Firewall Rules       Back   Click for help

 Interface: ET2 (id: 4)   used as : inside  
 
 Incoming super  
 saddr == 192.168.0.1/255.255.255.0 accept 
 saddr == 0 && proto == udp && dport == 67 accept 
 
 Incoming user  
 dport == 5060 && daddr != 192.168.0.1 && (proto == tcp || proto == udp) modify static daddr 127.0.0.1 
 (dport == 21) && daddr != 192.168.0.1 && proto == tcp modify static daddr 192.168.0.1, static dport 8021 
 dport == 23 && proto == tcp && ((daddr == 217.208.164.172) || (daddr == 192.168.20.1) || (daddr == 192.168.0.1) || (daddr == 192.168.10.1)) deny 
 proto == tcp && (dport == 22 || dport == 25 || dport == 80 || dport == 110 || dport == 119 || dport == 143 || dport == 443 || dport == 8080) accept 
 proto == udp && (dport == 53 || dport == 67) accept 
 proto == icmp && icmptype == 8 && icmpcode == 0 accept 
 daddr == 192.168.20.1/255.255.255.0 || daddr == 192.168.10.1/255.255.255.0 accept 
 daddr == 192.168.0.1 && ((proto == tcp && (dport == 80 || dport == 5060 || dport == 5320 || dport == 6779)) || (proto == udp && (dport == 5060))) accept  
 (daddr == 192.168.0.1 || daddr == 192.168.0.255) && ((proto == icmp && icmptype == 8 && icmpcode == 0)) accept  
 
 Outgoing super  
 proto != noproto accept 
 
 Outgoing user  
 proto != noproto accept 
 
 log 
 # log inside (default: accept) 
 (sport == 80 || dport == 80) && (saddr == 192.168.0.1 || daddr == 192.168.0.1) && proto == tcp deny 
 (dport >= 137 && dport <= 139) deny 
 

 Interface: ET1 (id: 3)   used as : inside  
 
 Incoming super  
 saddr == 192.168.20.1/255.255.255.0 accept 
 
 Incoming user  
 dport == 5060 && daddr != 192.168.20.1 && (proto == tcp || proto == udp) modify static daddr 127.0.0.1 
 (dport == 21) && daddr != 192.168.20.1 && proto == tcp modify static daddr 192.168.20.1, static dport 8021 
 dport == 23 && proto == tcp && ((daddr == 217.208.164.172) || (daddr == 192.168.20.1) || (daddr == 192.168.0.1) || (daddr == 192.168.10.1)) deny 
 proto == tcp && (dport == 22 || dport == 25 || dport == 80 || dport == 110 || dport == 119 || dport == 143 || dport == 443 || dport == 8080) accept 
 proto == udp && (dport == 53) accept 
 proto == icmp && icmptype == 8 && icmpcode == 0 accept 
 daddr == 192.168.0.1/255.255.255.0 || daddr == 192.168.10.1/255.255.255.0 accept 
 daddr == 192.168.20.1 && ((proto == tcp && (dport == 80 || dport == 5060 || dport == 5320 || dport == 6779)) || (proto == udp && (dport == 5060))) accept  
 (daddr == 192.168.20.1 || daddr == 192.168.20.255) && ((proto == icmp && icmptype == 8 && icmpcode == 0)) accept  
 
 Outgoing super  
 proto != noproto accept 
 
 Outgoing user  
 proto != noproto accept 
 
 log 
 # log inside (default: accept) 
 (sport == 80 || dport == 80) && (saddr == 192.168.20.1 || daddr == 192.168.20.1) && proto == tcp deny 
 (dport >= 137 && dport <= 139) deny 
 

 Interface: LINE (id: 2)   used as : outside  
 
 Incoming super  
 saddr == 192.168.20.1/255.255.255.0 || saddr == 192.168.0.1/255.255.255.0 || saddr == 192.168.10.1/255.255.255.0 deny 
 (daddr == 217.208.164.172/255.255.255.255) accept 
 
 Incoming user  
 sport == 53 && proto == udp && (saddr == 10.0.0.1 || saddr == 10.0.0.2) accept 
 dport == 5060 && (proto == udp || proto == tcp) accept 
 
 Outgoing super  
 (saddr == 217.208.164.172/255.255.255.255) accept 
 
 Outgoing user  
 (saddr != 217.208.164.172/255.255.255.255) modify dynamic source 0 
 (saddr == 217.208.164.172) accept 
 
 log 
 # log outside (default: accept) 
 

 Interface: USB (id: 1)   used as : inside  
 
 Incoming super  
 saddr == 192.168.10.1/255.255.255.0 accept 
 saddr == 0 && proto == udp && dport == 67 accept 
 
 Incoming user  
 dport == 5060 && daddr != 192.168.10.1 && (proto == tcp || proto == udp) modify static daddr 127.0.0.1 
 (dport == 21) && daddr != 192.168.10.1 && proto == tcp modify static daddr 192.168.10.1, static dport 8021 
 dport == 23 && proto == tcp && ((daddr == 217.208.164.172) || (daddr == 192.168.20.1) || (daddr == 192.168.0.1) || (daddr == 192.168.10.1)) deny 
 proto == tcp && (dport == 22 || dport == 25 || dport == 80 || dport == 110 || dport == 119 || dport == 143 || dport == 443 || dport == 8080) accept 
 proto == udp && (dport == 53 || dport == 67) accept 
 proto == icmp && icmptype == 8 && icmpcode == 0 accept 
 daddr == 192.168.20.1/255.255.255.0 || daddr == 192.168.0.1/255.255.255.0 accept 
 daddr == 192.168.10.1 && ((proto == tcp && (dport == 80 || dport == 5060 || dport == 5320 || dport == 6779)) || (proto == udp && (dport == 5060))) accept  
 (daddr == 192.168.10.1 || daddr == 192.168.10.255) && ((proto == icmp && icmptype == 8 && icmpcode == 0)) accept  
 
 Outgoing super  
 proto != noproto accept 
 
 Outgoing user  
 proto != noproto accept 
 
 log 
 # log inside (default: accept) 
 (sport == 80 || dport == 80) && (saddr == 192.168.10.1 || daddr == 192.168.10.1) && proto == tcp deny 
 (dport >= 137 && dport <= 139) deny