Извени попутал
офис
00001 allow ip from any to any via gif0
00001 allow udp from 10.151.194.14 to 10.148.111.12 dst-port 500
00001 allow udp from 10.148.111.12 to 10.151.194.14 dst-port 500
00001 allow esp from 10.151.194.14 to 10.148.111.12
00001 allow esp from 10.148.111.12 to 10.151.194.14
00001 allow ipencap from 10.151.194.14 to 10.148.111.12
00001 allow ipencap from 10.148.111.12 to 10.151.194.14
00100 divert 8668 ip from any to any via 10.151.194.14
00200 check-state
00300 allow icmp from any to any icmptypes 0,3,8,11
00301 allow udp from 10.151.194.14 to any dst-port 33434-33525 keep-state
00302 allow udp from 10.151.194.14 to any keep-state
00303 allow tcp from 10.151.194.14 to any dst-port 20,21,22,80,443 keep-state
00304 allow tcp from 10.151.194.14 49152-65535 to any setup keep-state
00600 allow ip from 192.168.30.0/24 to 192.168.30.13 keep-state
00601 allow ip from 192.168.30.13 to 192.168.30.0/24 keep-state
65535 deny ip from any to any

склад
00001 allow ip from any to any via gif0
00001 allow udp from 10.148.111.12 to 10.151.194.14 dst-port 500
00001 allow udp from 10.151.194.14 to 10.148.111.12 dst-port 500
00001 allow esp from 10.148.111.12 to 10.151.194.14
00001 allow esp from 10.151.194.14 to 10.148.111.12
00001 allow ipencap from 10.148.111.12 to 10.151.194.14
00001 allow ipencap from 10.151.194.14 to 10.148.111.12
00100 divert 8668 ip from any to any via 10.148.111.12
00200 check-state
00300 allow icmp from any to any icmptypes 0,3,8,11
00301 allow udp from 10.148.111.12 to any dst-port 33434-33525 keep-state
00302 allow udp from 10.148.111.12 to any keep-state
00303 allow tcp from 10.148.111.12 to any dst-port 20,21,22,80,443,3389 keep-state
00304 allow tcp from 10.148.111.12 49152-65535 to any setup keep-state
00305 allow tcp from any to 10.148.111.12 dst-port 3389 keep-state
00600 allow ip from 192.168.33.0/24 to 192.168.33.3 keep-state
00601 allow ip from 192.168.33.3 to 192.168.33.0/24 keep-state
65535 deny ip from any to any