;
; This is a modified filter portion of a Cisco configuration file, using a 
; fictitious internal network number is 192.0.0.  The network topology is as 
; follows
;
;                           |
;                      -----------
;                      | Gateway |
;                      -----------
;        Firewall Network   |  10.1.1.1
;     |--------------------------------------------|
;                   | 10.1.1.2       |  0.0.0.0
;              -----------      -----------
;              | Gateway |      |  Argus  |
;              |         |      |  Host   |
;              -----------      -----------
;                   | 192.0.0.1      | 192.0.0.2
;     |--------------------------------------------|
;                    Internal Network
;
;
; Since the Argus data is captured on the external firewall network, violations
; are reported even though they are filtered successfully by the gateway.  This
; proves as a good first alert mechanism for external attempts to violate the 
; firewall policy.
;
; No source routeing through our gateway.
;
no ip source-route
;
; Pass all icmp but remember, we won't see icmp scans (i.e. ping).  This is 
; done because icmp events can generate lots of data.
;
access-list 102 permit icmp 0.0.0.0 255.255.255.255 0.0.0.0 255.255.255.255
;
; Udp stuff:  Permit domain, ntp, talk, and ntalk, deny all else.
;
access-list 102 permit udp 0.0.0.0 255.255.255.255 192.0.0.0 0.0.0.255 eq 53
access-list 102 permit udp 0.0.0.0 255.255.255.255 192.0.0.0 0.0.0.255 eq 123
access-list 102 permit udp 0.0.0.0 255.255.255.255 192.0.0.0 0.0.0.255 eq 517
access-list 102 permit udp 0.0.0.0 255.255.255.255 192.0.0.0 0.0.0.255 eq 518
access-list 102 deny   udp 0.0.0.0 255.255.255.255 192.0.0.0 0.0.0.255
;
; Tcp stuff:
;   permit telnet to our "one time password" telnet host
;   permit smtp to our mail host
;   permit finger to our finger host
;   permit nntp to our news host
;   deny less then port 1023 
;   deny X 
;
access-list 102 permit tcp 0.0.0.0 255.255.255.255 192.0.0.23 0.0.0.255 eq 23
access-list 102 permit tcp 0.0.0.0 255.255.255.255 192.0.0.25 0.0.0.255 eq 25
access-list 102 permit tcp 0.0.0.0 255.255.255.255 192.0.0.79 0.0.0.255 eq 79
access-list 102 permit tcp 0.0.0.0 255.255.255.255 128.237.1.8 0.0.0.0 eq 119
access-list 102 deny   tcp 0.0.0.0 255.255.255.255 192.0.0.0 0.0.0.255 lt 1023
access-list 102 deny   tcp 0.0.0.0 255.255.255.255 192.0.0.0 0.0.0.255 eq 2000
access-list 102 deny   tcp 0.0.0.0 255.255.255.255 192.0.0.0 0.0.0.255 eq 6000
access-list 102 permit tcp 0.0.0.0 255.255.255.255 192.0.0.0 0.0.0.255 lt 6000
access-list 102 permit tcp 0.0.0.0 255.255.255.255 192.0.0.0 0.0.0.255 gt 6100
access-list 102 deny   tcp 0.0.0.0 255.255.255.255 192.0.0.0 0.0.0.255 gt 6000
access-list 102 permit tcp 0.0.0.0 255.255.255.255 192.0.0.0 0.0.0.255