Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- 2.6.0-RELEASE][admin@firewall.cosmanperugia.it]/root: pfctl -sr
- scrub on igb3 inet all fragment reassemble
- scrub on igb3 inet6 all fragment reassemble
- scrub on igb4 inet all fragment reassemble
- scrub on igb4 inet6 all fragment reassemble
- scrub on igb5 inet all fragment reassemble
- scrub on igb5 inet6 all fragment reassemble
- scrub on igb6 inet all fragment reassemble
- scrub on igb6 inet6 all fragment reassemble
- scrub on igb8 inet all fragment reassemble
- scrub on igb8 inet6 all fragment reassemble
- scrub on igb9 inet all fragment reassemble
- scrub on igb9 inet6 all fragment reassemble
- scrub on ovpns2 inet all fragment reassemble
- scrub on ovpns2 inet6 all fragment reassemble
- anchor "openvpn/*" all
- anchor "ipsec/*" all
- pass in quick on lo0 inet6 all flags S/SA keep state label "pass IPv6 loopback" ridentifier 1000000001
- pass out quick on lo0 inet6 all flags S/SA keep state label "pass IPv6 loopback" ridentifier 1000000002
- block drop in log quick inet6 all label "Block all IPv6" ridentifier 1000000003
- block drop out log quick inet6 all label "Block all IPv6" ridentifier 1000000004
- block drop in log quick inet from 169.254.0.0/16 to any label "Block IPv4 link-local" ridentifier 1000000101
- block drop in log quick inet from any to 169.254.0.0/16 label "Block IPv4 link-local" ridentifier 1000000102
- block drop in log inet all label "Default deny rule IPv4" ridentifier 1000000103
- block drop out log inet all label "Default deny rule IPv4" ridentifier 1000000104
- block drop in log inet6 all label "Default deny rule IPv6" ridentifier 1000000105
- block drop out log inet6 all label "Default deny rule IPv6" ridentifier 1000000106
- block drop log quick inet proto tcp from any port = 0 to any label "Block traffic from port 0" ridentifier 1000000107
- block drop log quick inet proto udp from any port = 0 to any label "Block traffic from port 0" ridentifier 1000000107
- block drop log quick inet proto tcp from any to any port = 0 label "Block traffic to port 0" ridentifier 1000000108
- block drop log quick inet proto udp from any to any port = 0 label "Block traffic to port 0" ridentifier 1000000108
- block drop log quick from <snort2c> to any label "Block snort2c hosts" ridentifier 1000000109
- block drop log quick from any to <snort2c> label "Block snort2c hosts" ridentifier 1000000110
- block drop in log quick proto carp from (self) to any ridentifier 1000000201
- pass quick proto carp all no state ridentifier 1000000202
- block drop in log quick proto tcp from <sshguard> to (self) port = ssh label "sshguard" ridentifier 1000000301
- block drop in log quick proto tcp from <sshguard> to (self) port = 22443 label "GUI Lockout" ridentifier 1000000351
- block drop in log quick from <virusprot> to any label "virusprot overload table" ridentifier 1000000400
- block drop in log on ! igb3 inet from 192.168.1.0/24 to any ridentifier 1000001570
- block drop in log inet from 192.168.1.1 to any ridentifier 1000001570
- block drop in log on igb3 inet6 from fe80::e63a:6eff:fe48:8db3 to any ridentifier 1000001570
- pass in quick on igb3 inet proto udp from any port = bootpc to 255.255.255.255 port = bootps keep state label "allow access to DHCP server" ridentifier 1000001591
- pass in quick on igb3 inet proto udp from any port = bootpc to 192.168.1.1 port = bootps keep state label "allow access to DHCP server" ridentifier 1000001592
- pass out quick on igb3 inet proto udp from 192.168.1.1 port = bootps to any port = bootpc keep state label "allow access to DHCP server" ridentifier 1000001593
- block drop in log on ! igb4 inet from 192.168.5.0/24 to any ridentifier 1000002620
- block drop in log inet from 192.168.5.1 to any ridentifier 1000002620
- block drop in log on igb4 inet6 from fe80::e63a:6eff:fe48:8db4 to any ridentifier 1000002620
- block drop in log on ! igb5 inet from 172.16.16.0/24 to any ridentifier 1000003670
- block drop in log inet from 172.16.16.254 to any ridentifier 1000003670
- block drop in log on igb5 inet6 from fe80::e63a:6eff:fe48:8db5 to any ridentifier 1000003670
- pass in quick on igb5 inet proto udp from any port = bootpc to 255.255.255.255 port = bootps keep state label "allow access to DHCP server" ridentifier 1000003691
- pass in quick on igb5 inet proto udp from any port = bootpc to 172.16.16.254 port = bootps keep state label "allow access to DHCP server" ridentifier 1000003692
- pass out quick on igb5 inet proto udp from 172.16.16.254 port = bootps to any port = bootpc keep state label "allow access to DHCP server" ridentifier 1000003693
- block drop in log on ! igb6 inet from 178.236.172.144/29 to any ridentifier 1000004720
- block drop in log inet from 178.236.172.146 to any ridentifier 1000004720
- block drop in log inet from 178.236.172.147 to any ridentifier 1000004720
- block drop in log inet from 178.236.172.148 to any ridentifier 1000004720
- block drop in log inet from 178.236.172.149 to any ridentifier 1000004720
- block drop in log inet from 178.236.172.150 to any ridentifier 1000004720
- block drop in log on igb6 inet6 from fe80::e63a:6eff:fe48:8db6 to any ridentifier 1000004720
- block drop in log on ! igb8 inet from 192.168.20.0/24 to any ridentifier 1000005770
- block drop in log inet from 192.168.20.254 to any ridentifier 1000005770
- block drop in log on igb8 inet6 from fe80::e63a:6eff:fe48:8db8 to any ridentifier 1000005770
- pass in quick on igb8 inet proto udp from any port = bootpc to 255.255.255.255 port = bootps keep state label "allow access to DHCP server" ridentifier 1000005791
- pass in quick on igb8 inet proto udp from any port = bootpc to 192.168.20.254 port = bootps keep state label "allow access to DHCP server" ridentifier 1000005792
- pass out quick on igb8 inet proto udp from 192.168.20.254 port = bootps to any port = bootpc keep state label "allow access to DHCP server" ridentifier 1000005793
- block drop in log on ! igb9 inet from 192.168.8.0/24 to any ridentifier 1000006820
- block drop in log inet from 192.168.8.254 to any ridentifier 1000006820
- block drop in log on igb9 inet6 from fe80::e63a:6eff:fe48:8db9 to any ridentifier 1000006820
- block drop in log on ! ovpns2 inet from 172.80.80.0/24 to any ridentifier 1000007870
- block drop in log inet from 172.80.80.1 to any ridentifier 1000007870
- block drop in log on ovpns2 inet6 from fe80::e63a:6eff:fe48:8db0 to any ridentifier 1000007870
- pass in on lo0 inet all flags S/SA keep state label "pass IPv4 loopback" ridentifier 1000008961
- pass out on lo0 inet all flags S/SA keep state label "pass IPv4 loopback" ridentifier 1000008962
- pass out inet all flags S/SA keep state allow-opts label "let out anything IPv4 from firewall host itself" ridentifier 1000008963
- pass out route-to (igb6 178.236.172.145) inet from 178.236.172.146 to ! 178.236.172.144/29 flags S/SA keep state allow-opts label "let out anything from firewall host itself" ridentifier 1000009061
- pass out route-to (igb6 178.236.172.145) inet from 178.236.172.147 to ! 178.236.172.144/29 flags S/SA keep state allow-opts label "let out anything from firewall host itself" ridentifier 1000009062
- pass out route-to (igb6 178.236.172.145) inet from 178.236.172.148 to ! 178.236.172.144/29 flags S/SA keep state allow-opts label "let out anything from firewall host itself" ridentifier 1000009063
- pass out route-to (igb6 178.236.172.145) inet from 178.236.172.149 to ! 178.236.172.144/29 flags S/SA keep state allow-opts label "let out anything from firewall host itself" ridentifier 1000009064
- pass out route-to (igb6 178.236.172.145) inet from 178.236.172.150 to ! 178.236.172.144/29 flags S/SA keep state allow-opts label "let out anything from firewall host itself" ridentifier 1000009065
- pass out route-to (ovpns2 172.80.80.2) inet from 172.80.80.1 to ! 172.80.80.0/24 flags S/SA keep state allow-opts label "let out anything from firewall host itself" ridentifier 1000009066
- pass in quick on igb3 proto tcp from any to (igb3) port = 22443 flags S/SA keep state label "anti-lockout rule" ridentifier 10001
- pass in quick on igb3 proto tcp from any to (igb3) port = http flags S/SA keep state label "anti-lockout rule" ridentifier 10001
- pass in quick on igb3 proto tcp from any to (igb3) port = ssh flags S/SA keep state label "anti-lockout rule" ridentifier 10001
- anchor "userrules/*" all
- pass in quick on openvpn inet all flags S/SA keep state label "USER_RULE: OpenVPN OpenVPN Cosman wizard" ridentifier 1428069474
- pass in log quick on igb3 inet proto tcp from any to 192.168.20.0/24 flags S/SA keep state label "USER_RULE: log rete carroponte" ridentifier 1670256233
- pass in log quick on igb3 inet from <FreePBX> to <negate_networks> flags S/SA keep state label "NEGATE_ROUTE: Negate policy routing for destination" ridentifier 10000001
- pass in log quick on igb3 inet from <FreePBX> to any flags S/SA keep state label "USER_RULE: NethVoice navigazione tramite TWT" ridentifier 1548869361
- pass in log quick on igb3 inet proto tcp from <Telefonia> to any port = domain flags S/SA keep state label "USER_RULE: Accesso Porta 53 da Telefoni e Nethvoice" ridentifier 1595599440
- pass in log quick on igb3 inet proto udp from <Telefonia> to any port = domain keep state label "USER_RULE: Accesso Porta 53 da Telefoni e Nethvoice" ridentifier 1595599440
- pass in log quick on igb3 inet proto tcp from <pi_hole> to any port = domain flags S/SA keep state label "USER_RULE: Accesso Porta 53 da Pi Hole" ridentifier 1595599594
- pass in log quick on igb3 inet proto udp from <pi_hole> to any port = domain keep state label "USER_RULE: Accesso Porta 53 da Pi Hole" ridentifier 1595599594
- pass in log quick on igb3 inet proto tcp from <GR_QNap> to any port = domain flags S/SA keep state label "USER_RULE: Accesso Porta 53 da GR_QNap" ridentifier 1595604377
- pass in log quick on igb3 inet proto udp from <GR_QNap> to any port = domain keep state label "USER_RULE: Accesso Porta 53 da GR_QNap" ridentifier 1595604377
- pass in log quick on igb3 inet proto tcp from <GR_VM_SUB20> to any port = domain flags S/SA keep state label "USER_RULE: Accesso Porta 53 da GR_VM_SUB20" ridentifier 1671700496
- pass in log quick on igb3 inet proto udp from <GR_VM_SUB20> to any port = domain keep state label "USER_RULE: Accesso Porta 53 da GR_VM_SUB20" ridentifier 1671700496
- pass in log quick on igb3 inet proto tcp from <posta> to any port = domain flags S/SA keep state label "USER_RULE: Accesso Porta 53 da Pi Hole" ridentifier 1595602165
- pass in log quick on igb3 inet proto udp from <posta> to any port = domain keep state label "USER_RULE: Accesso Porta 53 da Pi Hole" ridentifier 1595602165
- pass in log quick on igb3 inet proto tcp from 192.168.1.32 to any port = domain flags S/SA keep state label "USER_RULE: Accesso Porta 53 da Pi Hole" ridentifier 1675288016
- pass in log quick on igb3 inet proto udp from 192.168.1.32 to any port = domain keep state label "USER_RULE: Accesso Porta 53 da Pi Hole" ridentifier 1675288016
- pass in log quick on igb3 inet proto tcp from <SERVER_DC_239> to any port = domain flags S/SA keep state label "USER_RULE: Accesso Porta 53 da SERVER DC 239" ridentifier 1595599672
- pass in log quick on igb3 inet proto udp from <SERVER_DC_239> to any port = domain keep state label "USER_RULE: Accesso Porta 53 da SERVER DC 239" ridentifier 1595599672
- pass in log quick on igb3 inet proto tcp from <GR_Proxmox> to any port = domain flags S/SA keep state label "USER_RULE: Accesso Porta 53 da GR_Proxmox" ridentifier 1595603451
- pass in log quick on igb3 inet proto udp from <GR_Proxmox> to any port = domain keep state label "USER_RULE: Accesso Porta 53 da GR_Proxmox" ridentifier 1595603451
- block drop in log quick on igb3 inet proto tcp from ! <pi_hole> to any port = domain label "USER_RULE: BLOCCO Porta 53 da LanCosman" ridentifier 1595599728
- block drop in log quick on igb3 inet proto udp from ! <pi_hole> to any port = domain label "USER_RULE: BLOCCO Porta 53 da LanCosman" ridentifier 1595599728
- pass in quick on igb3 inet from 192.168.8.57 to 192.168.1.238 flags S/SA keep state label "USER_RULE: TELECAMERA PER TIME LAPSE" ridentifier 1576660408
- pass in quick on igb3 inet from <pc_umberto_cosman> to 192.168.20.0/24 flags S/SA keep state label "USER_RULE: Allow PCUMBERTO to LAN6CASAROSI any rule" ridentifier 1428073563
- pass in quick on igb3 inet from <pc_umberto_cosman> to 192.168.8.0/24 flags S/SA keep state label "USER_RULE: Allow PCUMBERTO to LAN8VIDEO any rule" ridentifier 1466499827
- pass in quick on igb3 inet from 192.168.1.15 to 192.168.8.0/24 flags S/SA keep state label "USER_RULE: Allow PCNICOLA to LAN8VIDEO any rule" ridentifier 1598522738
- pass in quick on igb3 inet from 192.168.1.12 to 192.168.5.245 flags S/SA keep state label "USER_RULE: Allow PCUMBERTO to 192.168.5.245 any rule" ridentifier 1467270811
- pass in quick on igb3 inet from <pc_accesso_videosorveglianza> to 192.168.8.0/24 flags S/SA keep state label "USER_RULE: Allow PC to LAN8VIDEO any rule" ridentifier 1466500219
- pass in quick on igb3 inet from 192.168.1.0/24 to 192.168.5.0/24 flags S/SA keep state label "USER_RULE: Allow LAN1COSMAN --> FOTOVOLTAICO any rule" ridentifier 1428074438
- pass in log quick on igb3 inet from 192.168.1.0/24 to any flags S/SA keep state label "USER_RULE: Default allow LAN to any rule" ridentifier 1428069473
- block drop in log quick on igb4 inet from 192.168.5.0/24 to 192.168.1.0/24 label "USER_RULE: Block FOTOVOLTAICO -> LAN1COSMAN" ridentifier 1445524592
- block drop in log quick on igb4 inet from 192.168.5.0/24 to 192.168.20.0/24 label "USER_RULE: Block FOTOVOLTAICO -> LAN6CASARO" ridentifier 1445525198
- block drop in log quick on igb4 inet from 192.168.5.0/24 to 172.16.16.0/24 label "USER_RULE: Block FOTOVOLTAICO -> WIFI" ridentifier 1445530404
- block drop in log quick on igb4 inet from 192.168.5.0/24 to 192.168.8.0/24 label "USER_RULE: Block FOTOVOLTAICO -> LAN8VIDEO" ridentifier 1445530441
- block drop in log quick on igb4 inet from 192.168.5.0/24 to 178.236.172.144/29 label "USER_RULE: Block FOTOVOLTAICO -> LAN2TECNOADSL" ridentifier 1445530560
- pass in log quick on igb4 inet proto tcp from 192.168.5.0/24 to 192.168.5.1 port = domain flags S/SA keep state label "USER_RULE: Allow FOTOVOLTAICO DNS#53" ridentifier 1445530908
- pass in log quick on igb4 inet proto udp from 192.168.5.0/24 to 192.168.5.1 port = domain keep state label "USER_RULE: Allow FOTOVOLTAICO DNS#53" ridentifier 1445530908
- block drop in log quick on igb4 inet from 192.168.5.0/24 to 192.168.5.1 label "USER_RULE: Block FOTOVOLTAICO -> FIREWALL" ridentifier 1445530844
- pass in log quick on igb4 inet from 192.168.5.0/24 to any flags S/SA keep state label "USER_RULE: Permetti FOTOVOLTAICO to any rule" ridentifier 1428069475
- pass in log quick on igb5 inet proto tcp from any to <Stampanti> flags S/SA keep state label "USER_RULE" ridentifier 1519666037
- pass in log quick on igb5 inet proto udp from any to <Stampanti> keep state label "USER_RULE" ridentifier 1519666037
- block drop in log quick on igb5 inet from 172.16.16.0/24 to 192.168.5.0/24 label "USER_RULE: Block WIFIOSPITI net to FOTOVOLTAICO net" ridentifier 1428069476
- block drop in log quick on igb5 inet from 172.16.16.0/24 to 192.168.1.0/24 label "USER_RULE: Block WIFIOSPITI to LAN1CSOMAN" ridentifier 1428069478
- block drop in log quick on igb5 inet from 172.16.16.0/24 to 192.168.20.0/24 label "USER_RULE: Block WIFIOSPITI to LAN6 CARROPONTE" ridentifier 1669720811
- block drop in log quick on igb5 inet from 172.16.16.0/24 to 192.168.8.0/24 label "USER_RULE: Block WIFIOSPITI to LAN8 VIDEO" ridentifier 1669721218
- pass in log quick on igb5 inet from 172.16.16.0/24 to any flags S/SA keep state label "USER_RULE: Default allow WIFI OSPITI to any rule" ridentifier 1428069479
- block drop in log quick on igb6 reply-to (igb6 178.236.172.145) inet from <CrowdSec> to any label "USER_RULE: Blocked by CrowdSec" ridentifier 1676545111
- pass in quick on igb6 reply-to (igb6 178.236.172.145) inet proto tcp from any to <zimbra> port = https flags S/SA keep state label "USER_RULE: NAT Accesso HTTPS #443 su Zimbra" ridentifier 1428069467
- pass in quick on igb6 reply-to (igb6 178.236.172.145) inet proto tcp from any to <server_fotovoltaico> port = http flags S/SA keep state label "USER_RULE: NAT Accesso HTTP #80 Server Fotovoltaico da WAN1T..." ridentifier 1460718740
- pass in quick on igb6 reply-to (igb6 178.236.172.145) inet proto tcp from any to <Hickvision_NVR> port = 8000 flags S/SA keep state label "USER_RULE: NAT Accesso Hikvision da iVMS-4500 - porta 8000" ridentifier 1466862799
- pass in quick on igb6 reply-to (igb6 178.236.172.145) inet proto tcp from any to <Server_Manutenzioni> port = http flags S/SA keep state label "USER_RULE: NAT Accesso HTTP Server Manutenzioni da TWT" ridentifier 1476460342
- pass in quick on igb6 reply-to (igb6 178.236.172.145) inet proto tcp from any to <Server_Manutenzioni> port = https flags S/SA keep state label "USER_RULE: NAT Accesso HTTPS #630 Server Manutenzioni da TWT" ridentifier 1476460383
- pass in quick on igb6 reply-to (igb6 178.236.172.145) inet proto tcp from any to <Hickvision_NVR> port = rtsp flags S/SA keep state label "USER_RULE: NAT Accesso Hikvision da iVMS-4500 - porta 554" ridentifier 1477296290
- pass in quick on igb6 reply-to (igb6 178.236.172.145) inet proto udp from any to <Hickvision_NVR> port = rtsp keep state label "USER_RULE: NAT Accesso Hikvision da iVMS-4500 - porta 554" ridentifier 1477296290
- pass in quick on igb6 reply-to (igb6 178.236.172.145) inet proto tcp from any to <Hickvision_NVR> port = http flags S/SA keep state label "USER_RULE: NAT Accesso Hikvision da iVMS-4500 - porta 8082 t..." ridentifier 1477296595
- pass in quick on igb6 reply-to (igb6 178.236.172.145) inet proto tcp from any to 192.168.6.5 port = 8409 flags S/SA keep state label "USER_RULE: NAT Accesso Myweb ROSI utente" ridentifier 1490270241
- pass in quick on igb6 reply-to (igb6 178.236.172.145) inet proto tcp from any to 192.168.6.5 port = 7890 flags S/SA keep state label "USER_RULE: NAT Accesso Oberon ROSI installatore" ridentifier 1490270426
- pass in quick on igb6 reply-to (igb6 178.236.172.145) inet proto tcp from any to 192.168.7.5 port = 8409 flags S/SA keep state label "USER_RULE: NAT Accesso Myweb CARLO utente" ridentifier 1491557723
- pass in quick on igb6 reply-to (igb6 178.236.172.145) inet proto tcp from any to 192.168.7.5 port = 7890 flags S/SA keep state label "USER_RULE: NAT Accesso Oberon CARLO installatore" ridentifier 1491557784
- pass in quick on igb6 reply-to (igb6 178.236.172.145) inet proto tcp from any to 192.168.7.50 port = http flags S/SA keep state label "USER_RULE: NAT Accesso telecamera 50 CARLO" ridentifier 1492154064
- pass in quick on igb6 reply-to (igb6 178.236.172.145) inet proto tcp from any to 192.168.7.51 port = rtsp flags S/SA keep state label "USER_RULE: NAT Accesso telecamera 51 CARLO" ridentifier 1492156036
- pass in quick on igb6 reply-to (igb6 178.236.172.145) inet proto tcp from any to 192.168.7.51 port = rtsp flags S/SA keep state label "USER_RULE: NAT Accesso telecamera 51 CARLO" ridentifier 1492157925
- pass in quick on igb6 reply-to (igb6 178.236.172.145) inet proto tcp from any to <Hickvision_CASACARLO> port = http flags S/SA keep state label "USER_RULE: NAT Accesso Hikvision da iVMS-4500 - porta 8083 t..." ridentifier 1502297185
- pass in quick on igb6 reply-to (igb6 178.236.172.145) inet proto tcp from <NovaProject> to <server_fotovoltaico> port = rdp flags S/SA keep state label "USER_RULE: NAT Accesso RDP su server fotovoltaico - NovaProject" ridentifier 1596731238
- pass in quick on igb6 reply-to (igb6 178.236.172.145) inet proto udp from <monitoraggio> to 192.168.1.237 port = snmp keep state label "USER_RULE: NAT monitoraggio nas qnap 237" ridentifier 1599121448
- pass in quick on igb6 reply-to (igb6 178.236.172.145) inet proto udp from <monitoraggio> to 192.168.1.238 port = snmp keep state label "USER_RULE: NAT monitoraggio nas qnap 238" ridentifier 1599124195
- pass in quick on igb6 reply-to (igb6 178.236.172.145) inet proto tcp from any to <zimbra> port = http flags S/SA keep state label "USER_RULE: NAT Accesso porta 80 verso server Zimbra" ridentifier 1600760840
- pass in quick on igb6 reply-to (igb6 178.236.172.145) inet proto udp from any to 178.236.172.146 port = openvpn keep state label "USER_RULE: OpenVPN OpenVPN Cosman wizard" ridentifier 1623244325
- pass in quick on igb6 reply-to (igb6 178.236.172.145) inet proto tcp from any to 178.236.172.146 port = 1196 flags S/SA keep state label "USER_RULE: OpenVPN Mikrotik Carlo Mannocci" ridentifier 1654609089
- pass in log quick on igb6 reply-to (igb6 178.236.172.145) inet proto udp from any to 178.236.172.146 port = rsf-1 keep state label "USER_RULE: OpenVPN 4.0" ridentifier 1670931110
- pass in quick on igb6 reply-to (igb6 178.236.172.145) inet proto tcp from any to <firewall> port = 22443 flags S/SA keep state label "USER_RULE: NAT Accesso HTTPS #22443 su Pfsense da WAN2TECNOADSL" ridentifier 1460718742
- pass in quick on igb6 reply-to (igb6 178.236.172.145) inet proto tcp from any to <Hickvision_NVR> port = http flags S/SA keep state label "USER_RULE: NAT Accesso Hikvision iVMS-4500 da Wan2 - porta ..." ridentifier 1477297039
- pass in log quick on igb6 reply-to (igb6 178.236.172.145) inet proto tcp from any to 192.168.1.250 port = http flags S/SA keep state label "USER_RULE: NAT Accesso HTTP Server Manutenzioni Test Ithings..." ridentifier 1638876623
- pass in quick on igb6 reply-to (igb6 178.236.172.145) inet proto tcp from any to 192.168.7.5 port = https flags S/SA keep state label "USER_RULE: NAT Accesso Myweb CARLO utente #22775" ridentifier 1656781305
- pass in quick on igb6 reply-to (igb6 178.236.172.145) inet proto tcp from <AdalabVodafone> to 192.168.1.193 port = rdp flags S/SA keep state label "USER_RULE: NAT Accesso RDP su VM 193 Test - Adalab" ridentifier 1669992075
- pass in quick on igb6 reply-to (igb6 178.236.172.145) inet proto tcp from 31.27.167.162 to 192.168.1.166 port = rdp flags S/SA keep state label "USER_RULE: NAT NAT# Accesso RDP su VM 166" ridentifier 1674234410
- pass in quick on igb8 inet from 192.168.20.0/24 to <synology> flags S/SA keep state label "USER_RULE: Pass CARROPONTE to SYNOLOGY NAS BACKUP COSMAN" ridentifier 1670845029
- pass in quick on igb8 inet from 192.168.20.0/24 to <SERVER_DC_239> flags S/SA keep state label "USER_RULE: Pass CARROPONTE to DC_239 COSMAN" ridentifier 1672224986
- pass in quick on igb8 inet from <GR_VM_SUB20> to 192.168.1.0/24 flags S/SA keep state label "USER_RULE: Pass VM VLAN20 to COSMAN NET" ridentifier 1670845029
- block drop in log quick on igb8 inet from 192.168.20.0/24 to 172.16.16.0/24 label "USER_RULE: Block CARROPONTE to WIFIOSPITI" ridentifier 1669721330
- block drop in log quick on igb8 inet from 192.168.20.0/24 to 192.168.1.0/24 label "USER_RULE: Block CARROPONTE to LAN1 COSMAN" ridentifier 1669721308
- block drop in log quick on igb8 inet proto tcp from 192.168.20.0/24 to 192.168.20.254 label "USER_RULE: Block CARROPONTE to Firewall" ridentifier 1669721925
- block drop in log quick on igb8 inet proto udp from 192.168.20.0/24 to 192.168.20.254 label "USER_RULE: Block CARROPONTE to Firewall" ridentifier 1669721925
- block drop in log quick on igb8 inet from 192.168.20.0/24 to 192.168.5.0/24 label "USER_RULE: Block CARROPONTE to FOTOVOLTAICO" ridentifier 1669721357
- pass in log quick on igb8 inet from 192.168.20.0/24 to any flags S/SA keep state label "USER_RULE: Default allow LAN6CASAROSI to any rule" ridentifier 1428072465
- pass in log quick on igb9 inet proto tcp from 192.168.8.57 to 192.168.1.238 flags S/SA keep state label "USER_RULE" ridentifier 1576763462
- pass in quick on igb9 inet proto tcp from 192.168.8.57 to <W7_UnifiController> flags S/SA keep state label "USER_RULE: TELECAMERA to Sitema TIME LAPSE" ridentifier 1578332084
- pass in quick on igb9 inet from 192.168.8.0/24 to any flags S/SA keep state label "USER_RULE: Default allow LAN8VIDEO to any rule" ridentifier 1466498848
- pass in log quick on ovpns2 reply-to (ovpns2 172.80.80.2) inet all flags S/SA keep state label "USER_RULE" ridentifier 1654616381
- anchor "tftp-proxy/*" all
- [2.6.0-RELEASE][admin@firewall.cosmanperugia.it]/root:
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement