|
@@ -1,7 +1,7 @@
|
|
|
<?xml version="1.0" encoding="utf-8"?>
|
|
<?xml version="1.0" encoding="utf-8"?>
|
|
|
<!DOCTYPE FWObjectDatabase SYSTEM "fwbuilder.dtd">
|
|
<!DOCTYPE FWObjectDatabase SYSTEM "fwbuilder.dtd">
|
|
|
-<FWObjectDatabase xmlns="http://www.fwbuilder.org/1.0/" version="24" lastModified="1678195288" id="root">
|
|
|
|
|
- <Library id="syslib000" color="#0a0f1f" name="Standard" comment="Standard objects" ro="True">
|
|
|
|
|
|
|
+<FWObjectDatabase xmlns="http://www.fwbuilder.org/1.0/" version="24" lastModified="1692276133" id="root">
|
|
|
|
|
+ <Library id="syslib000" color="#d4f8ff" name="Standard" comment="Standard objects" ro="True">
|
|
|
<AnyNetwork id="sysid0" name="Any" comment="Any Network" ro="False" address="0.0.0.0" netmask="0.0.0.0"/>
|
|
<AnyNetwork id="sysid0" name="Any" comment="Any Network" ro="False" address="0.0.0.0" netmask="0.0.0.0"/>
|
|
|
<AnyIPService id="sysid1" protocol_num="0" name="Any" comment="Any IP Service" ro="False"/>
|
|
<AnyIPService id="sysid1" protocol_num="0" name="Any" comment="Any IP Service" ro="False"/>
|
|
|
<AnyInterval id="sysid2" days_of_week="0,1,2,3,4,5,6" from_day="-1" from_hour="-1" from_minute="-1" from_month="-1" from_weekday="-1" from_year="-1" to_day="-1" to_hour="-1" to_minute="-1" to_month="-1" to_weekday="-1" to_year="-1" name="Any" comment="Any Interval" ro="False"/>
|
|
<AnyInterval id="sysid2" days_of_week="0,1,2,3,4,5,6" from_day="-1" from_hour="-1" from_minute="-1" from_month="-1" from_weekday="-1" from_year="-1" to_day="-1" to_hour="-1" to_minute="-1" to_month="-1" to_weekday="-1" to_year="-1" name="Any" comment="Any Interval" ro="False"/>
|
|
@@ -2170,6 +2170,7 @@
|
|
|
<IPv6 id="id4660X39728" name="IPV6 Default GW" comment="" ro="False" address="fe80::1" netmask="128"/>
|
|
<IPv6 id="id4660X39728" name="IPV6 Default GW" comment="" ro="False" address="fe80::1" netmask="128"/>
|
|
|
<IPv6 id="id9704X17196" name="hetzner ipv6 monitoring 5" comment="" ro="False" address="2a01:4f8:0:a112::c:1" netmask="128"/>
|
|
<IPv6 id="id9704X17196" name="hetzner ipv6 monitoring 5" comment="" ro="False" address="2a01:4f8:0:a112::c:1" netmask="128"/>
|
|
|
<IPv4 id="id9661X22688" name="my upc home adress" comment="" ro="False" address="62.178.152.187" netmask="0.0.0.0"/>
|
|
<IPv4 id="id9661X22688" name="my upc home adress" comment="" ro="False" address="62.178.152.187" netmask="0.0.0.0"/>
|
|
|
|
|
+ <IPv4 id="id14157X314088" name="web crawler 01" comment="" ro="False" address="40.83.44.14" netmask="0.0.0.0"/>
|
|
|
</ObjectGroup>
|
|
</ObjectGroup>
|
|
|
<ObjectGroup id="id1585X5690" name="DNS Names" comment="" ro="False"/>
|
|
<ObjectGroup id="id1585X5690" name="DNS Names" comment="" ro="False"/>
|
|
|
<ObjectGroup id="id1586X5690" name="Address Tables" comment="" ro="False"/>
|
|
<ObjectGroup id="id1586X5690" name="Address Tables" comment="" ro="False"/>
|
|
@@ -2206,6 +2207,9 @@
|
|
|
<ObjectRef ref="id4382X2427"/>
|
|
<ObjectRef ref="id4382X2427"/>
|
|
|
<ObjectRef ref="id12323X6099"/>
|
|
<ObjectRef ref="id12323X6099"/>
|
|
|
</ObjectGroup>
|
|
</ObjectGroup>
|
|
|
|
|
+ <ObjectGroup id="id14146X314088" name="Web Crawler" comment="" ro="False">
|
|
|
|
|
+ <ObjectRef ref="id14157X314088"/>
|
|
|
|
|
+ </ObjectGroup>
|
|
|
</ObjectGroup>
|
|
</ObjectGroup>
|
|
|
<ObjectGroup id="id1588X5690" name="Hosts" comment="" ro="False">
|
|
<ObjectGroup id="id1588X5690" name="Hosts" comment="" ro="False">
|
|
|
<Host id="id6626X5690" name="web01" comment="The Webserver will handel 80 and 443 tcp traffic." ro="False">
|
|
<Host id="id6626X5690" name="web01" comment="The Webserver will handel 80 and 443 tcp traffic." ro="False">
|
|
@@ -2473,7 +2477,7 @@
|
|
|
<ServiceGroup id="id1599X5690" name="TagServices" comment="" ro="False"/>
|
|
<ServiceGroup id="id1599X5690" name="TagServices" comment="" ro="False"/>
|
|
|
</ServiceGroup>
|
|
</ServiceGroup>
|
|
|
<ObjectGroup id="id1600X5690" name="Firewalls" comment="" ro="False">
|
|
<ObjectGroup id="id1600X5690" name="Firewalls" comment="" ro="False">
|
|
|
- <Firewall id="id8899X28426" host_OS="linux317" inactive="False" lastCompiled="1678195668" lastInstalled="1678195683" lastModified="1678195662" platform="iptables" version="1.4.20" name="kvmhost02" comment="" ro="False">
|
|
|
|
|
|
|
+ <Firewall id="id8899X28426" host_OS="linux317" inactive="False" lastCompiled="1692276173" lastInstalled="1692276196" lastModified="1692276164" platform="iptables" version="1.4.20" name="kvmhost02" comment="" ro="False">
|
|
|
<NAT id="id13393X65696" name="NAT" comment="" ro="False" ipv4_rule_set="True" ipv6_rule_set="False" top_rule_set="True">
|
|
<NAT id="id13393X65696" name="NAT" comment="" ro="False" ipv4_rule_set="True" ipv6_rule_set="False" top_rule_set="True">
|
|
|
<NATRule id="id13395X65696" disabled="False" group="outgoing NAT" position="0" action="Translate" comment="NAT all outgoing mail traffic to mail IP">
|
|
<NATRule id="id13395X65696" disabled="False" group="outgoing NAT" position="0" action="Translate" comment="NAT all outgoing mail traffic to mail IP">
|
|
|
<OSrc neg="False">
|
|
<OSrc neg="False">
|
|
@@ -3134,7 +3138,28 @@
|
|
|
<Option name="ulog_nlgroup">1</Option>
|
|
<Option name="ulog_nlgroup">1</Option>
|
|
|
</PolicyRuleOptions>
|
|
</PolicyRuleOptions>
|
|
|
</PolicyRule>
|
|
</PolicyRule>
|
|
|
- <PolicyRule id="id14114X233013" disabled="False" group="Firewall" log="True" position="1" action="Deny" direction="Both" comment="Known spamers and adress harvesters are blocked.">
|
|
|
|
|
|
|
+ <PolicyRule id="id14110X314088" disabled="False" group="Firewall" log="True" position="1" action="Deny" direction="Both" comment="block bad web spiders">
|
|
|
|
|
+ <Src neg="False">
|
|
|
|
|
+ <ObjectRef ref="id14146X314088"/>
|
|
|
|
|
+ </Src>
|
|
|
|
|
+ <Dst neg="False">
|
|
|
|
|
+ <ObjectRef ref="sysid0"/>
|
|
|
|
|
+ </Dst>
|
|
|
|
|
+ <Srv neg="False">
|
|
|
|
|
+ <ServiceRef ref="sysid1"/>
|
|
|
|
|
+ </Srv>
|
|
|
|
|
+ <Itf neg="False">
|
|
|
|
|
+ <ObjectRef ref="sysid0"/>
|
|
|
|
|
+ </Itf>
|
|
|
|
|
+ <When neg="False">
|
|
|
|
|
+ <IntervalRef ref="sysid2"/>
|
|
|
|
|
+ </When>
|
|
|
|
|
+ <PolicyRuleOptions>
|
|
|
|
|
+ <Option name="color">#C86E6E</Option>
|
|
|
|
|
+ <Option name="stateless">True</Option>
|
|
|
|
|
+ </PolicyRuleOptions>
|
|
|
|
|
+ </PolicyRule>
|
|
|
|
|
+ <PolicyRule id="id14114X233013" disabled="False" group="Firewall" log="True" position="2" action="Deny" direction="Both" comment="Known spamers and adress harvesters are blocked.">
|
|
|
<Src neg="False">
|
|
<Src neg="False">
|
|
|
<ObjectRef ref="id4136X34148"/>
|
|
<ObjectRef ref="id4136X34148"/>
|
|
|
</Src>
|
|
</Src>
|
|
@@ -3161,7 +3186,7 @@
|
|
|
<Option name="stateless">True</Option>
|
|
<Option name="stateless">True</Option>
|
|
|
</PolicyRuleOptions>
|
|
</PolicyRuleOptions>
|
|
|
</PolicyRule>
|
|
</PolicyRule>
|
|
|
- <PolicyRule id="id10894X28426" disabled="False" group="Firewall" log="False" position="2" action="Accept" direction="Both" comment="">
|
|
|
|
|
|
|
+ <PolicyRule id="id10894X28426" disabled="False" group="Firewall" log="False" position="3" action="Accept" direction="Both" comment="">
|
|
|
<Src neg="False">
|
|
<Src neg="False">
|
|
|
<ObjectRef ref="sysid0"/>
|
|
<ObjectRef ref="sysid0"/>
|
|
|
</Src>
|
|
</Src>
|
|
@@ -3179,7 +3204,7 @@
|
|
|
</When>
|
|
</When>
|
|
|
<PolicyRuleOptions/>
|
|
<PolicyRuleOptions/>
|
|
|
</PolicyRule>
|
|
</PolicyRule>
|
|
|
- <PolicyRule id="id10838X28426" disabled="False" group="Firewall" log="True" position="3" action="Accept" direction="Both" comment="Firewall can do everything">
|
|
|
|
|
|
|
+ <PolicyRule id="id10838X28426" disabled="False" group="Firewall" log="True" position="4" action="Accept" direction="Both" comment="Firewall can do everything">
|
|
|
<Src neg="False">
|
|
<Src neg="False">
|
|
|
<ObjectRef ref="id8899X28426"/>
|
|
<ObjectRef ref="id8899X28426"/>
|
|
|
</Src>
|
|
</Src>
|
|
@@ -3197,7 +3222,7 @@
|
|
|
</When>
|
|
</When>
|
|
|
<PolicyRuleOptions/>
|
|
<PolicyRuleOptions/>
|
|
|
</PolicyRule>
|
|
</PolicyRule>
|
|
|
- <PolicyRule id="id10781X28426" disabled="False" group="Firewall" log="True" position="4" action="Accept" direction="Both" comment="SSH Access to firewall is permitted only through the hiports">
|
|
|
|
|
|
|
+ <PolicyRule id="id10781X28426" disabled="False" group="Firewall" log="True" position="5" action="Accept" direction="Both" comment="SSH Access to firewall is permitted only through the hiports">
|
|
|
<Src neg="False">
|
|
<Src neg="False">
|
|
|
<ObjectRef ref="sysid0"/>
|
|
<ObjectRef ref="sysid0"/>
|
|
|
</Src>
|
|
</Src>
|
|
@@ -3216,7 +3241,7 @@
|
|
|
</When>
|
|
</When>
|
|
|
<PolicyRuleOptions/>
|
|
<PolicyRuleOptions/>
|
|
|
</PolicyRule>
|
|
</PolicyRule>
|
|
|
- <PolicyRule id="id10718X28426" disabled="False" group="Firewall" log="False" position="5" action="Accept" direction="Both" comment="Internal Networks are allowed to ping the Firewall. ipv6 ping has to be stateless.">
|
|
|
|
|
|
|
+ <PolicyRule id="id10718X28426" disabled="False" group="Firewall" log="False" position="6" action="Accept" direction="Both" comment="Internal Networks are allowed to ping the Firewall. ipv6 ping has to be stateless.">
|
|
|
<Src neg="False">
|
|
<Src neg="False">
|
|
|
<ObjectRef ref="id3850X6649"/>
|
|
<ObjectRef ref="id3850X6649"/>
|
|
|
<ObjectRef ref="id11343X65696"/>
|
|
<ObjectRef ref="id11343X65696"/>
|
|
@@ -3276,7 +3301,7 @@
|
|
|
<Option name="ulog_nlgroup">1</Option>
|
|
<Option name="ulog_nlgroup">1</Option>
|
|
|
</PolicyRuleOptions>
|
|
</PolicyRuleOptions>
|
|
|
</PolicyRule>
|
|
</PolicyRule>
|
|
|
- <PolicyRule id="id10650X28426" disabled="True" group="Firewall" log="False" position="6" action="Accept" direction="Both" comment="Hezner Monitoring">
|
|
|
|
|
|
|
+ <PolicyRule id="id10650X28426" disabled="True" group="Firewall" log="False" position="7" action="Accept" direction="Both" comment="Hezner Monitoring">
|
|
|
<Src neg="False">
|
|
<Src neg="False">
|
|
|
<ObjectRef ref="id3850X6649"/>
|
|
<ObjectRef ref="id3850X6649"/>
|
|
|
</Src>
|
|
</Src>
|
|
@@ -3302,7 +3327,7 @@
|
|
|
<Option name="stateless">False</Option>
|
|
<Option name="stateless">False</Option>
|
|
|
</PolicyRuleOptions>
|
|
</PolicyRuleOptions>
|
|
|
</PolicyRule>
|
|
</PolicyRule>
|
|
|
- <PolicyRule id="id10412X28426" disabled="False" group="Firewall" log="True" position="7" action="Accept" direction="Both" comment="make ipv6 work. ">
|
|
|
|
|
|
|
+ <PolicyRule id="id10412X28426" disabled="False" group="Firewall" log="True" position="8" action="Accept" direction="Both" comment="make ipv6 work. ">
|
|
|
<Src neg="False">
|
|
<Src neg="False">
|
|
|
<ObjectRef ref="id4660X39728"/>
|
|
<ObjectRef ref="id4660X39728"/>
|
|
|
</Src>
|
|
</Src>
|
|
@@ -3322,7 +3347,7 @@
|
|
|
<Option name="stateless">False</Option>
|
|
<Option name="stateless">False</Option>
|
|
|
</PolicyRuleOptions>
|
|
</PolicyRuleOptions>
|
|
|
</PolicyRule>
|
|
</PolicyRule>
|
|
|
- <PolicyRule id="id10356X28426" disabled="False" group="Firewall" log="True" position="8" action="Deny" direction="Both" comment="All other attempts to connect to the firewall are denied and logged">
|
|
|
|
|
|
|
+ <PolicyRule id="id10356X28426" disabled="False" group="Firewall" log="True" position="9" action="Deny" direction="Both" comment="All other attempts to connect to the firewall are denied and logged">
|
|
|
<Src neg="False">
|
|
<Src neg="False">
|
|
|
<ObjectRef ref="sysid0"/>
|
|
<ObjectRef ref="sysid0"/>
|
|
|
</Src>
|
|
</Src>
|
|
@@ -3366,7 +3391,7 @@
|
|
|
<Option name="ulog_nlgroup">1</Option>
|
|
<Option name="ulog_nlgroup">1</Option>
|
|
|
</PolicyRuleOptions>
|
|
</PolicyRuleOptions>
|
|
|
</PolicyRule>
|
|
</PolicyRule>
|
|
|
- <PolicyRule id="id11622X65696" disabled="False" group="VMs" log="True" position="9" action="Accept" direction="Both" comment="">
|
|
|
|
|
|
|
+ <PolicyRule id="id11622X65696" disabled="False" group="VMs" log="True" position="10" action="Accept" direction="Both" comment="">
|
|
|
<Src neg="False">
|
|
<Src neg="False">
|
|
|
<ObjectRef ref="sysid0"/>
|
|
<ObjectRef ref="sysid0"/>
|
|
|
</Src>
|
|
</Src>
|
|
@@ -3389,7 +3414,7 @@
|
|
|
<Option name="stateless">False</Option>
|
|
<Option name="stateless">False</Option>
|
|
|
</PolicyRuleOptions>
|
|
</PolicyRuleOptions>
|
|
|
</PolicyRule>
|
|
</PolicyRule>
|
|
|
- <PolicyRule id="id11679X65696" disabled="False" group="VMs" log="True" position="10" action="Accept" direction="Both" comment="">
|
|
|
|
|
|
|
+ <PolicyRule id="id11679X65696" disabled="False" group="VMs" log="True" position="11" action="Accept" direction="Both" comment="">
|
|
|
<Src neg="False">
|
|
<Src neg="False">
|
|
|
<ObjectRef ref="id11552X65696"/>
|
|
<ObjectRef ref="id11552X65696"/>
|
|
|
</Src>
|
|
</Src>
|
|
@@ -3410,7 +3435,7 @@
|
|
|
<Option name="stateless">False</Option>
|
|
<Option name="stateless">False</Option>
|
|
|
</PolicyRuleOptions>
|
|
</PolicyRuleOptions>
|
|
|
</PolicyRule>
|
|
</PolicyRule>
|
|
|
- <PolicyRule id="id12687X65696" disabled="False" group="VMs" log="True" position="11" action="Accept" direction="Both" comment="">
|
|
|
|
|
|
|
+ <PolicyRule id="id12687X65696" disabled="False" group="VMs" log="True" position="12" action="Accept" direction="Both" comment="">
|
|
|
<Src neg="False">
|
|
<Src neg="False">
|
|
|
<ObjectRef ref="sysid0"/>
|
|
<ObjectRef ref="sysid0"/>
|
|
|
</Src>
|
|
</Src>
|
|
@@ -3438,7 +3463,7 @@
|
|
|
<Option name="stateless">False</Option>
|
|
<Option name="stateless">False</Option>
|
|
|
</PolicyRuleOptions>
|
|
</PolicyRuleOptions>
|
|
|
</PolicyRule>
|
|
</PolicyRule>
|
|
|
- <PolicyRule id="id13633X27833" disabled="True" group="VMs" log="True" position="12" action="Accept" direction="Both" comment="allow sieve access">
|
|
|
|
|
|
|
+ <PolicyRule id="id13633X27833" disabled="True" group="VMs" log="True" position="13" action="Accept" direction="Both" comment="allow sieve access">
|
|
|
<Src neg="False">
|
|
<Src neg="False">
|
|
|
<ObjectRef ref="id6626X5690"/>
|
|
<ObjectRef ref="id6626X5690"/>
|
|
|
</Src>
|
|
</Src>
|
|
@@ -3459,7 +3484,7 @@
|
|
|
<Option name="stateless">False</Option>
|
|
<Option name="stateless">False</Option>
|
|
|
</PolicyRuleOptions>
|
|
</PolicyRuleOptions>
|
|
|
</PolicyRule>
|
|
</PolicyRule>
|
|
|
- <PolicyRule id="id12975X65696" disabled="False" group="VMs" log="True" position="13" action="Accept" direction="Both" comment="basic protection for manfreds server.">
|
|
|
|
|
|
|
+ <PolicyRule id="id12975X65696" disabled="False" group="VMs" log="True" position="14" action="Accept" direction="Both" comment="basic protection for manfreds server.">
|
|
|
<Src neg="False">
|
|
<Src neg="False">
|
|
|
<ObjectRef ref="sysid0"/>
|
|
<ObjectRef ref="sysid0"/>
|
|
|
</Src>
|
|
</Src>
|
|
@@ -3480,7 +3505,7 @@
|
|
|
<Option name="stateless">False</Option>
|
|
<Option name="stateless">False</Option>
|
|
|
</PolicyRuleOptions>
|
|
</PolicyRuleOptions>
|
|
|
</PolicyRule>
|
|
</PolicyRule>
|
|
|
- <PolicyRule id="id11804X65696" disabled="False" group="VMs" log="True" position="14" action="Accept" direction="Both" comment="allow http/https and ssh (for limited users only)">
|
|
|
|
|
|
|
+ <PolicyRule id="id11804X65696" disabled="False" group="VMs" log="True" position="15" action="Accept" direction="Both" comment="allow http/https and ssh (for limited users only)">
|
|
|
<Src neg="False">
|
|
<Src neg="False">
|
|
|
<ObjectRef ref="sysid0"/>
|
|
<ObjectRef ref="sysid0"/>
|
|
|
</Src>
|
|
</Src>
|
|
@@ -3504,7 +3529,7 @@
|
|
|
<Option name="stateless">False</Option>
|
|
<Option name="stateless">False</Option>
|
|
|
</PolicyRuleOptions>
|
|
</PolicyRuleOptions>
|
|
|
</PolicyRule>
|
|
</PolicyRule>
|
|
|
- <PolicyRule id="id11739X65696" disabled="False" group="VMs" log="True" position="15" action="Accept" direction="Both" comment="Webserver Ports">
|
|
|
|
|
|
|
+ <PolicyRule id="id11739X65696" disabled="False" group="VMs" log="True" position="16" action="Accept" direction="Both" comment="Webserver Ports">
|
|
|
<Src neg="False">
|
|
<Src neg="False">
|
|
|
<ObjectRef ref="id9692X36891"/>
|
|
<ObjectRef ref="id9692X36891"/>
|
|
|
</Src>
|
|
</Src>
|
|
@@ -3531,7 +3556,7 @@
|
|
|
<Option name="stateless">False</Option>
|
|
<Option name="stateless">False</Option>
|
|
|
</PolicyRuleOptions>
|
|
</PolicyRuleOptions>
|
|
|
</PolicyRule>
|
|
</PolicyRule>
|
|
|
- <PolicyRule id="id12327X65696" disabled="False" group="VMs" log="True" position="16" action="Accept" direction="Both" comment="web02 runs various software peaces.">
|
|
|
|
|
|
|
+ <PolicyRule id="id12327X65696" disabled="False" group="VMs" log="True" position="17" action="Accept" direction="Both" comment="web02 runs various software peaces.">
|
|
|
<Src neg="False">
|
|
<Src neg="False">
|
|
|
<ObjectRef ref="id9692X36891"/>
|
|
<ObjectRef ref="id9692X36891"/>
|
|
|
</Src>
|
|
</Src>
|
|
@@ -3559,7 +3584,7 @@
|
|
|
<Option name="stateless">False</Option>
|
|
<Option name="stateless">False</Option>
|
|
|
</PolicyRuleOptions>
|
|
</PolicyRuleOptions>
|
|
|
</PolicyRule>
|
|
</PolicyRule>
|
|
|
- <PolicyRule id="id22122X6772" disabled="False" group="VMs" log="True" position="17" action="Accept" direction="Both" comment="web02 allow unifi ports">
|
|
|
|
|
|
|
+ <PolicyRule id="id22122X6772" disabled="False" group="VMs" log="True" position="18" action="Accept" direction="Both" comment="web02 allow unifi ports">
|
|
|
<Src neg="False">
|
|
<Src neg="False">
|
|
|
<ObjectRef ref="sysid0"/>
|
|
<ObjectRef ref="sysid0"/>
|
|
|
</Src>
|
|
</Src>
|
|
@@ -3583,7 +3608,7 @@
|
|
|
<Option name="stateless">False</Option>
|
|
<Option name="stateless">False</Option>
|
|
|
</PolicyRuleOptions>
|
|
</PolicyRuleOptions>
|
|
|
</PolicyRule>
|
|
</PolicyRule>
|
|
|
- <PolicyRule id="id13692X40508" disabled="False" group="VMs" log="True" position="18" action="Accept" direction="Both" comment="web02 allow jitsi-meet ports">
|
|
|
|
|
|
|
+ <PolicyRule id="id13692X40508" disabled="False" group="VMs" log="True" position="19" action="Accept" direction="Both" comment="web02 allow jitsi-meet ports">
|
|
|
<Src neg="False">
|
|
<Src neg="False">
|
|
|
<ObjectRef ref="sysid0"/>
|
|
<ObjectRef ref="sysid0"/>
|
|
|
</Src>
|
|
</Src>
|
|
@@ -3605,7 +3630,7 @@
|
|
|
<Option name="stateless">False</Option>
|
|
<Option name="stateless">False</Option>
|
|
|
</PolicyRuleOptions>
|
|
</PolicyRuleOptions>
|
|
|
</PolicyRule>
|
|
</PolicyRule>
|
|
|
- <PolicyRule id="id12906X29020" disabled="False" group="VMs" log="True" position="19" action="Accept" direction="Both" comment="allow mailman traffic">
|
|
|
|
|
|
|
+ <PolicyRule id="id12906X29020" disabled="False" group="VMs" log="True" position="20" action="Accept" direction="Both" comment="allow mailman traffic">
|
|
|
<Src neg="False">
|
|
<Src neg="False">
|
|
|
<ObjectRef ref="id6626X5690"/>
|
|
<ObjectRef ref="id6626X5690"/>
|
|
|
</Src>
|
|
</Src>
|
|
@@ -3626,7 +3651,7 @@
|
|
|
<Option name="stateless">False</Option>
|
|
<Option name="stateless">False</Option>
|
|
|
</PolicyRuleOptions>
|
|
</PolicyRuleOptions>
|
|
|
</PolicyRule>
|
|
</PolicyRule>
|
|
|
- <PolicyRule id="id12867X6099" disabled="False" group="VMs" log="True" position="20" action="Accept" direction="Both" comment="allow gogs https">
|
|
|
|
|
|
|
+ <PolicyRule id="id12867X6099" disabled="False" group="VMs" log="True" position="21" action="Accept" direction="Both" comment="allow gogs https">
|
|
|
<Src neg="False">
|
|
<Src neg="False">
|
|
|
<ObjectRef ref="id9692X36891"/>
|
|
<ObjectRef ref="id9692X36891"/>
|
|
|
</Src>
|
|
</Src>
|
|
@@ -3647,7 +3672,7 @@
|
|
|
<Option name="stateless">False</Option>
|
|
<Option name="stateless">False</Option>
|
|
|
</PolicyRuleOptions>
|
|
</PolicyRuleOptions>
|
|
|
</PolicyRule>
|
|
</PolicyRule>
|
|
|
- <PolicyRule id="id12109X65696" disabled="False" group="VMs" log="True" position="21" action="Accept" direction="Both" comment="TODO: use ldaps in future implementation">
|
|
|
|
|
|
|
+ <PolicyRule id="id12109X65696" disabled="False" group="VMs" log="True" position="22" action="Accept" direction="Both" comment="TODO: use ldaps in future implementation">
|
|
|
<Src neg="False">
|
|
<Src neg="False">
|
|
|
<ObjectRef ref="id8526X5690"/>
|
|
<ObjectRef ref="id8526X5690"/>
|
|
|
<ObjectRef ref="id4382X2427"/>
|
|
<ObjectRef ref="id4382X2427"/>
|
|
@@ -3670,7 +3695,7 @@
|
|
|
<Option name="color">#7694C0</Option>
|
|
<Option name="color">#7694C0</Option>
|
|
|
</PolicyRuleOptions>
|
|
</PolicyRuleOptions>
|
|
|
</PolicyRule>
|
|
</PolicyRule>
|
|
|
- <PolicyRule id="id12166X65696" disabled="False" group="VMs" log="True" position="22" action="Accept" direction="Both" comment="all web (app) servers are allowed to access the database.">
|
|
|
|
|
|
|
+ <PolicyRule id="id12166X65696" disabled="False" group="VMs" log="True" position="23" action="Accept" direction="Both" comment="all web (app) servers are allowed to access the database.">
|
|
|
<Src neg="False">
|
|
<Src neg="False">
|
|
|
<ObjectRef ref="id13113X65696"/>
|
|
<ObjectRef ref="id13113X65696"/>
|
|
|
</Src>
|
|
</Src>
|
|
@@ -3691,7 +3716,7 @@
|
|
|
<Option name="color">#7694C0</Option>
|
|
<Option name="color">#7694C0</Option>
|
|
|
</PolicyRuleOptions>
|
|
</PolicyRuleOptions>
|
|
|
</PolicyRule>
|
|
</PolicyRule>
|
|
|
- <PolicyRule id="id12224X65696" disabled="False" group="VMs" log="True" position="23" action="Accept" direction="Both" comment="">
|
|
|
|
|
|
|
+ <PolicyRule id="id12224X65696" disabled="False" group="VMs" log="True" position="24" action="Accept" direction="Both" comment="">
|
|
|
<Src neg="False">
|
|
<Src neg="False">
|
|
|
<ObjectRef ref="sysid0"/>
|
|
<ObjectRef ref="sysid0"/>
|
|
|
</Src>
|
|
</Src>
|
|
@@ -3714,7 +3739,7 @@
|
|
|
<Option name="stateless">False</Option>
|
|
<Option name="stateless">False</Option>
|
|
|
</PolicyRuleOptions>
|
|
</PolicyRuleOptions>
|
|
|
</PolicyRule>
|
|
</PolicyRule>
|
|
|
- <PolicyRule id="id9651X28426" disabled="False" group="VMs" log="True" position="24" action="Accept" direction="Both" comment="allow access to all VMs from Wireguard Network">
|
|
|
|
|
|
|
+ <PolicyRule id="id9651X28426" disabled="False" group="VMs" log="True" position="25" action="Accept" direction="Both" comment="allow access to all VMs from Wireguard Network">
|
|
|
<Src neg="False">
|
|
<Src neg="False">
|
|
|
<ObjectRef ref="id11552X65696"/>
|
|
<ObjectRef ref="id11552X65696"/>
|
|
|
</Src>
|
|
</Src>
|
|
@@ -3735,7 +3760,7 @@
|
|
|
<Option name="stateless">False</Option>
|
|
<Option name="stateless">False</Option>
|
|
|
</PolicyRuleOptions>
|
|
</PolicyRuleOptions>
|
|
|
</PolicyRule>
|
|
</PolicyRule>
|
|
|
- <PolicyRule id="id12762X6099" disabled="False" group="VMs" log="True" position="25" action="Accept" direction="Both" comment="setup icmp ping">
|
|
|
|
|
|
|
+ <PolicyRule id="id12762X6099" disabled="False" group="VMs" log="True" position="26" action="Accept" direction="Both" comment="setup icmp ping">
|
|
|
<Src neg="False">
|
|
<Src neg="False">
|
|
|
<ObjectRef ref="id11343X65696"/>
|
|
<ObjectRef ref="id11343X65696"/>
|
|
|
</Src>
|
|
</Src>
|
|
@@ -3758,7 +3783,7 @@
|
|
|
<Option name="stateless">False</Option>
|
|
<Option name="stateless">False</Option>
|
|
|
</PolicyRuleOptions>
|
|
</PolicyRuleOptions>
|
|
|
</PolicyRule>
|
|
</PolicyRule>
|
|
|
- <PolicyRule id="id9538X28426" disabled="False" group="outgoing traffic" log="True" position="26" action="Accept" direction="Outbound" comment="From the internal Network all connections are allow the external networks.">
|
|
|
|
|
|
|
+ <PolicyRule id="id9538X28426" disabled="False" group="outgoing traffic" log="True" position="27" action="Accept" direction="Outbound" comment="From the internal Network all connections are allow the external networks.">
|
|
|
<Src neg="False">
|
|
<Src neg="False">
|
|
|
<ObjectRef ref="id11343X65696"/>
|
|
<ObjectRef ref="id11343X65696"/>
|
|
|
</Src>
|
|
</Src>
|
|
@@ -3779,7 +3804,7 @@
|
|
|
<Option name="stateless">False</Option>
|
|
<Option name="stateless">False</Option>
|
|
|
</PolicyRuleOptions>
|
|
</PolicyRuleOptions>
|
|
|
</PolicyRule>
|
|
</PolicyRule>
|
|
|
- <PolicyRule id="id12677X6099" disabled="True" group="outgoing traffic" log="True" position="27" action="Accept" direction="Outbound" comment="From ipv6 Network">
|
|
|
|
|
|
|
+ <PolicyRule id="id12677X6099" disabled="True" group="outgoing traffic" log="True" position="28" action="Accept" direction="Outbound" comment="From ipv6 Network">
|
|
|
<Src neg="False">
|
|
<Src neg="False">
|
|
|
<ObjectRef ref="id11367X65696"/>
|
|
<ObjectRef ref="id11367X65696"/>
|
|
|
</Src>
|
|
</Src>
|
|
@@ -3800,7 +3825,7 @@
|
|
|
<Option name="stateless">False</Option>
|
|
<Option name="stateless">False</Option>
|
|
|
</PolicyRuleOptions>
|
|
</PolicyRuleOptions>
|
|
|
</PolicyRule>
|
|
</PolicyRule>
|
|
|
- <PolicyRule id="id11010X28426" disabled="False" group="" log="True" position="28" action="Deny" direction="Both" comment="">
|
|
|
|
|
|
|
+ <PolicyRule id="id11010X28426" disabled="False" group="" log="True" position="29" action="Deny" direction="Both" comment="">
|
|
|
<Src neg="False">
|
|
<Src neg="False">
|
|
|
<ObjectRef ref="sysid0"/>
|
|
<ObjectRef ref="sysid0"/>
|
|
|
</Src>
|
|
</Src>
|
Maximilian Ronniger