|
|
@@ -1,6 +1,6 @@
|
|
|
<?xml version="1.0" encoding="utf-8"?>
|
|
|
<!DOCTYPE FWObjectDatabase SYSTEM "fwbuilder.dtd">
|
|
|
-<FWObjectDatabase xmlns="http://www.fwbuilder.org/1.0/" version="24" lastModified="1599724442" id="root">
|
|
|
+<FWObjectDatabase xmlns="http://www.fwbuilder.org/1.0/" version="24" lastModified="1619523269" id="root">
|
|
|
<Library id="syslib000" color="#d4f8ff" name="Standard" comment="Standard objects" ro="True">
|
|
|
<AnyNetwork id="sysid0" name="Any" comment="Any Network" ro="False" address="0.0.0.0" netmask="0.0.0.0"/>
|
|
|
<AnyIPService id="sysid1" protocol_num="0" name="Any" comment="Any IP Service" ro="False"/>
|
|
|
@@ -2125,36 +2125,38 @@
|
|
|
<IPv6 id="id9325X28426" name="kvmhost02:app:ip6" comment="" ro="False" address="2a01:4f9:2a:a55::20:1" netmask="116"/>
|
|
|
<IPv6 id="id9348X28426" name="kvmhost02:db:ip6" comment="" ro="False" address="2a01:4f9:2a:a55::30:1" netmask="116"/>
|
|
|
<IPv6 id="id9381X28426" name="kvmhost02:mgmt:ip6" comment="" ro="False" address="2a01:4f9:2a:a55::40:1" netmask="116"/>
|
|
|
+ <IPv4 id="id4160X34148" name="legacytowers.net-001" comment="" ro="False" address="66.111.231.85" netmask="0.0.0.0"/>
|
|
|
+ <IPv4 id="id4163X34148" name="legacytowers.net-002" comment="" ro="False" address="66.111.232.85" netmask="0.0.0.0"/>
|
|
|
+ <IPv4 id="id4166X34148" name="legacytowers.net-003" comment="" ro="False" address="66.111.233.86" netmask="0.0.0.0"/>
|
|
|
+ <IPv4 id="id4169X34148" name="legacytowers.net-004" comment="" ro="False" address="66.111.234.84" netmask="0.0.0.0"/>
|
|
|
+ <IPv4 id="id4172X34148" name="legacytowers.net-005" comment="" ro="False" address="66.111.235.84" netmask="0.0.0.0"/>
|
|
|
+ <IPv4 id="id4175X34148" name="legacytowers.net-006" comment="" ro="False" address="66.111.236.84" netmask="0.0.0.0"/>
|
|
|
+ <IPv4 id="id4178X34148" name="legacytowers.net-007" comment="" ro="False" address="66.111.237.84" netmask="0.0.0.0"/>
|
|
|
+ <IPv4 id="id4181X34148" name="legacytowers.net-008" comment="" ro="False" address="66.111.238.84" netmask="0.0.0.0"/>
|
|
|
+ <IPv4 id="id4184X34148" name="legacytowers.net-009" comment="" ro="False" address="66.111.239.84" netmask="0.0.0.0"/>
|
|
|
+ <IPv4 id="id4187X34148" name="legacytowers.net-010" comment="" ro="False" address="66.111.240.214" netmask="0.0.0.0"/>
|
|
|
+ <IPv4 id="id4190X34148" name="legacytowers.net-011" comment="" ro="False" address="66.111.241.212" netmask="0.0.0.0"/>
|
|
|
+ <IPv4 id="id4193X34148" name="legacytowers.net-012" comment="" ro="False" address="66.111.246.79" netmask="0.0.0.0"/>
|
|
|
+ <IPv4 id="id4196X34148" name="legacytowers.net-013" comment="" ro="False" address="66.111.247.78" netmask="0.0.0.0"/>
|
|
|
+ <IPv4 id="id4199X34148" name="legacytowers.net-014" comment="" ro="False" address="66.111.248.79" netmask="0.0.0.0"/>
|
|
|
+ <IPv4 id="id4202X34148" name="legacytowers.net-015" comment="" ro="False" address="66.111.249.78" netmask="0.0.0.0"/>
|
|
|
+ <IPv4 id="id4205X34148" name="legacytowers.net-016" comment="" ro="False" address="66.111.250.77" netmask="0.0.0.0"/>
|
|
|
+ <IPv4 id="id4208X34148" name="legacytowers.net-017" comment="" ro="False" address="66.111.251.78" netmask="0.0.0.0"/>
|
|
|
+ <IPv4 id="id4211X34148" name="legacytowers.net-018" comment="" ro="False" address="66.111.252.78" netmask="0.0.0.0"/>
|
|
|
+ <IPv4 id="id4147X34148" name="legacytowers.net-019" comment="" ro="False" address="66.111.253.79" netmask="0.0.0.0"/>
|
|
|
+ <AddressRange id="id14042X233013" name="email scan" comment="" ro="False" start_address="5.188.206.246" end_address="5.188.206.246"/>
|
|
|
</Library>
|
|
|
<Library id="id1582X5690" color="#d2ffd0" name="User" comment="" ro="False">
|
|
|
<ObjectGroup id="id1583X5690" name="Objects" comment="" ro="False">
|
|
|
- <ObjectGroup id="id1584X5690" subfolders="legacytowers.net" name="Addresses" comment="" ro="False">
|
|
|
+ <ObjectGroup id="id1584X5690" subfolders="" name="Addresses" comment="" ro="False">
|
|
|
<IPv6 id="id3770X6649" name="hetzner ipv6 monitoring 1" comment="" ro="False" address="2a01:4f8:0:a101::5:1" netmask="128"/>
|
|
|
<IPv6 id="id3785X6649" name="hetzner ipv6 monitoring 2" comment="" ro="False" address="2a01:4f8:0:a101::6:1" netmask="128"/>
|
|
|
<IPv6 id="id3804X6649" name="hetzner ipv6 monitoring 3" comment="" ro="False" address="2a01:4f8:0:a101::6:2" netmask="128"/>
|
|
|
<IPv6 id="id3815X6649" name="hetzner ipv6 monitoring 4" comment="" ro="False" address="2a01:4f8:0:a101::6:3" netmask="128"/>
|
|
|
- <IPv4 id="id4147X34148" folder="legacytowers.net" name="legacytowers.net-019" comment="" ro="False" address="66.111.253.79" netmask="0.0.0.0"/>
|
|
|
- <IPv4 id="id4160X34148" folder="legacytowers.net" name="legacytowers.net-001" comment="" ro="False" address="66.111.231.85" netmask="0.0.0.0"/>
|
|
|
- <IPv4 id="id4163X34148" folder="legacytowers.net" name="legacytowers.net-002" comment="" ro="False" address="66.111.232.85" netmask="0.0.0.0"/>
|
|
|
- <IPv4 id="id4166X34148" folder="legacytowers.net" name="legacytowers.net-003" comment="" ro="False" address="66.111.233.86" netmask="0.0.0.0"/>
|
|
|
- <IPv4 id="id4169X34148" folder="legacytowers.net" name="legacytowers.net-004" comment="" ro="False" address="66.111.234.84" netmask="0.0.0.0"/>
|
|
|
- <IPv4 id="id4172X34148" folder="legacytowers.net" name="legacytowers.net-005" comment="" ro="False" address="66.111.235.84" netmask="0.0.0.0"/>
|
|
|
- <IPv4 id="id4175X34148" folder="legacytowers.net" name="legacytowers.net-006" comment="" ro="False" address="66.111.236.84" netmask="0.0.0.0"/>
|
|
|
- <IPv4 id="id4178X34148" folder="legacytowers.net" name="legacytowers.net-007" comment="" ro="False" address="66.111.237.84" netmask="0.0.0.0"/>
|
|
|
- <IPv4 id="id4181X34148" folder="legacytowers.net" name="legacytowers.net-008" comment="" ro="False" address="66.111.238.84" netmask="0.0.0.0"/>
|
|
|
- <IPv4 id="id4184X34148" folder="legacytowers.net" name="legacytowers.net-009" comment="" ro="False" address="66.111.239.84" netmask="0.0.0.0"/>
|
|
|
- <IPv4 id="id4187X34148" folder="legacytowers.net" name="legacytowers.net-010" comment="" ro="False" address="66.111.240.214" netmask="0.0.0.0"/>
|
|
|
- <IPv4 id="id4190X34148" folder="legacytowers.net" name="legacytowers.net-011" comment="" ro="False" address="66.111.241.212" netmask="0.0.0.0"/>
|
|
|
- <IPv4 id="id4193X34148" folder="legacytowers.net" name="legacytowers.net-012" comment="" ro="False" address="66.111.246.79" netmask="0.0.0.0"/>
|
|
|
- <IPv4 id="id4196X34148" folder="legacytowers.net" name="legacytowers.net-013" comment="" ro="False" address="66.111.247.78" netmask="0.0.0.0"/>
|
|
|
- <IPv4 id="id4199X34148" folder="legacytowers.net" name="legacytowers.net-014" comment="" ro="False" address="66.111.248.79" netmask="0.0.0.0"/>
|
|
|
- <IPv4 id="id4202X34148" folder="legacytowers.net" name="legacytowers.net-015" comment="" ro="False" address="66.111.249.78" netmask="0.0.0.0"/>
|
|
|
- <IPv4 id="id4205X34148" folder="legacytowers.net" name="legacytowers.net-016" comment="" ro="False" address="66.111.250.77" netmask="0.0.0.0"/>
|
|
|
- <IPv4 id="id4208X34148" folder="legacytowers.net" name="legacytowers.net-017" comment="" ro="False" address="66.111.251.78" netmask="0.0.0.0"/>
|
|
|
- <IPv4 id="id4211X34148" folder="legacytowers.net" name="legacytowers.net-018" comment="" ro="False" address="66.111.252.78" netmask="0.0.0.0"/>
|
|
|
<IPv6 id="id4660X39728" name="IPV6 Default GW" comment="" ro="False" address="fe80::1" netmask="128"/>
|
|
|
<IPv6 id="id9704X17196" name="hetzner ipv6 monitoring 5" comment="" ro="False" address="2a01:4f8:0:a112::c:1" netmask="128"/>
|
|
|
<IPv4 id="id9661X22688" name="my upc home adress" comment="" ro="False" address="62.178.152.187" netmask="0.0.0.0"/>
|
|
|
+ <IPv4 id="id14009X396398" name="email_adress_scan" comment="" ro="False" address="5.188.206.246" netmask="0.0.0.0"/>
|
|
|
</ObjectGroup>
|
|
|
<ObjectGroup id="id1585X5690" name="DNS Names" comment="" ro="False"/>
|
|
|
<ObjectGroup id="id1586X5690" name="Address Tables" comment="" ro="False"/>
|
|
|
@@ -2169,25 +2171,7 @@
|
|
|
<ObjectRef ref="id9704X17196"/>
|
|
|
</ObjectGroup>
|
|
|
<ObjectGroup id="id4136X34148" name="spammers" comment="" ro="False">
|
|
|
- <ObjectRef ref="id4160X34148"/>
|
|
|
- <ObjectRef ref="id4163X34148"/>
|
|
|
- <ObjectRef ref="id4166X34148"/>
|
|
|
- <ObjectRef ref="id4169X34148"/>
|
|
|
- <ObjectRef ref="id4172X34148"/>
|
|
|
- <ObjectRef ref="id4175X34148"/>
|
|
|
- <ObjectRef ref="id4178X34148"/>
|
|
|
- <ObjectRef ref="id4181X34148"/>
|
|
|
- <ObjectRef ref="id4184X34148"/>
|
|
|
- <ObjectRef ref="id4187X34148"/>
|
|
|
- <ObjectRef ref="id4190X34148"/>
|
|
|
- <ObjectRef ref="id4193X34148"/>
|
|
|
- <ObjectRef ref="id4196X34148"/>
|
|
|
- <ObjectRef ref="id4199X34148"/>
|
|
|
- <ObjectRef ref="id4202X34148"/>
|
|
|
- <ObjectRef ref="id4205X34148"/>
|
|
|
- <ObjectRef ref="id4208X34148"/>
|
|
|
- <ObjectRef ref="id4211X34148"/>
|
|
|
- <ObjectRef ref="id4147X34148"/>
|
|
|
+ <ObjectRef ref="id14055X233013"/>
|
|
|
</ObjectGroup>
|
|
|
<ObjectGroup id="id4602X5821" name="VPN Networks" comment="" ro="False">
|
|
|
<ObjectRef ref="id4105X383"/>
|
|
|
@@ -2404,6 +2388,7 @@
|
|
|
<Network id="id12783X65696" name="db ipv4" comment="" ro="False" address="10.64.3.0" netmask="255.255.255.0"/>
|
|
|
<Network id="id12800X65696" name="app ipv4" comment="" ro="False" address="10.64.2.0" netmask="255.255.255.0"/>
|
|
|
<NetworkIPv6 id="id12813X65696" name="app ipv6" comment="" ro="False" address="2a01:4f9:2a:a55::20:0" netmask="116"/>
|
|
|
+ <Network id="id14055X233013" name="emailscaner" comment="" ro="False" address="5.188.206.0" netmask="255.255.255.0"/>
|
|
|
</ObjectGroup>
|
|
|
<ObjectGroup id="id1590X5690" name="Address Ranges" comment="" ro="False">
|
|
|
<AddressRange id="id3754X6649" name="Hetzner monitoring" comment="" ro="False" start_address="213.133.113.82" end_address="213.133.113.86"/>
|
|
|
@@ -2455,7 +2440,7 @@
|
|
|
<ServiceGroup id="id1599X5690" name="TagServices" comment="" ro="False"/>
|
|
|
</ServiceGroup>
|
|
|
<ObjectGroup id="id1600X5690" name="Firewalls" comment="" ro="False">
|
|
|
- <Firewall id="id8899X28426" host_OS="linux317" inactive="False" lastCompiled="1612891909" lastInstalled="1612891959" lastModified="1612891888" platform="iptables" version="1.4.20" name="kvmhost02" comment="" ro="False">
|
|
|
+ <Firewall id="id8899X28426" host_OS="linux317" inactive="False" lastCompiled="1619523433" lastInstalled="1619523502" lastModified="1619523398" platform="iptables" version="1.4.20" name="kvmhost02" comment="" ro="False">
|
|
|
<NAT id="id13393X65696" name="NAT" comment="" ro="False" ipv4_rule_set="True" ipv6_rule_set="False" top_rule_set="True">
|
|
|
<NATRule id="id13395X65696" disabled="False" group="outgoing NAT" position="0" action="Translate" comment="NAT all outgoing mail traffic to mail IP">
|
|
|
<OSrc neg="False">
|
|
|
@@ -3115,7 +3100,34 @@
|
|
|
<Option name="ulog_nlgroup">1</Option>
|
|
|
</PolicyRuleOptions>
|
|
|
</PolicyRule>
|
|
|
- <PolicyRule id="id10894X28426" disabled="False" group="Firewall" log="False" position="1" action="Accept" direction="Both" comment="">
|
|
|
+ <PolicyRule id="id14114X233013" disabled="False" group="Firewall" log="True" position="1" action="Deny" direction="Both" comment="Known spamers and adress harvesters are blocked.">
|
|
|
+ <Src neg="False">
|
|
|
+ <ObjectRef ref="id4136X34148"/>
|
|
|
+ </Src>
|
|
|
+ <Dst neg="False">
|
|
|
+ <ObjectRef ref="sysid0"/>
|
|
|
+ </Dst>
|
|
|
+ <Srv neg="False">
|
|
|
+ <ServiceRef ref="tcp-SMTP"/>
|
|
|
+ <ServiceRef ref="id3B4FF04C"/>
|
|
|
+ <ServiceRef ref="id3AECF776"/>
|
|
|
+ <ServiceRef ref="id3B4FED9F"/>
|
|
|
+ <ServiceRef ref="id4212X62874"/>
|
|
|
+ <ServiceRef ref="id3B4FEE1D"/>
|
|
|
+ <ServiceRef ref="id3E7553BA"/>
|
|
|
+ </Srv>
|
|
|
+ <Itf neg="False">
|
|
|
+ <ObjectRef ref="sysid0"/>
|
|
|
+ </Itf>
|
|
|
+ <When neg="False">
|
|
|
+ <IntervalRef ref="sysid2"/>
|
|
|
+ </When>
|
|
|
+ <PolicyRuleOptions>
|
|
|
+ <Option name="color">#C86E6E</Option>
|
|
|
+ <Option name="stateless">True</Option>
|
|
|
+ </PolicyRuleOptions>
|
|
|
+ </PolicyRule>
|
|
|
+ <PolicyRule id="id10894X28426" disabled="False" group="Firewall" log="False" position="2" action="Accept" direction="Both" comment="">
|
|
|
<Src neg="False">
|
|
|
<ObjectRef ref="sysid0"/>
|
|
|
</Src>
|
|
|
@@ -3133,7 +3145,7 @@
|
|
|
</When>
|
|
|
<PolicyRuleOptions/>
|
|
|
</PolicyRule>
|
|
|
- <PolicyRule id="id10838X28426" disabled="False" group="Firewall" log="True" position="2" action="Accept" direction="Both" comment="Firewall can do everything">
|
|
|
+ <PolicyRule id="id10838X28426" disabled="False" group="Firewall" log="True" position="3" action="Accept" direction="Both" comment="Firewall can do everything">
|
|
|
<Src neg="False">
|
|
|
<ObjectRef ref="id8899X28426"/>
|
|
|
</Src>
|
|
|
@@ -3151,7 +3163,7 @@
|
|
|
</When>
|
|
|
<PolicyRuleOptions/>
|
|
|
</PolicyRule>
|
|
|
- <PolicyRule id="id10781X28426" disabled="False" group="Firewall" log="True" position="3" action="Accept" direction="Both" comment="SSH Access to firewall is permitted only through the hiports">
|
|
|
+ <PolicyRule id="id10781X28426" disabled="False" group="Firewall" log="True" position="4" action="Accept" direction="Both" comment="SSH Access to firewall is permitted only through the hiports">
|
|
|
<Src neg="False">
|
|
|
<ObjectRef ref="sysid0"/>
|
|
|
</Src>
|
|
|
@@ -3170,7 +3182,7 @@
|
|
|
</When>
|
|
|
<PolicyRuleOptions/>
|
|
|
</PolicyRule>
|
|
|
- <PolicyRule id="id10718X28426" disabled="False" group="Firewall" log="False" position="4" action="Accept" direction="Both" comment="Internal Networks are allowed to ping the Firewall. ipv6 ping has to be stateless.">
|
|
|
+ <PolicyRule id="id10718X28426" disabled="False" group="Firewall" log="False" position="5" action="Accept" direction="Both" comment="Internal Networks are allowed to ping the Firewall. ipv6 ping has to be stateless.">
|
|
|
<Src neg="False">
|
|
|
<ObjectRef ref="id3850X6649"/>
|
|
|
<ObjectRef ref="id11343X65696"/>
|
|
|
@@ -3230,7 +3242,7 @@
|
|
|
<Option name="ulog_nlgroup">1</Option>
|
|
|
</PolicyRuleOptions>
|
|
|
</PolicyRule>
|
|
|
- <PolicyRule id="id10650X28426" disabled="True" group="Firewall" log="False" position="5" action="Accept" direction="Both" comment="Hezner Monitoring">
|
|
|
+ <PolicyRule id="id10650X28426" disabled="True" group="Firewall" log="False" position="6" action="Accept" direction="Both" comment="Hezner Monitoring">
|
|
|
<Src neg="False">
|
|
|
<ObjectRef ref="id3850X6649"/>
|
|
|
</Src>
|
|
|
@@ -3256,7 +3268,7 @@
|
|
|
<Option name="stateless">False</Option>
|
|
|
</PolicyRuleOptions>
|
|
|
</PolicyRule>
|
|
|
- <PolicyRule id="id10412X28426" disabled="False" group="Firewall" log="True" position="6" action="Accept" direction="Both" comment="make ipv6 work. ">
|
|
|
+ <PolicyRule id="id10412X28426" disabled="False" group="Firewall" log="True" position="7" action="Accept" direction="Both" comment="make ipv6 work. ">
|
|
|
<Src neg="False">
|
|
|
<ObjectRef ref="id4660X39728"/>
|
|
|
</Src>
|
|
|
@@ -3276,7 +3288,7 @@
|
|
|
<Option name="stateless">False</Option>
|
|
|
</PolicyRuleOptions>
|
|
|
</PolicyRule>
|
|
|
- <PolicyRule id="id10356X28426" disabled="False" group="Firewall" log="True" position="7" action="Deny" direction="Both" comment="All other attempts to connect to the firewall are denied and logged">
|
|
|
+ <PolicyRule id="id10356X28426" disabled="False" group="Firewall" log="True" position="8" action="Deny" direction="Both" comment="All other attempts to connect to the firewall are denied and logged">
|
|
|
<Src neg="False">
|
|
|
<ObjectRef ref="sysid0"/>
|
|
|
</Src>
|
|
|
@@ -3320,7 +3332,7 @@
|
|
|
<Option name="ulog_nlgroup">1</Option>
|
|
|
</PolicyRuleOptions>
|
|
|
</PolicyRule>
|
|
|
- <PolicyRule id="id11622X65696" disabled="False" group="VMs" log="True" position="8" action="Accept" direction="Both" comment="">
|
|
|
+ <PolicyRule id="id11622X65696" disabled="False" group="VMs" log="True" position="9" action="Accept" direction="Both" comment="">
|
|
|
<Src neg="False">
|
|
|
<ObjectRef ref="sysid0"/>
|
|
|
</Src>
|
|
|
@@ -3343,7 +3355,7 @@
|
|
|
<Option name="stateless">False</Option>
|
|
|
</PolicyRuleOptions>
|
|
|
</PolicyRule>
|
|
|
- <PolicyRule id="id11679X65696" disabled="False" group="VMs" log="True" position="9" action="Accept" direction="Both" comment="">
|
|
|
+ <PolicyRule id="id11679X65696" disabled="False" group="VMs" log="True" position="10" action="Accept" direction="Both" comment="">
|
|
|
<Src neg="False">
|
|
|
<ObjectRef ref="id11552X65696"/>
|
|
|
</Src>
|
|
|
@@ -3364,7 +3376,7 @@
|
|
|
<Option name="stateless">False</Option>
|
|
|
</PolicyRuleOptions>
|
|
|
</PolicyRule>
|
|
|
- <PolicyRule id="id12687X65696" disabled="False" group="VMs" log="True" position="10" action="Accept" direction="Both" comment="">
|
|
|
+ <PolicyRule id="id12687X65696" disabled="False" group="VMs" log="True" position="11" action="Accept" direction="Both" comment="">
|
|
|
<Src neg="False">
|
|
|
<ObjectRef ref="sysid0"/>
|
|
|
</Src>
|
|
|
@@ -3391,7 +3403,7 @@
|
|
|
<Option name="stateless">False</Option>
|
|
|
</PolicyRuleOptions>
|
|
|
</PolicyRule>
|
|
|
- <PolicyRule id="id13633X27833" disabled="False" group="VMs" log="True" position="11" action="Accept" direction="Both" comment="allow sieve access">
|
|
|
+ <PolicyRule id="id13633X27833" disabled="False" group="VMs" log="True" position="12" action="Accept" direction="Both" comment="allow sieve access">
|
|
|
<Src neg="False">
|
|
|
<ObjectRef ref="id6626X5690"/>
|
|
|
</Src>
|
|
|
@@ -3412,7 +3424,7 @@
|
|
|
<Option name="stateless">False</Option>
|
|
|
</PolicyRuleOptions>
|
|
|
</PolicyRule>
|
|
|
- <PolicyRule id="id12975X65696" disabled="False" group="VMs" log="True" position="12" action="Accept" direction="Both" comment="basic protection for manfreds server.">
|
|
|
+ <PolicyRule id="id12975X65696" disabled="False" group="VMs" log="True" position="13" action="Accept" direction="Both" comment="basic protection for manfreds server.">
|
|
|
<Src neg="False">
|
|
|
<ObjectRef ref="sysid0"/>
|
|
|
</Src>
|
|
|
@@ -3433,7 +3445,7 @@
|
|
|
<Option name="stateless">False</Option>
|
|
|
</PolicyRuleOptions>
|
|
|
</PolicyRule>
|
|
|
- <PolicyRule id="id11804X65696" disabled="False" group="VMs" log="True" position="13" action="Accept" direction="Both" comment="allow http/https and ssh (for limited users only)">
|
|
|
+ <PolicyRule id="id11804X65696" disabled="False" group="VMs" log="True" position="14" action="Accept" direction="Both" comment="allow http/https and ssh (for limited users only)">
|
|
|
<Src neg="False">
|
|
|
<ObjectRef ref="sysid0"/>
|
|
|
</Src>
|
|
|
@@ -3457,7 +3469,7 @@
|
|
|
<Option name="stateless">False</Option>
|
|
|
</PolicyRuleOptions>
|
|
|
</PolicyRule>
|
|
|
- <PolicyRule id="id11739X65696" disabled="False" group="VMs" log="True" position="14" action="Accept" direction="Both" comment="Webserver Ports">
|
|
|
+ <PolicyRule id="id11739X65696" disabled="False" group="VMs" log="True" position="15" action="Accept" direction="Both" comment="Webserver Ports">
|
|
|
<Src neg="False">
|
|
|
<ObjectRef ref="id9692X36891"/>
|
|
|
</Src>
|
|
|
@@ -3483,7 +3495,7 @@
|
|
|
<Option name="stateless">False</Option>
|
|
|
</PolicyRuleOptions>
|
|
|
</PolicyRule>
|
|
|
- <PolicyRule id="id12327X65696" disabled="False" group="VMs" log="True" position="15" action="Accept" direction="Both" comment="web02 runs various software peaces.">
|
|
|
+ <PolicyRule id="id12327X65696" disabled="False" group="VMs" log="True" position="16" action="Accept" direction="Both" comment="web02 runs various software peaces.">
|
|
|
<Src neg="False">
|
|
|
<ObjectRef ref="id9692X36891"/>
|
|
|
</Src>
|
|
|
@@ -3511,7 +3523,7 @@
|
|
|
<Option name="stateless">False</Option>
|
|
|
</PolicyRuleOptions>
|
|
|
</PolicyRule>
|
|
|
- <PolicyRule id="id22122X6772" disabled="False" group="VMs" log="True" position="16" action="Accept" direction="Both" comment="web02 allow unifi ports">
|
|
|
+ <PolicyRule id="id22122X6772" disabled="False" group="VMs" log="True" position="17" action="Accept" direction="Both" comment="web02 allow unifi ports">
|
|
|
<Src neg="False">
|
|
|
<ObjectRef ref="sysid0"/>
|
|
|
</Src>
|
|
|
@@ -3535,7 +3547,7 @@
|
|
|
<Option name="stateless">False</Option>
|
|
|
</PolicyRuleOptions>
|
|
|
</PolicyRule>
|
|
|
- <PolicyRule id="id13692X40508" disabled="False" group="VMs" log="True" position="17" action="Accept" direction="Both" comment="web02 allow jitsi-meet ports">
|
|
|
+ <PolicyRule id="id13692X40508" disabled="False" group="VMs" log="True" position="18" action="Accept" direction="Both" comment="web02 allow jitsi-meet ports">
|
|
|
<Src neg="False">
|
|
|
<ObjectRef ref="sysid0"/>
|
|
|
</Src>
|
|
|
@@ -3557,7 +3569,7 @@
|
|
|
<Option name="stateless">False</Option>
|
|
|
</PolicyRuleOptions>
|
|
|
</PolicyRule>
|
|
|
- <PolicyRule id="id12906X29020" disabled="False" group="VMs" log="True" position="18" action="Accept" direction="Both" comment="allow mailman traffic">
|
|
|
+ <PolicyRule id="id12906X29020" disabled="False" group="VMs" log="True" position="19" action="Accept" direction="Both" comment="allow mailman traffic">
|
|
|
<Src neg="False">
|
|
|
<ObjectRef ref="id6626X5690"/>
|
|
|
</Src>
|
|
|
@@ -3578,7 +3590,7 @@
|
|
|
<Option name="stateless">False</Option>
|
|
|
</PolicyRuleOptions>
|
|
|
</PolicyRule>
|
|
|
- <PolicyRule id="id12867X6099" disabled="False" group="VMs" log="True" position="19" action="Accept" direction="Both" comment="allow gogs https">
|
|
|
+ <PolicyRule id="id12867X6099" disabled="False" group="VMs" log="True" position="20" action="Accept" direction="Both" comment="allow gogs https">
|
|
|
<Src neg="False">
|
|
|
<ObjectRef ref="id9692X36891"/>
|
|
|
</Src>
|
|
|
@@ -3599,7 +3611,7 @@
|
|
|
<Option name="stateless">False</Option>
|
|
|
</PolicyRuleOptions>
|
|
|
</PolicyRule>
|
|
|
- <PolicyRule id="id12109X65696" disabled="False" group="VMs" log="True" position="20" action="Accept" direction="Both" comment="TODO: use ldaps in future implementation">
|
|
|
+ <PolicyRule id="id12109X65696" disabled="False" group="VMs" log="True" position="21" action="Accept" direction="Both" comment="TODO: use ldaps in future implementation">
|
|
|
<Src neg="False">
|
|
|
<ObjectRef ref="id8526X5690"/>
|
|
|
</Src>
|
|
|
@@ -3620,7 +3632,7 @@
|
|
|
<Option name="color">#7694C0</Option>
|
|
|
</PolicyRuleOptions>
|
|
|
</PolicyRule>
|
|
|
- <PolicyRule id="id12166X65696" disabled="False" group="VMs" log="True" position="21" action="Accept" direction="Both" comment="all web (app) servers are allowed to access the database.">
|
|
|
+ <PolicyRule id="id12166X65696" disabled="False" group="VMs" log="True" position="22" action="Accept" direction="Both" comment="all web (app) servers are allowed to access the database.">
|
|
|
<Src neg="False">
|
|
|
<ObjectRef ref="id13113X65696"/>
|
|
|
</Src>
|
|
|
@@ -3641,7 +3653,7 @@
|
|
|
<Option name="color">#7694C0</Option>
|
|
|
</PolicyRuleOptions>
|
|
|
</PolicyRule>
|
|
|
- <PolicyRule id="id12224X65696" disabled="False" group="VMs" log="True" position="22" action="Accept" direction="Both" comment="">
|
|
|
+ <PolicyRule id="id12224X65696" disabled="False" group="VMs" log="True" position="23" action="Accept" direction="Both" comment="">
|
|
|
<Src neg="False">
|
|
|
<ObjectRef ref="sysid0"/>
|
|
|
</Src>
|
|
|
@@ -3664,7 +3676,7 @@
|
|
|
<Option name="stateless">False</Option>
|
|
|
</PolicyRuleOptions>
|
|
|
</PolicyRule>
|
|
|
- <PolicyRule id="id9651X28426" disabled="False" group="VMs" log="True" position="23" action="Accept" direction="Both" comment="allow access to all VMs from Wireguard Network">
|
|
|
+ <PolicyRule id="id9651X28426" disabled="False" group="VMs" log="True" position="24" action="Accept" direction="Both" comment="allow access to all VMs from Wireguard Network">
|
|
|
<Src neg="False">
|
|
|
<ObjectRef ref="id11552X65696"/>
|
|
|
</Src>
|
|
|
@@ -3685,7 +3697,7 @@
|
|
|
<Option name="stateless">False</Option>
|
|
|
</PolicyRuleOptions>
|
|
|
</PolicyRule>
|
|
|
- <PolicyRule id="id12762X6099" disabled="False" group="VMs" log="True" position="24" action="Accept" direction="Both" comment="setup icmp ping">
|
|
|
+ <PolicyRule id="id12762X6099" disabled="False" group="VMs" log="True" position="25" action="Accept" direction="Both" comment="setup icmp ping">
|
|
|
<Src neg="False">
|
|
|
<ObjectRef ref="id11343X65696"/>
|
|
|
</Src>
|
|
|
@@ -3708,7 +3720,7 @@
|
|
|
<Option name="stateless">False</Option>
|
|
|
</PolicyRuleOptions>
|
|
|
</PolicyRule>
|
|
|
- <PolicyRule id="id9538X28426" disabled="False" group="outgoing traffic" log="True" position="25" action="Accept" direction="Outbound" comment="From the internal Network all connections are allowe the external networks.">
|
|
|
+ <PolicyRule id="id9538X28426" disabled="False" group="outgoing traffic" log="True" position="26" action="Accept" direction="Outbound" comment="From the internal Network all connections are allow the external networks.">
|
|
|
<Src neg="False">
|
|
|
<ObjectRef ref="id11343X65696"/>
|
|
|
</Src>
|
|
|
@@ -3729,7 +3741,7 @@
|
|
|
<Option name="stateless">False</Option>
|
|
|
</PolicyRuleOptions>
|
|
|
</PolicyRule>
|
|
|
- <PolicyRule id="id12677X6099" disabled="False" group="outgoing traffic" log="True" position="26" action="Accept" direction="Outbound" comment="From ipv6 Network">
|
|
|
+ <PolicyRule id="id12677X6099" disabled="True" group="outgoing traffic" log="True" position="27" action="Accept" direction="Outbound" comment="From ipv6 Network">
|
|
|
<Src neg="False">
|
|
|
<ObjectRef ref="id11367X65696"/>
|
|
|
</Src>
|
|
|
@@ -3750,7 +3762,7 @@
|
|
|
<Option name="stateless">False</Option>
|
|
|
</PolicyRuleOptions>
|
|
|
</PolicyRule>
|
|
|
- <PolicyRule id="id11010X28426" disabled="False" group="" log="True" position="27" action="Deny" direction="Both" comment="">
|
|
|
+ <PolicyRule id="id11010X28426" disabled="False" group="" log="True" position="28" action="Deny" direction="Both" comment="">
|
|
|
<Src neg="False">
|
|
|
<ObjectRef ref="sysid0"/>
|
|
|
</Src>
|
|
|
@@ -3798,8 +3810,8 @@
|
|
|
<Option name="mangle_only_rule_set">False</Option>
|
|
|
</RuleSetOptions>
|
|
|
</Policy>
|
|
|
- <Policy id="id13633X2190" name="Policy_IPv6" comment="" ro="False" ipv4_rule_set="False" ipv6_rule_set="True" top_rule_set="False">
|
|
|
- <PolicyRule id="id13705X2190" disabled="True" group="Firewall" log="True" position="0" action="Deny" direction="Inbound" comment="anti spoofing rule">
|
|
|
+ <Policy id="id13633X2190" name="IPv6_Policy" comment="" ro="False" ipv4_rule_set="False" ipv6_rule_set="True" top_rule_set="True">
|
|
|
+ <PolicyRule id="id13705X2190" disabled="False" group="Firewall" log="True" position="0" action="Deny" direction="Inbound" comment="anti spoofing rule">
|
|
|
<Src neg="False">
|
|
|
<ObjectRef ref="id8899X28426"/>
|
|
|
<ObjectRef ref="id11367X65696"/>
|
|
|
@@ -3845,7 +3857,7 @@
|
|
|
<Option name="ulog_nlgroup">1</Option>
|
|
|
</PolicyRuleOptions>
|
|
|
</PolicyRule>
|
|
|
- <PolicyRule id="id13768X2190" disabled="True" group="Firewall" log="False" position="1" action="Accept" direction="Both" comment="Internal Networks are allowed to ping the Firewall. ipv6 ping has to be stateless.">
|
|
|
+ <PolicyRule id="id13768X2190" disabled="False" group="Firewall" log="False" position="1" action="Accept" direction="Both" comment="Internal Networks are allowed to ping the Firewall. ipv6 ping has to be stateless.">
|
|
|
<Src neg="False">
|
|
|
<ObjectRef ref="id3850X6649"/>
|
|
|
<ObjectRef ref="id11367X65696"/>
|
|
|
@@ -3904,7 +3916,7 @@
|
|
|
<Option name="ulog_nlgroup">1</Option>
|
|
|
</PolicyRuleOptions>
|
|
|
</PolicyRule>
|
|
|
- <PolicyRule id="id14089X2190" disabled="True" group="Firewall" log="True" position="2" action="Accept" direction="Both" comment="make ipv6 work. ">
|
|
|
+ <PolicyRule id="id14089X2190" disabled="False" group="Firewall" log="True" position="2" action="Accept" direction="Both" comment="make ipv6 work. ">
|
|
|
<Src neg="False">
|
|
|
<ObjectRef ref="id4660X39728"/>
|
|
|
</Src>
|
|
|
@@ -3924,7 +3936,7 @@
|
|
|
<Option name="stateless">False</Option>
|
|
|
</PolicyRuleOptions>
|
|
|
</PolicyRule>
|
|
|
- <PolicyRule id="id14027X2190" disabled="True" group="VMs" log="True" position="3" action="Accept" direction="Both" comment="">
|
|
|
+ <PolicyRule id="id14027X2190" disabled="False" group="VMs" log="True" position="3" action="Accept" direction="Both" comment="">
|
|
|
<Src neg="False">
|
|
|
<ObjectRef ref="sysid0"/>
|
|
|
</Src>
|
|
|
@@ -3951,7 +3963,7 @@
|
|
|
<Option name="stateless">False</Option>
|
|
|
</PolicyRuleOptions>
|
|
|
</PolicyRule>
|
|
|
- <PolicyRule id="id13885X2190" disabled="True" group="" log="True" position="4" action="Accept" direction="Outbound" comment="allow outgining ipv6 traffic from internal ipv6 Network.">
|
|
|
+ <PolicyRule id="id13885X2190" disabled="False" group="" log="True" position="4" action="Accept" direction="Outbound" comment="allow outgining ipv6 traffic from internal ipv6 Network.">
|
|
|
<Src neg="False">
|
|
|
<ObjectRef ref="id11367X65696"/>
|
|
|
</Src>
|
Maximilian Ronniger