|
|
@@ -1,6 +1,6 @@
|
|
|
<?xml version="1.0" encoding="utf-8"?>
|
|
|
<!DOCTYPE FWObjectDatabase SYSTEM "fwbuilder.dtd">
|
|
|
-<FWObjectDatabase xmlns="http://www.fwbuilder.org/1.0/" version="24" lastModified="1576140568" id="root">
|
|
|
+<FWObjectDatabase xmlns="http://www.fwbuilder.org/1.0/" version="24" lastModified="1576148594" id="root">
|
|
|
<Library id="syslib000" color="#d4f8ff" name="Standard" comment="Standard objects" ro="True">
|
|
|
<AnyNetwork id="sysid0" name="Any" comment="Any Network" ro="False" address="0.0.0.0" netmask="0.0.0.0"/>
|
|
|
<AnyIPService id="sysid1" protocol_num="0" name="Any" comment="Any IP Service" ro="False"/>
|
|
|
@@ -716,7 +716,7 @@
|
|
|
<Host id="id4382X2427" name="admin01" comment="" ro="False">
|
|
|
<Interface id="id4384X2427" dedicated_failover="False" dyn="False" label="" security_level="0" unnum="False" unprotected="False" name="eth0" comment="" ro="False">
|
|
|
<IPv4 id="id4385X2427" name="admin01:eth0:ip" comment="" ro="False" address="192.168.122.250" netmask="255.255.255.0"/>
|
|
|
- <IPv4 id="id11122X65696" name="admin01:eth0:ip-1" comment="" ro="False" address="10.64.4.200" netmask="255.255.255.0"/>
|
|
|
+ <IPv4 id="id11122X65696" name="admin01:eth0:ip-new" comment="" ro="False" address="10.64.4.200" netmask="255.255.255.0"/>
|
|
|
<InterfaceOptions/>
|
|
|
</Interface>
|
|
|
<Management address="0.0.0.0">
|
|
|
@@ -759,7 +759,7 @@
|
|
|
<Host id="id10512X16353" name="vhost02" comment="" ro="False">
|
|
|
<Interface id="id10514X16353" dedicated_failover="False" dyn="False" label="" security_level="0" unnum="False" unprotected="False" name="eth0" comment="" ro="False">
|
|
|
<IPv4 id="id10515X16353" name="vhost02:eth0:ip" comment="" ro="False" address="192.168.122.60" netmask="255.255.255.0"/>
|
|
|
- <IPv4 id="id12512X65696" name="vhost01:eth0:ip-1" comment="" ro="False" address="10.64.1.100" netmask="255.255.255.0"/>
|
|
|
+ <IPv4 id="id12512X65696" name="vhost01:eth0:ip-new" comment="" ro="False" address="10.64.1.100" netmask="255.255.255.0"/>
|
|
|
<InterfaceOptions/>
|
|
|
</Interface>
|
|
|
<Management address="0.0.0.0">
|
|
|
@@ -835,6 +835,9 @@
|
|
|
<TCPService id="id10631X16353" ack_flag="False" ack_flag_mask="False" established="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="ssh 22001" comment="" ro="False" src_range_start="0" src_range_end="0" dst_range_start="22001" dst_range_end="22001"/>
|
|
|
<TCPService id="id10802X16353" ack_flag="False" ack_flag_mask="False" established="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="webmin+1" comment="" ro="False" src_range_start="0" src_range_end="0" dst_range_start="10001" dst_range_end="10001"/>
|
|
|
<TCPService id="id10843X4569" ack_flag="False" ack_flag_mask="False" established="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="gog ssh" comment="" ro="False" src_range_start="0" src_range_end="0" dst_range_start="6001" dst_range_end="6001"/>
|
|
|
+ <TCPService id="id12919X6099" ack_flag="False" ack_flag_mask="False" established="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="gogs http" comment="" ro="False" src_range_start="0" src_range_end="0" dst_range_start="6000" dst_range_end="6000"/>
|
|
|
+ <TCPService id="id21732X6772" ack_flag="False" ack_flag_mask="False" established="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="keykloak" comment="" ro="False" src_range_start="0" src_range_end="0" dst_range_start="8081" dst_range_end="8081"/>
|
|
|
+ <TCPService id="id21775X6772" ack_flag="False" ack_flag_mask="False" established="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="wekan" comment="" ro="False" src_range_start="0" src_range_end="0" dst_range_start="3001" dst_range_end="3001"/>
|
|
|
</ServiceGroup>
|
|
|
<ServiceGroup id="id1596X5690" name="UDP" comment="" ro="False">
|
|
|
<UDPService id="id4342X8596" name="openvpn source" comment="" ro="False" src_range_start="1194" src_range_end="1194" dst_range_start="0" dst_range_end="0"/>
|
|
|
@@ -2447,7 +2450,7 @@
|
|
|
<Option name="verify_interfaces">True</Option>
|
|
|
</FirewallOptions>
|
|
|
</Firewall>
|
|
|
- <Firewall id="id8899X28426" host_OS="linux24" inactive="False" lastCompiled="1576142460" lastInstalled="1576142474" lastModified="1576142368" platform="iptables" version="" name="kvmhost02" comment="" ro="False">
|
|
|
+ <Firewall id="id8899X28426" host_OS="linux24" inactive="False" lastCompiled="1576154382" lastInstalled="1576154396" lastModified="1576154372" platform="iptables" version="" name="kvmhost02" comment="" ro="False">
|
|
|
<NAT id="id13393X65696" name="NAT" comment="" ro="False" ipv4_rule_set="True" ipv6_rule_set="False" top_rule_set="True">
|
|
|
<NATRule id="id13395X65696" disabled="False" group="outgoing NAT" position="0" action="Translate" comment="NAT all outgoing mail traffic to mail IP">
|
|
|
<OSrc neg="False">
|
|
|
@@ -2476,7 +2479,34 @@
|
|
|
</ItfOutb>
|
|
|
<NATRuleOptions/>
|
|
|
</NATRule>
|
|
|
- <NATRule id="id12515X6099" disabled="False" group="outgoing NAT" position="1" action="Translate" comment="NAT all outgoing traffic">
|
|
|
+ <NATRule id="id21921X6772" disabled="False" group="outgoing NAT" position="1" action="Translate" comment="">
|
|
|
+ <OSrc neg="False">
|
|
|
+ <ObjectRef ref="id11343X65696"/>
|
|
|
+ </OSrc>
|
|
|
+ <ODst neg="False">
|
|
|
+ <ObjectRef ref="id4422X5690"/>
|
|
|
+ </ODst>
|
|
|
+ <OSrv neg="False">
|
|
|
+ <ServiceRef ref="sysid1"/>
|
|
|
+ </OSrv>
|
|
|
+ <TSrc neg="False">
|
|
|
+ <ObjectRef ref="sysid0"/>
|
|
|
+ </TSrc>
|
|
|
+ <TDst neg="False">
|
|
|
+ <ObjectRef ref="sysid0"/>
|
|
|
+ </TDst>
|
|
|
+ <TSrv neg="False">
|
|
|
+ <ServiceRef ref="sysid1"/>
|
|
|
+ </TSrv>
|
|
|
+ <ItfInb neg="False">
|
|
|
+ <ObjectRef ref="sysid0"/>
|
|
|
+ </ItfInb>
|
|
|
+ <ItfOutb neg="False">
|
|
|
+ <ObjectRef ref="sysid0"/>
|
|
|
+ </ItfOutb>
|
|
|
+ <NATRuleOptions/>
|
|
|
+ </NATRule>
|
|
|
+ <NATRule id="id12515X6099" disabled="False" group="outgoing NAT" position="2" action="Translate" comment="NAT all outgoing traffic">
|
|
|
<OSrc neg="False">
|
|
|
<ObjectRef ref="id11343X65696"/>
|
|
|
</OSrc>
|
|
|
@@ -2503,7 +2533,7 @@
|
|
|
</ItfOutb>
|
|
|
<NATRuleOptions/>
|
|
|
</NATRule>
|
|
|
- <NATRule id="id13438X65696" disabled="False" group="NAT VMs" position="2" action="Translate" comment="special nat so internal hosts can connect to hostet services.">
|
|
|
+ <NATRule id="id13438X65696" disabled="False" group="NAT VMs" position="3" action="Translate" comment="special nat so internal hosts can connect to hostet services.">
|
|
|
<OSrc neg="False">
|
|
|
<ObjectRef ref="id11343X65696"/>
|
|
|
</OSrc>
|
|
|
@@ -2530,7 +2560,7 @@
|
|
|
</ItfOutb>
|
|
|
<NATRuleOptions/>
|
|
|
</NATRule>
|
|
|
- <NATRule id="id13483X65696" disabled="False" group="NAT VMs" position="3" action="Translate" comment="special nat so internal hosts can connect to hostet services.">
|
|
|
+ <NATRule id="id13483X65696" disabled="False" group="NAT VMs" position="4" action="Translate" comment="special nat so internal hosts can connect to hostet services.">
|
|
|
<OSrc neg="False">
|
|
|
<ObjectRef ref="id11343X65696"/>
|
|
|
</OSrc>
|
|
|
@@ -2557,7 +2587,7 @@
|
|
|
</ItfOutb>
|
|
|
<NATRuleOptions/>
|
|
|
</NATRule>
|
|
|
- <NATRule id="id14760X65696" disabled="False" group="NAT VMs" position="4" action="Translate" comment="NAT all other traffic to main IP">
|
|
|
+ <NATRule id="id14760X65696" disabled="False" group="NAT VMs" position="5" action="Translate" comment="NAT all other traffic to main IP">
|
|
|
<OSrc neg="False">
|
|
|
<ObjectRef ref="id11343X65696"/>
|
|
|
</OSrc>
|
|
|
@@ -2584,7 +2614,7 @@
|
|
|
</ItfOutb>
|
|
|
<NATRuleOptions/>
|
|
|
</NATRule>
|
|
|
- <NATRule id="id13572X65696" disabled="False" group="web_access" position="5" action="Translate" comment="">
|
|
|
+ <NATRule id="id13572X65696" disabled="False" group="web_access" position="6" action="Translate" comment="">
|
|
|
<OSrc neg="False">
|
|
|
<ObjectRef ref="sysid0"/>
|
|
|
</OSrc>
|
|
|
@@ -2598,7 +2628,7 @@
|
|
|
<ObjectRef ref="sysid0"/>
|
|
|
</TSrc>
|
|
|
<TDst neg="False">
|
|
|
- <ObjectRef ref="id9695X36891"/>
|
|
|
+ <ObjectRef ref="id11161X65696"/>
|
|
|
</TDst>
|
|
|
<TSrv neg="False">
|
|
|
<ServiceRef ref="id9722X36891"/>
|
|
|
@@ -2611,7 +2641,7 @@
|
|
|
</ItfOutb>
|
|
|
<NATRuleOptions/>
|
|
|
</NATRule>
|
|
|
- <NATRule id="id13617X65696" disabled="False" group="web_access" position="6" action="Translate" comment="">
|
|
|
+ <NATRule id="id13617X65696" disabled="False" group="web_access" position="7" action="Translate" comment="">
|
|
|
<OSrc neg="False">
|
|
|
<ObjectRef ref="sysid0"/>
|
|
|
</OSrc>
|
|
|
@@ -2625,7 +2655,7 @@
|
|
|
<ObjectRef ref="sysid0"/>
|
|
|
</TSrc>
|
|
|
<TDst neg="False">
|
|
|
- <ObjectRef ref="id9695X36891"/>
|
|
|
+ <ObjectRef ref="id11161X65696"/>
|
|
|
</TDst>
|
|
|
<TSrv neg="False">
|
|
|
<ServiceRef ref="id9739X36891"/>
|
|
|
@@ -2638,7 +2668,7 @@
|
|
|
</ItfOutb>
|
|
|
<NATRuleOptions/>
|
|
|
</NATRule>
|
|
|
- <NATRule id="id13705X65696" disabled="True" group="web_access" position="7" action="Translate" comment="TODO: add a proxy rule">
|
|
|
+ <NATRule id="id13705X65696" disabled="True" group="web_access" position="8" action="Translate" comment="TODO: add a proxy rule">
|
|
|
<OSrc neg="False">
|
|
|
<ObjectRef ref="sysid0"/>
|
|
|
</OSrc>
|
|
|
@@ -2652,7 +2682,7 @@
|
|
|
<ObjectRef ref="sysid0"/>
|
|
|
</TSrc>
|
|
|
<TDst neg="False">
|
|
|
- <ObjectRef ref="id9695X36891"/>
|
|
|
+ <ObjectRef ref="id11161X65696"/>
|
|
|
</TDst>
|
|
|
<TSrv neg="False">
|
|
|
<ServiceRef ref="id9739X36891"/>
|
|
|
@@ -2665,7 +2695,7 @@
|
|
|
</ItfOutb>
|
|
|
<NATRuleOptions/>
|
|
|
</NATRule>
|
|
|
- <NATRule id="id13748X65696" disabled="False" group="wlanctl" position="8" action="Translate" comment="TODO: add Proxy rules">
|
|
|
+ <NATRule id="id13748X65696" disabled="False" group="wlanctl" position="9" action="Translate" comment="TODO: add Proxy rules">
|
|
|
<OSrc neg="False">
|
|
|
<ObjectRef ref="sysid0"/>
|
|
|
</OSrc>
|
|
|
@@ -2683,7 +2713,7 @@
|
|
|
<ObjectRef ref="sysid0"/>
|
|
|
</TSrc>
|
|
|
<TDst neg="False">
|
|
|
- <ObjectRef ref="id4102X50770"/>
|
|
|
+ <ObjectRef ref="id11275X65696"/>
|
|
|
</TDst>
|
|
|
<TSrv neg="False">
|
|
|
<ServiceRef ref="sysid1"/>
|
|
|
@@ -2696,7 +2726,7 @@
|
|
|
</ItfOutb>
|
|
|
<NATRuleOptions/>
|
|
|
</NATRule>
|
|
|
- <NATRule id="id13795X65696" disabled="False" group="wlanctl" position="9" action="Translate" comment="">
|
|
|
+ <NATRule id="id13795X65696" disabled="False" group="wlanctl" position="10" action="Translate" comment="">
|
|
|
<OSrc neg="False">
|
|
|
<ObjectRef ref="sysid0"/>
|
|
|
</OSrc>
|
|
|
@@ -2710,7 +2740,7 @@
|
|
|
<ObjectRef ref="sysid0"/>
|
|
|
</TSrc>
|
|
|
<TDst neg="False">
|
|
|
- <ObjectRef ref="id4102X50770"/>
|
|
|
+ <ObjectRef ref="id11275X65696"/>
|
|
|
</TDst>
|
|
|
<TSrv neg="False">
|
|
|
<ServiceRef ref="sysid1"/>
|
|
|
@@ -2723,7 +2753,7 @@
|
|
|
</ItfOutb>
|
|
|
<NATRuleOptions/>
|
|
|
</NATRule>
|
|
|
- <NATRule id="id13838X65696" disabled="False" group="external ssh access" position="10" action="Translate" comment="allow sftp access for ">
|
|
|
+ <NATRule id="id13838X65696" disabled="False" group="external ssh access" position="11" action="Translate" comment="allow sftp access for ">
|
|
|
<OSrc neg="False">
|
|
|
<ObjectRef ref="sysid0"/>
|
|
|
</OSrc>
|
|
|
@@ -2750,7 +2780,7 @@
|
|
|
</ItfOutb>
|
|
|
<NATRuleOptions/>
|
|
|
</NATRule>
|
|
|
- <NATRule id="id13881X65696" disabled="False" group="external ssh access" position="11" action="Translate" comment="allow ssh access for authorized users">
|
|
|
+ <NATRule id="id13881X65696" disabled="False" group="external ssh access" position="12" action="Translate" comment="allow ssh access for authorized users">
|
|
|
<OSrc neg="False">
|
|
|
<ObjectRef ref="sysid0"/>
|
|
|
</OSrc>
|
|
|
@@ -2777,7 +2807,7 @@
|
|
|
</ItfOutb>
|
|
|
<NATRuleOptions/>
|
|
|
</NATRule>
|
|
|
- <NATRule id="id13924X65696" disabled="False" group="external ssh access" position="12" action="Translate" comment="ssh for gogs git repo">
|
|
|
+ <NATRule id="id13924X65696" disabled="False" group="external ssh access" position="13" action="Translate" comment="ssh for gogs git repo">
|
|
|
<OSrc neg="False">
|
|
|
<ObjectRef ref="sysid0"/>
|
|
|
</OSrc>
|
|
|
@@ -2804,7 +2834,7 @@
|
|
|
</ItfOutb>
|
|
|
<NATRuleOptions/>
|
|
|
</NATRule>
|
|
|
- <NATRule id="id14010X65696" disabled="False" group="external ssh access" position="13" action="Translate" comment="">
|
|
|
+ <NATRule id="id14010X65696" disabled="False" group="external ssh access" position="14" action="Translate" comment="">
|
|
|
<OSrc neg="False">
|
|
|
<ObjectRef ref="sysid0"/>
|
|
|
</OSrc>
|
|
|
@@ -2831,7 +2861,7 @@
|
|
|
</ItfOutb>
|
|
|
<NATRuleOptions/>
|
|
|
</NATRule>
|
|
|
- <NATRule id="id12226X15942" disabled="False" group="" position="14" action="Translate" comment="">
|
|
|
+ <NATRule id="id12226X15942" disabled="False" group="" position="15" action="Translate" comment="">
|
|
|
<OSrc neg="False">
|
|
|
<ObjectRef ref="sysid0"/>
|
|
|
</OSrc>
|
|
|
@@ -2858,7 +2888,7 @@
|
|
|
</ItfOutb>
|
|
|
<NATRuleOptions/>
|
|
|
</NATRule>
|
|
|
- <NATRule id="id14053X65696" disabled="False" group="" position="15" action="Translate" comment="">
|
|
|
+ <NATRule id="id14053X65696" disabled="False" group="" position="16" action="Translate" comment="">
|
|
|
<OSrc neg="False">
|
|
|
<ObjectRef ref="sysid0"/>
|
|
|
</OSrc>
|
|
|
@@ -2878,7 +2908,7 @@
|
|
|
<ObjectRef ref="sysid0"/>
|
|
|
</TSrc>
|
|
|
<TDst neg="False">
|
|
|
- <ObjectRef ref="id8529X5690"/>
|
|
|
+ <ObjectRef ref="id11185X65696"/>
|
|
|
</TDst>
|
|
|
<TSrv neg="False">
|
|
|
<ServiceRef ref="sysid1"/>
|
|
|
@@ -2891,7 +2921,7 @@
|
|
|
</ItfOutb>
|
|
|
<NATRuleOptions/>
|
|
|
</NATRule>
|
|
|
- <NATRule id="id14102X65696" disabled="False" group="" position="16" action="Translate" comment="">
|
|
|
+ <NATRule id="id14102X65696" disabled="False" group="" position="17" action="Translate" comment="">
|
|
|
<OSrc neg="False">
|
|
|
<ObjectRef ref="sysid0"/>
|
|
|
</OSrc>
|
|
|
@@ -2905,7 +2935,7 @@
|
|
|
<ObjectRef ref="sysid0"/>
|
|
|
</TSrc>
|
|
|
<TDst neg="False">
|
|
|
- <ObjectRef ref="id12311X5690"/>
|
|
|
+ <ObjectRef ref="id11122X65696"/>
|
|
|
</TDst>
|
|
|
<TSrv neg="False">
|
|
|
<ServiceRef ref="sysid1"/>
|
|
|
@@ -3313,7 +3343,7 @@
|
|
|
<Option name="stateless">False</Option>
|
|
|
</PolicyRuleOptions>
|
|
|
</PolicyRule>
|
|
|
- <PolicyRule id="id12327X65696" disabled="False" group="VMs" log="True" position="14" action="Accept" direction="Both" comment="unifi wlan controler">
|
|
|
+ <PolicyRule id="id12327X65696" disabled="False" group="VMs" log="True" position="14" action="Accept" direction="Both" comment="web02 runs various software peaces.">
|
|
|
<Src neg="False">
|
|
|
<ObjectRef ref="id9692X36891"/>
|
|
|
</Src>
|
|
|
@@ -3325,6 +3355,29 @@
|
|
|
<ServiceRef ref="id11374X28426"/>
|
|
|
<ServiceRef ref="id9663X31933"/>
|
|
|
<ServiceRef ref="id9676X35429"/>
|
|
|
+ <ServiceRef ref="id21732X6772"/>
|
|
|
+ <ServiceRef ref="id21775X6772"/>
|
|
|
+ </Srv>
|
|
|
+ <Itf neg="False">
|
|
|
+ <ObjectRef ref="sysid0"/>
|
|
|
+ </Itf>
|
|
|
+ <When neg="False">
|
|
|
+ <IntervalRef ref="sysid2"/>
|
|
|
+ </When>
|
|
|
+ <PolicyRuleOptions>
|
|
|
+ <Option name="color">#C0BA44</Option>
|
|
|
+ <Option name="stateless">False</Option>
|
|
|
+ </PolicyRuleOptions>
|
|
|
+ </PolicyRule>
|
|
|
+ <PolicyRule id="id12867X6099" disabled="False" group="VMs" log="True" position="15" action="Accept" direction="Both" comment="allow gogs https">
|
|
|
+ <Src neg="False">
|
|
|
+ <ObjectRef ref="id9692X36891"/>
|
|
|
+ </Src>
|
|
|
+ <Dst neg="False">
|
|
|
+ <ObjectRef ref="id4382X2427"/>
|
|
|
+ </Dst>
|
|
|
+ <Srv neg="False">
|
|
|
+ <ServiceRef ref="id12919X6099"/>
|
|
|
</Srv>
|
|
|
<Itf neg="False">
|
|
|
<ObjectRef ref="sysid0"/>
|
|
|
@@ -3337,7 +3390,7 @@
|
|
|
<Option name="stateless">False</Option>
|
|
|
</PolicyRuleOptions>
|
|
|
</PolicyRule>
|
|
|
- <PolicyRule id="id12109X65696" disabled="False" group="VMs" log="True" position="15" action="Accept" direction="Both" comment="">
|
|
|
+ <PolicyRule id="id12109X65696" disabled="False" group="VMs" log="True" position="16" action="Accept" direction="Both" comment="">
|
|
|
<Src neg="False">
|
|
|
<ObjectRef ref="id8526X5690"/>
|
|
|
</Src>
|
|
|
@@ -3357,7 +3410,7 @@
|
|
|
<Option name="color">#7694C0</Option>
|
|
|
</PolicyRuleOptions>
|
|
|
</PolicyRule>
|
|
|
- <PolicyRule id="id12166X65696" disabled="False" group="VMs" log="True" position="16" action="Accept" direction="Both" comment="all web (app) servers are allowed to access the database.">
|
|
|
+ <PolicyRule id="id12166X65696" disabled="False" group="VMs" log="True" position="17" action="Accept" direction="Both" comment="all web (app) servers are allowed to access the database.">
|
|
|
<Src neg="False">
|
|
|
<ObjectRef ref="id13113X65696"/>
|
|
|
</Src>
|
|
|
@@ -3377,7 +3430,7 @@
|
|
|
<Option name="color">#7694C0</Option>
|
|
|
</PolicyRuleOptions>
|
|
|
</PolicyRule>
|
|
|
- <PolicyRule id="id12224X65696" disabled="False" group="VMs" log="True" position="17" action="Accept" direction="Both" comment="">
|
|
|
+ <PolicyRule id="id12224X65696" disabled="False" group="VMs" log="True" position="18" action="Accept" direction="Both" comment="">
|
|
|
<Src neg="False">
|
|
|
<ObjectRef ref="sysid0"/>
|
|
|
</Src>
|
|
|
@@ -3399,7 +3452,7 @@
|
|
|
<Option name="stateless">False</Option>
|
|
|
</PolicyRuleOptions>
|
|
|
</PolicyRule>
|
|
|
- <PolicyRule id="id9651X28426" disabled="False" group="VMs" log="True" position="18" action="Accept" direction="Both" comment="allow access to all VMs from Wireguard Network">
|
|
|
+ <PolicyRule id="id9651X28426" disabled="False" group="VMs" log="True" position="19" action="Accept" direction="Both" comment="allow access to all VMs from Wireguard Network">
|
|
|
<Src neg="False">
|
|
|
<ObjectRef ref="id11552X65696"/>
|
|
|
</Src>
|
|
|
@@ -3420,9 +3473,52 @@
|
|
|
<Option name="stateless">False</Option>
|
|
|
</PolicyRuleOptions>
|
|
|
</PolicyRule>
|
|
|
- <PolicyRule id="id9538X28426" disabled="False" group="outgoing traffic" log="True" position="19" action="Accept" direction="Outbound" comment="From the internal Network all connections are allowe the external networks.">
|
|
|
+ <PolicyRule id="id12762X6099" disabled="False" group="VMs" log="True" position="20" action="Accept" direction="Both" comment="setup icmp ping">
|
|
|
+ <Src neg="False">
|
|
|
+ <ObjectRef ref="id11343X65696"/>
|
|
|
+ </Src>
|
|
|
+ <Dst neg="False">
|
|
|
+ <ObjectRef ref="id11343X65696"/>
|
|
|
+ </Dst>
|
|
|
+ <Srv neg="False">
|
|
|
+ <ServiceRef ref="sg-Useful_ICMP"/>
|
|
|
+ <ServiceRef ref="icmp-ping_request"/>
|
|
|
+ <ServiceRef ref="icmp-ping_reply"/>
|
|
|
+ </Srv>
|
|
|
+ <Itf neg="False">
|
|
|
+ <ObjectRef ref="sysid0"/>
|
|
|
+ </Itf>
|
|
|
+ <When neg="False">
|
|
|
+ <IntervalRef ref="sysid2"/>
|
|
|
+ </When>
|
|
|
+ <PolicyRuleOptions>
|
|
|
+ <Option name="color">#C86E6E</Option>
|
|
|
+ <Option name="stateless">False</Option>
|
|
|
+ </PolicyRuleOptions>
|
|
|
+ </PolicyRule>
|
|
|
+ <PolicyRule id="id21845X6772" disabled="False" group="VMs" log="True" position="21" action="Accept" direction="Both" comment="allow all connections to old network">
|
|
|
+ <Src neg="False">
|
|
|
+ <ObjectRef ref="id11343X65696"/>
|
|
|
+ </Src>
|
|
|
+ <Dst neg="False">
|
|
|
+ <ObjectRef ref="id4422X5690"/>
|
|
|
+ </Dst>
|
|
|
+ <Srv neg="False">
|
|
|
+ <ServiceRef ref="sysid1"/>
|
|
|
+ </Srv>
|
|
|
+ <Itf neg="False">
|
|
|
+ <ObjectRef ref="sysid0"/>
|
|
|
+ </Itf>
|
|
|
+ <When neg="False">
|
|
|
+ <IntervalRef ref="sysid2"/>
|
|
|
+ </When>
|
|
|
+ <PolicyRuleOptions>
|
|
|
+ <Option name="color">#C86E6E</Option>
|
|
|
+ <Option name="stateless">False</Option>
|
|
|
+ </PolicyRuleOptions>
|
|
|
+ </PolicyRule>
|
|
|
+ <PolicyRule id="id9538X28426" disabled="False" group="outgoing traffic" log="True" position="22" action="Accept" direction="Outbound" comment="From the internal Network all connections are allowe the external networks.">
|
|
|
<Src neg="False">
|
|
|
- <ObjectRef ref="id11367X65696"/>
|
|
|
<ObjectRef ref="id11343X65696"/>
|
|
|
</Src>
|
|
|
<Dst neg="False">
|
|
|
@@ -3442,7 +3538,28 @@
|
|
|
<Option name="stateless">False</Option>
|
|
|
</PolicyRuleOptions>
|
|
|
</PolicyRule>
|
|
|
- <PolicyRule id="id11010X28426" disabled="False" group="" log="True" position="20" action="Deny" direction="Both" comment="">
|
|
|
+ <PolicyRule id="id12677X6099" disabled="False" group="outgoing traffic" log="True" position="23" action="Accept" direction="Both" comment="From ipv6 Network">
|
|
|
+ <Src neg="False">
|
|
|
+ <ObjectRef ref="id11367X65696"/>
|
|
|
+ </Src>
|
|
|
+ <Dst neg="False">
|
|
|
+ <ObjectRef ref="sysid0"/>
|
|
|
+ </Dst>
|
|
|
+ <Srv neg="False">
|
|
|
+ <ServiceRef ref="sysid1"/>
|
|
|
+ </Srv>
|
|
|
+ <Itf neg="False">
|
|
|
+ <ObjectRef ref="id8907X28426"/>
|
|
|
+ </Itf>
|
|
|
+ <When neg="False">
|
|
|
+ <IntervalRef ref="sysid2"/>
|
|
|
+ </When>
|
|
|
+ <PolicyRuleOptions>
|
|
|
+ <Option name="color">#8BC065</Option>
|
|
|
+ <Option name="stateless">False</Option>
|
|
|
+ </PolicyRuleOptions>
|
|
|
+ </PolicyRule>
|
|
|
+ <PolicyRule id="id11010X28426" disabled="False" group="" log="True" position="24" action="Deny" direction="Both" comment="">
|
|
|
<Src neg="False">
|
|
|
<ObjectRef ref="sysid0"/>
|
|
|
</Src>
|
