1# Generated by Network Security Policy Compiler, version 2.453 2 3# [ BEGIN router:x ] 4# [ Model = Linux ] 5# [ Routing ] 6! route network:f -> interface:v.b 7ip route add 10.1.5.0/24 via 10.1.2.4 8! route network:0/0 -> interface:y1.b.virtual 9ip route add 0.0.0.0/0 via 10.1.2.22 10# [ ACL ] 11#!/sbin/iptables-restore <<EOF 12*filter 13:INPUT DROP 14:FORWARD DROP 15:OUTPUT ACCEPT 16:eth0_self - 17:eth0_in - 18:eth1_self - 19:eth1_in - 20:c1 - 21:droplog - 22-A droplog -j LOG --log-level debug 23-A droplog -j DROP 24-A c1 -j ACCEPT -d 125.1.2.0/24 25-A c1 -j ACCEPT -d 10.1.255.0/24 26-A c1 -j ACCEPT -d 10.1.3.0/24 27 28# interface:x.a 29-A eth0_in -g c1 -s 125.1.1.10 -d 0.0.0.0/1 -p icmp --icmp-type 8 30 31# interface:x.b 32 33-A INPUT -j ACCEPT -m state --state ESTABLISHED,RELATED 34-A INPUT -j eth0_self -i eth0 35-A INPUT -j eth1_self -i eth1 36-A INPUT -j droplog 37-A FORWARD -j ACCEPT -m state --state ESTABLISHED,RELATED 38-A FORWARD -j eth0_in -i eth0 39-A FORWARD -j eth1_in -i eth1 40-A FORWARD -j droplog 41COMMIT 42EOF 43# [ END router:x ] 44 45