mirror of
https://github.com/fwbuilder/fwbuilder
synced 2026-03-20 10:17:16 +01:00
181 lines
4.3 KiB
Plaintext
Executable File
181 lines
4.3 KiB
Plaintext
Executable File
!
|
|
! This is automatically generated file. DO NOT MODIFY !
|
|
!
|
|
! Firewall Builder fwb_pix v4.2.0.3530
|
|
!
|
|
! Generated Wed Apr 20 10:40:35 2011 PDT by vadim
|
|
!
|
|
! Compiled for pix 6.3
|
|
! Outbound ACLs: not supported
|
|
! Emulate outbound ACLs: yes
|
|
! Generating outbound ACLs: no
|
|
! Assume firewall is part of any: no
|
|
!
|
|
!# files: * firewall12.fw
|
|
!
|
|
! this firewall has DMZ using routable address
|
|
|
|
|
|
|
|
!
|
|
! Prolog script:
|
|
!
|
|
|
|
!
|
|
! End of prolog script:
|
|
!
|
|
|
|
|
|
|
|
|
|
hostname firewall12
|
|
|
|
nameif ethernet0 outside security0
|
|
ip address outside dhcp setroute retry 10
|
|
|
|
nameif ethernet1 inside security100
|
|
ip address inside 10.3.14.20 255.255.255.0
|
|
|
|
nameif ethernet2 dmz50 security50
|
|
ip address dmz50 192.0.2.1 255.255.255.0
|
|
|
|
|
|
|
|
logging host inside 10.3.14.10 format emblem
|
|
logging queue 1000
|
|
logging facility 16
|
|
no logging buffered
|
|
no logging console
|
|
no logging timestamp
|
|
logging on
|
|
logging device-id string real_firewall
|
|
|
|
|
|
timeout xlate 0:0:30
|
|
timeout conn 0:0:0
|
|
timeout udp 0:0:0
|
|
timeout rpc 0:0:0
|
|
timeout h323 0:0:0
|
|
timeout sip 0:0:0
|
|
timeout sip_media 0:0:0
|
|
timeout half-closed 0:0:0
|
|
timeout uauth 0:0:0 absolute
|
|
|
|
telnet timeout 5
|
|
|
|
aaa authentication ssh console LOCAL
|
|
ssh timeout 5
|
|
|
|
snmp-server community public
|
|
snmp-server enable traps
|
|
snmp-server host inside 10.3.14.40 poll
|
|
|
|
ntp server 10.3.14.30 source inside
|
|
|
|
|
|
no service resetinbound
|
|
no service resetoutside
|
|
no sysopt connection timewait
|
|
no sysopt nodnsalias inbound
|
|
no sysopt nodnsalias outbound
|
|
floodguard disable
|
|
|
|
|
|
fixup protocol dns maximum-length 65535
|
|
fixup protocol ftp 21
|
|
fixup protocol http 80
|
|
fixup protocol icmp error
|
|
|
|
|
|
!################
|
|
|
|
|
|
|
|
object-group network id3F8F95CD.dst.net.0
|
|
network-object host 192.0.2.20
|
|
network-object host 192.0.2.21
|
|
network-object host 192.0.2.23
|
|
exit
|
|
|
|
!
|
|
! Rule 0 (global)
|
|
access-list inside_acl_in remark 0 (global)
|
|
access-list inside_acl_in permit ip 10.3.14.0 255.255.255.0 any
|
|
!
|
|
! Rule 1 (global)
|
|
ssh 10.3.14.0 255.255.255.0 inside
|
|
!
|
|
! Rule 2 (global)
|
|
icmp permit any 0 outside
|
|
access-list outside_acl_in remark 2 (global)
|
|
access-list outside_acl_in permit icmp any interface outside 0
|
|
icmp permit any 0 inside
|
|
access-list inside_acl_in remark 2 (global)
|
|
access-list inside_acl_in permit icmp any host 10.3.14.20 0
|
|
icmp permit any 0 dmz50
|
|
access-list dmz50_acl_in remark 2 (global)
|
|
access-list dmz50_acl_in permit icmp any host 192.0.2.1 0
|
|
!
|
|
! Rule 3 (global)
|
|
! this comment
|
|
! consists of
|
|
! 3 lines of text
|
|
access-list outside_acl_in remark 3 (global)
|
|
access-list outside_acl_in remark this comment
|
|
access-list outside_acl_in remark consists of
|
|
access-list outside_acl_in remark 3 lines of text
|
|
access-list outside_acl_in permit tcp any interface outside eq 80
|
|
access-list outside_acl_in permit tcp any object-group id3F8F95CD.dst.net.0 eq 80
|
|
access-list inside_acl_in remark 3 (global)
|
|
access-list inside_acl_in remark this comment
|
|
access-list inside_acl_in remark consists of
|
|
access-list inside_acl_in remark 3 lines of text
|
|
access-list inside_acl_in permit tcp any object-group id3F8F95CD.dst.net.0 eq 80
|
|
access-list dmz50_acl_in remark 3 (global)
|
|
access-list dmz50_acl_in remark this comment
|
|
access-list dmz50_acl_in remark consists of
|
|
access-list dmz50_acl_in remark 3 lines of text
|
|
access-list dmz50_acl_in permit tcp any object-group id3F8F95CD.dst.net.0 eq 80
|
|
!
|
|
! Rule 4 (global)
|
|
access-list outside_acl_in remark 4 (global)
|
|
access-list outside_acl_in permit tcp any interface outside eq 80
|
|
!
|
|
! Rule 5 (global)
|
|
access-list dmz50_acl_in remark 5 (global)
|
|
access-list dmz50_acl_in permit tcp any host 192.0.2.1 eq 80
|
|
!
|
|
! Rule 6 (global)
|
|
access-list outside_acl_in remark 6 (global)
|
|
access-list outside_acl_in deny ip any any log 5 interval 120
|
|
access-list inside_acl_in remark 6 (global)
|
|
access-list inside_acl_in deny ip any any log 5 interval 120
|
|
access-list dmz50_acl_in remark 6 (global)
|
|
access-list dmz50_acl_in deny ip any any log 5 interval 120
|
|
|
|
|
|
access-group dmz50_acl_in in interface dmz50
|
|
access-group inside_acl_in in interface inside
|
|
access-group outside_acl_in in interface outside
|
|
|
|
!
|
|
! Rule 0 (NAT)
|
|
global (outside) 1 interface
|
|
access-list id3F8F9592.0 permit ip 10.3.14.0 255.255.255.0 any
|
|
nat (inside) 1 access-list id3F8F9592.0 0 0
|
|
global (dmz50) 1 interface
|
|
!
|
|
!
|
|
! Rule 1 (NAT)
|
|
access-list id3F8F95A0.0 permit tcp host 10.3.14.30 eq 80 any
|
|
static (inside,outside) tcp interface 80 access-list id3F8F95A0.0 0 0
|
|
|
|
|
|
|
|
!
|
|
! Epilog script:
|
|
!
|
|
|
|
! End of epilog script:
|
|
!
|