kvmhost02: initial running commit

itguru.at.fwb

@@ -1,6 +1,6 @@
 <?xml version="1.0" encoding="utf-8"?>
 <!DOCTYPE FWObjectDatabase SYSTEM "fwbuilder.dtd">
-<FWObjectDatabase xmlns="http://www.fwbuilder.org/1.0/" version="24" lastModified="1575224652" id="root">
+<FWObjectDatabase xmlns="http://www.fwbuilder.org/1.0/" version="24" lastModified="1575628006" id="root">
   <Library id="syslib000" color="#d4f8ff" name="Standard" comment="Standard objects" ro="True">
     <AnyNetwork id="sysid0" name="Any" comment="Any Network" ro="False" address="0.0.0.0" netmask="0.0.0.0"/>
     <AnyIPService id="sysid1" protocol_num="0" name="Any" comment="Any IP Service" ro="False"/>
@@ -2422,7 +2422,7 @@
           <Option name="verify_interfaces">True</Option>
         </FirewallOptions>
       </Firewall>
-      <Firewall id="id8899X28426" host_OS="linux24" inactive="False" lastCompiled="0" lastInstalled="0" lastModified="1575225376" platform="iptables" version="" name="kvmhost02" comment="" ro="False">
+      <Firewall id="id8899X28426" host_OS="linux24" inactive="False" lastCompiled="1575643012" lastInstalled="1575643027" lastModified="1575643006" platform="iptables" version="" name="kvmhost02" comment="" ro="False">
         <NAT id="id13393X65696" name="NAT" comment="" ro="False" ipv4_rule_set="True" ipv6_rule_set="False" top_rule_set="True">
           <NATRule id="id13395X65696" disabled="True" group="outgoing NAT" position="0" action="Translate" comment="NAT all outgoing mail traffic to mail IP">
             <OSrc neg="False">
@@ -2480,7 +2480,7 @@
           </NATRule>
           <NATRule id="id13483X65696" disabled="False" group="NAT VMs" position="2" action="Translate" comment="special nat so internal hosts can connect to hostet services.">
             <OSrc neg="False">
-              <ObjectRef ref="id4422X5690"/>
+              <ObjectRef ref="id11343X65696"/>
             </OSrc>
             <ODst neg="False">
               <ObjectRef ref="id8908X28426"/>
@@ -2537,9 +2537,7 @@
               <ObjectRef ref="sysid0"/>
             </OSrc>
             <ODst neg="False">
-              <ObjectRef ref="id4420X5690"/>
-              <ObjectRef ref="id3828X19560"/>
-              <ObjectRef ref="id10862X36891"/>
+              <ObjectRef ref="id8908X28426"/>
             </ODst>
             <OSrv neg="False">
               <ServiceRef ref="tcp-HTTP"/>
@@ -2566,9 +2564,7 @@
               <ObjectRef ref="sysid0"/>
             </OSrc>
             <ODst neg="False">
-              <ObjectRef ref="id4420X5690"/>
-              <ObjectRef ref="id3828X19560"/>
-              <ObjectRef ref="id10862X36891"/>
+              <ObjectRef ref="id8908X28426"/>
             </ODst>
             <OSrv neg="False">
               <ServiceRef ref="id3B4FED69"/>
@@ -2590,39 +2586,12 @@
             </ItfOutb>
             <NATRuleOptions/>
           </NATRule>
-          <NATRule id="id13662X65696" disabled="True" group="web_access" position="6" action="Translate" comment="">
-            <OSrc neg="False">
-              <ObjectRef ref="sysid0"/>
-            </OSrc>
-            <ODst neg="False">
-              <ObjectRef ref="id10862X36891"/>
-            </ODst>
-            <OSrv neg="False">
-              <ServiceRef ref="id4115X60183"/>
-            </OSrv>
-            <TSrc neg="False">
-              <ObjectRef ref="sysid0"/>
-            </TSrc>
-            <TDst neg="False">
-              <ObjectRef ref="id4069X60183"/>
-            </TDst>
-            <TSrv neg="False">
-              <ServiceRef ref="sysid1"/>
-            </TSrv>
-            <ItfInb neg="False">
-              <ObjectRef ref="sysid0"/>
-            </ItfInb>
-            <ItfOutb neg="False">
-              <ObjectRef ref="sysid0"/>
-            </ItfOutb>
-            <NATRuleOptions/>
-          </NATRule>
-          <NATRule id="id13705X65696" disabled="False" group="web_access" position="7" action="Translate" comment="">
+          <NATRule id="id13705X65696" disabled="True" group="web_access" position="6" action="Translate" comment="TODO: add a proxy rule">
             <OSrc neg="False">
               <ObjectRef ref="sysid0"/>
             </OSrc>
             <ODst neg="False">
-              <ObjectRef ref="id10862X36891"/>
+              <ObjectRef ref="id8908X28426"/>
             </ODst>
             <OSrv neg="False">
               <ServiceRef ref="id4115X60183"/>
@@ -2644,12 +2613,12 @@
             </ItfOutb>
             <NATRuleOptions/>
           </NATRule>
-          <NATRule id="id13748X65696" disabled="False" group="wlanctl" position="8" action="Translate" comment="">
+          <NATRule id="id13748X65696" disabled="False" group="wlanctl" position="7" action="Translate" comment="TODO: add Proxy rules">
             <OSrc neg="False">
               <ObjectRef ref="sysid0"/>
             </OSrc>
             <ODst neg="False">
-              <ObjectRef ref="id3828X19560"/>
+              <ObjectRef ref="id8908X28426"/>
             </ODst>
             <OSrv neg="False">
               <ServiceRef ref="id11374X28426"/>
@@ -2675,12 +2644,12 @@
             </ItfOutb>
             <NATRuleOptions/>
           </NATRule>
-          <NATRule id="id13795X65696" disabled="False" group="wlanctl" position="9" action="Translate" comment="">
+          <NATRule id="id13795X65696" disabled="False" group="wlanctl" position="8" action="Translate" comment="">
             <OSrc neg="False">
               <ObjectRef ref="sysid0"/>
             </OSrc>
             <ODst neg="False">
-              <ObjectRef ref="id3828X19560"/>
+              <ObjectRef ref="id8908X28426"/>
             </ODst>
             <OSrv neg="False">
               <ServiceRef ref="id9676X35429"/>
@@ -2702,12 +2671,12 @@
             </ItfOutb>
             <NATRuleOptions/>
           </NATRule>
-          <NATRule id="id13838X65696" disabled="False" group="external ssh access" position="10" action="Translate" comment="allow sftp access for &#10;">
+          <NATRule id="id13838X65696" disabled="False" group="external ssh access" position="9" action="Translate" comment="allow sftp access for &#10;">
             <OSrc neg="False">
               <ObjectRef ref="sysid0"/>
             </OSrc>
             <ODst neg="False">
-              <ObjectRef ref="id3828X19560"/>
+              <ObjectRef ref="id8908X28426"/>
             </ODst>
             <OSrv neg="False">
               <ServiceRef ref="id4427X2191"/>
@@ -2729,12 +2698,12 @@
             </ItfOutb>
             <NATRuleOptions/>
           </NATRule>
-          <NATRule id="id13881X65696" disabled="False" group="external ssh access" position="11" action="Translate" comment="allow ssh access for authorized users">
+          <NATRule id="id13881X65696" disabled="False" group="external ssh access" position="10" action="Translate" comment="allow ssh access for authorized users">
             <OSrc neg="False">
               <ObjectRef ref="sysid0"/>
             </OSrc>
             <ODst neg="False">
-              <ObjectRef ref="id3828X19560"/>
+              <ObjectRef ref="id8908X28426"/>
             </ODst>
             <OSrv neg="False">
               <ServiceRef ref="id6890X4137"/>
@@ -2756,12 +2725,12 @@
             </ItfOutb>
             <NATRuleOptions/>
           </NATRule>
-          <NATRule id="id13924X65696" disabled="False" group="external ssh access" position="12" action="Translate" comment="ssh for gogs git repo">
+          <NATRule id="id13924X65696" disabled="False" group="external ssh access" position="11" action="Translate" comment="ssh for gogs git repo">
             <OSrc neg="False">
               <ObjectRef ref="sysid0"/>
             </OSrc>
             <ODst neg="False">
-              <ObjectRef ref="id3828X19560"/>
+              <ObjectRef ref="id8908X28426"/>
             </ODst>
             <OSrv neg="False">
               <ServiceRef ref="id10843X4569"/>
@@ -2783,39 +2752,12 @@
             </ItfOutb>
             <NATRuleOptions/>
           </NATRule>
-          <NATRule id="id13967X65696" disabled="False" group="external ssh access" position="13" action="Translate" comment="">
-            <OSrc neg="False">
-              <ObjectRef ref="sysid0"/>
-            </OSrc>
-            <ODst neg="False">
-              <ObjectRef ref="id10862X36891"/>
-            </ODst>
-            <OSrv neg="False">
-              <ServiceRef ref="id4264X77913"/>
-            </OSrv>
-            <TSrc neg="False">
-              <ObjectRef ref="sysid0"/>
-            </TSrc>
-            <TDst neg="False">
-              <ObjectRef ref="id4069X60183"/>
-            </TDst>
-            <TSrv neg="False">
-              <ServiceRef ref="sysid1"/>
-            </TSrv>
-            <ItfInb neg="False">
-              <ObjectRef ref="sysid0"/>
-            </ItfInb>
-            <ItfOutb neg="False">
-              <ObjectRef ref="sysid0"/>
-            </ItfOutb>
-            <NATRuleOptions/>
-          </NATRule>
-          <NATRule id="id14010X65696" disabled="False" group="external ssh access" position="14" action="Translate" comment="">
+          <NATRule id="id14010X65696" disabled="False" group="external ssh access" position="12" action="Translate" comment="">
             <OSrc neg="False">
               <ObjectRef ref="sysid0"/>
             </OSrc>
             <ODst neg="False">
-              <ObjectRef ref="id10862X36891"/>
+              <ObjectRef ref="id8908X28426"/>
             </ODst>
             <OSrv neg="False">
               <ServiceRef ref="id10631X16353"/>
@@ -2837,12 +2779,12 @@
             </ItfOutb>
             <NATRuleOptions/>
           </NATRule>
-          <NATRule id="id14053X65696" disabled="False" group="" position="15" action="Translate" comment="">
+          <NATRule id="id14053X65696" disabled="False" group="" position="13" action="Translate" comment="">
             <OSrc neg="False">
               <ObjectRef ref="sysid0"/>
             </OSrc>
             <ODst neg="False">
-              <ObjectRef ref="id4420X5690"/>
+              <ObjectRef ref="id13268X354"/>
             </ODst>
             <OSrv neg="False">
               <ServiceRef ref="tcp-SMTP"/>
@@ -2870,12 +2812,12 @@
             </ItfOutb>
             <NATRuleOptions/>
           </NATRule>
-          <NATRule id="id14102X65696" disabled="False" group="" position="16" action="Translate" comment="">
+          <NATRule id="id14102X65696" disabled="False" group="" position="14" action="Translate" comment="">
             <OSrc neg="False">
               <ObjectRef ref="sysid0"/>
             </OSrc>
             <ODst neg="False">
-              <ObjectRef ref="id4420X5690"/>
+              <ObjectRef ref="id8908X28426"/>
             </ODst>
             <OSrv neg="False">
               <ServiceRef ref="id41291883"/>
@@ -2897,89 +2839,6 @@
             </ItfOutb>
             <NATRuleOptions/>
           </NATRule>
-          <NATRule id="id14145X65696" disabled="True" group="" position="17" action="Translate" comment="">
-            <OSrc neg="False">
-              <ObjectRef ref="sysid0"/>
-            </OSrc>
-            <ODst neg="False">
-              <ObjectRef ref="id4420X5690"/>
-            </ODst>
-            <OSrv neg="False">
-              <ServiceRef ref="id3D703C90"/>
-            </OSrv>
-            <TSrc neg="False">
-              <ObjectRef ref="sysid0"/>
-            </TSrc>
-            <TDst neg="False">
-              <ObjectRef ref="id10418X5690"/>
-            </TDst>
-            <TSrv neg="False">
-              <ServiceRef ref="sysid1"/>
-            </TSrv>
-            <ItfInb neg="False">
-              <ObjectRef ref="sysid0"/>
-            </ItfInb>
-            <ItfOutb neg="False">
-              <ObjectRef ref="sysid0"/>
-            </ItfOutb>
-            <NATRuleOptions/>
-          </NATRule>
-          <NATRule id="id14188X65696" disabled="True" group="" position="18" action="Translate" comment="">
-            <OSrc neg="False">
-              <ObjectRef ref="sysid0"/>
-            </OSrc>
-            <ODst neg="False">
-              <ObjectRef ref="id4420X5690"/>
-            </ODst>
-            <OSrv neg="False">
-              <ServiceRef ref="id4127F146"/>
-              <ServiceRef ref="id3D703C8C"/>
-            </OSrv>
-            <TSrc neg="False">
-              <ObjectRef ref="sysid0"/>
-            </TSrc>
-            <TDst neg="False">
-              <ObjectRef ref="id10418X5690"/>
-            </TDst>
-            <TSrv neg="False">
-              <ServiceRef ref="sysid1"/>
-            </TSrv>
-            <ItfInb neg="False">
-              <ObjectRef ref="sysid0"/>
-            </ItfInb>
-            <ItfOutb neg="False">
-              <ObjectRef ref="sysid0"/>
-            </ItfOutb>
-            <NATRuleOptions/>
-          </NATRule>
-          <NATRule id="id14232X65696" disabled="True" group="" position="19" action="Translate" comment="">
-            <OSrc neg="False">
-              <ObjectRef ref="sysid0"/>
-            </OSrc>
-            <ODst neg="False">
-              <ObjectRef ref="id4420X5690"/>
-            </ODst>
-            <OSrv neg="False">
-              <ServiceRef ref="udp-DNS"/>
-              <ServiceRef ref="tcp-DNS"/>
-            </OSrv>
-            <TSrc neg="False">
-              <ObjectRef ref="sysid0"/>
-            </TSrc>
-            <TDst neg="False">
-              <ObjectRef ref="id10418X5690"/>
-            </TDst>
-            <TSrv neg="False">
-              <ServiceRef ref="sysid1"/>
-            </TSrv>
-            <ItfInb neg="False">
-              <ObjectRef ref="sysid0"/>
-            </ItfInb>
-            <ItfOutb neg="False">
-              <ObjectRef ref="sysid0"/>
-            </ItfOutb>
-            <NATRuleOptions/>
-          </NATRule>
           <RuleSetOptions/>
         </NAT>
         <Policy id="id8901X28426" name="Policy" comment="" ro="False" ipv4_rule_set="False" ipv6_rule_set="False" top_rule_set="True">
@@ -3550,37 +3409,50 @@
           <RuleSetOptions/>
         </Policy>
         <Routing id="id8905X28426" name="Routing" comment="" ro="False" ipv4_rule_set="False" ipv6_rule_set="False" top_rule_set="True">
+          <RoutingRule id="id13373X354" disabled="True" group="" metric="0" position="0" comment="">
+            <RDst neg="False">
+              <ObjectRef ref="id4422X5690"/>
+            </RDst>
+            <RGtw neg="False">
+              <ObjectRef ref="id11122X65696"/>
+            </RGtw>
+            <RItf neg="False">
+              <ObjectRef ref="sysid0"/>
+            </RItf>
+            <RoutingRuleOptions/>
+          </RoutingRule>
           <RuleSetOptions/>
         </Routing>
         <Interface id="id8907X28426" dedicated_failover="False" dyn="False" label="external" mgmt="False" security_level="0" unnum="False" unprotected="False" name="enp0s31f6" comment="" ro="False">
-          <IPv4 id="id8908X28426" name="kvmhost02:enp0s31f6:ip" comment="" ro="False" address="95.216.10.42" netmask="255.255.255.255"/>
+          <IPv4 id="id8908X28426" name="kvmhost02:enp0s31f6:ip" comment="" ro="False" address="95.216.10.42" netmask="255.255.255.192"/>
+          <IPv4 id="id13268X354" name="kvmhost02:enp0s31f6:ip-zusatzip" comment="" ro="False" address="95.216.10.43" netmask="255.255.255.192"/>
           <IPv6 id="id9239X28426" name="kvmhost02:enp0s31f6:ip6" comment="" ro="False" address="2a01:4f9:2a:a55::2" netmask="64"/>
           <InterfaceOptions/>
         </Interface>
-        <Interface id="id8951X28426" dedicated_failover="False" dyn="False" label="dmz" mgmt="False" security_level="0" unnum="False" unprotected="False" name="eth1" comment="" ro="False">
-          <IPv4 id="id9097X28426" name="kvmhost02:eth1:ip" comment="" ro="False" address="10.64.1.1" netmask="255.255.255.0"/>
-          <IPv6 id="id9288X28426" name="kvmhost02:eth1:ip6" comment="" ro="False" address="2a01:4f9:2a:a55::10:1" netmask="116"/>
+        <Interface id="id8951X28426" dedicated_failover="False" dyn="False" label="dmz" mgmt="False" security_level="0" unnum="False" unprotected="False" name="dmz" comment="" ro="False">
+          <IPv4 id="id9097X28426" name="kvmhost02:dmz:ip" comment="" ro="False" address="10.64.1.1" netmask="255.255.255.0"/>
+          <IPv6 id="id9288X28426" name="kvmhost02:dmz:ip6" comment="" ro="False" address="2a01:4f9:2a:a55::10:1" netmask="116"/>
           <InterfaceOptions>
             <Option name="type">ethernet</Option>
           </InterfaceOptions>
         </Interface>
-        <Interface id="id8985X28426" dedicated_failover="False" dyn="False" label="app" mgmt="False" security_level="0" unnum="False" unprotected="False" name="eth2" comment="" ro="False">
-          <IPv4 id="id9118X28426" name="kvmhost02:eth2:ip" comment="" ro="False" address="10.64.2.1" netmask="255.255.255.0"/>
-          <IPv6 id="id9325X28426" name="kvmhost02:eth2:ip6" comment="" ro="False" address="2a01:4f9:2a:a55::20:1" netmask="116"/>
+        <Interface id="id8985X28426" dedicated_failover="False" dyn="False" label="app" mgmt="False" security_level="0" unnum="False" unprotected="False" name="app" comment="" ro="False">
+          <IPv4 id="id9118X28426" name="kvmhost02:app:ip" comment="" ro="False" address="10.64.2.1" netmask="255.255.255.0"/>
+          <IPv6 id="id9325X28426" name="kvmhost02:app:ip6" comment="" ro="False" address="2a01:4f9:2a:a55::20:1" netmask="116"/>
           <InterfaceOptions>
             <Option name="type">ethernet</Option>
           </InterfaceOptions>
         </Interface>
-        <Interface id="id9019X28426" dedicated_failover="False" dyn="False" label="db" mgmt="False" security_level="0" unnum="False" unprotected="False" name="eth3" comment="" ro="False">
-          <IPv4 id="id9139X28426" name="kvmhost02:eth3:ip" comment="" ro="False" address="10.64.3.1" netmask="255.255.255.0"/>
-          <IPv6 id="id9348X28426" name="kvmhost02:eth3:ip6" comment="" ro="False" address="2a01:4f9:2a:a55::30:1" netmask="116"/>
+        <Interface id="id9019X28426" dedicated_failover="False" dyn="False" label="db" mgmt="False" security_level="0" unnum="False" unprotected="False" name="db" comment="" ro="False">
+          <IPv4 id="id9139X28426" name="kvmhost02:db:ip" comment="" ro="False" address="10.64.3.1" netmask="255.255.255.0"/>
+          <IPv6 id="id9348X28426" name="kvmhost02:db:ip6" comment="" ro="False" address="2a01:4f9:2a:a55::30:1" netmask="116"/>
           <InterfaceOptions>
             <Option name="type">ethernet</Option>
           </InterfaceOptions>
         </Interface>
-        <Interface id="id9053X28426" dedicated_failover="False" dyn="False" label="mgmt" mgmt="False" security_level="0" unnum="False" unprotected="False" name="eth4" comment="" ro="False">
-          <IPv4 id="id9152X28426" name="kvmhost02:eth4:ip" comment="" ro="False" address="10.64.4.1" netmask="255.255.255.0"/>
-          <IPv6 id="id9381X28426" name="kvmhost02:eth4:ip6" comment="" ro="False" address="2a01:4f9:2a:a55::40:1" netmask="116"/>
+        <Interface id="id9053X28426" dedicated_failover="False" dyn="False" label="mgmt" mgmt="False" security_level="0" unnum="False" unprotected="False" name="mgmt" comment="" ro="False">
+          <IPv4 id="id9152X28426" name="kvmhost02:mgmt:ip" comment="" ro="False" address="10.64.4.1" netmask="255.255.255.0"/>
+          <IPv6 id="id9381X28426" name="kvmhost02:mgmt:ip6" comment="" ro="False" address="2a01:4f9:2a:a55::40:1" netmask="116"/>
           <InterfaceOptions>
             <Option name="type">ethernet</Option>
           </InterfaceOptions>
@@ -3595,23 +3467,96 @@
           <PolicyInstallScript arguments="" command="" enabled="False"/>
         </Management>
         <FirewallOptions>
-          <Option name="accept_established">true</Option>
-          <Option name="accept_new_tcp_with_no_syn">true</Option>
-          <Option name="check_shading">true</Option>
-          <Option name="configure_interfaces">true</Option>
-          <Option name="firewall_is_part_of_any_and_networks">true</Option>
+          <Option name="accept_established">True</Option>
+          <Option name="accept_new_tcp_with_no_syn">True</Option>
+          <Option name="action_on_reject"/>
+          <Option name="activationCmd"/>
+          <Option name="add_mgmt_ssh_rule_when_stoped">False</Option>
+          <Option name="add_rules_for_ipv6_neighbor_discovery">False</Option>
+          <Option name="admUser">madhu</Option>
+          <Option name="altAddress">kvmhost02.itguru.at</Option>
+          <Option name="bridging_fw">False</Option>
+          <Option name="check_shading">True</Option>
+          <Option name="clamp_mss_to_mtu">False</Option>
+          <Option name="clear_unknown_interfaces">False</Option>
+          <Option name="cmdline"/>
+          <Option name="compiler"/>
+          <Option name="configure_bonding_interfaces">False</Option>
+          <Option name="configure_bridge_interfaces">False</Option>
+          <Option name="configure_interfaces">True</Option>
+          <Option name="configure_vlan_interfaces">False</Option>
+          <Option name="data_dir"/>
+          <Option name="debug">False</Option>
+          <Option name="drop_invalid">False</Option>
+          <Option name="epilog_script"/>
+          <Option name="firewall_dir">/etc/firewall/</Option>
+          <Option name="firewall_is_part_of_any_and_networks">True</Option>
           <Option name="flush_and_set_default_policy">True</Option>
+          <Option name="ignore_empty_groups">False</Option>
+          <Option name="ipv4_6_order">ipv4_first</Option>
+          <Option name="limit_suffix"/>
           <Option name="limit_value">0</Option>
+          <Option name="linux24_accept_redirects"/>
+          <Option name="linux24_accept_source_route"/>
+          <Option name="linux24_conntrack_hashsize">0</Option>
+          <Option name="linux24_conntrack_max">0</Option>
+          <Option name="linux24_conntrack_tcp_be_liberal"/>
+          <Option name="linux24_icmp_echo_ignore_all"/>
+          <Option name="linux24_icmp_echo_ignore_broadcasts"/>
+          <Option name="linux24_icmp_ignore_bogus_error_responses"/>
+          <Option name="linux24_ip_dynaddr"/>
           <Option name="linux24_ip_forward">1</Option>
-          <Option name="load_modules">true</Option>
-          <Option name="local_nat">false</Option>
+          <Option name="linux24_ipv6_forward">1</Option>
+          <Option name="linux24_log_martians"/>
+          <Option name="linux24_path_brctl"/>
+          <Option name="linux24_path_ifenslave"/>
+          <Option name="linux24_path_ip"/>
+          <Option name="linux24_path_ip6tables"/>
+          <Option name="linux24_path_ip6tables_restore"/>
+          <Option name="linux24_path_ipset"/>
+          <Option name="linux24_path_iptables"/>
+          <Option name="linux24_path_iptables_restore"/>
+          <Option name="linux24_path_logger"/>
+          <Option name="linux24_path_lsmod"/>
+          <Option name="linux24_path_modprobe"/>
+          <Option name="linux24_path_vconfig"/>
+          <Option name="linux24_rp_filter"/>
+          <Option name="linux24_tcp_ecn"/>
+          <Option name="linux24_tcp_fack"/>
+          <Option name="linux24_tcp_fin_timeout">0</Option>
+          <Option name="linux24_tcp_keepalive_interval">0</Option>
+          <Option name="linux24_tcp_sack"/>
+          <Option name="linux24_tcp_syncookies"/>
+          <Option name="linux24_tcp_timestamps"/>
+          <Option name="linux24_tcp_window_scaling"/>
+          <Option name="load_modules">True</Option>
+          <Option name="local_nat">False</Option>
+          <Option name="log_all">False</Option>
+          <Option name="log_invalid">False</Option>
+          <Option name="log_ip_opt">False</Option>
           <Option name="log_level">info</Option>
           <Option name="log_prefix">RULE %N -- %A </Option>
+          <Option name="log_tcp_opt">False</Option>
+          <Option name="log_tcp_seq">False</Option>
           <Option name="loopback_interface">lo</Option>
-          <Option name="manage_virtual_addr">true</Option>
+          <Option name="manage_virtual_addr">True</Option>
+          <Option name="mgmt_addr"/>
+          <Option name="mgmt_ssh">False</Option>
           <Option name="modules_dir">/lib/modules/`uname -r`/kernel/net/</Option>
+          <Option name="output_file"/>
+          <Option name="prolog_place">top</Option>
+          <Option name="prolog_script"/>
+          <Option name="scpArgs">-P 1848</Option>
+          <Option name="script_name_on_firewall"/>
+          <Option name="sshArgs">-p 1848</Option>
+          <Option name="ulog_cprange">0</Option>
           <Option name="ulog_nlgroup">1</Option>
-          <Option name="verify_interfaces">true</Option>
+          <Option name="ulog_qthreshold">1</Option>
+          <Option name="use_ULOG">False</Option>
+          <Option name="use_iptables_restore">False</Option>
+          <Option name="use_m_set">False</Option>
+          <Option name="use_numeric_log_levels">False</Option>
+          <Option name="verify_interfaces">True</Option>
         </FirewallOptions>
       </Firewall>
     </ObjectGroup>