home
***
CD-ROM
|
disk
|
FTP
|
other
***
search
/
sustworks.com
/
2014.06.sustworks.com.tar
/
sustworks.com
/
IPNetSentryX_1.1.dmg
/
IPNetSentryX folder
/
QuickStart.nsy
< prev
next >
Wrap
Extensible Markup Language
|
2003-06-08
|
69KB
|
2,291 lines
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple Computer//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>SentryDocument_parameter</key>
<integer>1</integer>
<key>SentryDocument_triggerExpiration</key>
<string>3600</string>
<key>children</key>
<array>
<dict>
<key>children</key>
<array>
<dict>
<key>enabled</key>
<string>1</string>
<key>expandedState</key>
<integer>1</integer>
<key>filterAction</key>
<integer>3</integer>
<key>filterActionName</key>
<string>Delete</string>
<key>nodeCount</key>
<string>1</string>
<key>nodeName</key>
<string>sneak around fragments</string>
<key>nodeNumber</key>
<string>1.1</string>
<key>property</key>
<integer>11</integer>
<key>propertyName</key>
<string>IPFragmentOffset</string>
<key>propertyValue</key>
<string>1-63</string>
<key>relation</key>
<integer>0</integer>
<key>relationName</key>
<string>==</string>
</dict>
<dict>
<key>enabled</key>
<string>1</string>
<key>expandedState</key>
<integer>1</integer>
<key>filterAction</key>
<integer>2</integer>
<key>filterActionName</key>
<string>Pass</string>
<key>nodeCount</key>
<string>1</string>
<key>nodeName</key>
<string>legitimate fragments</string>
<key>nodeNumber</key>
<string>1.2</string>
<key>property</key>
<integer>11</integer>
<key>propertyName</key>
<string>IPFragmentOffset</string>
<key>propertyValue</key>
<string>64</string>
<key>relation</key>
<integer>3</integer>
<key>relationName</key>
<string>>=</string>
</dict>
<dict>
<key>children</key>
<array>
<dict>
<key>enabled</key>
<string>1</string>
<key>expandedState</key>
<integer>1</integer>
<key>filterAction</key>
<integer>2</integer>
<key>filterActionName</key>
<string>Pass</string>
<key>nodeCount</key>
<string>1</string>
<key>nodeName</key>
<string>allow legitimate</string>
<key>nodeNumber</key>
<string>1.3.1</string>
<key>property</key>
<integer>3</integer>
<key>propertyName</key>
<string>Interface</string>
<key>propertyValue</key>
<string>lo0 (Loopback)</string>
<key>relation</key>
<integer>0</integer>
<key>relationName</key>
<string>==</string>
</dict>
<dict>
<key>enabled</key>
<string>1</string>
<key>expandedState</key>
<integer>1</integer>
<key>filterAction</key>
<integer>3</integer>
<key>filterActionName</key>
<string>Delete</string>
<key>nodeCount</key>
<string>1</string>
<key>nodeName</key>
<string>delete spoofs</string>
<key>nodeNumber</key>
<string>1.3.2</string>
<key>property</key>
<integer>8</integer>
<key>propertyName</key>
<string>Source net</string>
<key>propertyValue</key>
<string>127.0.0.1/28</string>
<key>relation</key>
<integer>0</integer>
<key>relationName</key>
<string>==</string>
</dict>
<dict>
<key>enabled</key>
<true/>
<key>expandedState</key>
<integer>1</integer>
<key>filterAction</key>
<integer>3</integer>
<key>filterActionName</key>
<string>Delete</string>
<key>nodeName</key>
<string></string>
<key>nodeNumber</key>
<string>1.3.3</string>
<key>property</key>
<integer>9</integer>
<key>propertyName</key>
<string>Dest net</string>
<key>propertyValue</key>
<string>127.0.0.1/28</string>
<key>relation</key>
<integer>0</integer>
<key>relationName</key>
<string>==</string>
</dict>
</array>
<key>enabled</key>
<string>1</string>
<key>expandedState</key>
<integer>1</integer>
<key>filterAction</key>
<integer>0</integer>
<key>filterActionName</key>
<string>-></string>
<key>nodeCount</key>
<string>3</string>
<key>nodeName</key>
<string>loopback</string>
<key>nodeNumber</key>
<string>1.3</string>
<key>property</key>
<integer>0</integer>
<key>propertyName</key>
<string>Any</string>
<key>propertyValue</key>
<string></string>
<key>relation</key>
<integer>0</integer>
<key>relationName</key>
<string>==</string>
</dict>
<dict>
<key>enabled</key>
<string>1</string>
<key>expandedState</key>
<integer>1</integer>
<key>filterAction</key>
<integer>3</integer>
<key>filterActionName</key>
<string>Delete</string>
<key>nodeName</key>
<string>source route</string>
<key>nodeNumber</key>
<string>1.4</string>
<key>property</key>
<integer>12</integer>
<key>propertyName</key>
<string>IPOptions</string>
<key>propertyValue</key>
<string>3,9 (source route)</string>
<key>relation</key>
<integer>0</integer>
<key>relationName</key>
<string>==</string>
</dict>
</array>
<key>enabled</key>
<string>1</string>
<key>filterAction</key>
<integer>0</integer>
<key>filterActionName</key>
<string>-></string>
<key>nodeCount</key>
<string>6</string>
<key>nodeName</key>
<string>default first</string>
<key>nodeNumber</key>
<string>1</string>
<key>property</key>
<integer>0</integer>
<key>propertyName</key>
<string>Any</string>
<key>propertyValue</key>
<string></string>
<key>relation</key>
<integer>0</integer>
<key>relationName</key>
<string>==</string>
</dict>
<dict>
<key>children</key>
<array>
<dict>
<key>children</key>
<array>
<dict>
<key>children</key>
<array>
<dict>
<key>enabled</key>
<integer>1</integer>
<key>expandedState</key>
<integer>1</integer>
<key>filterAction</key>
<integer>9</integer>
<key>filterActionName</key>
<string>Dont log</string>
<key>nodeNumber</key>
<string>2.1.1.1</string>
<key>property</key>
<integer>0</integer>
<key>propertyName</key>
<string>Any</string>
<key>relation</key>
<integer>0</integer>
<key>relationName</key>
<string>==</string>
</dict>
</array>
<key>enabled</key>
<true/>
<key>expandedState</key>
<integer>1</integer>
<key>filterAction</key>
<integer>3</integer>
<key>filterActionName</key>
<string>Delete</string>
<key>nodeCount</key>
<integer>1</integer>
<key>nodeName</key>
<string>triggered address</string>
<key>nodeNumber</key>
<string>2.1.1</string>
<key>property</key>
<integer>4</integer>
<key>propertyName</key>
<string>Include</string>
<key>propertyValue</key>
<string>triggered</string>
<key>relation</key>
<integer>0</integer>
<key>relationName</key>
<string>==</string>
</dict>
<dict>
<key>children</key>
<array>
<dict>
<key>enabled</key>
<integer>1</integer>
<key>expandedState</key>
<integer>1</integer>
<key>filterAction</key>
<integer>10</integer>
<key>filterActionName</key>
<string>Alert</string>
<key>nodeName</key>
<string>finger print scan</string>
<key>nodeNumber</key>
<string>2.1.2.1</string>
<key>property</key>
<integer>0</integer>
<key>propertyName</key>
<string>Any</string>
<key>relation</key>
<integer>0</integer>
<key>relationName</key>
<string>==</string>
</dict>
</array>
<key>enabled</key>
<true/>
<key>expandedState</key>
<integer>1</integer>
<key>filterAction</key>
<integer>6</integer>
<key>filterActionName</key>
<string>Trigger</string>
<key>nodeCount</key>
<integer>1</integer>
<key>nodeName</key>
<string>finger print</string>
<key>nodeNumber</key>
<string>2.1.2</string>
<key>property</key>
<integer>19</integer>
<key>propertyName</key>
<string>Dest port</string>
<key>propertyValue</key>
<string>0-5</string>
<key>relation</key>
<integer>0</integer>
<key>relationName</key>
<string>==</string>
</dict>
<dict>
<key>children</key>
<array>
<dict>
<key>enabled</key>
<integer>1</integer>
<key>expandedState</key>
<integer>1</integer>
<key>filterAction</key>
<integer>10</integer>
<key>filterActionName</key>
<string>Alert</string>
<key>nodeName</key>
<string>111 (RPC) probe</string>
<key>nodeNumber</key>
<string>2.1.3.1</string>
<key>property</key>
<integer>0</integer>
<key>propertyName</key>
<string>Any</string>
<key>relation</key>
<integer>0</integer>
<key>relationName</key>
<string>==</string>
</dict>
</array>
<key>enabled</key>
<string>1</string>
<key>expandedState</key>
<integer>1</integer>
<key>filterAction</key>
<integer>6</integer>
<key>filterActionName</key>
<string>Trigger</string>
<key>nodeCount</key>
<string>1</string>
<key>nodeName</key>
<string></string>
<key>nodeNumber</key>
<string>2.1.3</string>
<key>property</key>
<integer>19</integer>
<key>propertyName</key>
<string>Dest port</string>
<key>propertyValue</key>
<string>111 (RPC)</string>
<key>relation</key>
<integer>0</integer>
<key>relationName</key>
<string>==</string>
</dict>
<dict>
<key>children</key>
<array>
<dict>
<key>enabled</key>
<integer>1</integer>
<key>expandedState</key>
<integer>1</integer>
<key>filterAction</key>
<integer>10</integer>
<key>filterActionName</key>
<string>Alert</string>
<key>nodeName</key>
<string>2049 (NFS) probe</string>
<key>nodeNumber</key>
<string>2.1.4.1</string>
<key>property</key>
<integer>0</integer>
<key>propertyName</key>
<string>Any</string>
<key>relation</key>
<integer>0</integer>
<key>relationName</key>
<string>==</string>
</dict>
</array>
<key>enabled</key>
<true/>
<key>expandedState</key>
<integer>1</integer>
<key>filterAction</key>
<integer>6</integer>
<key>filterActionName</key>
<string>Trigger</string>
<key>nodeNumber</key>
<string>2.1.4</string>
<key>property</key>
<integer>19</integer>
<key>propertyName</key>
<string>Dest port</string>
<key>propertyValue</key>
<string>2049 (NFS)</string>
<key>relation</key>
<integer>0</integer>
<key>relationName</key>
<string>==</string>
</dict>
<dict>
<key>children</key>
<array>
<dict>
<key>children</key>
<array>
<dict>
<key>enabled</key>
<integer>1</integer>
<key>expandedState</key>
<integer>1</integer>
<key>filterAction</key>
<integer>10</integer>
<key>filterActionName</key>
<string>Alert</string>
<key>nodeName</key>
<string>23 (Telnet) probe</string>
<key>nodeNumber</key>
<string>2.1.5.1.1</string>
<key>property</key>
<integer>0</integer>
<key>propertyName</key>
<string>Any</string>
<key>relation</key>
<integer>0</integer>
<key>relationName</key>
<string>==</string>
</dict>
</array>
<key>enabled</key>
<string>1</string>
<key>expandedState</key>
<integer>1</integer>
<key>filterAction</key>
<integer>6</integer>
<key>filterActionName</key>
<string>Trigger</string>
<key>nodeCount</key>
<string>1</string>
<key>nodeNumber</key>
<string>2.1.5.1</string>
<key>property</key>
<integer>19</integer>
<key>propertyName</key>
<string>Dest port</string>
<key>propertyValue</key>
<string>23 (Telnet)</string>
<key>relation</key>
<integer>0</integer>
<key>relationName</key>
<string>==</string>
</dict>
<dict>
<key>children</key>
<array>
<dict>
<key>enabled</key>
<integer>1</integer>
<key>expandedState</key>
<integer>1</integer>
<key>filterAction</key>
<integer>10</integer>
<key>filterActionName</key>
<string>Alert</string>
<key>nodeName</key>
<string>25 (SMTP) probe</string>
<key>nodeNumber</key>
<string>2.1.5.2.1</string>
<key>property</key>
<integer>0</integer>
<key>propertyName</key>
<string>Any</string>
<key>relation</key>
<integer>0</integer>
<key>relationName</key>
<string>==</string>
</dict>
</array>
<key>enabled</key>
<string>1</string>
<key>expandedState</key>
<integer>1</integer>
<key>filterAction</key>
<integer>6</integer>
<key>filterActionName</key>
<string>Trigger</string>
<key>nodeCount</key>
<string>1</string>
<key>nodeNumber</key>
<string>2.1.5.2</string>
<key>property</key>
<integer>19</integer>
<key>propertyName</key>
<string>Dest port</string>
<key>propertyValue</key>
<string>25 (SMTP)</string>
<key>relation</key>
<integer>0</integer>
<key>relationName</key>
<string>==</string>
</dict>
<dict>
<key>children</key>
<array>
<dict>
<key>enabled</key>
<integer>1</integer>
<key>expandedState</key>
<integer>1</integer>
<key>filterAction</key>
<integer>10</integer>
<key>filterActionName</key>
<string>Alert</string>
<key>nodeName</key>
<string>79 (Finger) probe</string>
<key>nodeNumber</key>
<string>2.1.5.3.1</string>
<key>property</key>
<integer>0</integer>
<key>propertyName</key>
<string>Any</string>
<key>relation</key>
<integer>0</integer>
<key>relationName</key>
<string>==</string>
</dict>
</array>
<key>enabled</key>
<string>1</string>
<key>expandedState</key>
<integer>1</integer>
<key>filterAction</key>
<integer>6</integer>
<key>filterActionName</key>
<string>Trigger</string>
<key>nodeCount</key>
<string>1</string>
<key>nodeName</key>
<string></string>
<key>nodeNumber</key>
<string>2.1.5.3</string>
<key>property</key>
<integer>19</integer>
<key>propertyName</key>
<string>Dest port</string>
<key>propertyValue</key>
<string>79 (Finger)</string>
<key>relation</key>
<integer>0</integer>
<key>relationName</key>
<string>==</string>
</dict>
<dict>
<key>children</key>
<array>
<dict>
<key>enabled</key>
<integer>1</integer>
<key>expandedState</key>
<integer>1</integer>
<key>filterAction</key>
<integer>10</integer>
<key>filterActionName</key>
<string>Alert</string>
<key>nodeName</key>
<string>110 (pop3) probe</string>
<key>nodeNumber</key>
<string>2.1.5.4.1</string>
<key>property</key>
<integer>0</integer>
<key>propertyName</key>
<string>Any</string>
<key>relation</key>
<integer>0</integer>
<key>relationName</key>
<string>==</string>
</dict>
</array>
<key>enabled</key>
<string>1</string>
<key>expandedState</key>
<integer>1</integer>
<key>filterAction</key>
<integer>6</integer>
<key>filterActionName</key>
<string>Trigger</string>
<key>nodeCount</key>
<string>1</string>
<key>nodeName</key>
<string></string>
<key>nodeNumber</key>
<string>2.1.5.4</string>
<key>property</key>
<integer>19</integer>
<key>propertyName</key>
<string>Dest port</string>
<key>propertyValue</key>
<string>110 (pop3)</string>
<key>relation</key>
<integer>0</integer>
<key>relationName</key>
<string>==</string>
</dict>
<dict>
<key>children</key>
<array>
<dict>
<key>enabled</key>
<integer>1</integer>
<key>expandedState</key>
<integer>1</integer>
<key>filterAction</key>
<integer>10</integer>
<key>filterActionName</key>
<string>Alert</string>
<key>nodeName</key>
<string>113 (AUTH) probe</string>
<key>nodeNumber</key>
<string>2.1.5.5.1</string>
<key>property</key>
<integer>0</integer>
<key>propertyName</key>
<string>Any</string>
<key>relation</key>
<integer>0</integer>
<key>relationName</key>
<string>==</string>
</dict>
</array>
<key>enabled</key>
<string>1</string>
<key>expandedState</key>
<integer>1</integer>
<key>filterAction</key>
<integer>4</integer>
<key>filterActionName</key>
<string>Reject</string>
<key>nodeCount</key>
<string>1</string>
<key>nodeNumber</key>
<string>2.1.5.5</string>
<key>property</key>
<integer>19</integer>
<key>propertyName</key>
<string>Dest port</string>
<key>propertyValue</key>
<string>113 (AUTH)</string>
<key>relation</key>
<integer>0</integer>
<key>relationName</key>
<string>==</string>
</dict>
</array>
<key>enabled</key>
<true/>
<key>expandedState</key>
<integer>1</integer>
<key>filterAction</key>
<integer>0</integer>
<key>filterActionName</key>
<string>-></string>
<key>nodeNumber</key>
<string>2.1.5</string>
<key>property</key>
<integer>10</integer>
<key>propertyName</key>
<string>Protocol</string>
<key>propertyValue</key>
<string>6 (TCP)</string>
<key>relation</key>
<integer>0</integer>
<key>relationName</key>
<string>==</string>
</dict>
<dict>
<key>children</key>
<array>
<dict>
<key>children</key>
<array>
<dict>
<key>enabled</key>
<integer>1</integer>
<key>expandedState</key>
<integer>1</integer>
<key>filterAction</key>
<integer>10</integer>
<key>filterActionName</key>
<string>Alert</string>
<key>nodeName</key>
<string>7 (Echo) probe</string>
<key>nodeNumber</key>
<string>2.1.6.1.1</string>
<key>property</key>
<integer>0</integer>
<key>propertyName</key>
<string>Any</string>
<key>relation</key>
<integer>0</integer>
<key>relationName</key>
<string>==</string>
</dict>
</array>
<key>enabled</key>
<string>1</string>
<key>expandedState</key>
<integer>1</integer>
<key>filterAction</key>
<integer>6</integer>
<key>filterActionName</key>
<string>Trigger</string>
<key>nodeNumber</key>
<string>2.1.6.1</string>
<key>property</key>
<integer>19</integer>
<key>propertyName</key>
<string>Dest port</string>
<key>propertyValue</key>
<string>7 (Echo)</string>
<key>relation</key>
<integer>0</integer>
<key>relationName</key>
<string>==</string>
</dict>
<dict>
<key>children</key>
<array>
<dict>
<key>children</key>
<array>
<dict>
<key>enabled</key>
<true/>
<key>expandedState</key>
<integer>1</integer>
<key>filterAction</key>
<integer>10</integer>
<key>filterActionName</key>
<string>Alert</string>
<key>nodeName</key>
<string>67 (DHCP Server) probe</string>
<key>nodeNumber</key>
<string>2.1.6.2.1.1</string>
<key>property</key>
<integer>0</integer>
<key>propertyName</key>
<string>Any</string>
<key>relation</key>
<integer>0</integer>
<key>relationName</key>
<string>==</string>
</dict>
</array>
<key>enabled</key>
<integer>1</integer>
<key>expandedState</key>
<integer>1</integer>
<key>filterAction</key>
<integer>6</integer>
<key>filterActionName</key>
<string>Trigger</string>
<key>nodeNumber</key>
<string>2.1.6.2.1</string>
<key>property</key>
<integer>9</integer>
<key>propertyName</key>
<string>Dest net</string>
<key>propertyValue</key>
<string>255.255.255.255/32</string>
<key>relation</key>
<integer>1</integer>
<key>relationName</key>
<string>!=</string>
</dict>
</array>
<key>enabled</key>
<string>1</string>
<key>expandedState</key>
<integer>1</integer>
<key>filterAction</key>
<integer>0</integer>
<key>filterActionName</key>
<string>-></string>
<key>nodeCount</key>
<string>1</string>
<key>nodeName</key>
<string></string>
<key>nodeNumber</key>
<string>2.1.6.2</string>
<key>property</key>
<integer>19</integer>
<key>propertyName</key>
<string>Dest port</string>
<key>propertyValue</key>
<string>67 (DHCP Server)</string>
<key>relation</key>
<integer>0</integer>
<key>relationName</key>
<string>==</string>
</dict>
<dict>
<key>children</key>
<array>
<dict>
<key>enabled</key>
<true/>
<key>expandedState</key>
<integer>1</integer>
<key>filterAction</key>
<integer>9</integer>
<key>filterActionName</key>
<string>Dont log</string>
<key>nodeName</key>
<string>ignore silently</string>
<key>nodeNumber</key>
<string>2.1.6.3.1</string>
<key>property</key>
<integer>0</integer>
<key>propertyName</key>
<string>Any</string>
<key>relation</key>
<integer>0</integer>
<key>relationName</key>
<string>==</string>
</dict>
</array>
<key>enabled</key>
<string>1</string>
<key>expandedState</key>
<integer>1</integer>
<key>filterAction</key>
<integer>3</integer>
<key>filterActionName</key>
<string>Delete</string>
<key>nodeCount</key>
<string>1</string>
<key>nodeName</key>
<string>Windows Name Service</string>
<key>nodeNumber</key>
<string>2.1.6.3</string>
<key>property</key>
<integer>19</integer>
<key>propertyName</key>
<string>Dest port</string>
<key>propertyValue</key>
<string>137-139</string>
<key>relation</key>
<integer>0</integer>
<key>relationName</key>
<string>==</string>
</dict>
</array>
<key>enabled</key>
<true/>
<key>expandedState</key>
<integer>1</integer>
<key>filterAction</key>
<integer>0</integer>
<key>filterActionName</key>
<string>-></string>
<key>nodeName</key>
<string></string>
<key>nodeNumber</key>
<string>2.1.6</string>
<key>property</key>
<integer>10</integer>
<key>propertyName</key>
<string>Protocol</string>
<key>propertyValue</key>
<string>17 (UDP)</string>
<key>relation</key>
<integer>0</integer>
<key>relationName</key>
<string>==</string>
</dict>
</array>
<key>enabled</key>
<true/>
<key>filterAction</key>
<integer>0</integer>
<key>filterActionName</key>
<string>-></string>
<key>nodeCount</key>
<integer>12</integer>
<key>nodeName</key>
<string>suspicious activity</string>
<key>nodeNumber</key>
<string>2.1</string>
<key>property</key>
<integer>2</integer>
<key>propertyName</key>
<string>Direction</string>
<key>propertyValue</key>
<string>inbound</string>
<key>relation</key>
<integer>0</integer>
<key>relationName</key>
<string>==</string>
</dict>
<dict>
<key>children</key>
<array>
<dict>
<key>children</key>
<array>
<dict>
<key>children</key>
<array>
<dict>
<key>enabled</key>
<string>1</string>
<key>expandedState</key>
<integer>1</integer>
<key>filterAction</key>
<integer>5</integer>
<key>filterActionName</key>
<string>Drop connection</string>
<key>nodeName</key>
<string>Worm</string>
<key>nodeNumber</key>
<string>2.2.1.1.1</string>
<key>property</key>
<integer>20</integer>
<key>propertyName</key>
<string>Data content</string>
<key>propertyValue</key>
<string>winnt</string>
<key>relation</key>
<integer>2</integer>
<key>relationName</key>
<string>a=A</string>
</dict>
<dict>
<key>enabled</key>
<true/>
<key>expandedState</key>
<integer>1</integer>
<key>filterAction</key>
<integer>5</integer>
<key>filterActionName</key>
<string>Drop connection</string>
<key>nodeCount</key>
<integer>1</integer>
<key>nodeName</key>
<string>Code Red Worm</string>
<key>nodeNumber</key>
<string>2.2.1.1.2</string>
<key>property</key>
<integer>20</integer>
<key>propertyName</key>
<string>Data content</string>
<key>propertyValue</key>
<string>default.ida</string>
<key>relation</key>
<integer>2</integer>
<key>relationName</key>
<string>a=A</string>
</dict>
<dict>
<key>enabled</key>
<true/>
<key>expandedState</key>
<integer>1</integer>
<key>filterAction</key>
<integer>5</integer>
<key>filterActionName</key>
<string>Drop connection</string>
<key>nodeName</key>
<string>Worm</string>
<key>nodeNumber</key>
<string>2.2.1.1.3</string>
<key>property</key>
<integer>20</integer>
<key>propertyName</key>
<string>Data content</string>
<key>propertyValue</key>
<string>msadc</string>
<key>relation</key>
<integer>2</integer>
<key>relationName</key>
<string>a=A</string>
</dict>
<dict>
<key>enabled</key>
<true/>
<key>expandedState</key>
<integer>1</integer>
<key>filterAction</key>
<integer>5</integer>
<key>filterActionName</key>
<string>Drop connection</string>
<key>nodeName</key>
<string>Worm</string>
<key>nodeNumber</key>
<string>2.2.1.1.4</string>
<key>property</key>
<integer>20</integer>
<key>propertyName</key>
<string>Data content</string>
<key>propertyValue</key>
<string>_vti_bin</string>
<key>relation</key>
<integer>2</integer>
<key>relationName</key>
<string>a=A</string>
</dict>
<dict>
<key>enabled</key>
<true/>
<key>expandedState</key>
<integer>1</integer>
<key>filterAction</key>
<integer>5</integer>
<key>filterActionName</key>
<string>Drop connection</string>
<key>nodeName</key>
<string>Worm</string>
<key>nodeNumber</key>
<string>2.2.1.1.5</string>
<key>property</key>
<integer>20</integer>
<key>propertyName</key>
<string>Data content</string>
<key>propertyValue</key>
<string>_mem_bin</string>
<key>relation</key>
<integer>2</integer>
<key>relationName</key>
<string>a=A</string>
</dict>
<dict>
<key>enabled</key>
<true/>
<key>expandedState</key>
<integer>1</integer>
<key>filterAction</key>
<integer>5</integer>
<key>filterActionName</key>
<string>Drop connection</string>
<key>nodeCount</key>
<integer>1</integer>
<key>nodeName</key>
<string>Nimda</string>
<key>nodeNumber</key>
<string>2.2.1.1.6</string>
<key>property</key>
<integer>20</integer>
<key>propertyName</key>
<string>Data content</string>
<key>propertyValue</key>
<string>root.exe</string>
<key>relation</key>
<integer>2</integer>
<key>relationName</key>
<string>a=A</string>
</dict>
<dict>
<key>enabled</key>
<true/>
<key>expandedState</key>
<integer>1</integer>
<key>filterAction</key>
<integer>5</integer>
<key>filterActionName</key>
<string>Drop connection</string>
<key>nodeCount</key>
<integer>1</integer>
<key>nodeName</key>
<string>Nimda</string>
<key>nodeNumber</key>
<string>2.2.1.1.7</string>
<key>property</key>
<integer>20</integer>
<key>propertyName</key>
<string>Data content</string>
<key>propertyValue</key>
<string>scripts</string>
<key>relation</key>
<integer>2</integer>
<key>relationName</key>
<string>a=A</string>
</dict>
<dict>
<key>enabled</key>
<true/>
<key>expandedState</key>
<integer>1</integer>
<key>filterAction</key>
<integer>5</integer>
<key>filterActionName</key>
<string>Drop connection</string>
<key>nodeCount</key>
<integer>1</integer>
<key>nodeName</key>
<string>FMP_Hack Attempt</string>
<key>nodeNumber</key>
<string>2.2.1.1.8</string>
<key>property</key>
<integer>20</integer>
<key>propertyName</key>
<string>Data content</string>
<key>propertyValue</key>
<string>[0:64]&-format=-raw&</string>
<key>relation</key>
<integer>2</integer>
<key>relationName</key>
<string>a=A</string>
</dict>
</array>
<key>enabled</key>
<true/>
<key>expandedState</key>
<integer>1</integer>
<key>filterAction</key>
<integer>0</integer>
<key>filterActionName</key>
<string>-></string>
<key>nodeCount</key>
<integer>5</integer>
<key>nodeNumber</key>
<string>2.2.1.1</string>
<key>property</key>
<integer>19</integer>
<key>propertyName</key>
<string>Dest port</string>
<key>propertyValue</key>
<string>80 (HTTP)</string>
<key>relation</key>
<integer>0</integer>
<key>relationName</key>
<string>==</string>
</dict>
</array>
<key>enabled</key>
<true/>
<key>expandedState</key>
<integer>1</integer>
<key>filterAction</key>
<integer>0</integer>
<key>filterActionName</key>
<string>-></string>
<key>nodeCount</key>
<integer>6</integer>
<key>nodeNumber</key>
<string>2.2.1</string>
<key>property</key>
<integer>10</integer>
<key>propertyName</key>
<string>Protocol</string>
<key>propertyValue</key>
<string>6 (TCP)</string>
<key>relation</key>
<integer>0</integer>
<key>relationName</key>
<string>==</string>
</dict>
</array>
<key>enabled</key>
<true/>
<key>filterAction</key>
<integer>0</integer>
<key>filterActionName</key>
<string>-></string>
<key>nodeCount</key>
<integer>7</integer>
<key>nodeName</key>
<string>server attacks</string>
<key>nodeNumber</key>
<string>2.2</string>
<key>property</key>
<integer>2</integer>
<key>propertyName</key>
<string>Direction</string>
<key>propertyValue</key>
<string>inbound</string>
<key>relation</key>
<integer>0</integer>
<key>relationName</key>
<string>==</string>
</dict>
<dict>
<key>children</key>
<array>
<dict>
<key>enabled</key>
<true/>
<key>expandedState</key>
<integer>1</integer>
<key>filterAction</key>
<integer>7</integer>
<key>filterActionName</key>
<string>Delay</string>
<key>nodeNumber</key>
<string>2.3.1</string>
<key>property</key>
<integer>16</integer>
<key>propertyName</key>
<string>TCP header flags</string>
<key>propertyValue</key>
<string>rst</string>
<key>relation</key>
<integer>0</integer>
<key>relationName</key>
<string>==</string>
</dict>
</array>
<key>enabled</key>
<string>1</string>
<key>filterAction</key>
<integer>0</integer>
<key>filterActionName</key>
<string>-></string>
<key>nodeName</key>
<string>promiscuous resets</string>
<key>nodeNumber</key>
<string>2.3</string>
<key>property</key>
<integer>2</integer>
<key>propertyName</key>
<string>Direction</string>
<key>propertyValue</key>
<string>inbound</string>
<key>relation</key>
<integer>0</integer>
<key>relationName</key>
<string>==</string>
</dict>
<dict>
<key>children</key>
<array>
<dict>
<key>children</key>
<array>
<dict>
<key>enabled</key>
<string>1</string>
<key>expandedState</key>
<integer>1</integer>
<key>filterAction</key>
<integer>8</integer>
<key>filterActionName</key>
<string>Log</string>
<key>nodeNumber</key>
<string>2.4.1.1</string>
<key>property</key>
<integer>13</integer>
<key>propertyName</key>
<string>ICMP type</string>
<key>propertyValue</key>
<string>4 (source quench)</string>
<key>relation</key>
<integer>0</integer>
<key>relationName</key>
<string>==</string>
</dict>
<dict>
<key>enabled</key>
<string>1</string>
<key>expandedState</key>
<integer>1</integer>
<key>filterAction</key>
<integer>8</integer>
<key>filterActionName</key>
<string>Log</string>
<key>nodeNumber</key>
<string>2.4.1.2</string>
<key>property</key>
<integer>13</integer>
<key>propertyName</key>
<string>ICMP type</string>
<key>propertyValue</key>
<string>5 (redirect)</string>
<key>relation</key>
<integer>0</integer>
<key>relationName</key>
<string>==</string>
</dict>
<dict>
<key>children</key>
<array>
<dict>
<key>enabled</key>
<string>1</string>
<key>expandedState</key>
<integer>1</integer>
<key>filterAction</key>
<integer>13</integer>
<key>filterActionName</key>
<string>Reset parent</string>
<key>nodeNumber</key>
<string>2.4.1.3.1</string>
<key>property</key>
<integer>27</integer>
<key>propertyName</key>
<string>Parent idle seconds</string>
<key>propertyValue</key>
<string>30</string>
<key>relation</key>
<integer>3</integer>
<key>relationName</key>
<string>>=</string>
</dict>
<dict>
<key>enabled</key>
<string>1</string>
<key>expandedState</key>
<integer>1</integer>
<key>filterActionName</key>
<string>Delete no log</string>
<key>nodeName</key>
<string>ping flood</string>
<key>nodeNumber</key>
<string>2.4.1.3.2</string>
<key>property</key>
<integer>28</integer>
<key>propertyName</key>
<string>Parent match count</string>
<key>propertyValue</key>
<string>50</string>
<key>relation</key>
<integer>3</integer>
<key>relationName</key>
<string>>=</string>
</dict>
<dict>
<key>enabled</key>
<string>1</string>
<key>expandedState</key>
<integer>1</integer>
<key>filterAction</key>
<integer>8</integer>
<key>filterActionName</key>
<string>Log</string>
<key>nodeNumber</key>
<string>2.4.1.3.3</string>
<key>property</key>
<integer>0</integer>
<key>propertyName</key>
<string>Any</string>
<key>relation</key>
<integer>0</integer>
<key>relationName</key>
<string>==</string>
</dict>
</array>
<key>enabled</key>
<string>1</string>
<key>expandedState</key>
<integer>1</integer>
<key>filterAction</key>
<integer>0</integer>
<key>filterActionName</key>
<string>-></string>
<key>nodeNumber</key>
<string>2.4.1.3</string>
<key>property</key>
<integer>13</integer>
<key>propertyName</key>
<string>ICMP type</string>
<key>propertyValue</key>
<string>8 (echo request)</string>
<key>relation</key>
<integer>0</integer>
<key>relationName</key>
<string>==</string>
</dict>
<dict>
<key>enabled</key>
<string>1</string>
<key>expandedState</key>
<integer>1</integer>
<key>filterAction</key>
<integer>8</integer>
<key>filterActionName</key>
<string>Log</string>
<key>nodeNumber</key>
<string>2.4.1.4</string>
<key>property</key>
<integer>13</integer>
<key>propertyName</key>
<string>ICMP type</string>
<key>propertyValue</key>
<string>12 (parameter problem)</string>
<key>relation</key>
<integer>0</integer>
<key>relationName</key>
<string>==</string>
</dict>
</array>
<key>enabled</key>
<string>1</string>
<key>expandedState</key>
<integer>1</integer>
<key>filterAction</key>
<integer>0</integer>
<key>filterActionName</key>
<string>-></string>
<key>nodeName</key>
<string></string>
<key>nodeNumber</key>
<string>2.4.1</string>
<key>property</key>
<integer>2</integer>
<key>propertyName</key>
<string>Direction</string>
<key>propertyValue</key>
<string>inbound</string>
<key>relation</key>
<integer>0</integer>
<key>relationName</key>
<string>==</string>
</dict>
</array>
<key>enabled</key>
<string>1</string>
<key>filterAction</key>
<integer>0</integer>
<key>filterActionName</key>
<string>-></string>
<key>nodeName</key>
<string>ICMP Logger</string>
<key>nodeNumber</key>
<string>2.4</string>
<key>property</key>
<integer>10</integer>
<key>propertyName</key>
<string>Protocol</string>
<key>propertyValue</key>
<string>1 (ICMP)</string>
<key>relation</key>
<integer>0</integer>
<key>relationName</key>
<string>==</string>
</dict>
<dict>
<key>children</key>
<array>
<dict>
<key>children</key>
<array/>
<key>enabled</key>
<integer>1</integer>
<key>expandedState</key>
<integer>1</integer>
<key>filterAction</key>
<integer>12</integer>
<key>filterActionName</key>
<string>URL</string>
<key>nodeName</key>
<string>send probe(s)</string>
<key>nodeNumber</key>
<string>2.5.1</string>
<key>parameter</key>
<string>scan://192.168.0.2;limit=1;scanType=lookAround;scanProtocol=ping</string>
<key>property</key>
<integer>26</integer>
<key>propertyName</key>
<string>Idle seconds</string>
<key>propertyValue</key>
<string>60</string>
<key>relation</key>
<integer>3</integer>
<key>relationName</key>
<string>>=</string>
</dict>
<dict>
<key>children</key>
<array>
<dict>
<key>children</key>
<array>
<dict>
<key>children</key>
<array>
<dict>
<key>enabled</key>
<integer>1</integer>
<key>expandedState</key>
<integer>1</integer>
<key>filterAction</key>
<integer>11</integer>
<key>filterActionName</key>
<string>Email</string>
<key>nodeNumber</key>
<string>2.5.2.1.1.1</string>
<key>parameter</key>
<string>NetTalk server not responding</string>
<key>property</key>
<integer>28</integer>
<key>propertyName</key>
<string>Parent match count</string>
<key>propertyValue</key>
<string>1</string>
<key>relation</key>
<integer>0</integer>
<key>relationName</key>
<string>==</string>
</dict>
<dict>
<key>enabled</key>
<integer>1</integer>
<key>expandedState</key>
<integer>1</integer>
<key>filterAction</key>
<integer>13</integer>
<key>filterActionName</key>
<string>Reset parent</string>
<key>nodeNumber</key>
<string>2.5.2.1.1.2</string>
<key>parameter</key>
<string>restore when it comes back up</string>
<key>property</key>
<integer>27</integer>
<key>propertyName</key>
<string>Parent idle seconds</string>
<key>propertyValue</key>
<string>3600</string>
<key>relation</key>
<integer>3</integer>
<key>relationName</key>
<string>>=</string>
</dict>
</array>
<key>enabled</key>
<integer>1</integer>
<key>expandedState</key>
<integer>1</integer>
<key>filterAction</key>
<integer>0</integer>
<key>filterActionName</key>
<string>-></string>
<key>nodeName</key>
<string>no response?</string>
<key>nodeNumber</key>
<string>2.5.2.1.1</string>
<key>property</key>
<integer>27</integer>
<key>propertyName</key>
<string>Parent idle seconds</string>
<key>propertyValue</key>
<string>200</string>
<key>relation</key>
<integer>3</integer>
<key>relationName</key>
<string>>=</string>
</dict>
</array>
<key>enabled</key>
<integer>1</integer>
<key>expandedState</key>
<integer>1</integer>
<key>filterAction</key>
<integer>0</integer>
<key>filterActionName</key>
<string>-></string>
<key>nodeName</key>
<string>NetTalk list server</string>
<key>nodeNumber</key>
<string>2.5.2.1</string>
<key>property</key>
<integer>8</integer>
<key>propertyName</key>
<string>Source net</string>
<key>propertyValue</key>
<string>192.168.0.2/32</string>
<key>relation</key>
<integer>0</integer>
<key>relationName</key>
<string>==</string>
</dict>
</array>
<key>enabled</key>
<integer>1</integer>
<key>expandedState</key>
<integer>1</integer>
<key>filterAction</key>
<integer>0</integer>
<key>filterActionName</key>
<string>-></string>
<key>nodeNumber</key>
<string>2.5.2</string>
<key>property</key>
<integer>13</integer>
<key>propertyName</key>
<string>ICMP type</string>
<key>propertyValue</key>
<string>0 (echo reply)</string>
<key>relation</key>
<integer>0</integer>
<key>relationName</key>
<string>==</string>
</dict>
</array>
<key>enabled</key>
<false/>
<key>filterAction</key>
<integer>0</integer>
<key>filterActionName</key>
<string>-></string>
<key>nodeName</key>
<string>Check servers</string>
<key>nodeNumber</key>
<string>2.5</string>
<key>property</key>
<integer>2</integer>
<key>propertyName</key>
<string>Direction</string>
<key>propertyValue</key>
<string>inbound</string>
<key>relation</key>
<integer>0</integer>
<key>relationName</key>
<string>==</string>
</dict>
<dict>
<key>children</key>
<array>
<dict>
<key>children</key>
<array>
<dict>
<key>children</key>
<array>
<dict>
<key>children</key>
<array>
<dict>
<key>enabled</key>
<string>1</string>
<key>expandedState</key>
<integer>1</integer>
<key>filterAction</key>
<integer>2</integer>
<key>filterActionName</key>
<string>Pass</string>
<key>nodeNumber</key>
<string>2.6.1.1.1.1</string>
<key>property</key>
<integer>19</integer>
<key>propertyName</key>
<string>Dest port</string>
<key>propertyValue</key>
<string>548 (AFP (AppleShare))</string>
<key>relation</key>
<integer>0</integer>
<key>relationName</key>
<string>==</string>
</dict>
<dict>
<key>enabled</key>
<string>1</string>
<key>expandedState</key>
<integer>1</integer>
<key>filterAction</key>
<integer>2</integer>
<key>filterActionName</key>
<string>Pass</string>
<key>nodeNumber</key>
<string>2.6.1.1.1.2</string>
<key>property</key>
<integer>19</integer>
<key>propertyName</key>
<string>Dest port</string>
<key>propertyValue</key>
<string>427 (slp)</string>
<key>relation</key>
<integer>0</integer>
<key>relationName</key>
<string>==</string>
</dict>
</array>
<key>enabled</key>
<string>0</string>
<key>expandedState</key>
<integer>1</integer>
<key>filterAction</key>
<integer>0</integer>
<key>filterActionName</key>
<string>-></string>
<key>nodeName</key>
<string>Personal File Sharing (548, 427)</string>
<key>nodeNumber</key>
<string>2.6.1.1.1</string>
<key>property</key>
<integer>0</integer>
<key>propertyName</key>
<string>Any</string>
<key>propertyValue</key>
<string></string>
<key>relation</key>
<integer>0</integer>
<key>relationName</key>
<string>==</string>
</dict>
<dict>
<key>expandedState</key>
<integer>1</integer>
<key>filterAction</key>
<integer>2</integer>
<key>filterActionName</key>
<string>Pass</string>
<key>nodeName</key>
<string>Windows File Sharing (139)</string>
<key>nodeNumber</key>
<string>2.6.1.1.2</string>
<key>property</key>
<integer>19</integer>
<key>propertyName</key>
<string>Dest port</string>
<key>propertyValue</key>
<string>139 (NETBIOS Session)</string>
<key>relation</key>
<integer>0</integer>
<key>relationName</key>
<string>==</string>
</dict>
<dict>
<key>children</key>
<array>
<dict>
<key>enabled</key>
<string>1</string>
<key>expandedState</key>
<integer>1</integer>
<key>filterAction</key>
<integer>2</integer>
<key>filterActionName</key>
<string>Pass</string>
<key>nodeNumber</key>
<string>2.6.1.1.3.1</string>
<key>property</key>
<integer>19</integer>
<key>propertyName</key>
<string>Dest port</string>
<key>propertyValue</key>
<string>80 (HTTP)</string>
<key>relation</key>
<integer>0</integer>
<key>relationName</key>
<string>==</string>
</dict>
<dict>
<key>enabled</key>
<string>1</string>
<key>expandedState</key>
<integer>1</integer>
<key>filterAction</key>
<integer>2</integer>
<key>filterActionName</key>
<string>Pass</string>
<key>nodeNumber</key>
<string>2.6.1.1.3.2</string>
<key>property</key>
<integer>19</integer>
<key>propertyName</key>
<string>Dest port</string>
<key>propertyValue</key>
<string>427 (slp)</string>
<key>relation</key>
<integer>0</integer>
<key>relationName</key>
<string>==</string>
</dict>
</array>
<key>enabled</key>
<string>0</string>
<key>expandedState</key>
<integer>1</integer>
<key>filterAction</key>
<integer>0</integer>
<key>filterActionName</key>
<string>-></string>
<key>nodeName</key>
<string>Personal Web Sharing</string>
<key>nodeNumber</key>
<string>2.6.1.1.3</string>
<key>property</key>
<integer>0</integer>
<key>propertyName</key>
<string>Any</string>
<key>relation</key>
<integer>0</integer>
<key>relationName</key>
<string>==</string>
</dict>
<dict>
<key>expandedState</key>
<integer>1</integer>
<key>filterAction</key>
<integer>2</integer>
<key>filterActionName</key>
<string>Pass</string>
<key>nodeName</key>
<string>Remote Login - SSH (22)</string>
<key>nodeNumber</key>
<string>2.6.1.1.4</string>
<key>property</key>
<integer>19</integer>
<key>propertyName</key>
<string>Dest port</string>
<key>propertyValue</key>
<string>22 (ssh)</string>
<key>relation</key>
<integer>0</integer>
<key>relationName</key>
<string>==</string>
</dict>
<dict>
<key>children</key>
<array>
<dict>
<key>enabled</key>
<string>1</string>
<key>expandedState</key>
<integer>1</integer>
<key>filterAction</key>
<integer>2</integer>
<key>filterActionName</key>
<string>Pass</string>
<key>nodeNumber</key>
<string>2.6.1.1.5.1</string>
<key>property</key>
<integer>19</integer>
<key>propertyName</key>
<string>Dest port</string>
<key>propertyValue</key>
<string>20-21</string>
<key>relation</key>
<integer>0</integer>
<key>relationName</key>
<string>==</string>
</dict>
<dict>
<key>children</key>
<array>
<dict>
<key>enabled</key>
<string>1</string>
<key>expandedState</key>
<integer>1</integer>
<key>filterAction</key>
<integer>2</integer>
<key>filterActionName</key>
<string>Pass</string>
<key>nodeNumber</key>
<string>2.6.1.1.5.2.1</string>
<key>property</key>
<integer>19</integer>
<key>propertyName</key>
<string>Dest port</string>
<key>propertyValue</key>
<string>1024-65535</string>
<key>relation</key>
<integer>0</integer>
<key>relationName</key>
<string>==</string>
</dict>
</array>
<key>enabled</key>
<string>1</string>
<key>expandedState</key>
<integer>1</integer>
<key>filterAction</key>
<integer>0</integer>
<key>filterActionName</key>
<string>-></string>
<key>nodeNumber</key>
<string>2.6.1.1.5.2</string>
<key>property</key>
<integer>18</integer>
<key>propertyName</key>
<string>Source port</string>
<key>propertyValue</key>
<string>20-21</string>
<key>relation</key>
<integer>0</integer>
<key>relationName</key>
<string>==</string>
</dict>
</array>
<key>expandedState</key>
<integer>1</integer>
<key>filterAction</key>
<integer>0</integer>
<key>filterActionName</key>
<string>-></string>
<key>nodeName</key>
<string>FTP Access (20-21) or 1024-65535 from 20-21)</string>
<key>nodeNumber</key>
<string>2.6.1.1.5</string>
<key>property</key>
<integer>0</integer>
<key>propertyName</key>
<string>Any</string>
<key>relation</key>
<integer>0</integer>
<key>relationName</key>
<string>==</string>
</dict>
<dict>
<key>expandedState</key>
<integer>1</integer>
<key>filterAction</key>
<integer>2</integer>
<key>filterActionName</key>
<string>Pass</string>
<key>nodeName</key>
<string>Remote Apple Events (3031)</string>
<key>nodeNumber</key>
<string>2.6.1.1.6</string>
<key>property</key>
<integer>19</integer>
<key>propertyName</key>
<string>Dest port</string>
<key>propertyValue</key>
<string>3031 (Program Linking)</string>
<key>relation</key>
<integer>0</integer>
<key>relationName</key>
<string>==</string>
</dict>
<dict>
<key>expandedState</key>
<integer>1</integer>
<key>filterAction</key>
<integer>2</integer>
<key>filterActionName</key>
<string>Pass</string>
<key>nodeName</key>
<string>Printer Sharing (631)</string>
<key>nodeNumber</key>
<string>2.6.1.1.7</string>
<key>property</key>
<integer>19</integer>
<key>propertyName</key>
<string>Dest port</string>
<key>propertyValue</key>
<string>631</string>
<key>relation</key>
<integer>0</integer>
<key>relationName</key>
<string>==</string>
</dict>
<dict>
<key>expandedState</key>
<integer>1</integer>
<key>filterAction</key>
<integer>2</integer>
<key>filterActionName</key>
<string>Pass</string>
<key>nodeName</key>
<string>AOL IM (5190)</string>
<key>nodeNumber</key>
<string>2.6.1.1.8</string>
<key>property</key>
<integer>19</integer>
<key>propertyName</key>
<string>Dest port</string>
<key>propertyValue</key>
<string>5190</string>
<key>relation</key>
<integer>0</integer>
<key>relationName</key>
<string>==</string>
</dict>
<dict>
<key>expandedState</key>
<integer>1</integer>
<key>filterAction</key>
<integer>2</integer>
<key>filterActionName</key>
<string>Pass</string>
<key>nodeName</key>
<string>Apple Remote Desktop (3283)</string>
<key>nodeNumber</key>
<string>2.6.1.1.9</string>
<key>property</key>
<integer>19</integer>
<key>propertyName</key>
<string>Dest port</string>
<key>propertyValue</key>
<string>3283 (ANAT)</string>
<key>relation</key>
<integer>0</integer>
<key>relationName</key>
<string>==</string>
</dict>
<dict>
<key>expandedState</key>
<integer>1</integer>
<key>filterAction</key>
<integer>2</integer>
<key>filterActionName</key>
<string>Pass</string>
<key>nodeName</key>
<string>Gnutella/Limewire (6346)</string>
<key>nodeNumber</key>
<string>2.6.1.1.10</string>
<key>property</key>
<integer>19</integer>
<key>propertyName</key>
<string>Dest port</string>
<key>propertyValue</key>
<string>6346</string>
<key>relation</key>
<integer>0</integer>
<key>relationName</key>
<string>==</string>
</dict>
<dict>
<key>expandedState</key>
<integer>1</integer>
<key>filterAction</key>
<integer>2</integer>
<key>filterActionName</key>
<string>Pass</string>
<key>nodeName</key>
<string>ICQ (4000)</string>
<key>nodeNumber</key>
<string>2.6.1.1.11</string>
<key>property</key>
<integer>19</integer>
<key>propertyName</key>
<string>Dest port</string>
<key>propertyValue</key>
<string>4000</string>
<key>relation</key>
<integer>0</integer>
<key>relationName</key>
<string>==</string>
</dict>
<dict>
<key>expandedState</key>
<integer>1</integer>
<key>filterAction</key>
<integer>2</integer>
<key>filterActionName</key>
<string>Pass</string>
<key>nodeName</key>
<string>IRC (104)</string>
<key>nodeNumber</key>
<string>2.6.1.1.12</string>
<key>property</key>
<integer>19</integer>
<key>propertyName</key>
<string>Dest port</string>
<key>propertyValue</key>
<string>194 (IRC)</string>
<key>relation</key>
<integer>0</integer>
<key>relationName</key>
<string>==</string>
</dict>
<dict>
<key>expandedState</key>
<integer>1</integer>
<key>filterAction</key>
<integer>2</integer>
<key>filterActionName</key>
<string>Pass</string>
<key>nodeName</key>
<string>MSN Messenger (6891-6900)</string>
<key>nodeNumber</key>
<string>2.6.1.1.13</string>
<key>property</key>
<integer>19</integer>
<key>propertyName</key>
<string>Dest port</string>
<key>propertyValue</key>
<string>6891-6900</string>
<key>relation</key>
<integer>0</integer>
<key>relationName</key>
<string>==</string>
</dict>
<dict>
<key>expandedState</key>
<integer>1</integer>
<key>filterAction</key>
<integer>2</integer>
<key>filterActionName</key>
<string>Pass</string>
<key>nodeName</key>
<string>Retrospect (497)</string>
<key>nodeNumber</key>
<string>2.6.1.1.14</string>
<key>property</key>
<integer>19</integer>
<key>propertyName</key>
<string>Dest port</string>
<key>propertyValue</key>
<string>497 (Retrospect)</string>
<key>relation</key>
<integer>0</integer>
<key>relationName</key>
<string>==</string>
</dict>
<dict>
<key>expandedState</key>
<integer>1</integer>
<key>filterAction</key>
<integer>2</integer>
<key>filterActionName</key>
<string>Pass</string>
<key>nodeName</key>
<string>SMB (without netbios) 445</string>
<key>nodeNumber</key>
<string>2.6.1.1.15</string>
<key>property</key>
<integer>19</integer>
<key>propertyName</key>
<string>Dest port</string>
<key>propertyValue</key>
<string>445</string>
<key>relation</key>
<integer>0</integer>
<key>relationName</key>
<string>==</string>
</dict>
<dict>
<key>expandedState</key>
<integer>1</integer>
<key>filterAction</key>
<integer>2</integer>
<key>filterActionName</key>
<string>Pass</string>
<key>nodeName</key>
<string>Timbuktu (407)</string>
<key>nodeNumber</key>
<string>2.6.1.1.16</string>
<key>property</key>
<integer>19</integer>
<key>propertyName</key>
<string>Dest port</string>
<key>propertyValue</key>
<string>407 (Timbuktu)</string>
<key>relation</key>
<integer>0</integer>
<key>relationName</key>
<string>==</string>
</dict>
<dict>
<key>enabled</key>
<string>1</string>
<key>expandedState</key>
<integer>1</integer>
<key>filterAction</key>
<integer>3</integer>
<key>filterActionName</key>
<string>Delete</string>
<key>nodeName</key>
<string>Disable all other inbound connections</string>
<key>nodeNumber</key>
<string>2.6.1.1.17</string>
<key>property</key>
<integer>0</integer>
<key>propertyName</key>
<string>Any</string>
<key>relation</key>
<integer>0</integer>
<key>relationName</key>
<string>==</string>
</dict>
</array>
<key>enabled</key>
<string>1</string>
<key>expandedState</key>
<integer>1</integer>
<key>filterAction</key>
<integer>0</integer>
<key>filterActionName</key>
<string>-></string>
<key>nodeNumber</key>
<string>2.6.1.1</string>
<key>property</key>
<integer>16</integer>
<key>propertyName</key>
<string>TCP header flags</string>
<key>propertyValue</key>
<string>syn,-ack</string>
<key>relation</key>
<integer>0</integer>
<key>relationName</key>
<string>==</string>
</dict>
</array>
<key>enabled</key>
<string>1</string>
<key>expandedState</key>
<integer>1</integer>
<key>filterAction</key>
<integer>0</integer>
<key>filterActionName</key>
<string>-></string>
<key>nodeNumber</key>
<string>2.6.1</string>
<key>property</key>
<integer>3</integer>
<key>propertyName</key>
<string>Interface</string>
<key>propertyValue</key>
<string>en0 (Built-in Ethernet)</string>
<key>relation</key>
<integer>0</integer>
<key>relationName</key>
<string>==</string>
</dict>
</array>
<key>filterAction</key>
<integer>0</integer>
<key>filterActionName</key>
<string>-></string>
<key>nodeName</key>
<string>Protect servers</string>
<key>nodeNumber</key>
<string>2.6</string>
<key>property</key>
<integer>2</integer>
<key>propertyName</key>
<string>Direction</string>
<key>propertyValue</key>
<string>inbound</string>
<key>relation</key>
<integer>0</integer>
<key>relationName</key>
<string>==</string>
</dict>
</array>
<key>enabled</key>
<true/>
<key>expandedState</key>
<integer>1</integer>
<key>filterAction</key>
<integer>0</integer>
<key>filterActionName</key>
<string>-></string>
<key>nodeCount</key>
<integer>20</integer>
<key>nodeName</key>
<string>default last</string>
<key>nodeNumber</key>
<string>2</string>
<key>property</key>
<integer>0</integer>
<key>propertyName</key>
<string>Any</string>
<key>propertyValue</key>
<string>en0 (Built-in Ethernet)</string>
<key>relation</key>
<integer>0</integer>
<key>relationName</key>
<string>==</string>
</dict>
</array>
<key>enabled</key>
<integer>1</integer>
<key>expandedState</key>
<integer>1</integer>
<key>filterActionName</key>
<integer>0</integer>
<key>nodeCount</key>
<integer>28</integer>
<key>propertyName</key>
<integer>0</integer>
<key>relationName</key>
<integer>0</integer>
</dict>
</plist>
