mirror of
https://github.com/fwbuilder/fwbuilder
synced 2026-03-20 18:27:16 +01:00
204 lines
4.8 KiB
Plaintext
Executable File
204 lines
4.8 KiB
Plaintext
Executable File
!
|
|
! This is automatically generated file. DO NOT MODIFY !
|
|
!
|
|
! Firewall Builder fwb_pix v4.2.0.3436
|
|
!
|
|
! Generated Mon Jan 17 13:17:09 2011 PST by vadim
|
|
!
|
|
! Compiled for pix 8.2
|
|
! Outbound ACLs: supported
|
|
! Emulate outbound ACLs: yes
|
|
! Generating outbound ACLs: no
|
|
! Assume firewall is part of any: yes
|
|
!
|
|
!# files: * firewall80.fw
|
|
!
|
|
! testing rules with broadcasts
|
|
|
|
! C firewall80:Policy:: error: ASA8ObjectGroup: Unsupported object 'custom serv 1' found in object group
|
|
|
|
!
|
|
! Prolog script:
|
|
!
|
|
|
|
!
|
|
! End of prolog script:
|
|
!
|
|
|
|
|
|
|
|
|
|
interface FastEthernet0
|
|
nameif outside
|
|
security-level 100
|
|
exit
|
|
|
|
interface FastEthernet1
|
|
nameif inside
|
|
security-level 0
|
|
exit
|
|
|
|
|
|
no logging buffered
|
|
no logging console
|
|
no logging timestamp
|
|
no logging on
|
|
|
|
|
|
timeout xlate 3:0:0
|
|
timeout conn 1:0:0
|
|
timeout udp 0:2:0
|
|
timeout sunrpc 0:10:0
|
|
timeout h323 0:5:0
|
|
timeout sip 0:30:0
|
|
timeout sip_media 0:0:0
|
|
timeout half-closed 0:0:0
|
|
timeout uauth 2:0:0 absolute
|
|
|
|
|
|
clear config ssh
|
|
aaa authentication ssh console LOCAL
|
|
|
|
clear config snmp-server
|
|
no snmp-server enable traps
|
|
|
|
clear config ntp
|
|
|
|
|
|
no service resetinbound
|
|
no service resetoutside
|
|
no sysopt connection timewait
|
|
no sysopt nodnsalias inbound
|
|
no sysopt nodnsalias outbound
|
|
|
|
|
|
class-map inspection_default
|
|
match default-inspection-traffic
|
|
|
|
policy-map global_policy
|
|
class inspection_default
|
|
|
|
service-policy global_policy global
|
|
|
|
policy-map type inspect ip-options ip-options-map
|
|
parameters
|
|
eool action allow
|
|
router-alert action clear
|
|
|
|
|
|
!################
|
|
clear config access-list
|
|
clear config object-group
|
|
clear config icmp
|
|
clear config telnet
|
|
|
|
object-group service outside.id19186X29796.srv.0
|
|
service-object udp eq 123
|
|
service-object udp eq 53
|
|
service-object tcp eq 53
|
|
service-object tcp eq 25
|
|
service-object icmp 8
|
|
service-object icmp 0
|
|
service-object 51
|
|
service-object 50
|
|
exit
|
|
|
|
|
|
object-group service outside.id69378X1497.srv.0
|
|
service-object icmp
|
|
service-object tcp range 0 65535
|
|
exit
|
|
|
|
|
|
object-group service inside.id21447X11252.srv.icmp.0
|
|
service-object icmp 8
|
|
service-object icmp 3
|
|
exit
|
|
|
|
|
|
object-group service inside.id21447X11252.srv.0
|
|
service-object icmp 8
|
|
service-object icmp 3
|
|
service-object udp eq 53
|
|
service-object tcp eq 3128
|
|
exit
|
|
|
|
|
|
!
|
|
! Rule 0 (FastEthernet1)
|
|
ssh 0.0.0.0 0.0.0.0 inside
|
|
!
|
|
! Rule 1 (FastEthernet1)
|
|
ssh 0.0.0.0 0.0.0.0 inside
|
|
!
|
|
! Rule 2 (global)
|
|
access-list outside_acl_in permit tcp any host 192.168.1.10 eq 22
|
|
access-list inside_acl_in permit tcp any host 192.168.1.10 eq 22
|
|
!
|
|
! Rule 3 (FastEthernet1)
|
|
icmp permit any 3 inside
|
|
access-list inside_acl_in permit icmp any host 192.168.1.1 3
|
|
!
|
|
! Rule 4 (global)
|
|
access-list outside_acl_in permit any host 192.168.1.10 object-group outside.id19186X29796.srv.0
|
|
access-list inside_acl_in permit any host 192.168.1.10 object-group outside.id19186X29796.srv.0
|
|
!
|
|
! Rule 5 (global)
|
|
! matching source ports
|
|
access-list outside_acl_in deny tcp any gt 1024 host 192.168.1.10 eq 80
|
|
access-list inside_acl_in deny tcp any gt 1024 host 192.168.1.10 eq 80
|
|
access-list outside_acl_in deny udp any range 10000 10010 host 192.168.1.10
|
|
access-list inside_acl_in deny udp any range 10000 10010 host 192.168.1.10
|
|
!
|
|
! Rule 6 (global)
|
|
access-list outside_acl_in deny tcp any range 20000 20020 host 192.168.1.10
|
|
access-list inside_acl_in deny tcp any range 20000 20020 host 192.168.1.10
|
|
access-list outside_acl_in deny tcp any range 30000 30030 host 192.168.1.10
|
|
access-list inside_acl_in deny tcp any range 30000 30030 host 192.168.1.10
|
|
!
|
|
! Rule 7 (global)
|
|
! matching "any" icmp and "all" tcp
|
|
! in one service-group
|
|
!
|
|
access-list outside_acl_in deny any host 192.168.1.10 object-group outside.id69378X1497.srv.0
|
|
access-list inside_acl_in deny any host 192.168.1.10 object-group outside.id69378X1497.srv.0
|
|
!
|
|
! Rule 8 (global)
|
|
! for #1938 matching
|
|
! mixed services
|
|
icmp permit 192.168.1.0 255.255.255.192 8 inside
|
|
icmp permit 192.168.1.0 255.255.255.192 3 inside
|
|
access-list inside_acl_in permit icmp 192.168.1.0 255.255.255.192 host 192.168.1.1 object-group inside.id21447X11252.srv.icmp.0
|
|
access-list inside_acl_in permit 192.168.1.0 255.255.255.192 any object-group inside.id21447X11252.srv.0
|
|
!
|
|
! Rule 9 (global)
|
|
! for #1942
|
|
! using custom service
|
|
access-list outside_acl_in deny any any host 192.168.1.10
|
|
access-list inside_acl_in deny any any host 192.168.1.10
|
|
!
|
|
! Rule 10 (global)
|
|
! for #1942
|
|
! using custom service
|
|
access-list outside_acl_in deny any host 192.168.1.10 object-group outside.id79024X21575.srv.0
|
|
access-list inside_acl_in deny any host 192.168.1.10 object-group outside.id79024X21575.srv.0
|
|
!
|
|
! Rule 11 (global)
|
|
access-list outside_acl_in deny ip any any
|
|
access-list inside_acl_in deny ip any any
|
|
|
|
|
|
access-group inside_acl_in in interface inside
|
|
access-group outside_acl_in in interface outside
|
|
|
|
|
|
|
|
|
|
|
|
!
|
|
! Epilog script:
|
|
!
|
|
|
|
! End of epilog script:
|
|
!
|