diff options
| author | Johan Lundberg <lundberg@nordu.net> | 2015-04-02 10:43:33 +0200 |
|---|---|---|
| committer | Johan Lundberg <lundberg@nordu.net> | 2015-04-02 10:43:33 +0200 |
| commit | bd611ac59f7c4db885a2f8631ef0bcdcd1901ca0 (patch) | |
| tree | e60f5333a7699cd021b33c7f5292af55b774001b /filters/sample_srx.srx | |
Diffstat (limited to 'filters/sample_srx.srx')
| -rw-r--r-- | filters/sample_srx.srx | 73 |
1 files changed, 73 insertions, 0 deletions
diff --git a/filters/sample_srx.srx b/filters/sample_srx.srx new file mode 100644 index 0000000..3c3beaf --- /dev/null +++ b/filters/sample_srx.srx @@ -0,0 +1,73 @@ +security { + zones { + security-zone DMZ { + replace: address-book { + address RFC1918_0 10.0.0.0/8; + address RFC1918_1 172.16.0.0/12; + address RFC1918_2 192.168.0.0/16; + address-set RFC1918 { + address RFC1918_0; + address RFC1918_1; + address RFC1918_2; + } + } + } + } + replace: policies { + /* + $Id: ./filters/sample_srx.srx $ + $Date: 2015/03/26 $ + */ + from-zone Untrust to-zone DMZ { + policy test-tcp { + match { + source-address any; + destination-address [ RFC1918 ]; + application test-tcp-app; + } + then { + permit; + log { + session-init; + } + } + } + policy test-icmp { + match { + source-address any; + destination-address [ RFC1918 ]; + application test-icmp-app; + } + then { + permit; + } + } + policy default-deny { + match { + source-address any; + destination-address any; + application any; + } + then { + deny; + } + } + } + } +} +replace: applications { + application-set test-tcp-app { + application test-tcp-app1; + application test-tcp-app2; + } + application test-tcp-app1 { + term t1 protocol tcp; + } + application test-tcp-app2 { + term t2 protocol udp; + } + application test-icmp-app { + term t1 protocol icmp icmp-type 0 inactivity-timeout 60; + term t2 protocol icmp icmp-type 8 inactivity-timeout 60; + } +}
\ No newline at end of file |