blob: 3c3beafba9729c625684585f3ae87d821d474a8b (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
|
security {
zones {
security-zone DMZ {
replace: address-book {
address RFC1918_0 10.0.0.0/8;
address RFC1918_1 172.16.0.0/12;
address RFC1918_2 192.168.0.0/16;
address-set RFC1918 {
address RFC1918_0;
address RFC1918_1;
address RFC1918_2;
}
}
}
}
replace: policies {
/*
$Id: ./filters/sample_srx.srx $
$Date: 2015/03/26 $
*/
from-zone Untrust to-zone DMZ {
policy test-tcp {
match {
source-address any;
destination-address [ RFC1918 ];
application test-tcp-app;
}
then {
permit;
log {
session-init;
}
}
}
policy test-icmp {
match {
source-address any;
destination-address [ RFC1918 ];
application test-icmp-app;
}
then {
permit;
}
}
policy default-deny {
match {
source-address any;
destination-address any;
application any;
}
then {
deny;
}
}
}
}
}
replace: applications {
application-set test-tcp-app {
application test-tcp-app1;
application test-tcp-app2;
}
application test-tcp-app1 {
term t1 protocol tcp;
}
application test-tcp-app2 {
term t2 protocol udp;
}
application test-icmp-app {
term t1 protocol icmp icmp-type 0 inactivity-timeout 60;
term t2 protocol icmp icmp-type 8 inactivity-timeout 60;
}
}
|
