File: firewall82.fw.orig

package info (click to toggle)
fwbuilder 5.1.0-3
  • links: PTS, VCS
  • area: main
  • in suites: wheezy
  • size: 41,192 kB
  • sloc: cpp: 185,790; sh: 71,182; ansic: 4,345; xml: 3,488; python: 83; makefile: 74; perl: 49
file content (157 lines) | stat: -rwxr-xr-x 4,426 bytes parent folder | download | duplicates (6) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
 
!
!  This is automatically generated file. DO NOT MODIFY !
!
!  Firewall Builder  fwb_pix v5.0.1.3581
!
!  Generated Wed Oct 19 16:51:11 2011 PDT by vadim
!
! Compiled for pix 8.3
! Outbound ACLs: supported
! Emulate outbound ACLs: yes
! Generating outbound ACLs: no
! Assume firewall is part of any: yes
!
!# files: * firewall82.fw
!
! test for the warning issued when translated address is used in
! policy rule. HEre we have slightly different NAT than in firewall81

! C firewall82:Policy:1: warning: Object firewall82:FastEthernet1:ip that represents translated address in a NAT rule 0 (NAT) is used in a policy rule of ASA v8.3 firewall. Starting with v8.3, ASA requires using real IP addresses in the firewall policy rules. 
! C firewall82:Policy:2: warning: Object firewall82:FastEthernet1:ip that represents translated address in a NAT rule 0 (NAT) is used in a policy rule of ASA v8.3 firewall. Starting with v8.3, ASA requires using real IP addresses in the firewall policy rules. 
! C firewall82:Policy:3: warning: Object firewall82:FastEthernet1:ip that represents translated address in a NAT rule 0 (NAT) is used in a policy rule of ASA v8.3 firewall. Starting with v8.3, ASA requires using real IP addresses in the firewall policy rules.

!
! Prolog script:
!

!
! End of prolog script:
!




interface FastEthernet0
  nameif inside
  security-level 100
exit

interface FastEthernet1
  nameif outside
  security-level 0
exit


no logging buffered
no logging console
no logging timestamp
no logging on


timeout xlate 3:0:0 
timeout conn 1:0:0 
timeout udp 0:2:0 
timeout sunrpc 0:10:0 
timeout h323 0:5:0 
timeout sip 0:30:0 
timeout sip_media 0:0:0 
timeout half-closed 0:0:0 
timeout uauth 2:0:0 absolute 


clear config ssh
aaa authentication ssh console LOCAL

clear config snmp-server
no snmp-server enable traps

clear config ntp


no service resetinbound
no service resetoutside
no sysopt connection timewait
no sysopt nodnsalias inbound
no sysopt nodnsalias outbound


class-map inspection_default
  match default-inspection-traffic

policy-map global_policy
  class inspection_default

service-policy global_policy global

policy-map type inspect ip-options ip-options-map
parameters
  eool action allow
  router-alert action clear


!################

clear xlate
clear config nat
clear config access-list
clear config icmp
clear config telnet
clear config object

object service http.0
  service tcp destination eq 80
exit

object network hostA:eth0.0
  host 192.168.1.10
exit

! 
! Rule  0 (global)
! matching "any" icmp and "all" tcp 
! in one service-group
! 
access-list inside_acl_in deny   icmp any object hostA:eth0.0 
access-list outside_acl_in deny   icmp any object hostA:eth0.0 
access-list inside_acl_in deny   tcp any object hostA:eth0.0 
access-list outside_acl_in deny   tcp any object hostA:eth0.0 
! 
! Rule  1 (FastEthernet1)
! test rule using translated address in dst
! firewall82:Policy:1: warning: Object firewall82:FastEthernet1:ip that represents translated address in a NAT rule 0 (NAT) is used in a policy rule of ASA v8.3 firewall. Starting with v8.3, ASA requires using real IP addresses in the firewall policy rules. 

access-list outside_acl_in permit tcp any host 22.22.22.22 eq 80 
! 
! Rule  2 (global)
! test rule using translated address in dst
! firewall82:Policy:2: warning: Object firewall82:FastEthernet1:ip that represents translated address in a NAT rule 0 (NAT) is used in a policy rule of ASA v8.3 firewall. Starting with v8.3, ASA requires using real IP addresses in the firewall policy rules. 

access-list outside_acl_in permit tcp any host 22.22.22.22 eq 80 
! 
! Rule  3 (global)
! test rule using translated address in dst
! firewall82:Policy:3: warning: Object firewall82:FastEthernet1:ip that represents translated address in a NAT rule 0 (NAT) is used in a policy rule of ASA v8.3 firewall. Starting with v8.3, ASA requires using real IP addresses in the firewall policy rules. 

http 0.0.0.0 0.0.0.0 inside
http 0.0.0.0 0.0.0.0 outside
! 
! Rule  4 (global)
access-list inside_acl_in deny   ip any any 
access-list outside_acl_in deny   ip any any 


access-group inside_acl_in in interface inside
access-group outside_acl_in in interface outside

! 
! Rule  0 (NAT)
nat (outside,inside) source static any any destination static interface hostA:eth0.0 service http.0 http.0 description "0 (NAT)"



!
! Epilog script:
!

! End of epilog script:
!