21 lines
910 B
Plaintext
Executable File
21 lines
910 B
Plaintext
Executable File
#SOURCE ZONE DESTINATION ZONE POLICY LOG LIMIT:BURST
|
|
# LEVEL
|
|
#Allow the firewall to get out to the net. Updates/e-mail alerts etc. I could pinhole this, but meh COME AT ME NSA
|
|
$FW wan ACCEPT
|
|
|
|
#Road warrior is trusted. It serves as an extension of the mgmt net.
|
|
vpnrwr all ACCEPT
|
|
|
|
#Anything transisting the vpn link between ausprod-core-rtr01 and tsys-rtr has already been passed firewall rules and IPS inspection.
|
|
#Otherwise I wouldn't allow this
|
|
vpnauslab all ACCEPT
|
|
|
|
#Drop everything inbound from the big bad world that isn't explicitly allowed.
|
|
#Cause the net is where the NSA lives
|
|
wan all DROP
|
|
|
|
#Drop everything that isn't explicitly allowed.
|
|
#Make explicit rules for everything yo. The NSA says you should. Duh.
|
|
# #state-sponsored-malware #stuxnet-was-an-inside-job
|
|
all all REJECT info
|