home *** CD-ROM | disk | FTP | other *** search
/ PC World 2005 December / PCWorld_2005-12_cd.bin / software / temacd / tiny / tpf-6[1].5.126.exe / Tiny Firewall 2005.msi / Firewall.xml1 < prev    next >
Encoding:
Extensible Markup Language  |  2005-01-17  |  18.6 KB  |  168 lines
  1.  ■<?xml version="1.0" encoding="UTF-16" standalone="no"?>
  2. <SecDb xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:noNamespaceSchemaLocation="Firewall.xsd">
  3.     <VersionInfo major="2"/>
  4.     <Module id="Firewall"/>
  5.     <Globals>
  6.         <Property id="FWChangeSecurityAL" type="int">1</Property>
  7.         <Property id="ClosedPortAccessAL" type="int">0</Property>
  8.         <Property id="NatProcessingEn" type="int">0</Property>
  9.     </Globals>
  10.     <Definitions>
  11.         <Object ot="ipaddress" id="LAN">
  12.             <Item>10.0.0.0/255.0.0.0</Item>
  13.             <Item>172.16.0.0/255.240.0.0</Item>
  14.             <Item>192.168.0.0/255.255.0.0</Item>
  15.             <Item>FEC0::/48</Item>
  16.         </Object>
  17.         <Object ot="ipaddress" id="Loopback">
  18.             <Item>127.0.0.1</Item>
  19.         </Object>
  20.         <Object ot="iptransport" id="HTTP Out">
  21.             <Item dir="out" prot="tcp" locport="*" remport="80"/>
  22.         </Object>
  23.         <Object ot="iptransport" id="HTTPS Out">
  24.             <Item dir="out" prot="tcp" locport="*" remport="443"/>
  25.         </Object>
  26.         <Object ot="iptransport" id="Alternate HTTP Out">
  27.             <Item dir="out" prot="tcp" locport="*" remport="8080"/>
  28.         </Object>
  29.         <Object ot="iptransport" id="BOOTP In">
  30.             <Item dir="in" prot="udp" locport="68" remport="*"/>
  31.         </Object>
  32.         <Object ot="iptransport" id="NetBIOS UDP In">
  33.             <Item dir="in" prot="udp" locport="137-138" remport="*"/>
  34.         </Object>
  35.         <Object ot="iptransport" id="NetBIOS TCP In">
  36.             <Item dir="in" prot="tcp" locport="139" remport="*"/>
  37.         </Object>
  38.         <Object ot="iptransport" id="Microsoft DS In">
  39.             <Item dir="in" prot="tcp_udp" locport="445" remport="*"/>
  40.         </Object>
  41.         <Object ot="iptransport" id="RPC Service In">
  42.             <Item dir="in" prot="tcp_udp" locport="135" remport="*"/>
  43.         </Object>
  44.         <Object ot="iptransport" id="RPC Service Out">
  45.             <Item dir="out" prot="tcp_udp" locport="*" remport="135"/>
  46.         </Object>
  47.         <Object ot="iptransport" id="Network Time In">
  48.             <Item dir="in" prot="tcp_udp" locport="123" remport="*"/>
  49.         </Object>
  50.         <Object ot="iptransport" id="ISAKMP In">
  51.             <Item dir="in" prot="tcp_udp" locport="500" remport="*"/>
  52.         </Object>
  53.         <Object ot="iptransport" id="SMTP Out">
  54.             <Item dir="out" prot="tcp" locport="*" remport="25"/>
  55.         </Object>
  56.         <Object ot="iptransport" id="POP3 Out">
  57.             <Item dir="out" prot="tcp" locport="*" remport="110"/>
  58.         </Object>
  59.         <Object ot="iptransport" id="IMAP Out">
  60.             <Item dir="out" prot="tcp" locport="*" remport="143"/>
  61.         </Object>
  62.         <Object ot="iptransport" id="News Out">
  63.             <Item dir="out" prot="tcp" locport="*" remport="119"/>
  64.         </Object>
  65.         <Object ot="iptransport" id="Outlook All">
  66.             <Item dir="in_out" prot="tcp_udp" locport="1024-65535" remport="1024-65535"/>
  67.         </Object>
  68.         <Object ot="iptransport" id="DNS Out">
  69.             <Item dir="out" prot="udp" locport="*" remport="53"/>
  70.         </Object>
  71.         <Object ot="iptransport" id="FTP Out">
  72.             <Item dir="out" prot="tcp" locport="*" remport="21"/>
  73.         </Object>
  74.         <Object ot="iptransport" id="LDAP Out">
  75.             <Item dir="out" prot="tcp" locport="*" remport="389"/>
  76.         </Object>
  77.         <Object ot="iptransport" id="TCP UDP All">
  78.             <Item dir="in_out" prot="tcp_udp" locport="*" remport="*"/>
  79.         </Object>
  80.         <Object ot="iptransport" id="ICMP All">
  81.             <Item dir="in_out" prot="icmp" icmptype="*"/>
  82.         </Object>
  83.         <Object ot="iptransport" id="Other IP All">
  84.             <Item dir="in_out" prot="other" prot_num="0-255"/>
  85.         </Object>
  86.         <Object ot="iptransport" id="Terminal Service Server">
  87.             <Item dir="in" prot="tcp" locport="3389" remport="*"/>
  88.         </Object>
  89.         <Object ot="iptransport" id="IGMP All">
  90.             <Item dir="in_out" prot="other" prot_num="2"/>
  91.         </Object>
  92.         <Object ot="iptransport" id="GRE All">
  93.             <Item dir="in_out" prot="other" prot_num="47"/>
  94.         </Object>
  95.     </Definitions>
  96.     <ExceptionList/>
  97.     <BindSocketNotificationList>
  98.         <BindSocketNotification label="*" notifyServerPorts="Monitor" notifyGenPorts="Ignore"/>
  99.     </BindSocketNotificationList>
  100.     <RuleList>
  101.         <Rule id="NS1" priority="low" dir="out" prot="tcp" locport="*" remport="*" remaddr="*" app="iexplore.exe" desc="Allows all outbound TCP connections for Internet Explorer">
  102.             <AccessDesc at="NetworkAccess" ar="Allow" al="Ignore"/>
  103.         </Rule>
  104.         <Rule id="NS13" priority="low" transport_id="TCP UDP All" remaddr="*" app_id="Trusted" desc="Allows all TCP/UDP traffic for Trusted group">
  105.             <AccessDesc at="NetworkAccess" ar="Allow" al="Monitor"/>
  106.         </Rule>
  107.         <Rule id="NS2" zone="1" priority="low" transport_id="NetBIOS TCP In" remaddr_id="LAN" app_id="TrustedServices" account="system" desc="Allows inbound NetBIOS TCP connection from LAN for TrustedServices group">
  108.             <AccessDesc at="NetworkAccess" ar="Allow" al="Ignore"/>
  109.         </Rule>
  110.         <Rule id="NS3" priority="low" transport_id="Terminal Service Server" remaddr="*" app_id="TrustedServices" account="system" desc="Allows inbound Terminal Service connections for TrustedServices group">
  111.             <AccessDesc at="NetworkAccess" ar="Allow" al="Monitor"/>
  112.         </Rule>
  113.         <Rule id="NS4" zone="1" priority="low" transport_id="BOOTP In" remaddr_id="LAN" app_id="TrustedServices" account="system" desc="Allows inbound BOOTP connection from LAN for TrustedServices group">
  114.             <AccessDesc at="NetworkAccess" ar="Allow" al="Ignore"/>
  115.         </Rule>
  116.         <Rule id="NS5" zone="1" priority="low" transport_id="NetBIOS UDP In" remaddr_id="LAN" app_id="TrustedServices" account="system" desc="Allows inbound NetBIOS UDP connection from LAN for TrustedServices group">
  117.             <AccessDesc at="NetworkAccess" ar="Allow" al="Ignore"/>
  118.         </Rule>
  119.         <Rule id="NS8" zone="1" priority="low" transport_id="Network Time In" remaddr_id="LAN" app_id="TrustedServices" account="system" desc="Allows inbound Network Time connection from LAN for TrustedServices group">
  120.             <AccessDesc at="NetworkAccess" ar="Allow" al="Ignore"/>
  121.         </Rule>
  122.         <Rule id="NS7" zone="1" priority="low" transport_id="RPC Service In" remaddr_id="LAN" app_id="TrustedServices" account="system" desc="Allows inbound RPC Service connection from LAN for TrustedServices group">
  123.             <AccessDesc at="NetworkAccess" ar="Allow" al="Ignore"/>
  124.         </Rule>
  125.         <Rule id="NS6" zone="1" priority="low" transport_id="Microsoft DS In" remaddr_id="LAN" app_id="TrustedServices" account="system" desc="Allows inbound Microsoft DS connection from LAN for TrustedServices group">
  126.             <AccessDesc at="NetworkAccess" ar="Allow" al="Ignore"/>
  127.         </Rule>
  128.         <Rule id="NS9" zone="1" priority="low" transport_id="ISAKMP In" remaddr_id="LAN" app_id="TrustedServices" account="system" desc="Allows inbound ISAKMP connection from LAN for TrustedServices group">
  129.             <AccessDesc at="NetworkAccess" ar="Allow" al="Ignore"/>
  130.         </Rule>
  131.         <Rule id="NS10" zone="2" priority="low" dir="in" prot="tcp_udp" locport="*" remport="*" remaddr="*" app_id="TrustedServices" account="system" desc="Prevents inbound TCP/UDP traffic from Dangerous Zone for TrustedServices group">
  132.             <AccessDesc at="NetworkAccess" ar="Prevent" al="Monitor"/>
  133.         </Rule>
  134.         <Rule id="NS11" zone="1" priority="low" dir="in" prot="tcp_udp" locport="*" remport="*" remaddr="*" app_id="TrustedServices" account="system" desc="Allows inbound TCP/UDP traffic from Safe Zone for TrustedServices group">
  135.             <AccessDesc at="NetworkAccess" ar="Allow" al="Ignore"/>
  136.         </Rule>
  137.         <Rule id="NS12" priority="low" dir="out" prot="tcp_udp" locport="*" remport="*" remaddr="*" app_id="TrustedServices" account="system" desc="Allows outbound TCP/UDP traffic for TrustedServices group">
  138.             <AccessDesc at="NetworkAccess" ar="Allow" al="Ignore"/>
  139.         </Rule>
  140.         <Rule id="NS14" priority="low" transport_id="TCP UDP All" remaddr_id="Loopback" app="*" timeofday="*" desc="Allows loopback TCP/UDP traffic">
  141.             <AccessDesc at="NetworkAccess" ar="Allow" al="Ignore"/>
  142.         </Rule>
  143.         <Rule id="NS15" priority="low" transport_id="TCP UDP All" remaddr="*" app="*" desc="Asks for every new TCP/UDP connection started by unassigned application">
  144.             <AccessDesc at="NetworkAccess" ar="AskUser" al="Monitor"/>
  145.         </Rule>
  146.         <Rule id="NS16" zone="2" priority="low" dir="in" prot="icmp" icmptype="ECHO_REQ_REPLY_8_0" remaddr="*" app="*" account="system" desc="Prevents inbound ICMP PING commands from Dangerous Zone">
  147.             <AccessDesc at="NetworkAccess" ar="Prevent" al="Monitor"/>
  148.         </Rule>
  149.         <Rule id="NS17" zone="1" priority="low" transport_id="ICMP All" remaddr="*" app="*" account="system" desc="Allows all ICMP commands from/to Safe Zone">
  150.             <AccessDesc at="NetworkAccess" ar="Allow" al="Ignore"/>
  151.         </Rule>
  152.         <Rule id="NS18" zone="2" priority="low" transport_id="ICMP All" remaddr="*" app="*" timeofday="*" account="system" desc="Allows all ICMP commands from/to Dangerous Zone">
  153.             <AccessDesc at="NetworkAccess" ar="Allow" al="Monitor"/>
  154.         </Rule>
  155.         <Rule id="NS19" priority="low" transport_id="IGMP All" remaddr="*" app="*" account="system" desc="Allows all IGMP traffic">
  156.             <AccessDesc at="NetworkAccess" ar="Allow" al="Ignore"/>
  157.         </Rule>
  158.         <Rule id="NS20" priority="low" transport_id="GRE All" remaddr="*" app="*" account="system" desc="Allows all GRE traffic">
  159.             <AccessDesc at="NetworkAccess" ar="Allow" al="Ignore"/>
  160.         </Rule>
  161.         <Rule id="NS21" zone="1" priority="low" transport_id="Other IP All" remaddr_id="LAN" app="*" account="system" desc="Allows all non-TCP/UDP/ICMP traffic going through Safe Zone">
  162.             <AccessDesc at="NetworkAccess" ar="Allow" al="Monitor"/>
  163.         </Rule>
  164.         <Rule id="NS22" priority="low" transport_id="Other IP All" remaddr="*" app="*" account="system" desc="Prevents all non-TCP/UDP/ICMP traffic">
  165.             <AccessDesc at="NetworkAccess" ar="Prevent" al="Monitor"/>
  166.         </Rule>
  167.     </RuleList>
  168. </SecDb>