Révision 5b35f512
Ajouté par Thomas Noël il y a presque 10 ans
| conf.default/config.xml | ||
|---|---|---|
| 558 | 558 |
<log/> |
| 559 | 559 |
</rule> |
| 560 | 560 |
--> |
| 561 |
<!-- default univnautes rules --> |
|
| 562 |
<rule> |
|
| 563 |
<id/> |
|
| 564 |
<type>pass</type> |
|
| 565 |
<interface>wan</interface> |
|
| 566 |
<tag/> |
|
| 567 |
<tagged/> |
|
| 568 |
<max/> |
|
| 569 |
<max-src-nodes/> |
|
| 570 |
<max-src-conn/> |
|
| 571 |
<max-src-states/> |
|
| 572 |
<statetimeout/> |
|
| 573 |
<statetype>keep state</statetype> |
|
| 574 |
<os/> |
|
| 575 |
<protocol>tcp</protocol> |
|
| 576 |
<source> |
|
| 577 |
<network>wan</network> |
|
| 578 |
</source> |
|
| 579 |
<destination> |
|
| 580 |
<network>wanip</network> |
|
| 581 |
<port>22</port> |
|
| 582 |
</destination> |
|
| 583 |
<descr><![CDATA[SSH (from WAN)]]></descr> |
|
| 584 |
<disabled/> |
|
| 585 |
</rule> |
|
| 586 |
<rule> |
|
| 587 |
<id/> |
|
| 588 |
<type>pass</type> |
|
| 589 |
<interface>wan</interface> |
|
| 590 |
<tag/> |
|
| 591 |
<tagged/> |
|
| 592 |
<max/> |
|
| 593 |
<max-src-nodes/> |
|
| 594 |
<max-src-conn/> |
|
| 595 |
<max-src-states/> |
|
| 596 |
<statetimeout/> |
|
| 597 |
<statetype>keep state</statetype> |
|
| 598 |
<os/> |
|
| 599 |
<protocol>tcp</protocol> |
|
| 600 |
<source> |
|
| 601 |
<any/> |
|
| 602 |
</source> |
|
| 603 |
<destination> |
|
| 604 |
<network>wanip</network> |
|
| 605 |
<port>LocalIDP</port> |
|
| 606 |
</destination> |
|
| 607 |
<descr><![CDATA[Local IdP access]]></descr> |
|
| 608 |
<disabled/> |
|
| 609 |
</rule> |
|
| 610 |
<rule> |
|
| 611 |
<id/> |
|
| 612 |
<type>pass</type> |
|
| 613 |
<interface>wan</interface> |
|
| 614 |
<tag/> |
|
| 615 |
<tagged/> |
|
| 616 |
<max/> |
|
| 617 |
<max-src-nodes/> |
|
| 618 |
<max-src-conn/> |
|
| 619 |
<max-src-states/> |
|
| 620 |
<statetimeout/> |
|
| 621 |
<statetype>keep state</statetype> |
|
| 622 |
<os/> |
|
| 623 |
<protocol>tcp</protocol> |
|
| 624 |
<source> |
|
| 625 |
<network>wan</network> |
|
| 626 |
</source> |
|
| 627 |
<destination> |
|
| 628 |
<network>wanip</network> |
|
| 629 |
<port>WebAdmin</port> |
|
| 630 |
</destination> |
|
| 631 |
<descr><![CDATA[web admin (from WAN)]]></descr> |
|
| 632 |
</rule> |
|
| 633 |
<rule> |
|
| 634 |
<id/> |
|
| 635 |
<type>pass</type> |
|
| 636 |
<interface>wan</interface> |
|
| 637 |
<tag/> |
|
| 638 |
<tagged/> |
|
| 639 |
<max/> |
|
| 640 |
<max-src-nodes/> |
|
| 641 |
<max-src-conn/> |
|
| 642 |
<max-src-states/> |
|
| 643 |
<statetimeout/> |
|
| 644 |
<statetype>keep state</statetype> |
|
| 645 |
<os></os> |
|
| 646 |
<protocol>udp</protocol> |
|
| 647 |
<source> |
|
| 648 |
<network>wan</network> |
|
| 649 |
</source> |
|
| 650 |
<destination> |
|
| 651 |
<network>wanip</network> |
|
| 652 |
<port>161</port> |
|
| 653 |
</destination> |
|
| 654 |
<descr><![CDATA[SNMP (from WAN)]]></descr> |
|
| 655 |
</rule> |
|
| 656 |
<rule> |
|
| 657 |
<id/> |
|
| 658 |
<type>pass</type> |
|
| 659 |
<interface>lan</interface> |
|
| 660 |
<tag/> |
|
| 661 |
<tagged/> |
|
| 662 |
<max/> |
|
| 663 |
<max-src-nodes/> |
|
| 664 |
<max-src-conn/> |
|
| 665 |
<max-src-states/> |
|
| 666 |
<statetimeout/> |
|
| 667 |
<statetype>keep state</statetype> |
|
| 668 |
<os/> |
|
| 669 |
<protocol>tcp</protocol> |
|
| 670 |
<source> |
|
| 671 |
<network>lan</network> |
|
| 672 |
</source> |
|
| 673 |
<destination> |
|
| 674 |
<network>lanip</network> |
|
| 675 |
<port>WebAdmin</port> |
|
| 676 |
</destination> |
|
| 677 |
<descr><![CDATA[web admin (from LAN)]]></descr> |
|
| 678 |
</rule> |
|
| 679 |
<rule> |
|
| 680 |
<id/> |
|
| 681 |
<type>pass</type> |
|
| 682 |
<interface>lan</interface> |
|
| 683 |
<tag/> |
|
| 684 |
<tagged/> |
|
| 685 |
<max/> |
|
| 686 |
<max-src-nodes/> |
|
| 687 |
<max-src-conn/> |
|
| 688 |
<max-src-states/> |
|
| 689 |
<statetimeout/> |
|
| 690 |
<statetype>keep state</statetype> |
|
| 691 |
<os></os> |
|
| 692 |
<protocol>udp</protocol> |
|
| 693 |
<source> |
|
| 694 |
<network>lan</network> |
|
| 695 |
</source> |
|
| 696 |
<destination> |
|
| 697 |
<network>lanip</network> |
|
| 698 |
<port>161</port> |
|
| 699 |
</destination> |
|
| 700 |
<descr><![CDATA[SNMP (from LAN)]]></descr> |
|
| 701 |
</rule> |
|
| 702 |
<rule> |
|
| 703 |
<id/> |
|
| 704 |
<type>pass</type> |
|
| 705 |
<interface>lan</interface> |
|
| 706 |
<tag/> |
|
| 707 |
<tagged/> |
|
| 708 |
<max/> |
|
| 709 |
<max-src-nodes/> |
|
| 710 |
<max-src-conn/> |
|
| 711 |
<max-src-states/> |
|
| 712 |
<statetimeout/> |
|
| 713 |
<statetype>keep state</statetype> |
|
| 714 |
<os/> |
|
| 715 |
<protocol>icmp</protocol> |
|
| 716 |
<icmptype>echoreq</icmptype> |
|
| 717 |
<source> |
|
| 718 |
<network>lan</network> |
|
| 719 |
</source> |
|
| 720 |
<destination> |
|
| 721 |
<any/> |
|
| 722 |
</destination> |
|
| 723 |
<descr><![CDATA[ping]]></descr> |
|
| 724 |
</rule> |
|
| 725 |
<rule> |
|
| 726 |
<id/> |
|
| 727 |
<type>pass</type> |
|
| 728 |
<interface>lan</interface> |
|
| 729 |
<tag/> |
|
| 730 |
<tagged/> |
|
| 731 |
<max/> |
|
| 732 |
<max-src-nodes/> |
|
| 733 |
<max-src-conn/> |
|
| 734 |
<max-src-states/> |
|
| 735 |
<statetimeout/> |
|
| 736 |
<statetype>keep state</statetype> |
|
| 737 |
<os/> |
|
| 738 |
<protocol>tcp/udp</protocol> |
|
| 739 |
<source> |
|
| 740 |
<network>lan</network> |
|
| 741 |
</source> |
|
| 742 |
<destination> |
|
| 743 |
<any/> |
|
| 744 |
<port>53</port> |
|
| 745 |
</destination> |
|
| 746 |
<disabled/> |
|
| 747 |
<descr><![CDATA[ask any DNS server]]></descr> |
|
| 748 |
</rule> |
|
| 749 |
<rule> |
|
| 750 |
<id/> |
|
| 751 |
<type>pass</type> |
|
| 752 |
<interface>lan</interface> |
|
| 753 |
<tag/> |
|
| 754 |
<tagged/> |
|
| 755 |
<max/> |
|
| 756 |
<max-src-nodes/> |
|
| 757 |
<max-src-conn/> |
|
| 758 |
<max-src-states/> |
|
| 759 |
<statetimeout/> |
|
| 760 |
<statetype>keep state</statetype> |
|
| 761 |
<os/> |
|
| 762 |
<protocol>tcp/udp</protocol> |
|
| 763 |
<source> |
|
| 764 |
<network>lan</network> |
|
| 765 |
</source> |
|
| 766 |
<destination> |
|
| 767 |
<network>lanip</network> |
|
| 768 |
<port>53</port> |
|
| 769 |
</destination> |
|
| 770 |
<descr><![CDATA[ask CP DNS server]]></descr> |
|
| 771 |
</rule> |
|
| 772 |
<rule> |
|
| 773 |
<id/> |
|
| 774 |
<type>reject</type> |
|
| 775 |
<interface>lan</interface> |
|
| 776 |
<tag/> |
|
| 777 |
<tagged/> |
|
| 778 |
<max/> |
|
| 779 |
<max-src-nodes/> |
|
| 780 |
<max-src-conn/> |
|
| 781 |
<max-src-states/> |
|
| 782 |
<statetimeout/> |
|
| 783 |
<statetype>keep state</statetype> |
|
| 784 |
<os/> |
|
| 785 |
<protocol>tcp</protocol> |
|
| 786 |
<source> |
|
| 787 |
<network>lan</network> |
|
| 788 |
</source> |
|
| 789 |
<destination> |
|
| 790 |
<network>lanip</network> |
|
| 791 |
<port>80</port> |
|
| 792 |
</destination> |
|
| 793 |
<descr><![CDATA[reject HTTP on CP]]></descr> |
|
| 794 |
</rule> |
|
| 795 |
<rule> |
|
| 796 |
<id/> |
|
| 797 |
<type>pass</type> |
|
| 798 |
<interface>lan</interface> |
|
| 799 |
<tag/> |
|
| 800 |
<tagged/> |
|
| 801 |
<max/> |
|
| 802 |
<max-src-nodes/> |
|
| 803 |
<max-src-conn/> |
|
| 804 |
<max-src-states/> |
|
| 805 |
<statetimeout/> |
|
| 806 |
<statetype>keep state</statetype> |
|
| 807 |
<os/> |
|
| 808 |
<protocol>tcp</protocol> |
|
| 809 |
<source> |
|
| 810 |
<network>lan</network> |
|
| 811 |
</source> |
|
| 812 |
<destination> |
|
| 813 |
<any/> |
|
| 814 |
<port>80</port> |
|
| 815 |
</destination> |
|
| 816 |
<descr><![CDATA[HTTP]]></descr> |
|
| 817 |
</rule> |
|
| 818 |
<rule> |
|
| 819 |
<id/> |
|
| 820 |
<type>pass</type> |
|
| 821 |
<interface>lan</interface> |
|
| 822 |
<tag/> |
|
| 823 |
<tagged/> |
|
| 824 |
<max/> |
|
| 825 |
<max-src-nodes/> |
|
| 826 |
<max-src-conn/> |
|
| 827 |
<max-src-states/> |
|
| 828 |
<statetimeout/> |
|
| 829 |
<statetype>keep state</statetype> |
|
| 830 |
<os/> |
|
| 831 |
<protocol>tcp</protocol> |
|
| 832 |
<source> |
|
| 833 |
<network>lan</network> |
|
| 834 |
</source> |
|
| 835 |
<destination> |
|
| 836 |
<any/> |
|
| 837 |
<port>443</port> |
|
| 838 |
</destination> |
|
| 839 |
<descr><![CDATA[HTTPS]]></descr> |
|
| 840 |
</rule> |
|
| 841 |
<rule> |
|
| 842 |
<id/> |
|
| 843 |
<type>pass</type> |
|
| 844 |
<interface>lan</interface> |
|
| 845 |
<tag/> |
|
| 846 |
<tagged/> |
|
| 847 |
<max/> |
|
| 848 |
<max-src-nodes/> |
|
| 849 |
<max-src-conn/> |
|
| 850 |
<max-src-states/> |
|
| 851 |
<statetimeout/> |
|
| 852 |
<statetype>keep state</statetype> |
|
| 853 |
<os/> |
|
| 854 |
<protocol>tcp</protocol> |
|
| 855 |
<source> |
|
| 856 |
<network>lan</network> |
|
| 857 |
</source> |
|
| 858 |
<destination> |
|
| 859 |
<network>lanip</network> |
|
| 860 |
<port>LocalIDP</port> |
|
| 861 |
</destination> |
|
| 862 |
<descr><![CDATA[Local IdP access]]></descr> |
|
| 863 |
<disabled/> |
|
| 864 |
</rule> |
|
| 865 |
<rule> |
|
| 866 |
<id/> |
|
| 867 |
<type>pass</type> |
|
| 868 |
<interface>lan</interface> |
|
| 869 |
<tag/> |
|
| 870 |
<tagged/> |
|
| 871 |
<max/> |
|
| 872 |
<max-src-nodes/> |
|
| 873 |
<max-src-conn/> |
|
| 874 |
<max-src-states/> |
|
| 875 |
<statetimeout/> |
|
| 876 |
<statetype>keep state</statetype> |
|
| 877 |
<os/> |
|
| 878 |
<protocol>tcp</protocol> |
|
| 879 |
<source> |
|
| 880 |
<network>lan</network> |
|
| 881 |
</source> |
|
| 882 |
<destination> |
|
| 883 |
<any/> |
|
| 884 |
<port>993</port> |
|
| 885 |
</destination> |
|
| 886 |
<descr><![CDATA[IMAPS]]></descr> |
|
| 887 |
</rule> |
|
| 888 |
<rule> |
|
| 889 |
<id/> |
|
| 890 |
<type>pass</type> |
|
| 891 |
<interface>lan</interface> |
|
| 892 |
<tag/> |
|
| 893 |
<tagged/> |
|
| 894 |
<max/> |
|
| 895 |
<max-src-nodes/> |
|
| 896 |
<max-src-conn/> |
|
| 897 |
<max-src-states/> |
|
| 898 |
<statetimeout/> |
|
| 899 |
<statetype>keep state</statetype> |
|
| 900 |
<os/> |
|
| 901 |
<protocol>tcp</protocol> |
|
| 902 |
<source> |
|
| 903 |
<network>lan</network> |
|
| 904 |
</source> |
|
| 905 |
<destination> |
|
| 906 |
<any/> |
|
| 907 |
<port>995</port> |
|
| 908 |
</destination> |
|
| 909 |
<descr><![CDATA[POP3/S]]></descr> |
|
| 910 |
</rule> |
|
| 911 |
<rule> |
|
| 912 |
<id/> |
|
| 913 |
<type>pass</type> |
|
| 914 |
<interface>lan</interface> |
|
| 915 |
<tag/> |
|
| 916 |
<tagged/> |
|
| 917 |
<max/> |
|
| 918 |
<max-src-nodes/> |
|
| 919 |
<max-src-conn/> |
|
| 920 |
<max-src-states/> |
|
| 921 |
<statetimeout/> |
|
| 922 |
<statetype>keep state</statetype> |
|
| 923 |
<os/> |
|
| 924 |
<protocol>tcp</protocol> |
|
| 925 |
<source> |
|
| 926 |
<network>lan</network> |
|
| 927 |
</source> |
|
| 928 |
<destination> |
|
| 929 |
<any/> |
|
| 930 |
<port>SMTPS</port> |
|
| 931 |
</destination> |
|
| 932 |
<descr><![CDATA[SMTP Submission]]></descr> |
|
| 933 |
</rule> |
|
| 934 |
<rule> |
|
| 935 |
<id/> |
|
| 936 |
<type>reject</type> |
|
| 937 |
<interface>lan</interface> |
|
| 938 |
<tag/> |
|
| 939 |
<tagged/> |
|
| 940 |
<max/> |
|
| 941 |
<max-src-nodes/> |
|
| 942 |
<max-src-conn/> |
|
| 943 |
<max-src-states/> |
|
| 944 |
<statetimeout/> |
|
| 945 |
<statetype>keep state</statetype> |
|
| 946 |
<os/> |
|
| 947 |
<protocol>tcp</protocol> |
|
| 948 |
<source> |
|
| 949 |
<network>lan</network> |
|
| 950 |
</source> |
|
| 951 |
<destination> |
|
| 952 |
<network>lanip</network> |
|
| 953 |
<port>22</port> |
|
| 954 |
</destination> |
|
| 955 |
<descr><![CDATA[reject SSH on CP]]></descr> |
|
| 956 |
</rule> |
|
| 957 |
<rule> |
|
| 958 |
<id/> |
|
| 959 |
<type>pass</type> |
|
| 960 |
<interface>lan</interface> |
|
| 961 |
<tag/> |
|
| 962 |
<tagged/> |
|
| 963 |
<max/> |
|
| 964 |
<max-src-nodes/> |
|
| 965 |
<max-src-conn/> |
|
| 966 |
<max-src-states/> |
|
| 967 |
<statetimeout/> |
|
| 968 |
<statetype>keep state</statetype> |
|
| 969 |
<os/> |
|
| 970 |
<protocol>tcp</protocol> |
|
| 971 |
<source> |
|
| 972 |
<network>lan</network> |
|
| 973 |
</source> |
|
| 974 |
<destination> |
|
| 975 |
<any/> |
|
| 976 |
<port>22</port> |
|
| 977 |
</destination> |
|
| 978 |
<descr><![CDATA[SSH]]></descr> |
|
| 979 |
</rule> |
|
| 980 |
<rule> |
|
| 981 |
<id/> |
|
| 982 |
<type>pass</type> |
|
| 983 |
<interface>lan</interface> |
|
| 984 |
<tag/> |
|
| 985 |
<tagged/> |
|
| 986 |
<max/> |
|
| 987 |
<max-src-nodes/> |
|
| 988 |
<max-src-conn/> |
|
| 989 |
<max-src-states/> |
|
| 990 |
<statetimeout/> |
|
| 991 |
<statetype>keep state</statetype> |
|
| 992 |
<os/> |
|
| 993 |
<protocol>tcp</protocol> |
|
| 994 |
<source> |
|
| 995 |
<network>lan</network> |
|
| 996 |
</source> |
|
| 997 |
<destination> |
|
| 998 |
<any/> |
|
| 999 |
<port>119</port> |
|
| 1000 |
</destination> |
|
| 1001 |
<disabled/> |
|
| 1002 |
<descr><![CDATA[NNTP]]></descr> |
|
| 1003 |
</rule> |
|
| 1004 |
<rule> |
|
| 1005 |
<id/> |
|
| 1006 |
<type>pass</type> |
|
| 1007 |
<interface>lan</interface> |
|
| 1008 |
<tag/> |
|
| 1009 |
<tagged/> |
|
| 1010 |
<max/> |
|
| 1011 |
<max-src-nodes/> |
|
| 1012 |
<max-src-conn/> |
|
| 1013 |
<max-src-states/> |
|
| 1014 |
<statetimeout/> |
|
| 1015 |
<statetype>keep state</statetype> |
|
| 1016 |
<os/> |
|
| 1017 |
<protocol>tcp</protocol> |
|
| 1018 |
<source> |
|
| 1019 |
<network>lan</network> |
|
| 1020 |
</source> |
|
| 1021 |
<destination> |
|
| 1022 |
<any/> |
|
| 1023 |
<port>143</port> |
|
| 1024 |
</destination> |
|
| 1025 |
<disabled/> |
|
| 1026 |
<descr><![CDATA[IMAP]]></descr> |
|
| 1027 |
</rule> |
|
| 1028 |
<rule> |
|
| 1029 |
<id/> |
|
| 1030 |
<type>pass</type> |
|
| 1031 |
<interface>lan</interface> |
|
| 1032 |
<tag/> |
|
| 1033 |
<tagged/> |
|
| 1034 |
<max/> |
|
| 1035 |
<max-src-nodes/> |
|
| 1036 |
<max-src-conn/> |
|
| 1037 |
<max-src-states/> |
|
| 1038 |
<statetimeout/> |
|
| 1039 |
<statetype>keep state</statetype> |
|
| 1040 |
<os/> |
|
| 1041 |
<protocol>tcp</protocol> |
|
| 1042 |
<source> |
|
| 1043 |
<network>lan</network> |
|
| 1044 |
</source> |
|
| 1045 |
<destination> |
|
| 1046 |
<any/> |
|
| 1047 |
<port>110</port> |
|
| 1048 |
</destination> |
|
| 1049 |
<disabled/> |
|
| 1050 |
<descr><![CDATA[POP3]]></descr> |
|
| 1051 |
</rule> |
|
| 1052 |
<rule> |
|
| 1053 |
<id/> |
|
| 1054 |
<type>pass</type> |
|
| 1055 |
<interface>lan</interface> |
|
| 1056 |
<tag/> |
|
| 1057 |
<tagged/> |
|
| 1058 |
<max/> |
|
| 1059 |
<max-src-nodes/> |
|
| 1060 |
<max-src-conn/> |
|
| 1061 |
<max-src-states/> |
|
| 1062 |
<statetimeout/> |
|
| 1063 |
<statetype>keep state</statetype> |
|
| 1064 |
<os/> |
|
| 1065 |
<protocol>tcp/udp</protocol> |
|
| 1066 |
<source> |
|
| 1067 |
<network>lan</network> |
|
| 1068 |
</source> |
|
| 1069 |
<destination> |
|
| 1070 |
<any/> |
|
| 1071 |
<port>1194</port> |
|
| 1072 |
</destination> |
|
| 1073 |
<descr><![CDATA[OpenVPN]]></descr> |
|
| 1074 |
</rule> |
|
| 1075 |
<rule> |
|
| 1076 |
<id/> |
|
| 1077 |
<type>pass</type> |
|
| 1078 |
<interface>lan</interface> |
|
| 1079 |
<tag/> |
|
| 1080 |
<tagged/> |
|
| 1081 |
<max/> |
|
| 1082 |
<max-src-nodes/> |
|
| 1083 |
<max-src-conn/> |
|
| 1084 |
<max-src-states/> |
|
| 1085 |
<statetimeout/> |
|
| 1086 |
<statetype>keep state</statetype> |
|
| 1087 |
<os/> |
|
| 1088 |
<protocol>esp</protocol> |
|
| 1089 |
<source> |
|
| 1090 |
<network>lan</network> |
|
| 1091 |
</source> |
|
| 1092 |
<destination> |
|
| 1093 |
<any/> |
|
| 1094 |
</destination> |
|
| 1095 |
<descr><![CDATA[ESP (ipsec)]]></descr> |
|
| 1096 |
</rule> |
|
| 1097 |
<rule> |
|
| 1098 |
<id/> |
|
| 1099 |
<type>pass</type> |
|
| 1100 |
<interface>lan</interface> |
|
| 1101 |
<tag/> |
|
| 1102 |
<tagged/> |
|
| 1103 |
<max/> |
|
| 1104 |
<max-src-nodes/> |
|
| 1105 |
<max-src-conn/> |
|
| 1106 |
<max-src-states/> |
|
| 1107 |
<statetimeout/> |
|
| 1108 |
<statetype>keep state</statetype> |
|
| 1109 |
<os/> |
|
| 1110 |
<protocol>ah</protocol> |
|
| 1111 |
<source> |
|
| 1112 |
<network>lan</network> |
|
| 1113 |
</source> |
|
| 1114 |
<destination> |
|
| 1115 |
<any/> |
|
| 1116 |
</destination> |
|
| 1117 |
<descr><![CDATA[AH (ipsec)]]></descr> |
|
| 1118 |
</rule> |
|
| 1119 |
<rule> |
|
| 1120 |
<id/> |
|
| 1121 |
<type>pass</type> |
|
| 1122 |
<interface>lan</interface> |
|
| 1123 |
<tag/> |
|
| 1124 |
<tagged/> |
|
| 1125 |
<max/> |
|
| 1126 |
<max-src-nodes/> |
|
| 1127 |
<max-src-conn/> |
|
| 1128 |
<max-src-states/> |
|
| 1129 |
<statetimeout/> |
|
| 1130 |
<statetype>keep state</statetype> |
|
| 1131 |
<os/> |
|
| 1132 |
<protocol>udp</protocol> |
|
| 1133 |
<source> |
|
| 1134 |
<network>lan</network> |
|
| 1135 |
<port>500</port> |
|
| 1136 |
</source> |
|
| 1137 |
<destination> |
|
| 1138 |
<any/> |
|
| 1139 |
<port>500</port> |
|
| 1140 |
</destination> |
|
| 1141 |
<descr><![CDATA[ISAKMP (ipsec)]]></descr> |
|
| 1142 |
</rule> |
|
| 1143 |
<rule> |
|
| 1144 |
<id/> |
|
| 1145 |
<type>pass</type> |
|
| 1146 |
<interface>lan</interface> |
|
| 1147 |
<tag/> |
|
| 1148 |
<tagged/> |
|
| 1149 |
<max/> |
|
| 1150 |
<max-src-nodes/> |
|
| 1151 |
<max-src-conn/> |
|
| 1152 |
<max-src-states/> |
|
| 1153 |
<statetimeout/> |
|
| 1154 |
<statetype>keep state</statetype> |
|
| 1155 |
<os/> |
|
| 1156 |
<protocol>udp</protocol> |
|
| 1157 |
<source> |
|
| 1158 |
<network>lan</network> |
|
| 1159 |
<port>4500</port> |
|
| 1160 |
</source> |
|
| 1161 |
<destination> |
|
| 1162 |
<any/> |
|
| 1163 |
<port>4500</port> |
|
| 1164 |
</destination> |
|
| 1165 |
<descr><![CDATA[NAT-T (ipsec)]]></descr> |
|
| 1166 |
</rule> |
|
| 1167 |
<rule> |
|
| 1168 |
<id/> |
|
| 1169 |
<type>pass</type> |
|
| 1170 |
<interface>lan</interface> |
|
| 1171 |
<tag/> |
|
| 1172 |
<tagged/> |
|
| 1173 |
<max/> |
|
| 1174 |
<max-src-nodes/> |
|
| 1175 |
<max-src-conn/> |
|
| 1176 |
<max-src-states/> |
|
| 1177 |
<statetimeout/> |
|
| 1178 |
<statetype>keep state</statetype> |
|
| 1179 |
<os/> |
|
| 1180 |
<protocol>udp</protocol> |
|
| 1181 |
<source> |
|
| 1182 |
<network>lan</network> |
|
| 1183 |
</source> |
|
| 1184 |
<destination> |
|
| 1185 |
<any/> |
|
| 1186 |
<port>10000</port> |
|
| 1187 |
</destination> |
|
| 1188 |
<descr><![CDATA[IPSec Cisco (ipsec)]]></descr> |
|
| 1189 |
</rule> |
|
| 1190 |
<rule> |
|
| 1191 |
<id/> |
|
| 1192 |
<type>pass</type> |
|
| 1193 |
<interface>lan</interface> |
|
| 1194 |
<tag/> |
|
| 1195 |
<tagged/> |
|
| 1196 |
<max/> |
|
| 1197 |
<max-src-nodes/> |
|
| 1198 |
<max-src-conn/> |
|
| 1199 |
<max-src-states/> |
|
| 1200 |
<statetimeout/> |
|
| 1201 |
<statetype>keep state</statetype> |
|
| 1202 |
<os/> |
|
| 1203 |
<protocol>udp</protocol> |
|
| 1204 |
<source> |
|
| 1205 |
<network>lan</network> |
|
| 1206 |
</source> |
|
| 1207 |
<destination> |
|
| 1208 |
<network>lanip</network> |
|
| 1209 |
<port>123</port> |
|
| 1210 |
</destination> |
|
| 1211 |
<descr><![CDATA[NTP on CP]]></descr> |
|
| 1212 |
</rule> |
|
| 1213 |
<rule> |
|
| 1214 |
<id/> |
|
| 1215 |
<type>pass</type> |
|
| 1216 |
<interface>lan</interface> |
|
| 1217 |
<tag/> |
|
| 1218 |
<tagged/> |
|
| 1219 |
<max/> |
|
| 1220 |
<max-src-nodes/> |
|
| 1221 |
<max-src-conn/> |
|
| 1222 |
<max-src-states/> |
|
| 1223 |
<statetimeout/> |
|
| 1224 |
<statetype>keep state</statetype> |
|
| 1225 |
<os/> |
|
| 1226 |
<protocol>udp</protocol> |
|
| 1227 |
<source> |
|
| 1228 |
<network>lan</network> |
|
| 1229 |
</source> |
|
| 1230 |
<destination> |
|
| 1231 |
<any/> |
|
| 1232 |
<port>123</port> |
|
| 1233 |
</destination> |
|
| 1234 |
<disabled/> |
|
| 1235 |
<descr><![CDATA[NTP]]></descr> |
|
| 1236 |
</rule> |
|
| 1237 |
<rule> |
|
| 1238 |
<id/> |
|
| 1239 |
<type>pass</type> |
|
| 1240 |
<interface>lan</interface> |
|
| 1241 |
<tag/> |
|
| 1242 |
<tagged/> |
|
| 1243 |
<max/> |
|
| 1244 |
<max-src-nodes/> |
|
| 1245 |
<max-src-conn/> |
|
| 1246 |
<max-src-states/> |
|
| 1247 |
<statetimeout/> |
|
| 1248 |
<statetype>keep state</statetype> |
|
| 1249 |
<os/> |
|
| 1250 |
<protocol>tcp</protocol> |
|
| 1251 |
<source> |
|
| 1252 |
<network>lan</network> |
|
| 1253 |
</source> |
|
| 1254 |
<destination> |
|
| 1255 |
<any/> |
|
| 1256 |
<port>XMPP</port> |
|
| 1257 |
</destination> |
|
| 1258 |
<descr><![CDATA[XMPP (jabber)]]></descr> |
|
| 1259 |
</rule> |
|
| 561 | 1260 |
</filter> |
| 562 | 1261 |
<shaper> |
| 563 | 1262 |
<!-- <enable/> --> |
Formats disponibles : Unified diff
config.xml: default filter rules