Firewall Rules       Back  Click for help

 Interface: AIR (id: 3)   used as: inside 
 
 Incoming super 
 saddr == 192.168.30.1/24 accept 
 saddr == 0 && proto == udp && dport == dhcps'67' accept 
 
 Incoming user 
 (dport == sip'5060') && (daddr != 192.168.30.1/24) && (proto == tcp || proto == udp) modify static daddr 192.168.30.1, static dport sip'5060' 
 (dport == ftp'21') && daddr != 192.168.30.1 && proto == tcp modify static daddr 192.168.30.1, static dport ftp-proxy'8021' 
 proto != noproto accept 
 (proto == gre || (dport == pptp'1723' && proto == tcp)) && saddr == 192.168.30.33 accept 
 
 Incoming other (not IP) 
 ethertype == arp'0x806' || ethertype == pae'0x888e' accept 
 
 Outgoing super 
 proto != noproto accept 
 
 Outgoing user 
 proto != noproto accept 
 
 Logging 
 # log inside (default: accept) 
 (sport == http'80' || dport == http'80') && (saddr == 192.168.30.1 || daddr == 192.168.30.1) && proto == tcp deny 
 (dport >= netbios-ns'137' && dport <= netbios-ssn'139') deny 
 

 Interface: WAN (id: 2)   used as: outside 
 
 Incoming super 
 saddr == 192.168.0.1/24 || saddr == 192.168.30.1/24 deny 
 (daddr == 213.136.58.119/32) accept 
 
 Incoming user 
 sport == domain'53' && proto == udp && (saddr == 213.80.101.3 || saddr == 213.85.64.4 || saddr == 212.116.67.10) accept 
 dport == sip'5060' && (proto == udp || proto == tcp) accept 
 dport == remote-http'66' && proto == tcp && daddr == 213.136.58.119 modify static dport http'80' 
 dport == remote-telnet'57' && proto == tcp && saddr == 213.136.58.100/27 && daddr == 213.136.58.119 modify static dport telnet'23' 
 proto == gre modify static daddr 192.168.30.33 
 proto == gre modify static daddr 192.168.0.35 
 
 Incoming other (not IP) 
 ethertype == arp'0x806' || ethertype == pae'0x888e' accept 
 
 Outgoing super 
 (saddr == 213.136.58.119/32) accept 
 
 Outgoing user 
 (saddr != 213.136.58.119/32) modify dynamic source 0 
 proto == udp && dport == domain'53' && (daddr != 213.80.101.3 && daddr != 213.85.64.4 && daddr != 212.116.67.10) modify dynamic source 0 
 (saddr == 213.136.58.119/32) accept 
 
 Logging 
 # log outside (default: accept) 
 

 Interface: LAN (id: 1)   used as: inside 
 
 Incoming super 
 saddr == 192.168.0.1/24 accept 
 saddr == 0 && proto == udp && dport == dhcps'67' accept 
 
 Incoming user 
 (dport == sip'5060') && (daddr != 192.168.0.1/24) && (proto == tcp || proto == udp) modify static daddr 192.168.0.1, static dport sip'5060' 
 (dport == ftp'21') && daddr != 192.168.0.1 && proto == tcp modify static daddr 192.168.0.1, static dport ftp-proxy'8021' 
 proto != noproto accept 
 (proto == gre || (dport == pptp'1723' && proto == tcp)) && saddr == 192.168.0.35 accept 
 
 Incoming other (not IP) 
 ethertype == arp'0x806' || ethertype == pae'0x888e' accept 
 
 Outgoing super 
 proto != noproto accept 
 
 Outgoing user 
 proto != noproto accept 
 
 Logging 
 # log inside (default: accept) 
 (sport == http'80' || dport == http'80') && (saddr == 192.168.0.1 || daddr == 192.168.0.1) && proto == tcp deny 
 (dport >= netbios-ns'137' && dport <= netbios-ssn'139') deny 
 

 Flow timeout
proto == udp and dport == domain'53' timeout 20
proto == tcp and dport == ssh'22' timeout 7200
proto == tcp timeout 900
proto == udp timeout 300