You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
402 lines
21 KiB
402 lines
21 KiB
<!DOCTYPE kmyfirewall-ruleset>
|
|
<kmfnet maxVersion="~" minVersion="1.1.0" version="1.1.0" interface="iptables" uuid="{41b36b2b-68e2-4545-b34d-3cf3609c204f}" >
|
|
<netzone guiName="Gloabl Network" readonly="bool:on" uuid="{3349418e-3923-4f3c-933c-b1bd91a2c84a}" name="mynetwork" description="This is the global zone that contains all valid IP addresses." >
|
|
<fromIP address="0.0.0.0" />
|
|
<netMask address="0" />
|
|
<target sshPort="22" address="127.0.0.1" guiName="My Local Computer" readonly="bool:on" uuid="{42bc1c1f-996f-4f60-a6e3-3e43cd6f0167}" name="localhost" description="Local copmuter running KMyFirewall" >
|
|
<targetconfig uuid="{c3d33a7a-5ba9-45cc-8f34-1617b773e08f}" name="Untitled" description="No Description Available" >
|
|
<os name="linux" />
|
|
<backend name="iptables" />
|
|
<distribution name="" />
|
|
<initPath name="" />
|
|
<IPTPath name="" />
|
|
<modprobePath name="" />
|
|
<rcDefaultPath name="" />
|
|
</targetconfig>
|
|
<kmfrs maxVersion="~" minVersion="1.0.0" version="1.1.0" uuid="{8af7181a-bf52-47e3-a00e-2204f8cff57c}" >
|
|
<abstract use_nat="no" use_filter="yes" use_syn_cookies="yes" use_ipfwd="yes" use_martians="yes" use_modules="yes" use_rp_filter="yes" name="Workstation Template" use_mangle="no" description="This is a template configuration for a typical workstation that does not do any routing.
|
|
Use this as a startingpoint for your firewall setup." />
|
|
<table uuid="{24e22827-5d99-49a3-8767-b9cf25371f7c}" name="filter" description="This table is the main table for filtering
|
|
packets. Here you may define your
|
|
access control rules" >
|
|
<chain default_target="DROP" builtin="yes" uuid="{414166ad-b58e-41e8-8a8f-a9962e769bd1}" name="INPUT" description="In this chain you can filter packets that
|
|
are addressed directly to this computer." >
|
|
<rule num="0" logging="no" target="ICMP_FILTER" custom_rule="no" uuid="{ac00d50c-60b1-4596-9fe6-be5843be3cf4}" name="FWD_ICMP_FILTER" enabled="yes" description="Forward to the chain that handles ICPM packets
|
|
to avoid crap like source-quench etc." />
|
|
<rule num="1" logging="no" target="ANTISPOOF" custom_rule="no" uuid="{214725fa-4179-46e4-800d-5914741921e9}" name="FWD_ANTISPOOF" enabled="yes" description="Forward packets to the ANTISPOOF chain
|
|
which performes some sainity checks for
|
|
the packets to avoid spoofing." />
|
|
<rule num="2" logging="no" target="TCP_CHECKS" custom_rule="no" uuid="{af2b8ac5-3f43-4679-b189-9f031921b7a7}" name="FWD_TCP_CHECKS" enabled="yes" description="Forward to chian TCP_CHECKS which
|
|
filters invalid TCP flag combinations." >
|
|
<ruleoption targetoption="no" type="tcp_opt" uuid="{b5626a02-1808-444a-9e61-e6484318cb8c}" >
|
|
<ruleoptionvalue value0="bool:on" />
|
|
<ruleoptionvalue value1="bool:off" />
|
|
<ruleoptionvalue value2="bool:off" />
|
|
<ruleoptionvalue value3="bool:off" />
|
|
<ruleoptionvalue value4="bool:off" />
|
|
<ruleoptionvalue value5="bool:off" />
|
|
<ruleoptionvalue value6="bool:off" />
|
|
<ruleoptionvalue value7="bool:off" />
|
|
<ruleoptionvalue value8="bool:off" />
|
|
<ruleoptionvalue value9="bool:off" />
|
|
</ruleoption>
|
|
</rule>
|
|
<rule num="3" logging="no" target="SERVICES" custom_rule="no" uuid="{f334a3b2-7f69-48d6-8594-54e2a5c4ef60}" name="FWD_SERVICES" enabled="yes" description="This rule forwards all packetst to the SERVICES chain.
|
|
This chain is ment to be used for rules that allow
|
|
access to this host e.g. http if you are running a web
|
|
server." />
|
|
<rule num="4" logging="no" target="ACCEPT" custom_rule="no" uuid="{bece6068-58e4-4cef-83b4-9513d574d471}" name="CONNTRACK" enabled="yes" description="This rule handles the connecktion tracking.
|
|
It simply lets everything in that is a response
|
|
to a network request you made." >
|
|
<ruleoption targetoption="no" type="state_opt" uuid="{0210e1d2-769e-4495-8089-781d20ca2c3a}" >
|
|
<ruleoptionvalue value0="bool:on" />
|
|
<ruleoptionvalue value1="RELATED,ESTABLISHED" />
|
|
<ruleoptionvalue value2="bool:off" />
|
|
<ruleoptionvalue value3="bool:off" />
|
|
<ruleoptionvalue value4="bool:off" />
|
|
<ruleoptionvalue value5="bool:off" />
|
|
<ruleoptionvalue value6="bool:off" />
|
|
<ruleoptionvalue value7="bool:off" />
|
|
<ruleoptionvalue value8="bool:off" />
|
|
<ruleoptionvalue value9="bool:off" />
|
|
</ruleoption>
|
|
</rule>
|
|
<rule num="5" logging="no" target="ACCEPT" custom_rule="no" uuid="{4dc5f9cf-d19b-4030-998d-166ada82d814}" name="LOOPBACK" enabled="yes" description="Allow packets send from the loopback interface" >
|
|
<ruleoption targetoption="no" type="interface_opt" uuid="{d53aa556-afd8-4906-867a-943747470965}" >
|
|
<ruleoptionvalue value0="lo" />
|
|
<ruleoptionvalue value1="bool:off" />
|
|
<ruleoptionvalue value2="bool:off" />
|
|
<ruleoptionvalue value3="bool:off" />
|
|
<ruleoptionvalue value4="bool:off" />
|
|
<ruleoptionvalue value5="bool:off" />
|
|
<ruleoptionvalue value6="bool:off" />
|
|
<ruleoptionvalue value7="bool:off" />
|
|
<ruleoptionvalue value8="bool:off" />
|
|
<ruleoptionvalue value9="bool:off" />
|
|
</ruleoption>
|
|
</rule>
|
|
<rule num="6" logging="no" target="VPNs" custom_rule="no" uuid="{8508ed2b-7afd-426c-b959-c61583f5ee6c}" name="FWD_VPN" enabled="yes" description="Forward rule for packets coming from a VPN network 192.168.2.0/24" >
|
|
<ruleoption targetoption="no" type="ip_opt" uuid="{40e4dd9e-cf4e-444a-8b26-1b4fd8f137a8}" >
|
|
<ruleoptionvalue value0="192.168.2.1/24" />
|
|
<ruleoptionvalue value1="bool:off" />
|
|
<ruleoptionvalue value2="bool:off" />
|
|
<ruleoptionvalue value3="bool:off" />
|
|
<ruleoptionvalue value4="bool:off" />
|
|
<ruleoptionvalue value5="bool:off" />
|
|
<ruleoptionvalue value6="bool:off" />
|
|
<ruleoptionvalue value7="bool:off" />
|
|
<ruleoptionvalue value8="bool:off" />
|
|
<ruleoptionvalue value9="bool:off" />
|
|
</ruleoption>
|
|
</rule>
|
|
</chain>
|
|
<chain default_target="ACCEPT" builtin="yes" uuid="{e97ee9d7-871f-49f0-b2a0-1912292a2071}" name="OUTPUT" description="In this chain you can decide which
|
|
packets are allowed to be sent away
|
|
from this computer." />
|
|
<chain default_target="DROP" builtin="yes" uuid="{f437654c-62e4-4fee-b129-99ee59755394}" name="FORWARD" description="In this chain you can filter the packets
|
|
that are routed to other hosts by this
|
|
computer." />
|
|
<chain builtin="no" uuid="{a0f476e7-9540-4260-9f61-de89d033fd3e}" name="ANTISPOOF" description="Packet spoof protection is done in
|
|
this chain." >
|
|
<rule num="0" logging="no" target="DROP" custom_rule="no" uuid="{b1e735e2-1b31-4b74-9c14-8613abf8b29c}" name="loopback_spoof" enabled="yes" description="Check if packets are really from the loaclhost." >
|
|
<ruleoption targetoption="no" type="interface_opt" uuid="{774afbfa-c082-4084-878f-69bd9d193104}" >
|
|
<ruleoptionvalue value0="! lo" />
|
|
<ruleoptionvalue value1="bool:off" />
|
|
<ruleoptionvalue value2="bool:off" />
|
|
<ruleoptionvalue value3="bool:off" />
|
|
<ruleoptionvalue value4="bool:off" />
|
|
<ruleoptionvalue value5="bool:off" />
|
|
<ruleoptionvalue value6="bool:off" />
|
|
<ruleoptionvalue value7="bool:off" />
|
|
<ruleoptionvalue value8="bool:off" />
|
|
<ruleoptionvalue value9="bool:off" />
|
|
</ruleoption>
|
|
<ruleoption targetoption="no" type="ip_opt" uuid="{0ff372ce-3e46-499c-9512-0dae87cb2df8}" >
|
|
<ruleoptionvalue value0="127.0.0.0/8" />
|
|
<ruleoptionvalue value1="bool:off" />
|
|
<ruleoptionvalue value2="bool:off" />
|
|
<ruleoptionvalue value3="bool:off" />
|
|
<ruleoptionvalue value4="bool:off" />
|
|
<ruleoptionvalue value5="bool:off" />
|
|
<ruleoptionvalue value6="bool:off" />
|
|
<ruleoptionvalue value7="bool:off" />
|
|
<ruleoptionvalue value8="bool:off" />
|
|
<ruleoptionvalue value9="bool:off" />
|
|
</ruleoption>
|
|
</rule>
|
|
</chain>
|
|
<chain builtin="no" uuid="{49b1df3f-fb0e-4745-9547-612e350101af}" name="SERVICES" description="This rule allows other computer to connect to us on udp port 53" >
|
|
<rule num="0" logging="no" target="ACCEPT" custom_rule="no" uuid="{b5812bdf-cb51-456d-882a-bf7d82f8e13b}" name="Exapmle_DNS" enabled="no" description="This rule allows other computer to connect to us on udp port 53" >
|
|
<ruleoption targetoption="no" type="udp_opt" uuid="{a4b99995-a68d-4163-a931-c8904a138140}" >
|
|
<ruleoptionvalue value0="bool:on" />
|
|
<ruleoptionvalue value1="1024:65535" />
|
|
<ruleoptionvalue value2="53" />
|
|
<ruleoptionvalue value3="bool:off" />
|
|
<ruleoptionvalue value4="bool:off" />
|
|
<ruleoptionvalue value5="bool:off" />
|
|
<ruleoptionvalue value6="bool:off" />
|
|
<ruleoptionvalue value7="bool:off" />
|
|
<ruleoptionvalue value8="bool:off" />
|
|
<ruleoptionvalue value9="bool:off" />
|
|
</ruleoption>
|
|
</rule>
|
|
<rule num="1" logging="no" target="ACCEPT" custom_rule="no" uuid="{11af5582-60d6-43d5-81b5-18bba8edb31f}" name="Example_SSH" enabled="yes" description="Example rule that allows other to connect
|
|
to your couputer using ssh e.g. tcp port 22" >
|
|
<ruleoption targetoption="no" type="tcp_opt" uuid="{22b2c038-2be6-4997-9430-2340f29ba766}" >
|
|
<ruleoptionvalue value0="bool:on" />
|
|
<ruleoptionvalue value1="1024:65535" />
|
|
<ruleoptionvalue value2="22" />
|
|
<ruleoptionvalue value3="bool:off" />
|
|
<ruleoptionvalue value4="bool:off" />
|
|
<ruleoptionvalue value5="bool:off" />
|
|
<ruleoptionvalue value6="bool:off" />
|
|
<ruleoptionvalue value7="bool:off" />
|
|
<ruleoptionvalue value8="bool:off" />
|
|
<ruleoptionvalue value9="bool:off" />
|
|
</ruleoption>
|
|
</rule>
|
|
</chain>
|
|
<chain builtin="no" uuid="{28e8c0e7-84b9-431b-a636-c18777af661b}" name="ICMP_FILTER" description="Here some ICMP packet types are
|
|
filtered to avoid denial of service attacks." >
|
|
<rule num="0" logging="no" target="ACCEPT" custom_rule="no" uuid="{5740f895-e5b8-4b6c-ae75-a07df328b8a0}" name="ping" enabled="yes" description="No Description Available" >
|
|
<ruleoption targetoption="no" type="icmp_opt" uuid="{9cf0dfd0-9523-49a0-b7dc-f78b9c759dc2}" >
|
|
<ruleoptionvalue value0="bool:on" />
|
|
<ruleoptionvalue value1="echo-request" />
|
|
<ruleoptionvalue value2="bool:off" />
|
|
<ruleoptionvalue value3="bool:off" />
|
|
<ruleoptionvalue value4="bool:off" />
|
|
<ruleoptionvalue value5="bool:off" />
|
|
<ruleoptionvalue value6="bool:off" />
|
|
<ruleoptionvalue value7="bool:off" />
|
|
<ruleoptionvalue value8="bool:off" />
|
|
<ruleoptionvalue value9="bool:off" />
|
|
</ruleoption>
|
|
</rule>
|
|
<rule num="1" logging="no" target="ACCEPT" custom_rule="no" uuid="{f753a6a0-b7c3-47cd-b08a-ebac149220a8}" name="ping_reply" enabled="yes" description="No Description Available" >
|
|
<ruleoption targetoption="no" type="icmp_opt" uuid="{3a184346-683e-4535-99d2-ffe14f034984}" >
|
|
<ruleoptionvalue value0="bool:on" />
|
|
<ruleoptionvalue value1="echo-reply" />
|
|
<ruleoptionvalue value2="bool:off" />
|
|
<ruleoptionvalue value3="bool:off" />
|
|
<ruleoptionvalue value4="bool:off" />
|
|
<ruleoptionvalue value5="bool:off" />
|
|
<ruleoptionvalue value6="bool:off" />
|
|
<ruleoptionvalue value7="bool:off" />
|
|
<ruleoptionvalue value8="bool:off" />
|
|
<ruleoptionvalue value9="bool:off" />
|
|
</ruleoption>
|
|
</rule>
|
|
<rule num="2" logging="no" target="ACCEPT" custom_rule="no" uuid="{9aee9939-1a7b-4f71-a500-635f2ce6793d}" name="host_unreachable" enabled="yes" description="No Description Available" >
|
|
<ruleoption targetoption="no" type="icmp_opt" uuid="{fdb12c22-e453-4fbb-aafb-c3cc32c919e2}" >
|
|
<ruleoptionvalue value0="bool:on" />
|
|
<ruleoptionvalue value1="host-unreachable" />
|
|
<ruleoptionvalue value2="bool:off" />
|
|
<ruleoptionvalue value3="bool:off" />
|
|
<ruleoptionvalue value4="bool:off" />
|
|
<ruleoptionvalue value5="bool:off" />
|
|
<ruleoptionvalue value6="bool:off" />
|
|
<ruleoptionvalue value7="bool:off" />
|
|
<ruleoptionvalue value8="bool:off" />
|
|
<ruleoptionvalue value9="bool:off" />
|
|
</ruleoption>
|
|
</rule>
|
|
<rule num="3" logging="no" target="ACCEPT" custom_rule="no" uuid="{fda4fddc-efe8-4bd1-89a0-1e7e2080348d}" name="network_unreachable" enabled="yes" description="No Description Available" >
|
|
<ruleoption targetoption="no" type="icmp_opt" uuid="{6768d063-835c-40a2-992d-46d87f7b906a}" >
|
|
<ruleoptionvalue value0="bool:on" />
|
|
<ruleoptionvalue value1="network-unreachable" />
|
|
<ruleoptionvalue value2="bool:off" />
|
|
<ruleoptionvalue value3="bool:off" />
|
|
<ruleoptionvalue value4="bool:off" />
|
|
<ruleoptionvalue value5="bool:off" />
|
|
<ruleoptionvalue value6="bool:off" />
|
|
<ruleoptionvalue value7="bool:off" />
|
|
<ruleoptionvalue value8="bool:off" />
|
|
<ruleoptionvalue value9="bool:off" />
|
|
</ruleoption>
|
|
</rule>
|
|
</chain>
|
|
<chain builtin="no" uuid="{a47513dd-a3be-486d-a918-dc0dc01e6bcd}" name="TCP_CHECKS" description="No Description Available" >
|
|
<rule num="0" logging="no" target="DROP" custom_rule="no" uuid="{53f9ce17-a8c8-4dc4-acb9-ea24977883e7}" name="tcp_flags1" enabled="yes" description="No Description Available" >
|
|
<ruleoption targetoption="no" type="tcp_opt" uuid="{381457e1-6e7c-422b-b73f-c879865e8bb2}" >
|
|
<ruleoptionvalue value0="bool:on" />
|
|
<ruleoptionvalue value1="bool:off" />
|
|
<ruleoptionvalue value2="bool:off" />
|
|
<ruleoptionvalue value3="ALL NONE" />
|
|
<ruleoptionvalue value4="bool:off" />
|
|
<ruleoptionvalue value5="bool:off" />
|
|
<ruleoptionvalue value6="bool:off" />
|
|
<ruleoptionvalue value7="bool:off" />
|
|
<ruleoptionvalue value8="bool:off" />
|
|
<ruleoptionvalue value9="bool:off" />
|
|
</ruleoption>
|
|
</rule>
|
|
<rule num="1" logging="no" target="DROP" custom_rule="no" uuid="{b5a11f5c-d6cf-400b-bc98-ef42bc7656d9}" name="tcp_flags2" enabled="yes" description="No Description Available" >
|
|
<ruleoption targetoption="no" type="tcp_opt" uuid="{4bb35820-e3ac-44be-a9fb-cfc7f1d41e22}" >
|
|
<ruleoptionvalue value0="bool:on" />
|
|
<ruleoptionvalue value1="bool:off" />
|
|
<ruleoptionvalue value2="bool:off" />
|
|
<ruleoptionvalue value3="FIN,ACK FIN" />
|
|
<ruleoptionvalue value4="bool:off" />
|
|
<ruleoptionvalue value5="bool:off" />
|
|
<ruleoptionvalue value6="bool:off" />
|
|
<ruleoptionvalue value7="bool:off" />
|
|
<ruleoptionvalue value8="bool:off" />
|
|
<ruleoptionvalue value9="bool:off" />
|
|
</ruleoption>
|
|
</rule>
|
|
<rule num="2" logging="no" target="DROP" custom_rule="no" uuid="{5751a6c7-5c75-4b20-8747-b10da300f38f}" name="tcp_flags3" enabled="yes" description="No Description Available" >
|
|
<ruleoption targetoption="no" type="tcp_opt" uuid="{76df0129-2788-4c66-8124-c96801337df3}" >
|
|
<ruleoptionvalue value0="bool:on" />
|
|
<ruleoptionvalue value1="bool:off" />
|
|
<ruleoptionvalue value2="bool:off" />
|
|
<ruleoptionvalue value3="ACK,PSH PSH" />
|
|
<ruleoptionvalue value4="bool:off" />
|
|
<ruleoptionvalue value5="bool:off" />
|
|
<ruleoptionvalue value6="bool:off" />
|
|
<ruleoptionvalue value7="bool:off" />
|
|
<ruleoptionvalue value8="bool:off" />
|
|
<ruleoptionvalue value9="bool:off" />
|
|
</ruleoption>
|
|
</rule>
|
|
<rule num="3" logging="no" target="DROP" custom_rule="no" uuid="{3f49954b-6a2a-4298-81c6-c54cd2c5c17d}" name="tcp_flags4" enabled="yes" description="No Description Available" >
|
|
<ruleoption targetoption="no" type="tcp_opt" uuid="{f51ebe7f-aa2b-452a-9350-66192ba7d322}" >
|
|
<ruleoptionvalue value0="bool:on" />
|
|
<ruleoptionvalue value1="bool:off" />
|
|
<ruleoptionvalue value2="bool:off" />
|
|
<ruleoptionvalue value3="ACK,URG URG" />
|
|
<ruleoptionvalue value4="bool:off" />
|
|
<ruleoptionvalue value5="bool:off" />
|
|
<ruleoptionvalue value6="bool:off" />
|
|
<ruleoptionvalue value7="bool:off" />
|
|
<ruleoptionvalue value8="bool:off" />
|
|
<ruleoptionvalue value9="bool:off" />
|
|
</ruleoption>
|
|
</rule>
|
|
<rule num="4" logging="no" target="DROP" custom_rule="no" uuid="{5e530522-9b04-49aa-8a0c-22d77a143393}" name="tcp_flags5" enabled="yes" description="No Description Available" >
|
|
<ruleoption targetoption="no" type="tcp_opt" uuid="{b7dc141d-d632-4ace-8fa5-689a8cfbe640}" >
|
|
<ruleoptionvalue value0="bool:on" />
|
|
<ruleoptionvalue value1="bool:off" />
|
|
<ruleoptionvalue value2="bool:off" />
|
|
<ruleoptionvalue value3="SYN,FIN SYN,FIN" />
|
|
<ruleoptionvalue value4="bool:off" />
|
|
<ruleoptionvalue value5="bool:off" />
|
|
<ruleoptionvalue value6="bool:off" />
|
|
<ruleoptionvalue value7="bool:off" />
|
|
<ruleoptionvalue value8="bool:off" />
|
|
<ruleoptionvalue value9="bool:off" />
|
|
</ruleoption>
|
|
</rule>
|
|
<rule num="5" logging="no" target="DROP" custom_rule="no" uuid="{c44e8a32-aa43-4320-afeb-81b7847cfdf9}" name="tcp_flags6" enabled="yes" description="No Description Available" >
|
|
<ruleoption targetoption="no" type="tcp_opt" uuid="{0e05588d-c058-4353-8274-33ad8b79aea9}" >
|
|
<ruleoptionvalue value0="bool:on" />
|
|
<ruleoptionvalue value1="bool:off" />
|
|
<ruleoptionvalue value2="bool:off" />
|
|
<ruleoptionvalue value3="SYN,RST SYN,RST" />
|
|
<ruleoptionvalue value4="bool:off" />
|
|
<ruleoptionvalue value5="bool:off" />
|
|
<ruleoptionvalue value6="bool:off" />
|
|
<ruleoptionvalue value7="bool:off" />
|
|
<ruleoptionvalue value8="bool:off" />
|
|
<ruleoptionvalue value9="bool:off" />
|
|
</ruleoption>
|
|
</rule>
|
|
<rule num="6" logging="no" target="DROP" custom_rule="no" uuid="{d99c29f2-8d22-4c87-96bd-8fae4f003fbf}" name="tcp_flags7" enabled="yes" description="No Description Available" >
|
|
<ruleoption targetoption="no" type="tcp_opt" uuid="{9734225e-7963-42a3-bf61-1a3c42c91331}" >
|
|
<ruleoptionvalue value0="bool:on" />
|
|
<ruleoptionvalue value1="bool:off" />
|
|
<ruleoptionvalue value2="bool:off" />
|
|
<ruleoptionvalue value3="FIN,RST FIN,RST" />
|
|
<ruleoptionvalue value4="bool:off" />
|
|
<ruleoptionvalue value5="bool:off" />
|
|
<ruleoptionvalue value6="bool:off" />
|
|
<ruleoptionvalue value7="bool:off" />
|
|
<ruleoptionvalue value8="bool:off" />
|
|
<ruleoptionvalue value9="bool:off" />
|
|
</ruleoption>
|
|
</rule>
|
|
<rule num="7" logging="no" target="DROP" custom_rule="no" uuid="{0943595a-d650-4af0-bf95-0a133e75a72a}" name="tcp_nmapXmas" enabled="yes" description="Avoid nmap-xmas scanns" >
|
|
<ruleoption targetoption="no" type="tcp_opt" uuid="{2858dee2-65e8-4097-aa5c-e0f3346ee9b4}" >
|
|
<ruleoptionvalue value0="bool:on" />
|
|
<ruleoptionvalue value1="bool:off" />
|
|
<ruleoptionvalue value2="bool:off" />
|
|
<ruleoptionvalue value3="ALL FIN,PSH,URG" />
|
|
<ruleoptionvalue value4="bool:off" />
|
|
<ruleoptionvalue value5="bool:off" />
|
|
<ruleoptionvalue value6="bool:off" />
|
|
<ruleoptionvalue value7="bool:off" />
|
|
<ruleoptionvalue value8="bool:off" />
|
|
<ruleoptionvalue value9="bool:off" />
|
|
</ruleoption>
|
|
</rule>
|
|
</chain>
|
|
<chain builtin="no" uuid="{ba89f1bd-f323-41a4-9b05-96e13146a465}" name="LOCAL_LANS" description="No Description Available" >
|
|
<rule num="0" logging="no" target="ACCEPT" custom_rule="no" uuid="{776e59c2-1940-48e0-8eb2-9f91a84435c6}" name="MyNET" enabled="yes" description="No Description Available" >
|
|
<ruleoption targetoption="no" type="ip_opt" uuid="{570f7dab-5384-4e2f-a530-b33375cead6e}" >
|
|
<ruleoptionvalue value0="192.168.0.0/24" />
|
|
<ruleoptionvalue value1="bool:off" />
|
|
<ruleoptionvalue value2="bool:off" />
|
|
<ruleoptionvalue value3="bool:off" />
|
|
<ruleoptionvalue value4="bool:off" />
|
|
<ruleoptionvalue value5="bool:off" />
|
|
<ruleoptionvalue value6="bool:off" />
|
|
<ruleoptionvalue value7="bool:off" />
|
|
<ruleoptionvalue value8="bool:off" />
|
|
<ruleoptionvalue value9="bool:off" />
|
|
</ruleoption>
|
|
</rule>
|
|
</chain>
|
|
<chain builtin="no" uuid="{7152a99c-bf57-44a2-8438-12d69769fecb}" name="VPNs" description="No Description Available" >
|
|
<rule num="0" logging="no" target="ACCEPT" custom_rule="no" uuid="{bab58f0c-73d0-421d-a1cd-74a9350019f0}" name="TCP_SERVICES" enabled="yes" description="No Description Available" >
|
|
<ruleoption targetoption="no" type="tcp_opt" uuid="{cc3f37ae-30d0-4ecf-ac5f-1c5faf55b60d}" >
|
|
<ruleoptionvalue value0="bool:on" />
|
|
<ruleoptionvalue value1="bool:off" />
|
|
<ruleoptionvalue value2="bool:off" />
|
|
<ruleoptionvalue value3="bool:off" />
|
|
<ruleoptionvalue value4="bool:off" />
|
|
<ruleoptionvalue value5="bool:off" />
|
|
<ruleoptionvalue value6="bool:off" />
|
|
<ruleoptionvalue value7="bool:off" />
|
|
<ruleoptionvalue value8="bool:off" />
|
|
<ruleoptionvalue value9="bool:off" />
|
|
</ruleoption>
|
|
<ruleoption targetoption="no" type="state_opt" uuid="{3cb856be-021b-4185-9b69-48d238d7c9c0}" >
|
|
<ruleoptionvalue value0="bool:on" />
|
|
<ruleoptionvalue value1="NEW" />
|
|
<ruleoptionvalue value2="bool:off" />
|
|
<ruleoptionvalue value3="bool:off" />
|
|
<ruleoptionvalue value4="bool:off" />
|
|
<ruleoptionvalue value5="bool:off" />
|
|
<ruleoptionvalue value6="bool:off" />
|
|
<ruleoptionvalue value7="bool:off" />
|
|
<ruleoptionvalue value8="bool:off" />
|
|
<ruleoptionvalue value9="bool:off" />
|
|
</ruleoption>
|
|
</rule>
|
|
</chain>
|
|
</table>
|
|
<table uuid="{855aa6cf-d15d-4744-aede-5b93d07b128b}" name="nat" description="This table is made for every kind of
|
|
NAT (Network Address Translation)." >
|
|
<chain default_target="ACCEPT" builtin="yes" uuid="{3410f0f7-e203-4569-a857-dcf922125fa0}" name="OUTPUT" description="In this chain you can decide which
|
|
packets are allowed to be sent away
|
|
from this computer." />
|
|
<chain default_target="ACCEPT" builtin="yes" uuid="{e44c3748-6c56-4c17-be91-76dd12597593}" name="PREROUTING" description="..." />
|
|
<chain default_target="ACCEPT" builtin="yes" uuid="{1092717a-a346-4c75-9a16-a2ec8d749634}" name="POSTROUTING" description="..." />
|
|
</table>
|
|
<table uuid="{a4ef60e2-55fe-4c2c-bff8-3dacfa47caa4}" name="mangle" description="This table is made for altering packets." >
|
|
<chain default_target="ACCEPT" builtin="yes" uuid="{a990c3d6-75e1-49e9-922f-d31ea7d59ccd}" name="INPUT" description="In this chain you can filter packets that
|
|
are addressed directly to this compter." />
|
|
<chain default_target="ACCEPT" builtin="yes" uuid="{65910037-d1ab-4dfc-a5af-c46a32b20e99}" name="OUTPUT" description="In this chain you can decide which
|
|
packets are allowed to be sent away
|
|
from this computer." />
|
|
<chain default_target="ACCEPT" builtin="yes" uuid="{c5f40a03-9239-430c-aa1d-18a7a747f621}" name="FORWARD" description="In this chain you can filter the packets
|
|
that are routed to other hosts by this
|
|
computer." />
|
|
<chain default_target="ACCEPT" builtin="yes" uuid="{34509ced-a1d0-43ca-8bf3-e513cdde985b}" name="PREROUTING" description="..." />
|
|
<chain default_target="ACCEPT" builtin="yes" uuid="{1ee9514d-ed88-4607-a22f-6eb4780ca1d7}" name="POSTROUTING" description="..." />
|
|
</table>
|
|
</kmfrs>
|
|
</target>
|
|
</netzone>
|
|
</kmfnet>
|
|
|