firewall
rule 10 deny sharep2p from private.lan to public
rule 20 deny winny from private.lan to public
rule 30 permit dhcp from private.dhcp to private.dhcp
rule 40 permit any from private.lan to private.lan
rule 50 permit any from private.lan to public
rule 60 permit dns from public.wan.ppp0 to public.wan
rule 70 permit http from public.wan.ppp0 to public.wan
rule 80 permit https from public.wan.ppp0 to public.wan
rule 90 permit ssl from public.wan.ppp0 to public.wan
rule 100 permit TCP from public.wan.ppp0 to public.wan
rule 110 permit undecided from public.wan.ppp0 to public.wan
protect
firewall
rule 10 deny facebook from private to public
rule 20 deny youtube from private to public
rule 30 permit any from private to private
rule 40 permit any from private to public
rule 50 permit any from public.wan.ppp0 to public
protect
!
no spanning-tree rstp enable
!
interface eth1
encapsulation ppp 0
!
interface ppp0
ppp ipcp dns request
keepalive
ip address negotiated
ppp username user@isp
ppp password isppasswd
ip tcp adjust-mss pmtu
!
interface vlan1
ip address 192.168.10.1/24
!
dpi
provider procera
enable
!
ip-reputation
provider proofpoint
category Bot action deny
category ChatServer action deny
protect
!
ips
category http-events action deny
protect
!
zone private
network dhcp
ip subnet 0.0.0.0/0 interface vlan1
network lan
ip subnet 192.168.10.0/24
host hostA
ip address 192.168.10.10
!
zone public
network wan
ip subnet 0.0.0.0/0 interface ppp0
host ppp0
ip address dynamic interface ppp0
!
web-control
action permit
provider opentext
rule 10 permit any from private.lan.hostA
rule 20 deny nudity from private
rule 30 deny pornography from private
protect
!
firewall
rule 10 deny sharep2p from private.lan to public
rule 20 deny winny from private.lan to public
rule 30 permit dhcp from private.dhcp to private.dhcp
rule 40 permit any from private.lan to private.lan
rule 50 permit any from private.lan to public
rule 60 permit dns from public.wan.ppp0 to public.wan
rule 70 permit http from public.wan.ppp0 to public.wan
rule 80 permit https from public.wan.ppp0 to public.wan
rule 90 permit ssl from public.wan.ppp0 to public.wan
rule 100 permit TCP from public.wan.ppp0 to public.wan
rule 110 permit undecided from public.wan.ppp0 to public.wan
protect
!
nat
rule 10 masq any from private to public
enable
!
ip dhcp pool pool10
network 192.168.10.0 255.255.255.0
range 192.168.10.100 192.168.10.131
default-router 192.168.10.1
dns-server 192.168.10.1
lease 0 2 0
!
service dhcp-server
!
ip dns forwarding
!
ip route 0.0.0.0/0 ppp0
!
end