|
|
@@ -1,6 +1,6 @@
|
|
|
<?xml version="1.0" encoding="utf-8"?>
|
|
|
<!DOCTYPE FWObjectDatabase SYSTEM "fwbuilder.dtd">
|
|
|
-<FWObjectDatabase xmlns="http://www.fwbuilder.org/1.0/" version="24" lastModified="1653082361" id="root">
|
|
|
+<FWObjectDatabase xmlns="http://www.fwbuilder.org/1.0/" version="24" lastModified="1711107649" id="root">
|
|
|
<Library id="syslib000" color="#0a0f1f" name="Standard" comment="Standard objects" ro="True">
|
|
|
<AnyNetwork id="sysid0" name="Any" comment="Any Network" ro="False" address="0.0.0.0" netmask="0.0.0.0"/>
|
|
|
<AnyIPService id="sysid1" protocol_num="0" name="Any" comment="Any IP Service" ro="False"/>
|
|
|
@@ -523,6 +523,7 @@
|
|
|
<TCPService id="id6975X15287" ack_flag="False" ack_flag_mask="False" established="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="ssh portforwarding" comment="" ro="False" src_range_start="0" src_range_end="0" dst_range_start="22000" dst_range_end="22010"/>
|
|
|
<TCPService id="id6468X15987" ack_flag="False" ack_flag_mask="False" established="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="Bareos" comment="" ro="False" src_range_start="0" src_range_end="0" dst_range_start="9100" dst_range_end="9105"/>
|
|
|
<TCPService id="id7581X24684" ack_flag="False" ack_flag_mask="False" established="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="FTP Passive Ports" comment="" ro="False" src_range_start="0" src_range_end="0" dst_range_start="11000" dst_range_end="11500"/>
|
|
|
+ <TCPService id="id7151X5485" ack_flag="False" ack_flag_mask="False" established="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="iperf3" comment="" ro="False" src_range_start="0" src_range_end="0" dst_range_start="5201" dst_range_end="5201"/>
|
|
|
</ServiceGroup>
|
|
|
<ServiceGroup id="id1606X15287" name="UDP" comment="" ro="False"/>
|
|
|
<ServiceGroup id="id1607X15287" name="Users" comment="" ro="False"/>
|
|
|
@@ -530,7 +531,7 @@
|
|
|
<ServiceGroup id="id1609X15287" name="TagServices" comment="" ro="False"/>
|
|
|
</ServiceGroup>
|
|
|
<ObjectGroup id="id1610X15287" name="Firewalls" comment="" ro="False">
|
|
|
- <Firewall id="id2327X15287" host_OS="linux24" lastCompiled="1699015800" lastInstalled="1699015806" lastModified="1701704169" platform="iptables" name="archivo" comment="" ro="False">
|
|
|
+ <Firewall id="id2327X15287" host_OS="linux24" lastCompiled="1711107734" lastInstalled="1711107740" lastModified="1711107729" platform="iptables" name="archivo" comment="" ro="False">
|
|
|
<NAT id="id2331X15287" name="NAT" comment="" ro="False" ipv4_rule_set="False" ipv6_rule_set="False" top_rule_set="True">
|
|
|
<NATRule id="id6818X40322" disabled="False" group="" position="0" action="Translate" comment="">
|
|
|
<OSrc neg="False">
|
|
|
@@ -809,7 +810,27 @@
|
|
|
<Option name="stateless">False</Option>
|
|
|
</PolicyRuleOptions>
|
|
|
</PolicyRule>
|
|
|
- <PolicyRule id="id6426X15987" disabled="False" group="" log="False" position="12" action="Deny" direction="Both" comment="deny but don't log the various brodcasts">
|
|
|
+ <PolicyRule id="id7115X5485" disabled="False" group="Internal Network" log="True" position="12" action="Accept" direction="Both" comment="allow iperf3 for speed tests">
|
|
|
+ <Src neg="False">
|
|
|
+ <ObjectRef ref="id5791X15287"/>
|
|
|
+ </Src>
|
|
|
+ <Dst neg="False">
|
|
|
+ <ObjectRef ref="sysid0"/>
|
|
|
+ </Dst>
|
|
|
+ <Srv neg="False">
|
|
|
+ <ServiceRef ref="id7151X5485"/>
|
|
|
+ </Srv>
|
|
|
+ <Itf neg="False">
|
|
|
+ <ObjectRef ref="sysid0"/>
|
|
|
+ </Itf>
|
|
|
+ <When neg="False">
|
|
|
+ <IntervalRef ref="sysid2"/>
|
|
|
+ </When>
|
|
|
+ <PolicyRuleOptions>
|
|
|
+ <Option name="stateless">False</Option>
|
|
|
+ </PolicyRuleOptions>
|
|
|
+ </PolicyRule>
|
|
|
+ <PolicyRule id="id6426X15987" disabled="False" group="" log="False" position="13" action="Deny" direction="Both" comment="deny but don't log the various brodcasts">
|
|
|
<Src neg="False">
|
|
|
<ObjectRef ref="sysid0"/>
|
|
|
</Src>
|
|
|
@@ -831,7 +852,7 @@
|
|
|
<Option name="stateless">True</Option>
|
|
|
</PolicyRuleOptions>
|
|
|
</PolicyRule>
|
|
|
- <PolicyRule id="id7245X15287" disabled="False" group="" log="True" position="13" action="Deny" direction="Both" comment="last deny">
|
|
|
+ <PolicyRule id="id7245X15287" disabled="False" group="" log="True" position="14" action="Deny" direction="Both" comment="last deny">
|
|
|
<Src neg="False">
|
|
|
<ObjectRef ref="sysid0"/>
|
|
|
</Src>
|
|
|
@@ -856,8 +877,8 @@
|
|
|
<Routing id="id2333X15287" name="Routing" comment="" ro="False" ipv4_rule_set="False" ipv6_rule_set="False" top_rule_set="True">
|
|
|
<RuleSetOptions/>
|
|
|
</Routing>
|
|
|
- <Interface id="id2335X15287" dedicated_failover="False" dyn="False" label="lan" mgmt="True" security_level="100" unnum="False" unprotected="False" name="vlan1" comment="" ro="False">
|
|
|
- <IPv4 id="id2336X15287" name="archivo:vlan1:ip" comment="" ro="False" address="10.0.21.2" netmask="255.255.255.0"/>
|
|
|
+ <Interface id="id2335X15287" dedicated_failover="False" dyn="False" label="lan" mgmt="True" security_level="100" unnum="False" unprotected="False" name="enp11s0" comment="" ro="False">
|
|
|
+ <IPv4 id="id2336X15287" name="archivo:enp11s0:ip" comment="" ro="False" address="10.0.21.2" netmask="255.255.255.0"/>
|
|
|
<InterfaceOptions/>
|
|
|
</Interface>
|
|
|
<Interface id="id2337X15287" dedicated_failover="False" dyn="False" label="link" mgmt="False" security_level="100" unnum="False" unprotected="False" name="vlan4" comment="" ro="False">
|
