mirror of
https://github.com/fwbuilder/fwbuilder
synced 2026-03-19 17:57:22 +01:00
159 lines
6.1 KiB
Plaintext
Executable File
159 lines
6.1 KiB
Plaintext
Executable File
!
|
|
! This is automatically generated file. DO NOT MODIFY !
|
|
!
|
|
! Firewall Builder fwb_pix v4.2.0.3530
|
|
!
|
|
! Generated Wed Apr 20 10:40:39 2011 PDT by vadim
|
|
!
|
|
! Compiled for pix 6.3
|
|
! Outbound ACLs: not supported
|
|
! Emulate outbound ACLs: no
|
|
! Generating outbound ACLs: no
|
|
! Assume firewall is part of any: no
|
|
!
|
|
!# files: * firewall33.fw
|
|
!
|
|
! testing DNSName object
|
|
|
|
! C firewall33:Policy:3: error: DNSName object "buildmaster (ct)" (compile time) can not resolve dns name "buildmaster" (AF_INET): Host or network 'buildmaster' not found; last error: Unknown error Using dummy address in test mode
|
|
! C firewall33:Policy:4: error: Run-time AddressTable and DNSName objects are not supported.
|
|
! C firewall33:Policy:7: error: DNSName object "buildmaster (ct)" (compile time) can not resolve dns name "buildmaster" (AF_INET): Host or network 'buildmaster' not found; last error: Unknown error Using dummy address in test mode
|
|
! C firewall33:Policy:7: error: DNSName object "buildmaster (ct)" (compile time) can not resolve dns name "buildmaster" (AF_INET): Host or network 'buildmaster' not found; last error: Unknown error Using dummy address in test mode
|
|
! C firewall33:Policy:8: error: Run-time AddressTable and DNSName objects are not supported.
|
|
|
|
! N firewall33:NAT:1: warning: Objects used in Original Source and Translated Source of the rule dictate that the same interface 'outside' is going to be used as real and mapped interface in the generated nat command.
|
|
! N firewall33:NAT:1: warning: Objects used in Original Source and Translated Source of the rule dictate that the same interface 'outside' is going to be used as real and mapped interface in the generated nat command.
|
|
! N firewall33:NAT:1: warning: Objects used in Original Source and Translated Source of the rule dictate that the same interface 'outside' is going to be used as real and mapped interface in the generated nat command.
|
|
! N firewall33:NAT:1: warning: Objects used in Original Source and Translated Source of the rule dictate that the same interface 'outside' is going to be used as real and mapped interface in the generated nat command.
|
|
! N firewall33:NAT:1: warning: Objects used in Original Source and Translated Source of the rule dictate that the same interface 'outside' is going to be used as real and mapped interface in the generated nat command.
|
|
! N firewall33:NAT:1: warning: Objects used in Original Source and Translated Source of the rule dictate that the same interface 'outside' is going to be used as real and mapped interface in the generated nat command.
|
|
! N firewall33:NAT:2: error: Run-time AddressTable and DNSName objects are not supported.
|
|
|
|
!
|
|
! Prolog script:
|
|
!
|
|
|
|
!
|
|
! End of prolog script:
|
|
!
|
|
|
|
|
|
|
|
|
|
nameif eth0.100 outside security0
|
|
|
|
nameif eth1 inside security100
|
|
|
|
|
|
no logging buffered
|
|
no logging console
|
|
no logging timestamp
|
|
no logging on
|
|
|
|
|
|
|
|
telnet timeout -1
|
|
|
|
aaa authentication ssh console LOCAL
|
|
ssh timeout -1
|
|
|
|
no snmp-server enable traps
|
|
|
|
|
|
|
|
|
|
no service resetinbound
|
|
no service resetoutside
|
|
no sysopt connection timewait
|
|
no sysopt nodnsalias inbound
|
|
no sysopt nodnsalias outbound
|
|
floodguard disable
|
|
|
|
|
|
!################
|
|
|
|
|
|
|
|
object-group network id43867C2418346.src.net.0
|
|
network-object host 157.166.224.25
|
|
network-object host 157.166.224.26
|
|
network-object host 157.166.226.25
|
|
network-object host 157.166.226.26
|
|
network-object host 157.166.255.18
|
|
network-object host 157.166.255.19
|
|
exit
|
|
|
|
object-group network id438728A918346.dst.net.0
|
|
network-object host 74.125.224.48
|
|
network-object host 74.125.224.49
|
|
network-object host 74.125.224.50
|
|
network-object host 74.125.224.51
|
|
network-object host 74.125.224.52
|
|
network-object host 157.166.224.25
|
|
network-object host 157.166.224.26
|
|
network-object host 157.166.226.25
|
|
network-object host 157.166.226.26
|
|
network-object host 157.166.255.18
|
|
network-object host 157.166.255.19
|
|
exit
|
|
|
|
!
|
|
! Rule 0 (eth0.100)
|
|
access-list outside_acl_in deny ip 192.168.1.0 255.255.255.0 any
|
|
!
|
|
! Rule 1 (global)
|
|
access-list outside_acl_in permit ip object-group id43867C2418346.src.net.0 any
|
|
!
|
|
! Rule 3 (global)
|
|
! firewall33:Policy:3: error: DNSName object "buildmaster (ct)" (compile time) can not resolve dns name "buildmaster" (AF_INET): Host or network 'buildmaster' not found; last error: Unknown error Using dummy address in test mode
|
|
|
|
access-list outside_acl_in permit ip host 192.0.2.1 any
|
|
!
|
|
! Rule 5 (global)
|
|
access-list outside_acl_in deny ip any object-group id43867C2418346.src.net.0
|
|
access-list inside_acl_in deny ip any object-group id43867C2418346.src.net.0
|
|
!
|
|
! Rule 7 (global)
|
|
! firewall33:Policy:7: error: DNSName object "buildmaster (ct)" (compile time) can not resolve dns name "buildmaster" (AF_INET): Host or network 'buildmaster' not found; last error: Unknown error Using dummy address in test mode
|
|
|
|
access-list outside_acl_in permit ip any host 192.0.2.1
|
|
access-list inside_acl_in permit ip any host 192.0.2.1
|
|
!
|
|
! Rule 9 (global)
|
|
access-list outside_acl_in permit ip any object-group id438728A918346.dst.net.0
|
|
access-list inside_acl_in permit ip any object-group id438728A918346.dst.net.0
|
|
!
|
|
! Rule 11 (global)
|
|
access-list outside_acl_in deny ip any any log 6 interval 300
|
|
access-list inside_acl_in deny ip any any log 6 interval 300
|
|
|
|
|
|
access-group inside_acl_in in interface inside
|
|
access-group outside_acl_in in interface outside
|
|
|
|
!
|
|
! Rule 0 (NAT)
|
|
access-list id43867C4918346.0 permit ip host 192.168.1.10 any
|
|
static (inside,outside) interface access-list id43867C4918346.0 0 0
|
|
!
|
|
! Rule 1 (NAT)
|
|
! firewall33:NAT:1: warning: Objects used in Original Source and Translated Source of the rule dictate that the same interface 'outside' is going to be used as real and mapped interface in the generated nat command.
|
|
|
|
global (outside) 1 interface
|
|
access-list id43876E2618346.0 permit ip any host 157.166.224.25
|
|
access-list id43876E2618346.0 permit ip any host 157.166.224.26
|
|
access-list id43876E2618346.0 permit ip any host 157.166.226.25
|
|
access-list id43876E2618346.0 permit ip any host 157.166.226.26
|
|
access-list id43876E2618346.0 permit ip any host 157.166.255.18
|
|
access-list id43876E2618346.0 permit ip any host 157.166.255.19
|
|
nat (outside) 1 access-list id43876E2618346.0 0 0
|
|
|
|
|
|
|
|
!
|
|
! Epilog script:
|
|
!
|
|
|
|
! End of epilog script:
|
|
!
|