="id464131E426611" inactive="False" lastCompiled="0" lastInstalled="0" lastModified="1178753518" name="testios20" platform="iosacl" ro="False" version="12.x">
<NAT id="id4641320F26611" name="NAT">
</NAT>
<Policy id="id464131EA26611" name="Policy">
<PolicyRule action="Accept" direction="Both" disabled="False" id="id464131EB26611" log="False" position="0">
<Src neg="False">
<ObjectRef ref="sysid0"/>
</Src><Dst neg="False">
<ObjectRef ref="id46412C4226611"/>
</Dst><Srv neg="False">
<ServiceRef ref="sysid1"/>
</Srv><Itf neg="False">
<ObjectRef ref="sysid0"/>
</Itf><When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions>
<Option name="color">#C0BA44</Option>
<Option name="stateless">False</Option>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule action="Accept" direction="Both" disabled="False" id="id464131F726611" log="False" position="1">
<Src neg="False">
<ObjectRef ref="sysid0"/>
</Src><Dst neg="False">
<ObjectRef ref="id46412C4226611"/>
</Dst><Srv neg="False">
<ServiceRef ref="sysid1"/>
</Srv><Itf neg="False">
<ObjectRef ref="id4641321426611"/>
</Itf><When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions>
<Option name="color">#C0BA44</Option>
<Option name="stateless">False</Option>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule action="Accept" comment="" direction="Both" disabled="False" id="id464137AA26611" log="False" position="2">
<Src neg="False">
<ObjectRef ref="sysid0"/>
</Src><Dst neg="False">
<ObjectRef ref="id46412C4226611"/>
</Dst><Srv neg="False">
<ServiceRef ref="sysid1"/>
</Srv><Itf neg="False">
<ObjectRef ref="id4641321126611"/>
</Itf><When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions>
<Option name="color">#C0BA44</Option>
<Option name="stateless">False</Option>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule action="Accept" comment="" direction="Inbound" disabled="False" id="id4641379926611" log="False" position="3">
<Src neg="False">
<ObjectRef ref="sysid0"/>
</Src><Dst neg="False">
<ObjectRef ref="id46412C4226611"/>
</Dst><Srv neg="False">
<ServiceRef ref="sysid1"/>
</Srv><Itf neg="False">
<ObjectRef ref="sysid0"/>
</Itf><When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions>
<Option name="color">#8BC065</Option>
<Option name="stateless">False</Option>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule action="Accept" comment="" direction="Inbound" disabled="False" id="id4641378826611" log="False" position="4">
<Src neg="False">
<ObjectRef ref="sysid0"/>
</Src><Dst neg="False">
<ObjectRef ref="id46412C4226611"/>
</Dst><Srv neg="False">
<ServiceRef ref="sysid1"/>
</Srv><Itf neg="False">
<ObjectRef ref="id4641321426611"/>
</Itf><When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions>
<Option name="color">#8BC065</Option>
<Option name="stateless">False</Option>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule action="Accept" comment="" direction="Inbound" disabled="False" id="id4641377726611" log="False" position="5">
<Src neg="False">
<ObjectRef ref="sysid0"/>
</Src><Dst neg="False">
<ObjectRef ref="id46412C4226611"/>
</Dst><Srv neg="False">
<ServiceRef ref="sysid1"/>
</Srv><Itf neg="False">
<ObjectRef ref="id4641321126611"/>
</Itf><When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions>
<Option name="color">#8BC065</Option>
<Option name="stateless">False</Option>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule action="Deny" direction="Both" disabled="False" id="id4641320326611" log="True" position="6">
<Src neg="False">
<ObjectRef ref="sysid0"/>
</Src><Dst neg="False">
<ObjectRef ref="sysid0"/>
</Dst><Srv neg="False">
<ServiceRef ref="sysid1"/>
</Srv><Itf neg="False">
<ObjectRef ref="sysid0"/>
</Itf><When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions>
<Option name="stateless">True</Option>
</PolicyRuleOptions>
</PolicyRule>
</Policy>
<Routing id="id4641321026611" name="Routing">
</Routing>
<Interface bridgeport="False" dyn="False" id="id4641321126611" label="" name="ethernet0" security_level="50" unnum="False" unprotected="False">
<IPv4 id="id4641321326611" name="testios20:ethernet0:ip" address="1.1.1.1" netmask="255.255.255.0"/>
</Interface><Interface bridgeport="False" comment="" dyn="False" id="id4641321426611" label="" mgmt="False" name="ethernet1" network_zone="sysid0" security_level="100" unnum="False" unprotected="False">
<IPv4 id="id4641321626611" name="testios20:ethernet1:ip" address="10.10.10.1" netmask="255.255.255.0"/>
</Interface>
<Management address="10.10.10.1">
<SNMPManagement enabled="False" snmp_read_community="" snmp_write_community=""/>
<FWBDManagement enabled="False" identity="" port="-1"/>
<PolicyInstallScript arguments="" command="" enabled="False"/>
</Management>
<FirewallOptions>
<Option name="accept_established">true</Option>
<Option name="accept_new_tcp_with_no_syn">true</Option>
<Option name="add_check_state_rule">true</Option>
<Option name="admUser"/>
<Option name="altAddress"/>
<Option name="check_shading">False</Option>
<Option name="compiler"/>
<Option name="configure_interfaces">true</Option>
<Option name="eliminate_duplicates">true</Option>
<Option name="firewall_dir">/etc</Option>
<Option name="firewall_is_part_of_any_and_networks">true</Option>
<Option name="freebsd_ip_forward">1</Option>
<Option name="ignore_empty_groups">False</Option>
<Option name="in_out_code">true</Option>
<Option name="ios_ip_address">True</Option>
<Option name="ios_set_host_name">True</Option>
<Option name="iosacl_acl_basic">True</Option>
<Option name="iosacl_acl_no_clear">False</Option>
<Option name="iosacl_acl_substitution">False</Option>
<Option name="iosacl_acl_temp_addr"/>
<Option name="iosacl_add_clear_statements">true</Option>
<Option name="iosacl_assume_fw_part_of_any">true</Option>
<Option name="iosacl_epilog_script"/>
<Option name="iosacl_include_comments">True</Option>
<Option name="iosacl_logging_buffered">False</Option>
<Option name="iosacl_logging_buffered_level"/>
<Option name="iosacl_logging_console">False</Option>
<Option name="iosacl_logging_console_level"/>
<Option name="iosacl_logging_timestamp">False</Option>
<Option name="iosacl_logging_trap_level"/>
<Option name="iosacl_prolog_script"/>
<Option name="iosacl_regroup_commands">False</Option>
<Option name="iosacl_syslog_facility"/>
<Option name="iosacl_syslog_host"/>
<Option name="limit_value">0</Option>
<Option name="linux24_ip_forward">1</Option>
<Option name="load_modules">true</Option>
<Option name="local_nat">false</Option>
<Option name="log_level">info</Option>
<Option name="log_prefix">RULE %N -- %A </Option>
<Option name="loopback_interface">lo0</Option>
<Option name="macosx_ip_forward">1</Option>
<Option name="manage_virtual_addr">true</Option>
<Option name="mgmt_addr"/>
<Option name="mgmt_ssh">False</Option>
<Option name="openbsd_ip_forward">1</Option>
<Option name="output_file"/>
<Option name="pass_all_out">false</Option>
<Option name="pf_limit_frags">5000</Option>
<Option name="pf_limit_states">10000</Option>
<Option name="pf_scrub_maxmss">1460</Option>
<Option name="pf_timeout_frag">30</Option>
<Option name="pf_timeout_interval">10</Option>
<Option name="pix_add_clear_statements">true</Option>
<Option name="pix_assume_fw_part_of_any">true</Option>
<Option name="pix_default_logint">300</Option>
<Option name="pix_emblem_log_format">false</Option>
<Option name="pix_emulate_out_acl">true</Option>
<Option name="pix_floodguard">true</Option>
<Option name="pix_include_comments">true</Option>
<Option name="pix_route_dnat_supported">true</Option>
<Option name="pix_rule_syslog_settings">false</Option>
<Option name="pix_security_fragguard_supported">true</Option>
<Option name="pix_syslog_device_id_supported">false</Option>
<Option name="pix_use_acl_remarks">true</Option>
<Option name="prompt1">$ </Option>
<Option name="prompt2"> # </Option>
<Option name="solaris_ip_forward">1</Option>
<Option name="sshArgs"/>
<Option name="ulog_nlgroup">1</Option>
<Option name="verify_interfaces">true</Option>
</FirewallOptions>
</Firewall>
<Firewall comment="" host_OS="ios" id="id464264CC12807" inactive="False" lastCompiled="0" lastInstalled="0" lastModified="1178755598" name="testios2" platform="iosacl" ro="False" version="12.x">
<NAT id="id464265C412807" name="NAT">
</NAT>
<Policy id="id464264D212807" name="Policy">
<PolicyRule action="Deny" comment="anti-spoofing" direction="Inbound" disabled="False" id="id464264D312807" log="True" position="0">
<Src neg="False">
<ObjectRef ref="id46412C4226611"/>
</Src><Dst neg="False">
<ObjectRef ref="sysid0"/>
</Dst><Srv neg="False">
<ServiceRef ref="sysid1"/>
</Srv><Itf neg="False">
<ObjectRef ref="id464265C612807"/>
</Itf><When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions>
<Option name="stateless">True</Option>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule action="Deny" direction="Both" disabled="False" id="id464264DF12807" log="True" position="1">
<Src neg="False">
<ObjectRef ref="sysid0"/>
</Src><Dst neg="False">
<ObjectRef ref="sysid0"/>
</Dst><Srv neg="False">
<ServiceRef ref="ip-IP_Fragments"/>
</Srv><Itf neg="False">
<ObjectRef ref="sysid0"/>
</Itf><When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions>
<Option name="stateless">True</Option>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule action="Accept" direction="Both" disabled="False" id="id464264EB12807" log="False" position="2">
<Src neg="False">
<ObjectRef ref="sysid0"/>
</Src><Dst neg="False">
<ObjectRef ref="id46412C4226611"/>
</Dst><Srv neg="False">
<ServiceRef ref="sysid1"/>
</Srv><Itf neg="False">
<ObjectRef ref="sysid0"/>
</Itf><When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions>
<Option name="color">#C0BA44</Option>
<Option name="stateless">False</Option>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule action="Accept" comment="" direction="Both" disabled="False" id="id464264F712807" log="False" position="3">
<Src neg="False">
<ObjectRef ref="sysid0"/>
</Src><Dst neg="False">
<ObjectRef ref="id46412C4226611"/>
</Dst><Srv neg="False">
<ServiceRef ref="sysid1"/>
</Srv><Itf neg="False">
<ObjectRef ref="id464265C612807"/>
<ObjectRef ref="id464265C912807"/>
</Itf><When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions>
<Option name="color">#C0BA44</Option>
<Option name="stateless">False</Option>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule action="Accept" comment="" direction="Both" disabled="False" id="id4642650412807" log="False" position="4">
<Src neg="False">
<ObjectRef ref="sysid0"/>
</Src><Dst neg="False">
<ObjectRef ref="id46412C4226611"/>
</Dst><Srv neg="False">
<ServiceRef ref="sysid1"/>
</Srv><Itf neg="False">
<ObjectRef ref="id464265C912807"/>
</Itf><When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions>
<Option name="color">#C0BA44</Option>
<Option name="stateless">False</Option>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule action="Accept" comment="" direction="Both" disabled="False" id="id4642651012807" log="False" position="5">
<Src neg="False">
<ObjectRef ref="sysid0"/>
</Src><Dst neg="False">
<ObjectRef ref="id46412C4226611"/>
</Dst><Srv neg="False">
<ServiceRef ref="sysid1"/>
</Srv><Itf neg="False">
<ObjectRef ref="id464265C612807"/>
</Itf><When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions>
<Option name="color">#C0BA44</Option>
<Option name="stateless">False</Option>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule action="Accept" direction="Inbound" disabled="False" id="id4642651C12807" log="False" position="6">
<Src neg="False">
<ObjectRef ref="sysid0"/>
</Src><Dst neg="False">
<ObjectRef ref="id46412C4226611"/>
</Dst><Srv neg="False">
<ServiceRef ref="sysid1"/>
</Srv><Itf neg="False">
<ObjectRef ref="sysid0"/>
</Itf><When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions>
<Option name="color">#8BC065</Option>
<Option name="stateless">False</Option>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule action="Accept" comment="" direction="Inbound" disabled="False" id="id4642652812807" log="False" position="7">
<Src neg="False">
<ObjectRef ref="sysid0"/>
</Src><Dst neg="False">
<ObjectRef ref="id46412C4226611"/>
</Dst><Srv neg="False">
<ServiceRef ref="sysid1"/>
</Srv><Itf neg="False">
<ObjectRef ref="id464265C912807"/>
</Itf><When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions>
<Option name="color">#8BC065</Option>
<Option name="stateless">False</Option>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule action="Accept" comment="" direction="Inbound" disabled="False" id="id4642653412807" log="False" position="8">
<Src neg="False">
<ObjectRef ref="sysid0"/>
</Src><Dst neg="False">
<ObjectRef ref="id46412C4226611"/>
</Dst><Srv neg="False">
<ServiceRef ref="sysid1"/>
</Srv><Itf neg="False">
<ObjectRef ref="id464265C612807"/>
</Itf><When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions>
<Option name="color">#8BC065</Option>
<Option name="stateless">False</Option>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule action="Accept" comment="" direction="Both" disabled="False" id="id4642654012807" log="False" position="9">
<Src neg="False">
<ObjectRef ref="id4641456929061"/>
</Src><Dst neg="False">
<ObjectRef ref="id46412C4226611"/>
</Dst><Srv neg="False">
<ServiceRef ref="sysid1"/>
</Srv><Itf neg="False">
<ObjectRef ref="sysid0"/>
</Itf><When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions>
<Option name="color">#C0BA44</Option>
<Option name="stateless">False</Option>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule action="Accept" comment="" direction="Both" disabled="False" id="id4642654C12807" log="False" position="10">
<Src neg="False">
<ObjectRef ref="id4641456929061"/>
</Src><Dst neg="False">
<ObjectRef ref="id46412C4226611"/>
</Dst><Srv neg="False">
<ServiceRef ref="sysid1"/>
</Srv><Itf neg="False">
<ObjectRef ref="id464265C912807"/>
</Itf><When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions>
<Option name="color">#C0BA44</Option>
<Option name="stateless">False</Option>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule action="Accept" comment="" direction="Both" disabled="False" id="id4642655812807" log="False" position="11">
<Src neg="False">
<ObjectRef ref="id4641456929061"/>
</Src><Dst neg="False">
<ObjectRef ref="id46412C4226611"/>
</Dst><Srv neg="False">
<ServiceRef ref="sysid1"/>
</Srv><Itf neg="False">
<ObjectRef ref="id464265C612807"/>
</Itf><When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions>
<Option name="color">#C0BA44</Option>
<Option name="stateless">False</Option>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule action="Accept" comment="" direction="Both" disabled="False" id="id4642656412807" log="False" position="12">
<Src neg="False">
<ObjectRef ref="id4641456629061"/>
</Src><Dst neg="False">
<ObjectRef ref="id46412C3F26611"/>
</Dst><Srv neg="False">
<ServiceRef ref="id464147DE29061"/>
</Srv><Itf neg="False">
<ObjectRef ref="sysid0"/>
</Itf><When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions>
<Option name="color">#C86E6E</Option>
<Option name="stateless">False</Option>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule action="Accept" comment="" direction="Both" disabled="False" id="id4642657012807" log="False" position="13">
<Src neg="False">
<ObjectRef ref="id4641456629061"/>
</Src><Dst neg="False">
<ObjectRef ref="id46412C3F26611"/>
</Dst><Srv neg="False">
<ServiceRef ref="id464147DD29061"/>
</Srv><Itf neg="False">
<ObjectRef ref="sysid0"/>
</Itf><When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions>
<Option name="color">#C86E6E</Option>
<Option name="stateless">False</Option>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule action="Accept" comment="" direction="Both" disabled="False" id="id4642657C12807" log="False" position="14">
<Src neg="False">
<ObjectRef ref="id4641456629061"/>
</Src><Dst neg="False">
<ObjectRef ref="id46412C3F26611"/>
</Dst><Srv neg="False">
<ServiceRef ref="id464147DB29061"/>
</Srv><Itf neg="False">
<ObjectRef ref="sysid0"/>
</Itf><When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions>
<Option name="color">#C86E6E</Option>
<Option name="stateless">False</Option>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule action="Accept" comment="" direction="Both" disabled="False" id="id4642658812807" log="False" position="15">
<Src neg="False">
<ObjectRef ref="id4641456629061"/>
</Src><Dst neg="False">
<ObjectRef ref="id46412C3F26611"/>
</Dst><Srv neg="False">
<ServiceRef ref="id464147DC29061"/>
</Srv><Itf neg="False">
<ObjectRef ref="sysid0"/>
</Itf><When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions>
<Option name="color">#C86E6E</Option>
<Option name="stateless">False</Option>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule action="Accept" comment="" direction="Both" disabled="False" id="id4642659412807" log="False" position="16">
<Src neg="False">
<ObjectRef ref="id4641456629061"/>
</Src><Dst neg="False">
<ObjectRef ref="id46412C3F26611"/>
</Dst><Srv neg="False">
<ServiceRef ref="id463FE5FE11008"/>
</Srv><Itf neg="False">
<ObjectRef ref="sysid0"/>
</Itf><When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions>
<Option name="color">#C86E6E</Option>
<Option name="stateless">False</Option>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule action="Accept" comment="" direction="Both" disabled="False" id="id464265A012807" log="False" position="17">
<Src neg="False">
<ObjectRef ref="id4641456629061"/>
</Src><Dst neg="False">
<ObjectRef ref="id46412C3F26611"/>
</Dst><Srv neg="False">
<ServiceRef ref="id4641521729061"/>
</Srv><Itf neg="False">
<ObjectRef ref="sysid0"/>
</Itf><When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions>
<Option name="color">#C86E6E</Option>
<Option name="stateless">False</Option>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule action="Accept" comment="" direction="Both" disabled="False" id="id464265AC12807" log="False" position="18">
<Src neg="False">
<ObjectRef ref="id4641456629061"/>
</Src><Dst neg="False">
<ObjectRef ref="id46412C3F26611"/>
</Dst><Srv neg="False">
<ServiceRef ref="id464147DA29061"/>
</Srv><Itf neg="False">
<ObjectRef ref="sysid0"/>
</Itf><When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions>
<Option name="color">#C86E6E</Option>
<Option name="stateless">False</Option>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule action="Deny" direction="Both" disabled="False" id="id464265B812807" log="True" position="19">
<Src neg="False">
<ObjectRef ref="sysid0"/>
</Src><Dst neg="False">
<ObjectRef ref="sysid0"/>
</Dst><Srv neg="False">
<ServiceRef ref="sysid1"/>
</Srv><Itf neg="False">
<ObjectRef ref="sysid0"/>
</Itf><When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions>
<Option name="stateless">True</Option>
</PolicyRuleOptions>
</PolicyRule>
</Policy>
<Routing id="id464265C512807" name="Routing">
</Routing>
<Interface bridgeport="False" dyn="False" id="id464265C612807" label="" name="ethernet0" security_level="50" unnum="False" unprotected="False">
<IPv4 id="id464265C812807" name="testios2:ethernet0:ip" address="1.1.1.1" netmask="255.255.255.0"/>
</Interface><Interface bridgeport="False" comment="" dyn="False" id="id464265C912807" label="" mgmt="True" name="ethernet1" security_level="100" unnum="False" unprotected="False">
<IPv4 id="id464265CB12807" name="testios2:ethernet1:ip" address="10.10.10.1" netmask="255.255.255.0"/>
</Interface>
<Management address="10.10.10.1">
<SNMPManagement enabled="False" snmp_read_community="" snmp_write_community=""/>
<FWBDManagement enabled="False" identity="" port="-1"/>
<PolicyInstallScript arguments="" command="" enabled="False"/>
</Management>
<FirewallOptions>
<Option name="accept_established">true</Option>
<Option name="accept_new_tcp_with_no_syn">true</Option>
<Option name="add_check_state_rule">true</Option>
<Option name="admUser"/>
<Option name="altAddress"/>
<Option name="check_shading">False</Option>
<Option name="configure_interfaces">true</Option>
<Option name="eliminate_duplicates">true</Option>
<Option name="firewall_dir">/etc</Option>
<Option name="firewall_is_part_of_any_and_networks">true</Option>
<Option name="freebsd_ip_forward">1</Option>
<Option name="ignore_empty_groups">False</Option>
<Option name="in_out_code">true</Option>
<Option name="ios_ip_address">True</Option>
<Option name="ios_set_host_name">True</Option>
<Option name="iosacl_acl_basic">False</Option>
<Option name="iosacl_acl_no_clear">False</Option>
<Option name="iosacl_acl_substitution">True</Option>
<Option name="iosacl_acl_temp_addr">10.10.10.0/24</Option>
<Option name="iosacl_add_clear_statements">true</Option>
<Option name="iosacl_assume_fw_part_of_any">true</Option>
<Option name="iosacl_epilog_script"/>
<Option name="iosacl_include_comments">True</Option>
<Option name="iosacl_logging_buffered">False</Option>
<Option name="iosacl_logging_buffered_level"/>
<Option name="iosacl_logging_console">False</Option>
<Option name="iosacl_logging_console_level"/>
<Option name="iosacl_logging_timestamp">False</Option>
<Option name="iosacl_logging_trap_level"/>
<Option name="iosacl_prolog_script"/>
<Option name="iosacl_regroup_commands">False</Option>
<Option name="iosacl_syslog_facility"/>
<Option name="iosacl_syslog_host"/>
<Option name="limit_value">0</Option>
<Option name="linux24_ip_forward">1</Option>
<Option name="load_modules">true</Option>
<Option name="local_nat">false</Option>
<Option name="log_level">info</Option>
<Option name="log_prefix">RULE %N -- %A </Option>
<Option name="loopback_interface">lo0</Option>
<Option name="macosx_ip_forward">1</Option>
<Option name="manage_virtual_addr">true</Option>
<Option name="mgmt_addr"/>
<Option name="mgmt_ssh">False</Option>
<Option name="openbsd_ip_forward">1</Option>
<Option name="output_file"/>
<Option name="pass_all_out">false</Option>
<Option name="pf_limit_frags">5000</Option>
<Option name="pf_limit_states">10000</Option>
<Option name="pf_scrub_maxmss">1460</Option>
<Option name="pf_timeout_frag">30</Option>
<Option name="pf_timeout_interval">10</Option>
<Option name="pix_add_clear_statements">true</Option>
<Option name="pix_assume_fw_part_of_any">true</Option>
<Option name="pix_default_logint">300</Option>
<Option name="pix_emblem_log_format">false</Option>
<Option name="pix_emulate_out_acl">true</Option>
<Option name="pix_floodguard">true</Option>
<Option name="pix_include_comments">true</Option>
<Option name="pix_route_dnat_supported">true</Option>
<Option name="pix_rule_syslog_settings">false</Option>
<Option name="pix_security_fragguard_supported">true</Option>
<Option name="pix_syslog_device_id_supported">false</Option>
<Option name="pix_use_acl_remarks">true</Option>
<Option name="prompt1">$ </Option>
<Option name="prompt2"> # </Option>
<Option name="solaris_ip_forward">1</Option>
<Option name="sshArgs"/>
<Option name="ulog_nlgroup">1</Option>
<Option name="verify_interfaces">true</Option>
</FirewallOptions>
</Firewall>
<Firewall comment="" host_OS="ios" id="id464359FE16989" inactive="False" lastCompiled="1178816547" lastInstalled="0" lastModified="1179459485" name="c3620" platform="iosacl" ro="False" version="12.x">
<NAT id="id46435A0216989" name="NAT">
</NAT>
<Policy id="id46435A0116989" name="Policy">
<PolicyRule action="Accept" comment="interface eth 1/1 has only&#10;inbound access list" direction="Inbound" disabled="False" id="id464D2B0E24319" log="False" position="0">
<Src neg="False">
<ObjectRef ref="sysid0"/>
</Src><Dst neg="False">
<ObjectRef ref="sysid0"/>
</Dst><Srv neg="False">
<ServiceRef ref="tcp-HTTP"/>
</Srv><Itf neg="False">
<ObjectRef ref="id46435A0616989"/>
</Itf><When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions>
<Option name="stateless">False</Option>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule action="Accept" direction="Both" disabled="False" id="id464C8AAD10931" log="False" position="1">
<Src neg="False">
<ObjectRef ref="sysid0"/>
</Src><Dst neg="False">
<ObjectRef ref="sysid0"/>
</Dst><Srv neg="False">
<ServiceRef ref="tcp-HTTP"/>
</Srv><Itf neg="False">
<ObjectRef ref="id46435A0416989"/>
</Itf><When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions>
<Option name="stateless">False</Option>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule action="Accept" direction="Both" disabled="False" id="id464C8AA110931" log="False" position="2">
<Src neg="False">
<ObjectRef ref="sysid0"/>
</Src><Dst neg="False">
<ObjectRef ref="sysid0"/>
</Dst><Srv neg="False">
<ServiceRef ref="id3B4FED69"/>
</Srv><Itf neg="False">
<ObjectRef ref="id46435A0416989"/>
</Itf><When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions>
<Option name="stateless">False</Option>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule action="Accept" direction="Inbound" disabled="False" id="id46435A1C16989" log="False" position="3">
<Src neg="False">
<ObjectRef ref="id46435A0F16989"/>
</Src><Dst neg="False">
<ObjectRef ref="sysid0"/>
</Dst><Srv neg="False">
<ServiceRef ref="sysid1"/>
</Srv><Itf neg="False">
<ObjectRef ref="id46435A0816989"/>
</Itf><When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions>
<Option name="stateless">False</Option>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule action="Accept" direction="Outbound" disabled="False" id="id4643662716989" log="False" position="4">
<Src neg="False">
<ObjectRef ref="id46435A0F16989"/>
</Src><Dst neg="False">
<ObjectRef ref="sysid0"/>
</Dst><Srv neg="False">
<ServiceRef ref="sysid1"/>
</Srv><Itf neg="False">
<ObjectRef ref="id46435A0416989"/>
</Itf><When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions>
<Option name="stateless">False</Option>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule action="Accept" direction="Inbound" disabled="False" id="id4643664116989" log="False" position="5">
<Src neg="False">
<ObjectRef ref="sysid0"/>
</Src><Dst neg="False">
<ObjectRef ref="id46435A0F16989"/>
</Dst><Srv neg="False">
<ServiceRef ref="sysid1"/>
</Srv><Itf neg="False">
<ObjectRef ref="id46435A0416989"/>
</Itf><When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions>
<Option name="stateless">False</Option>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule action="Accept" direction="Outbound" disabled="False" id="id4643663516989" log="False" position="6">
<Src neg="False">
<ObjectRef ref="sysid0"/>
</Src><Dst neg="False">
<ObjectRef ref="id46435A0F16989"/>
</Dst><Srv neg="False">
<ServiceRef ref="sysid1"/>
</Srv><Itf neg="False">
<ObjectRef ref="id46435A0816989"/>
</Itf><When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions>
<Option name="stateless">False</Option>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule action="Deny" comment="disable this rule to make&#10;sure no outbound rules are&#10;generated for eth 1/1" direction="Both" disabled="True" id="id46435A1016989" log="True" position="7">
<Src neg="False">
<ObjectRef ref="sysid0"/>
</Src><Dst neg="False">
<ObjectRef ref="sysid0"/>
</Dst><Srv neg="False">
<ServiceRef ref="sysid1"/>
</Srv><Itf neg="False">
<ObjectRef ref="sysid0"/>
</Itf><When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions>
<Option name="stateless">True</Option>
</PolicyRuleOptions>
</PolicyRule>
</Policy>
<Routing id="id46435A0316989" name="Routing">
</Routing>
<Interface bridgeport="False" comment="" dyn="False" id="id46435A0416989" label="" mgmt="False" name="Ethernet1/0" security_level="0" unnum="False" unprotected="False">
<IPv4 id="id46435A0516989" name="c3620:Ethernet1/0:ip" address="192.168.171.2" netmask="255.255.255.0"/>
</Interface><Interface bridgeport="False" comment="" dyn="False" id="id46435A0616989" label="" mgmt="False" name="Ethernet1/1" security_level="100" unnum="False" unprotected="False">
<IPv4 id="id46435A0716989" name="c3620:Ethernet1/1:ip" address="0.0.0.0" netmask="255.255.255.255"/>
</Interface><Interface bridgeport="False" comment="" dyn="False" id="id46435A0816989" label="" mgmt="True" name="FastEthernet0/0" security_level="100" unnum="False" unprotected="False">
<IPv4 id="id46435A0916989" name="c3620:FastEthernet0/0:ip" address="10.3.14.201" netmask="255.255.255.0"/>
</Interface><Interface bridgeport="False" comment="" dyn="False" id="id46435A0A16989" label="" mgmt="False" name="Null0" security_level="100" unnum="False" unprotected="True">
<IPv4 id="id46435A0B16989" name="c3620:Null0:ip" address="0.0.0.0" netmask="255.255.255.255"/>
</Interface><Interface bridgeport="False" comment="" dyn="False" id="id46435A0C16989" label="" mgmt="False" name="Serial1/0" security_level="100" unnum="False" unprotected="True">
<IPv4 id="id46435A0D16989" name="c3620:Serial1/0:ip" address="0.0.0.0" netmask="255.255.255.255"/>
</Interface>
<Management address="10.3.14.201">
<SNMPManagement enabled="False" snmp_read_community="" snmp_write_community=""/>
<FWBDManagement enabled="False" identity="" port="-1"/>
<PolicyInstallScript arguments="" command="" enabled="False"/>
</Management>
<FirewallOptions>
<Option name="accept_established">true</Option>
<Option name="accept_new_tcp_with_no_syn">true</Option>
<Option name="add_check_state_rule">true</Option>
<Option name="admUser"/>
<Option name="altAddress"/>
<Option name="check_shading">False</Option>
<Option name="configure_interfaces">true</Option>
<Option name="eliminate_duplicates">true</Option>
<Option name="firewall_dir">/etc</Option>
<Option name="firewall_is_part_of_any_and_networks">true</Option>
<Option name="freebsd_ip_forward">1</Option>
<Option name="ignore_empty_groups">False</Option>
<Option name="in_out_code">true</Option>
<Option name="iosacl_acl_basic">True</Option>
<Option name="iosacl_acl_no_clear">False</Option>
<Option name="iosacl_acl_substitution">False</Option>
<Option name="iosacl_acl_temp_addr"/>
<Option name="iosacl_add_clear_statements">true</Option>
<Option name="iosacl_assume_fw_part_of_any">true</Option>
<Option name="iosacl_epilog_script"/>
<Option name="iosacl_include_comments">True</Option>
<Option name="iosacl_logging_buffered">False</Option>
<Option name="iosacl_logging_buffered_level"/>
<Option name="iosacl_logging_console">False</Option>
<Option name="iosacl_logging_console_level"/>
<Option name="iosacl_logging_timestamp">False</Option>
<Option name="iosacl_logging_trap_level"/>
<Option name="iosacl_prolog_script"/>
<Option name="iosacl_regroup_commands">False</Option>
<Option name="iosacl_syslog_facility"/>
<Option name="iosacl_syslog_host"/>
<Option name="limit_value">0</Option>
<Option name="linux24_ip_forward">1</Option>
<Option name="load_modules">true</Option>
<Option name="local_nat">false</Option>
<Option name="log_level">info</Option>
<Option name="log_prefix">RULE %N -- %A </Option>
<Option name="loopback_interface">lo0</Option>
<Option name="macosx_ip_forward">1</Option>
<Option name="manage_virtual_addr">true</Option>
<Option name="mgmt_addr">10.3.14.40</Option>
<Option name="mgmt_ssh">True</Option>
<Option name="openbsd_ip_forward">1</Option>
<Option name="output_file"/>
<Option name="pass_all_out">false</Option>
<Option name="pf_limit_frags">5000</Option>
<Option name="pf_limit_states">10000</Option>
<Option name="pf_scrub_maxmss">1460</Option>
<Option name="pf_timeout_frag">30</Option>
<Option name="pf_timeout_interval">10</Option>
<Option name="pix_add_clear_statements">true</Option>
<Option name="pix_assume_fw_part_of_any">true</Option>
<Option name="pix_default_logint">300</Option>
<Option name="pix_emblem_log_format">false</Option>
<Option name="pix_emulate_out_acl">true</Option>
<Option name="pix_floodguard">true</Option>
<Option name="pix_include_comments">true</Option>
<Option name="pix_route_dnat_supported">true</Option>
<Option name="pix_rule_syslog_settings">false</Option>
<Option name="pix_security_fragguard_supported">true</Option>
<Option name="pix_syslog_device_id_supported">false</Option>
<Option name="pix_use_acl_remarks">true</Option>
<Option name="prompt1">$ </Option>
<Option name="prompt2"> # </Option>
<Option name="solaris_ip_forward">1</Option>
<Option name="sshArgs"/>
<Option name="ulog_nlgroup">1</Option>
<Option name="verify_interfaces">true</Option>
</FirewallOptions>
</Firewall>
</ObjectGroup>
<IntervalGroup id="id4511637523682" name="Time"/>
</Library>
<Library id="sysid99" name="Deleted Objects" ro="False">
<ObjectRef ref="sysid0"/>
<IPv4 comment="" id="id463FF31019380" name="test-ipt:eth0:ip" address="10.10.10.1" netmask="255.255.255.0"/>
<Interface bridgeport="False" comment="" dyn="False" id="id4511651D23682" label="" mgmt="False" name="imq1" security_level="100" unnum="True" unprotected="False"/>
<Firewall comment="Similar to fw 1, but the firewall is used as DHCP and DNS server for internal network.&#10;This firewall has two interfaces. Eth0 faces outside and has a dynamic address; eth1 faces inside.&#10;Policy includes basic rules to permit unrestricted outbound access and anti-spoofing rules. Access to the firewall is permitted only from internal network and only using SSH. The firewall can send DNS queries to servers out on the Internet. Another rule permits DNS queries from internal network to the firewall. Special rules permit DHCP requests from internal network and replies sent by the firewall." host_OS="freebsd" id="id453D8A6D12118" lastCompiled="0" lastInstalled="0" lastModified="1178678949" name="ipf" platform="ipf" ro="False" version="">
<NAT id="id453D8AE412118" name="NAT">
<NATRule disabled="False" id="id453D8AE512118" position="0">
<OSrc neg="False">
<ObjectRef ref="id3DC75CE7-1"/>
</OSrc>
<ODst neg="False">
<ObjectRef ref="sysid0"/>
</ODst>
<OSrv neg="False">
<ServiceRef ref="sysid1"/>
</OSrv>
<TSrc neg="False">
<ObjectRef ref="sysid0"/>
</TSrc>
<TDst neg="False">
<ObjectRef ref="sysid0"/>
</TDst>
<TSrv neg="False">
<ServiceRef ref="sysid1"/>
</TSrv>
<NATRuleOptions/>
</NATRule></NAT>
<Policy id="id453D8A7312118" name="Policy">
<PolicyRule action="Deny" comment="anti spoofing rule" direction="Inbound" disabled="False" id="id453D8A7412118" log="True" position="0">
<Src neg="False">
<ObjectRef ref="id3DC75CE7-1"/>
</Src><Dst neg="False">
<ObjectRef ref="sysid0"/>
</Dst><Srv neg="False">
<ServiceRef ref="sysid1"/>
</Srv><Itf neg="False">
<ObjectRef ref="sysid0"/>
</Itf><When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions>
<Option name="stateless">True</Option>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule action="Accept" direction="Both" disabled="False" id="id453D8A8112118" log="False" position="1">
<Src neg="False">
<ObjectRef ref="sysid0"/>
</Src><Dst neg="False">
<ObjectRef ref="sysid0"/>
</Dst><Srv neg="False">
<ServiceRef ref="sysid1"/>
</Srv><Itf neg="False">
<ObjectRef ref="sysid0"/>
</Itf><When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions/>
</PolicyRule>
<PolicyRule action="Route" comment="SSH Access to firewall is permitted&#10;only from internal network&#10;Also firewall serves DNS for internal&#10;network" disabled="False" id="id453D8A8D12118" log="False" position="2">
<Src neg="False">
<ObjectRef ref="id3DC75CE7-1"/>
</Src><Dst neg="False">
<ObjectRef ref="sysid0"/>
</Dst><Srv neg="False">
<ServiceRef ref="tcp-SSH"/>
<ServiceRef ref="id3F530CC8"/>
</Srv><Itf neg="False">
<ObjectRef ref="sysid0"/>
</Itf><When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions>
<Option name="action_on_reject"/>
<Option name="classify_str"/>
<Option name="custom_str"/>
<Option name="ipf_route_opt_addr"/>
<Option name="ipf_route_opt_if">le1</Option>
<Option name="ipf_route_option">route_through</Option>
<Option name="ipfw_classify_method">2</Option>
<Option name="ipfw_pipe_port_num">0</Option>
<Option name="ipfw_pipe_queue_num">0</Option>
<Option name="ipt_continue">False</Option>
<Option name="ipt_gw"/>
<Option name="ipt_iif"/>
<Option name="ipt_mark_connections">False</Option>
<Option name="ipt_mark_prerouting">False</Option>
<Option name="ipt_oif"/>
<Option name="ipt_tee">False</Option>
<Option name="pf_fastroute">False</Option>
<Option name="pf_route_opt_addr"/>
<Option name="pf_route_opt_if"/>
<Option name="pf_route_option">route_through</Option>
<Option name="rule_name_accounting"/>
<Option name="stateless">True</Option>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule action="Accept" comment="DHCP requests are permitted&#10;from internal network" disabled="False" id="id453D8A9A12118" log="False" position="3">
<Src neg="False">
<ObjectRef ref="id3DC75CE7-1"/>
<ObjectRef ref="id3F6D115D"/>
</Src><Dst neg="False">
<ObjectRef ref="id3F6D115C"/>
</Dst><Srv neg="False">
<ServiceRef ref="sg-DHCP"/>
</Srv><Itf neg="False">
<ObjectRef ref="sysid0"/>
</Itf><When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions/>
</PolicyRule>
<PolicyRule action="Accept" comment="DHCP replies" disabled="False" id="id453D8AA812118" log="False" position="4">
<Src neg="False">
<ObjectRef ref="sysid0"/>
</Src><Dst neg="False">
<ObjectRef ref="id3DC75CE7-1"/>
</Dst><Srv neg="False">
<ServiceRef ref="sg-DHCP"/>
</Srv><Itf neg="False">
<ObjectRef ref="sysid0"/>
</Itf><When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions/>
</PolicyRule>
<PolicyRule action="Accept" comment="Firewall should be able to send&#10;DNS queries to the Internet" disabled="False" id="id453D8AB412118" log="True" position="5">
<Src neg="False">
<ObjectRef ref="sysid0"/>
</Src><Dst neg="False">
<ObjectRef ref="sysid0"/>
</Dst><Srv neg="False">
<ServiceRef ref="id3F530CC8"/>
</Srv><Itf neg="False">
<ObjectRef ref="sysid0"/>
</Itf><When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions/>
</PolicyRule>
<PolicyRule action="Deny" comment="All other attempts to connect to&#10;the firewall are denied and logged" disabled="False" id="id453D8AC012118" log="True" position="6">
<Src neg="False">
<ObjectRef ref="sysid0"/>
</Src><Dst neg="False">
<ObjectRef ref="sysid0"/>
</Dst><Srv neg="False">
<ServiceRef ref="sysid1"/>
</Srv><Itf neg="False">
<ObjectRef ref="sysid0"/>
</Itf><When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions>
<Option name="stateless">True</Option>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule action="Accept" comment="" disabled="False" id="id453D8ACC12118" log="False" position="7">
<Src neg="False">
<ObjectRef ref="id3DC75CE7-1"/>
</Src><Dst neg="False">
<ObjectRef ref="sysid0"/>
</Dst><Srv neg="False">
<ServiceRef ref="sysid1"/>
</Srv><Itf neg="False">
<ObjectRef ref="sysid0"/>
</Itf><When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions/>
</PolicyRule>
<PolicyRule action="Deny" disabled="False" id="id453D8AD812118" log="True" position="8">
<Src neg="False">
<ObjectRef ref="sysid0"/>
</Src><Dst neg="False">
<ObjectRef ref="sysid0"/>
</Dst><Srv neg="False">
<ServiceRef ref="sysid1"/>
</Srv><Itf neg="False">
<ObjectRef ref="sysid0"/>
</Itf><When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions>
<Option name="stateless">True</Option>
</PolicyRuleOptions>
</PolicyRule>
</Policy>
<Routing id="id453D8AF312118" name="Routing">
</Routing>
<Interface bridgeport="False" comment="" dyn="True" id="id453D8AF412118" label="" mgmt="False" name="le0" security_level="0" unnum="False" unprotected="False"/><Interface bridgeport="False" comment="" dyn="False" id="id453D8AF512118" label="" mgmt="True" name="le1" security_level="100" unnum="False" unprotected="False">
<IPv4 comment="" id="id453D8AF712118" name="ipf:le1:ip" address="192.168.1.1" netmask="255.255.255.0"/>
</Interface><Interface bridgeport="False" comment="" dyn="False" id="id453D8AF812118" label="loopback" mgmt="False" name="lo" security_level="100" unnum="False" unprotected="False">
<IPv4 comment="" id="id453D8AFA12118" name="ipf:lo:ip" address="127.0.0.1" netmask="255.0.0.0"/>
</Interface>
<Management address="0.0.0.0">
<SNMPManagement enabled="False" snmp_read_community="" snmp_write_community=""/>
<FWBDManagement enabled="False" identity="" port="-1"/>
<PolicyInstallScript arguments="" command="" enabled="False"/>
</Management>
<FirewallOptions>
<Option name="accept_established">true</Option>
<Option name="accept_new_tcp_with_no_syn">true</Option>
<Option name="add_check_state_rule">true</Option>
<Option name="check_shading">true</Option>
<Option name="configure_interfaces">true</Option>
<Option name="eliminate_duplicates">true</Option>
<Option name="firewall_dir">/etc</Option>
<Option name="firewall_is_part_of_any_and_networks">true</Option>
<Option name="freebsd_ip_forward">1</Option>
<Option name="in_out_code">true</Option>
<Option name="limit_value">0</Option>
<Option name="linux24_ip_forward">1</Option>
<Option name="load_modules">true</Option>
<Option name="local_nat">false</Option>
<Option name="log_level">info</Option>
<Option name="log_prefix">RULE %N -- %A </Option>
<Option name="loopback_interface">lo0</Option>
<Option name="macosx_ip_forward">1</Option>
<Option name="manage_virtual_addr">true</Option>
<Option name="openbsd_ip_forward">1</Option>
<Option name="pass_all_out">false</Option>
<Option name="pf_limit_frags">5000</Option>
<Option name="pf_limit_states">10000</Option>
<Option name="pf_scrub_maxmss">1460</Option>
<Option name="pf_timeout_frag">30</Option>
<Option name="pf_timeout_interval">10</Option>
<Option name="pix_add_clear_statements">true</Option>
<Option name="pix_assume_fw_part_of_any">true</Option>
<Option name="pix_default_logint">300</Option>
<Option name="pix_emblem_log_format">false</Option>
<Option name="pix_emulate_out_acl">true</Option>
<Option name="pix_floodguard">true</Option>
<Option name="pix_include_comments">true</Option>
<Option name="pix_route_dnat_supported">true</Option>
<Option name="pix_rule_syslog_settings">false</Option>
<Option name="pix_security_fragguard_supported">true</Option>
<Option name="pix_syslog_device_id_supported">false</Option>
<Option name="pix_use_acl_remarks">true</Option>
<Option name="prompt1">$ </Option>
<Option name="prompt2"> # </Option>
<Option name="solaris_ip_forward">1</Option>
<Option name="ulog_nlgroup">1</Option>
<Option name="verify_interfaces">true</Option>
</FirewallOptions>
</Firewall>
<Firewall comment="" host_OS="linux24" id="id4511650E23682" inactive="False" lastCompiled="1178591818" lastInstalled="0" lastModified="1178678953" name="test-ipt" platform="iptables" ro="False" version="">
<NAT id="id4511651223682" name="NAT">
</NAT>
<Policy id="id4511651123682" name="Policy">
<PolicyRule action="Deny" direction="Inbound" disabled="False" id="id463FE87E19380" log="False" position="0">
<Src neg="False">
<ObjectRef ref="sysid0"/>
</Src><Dst neg="False">
<ObjectRef ref="sysid0"/>
</Dst><Srv neg="True">
<ServiceRef ref="tcp-TCP-SYN"/>
</Srv><Itf neg="False">
<ObjectRef ref="sysid0"/>
</Itf><When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions/>
</PolicyRule>
<PolicyRule action="Route" direction="Both" disabled="False" id="id4511653623682" log="False" position="1">
<Src neg="False">
<ObjectRef ref="sysid0"/>
</Src><Dst neg="False">
<ObjectRef ref="sysid0"/>
</Dst><Srv neg="False">
<ServiceRef ref="sysid1"/>
</Srv><Itf neg="False">
<ObjectRef ref="sysid0"/>
</Itf><When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions>
<Option name="action_on_reject"/>
<Option name="classify_str"/>
<Option name="custom_str"/>
<Option name="ipf_route_opt_addr"/>
<Option name="ipf_route_opt_if"/>
<Option name="ipf_route_option">Route through</Option>
<Option name="ipfw_classify_method">2</Option>
<Option name="ipfw_pipe_port_num">0</Option>
<Option name="ipfw_pipe_queue_num">0</Option>
<Option name="ipt_continue">False</Option>
<Option name="ipt_gw"/>
<Option name="ipt_iif"/>
<Option name="ipt_mark_connections">False</Option>
<Option name="ipt_mark_prerouting">False</Option>
<Option name="ipt_oif">vlan1</Option>
<Option name="ipt_tee">False</Option>
<Option name="pf_fastroute">False</Option>
<Option name="pf_route_opt_addr"/>
<Option name="pf_route_opt_if"/>
<Option name="pf_route_option">Route through</Option>
<Option name="rule_name_accounting"/>
<Option name="stateless">True</Option>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule action="Route" direction="Both" disabled="False" id="id453D868112036" log="True" position="2">
<Src neg="False">
<ObjectRef ref="sysid0"/>
</Src><Dst neg="False">
<ObjectRef ref="sysid0"/>
</Dst><Srv neg="False">
<ServiceRef ref="sysid1"/>
</Srv><Itf neg="False">
<ObjectRef ref="sysid0"/>
</Itf><When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions>
<Option name="action_on_reject"/>
<Option name="classify_str"/>
<Option name="custom_str"/>
<Option name="ipf_route_opt_addr"/>
<Option name="ipf_route_opt_if"/>
<Option name="ipf_route_option">Route through</Option>
<Option name="ipfw_classify_method">2</Option>
<Option name="ipfw_pipe_port_num">0</Option>
<Option name="ipfw_pipe_queue_num">0</Option>
<Option name="ipt_continue">False</Option>
<Option name="ipt_gw"/>
<Option name="ipt_iif"/>
<Option name="ipt_mark_connections">False</Option>
<Option name="ipt_mark_prerouting">False</Option>
<Option name="ipt_oif">eth1</Option>
<Option name="ipt_tee">False</Option>
<Option name="pf_fastroute">False</Option>
<Option name="pf_route_opt_addr"/>
<Option name="pf_route_opt_if"/>
<Option name="pf_route_option">Route through</Option>
<Option name="rule_name_accounting"/>
<Option name="stateless">True</Option>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule action="Deny" direction="Both" disabled="False" id="id453D896C12123" log="True" position="3">
<Src neg="False">
<ObjectRef ref="sysid0"/>
</Src><Dst neg="False">
<ObjectRef ref="sysid0"/>
</Dst><Srv neg="False">
<ServiceRef ref="sysid1"/>
</Srv><Itf neg="False">
<ObjectRef ref="sysid0"/>
</Itf><When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions>
<Option name="stateless">True</Option>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule action="Reject" direction="Both" disabled="False" id="id4511654423682" log="False" position="4">
<Src neg="False">
<ObjectRef ref="sysid0"/>
</Src><Dst neg="False">
<ObjectRef ref="sysid0"/>
</Dst><Srv neg="False">
<ServiceRef ref="sysid1"/>
</Srv><Itf neg="False">
<ObjectRef ref="sysid0"/>
</Itf><When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions>
<Option name="stateless">True</Option>
</PolicyRuleOptions>
</PolicyRule>
</Policy>
<Routing id="id4511651323682" name="Routing">
</Routing>
<Interface bridgeport="False" dyn="False" id="id4511651623682" name="lo" security_level="100" unnum="False" unprotected="False">
<IPv4 id="id4511651723682" name="test-ipt:lo:ip" address="127.0.0.1" netmask="255.0.0.0"/>
</Interface><Interface bridgeport="False" comment="" dyn="False" id="id4511651923682" label="" mgmt="False" name="teql0" security_level="100" unnum="True" unprotected="False"/><Interface bridgeport="False" comment="" dyn="False" id="id4511651B23682" label="" mgmt="False" name="imq0" security_level="100" unnum="False" unprotected="False">
<IPv4 comment="" id="id463FFA2619380" name="test-ipt:imq0:ip" address="192.168.1.1" netmask="255.255.255.0"/>
</Interface><Interface bridgeport="False" comment="" dyn="True" id="id4511652023682" label="" mgmt="False" name="eth0" security_level="100" unnum="False" unprotected="False">
<physAddress address="00:12:17:03:B9:81" id="id4511652123682" name="test-ipt:eth0:mac"/>
</Interface><Interface bridgeport="False" comment="" dyn="True" id="id4511652423682" label="" mgmt="False" name="eth1" security_level="100" unnum="False" unprotected="False">
<physAddress address="00:12:17:03:B9:83" id="id4511652523682" name="test-ipt:eth1:mac"/>
</Interface><Interface bridgeport="False" comment="" dyn="True" id="id4511652823682" label="" mgmt="False" name="vlan0" security_level="100" unnum="False" unprotected="False">
<physAddress address="00:12:17:03:B9:81" id="id4511652923682" name="test-ipt:vlan0:mac"/>
</Interface><Interface bridgeport="False" dyn="False" id="id4511652D23682" name="vlan1" security_level="0" unnum="False" unprotected="False">
<IPv4 id="id4511652F23682" name="test-ipt:vlan1:ip" address="24.6.139.57" netmask="255.255.248.0"/>
<physAddress address="00:E0:18:A8:80:1E" id="id4511652E23682" name="test-ipt:vlan1:mac"/>
</Interface><Interface bridgeport="False" dyn="False" id="id4511653223682" name="br0" security_level="100" unnum="False" unprotected="False">
<IPv4 comment="" id="id463FF31119380" name="test-ipt:br0:ip" address="10.10.10.2" netmask="255.255.255.0"/>
<physAddress address="00:12:17:03:B9:81" id="id4511653323682" name="test-ipt:br0:mac"/>
</Interface>
<Management address="10.10.10.2">
<SNMPManagement enabled="False" snmp_read_community="" snmp_write_community=""/>
<FWBDManagement enabled="False" identity="" port="-1"/>
<PolicyInstallScript arguments="" command="" enabled="False"/>
</Management>
<FirewallOptions>
<Option name="accept_established">True</Option>
<Option name="accept_new_tcp_with_no_syn">True</Option>
<Option name="action_on_reject"/>
<Option name="activationCmd"/>
<Option name="admUser"/>
<Option name="altAddress"/>
<Option name="bridging_fw">False</Option>
<Option name="check_shading">False</Option>
<Option name="clamp_mss_to_mtu">False</Option>
<Option name="classify_mark_terminating">False</Option>
<Option name="cmdline"/>
<Option name="compiler"/>
<Option name="configure_interfaces">True</Option>
<Option name="debug">False</Option>
<Option name="drop_invalid">False</Option>
<Option name="eliminate_duplicates">true</Option>
<Option name="epilog_script"/>
<Option name="firewall_dir">/etc</Option>
<Option name="firewall_is_part_of_any_and_networks">True</Option>
<Option name="freebsd_ip_forward">1</Option>
<Option name="ignore_empty_groups">False</Option>
<Option name="in_out_code">true</Option>
<Option name="limit_suffix"/>
<Option name="limit_value">0</Option>
<Option name="linux24_ip_forward">1</Option>
<Option name="load_modules">True</Option>
<Option name="local_nat">False</Option>
<Option name="log_all">False</Option>
<Option name="log_invalid">False</Option>
<Option name="log_ip_opt">False</Option>
<Option name="log_level">info</Option>
<Option name="log_prefix">RULE %N -- %A </Option>
<Option name="log_tcp_opt">False</Option>
<Option name="log_tcp_seq">False</Option>
<Option name="loopback_interface">lo0</Option>
<Option name="macosx_ip_forward">1</Option>
<Option name="manage_virtual_addr">True</Option>
<Option name="mgmt_addr"/>
<Option name="mgmt_ssh">False</Option>
<Option name="openbsd_ip_forward">1</Option>
<Option name="output_file"/>
<Option name="pass_all_out">false</Option>
<Option name="pf_limit_frags">5000</Option>
<Option name="pf_limit_states">10000</Option>
<Option name="pf_scrub_maxmss">1460</Option>
<Option name="pf_timeout_frag">30</Option>
<Option name="pf_timeout_interval">10</Option>
<Option name="pix_add_clear_statements">true</Option>
<Option name="pix_assume_fw_part_of_any">true</Option>
<Option name="pix_default_logint">300</Option>
<Option name="pix_emblem_log_format">false</Option>
<Option name="pix_emulate_out_acl">true</Option>
<Option name="pix_floodguard">true</Option>
<Option name="pix_include_comments">true</Option>
<Option name="pix_route_dnat_supported">true</Option>
<Option name="pix_rule_syslog_settings">false</Option>
<Option name="pix_security_fragguard_supported">true</Option>
<Option name="pix_syslog_device_id_supported">false</Option>
<Option name="pix_use_acl_remarks">true</Option>
<Option name="prolog_place">top</Option>
<Option name="prolog_script"/>
<Option name="prompt1">$ </Option>
<Option name="prompt2"> # </Option>
<Option name="snmp_contact">root</Option>
<Option name="snmp_description">Linux SVEASOFT 2.4.20 #2 Wed Nov 17 11:49:43 CET 2004 mips</Option>
<Option name="snmp_location">Unknown</Option>
<Option name="solaris_ip_forward">1</Option>
<Option name="sshArgs"/>
<Option name="ulog_cprange">0</Option>
<Option name="ulog_nlgroup">1</Option>
<Option name="ulog_qthreshold">1</Option>
<Option name="use_ULOG">False</Option>
<Option name="use_iptables_restore">False</Option>
<Option name="use_numeric_log_levels">False</Option>
<Option name="verify_interfaces">True</Option>
</FirewallOptions>
</Firewall>
</Library>
<Library color="#d4f8ff" comment="Standard objects" id="syslib000" name="Standard" ro="True">
<ServiceGroup id="stdid05" name="Services">
<ServiceGroup id="stdid09" name="TCP">
<TCPService ack_flag="False" ack_flag_mask="False" comment="" dst_range_end="179" dst_range_start="179" fin_flag="False" fin_flag_mask="False" id="id4127F04F" name="bgp" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" src_range_end="0" src_range_start="0" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False"/>
<TCPService ack_flag="False" ack_flag_mask="False" comment="" dst_range_end="79" dst_range_start="79" fin_flag="False" fin_flag_mask="False" id="id3AECF774" name="finger" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" src_range_end="0" src_range_start="0" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False"/>
<TCPService ack_flag="False" ack_flag_mask="False" comment="" dst_range_end="21" dst_range_start="21" fin_flag="False" fin_flag_mask="False" id="tcp-FTP" name="ftp" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" src_range_end="0" src_range_start="0" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False"/>
<TCPService ack_flag="False" ack_flag_mask="False" comment="" dst_range_end="80" dst_range_start="80" fin_flag="False" fin_flag_mask="False" id="tcp-HTTP" name="http" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" src_range_end="0" src_range_start="0" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False"/>
<TCPService ack_flag="False" ack_flag_mask="False" comment="Some firewall platforms can match TCP packets with flags ACK or RST set; the option is usually called &quot;established&quot;.&#10;&#10;Note that you can use this object only in the policy rules of the firewall that supports this option.&#10;&#10;If you need to match reply packets for a specific TCP service and wish to use option &quot;established&quot;, make a copy of this object and set source port range to match the service.&#10;" dst_range_end="0" dst_range_start="0" established="True" fin_flag="False" fin_flag_mask="False" id="id463FE5FE11008" name="All TCP established" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" src_range_end="0" src_range_start="0" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False"/>
<TCPService ack_flag="False" ack_flag_mask="False" comment="" dst_range_end="443" dst_range_start="443" fin_flag="False" fin_flag_mask="False" id="id3B4FED69" name="https" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" src_range_end="0" src_range_start="0" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False"/>
<TCPService ack_flag="False" ack_flag_mask="False" comment="" dst_range_end="22" dst_range_start="22" fin_flag="False" fin_flag_mask="False" id="tcp-SSH" name="ssh" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" src_range_end="0" src_range_start="0" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False"/>
<TCPService ack_flag="False" ack_flag_mask="True" comment="" dst_range_end="0" dst_range_start="0" fin_flag="False" fin_flag_mask="True" id="tcp-TCP-SYN" name="tcp-syn" psh_flag="False" psh_flag_mask="True" rst_flag="False" rst_flag_mask="True" src_range_end="0" src_range_start="0" syn_flag="True" syn_flag_mask="True" urg_flag="False" urg_flag_mask="True"/>
<TCPService ack_flag="False" ack_flag_mask="False" comment="" dst_range_end="53" dst_range_start="53" fin_flag="False" fin_flag_mask="False" id="tcp-DNS" name="domain" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" src_range_end="0" src_range_start="0" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False"/>
</ServiceGroup><ServiceGroup id="stdid08" name="UDP">
<UDPService comment="" dst_range_end="123" dst_range_start="123" id="udp-ntp" name="ntp" src_range_end="0" src_range_start="0"/>
<UDPService comment="" dst_range_end="26000" dst_range_start="26000" id="id3B4FEF7E" name="quake" src_range_end="0" src_range_start="0"/>
<UDPService comment="" dst_range_end="4000" dst_range_start="4000" id="id3D703C96" name="ICQ" src_range_end="0" src_range_start="0"/>
<UDPService comment="" dst_range_end="500" dst_range_start="500" id="id3CB129D2" name="IKE" src_range_end="0" src_range_start="0"/>
<UDPService comment="" dst_range_end="53" dst_range_start="53" id="udp-DNS" name="domain" src_range_end="0" src_range_start="0"/>
<UDPService comment="" dst_range_end="68" dst_range_start="68" id="udp-bootpc" name="bootpc" src_range_end="0" src_range_start="0"/>
<UDPService comment="" dst_range_end="67" dst_range_start="67" id="udp-bootps" name="bootps" src_range_end="0" src_range_start="0"/>
</ServiceGroup><ServiceGroup id="stdid07" name="ICMP">
<ICMPService code="0" comment="" id="icmp-ping_reply" name="ping reply" type="0"/>
<ICMPService code="1" comment="" id="icmp-Host_unreach" name="host_unreach" type="3"/>
<ICMPService code="3" comment="Port unreachable" id="icmp-Port_unreach" name="port unreach" type="3"/>
<ICMPService code="0" comment="ICMP messages of this type are needed for traceroute" id="icmp-Time_exceeded" name="time exceeded" type="11"/>
<ICMPService code="1" comment="" id="icmp-Time_exceeded_in_transit" name="time exceeded in transit" type="11"/>
</ServiceGroup><ServiceGroup id="stdid06" name="IP">
<IPService comment="IPSEC Authentication Header Protocol" fragm="False" id="id3CB12797" lsrr="False" name="AH" protocol_num="51" rr="False" short_fragm="False" ssrr="False" ts="False"/>
<IPService comment="IPSEC Encapsulating Security Payload Protocol" fragm="False" id="ip-IPSEC" lsrr="False" name="ESP" protocol_num="50" rr="False" short_fragm="False" ssrr="False" ts="False"/>
<IPService comment="Generic Routing Encapsulation&#10;" fragm="False" id="id3D703C8F" lsrr="False" name="GRE" protocol_num="47" rr="False" short_fragm="False" ssrr="False" ts="False"/>
<IPService comment="'Short' fragments" fragm="False" id="ip-IP_Fragments" lsrr="False" name="ip_fragments" protocol_num="0" rr="False" short_fragm="True" ssrr="False" ts="False"/>
</ServiceGroup><ServiceGroup id="stdid10" name="Groups">
<ServiceGroup id="id3F530CC8" name="DNS">
<ServiceRef ref="udp-DNS"/>
<ServiceRef ref="tcp-DNS"/>
</ServiceGroup>
<ServiceGroup comment="" id="sg-DHCP" name="DHCP">
<ServiceRef ref="udp-bootpc"/>
<ServiceRef ref="udp-bootps"/>
</ServiceGroup>
</ServiceGroup>
<ServiceGroup id="stdid05_userservices" name="User"/>
</ServiceGroup>
<AnyNetwork comment="Any Network" id="sysid0" name="Any" address="0.0.0.0" netmask="0.0.0.0"/>
<AnyIPService comment="Any IP Service" id="sysid1" name="Any" protocol_num="0"/>
<AnyInterval comment="Any Interval" from_day="-1" from_hour="-1" from_minute="-1" from_month="-1" from_weekday="-1" from_year="-1" id="sysid2" name="Any" to_day="-1" to_hour="-1" to_minute="-1" to_month="-1" to_weekday="-1" to_year="-1"/>
<ObjectGroup id="stdid01" name="Objects">
<ObjectGroup id="stdid03" name="Networks">
<Network comment="192.168.1.0/24 - Address often used for home and small office networks.&#10;" id="id3DC75CE7-1" name="net-192.168.1.0" address="192.168.1.0" netmask="255.255.255.0"/>
</ObjectGroup>
<ObjectGroup id="stdid15" name="Address Ranges">
<AddressRange comment="" id="id3F6D115D" name="old-broadcast" start_address="0.0.0.0" end_address="0.0.0.0"/>
<AddressRange comment="" id="id3F6D115C" name="broadcast" start_address="255.255.255.255" end_address="255.255.255.255"/>
</ObjectGroup>
</ObjectGroup>
</Library>
</FWObjectDatabase>
Reference in New Issue View Git Blame Copy Permalink