// INSPECT Security Policy Script Generated by cshenton@LapDancer.it.hq.nasa.gov at 12Mar98 17:20:57 // from Rulebase by FireWall-1 Version 3.0b [VPN] Compiler // Running under SunOS5.5.1 // Number of Authentication and Encryption rules #define NAUTHENTICATION 0 #define NENCRYPTION 0 #define NLOGIC 0 #define NLOGICFOLD 0 #define NACCOUNT 0 ///////////////////////////// // Exported Rules Database // ///////////////////////////// export { ( :auth () :crypt () :logic () :logicfold () :proxy () :rules ( : (rule-1 :src ( : Any ) :dst ( : lapdancer ) :services ( : H323 : NetMeeting : NetMeeting-DirSrv ) :action ( : (accept :type (accept) :color ("Dark green") :macro (RECORD_CONN) :icon-name (icon-accept) :text-rid (61463) :windows-color (green) ) ) :track ( : Long ) :install ( : (Gateways :type (gateways) :color ("Navy Blue") :icon-name (icon-gateways) ) ) :time ( : Any ) ) : (rule-2 :src ( : Any ) :dst ( : Any ) :services ( : Any ) :action ( : (drop :type (drop) :color (Firebrick) :icon-name (icon-drop) :text-rid (61465) :windows-color (green) ) ) :track () :install ( : (Gateways :type (gateways) :color ("Navy Blue") :icon-name (icon-gateways) ) ) :time ( : Any ) ) ) :party () :conf_params ( : (tcptimeout :val (900) :type (int) ) : (udptimeout :val (40) :type (int) ) : (udpreply :val (true) :type (str) ) : (addresstrans :val (false) :type (str) ) : (skipmaxtime :val (120) :type (int) ) : (skipmaxbytes :val (10485760) :type (int) ) : (icmpcryptver :val (0) :type (int) ) : (fwsynatk_method :val (0) :type (int) ) : (fwsynatk_timeout :val (10) :type (int) ) : (fwsynatk_max :val (500) :type (int) ) : (fwsynatk_ifnum :val (-1) :type (int) ) : (fwsynatk_warning :val (1) :type (int) ) : (disable_ipsec :val (false) :type (str) ) ) ) }.set; /////////////////////////// // Beginning of Prologue // /////////////////////////// // Define Log Preferences #define LOG_TIMEOUT 9 // Define Session Timeouts #define TCP_TIMEOUT 900 #define UDP_TIMEOUT 40 // List of known TCP services tcp_services = { 256, 257, 258, 259, 261, 18181, 18182, 6000, 6001, 6002, 6003, 6004, 6005, 6006, 6007, 6008, 6009, 6010, 6011, 6012, 6013, 6014, 6015, 6016, 6017, 6018, 6019, 6020, 6021, 6022, 6023, 6024, 6025, 6026, 6027, 6028, 6029, 6030, 6031, 6032, 6033, 6034, 6035, 6036, 6037, 6038, 6039, 6040, 6041, 6042, 6043, 6044, 6045, 6046, 6047, 6048, 6049, 6050, 6051, 6052, 6053, 6054, 6055, 6056, 6057, 6058, 6059, 6060, 6061, 6062, 6063, 2000, 513, 512, 514, 23, 21, 540, 80, 70, 210, 25, 109, 110, 119, 15, 79, 113, 2626, 5510, 1521, 7, 53, 750, 9, 37, 13, 123, 139, 6670, 6680, 1352, 7000, 7070, 1720, 6500, 6499, 1503, 522, 389, 443, 1235, 453, 455, 1720, 22, 5001, 9224, 43, 105, 17003, 17003, 106, 10101, 15632 }; // List of known UDP services udp_services = { 259, 260, 161, 162, 2049, 69, 520, 1525, 513, 514, 42, 512, 67, 1024, 7, 53, 750, 9, 37, 13, 123, 137, 138, 22555, 1645, 1558, 370, 61801, 61802, 61803, 61804, 61805, 61806, 61807, 61808, 61809, 61810, 61811, 61812, 61813, 61814, 61815, 61816, 61817, 61818, 61819, 61820, 61821, 7648, 7649, 7650, 7651, 7652, 1987 }; // Log macro for IP Options #define IPOPTNS_LOG LOG(badip_form, LOG_NOALERT, 0) // Log macro for Established TCP Packets #define LOG_ESTABLISHED_TCP // Define flag for Live Connections #define LIVE_CONNS 1 // Define flag for enabling decryption on accept #define ACCEPT_DECRYPT_ENABLE 0 #define NO_ENCRYPTION_FEATURES 1 // Address Translation definitions #define FWXT_EOX 0x0 #define FWXT_TCP_DPORT_STATIC 0xb02 #define FWXT_UDP_DPORT_STATIC 0x1b02 // Include Common Definition File #include "fwui_head.def" SRV_tcp(h323, 1720) SRV_tcp(netmeeting, 1503) SRV_tcp(netmeeting-dirsrv, 522) ///////////////////// // End of Prologue // ///////////////////// /////////////////////////////////////// // Beginning of Security Policy Code // /////////////////////////////////////// // List of FireWalled Gateways, Hosts and Embedded systems firewalled_list = { 192.168.0.2, 131.182.8.1, 131.182.5.1, 131.182.5.2, 192.168.1.2, 198.116.65.1, 131.182.8.1 }; // List of RADIUS Servers radius_servers_list = { 0 }; // List of cvp Servers cvp_servers_list = { 192.168.0.2 }; // List of ufp Servers ufp_servers_list = { 192.168.0.2 }; // List of Servers, operated by Logical Servers servers_list = { 0 }; //time lists MAKE_ALERT(alert_tab, <"![alert]">) MAKE_ALERT(snmptrap_tab, <"![snmptrap]">) MAKE_ALERT(mail_tab, <"![mail]">) MAKE_ALERT(useralert_tab, <"![useralert]">) MAKE_ALERT(spoofalert_tab, <"![spoofalert]">) MAKE_ALERT(userauthalert_tab, <"![userauthalert]">) ADDR_gateway(neuromancer, 192.168.0.2) ADDR_gateway(wintermute, 131.182.5.2) ADDR_host(lapdancer, 131.182.119.44) target_list1 = targets { neuromancer, wintermute }; // Code for First-Bounded Properties init_code; ftpdata_code; rpc_code; ftppasv_code; accept_fw1_connections_first; #define REVERSE_UDP 1 #include "code.def" accept_fw1_connections; accept_rip; accept_domain_udp; accept_domain_tcp; enable_radius_queries; #define load_agent_port 0 #if NLOGIC > 0 enable_load_agent_queries; #endif // Rule-Base And Before-Last Properties Code start_rule_base_code; inbound all@target_list1 accept start_rule_code(1), (tcp, h323 or netmeeting or netmeeting-dirsrv), (ip_dst = lapdancer), RECORD_CONN(1), LOG(long, LOG_NOALERT, 1); inbound all@target_list1 drop start_rule_code(2); // Code for Last-Bounded Properties accept_icmp; accept_outgoing; ///////////////////////////////// // End of Security Policy Code // ///////////////////////////////// #include "fwui_trail.def"