#
# Shorewall version 4 - Tcrules File
#
# For information about entries in this file, type "man shorewall-tcrules"
#
# See http://shorewall.net/traffic_shaping.htm for additional information.
# For usage in selecting among multiple ISPs, see
# http://shorewall.net/MultiISP.html
#
# See http://shorewall.net/PacketMarking.html for a detailed description of
# the Netfilter/Shorewall packet marking mechanism.
###############################################################################
#MARK	SOURCE					DEST					PROTO	DEST		SOURCE	USER	TEST	LENGTH	TOS
#
1	0.0.0.0/0				0.0.0.0/0				icmp	echo-request
1	0.0.0.0/0				0.0.0.0/0				icmp	echo-reply

2	0.0.0.0/0				0.0.0.0/0				tcp	$ADM_PORT
2	0.0.0.0/0				0.0.0.0/0				tcp	-		$ADM_PORT

# outgoing external traffic on EXT_IF

11	$DMZ_IF:$DNS1_SRV_IP,$DNS2_SRV_IP	$EXT_IF					udp	53
12	$DMZ_IF:$MAIL_SRV_IP			$EXT_IF					tcp	25
13	$DMZ_IF:$HTTP_SRV_IP			$EXT_IF					tcp
14	$DMZ_IF:$PROX_SRV_IP			$EXT_IF					tcp
15	$INT1_IF:$BTIS_NET			$EXT_IF					all


# ingoing external traffic on EXT_IF for DMZ

21:F	$EXT_IF					$DMZ_IF:$DNS1_SRV_IP,$DNS2_SRV_IP	udp	53
22:F	$EXT_IF					$DMZ_IF:$MAIL_SRV_IP			tcp	25,$MAIL_PORT
23:F	$EXT_IF					$DMZ_IF:$HTTP_SRV_IP			tcp	80
24:F	$EXT_IF					$DMZ_IF:$PROX_SRV_IP			tcp

# ingoing external traffic on EXT_IF for ORG1

31:F	$EXT_IF					$INT1_IF:$BTIS_NET			all
32:F	$EXT_IF					$INT1_IF:$PRV_IP			all
33:F	$EXT_IF					$INT1_IF:$ADM_IP			all
34:F	$EXT_IF					$INT1_IF:$BAD_IP			all


# ingoing external traffic on EXT_IF for ORG2

41:F	$EXT_IF					$INT2_IF:$SHRN_NET			all
44:F	$EXT_IF					$INT2_IF:$BAD_IP			all

# ingoing external traffic on EXT_IF for ORG3

# 42:F	$EXT_IF					$INT2_IF:$MT_NET			all
51:F	$EXT_IF					$INT3_IF:$MT_NET			all
54:F	$EXT_IF					$INT3_IF:$BAD_IP			all

# outgoing local traffic on INT2_IF (ORG2)

61	$DMZ_IF					$INT2_IF				all
62	$INT1_IF				$INT2_IF				all

# ingoing local traffic on INT2_IF (ORG2)

63	$INT2_IF				$DMZ_IF					all
64	$INT2_IF				$INT1_IF				all


#5	$FW					0.0.0.0/0				all

#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE
