init III

2024-10-14 00:08:40 +02:00
parent dbfba56f66
commit 1462d52e13
4572 changed files with 2658864 additions and 0 deletions
--- a/objectBuilder/global_access
+++ b/objectBuilder/global_access
@@ -0,0 +1,25 @@
+access-list global_access extended permit object-group _CS_SG_icmp any object-group _CS_NG_any 
+access-list global_access extended permit object-group _CS_SG_ntp any object-group _CS_NG_ntp 
+access-list global_access extended permit object-group _CS_SG_dns any object-group _CS_NG_dns 
+access-list global_access extended permit object-group _CS_SG_monitoring.in any object-group _CS_NG_monitoring 
+access-list global_access extended permit object-group _CS_SG_monitoring.out object-group _CS_NG_monitoring any 
+access-list global_access extended permit object-group _CS_SG_ads any object-group _CS_NG_ads 
+access-list global_access extended permit object-group _CS_SG_file any object-group _CS_NG_file 
+access-list global_access extended permit object-group _CS_SG_boega any object-group _CS_NG_boega 
+access-list global_access extended permit object-group _CS_SG_citrix any object-group _CS_NG_citrix 
+access-list global_access extended permit object-group _CS_SG_exchange any object-group _CS_NG_exchange 
+access-list global_access extended permit object-group _CS_SG_any any object-group _CS_NG_xetra 
+access-list global_access extended permit object-group _CS_SG_any any object-group _CS_NG_xontro 
+access-list global_access extended permit object-group _CS_SG_any any object-group _CS_NG_eurex 
+access-list global_access extended permit object-group _CS_SG_backup any object-group _CS_NG_backup 
+access-list global_access extended permit object-group _CS_SG_backup object-group _CS_NG_backup any 
+access-list global_access extended deny object-group _CS_SG_any any object-group _CS_NG_privat log emergencies 
+access-list global_access extended permit object-group _CS_SG_any any object-group _CS_NG_teamfon 
+access-list global_access extended permit object-group _CS_SG_neonet any object-group _CS_NG_neonet 
+access-list global_access extended permit object-group _CS_SG_any any object-group _CS_NG_bloomberg 
+access-list global_access extended permit object-group _CS_SG_email any object-group _CS_NG_any 
+access-list global_access extended permit object-group _CS_SG_http any object-group _CS_NG_any 
+access-list global_access extended permit object-group _CS_SG_any any object-group _CS_NG_any 
+
+
+access-list REL_FWB_access_in line 1 extended permit object-group _CS_SG_icmp any object-group _CS_NG_any 
--- a/objectBuilder/output
+++ b/objectBuilder/output
@@ -0,0 +1,15 @@
+
+object network _CS_NO_suptel.1
+ host 192.168.209.203
+exit
+object service _CS_SO_suptel.1
+ service tcp destination eq 5900
+ description vnc
+exit
+object-group network _CS_NG_suptel
+ network-object object _CS_NO_suptel.1
+exit
+object-group service _CS_SG_suptel
+ service-object object _CS_SO_suptel.1
+exit
+
--- a/objectBuilder/script.pl
+++ b/objectBuilder/script.pl
@@ -0,0 +1,67 @@
+#!/usr/bin/perl
+
+use strict;
+
+my $TR="_";
+my $PR="CS";
+
+print "\n";
+open CONF, "$0.conf";
+my @CONF=<CONF>;
+close CONF;
+
+foreach my $line (@CONF) {
+  chomp $line;
+  next if ($line =~ /^#/);
+  object("NO", $line) if ($line =~ /^NO/);
+  object("SO", $line) if ($line =~ /^SO/);
+  }
+foreach my $line (@CONF) {
+  next if ($line =~ /^#/);
+  objectgroup("NG", $line) if ($line =~ /^NG/);
+  objectgroup("SG", $line) if ($line =~ /^SG/);
+  }
+print "\n";
+  
+sub object {
+  my ($O,$line)=@_;
+  my (undef,$NAME,$Object,$comment) = split /:/, $line;
+  print "object ";
+  print "network " if ($O eq "NO");
+  print "service " if ($O eq "SO");
+  print "$TR$PR$TR$O$TR$NAME\n";
+  print " " if ($O eq "NO");
+  print " service " if ($O eq "SO");
+  print "$Object\n";
+  print " description $comment\n" if ($comment);
+  print "exit\n";
+  }
+  
+sub objectgroup {
+  my ($O,$line)=@_;
+  my (undef,$NAME,$Object,$comment) = split /:/, $line;
+  print "object-group ";
+  print "network " if ($O eq "NG");
+  print "service " if ($O eq "SG");
+  print "$TR$PR$TR$O$TR$NAME\n";
+  my @Objects = split /,/, $Object;
+  foreach my $Ob (@Objects) {
+    print " network-object " if ($O eq "NG");
+    print " service-object " if ($O eq "SG");
+    print "object $TR$PR$TR";
+    print "NO" if ($O eq "NG");
+    print "SO" if ($O eq "SG");
+    print "$TR$Ob\n";
+    }
+  print " description $comment\n" if ($comment);
+  print "exit\n";
+  }
+  
+#PR:CS
+#TR:_
+#NO:NAME1:host 1.2.3.5						> object network TR PR TR NO TR NAME1 \n host 1.2.3.5 \n
+#NO:NAME2:network 1.2.2.0 255.255.255.0				> object network TR PR TR NO TR NAME2 \n network 1.2.2.0 255.255.255.0 \n
+#NG:NAME:NAME1,NAME2						> object-group network TR PR TR NG TR NAME \n network-object object TR PR TR NO TR NAME1 \n network-object object TR PR TR NO TR NAME2 \n
+#SO:NAME1:tcp source eq 123 destination range 100 200		> object service TR PR TR SO TR NAME1 \n tcp source eq 123 destination range 100 200
+#SO:NAME2:tcp destination eq 112				> object service TR PR TR SO TR NAME2 \n tcp destination eq 112
+#SG:NAME:NAME1,NAME2						> object-group service TR PR TR SG TR NAME \n service-object object TR PR TR SO TR NAME1 \n service-object object TR PR TR SO TR NAME2 \n
--- a/objectBuilder/script.pl.conf
+++ b/objectBuilder/script.pl.conf
@@ -0,0 +1,6 @@
+NO:suptel.1:host 192.168.209.203
+NG:suptel:suptel.1
+
+SO:suptel.1:tcp destination eq 5900:vnc
+SG:suptel:suptel.1
+
--- a/objectBuilder/script.pl.conf.all
+++ b/objectBuilder/script.pl.conf.all
@@ -0,0 +1,340 @@
+#NO:NAME1:host 1.2.3.5
+#NO:NAME2:subnet 1.2.2.0 255.255.255.0
+#NG:NAME:NAME1,NAME2
+#SO:NAME1:tcp source eq 123 destination range 100 200
+#SO:NAME2:tcp destination eq 112
+#SG:NAME:NAME1:NAME2
+#
+#####################################################################
+SO:unknown:tcp source eq 21
+
+SO:icmp.1:icmp echo-reply
+SO:icmp.2:icmp unreachable
+SO:icmp.3:icmp time-exceeded
+SG:icmp:icmp.1,icmp.2,icmp.3
+
+SO:any.1:ip
+SG:any:any.1
+
+NO:any.1:subnet 0.0.0.0 0.0.0.0
+NG:any:any.1
+
+#####################################################################
+SO:ntp.1:udp destination eq 123
+SG:ntp:ntp.1
+
+NO:ntp.1:host 90.200.31.21
+NO:ntp.2:host 90.200.31.23
+NO:ntp.3:host 10.1.1.3
+NO:ntp.4:host 192.53.103.104
+NO:ntp.5:host 192.53.103.108
+NO:ntp.6:host 192.53.103.103
+NO:ntp.7:host 212.82.32.15
+NO:ntp.8:host 130.149.17.21
+NO:ntp.9:host 134.130.5.17
+NG:ntp:ntp.1,ntp.2,ntp.3,ntp.4,ntp.5,ntp.6,ntp.7,ntp.8,ntp.9
+#####################################################################
+SO:dns.1:udp destination eq 53
+SO:dns.1:tcp destination eq 53
+SG:dns:dns.1,dns.2
+
+NO:dns.1:host 10.101.0.1
+NO:dns.2:host 10.101.0.15
+NO:dns.3:host 10.101.0.103
+NO:dns.4:host 10.101.0.104
+NO:dns.5:host 8.8.8.8
+NO:dns.6:host 8.8.4.4
+NO:dns.7:host 10.101.0.101
+NO:dns.8:host 10.101.0.102
+NO:dns.9:host 195.20.133.129
+NO:dns.10:host 195.20.133.130
+NG:dns:dns.1,dns.2,dns.3,dns.4,dns.5,dns.6,dns.7,dns.8,dns.9,dns.10
+#####################################################################
+SO:snmp.1:udp destination eq 161
+SO:snmp.2:udp destination eq 162
+SO:syslog.1:udp destination eq 514
+SO:netflow.1:udp destination range 2050 2059
+SG:monitoring.out:snmp.1
+SG:monitoring.in:snmp.2,syslog.1,netflow.1
+
+NO:monitoring.1:host 10.101.0.8
+NO:monitoring.2:host 10.101.0.9
+NO:monitoring.3:host 10.101.0.10
+NO:monitoring.4:host 10.101.0.11
+NO:monitoring.5:host 10.101.0.46
+NO:monitoring.6:host 10.101.0.12
+NO:monitoring.7:host 10.99.0.99
+NG:monitoring:monitoring.1,monitoring.2,monitoring.3,monitoring.4,monitoring.5,monitoring.6,monitoring.7
+#####################################################################
+SO:ssh.1:tcp destination eq 22
+SO:vnc.1:tcp destination eq 5900
+SO:rdp.1:tcp destination eq 3389
+SO:smb.1:tcp destination eq 445
+SG:admin:ssh.1,vnc.1,rdp.1,smb.1
+
+NO:admin.1:host 10.101.0.46
+NO:admin.2:host 10.1.1.3
+NO:admin.3:host 10.101.0.11
+NO:admin.4:subnet 192.168.88.0 255.255.255.0
+NG:admin:admin.1,admin.2,admin.3,admin.4
+#####################################################################
+SO:ads.1:tcp destination range 3268 3269:globalcatalog(s)
+SO:ads.2:udp destination eq 389:ldap
+SO:ads.3:udp destination eq 135:rpc ecm
+SO:ads.4:tcp destination eq 135:rpc ecm
+SO:ads.5:udp destination eq 445:smb
+SO:ads.6:tcp destination eq 445:smb
+SO:ads.7:udp destination eq 464:kerberos-pw
+SO:ads.8:tcp destination eq 464:kerberos-pw
+SO:ads.9:udp destination eq 53:dns
+SO:ads.10:tcp destination eq 53:dns
+SO:ads.11:tcp destination eq 139:netbios-ssn
+SO:ads.12:udp destination range 87 89:kerberos
+SO:ads.13:udp destination eq 138:netbios-dgm
+SO:ads.14:tcp destination range 87 89:kerberos
+SO:ads.15:tcp destination eq 389:ldap
+SO:ads.16:udp destination eq 123:ntp
+SO:ads.17:tcp destination eq 80
+SO:ads.18:tcp destination eq 8888
+SO:ads.19:udp destination eq 137:netbios-ns
+SO:ads.20:tcp destination eq 636:ldaps
+SO:ads.21:tcp destination eq 25:smtp
+SO:ads.22:tcp destination eq 2525:smtp
+SO:ads.23:tcp destination eq 9389:soap
+SO:ads.24:tcp destination range 1025 5000
+SO:ads.25:tcp destination range 49152 65535
+SO:ads.26:tcp destination eq 443
+SO:ads.27:tcp destination eq 8530:wsus
+SO:ads.28:icmp
+SO:ads.29:tcp destination eq 8531:wsuss
+SO:ads.30:tcp destination eq 10123:client notification configuration manager
+SO:ads.31:udp destination eq 750:kerberos secure
+SO:ads.32:udp destination range 1025 5000
+SO:ads.33:udp destination range 49152 65535
+SG:ads:ads.1,ads.2,ads.3,ads.4,ads.5,ads.6,ads.7,ads.8,ads.9,ads.10,ads.11,ads.12,ads.13,ads.14,ads.15,ads.16,ads.17,ads.18,ads.19,ads.20,ads.21,ads.22,ads.23,ads.24,ads.25,ads.26,ads.27,ads.28,ads.29,ads.30,ads.31,ads.32,ads.33
+
+NO:ads.1:host 10.101.0.103
+NO:ads.2:host 10.101.0.104
+NO:ads.3:host 10.101.0.101
+NO:ads.4:host 10.101.0.102
+NO:wsus.1:host 10.101.0.109:wsus wds
+NO:wds.1:host 10.101.0.119:sec2
+NO:ads.5:host 10.101.0.100
+NO:ads.6:host 10.101.0.105
+NO:ads.7:host 10.101.0.106
+NG:ads:ads.1,ads.2,ads.3,ads.4,wsus.1,wds.1,ads.5,ads.6,ads.7
+#####################################################################
+NO:boega.1:host 92.1.253.1
+NG:boega:boega.1
+
+SO:boega.1:tcp destination eq 23231
+SO:boega.2:tcp destination eq 23232
+SG:boega:boega.1,boega.2
+#####################################################################
+SO:citrix.1:tcp destination eq 80
+SO:citrix.2:tcp destination eq 443
+SO:citrix.3:tcp destination eq 1495
+SO:citrix.4:tcp destination eq 2598
+SG:citrix:citrix.1,citrix.2,citrix.3,citrix.4
+
+NO:citrix.1:host 10.101.0.20
+NO:citrix.2:host 10.101.0.21
+NO:citrix.3:host 10.101.0.22
+NO:citrix.4:host 10.101.0.23
+NO:citrix.5:host 10.101.0.24
+NO:citrix.6:host 10.101.0.25
+NO:citrix.7:host 10.101.0.30
+NO:citrix.8:host 10.101.0.31
+NO:citrix.9:host 10.101.0.32
+NO:citrix.10:host 10.101.0.200
+NO:citrix.11:host 10.3.2.180
+NO:citrix.12:host 10.3.2.181
+NO:citrix.13:host 10.3.2.182
+NO:citrix.14:host 10.3.2.183
+NO:citrix.15:host 10.3.2.184
+NO:citrix.16:host 10.3.2.185
+NG:citrix:citrix.1,citrix.2,citrix.3,citrix.4,citrix.5,citrix.6,citrix.7,citrix.8,citrix.9,citrix.10,citrix.11,citrix.12,citrix.13,citrix.14,citrix.15,citrix.16
+#####################################################################
+NO:privat.1:subnet 10.0.0.0 255.0.0.0
+NO:privat.2:subnet 172.16.0.0 255.240.0.0
+NO:privat.3:subnet 192.168.0.0 255.255.0.0
+NG:privat:privat.1,privat.2,privat.3
+#####################################################################
+SO:exchange.1:tcp destination eq 389:ldap
+SO:exchange.2:tcp destination eq 379:srs
+SO:exchange.3:tcp destination eq 390:ldap
+SO:exchange.4:tcp destination eq 3268:globalcatalog
+SO:exchange.5:tcp destination eq 636:ldaps
+SO:exchange.6:tcp destination eq 3269:globalcatalogs
+SO:exchange.7:tcp destination eq 143:imap
+SO:exchange.8:tcp destination eq 993:imaps
+SO:exchange.9:tcp destination eq 110:pop3
+SO:exchange.10:tcp destination eq 995:pop3s
+SO:exchange.11:tcp destination eq 119:nntp
+SO:exchange.12:tcp destination eq 563:nntps
+SO:exchange.13:tcp destination eq 80:http
+SO:exchange.14:tcp destination eq 443:https
+SO:exchange.15:tcp destination eq 25:smtp
+SO:exchange.16:tcp destination eq 465:smtps
+SO:exchange.17:tcp destination eq 591:smtp_lsa
+SO:exchange.18:tcp destination eq 102:x400
+SO:exchange.19:tcp destination eq 135:ms-rpc
+SO:exchange.20:tcp destination eq 522:uls
+SO:exchange.21:tcp destination eq 52:dns
+SO:exchange.22:udp destination eq 52:dns
+SO:exchange.23:tcp destination eq 2525:smtp_conet
+SO:exchange.24:tcp destination range 1025 5000
+SO:exchange.25:tcp destination range 49152 65535
+SO:exchange.26:tcp destination eq 25905
+SO:exchange.27:tcp destination eq 25990
+SG:exchange:exchange.1,exchange.2,exchange.3,exchange.4,exchange.5,exchange.6,exchange.7,exchange.8,exchange.9,exchange.10,exchange.11,exchange.12,exchange.13,exchange.14,exchange.15,exchange.16,exchange.17,exchange.18,exchange.19,exchange.20,exchange.21,exchange.22,exchange.23,exchange.24,exchange.25,exchange.26,exchange.27
+
+NO:exchange.1:host 10.101.0.112
+NG:exchange:exchange.1
+#####################################################################
+SO:smtp.1:tcp destination eq 25
+SO:smtp.2:tcp destination eq 465
+SO:smtp.3:tcp destination eq 587
+SO:smtp.4:tcp destination eq 2525
+SO:pop3.1:tcp destination eq 110
+SO:pop3.2:tcp destination eq 995
+SO:imap.1:tcp destination eq 143
+SO:imap.2:tcp destination eq 993
+SG:email:smtp.1,smtp.2,smtp.3,smtp.4,pop3.1,pop3.2,imap.1,imap.2
+#####################################################################
+SO:http.1:tcp destination eq 80
+SO:http.2:tcp destination eq 443
+SG:http:http.1,http.2
+#####################################################################
+SO:neonet.1:icmp:monitor
+SO:neonet.2:tcp destination range 7000 8999:neonetfix
+SO:neonet.3:tcp destination eq 1900:neonetmonitorservice
+SO:neonet.4:tcp destination eq 31302:neonetnasorderentry
+SO:neonet.5:tcp destination eq 21302:neonetnodemarketdata
+SO:neonet.6:tcp destination eq 41302:neonetsoftwareautoupdate
+SO:neonet.7:tcp destination range 36660 36670:neonettapadge
+SG:neonet:neonet.1,neonet.2,neonet.3,neonet.4,neonet.5,neonet.6,neonet.7
+
+NO:neonet.1:subnet 194.126.151.0 255.255.255.192
+NG:neonet:neonet.1
+#####################################################################
+NO:mcast.1:subnet 224.0.0.0 240.0.0.0
+NO:xetra.1:host 10.3.2.11
+NO:xetra.2:host 10.3.2.12
+NO:xetra.3:host 10.3.2.15
+NO:xetra.4:host 10.3.2.16
+NO:xetra.5:host 10.3.2.51
+NO:xetra.6:host 10.3.2.52
+NG:xetra:xetra.1,xetra.2,xetra.3,xetra.4,xetra.5,xetra.6,mcast.1
+#####################################################################
+NO:eurex.1:host 10.3.2.62
+NO:eurex.2:host 10.3.2.63
+NG:eurex:eurex.1,eurex.2,mcast.1
+#####################################################################
+NO:xontro.1:host 10.3.2.23
+NO:xontro.2:host 10.3.2.24
+NG:xontro:xontro.1,xontro.2,mcast.1
+#####################################################################
+SO:file.1:tcp destination eq 445
+SG:file:file.1
+NO:file.1:host 10.101.0.105
+NG:file:file.1
+#####################################################################
+SO:backup.1:tcp destination eq 6101
+SO:backup.2:tcp destination eq 10000
+SO:backup.3:tcp destination eq 445
+SO:backup.4:tcp source eq 445
+SO:backup.5:tcp destination eq 80
+SG:backup:backup.1,backup.2,backup.3,backup.4,backup.5
+
+NO:backup.1:host 10.1.1.24
+NO:backup.2:host 10.101.0.202
+NO:backup.3:host 10.101.0.110:ema
+NG:backup:backup.1,backup.2,backup.3
+#####################################################################
+NO:teamfon.1:subnet 212.29.18.0 255.255.255.0
+NG:teamfon,teamfon.1
+
+#####################################################################
+NO:bloomberg.1:subnet 208.134.161.0 255.255.255.0
+NO:bloomberg.2:subnet 205.183.246.0 255.255.255.0
+NO:bloomberg.3:subnet 199.105.176.0 255.255.248.0
+NO:bloomberg.4:subnet 199.105.184.0 255.255.254.0
+NO:bloomberg.5:subnet 69.184.0.0 255.255.0.0
+NG:bloomberg:bloomberg.1,bloomberg.2,bloomberg.3,bloomberg.4,bloomberg.5
+#####################################################################
+NO:itrader.1:subnet 192.168.207.0 255.255.255.0
+NG:itrader:itrader.1
+#####################################################################
+NO:storage.1:host 10.101.1.70
+NO:storage.2:host 10.101.1.72
+NO:storage.3:host 10.101.1.71
+NO:storage.4:host 10.1.1.3
+NG:storage:storage.1,storage.2,storage.3,storage.4
+#####################################################################
+NO:pxwrelfr.1:host 10.101.0.163
+NO:pxwrelfr.2:host 10.101.0.122
+NO:pxwrelfr.3:host 10.101.0.160
+NO:pxwrelfr.4:host 10.101.0.164
+NG:pxwrelfr:pxwrelfr.1,pxwrelfr.2,pxwrelfr.3,pxwrelfr.4
+
+SO:pxwrelfr_db.1:tcp destination eq 1521
+SO:pxwrelfr_mc.1:tcp destination range 21000 21999
+SO:pxwrelfr_qc.1:tcp destination range 20000 20999
+SG:pxwrelfr:pxwrelfr_db.1,pxwrelfr_mc.1,pxwrelfr_qc.1
+#####################################################################
+NO:obrel.1:host 10.101.0.121
+NO:obrel.2:host 10.101.0.122
+NG:obrel:obrel.1,obrel.2
+
+SO:obrel_db.1:tcp destination eq 1521
+SO:obrel_mc.1:tcp destination range 8800 8899
+SG:obrel:obrel_db.1,obrel_mc.1
+#####################################################################
+NO:rts.1:host 10.136.41.10
+NO:rts.2:host 10.36.12.41
+NO:rts.3:host 10.36.1.19
+NO:rts.4:host 10.36.1.20
+NO:rts.5:host 10.36.1.21
+NO:rts.6:host 10.36.1.22
+NG:rts:rts.1,rts.2,rts.3,rts.4,rts.5,rts.6
+#####################################################################
+NO:tickts.1:host 80.73.37.10:tickts
+NO:tickts.2:host 80.73.36.15:tickts
+NO:tickts.3:host 80.73.36.25:tickts
+NO:tickts.4:host 80.73.37.15:tickts
+NO:tickts.5:host 80.73.37.25:tickts
+NO:tickts.6:host 83.244.214.42:morningstar
+NO:tickts.7:host 83.244.214.43:morningstar
+NO:tickts.8:host 91.220.8.135:teletrader
+NO:tickts.9:host 91.220.8.136:teletrader
+NO:tickts.10:host  91.220.8.137:teletrader
+NO:tickts.11:host  91.220.8.138:teletrader
+NG:tickts:tickts.1,tickts.2,tickts.3,tickts.4,tickts.5,tickts.6,tickts.7,tickts.8,tickts.9,tickts.10,tickts.11
+
+SO:tickts.1:tcp destination eq 40435:login
+SO:tickts.2:tcp destination eq 40608:trade
+SO:tickts.3:tcp destination eq 40406:quote
+SO:tickts.4:tcp destination eq 40421:compressed market data
+SO:tickts.5:tcp destination eq 18247:morningstar
+SO:tickts.6:tcp destination eq 2080:teletrader
+SG:tickts:tickts.1,tickts.2,tickts.3,tickts.4,tickts.5,tickts.6
+#####################################################################
+NO:xitaro.1:subnet 194.110.108.0 255.255.255.224
+NO:xitaro.2:subnet 194.110.108.32 255.255.255.240
+NO:xitaro.3:subnet 192.165.167.64 255.255.255.224
+NO:xitaro.4:subnet 192.165.167.112 255.255.255.240
+NG:xitaro:xitaro.1,xitaro.2,xitaro.3,xitaro.4
+
+SO:xitaro.1:tcp destination eq 17005:fix
+SO:xitaro.2:tcp destination eq 18005:fix drop
+SO:xitaro.3:tcp destination eq 8082:giw
+SG:xitaro:xitaro.1,xitaro.2,xitaro.3
+#####################################################################
+NO:suptel.1:host 192.168.209.203
+NG:suptel:suptel.1
+
+SO:suptel.1:tcp destination eq 5900:vnc
+SG:suptel:suptel.1
+#####################################################################
+#####################################################################