#
# 透過型ファイアウォール(Webサーバーを公開する)
#

#
# FWX120
#

ip route default gateway 192.168.100.254
bridge member bridge1 lan1 lan2
ip bridge1 address 192.168.100.101/24
ip lan2 intrusion detection in on
ip lan2 intrusion detection in ip on reject=on
ip lan2 intrusion detection in ip-option on reject=on
ip lan2 intrusion detection in fragment on reject=on
ip lan2 intrusion detection in icmp on reject=on
ip lan2 intrusion detection in udp on reject=on
ip lan2 intrusion detection in tcp on reject=on
ip lan2 intrusion detection in default off
ip lan2 intrusion detection out on
ip lan2 intrusion detection out ftp on reject=on
ip lan2 intrusion detection out default off
ip policy service group 101 name="Open Services" ftp www https
ip policy service group 102 name=General dns dhcpc dhcps icmp
ip policy service group 103 name=Mail pop3 smtp submission
ip policy service group 105 name=Route rip ospf
ip policy service group 200 name=Group group 101 102 103 105
ip policy filter 2200 reject-nolog lan1 * * * *
ip policy filter 2210 reject-nolog * lan2 * * *
ip policy filter 2211 pass-nolog * * * * 200
ip policy filter 2220 static-pass-nolog * local * * *
ip policy filter 2250 reject-nolog lan2 * * * *
ip policy filter 2260 reject-nolog * lan1 * * *
ip policy filter 2270 static-pass-nolog * local * * *
ip policy filter 2300 static-pass-nolog local * * * *
ip policy filter 3000 reject-nolog * * * * *
ip policy filter set 101 name="Internet Access" 2200 [2210 [2211] 2220] 2250 [2260 2270] 2300 3000
ip policy filter set enable 101
dns server 192.168.100.254
httpd host any