#!/usr/local/bin/perl -w -I../blib/lib

#
# Copyright (C) 1998, David Muir Sharnoff
#

use strict;
use BSD::Ipfwgen;
use IO::Handle;

us qw(
	140.174.82.0/24 
	207.33.232.0/22 
	207.33.184.0/22 
	207.33.240.0/21 
	209.157.64.0/19 
	140.174.154.0/24 
	207.33.66.0/24 
	209.66.121.0/24
    );
symmetric qw(
	140.174.82.0/27
	140.174.82.32/27
    );


count_by_interface();

no_looping();
no_spoofing_us();
no_spoofing_by_us();
no_leaf_spoofing();

to_me_rules <<'';
	=skipto nfs-ok udp from 140.174.82.0/26 to any 111,2049 # portmap, NFS
	=skipto nfs-ok udp from 209.66.121.0/28 to any 111,2049 # portmap, NFS
	=skipto nfs-ok udp from 209.157.69.248/29 to any 111,2049 # portmap, NFS
	=skipto nfs-ok tcp from 140.174.82.0/26 to any 111,2049 # portmap, NFS
	=skipto nfs-ok tcp from 209.66.121.0/28 to any 111,2049 # portmap, NFS
	=skipto nfs-ok tcp from 209.157.69.248/29 to any 111,2049 # portmap, NFS
	=deny tcp from any to any 111,2049
	=label nfs-ok
	=skipto radius-ok udp from 207.33.185.2 to any 1645,1646 # RADIUS
	=skipto radius-ok udp from 207.33.242.1 to any 1645,1646
	=deny udp from any to any 1645,1646
	=label radius-ok

to_net_rules ('=host:mac84', <<'');
	=skiprule tcp from 140.174.82.32/27 to =host:mac84 6000 # mac 84
	=deny tcp from any to =host:mac84 6000

from_net_rules ('=host:iaconfig.dial.idiom.com', <<'');
	=skipto passover-iaconfig tcp from any to =host:iaconfig.idiom.com 80
	=skipto passover-iaconfig udp from any to 140.174.82.0/24 53
	=skipto passover-iaconfig icmp from any to =host:iaconfig.idiom.com
	=deny all from =host:iaconfig.dial.idiom.com to any
	=label passover-iaconfig

generate qw(INSECURE DEFAULT-ACCEPT);

__END__

PING #rule '=skipto DONELOOP all from 140.174.37.22 to 209.66.121.18 out via ethb17';  XXXX

# radius
proto_passonly(udp, 1645, <<'');
	207.33.185.2 to 209.157.69.25
	140.174.82.35 to 140.174.82.33
	207.33.242.1 to 207.33.242.2

proto_denyonly(udp, 1645, <<'');
	207.33.185.2 to 209.157.69.25
	140.174.82.35 to 140.174.82.33
	207.33.242.1 to 207.33.242.2

proto_passdeny(tcp, 6000, <<'', <<'');
	SELF to 140.174.82.34

	any to 140.174.82.34

hostlimit(iaconfig, <<'', <<'')