# # Copyright (c) 1993, 1994 Carnegie Mellon University. # All rights reserved. # # Use in source and binary forms, with or without modification, is # permitted provided that source code modifications retain all # perintent copyright notices and this paragraph in its entirety. # This distribution includes software developed by Carnegie Mellon # University and the Software Engineering Institute. # # THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR IMPLIED # WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF # MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. # # # # policy sample configuration file. # the policy(1) client of argus(1) can read Cisco access control # definitions, which can be used as a filter to show log entries # that should be blocked by the policy. # # # Carter Bullard # Software Engineering Institute # Carnegie Mellon Univeristy # # # WARNING!! # this sample Cisco access control list does not enforce a # viable access control policy. it is presented solely as a # demonstration of the format of the policy(1) configuration # file. no ip source-route access-list 102 permit ip 1.2.3.0 0.0.0.255 3.2.1.0 0.0.0.255 access-list 102 permit icmp 0.0.0.0 255.255.255.255 0.0.0.0 255.255.255.255 access-list 102 deny udp 1.2.0.0 0.0.255.255 0.0.0.0 255.255.255.255 eq 111 access-list 102 permit udp 1.2.0.0 0.0.255.255 0.0.0.0 255.255.255.255 access-list 102 permit tcp 1.2.3.4 0.0.0.0 0.0.0.0 255.255.255.255 established access-list 102 permit tcp 0.0.0.0 255.255.255.255 2.3.4.5 0.0.0.0 eq 21 access-list 102 deny tcp 0.0.0.0 255.255.255.255 0.0.0.0 255.255.255.255 eq 25 access-list 102 permit ip 0.0.0.0 255.255.255.255 0.0.0.0 255.255.255.255