! Generated by Network Security Policy Compiler, version 2.453

! [ BEGIN router:r ]
! [ Model = IOS ]
! [ Routing ]
! [ ACL ]
! interface:r.a
ip access-list extended eth0_in
! deny src=network:0/0; dst=interface:r.b; srv=auto_srv:ip;
 deny ip any host 10.2.2.2
! permit src=network:a; dst=network:b; srv=service:http;
 permit tcp 10.1.1.0 0.0.0.255 10.2.2.0 0.0.0.255 eq 80
! permit src=network:a; dst=network:b; srv=reverse:TCP_ANY; stateless
 permit tcp 10.1.1.0 0.0.0.255 10.2.2.0 0.0.0.255 established
! deny src=network:0/0; dst=network:0/0; srv=auto_srv:ip;
 deny ip any any

! interface:r.b
ip access-list extended eth1_in
! deny src=network:0/0; dst=interface:r.a; srv=auto_srv:ip;
 deny ip any host 10.1.1.1
! permit src=network:b; dst=network:a; srv=service:tcp;
 permit tcp 10.2.2.0 0.0.0.255 10.1.1.0 0.0.0.255
! deny src=network:0/0; dst=network:0/0; srv=auto_srv:ip;
 deny ip any any

interface eth0
 ip access-group eth0_in in
interface eth1
 ip access-group eth1_in in

! [ END router:r ]

