! Generated by Network Security Policy Compiler, version 2.453

! [ BEGIN router:paris ]
! [ Model = IOS ]
! [ Routing ]
! route network:south -> interface:rome.mediteran
ip route 10.3.3.0 255.255.255.0 10.2.2.2
! [ ACL ]
! interface:paris.north
ip access-list extended fastethernet0/0_in
! permit src=network:north; dst=network:south; srv=service:TCP_All;
 permit tcp 10.1.1.0 0.0.0.255 10.3.3.0 0.0.0.255
! deny src=network:0/0; dst=network:0/0; srv=auto_srv:ip;
 deny ip any any

! interface:paris.east
ip access-list extended fastethernet0/1_in
! deny src=network:0/0; dst=network:0/0; srv=auto_srv:ip;
 deny ip any any

! interface:paris.mediteran
ip access-list extended fastethernet0/2_in
! permit src=interface:rome.mediteran; dst=interface:paris.mediteran; srv=service:http;
 permit tcp host 10.2.2.2 host 10.2.2.1 eq 80
! permit src=interface:rome.south; dst=interface:paris.north; srv=service:http;
 permit tcp host 10.3.3.1 host 10.1.1.2 eq 80
! permit src=network:south; dst=interface:paris.north; srv=service:telnet;
 permit tcp 10.3.3.0 0.0.0.255 host 10.1.1.2 eq 23
! permit src=interface:rome.mediteran; dst=interface:paris.mediteran; srv=reverse:TCP_ANY; stateless
 permit tcp host 10.2.2.2 host 10.2.2.1 established
! permit src=interface:rome.south; dst=interface:paris.north; srv=reverse:TCP_ANY; stateless
 permit tcp host 10.3.3.1 host 10.1.1.2 established
! deny src=network:0/0; dst=interface:paris.north; srv=auto_srv:ip;
 deny ip any host 10.1.1.2
! deny src=network:0/0; dst=interface:paris.north.2; srv=auto_srv:ip;
 deny ip any host 10.1.1.254
! permit src=network:south; dst=network:north; srv=service:http;
 permit tcp 10.3.3.0 0.0.0.255 10.1.1.0 0.0.0.255 eq 80
! permit src=network:south; dst=network:north; srv=reverse:TCP_ANY; stateless
 permit tcp 10.3.3.0 0.0.0.255 10.1.1.0 0.0.0.255 established
! deny src=network:0/0; dst=network:0/0; srv=auto_srv:ip;
 deny ip any any

! interface:paris.ocean
ip access-list extended Serial0_in
! deny src=network:0/0; dst=network:0/0; srv=auto_srv:ip;
 deny ip any any

interface fastethernet0/0
 ip access-group fastethernet0/0_in in
interface fastethernet0/1
 ip access-group fastethernet0/1_in in
interface fastethernet0/2
 ip access-group fastethernet0/2_in in
interface Serial0
 ip access-group Serial0_in in

! [ END router:paris ]

