diff --git a/Samples/one-interface/rules b/Samples/one-interface/rules index 9d4ab2eb0..a67dbc859 100755 --- a/Samples/one-interface/rules +++ b/Samples/one-interface/rules @@ -365,7 +365,7 @@ # # #ACTION SOURCE DEST PROTO DEST SOURCE ORIGINAL # # PORT PORT(S) DEST -# ACCEPT net:130.252.100.69,130.252.100.70 fw \ +# ACCEPT net:130.252.100.69,130.252.100.70 $FW \ # tcp 22 ############################################################################################################# #ACTION SOURCE DEST PROTO DEST SOURCE ORIGINAL RATE USER/ @@ -373,10 +373,10 @@ # Reject Ping from the "bad" net zone.. and prevent your log from being flooded.. -Ping/REJECT:none! net fw +Ping/REJECT:none! net $FW # Permit all ICMP traffic FROM the firewall TO the net zone -ACCEPT fw net icmp +ACCEPT $FW net icmp #LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE diff --git a/Samples/three-interfaces/rules b/Samples/three-interfaces/rules index 827ac549d..5cfca7a15 100755 --- a/Samples/three-interfaces/rules +++ b/Samples/three-interfaces/rules @@ -365,20 +365,20 @@ # # #ACTION SOURCE DEST PROTO DEST SOURCE ORIGINAL # # PORT PORT(S) DEST -# ACCEPT net:130.252.100.69,130.252.100.70 fw \ +# ACCEPT net:130.252.100.69,130.252.100.70 $FW \ # tcp 22 ############################################################################################################# -#ACTION SOURCE DEST PROTO DEST SOURCE ORIGINAL RATE USER/ -# PORT PORT(S) DEST LIMIT GROUP +#ACTION SOURCE DEST PROTO DEST SOURCE ORIGINAL RATE USER/ +# PORT PORT(S) DEST LIMIT GROUP # # Accept DNS connections from the firewall to the Internet # -DNS/ACCEPT fw net +DNS/ACCEPT $FW net # # # Accept SSH connections from the local network to the firewall and DMZ # -SSH/ACCEPT loc fw +SSH/ACCEPT loc $FW SSH/ACCEPT loc dmz # # DMZ DNS access to the Internet @@ -388,22 +388,22 @@ DNS/ACCEPT dmz net # Reject Ping from the "bad" net zone. -Ping/REJECT:none! net fw +Ping/REJECT net $FW # # Make ping work bi-directionally between the dmz, net, Firewall and local zone # (assumes that the loc-> net policy is ACCEPT). # -Ping/ACCEPT loc fw -Ping/ACCEPT dmz fw +Ping/ACCEPT loc $FW +Ping/ACCEPT dmz $FW Ping/ACCEPT loc dmz Ping/ACCEPT dmz loc Ping/ACCEPT dmz net -ACCEPT fw net icmp -ACCEPT fw loc icmp -ACCEPT fw dmz icmp +ACCEPT $FW net icmp +ACCEPT $FW loc icmp +ACCEPT $FW dmz icmp # Uncomment this if using Proxy ARP and static NAT and you want to allow ping from # the net zone to the dmz and loc diff --git a/Samples/two-interfaces/rules b/Samples/two-interfaces/rules index 5f4073573..f72b1e017 100755 --- a/Samples/two-interfaces/rules +++ b/Samples/two-interfaces/rules @@ -365,33 +365,33 @@ # # #ACTION SOURCE DEST PROTO DEST SOURCE ORIGINAL # # PORT PORT(S) DEST -# ACCEPT net:130.252.100.69,130.252.100.70 fw \ +# ACCEPT net:130.252.100.69,130.252.100.70 $FW \ # tcp 22 ############################################################################################################# -#ACTION SOURCE DEST PROTO DEST SOURCE ORIGINAL RATE USER/ -# PORT PORT(S) DEST LIMIT GROUP -# PORT PORT(S) DEST LIMIT GROUP +#ACTION SOURCE DEST PROTO DEST SOURCE ORIGINAL RATE USER/ +# PORT PORT(S) DEST LIMIT GROUP +# PORT PORT(S) DEST LIMIT GROUP # -# Accept DNS connections from the firewall to the network +# Accept DNS connections from the firewall to the network # -DNS/ACCEPT fw net +DNS/ACCEPT $FW net # -# Accept SSH connections from the local network for administration +# Accept SSH connections from the local network for administration # -SSH/ACCEPT loc fw +SSH/ACCEPT loc $FW # -# Allow Ping from the local network +# Allow Ping from the local network # -Ping/ACCEPT loc fw +Ping/ACCEPT loc $FW # # Reject Ping from the "bad" net zone.. and prevent your log from being flooded.. # -Ping/REJECT:none! net fw +Ping/REJECT net $FW -ACCEPT fw loc icmp -ACCEPT fw net icmp +ACCEPT $FW loc icmp +ACCEPT $FW net icmp # #LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE