Hi,

I still have problems with our BM server not letting through traffic
the way I want is to.

The BM has the following setup:
3 physical LAN cards
1 VPN tunnel

Interface Name Status
BRENNTAGBB Public
INTERNET Public
PRIVATE Private
VPTUNNEL Private


Defined ipaddresses:
Primary Host : 192.168.33.254 [VPTUNNEL]
Primary Host : 10.9.33.2 [BRENNTAGBB_EII]
Secondary Address: 10.9.33.5
Secondary Address: 10.9.33.4
Primary Host : internet.82 [INTERNET_EII]
Secondary Address: internet.86
Secondary Address: internet.85
Secondary Address: internet.84
Secondary Address: internet.83
Primary Host : 172.18.10.1 [PRIVATE_EII]
Primary Host : 192.168.203.254 [PRIVATE_EII]

I have created the default packet filters with brdcfg and put them onthe two public cards: BRENNTAGBB and INTERNET.

Then I set up several additional rules to allow traffic to flow
through. The problem is that some traffic does not flow, no matter
what I try.

These are the filters from filtcfg:

# FILE: FILTERS.CFG
#
# Filter Database. This file is maintained by the Filter Services NLM.

# *** IMPORTANT ***
# TAMPERING WITH THIS FILE MAY CAUSE SEVERE MALFUNCTIONING OF THE
SYSTEM.
#-------------------------------------------------------------------------


VERSION 1.3

GLOBAL-IP-LOG DISABLED
GLOBAL-IPX-LOG DISABLED

IP-NOT-MATCHING-FLT-EXCEPTION-LIST-LOG DISABLED
IPX-NOT-MATCHING-FLT-EXCEPTION-LIST-LOG DISABLED

# Protocol-level Service Definitions. Each entry specifies a protocol,

# a service type, and the corresponding protocol-specific value.
Built-in
# services are defined in the file BUILTIN.CFG. Syntax:
#
# PROTOCOL-SERVICE <protocol>, <service type>, <value>, [<Comment>]


PROTOCOL-SERVICE IP, lotusnotes, pid=TCP port=1352 srcport=<All>
ackfilt=0 stfilt=1, Lotus Notes Data
PROTOCOL-SERVICE IP, Alles-ST, pid=IP stfilt=1, Alles (stateful)
PROTOCOL-SERVICE IP, SAP GUI Data(2), pid=TCP port=3600 srcport=<All>ackfilt=0 stfilt=1,
PROTOCOL-SERVICE IP, SAP GUI Data(1), pid=TCP port=3200-3399
srcport=<All> ackfilt=0 stfilt=1,
PROTOCOL-SERVICE IP, pcaw/data resp, pid=TCP port=1024-65535
srcport=5631 ackfilt=1, Outbound PC anywhere data response
PROTOCOL-SERVICE IP, pcaw/data, pid=TCP port=5631 srcport=1024-65535,Allow inbound pcANYWHERE data to static NAT host
PROTOCOL-SERVICE IP, pcaw/5632 resp, pid=UDP port=1024-65535
srcport=5632, outbound pcANYWHERE response
PROTOCOL-SERVICE IP, pcaw/5632, pid=UDP port=5632 srcport=1024-65535,Inbound pcAnywhere protocol
PROTOCOL-SERVICE IP, ica-st, pid=TCP port=1494 srcport=1024-65535
ackfilt=0 stfilt=1, Allow outbound Citrix ICA client traffic
PROTOCOL-SERVICE IP, ADP Transpay IN, pid=TCP port=<All> srcport=5756ackfilt=0 stfilt=1, ADP Transpay inbound traffic
PROTOCOL-SERVICE IP, nntp-st, pid=TCP port=119 srcport=<All> ackfilt=0

stfilt=1, Network News transfer protocol Statefull
PROTOCOL-SERVICE IP, ADP TranspayOUT, pid=TCP port=5756 srcport=<All>ackfilt=0 stfilt=1, ADP Transpay outbound traffic
PROTOCOL-SERVICE IP, NFSd, pid=UDP port=2049 srcport=<All> stfilt=1,
NFS Daemon

PACKET-FILTER-LIST IP, ENABLED, DENY
FILTER ENABLED NOLOG, INTRFACE:<Any>, IP:pid=IP,
INTRFACE:INTERNET, Added by BRDCFG to block all IP packets.
EXCLUDE ENABLED NOLOG, INTRFACE:BRENNTAGBB IP:10.9.33.3,
IP:pid=IP, INTRFACE:PRIVATE IP:192.168.203.60, Verkeer van mq-box naar

prdchem
EXCLUDE ENABLED NOLOG, INTRFACE:PRIVATE IP:49.57.50.46, IP:pid=TCP

port=111 srcport=<All>, INTRFACE:BRENNTAGBB IP:49.48.46.57, (AA) Allow

NFS to/from mqbox.
EXCLUDE ENABLED NOLOG, INTRFACE:PRIVATE, IP:pid=TCP port=80
srcport=<All> ackfilt=0 stfilt=1, INTRFACE:BRENNTAGBB IP:49.57.52.46,(AA) Brenntag Duitsland proxyserver.
EXCLUDE ENABLED NOLOG, INTRFACE:PRIVATE, IP:pid=IP,
INTRFACE:BRENNTAGBB IP:49.48.46.57, (AA) Traffic from private networkto mq-box.
EXCLUDE ENABLED NOLOG, INTRFACE:PRIVATE, IP:pid=TCP port=23
srcport=<All> ackfilt=0 stfilt=1, INTRFACE:BRENNTAGBB IP:49.48.46.57,(AA) Allow Telnet to MQ-box.
EXCLUDE ENABLED NOLOG, INTRFACE:<Any> IP:49.57.50.46, IP:pid=TCP
port=80 srcport=<All> ackfilt=0 stfilt=1, INTRFACE:INTERNET,
KVKDigidoc server
EXCLUDE ENABLED NOLOG, INTRFACE:<Any> IP:49.57.50.46, IP:pid=TCP
port=80 srcport=<All> ackfilt=0 stfilt=1, INTRFACE:INTERNET,
KVKDigidoc server
EXCLUDE ENABLED NOLOG, INTRFACE:PRIVATE IP:192.168.209.111,
IP:pid=TCP port=443 srcport=<All> ackfilt=0 stfilt=1,
INTRFACE:INTERNET, (AA) Allow HCI Loosdrecht to use HTTPS.
EXCLUDE ENABLED NOLOG, INTRFACE:BRENNTAGBB IP:10.9.33.3,
IP:pid=IP, INTRFACE:PRIVATE IP:192.168.203.52, Verkeer van mq-box naar

devchem
EXCLUDE ENABLED NOLOG, INTRFACE:PRIVATE, IP:pid=TCP port=21
srcport=<All> ackfilt=0 stfilt=1, INTRFACE:BRENNTAGBB IP:10.9.33.3,
(AA) Passive FTP to MQ-box.
EXCLUDE ENABLED NOLOG, INTRFACE:PRIVATE, IP:pid=TCP port=23
srcport=<All> ackfilt=0 stfilt=1, INTRFACE:BRENNTAGBB IP:49.48.46.57,(AA) Allow Telnet to MQ-box.
EXCLUDE ENABLED NOLOG, INTRFACE:PRIVATE, IP:pid=IP,
INTRFACE:BRENNTAGBB IP:49.48.46.57, (AA) Traffic from private networkto mq-box.
EXCLUDE ENABLED NOLOG, INTRFACE:PRIVATE IP:192.168.203.60,
IP:pid=UDP port=2049 srcport=<All> stfilt=1, INTRFACE:BRENNTAGBB
IP:10.9.33.3, (AA) Allow NFS traffic to/from mqbox.
EXCLUDE ENABLED NOLOG, INTRFACE:INTERNET, IP:pid=TCP port=5631
srcport=1024-65535, INTRFACE:PRIVATE IP:192.168.204.12,
EXCLUDE ENABLED NOLOG, INTRFACE:INTERNET, IP:pid=UDP port=5632
srcport=1024-65535, INTRFACE:PRIVATE IP:192.168.204.12,
EXCLUDE ENABLED NOLOG, INTRFACE:PRIVATE, IP:pid=TCP port=80
srcport=<All> ackfilt=0 stfilt=1, INTRFACE:BRENNTAGBB IP:49.57.52.46,(AA) Brenntag Duitsland proxyserver.
EXCLUDE ENABLED NOLOG, INTRFACE:BRENNTAGBB, IP:pid=57,
INTRFACE:<Any> IP:10.9.33.2, Added by BRDCFG to alloc SKIP Protocol
for VPN.
EXCLUDE ENABLED NOLOG, INTRFACE:BRENNTAGBB, IP:pid=UDP port=353
srcport=<All>, INTRFACE:<Any> IP:10.9.33.2, Added by BRDCFG to allow
VPN Client Keep-Alive & Disconnect.
EXCLUDE ENABLED NOLOG, INTRFACE:BRENNTAGBB, IP:pid=UDP
port=1024-65535 srcport=<All>, INTRFACE:<Any> IP:10.9.33.2, Added by
BRDCFG to allow incoming traffic through dynamic ports.
EXCLUDE ENABLED NOLOG, INTRFACE:BRENNTAGBB, IP:pid=TCP port=443
srcport=<All>, INTRFACE:<Any> IP:10.9.33.2, Added by BRDCFG to allow
accelerator authentication.
EXCLUDE ENABLED NOLOG, INTRFACE:BRENNTAGBB, IP:pid=TCP port=353
srcport=<All>, INTRFACE:<Any> IP:10.9.33.2, Added by BRDCFG to allow
VPN Client Authentication.
EXCLUDE ENABLED NOLOG, INTRFACE:BRENNTAGBB, IP:pid=TCP port=80
srcport=<All>, INTRFACE:<Any> IP:10.9.33.2, Added by BRDCFG to allow
default Web Proxy Cache port.
EXCLUDE ENABLED NOLOG, INTRFACE:BRENNTAGBB, IP:pid=TCP port=213
srcport=<All>, INTRFACE:<Any> IP:10.9.33.2, Added by BRDCFG to allow
VPN Master/Slave communication port.
EXCLUDE ENABLED NOLOG, INTRFACE:BRENNTAGBB, IP:pid=TCP
port=1024-65535 srcport=<All>, INTRFACE:<Any> IP:10.9.33.2, Added by
BRDCFG to allow incoming traffic through dynamic ports.
EXCLUDE ENABLED NOLOG, INTRFACE:<Any> IP:10.9.33.2, IP:pid=IP,
INTRFACE:BRENNTAGBB, Added by BRDCFG to allow all outgoing IP packets.

EXCLUDE ENABLED NOLOG, INTRFACE:PRIVATE, IP:pid=TCP port=20
srcport=<All>, INTRFACE:INTERNET, (AA) Allow hosts to use outbound
FTP.
EXCLUDE ENABLED NOLOG, INTRFACE:PRIVATE, IP:pid=TCP port=21
srcport=<All> ackfilt=0 stfilt=2, INTRFACE:INTERNET, (AA) Allow
outbound FTP.
EXCLUDE ENABLED NOLOG, INTRFACE:INTERNET IP:194.178.85.163,
IP:pid=TCP port=<All> srcport=5756 ackfilt=0 stfilt=1,
INTRFACE:PRIVATE, ADP salarisadministratie
EXCLUDE ENABLED NOLOG, INTRFACE:PRIVATE IP:192.168.203.50,
IP:pid=TCP port=25 srcport=<All> ackfilt=0 stfilt=1,
INTRFACE:INTERNET, (AA) Allow GroupWise outbound SMTP.
EXCLUDE ENABLED NOLOG, INTRFACE:INTERNET, IP:pid=TCP port=25
srcport=<All> ackfilt=0 stfilt=1, INTRFACE:PRIVATE IP:192.168.203.50,Allow inbound response for SMTP mail
EXCLUDE ENABLED NOLOG, INTRFACE:PRIVATE, IP:pid=TCP port=119
srcport=<All> ackfilt=0 stfilt=1, INTRFACE:INTERNET, (AA) Allow
outbound NNTP (news) over TCP.
EXCLUDE ENABLED NOLOG, INTRFACE:<Any>, IP:pid=TCP port=53
srcport=<All> ackfilt=0 stfilt=1, INTRFACE:<Any>, Allow DNS queries to

the public IP address only
EXCLUDE ENABLED NOLOG, INTRFACE:INTERNET, IP:pid=57,
INTRFACE:<Any> IP:internet.82, Added by BRDCFG to alloc SKIP Protocolfor VPN.
EXCLUDE ENABLED NOLOG, INTRFACE:INTERNET, IP:pid=UDP port=353
srcport=<All>, INTRFACE:<Any> IP:internet.82, Added by BRDCFG to allow

VPN Client Keep-Alive & Disconnect.
EXCLUDE ENABLED NOLOG, INTRFACE:INTERNET, IP:pid=UDP
port=1024-65535 srcport=<All>, INTRFACE:<Any> IP:internet.82, Added by

BRDCFG to allow incoming traffic through dynamic ports.
EXCLUDE ENABLED NOLOG, INTRFACE:INTERNET, IP:pid=TCP port=443
srcport=<All>, INTRFACE:<Any> IP:internet.82, Added by BRDCFG to allow

accelerator authentication.
EXCLUDE ENABLED NOLOG, INTRFACE:INTERNET, IP:pid=TCP port=353
srcport=<All>, INTRFACE:<Any> IP:internet.82, Added by BRDCFG to allow

VPN Client Authentication.
EXCLUDE ENABLED NOLOG, INTRFACE:INTERNET, IP:pid=TCP port=80
srcport=<All>, INTRFACE:<Any> IP:internet.82, Added by BRDCFG to allow

default Web Proxy Cache port.
EXCLUDE ENABLED NOLOG, INTRFACE:INTERNET, IP:pid=TCP port=213
srcport=<All>, INTRFACE:<Any> IP:internet.82, Added by BRDCFG to allow

VPN Master/Slave communication port.
EXCLUDE ENABLED NOLOG, INTRFACE:INTERNET, IP:pid=TCP
port=1024-65535 srcport=<All>, INTRFACE:<Any> IP:internet.82, Added by

BRDCFG to allow incoming traffic through dynamic ports.
EXCLUDE ENABLED NOLOG, INTRFACE:<Any> IP:internet.82, IP:pid=IP,
INTRFACE:INTERNET, Added by BRDCFG to allow all outgoing IP packets.
EXCLUDE ENABLED NOLOG, INTRFACE:PRIVATE, IP:pid=UDP port=53
srcport=<All> stfilt=1, INTRFACE:INTERNET, (AA) Allow outbound DNS
over UDP.
EXCLUDE ENABLED NOLOG, INTRFACE:PRIVATE, IP:pid=TCP port=5756
srcport=<All> ackfilt=0 stfilt=1, INTRFACE:INTERNET IP:194.178.85.163,

(AA) Transpay tbv salarisadministratie
EXCLUDE ENABLED NOLOG, INTRFACE:PRIVATE IP:192.168.203.50,
IP:pid=TCP port=21 srcport=<All> ackfilt=0 stfilt=1, INTRFACE:INTERNET

IP:161.69.2.0/255.255.255.0, (AA) Allow McAfee anti-virus update fromserver.
EXCLUDE ENABLED NOLOG, INTRFACE:PRIVATE, IP:pid=TCP port=1494
srcport=1024-65535 ackfilt=0 stfilt=1, INTRFACE:INTERNET, (AA) Allow
outbound Citrix ICA client traffic.
EXCLUDE ENABLED NOLOG, INTRFACE:<Any> IP:192.168.203.201,
IP:pid=IP stfilt=1, INTRFACE:<Any>, Vanaf deze machine mag alles naarbuiten.
EXCLUDE ENABLED NOLOG, INTRFACE:<Any> IP:192.168.204.10, IP:pid=IP

stfilt=1, INTRFACE:<Any>, Vanaf deze machine mag alles naar buiten
EXCLUDE ENABLED NOLOG, INTRFACE:INTERNET, IP:pid=UDP port=5632
srcport=1024-65535, INTRFACE:PRIVATE IP:192.168.204.10, Allow inboundpcANYWHERE location protocol
EXCLUDE ENABLED NOLOG, INTRFACE:PRIVATE IP:192.168.204.10,
IP:pid=UDP port=1024-65535 srcport=5632, INTRFACE:INTERNET, (AA) Allow

outbound pcANYWHERE location responses
EXCLUDE ENABLED NOLOG, INTRFACE:INTERNET, IP:pid=TCP port=5631
srcport=1024-65535, INTRFACE:PRIVATE IP:192.168.204.10, Allow inboundpcANYWHERE data to static NAT host
EXCLUDE ENABLED NOLOG, INTRFACE:PRIVATE IP:192.168.204.10,
IP:pid=TCP port=1024-65535 srcport=5631 ackfilt=1, INTRFACE:INTERNET,(AA) Allow outbound pcANYWHERE data responses
EXCLUDE ENABLED NOLOG, INTRFACE:<Any> IP:192.168.204.12, IP:pid=IP

stfilt=1, INTRFACE:<Any>, Vanaf deze machine mag alles naar buiten.
EXCLUDE ENABLED NOLOG, INTRFACE:PRIVATE IP:49.57.50.46, IP:pid=TCP

port=111 srcport=<All>, INTRFACE:BRENNTAGBB IP:49.48.46.57, (AA) Allow

NFS to/from mqbox.
EXCLUDE ENABLED NOLOG, INTRFACE:BRENNTAGBB IP:49.48.46.57,
IP:pid=IP, INTRFACE:PRIVATE IP:49.57.50.46, Verkeer van mq-box naar
prdchem
EXCLUDE ENABLED NOLOG, INTRFACE:PRIVATE, IP:pid=TCP port=3200-3399

srcport=<All> ackfilt=0 stfilt=1, INTRFACE:BRENNTAGBB
IP:194.55.111.190, (AA) SAP GUI Client access to Germany.
EXCLUDE ENABLED NOLOG, INTRFACE:PRIVATE, IP:pid=TCP port=3600
srcport=<All> ackfilt=0 stfilt=1, INTRFACE:BRENNTAGBB
IP:194.55.111.190, (AA) SAP GUI Client access to Germany.
EXCLUDE ENABLED NOLOG, INTRFACE:PRIVATE
IP:192.168.209.0/255.255.255.128, IP:pid=TCP port=110 srcport=<All>
ackfilt=0 stfilt=1, INTRFACE:INTERNET IP:65.124.94.66, (AA) Allow HCILoosdrecht to use POP3.
EXCLUDE ENABLED NOLOG, INTRFACE:PRIVATE IP:192.168.209.111,
IP:pid=TCP port=80 srcport=<All> ackfilt=0 stfilt=1,
INTRFACE:INTERNET, (AA) Allow HCI Loosdrecht to use HTTP.
EXCLUDE ENABLED NOLOG, INTRFACE:PRIVATE
IP:192.168.209.0/255.255.255.128, IP:pid=TCP port=25 srcport=<All>
ackfilt=0 stfilt=1, INTRFACE:INTERNET IP:65.124.94.66, (AA) Allow HCILoosdrecht to use SMTP.
EXCLUDE ENABLED NOLOG, INTRFACE:PRIVATE IP:172.18.0.0/255.255.0.0,

IP:pid=IP stfilt=1, INTRFACE:INTERNET, (AA) Allow OIL&Gas access to
Internet
EXCLUDE ENABLED NOLOG, INTRFACE:PRIVATE IP:192.168.203.3,
IP:pid=IP stfilt=1, INTRFACE:INTERNET, (AA) Dordrecht-NT2 -> Internettbv KVK-Digidoc.
EXCLUDE ENABLED NOLOG, INTRFACE:<Any>, IP:pid=TCP port=110
srcport=<All> ackfilt=0 stfilt=1, INTRFACE:BRENNTAGBB IP:10.9.33.2,
Added by BRDCFG to allow mail proxy.
EXCLUDE ENABLED NOLOG, INTRFACE:<Any>, IP:pid=TCP port=25
srcport=<All> ackfilt=0 stfilt=1, INTRFACE:BRENNTAGBB IP:10.9.33.2,
Added by BRDCFG to allow mail proxy.
EXCLUDE ENABLED NOLOG, INTRFACE:<Any>, IP:pid=57,
INTRFACE:BRENNTAGBB IP:10.9.33.2, Added by BRDCFG to allow SKIP
Protocol for VPN.
EXCLUDE ENABLED NOLOG, INTRFACE:<Any>, IP:pid=UDP port=353
srcport=<All> stfilt=1, INTRFACE:BRENNTAGBB IP:10.9.33.2, Added by
BRDCFG to allow VPN Client Keep-Alive & Disconnect.
EXCLUDE ENABLED NOLOG, INTRFACE:<Any>, IP:pid=TCP port=353
srcport=<All> ackfilt=0 stfilt=1, INTRFACE:BRENNTAGBB IP:10.9.33.2,
Added by BRDCFG to allow VPN Client Authentication.
EXCLUDE ENABLED NOLOG, INTRFACE:<Any>, IP:pid=UDP port=2010
srcport=<All> stfilt=1, INTRFACE:BRENNTAGBB IP:10.9.33.2, Added by
BRDCFG to allow VPN Master/Slave communication.
EXCLUDE ENABLED NOLOG, INTRFACE:<Any>, IP:pid=TCP port=213
srcport=<All> ackfilt=0 stfilt=1, INTRFACE:BRENNTAGBB IP:10.9.33.2,
Added by BRDCFG to allow VPN Master/Slave communication.
EXCLUDE ENABLED NOLOG, INTRFACE:BRENNTAGBB IP:10.9.33.2,
IP:pid=UDP port=2010 srcport=<All> stfilt=1, INTRFACE:<Any>, Added byBRDCFG to allow VPN Master/Slave communication.
EXCLUDE ENABLED NOLOG, INTRFACE:BRENNTAGBB IP:10.9.33.2,
IP:pid=TCP port=213 srcport=<All> ackfilt=0 stfilt=1, INTRFACE:<Any>,Added by BRDCFG to allow VPN Master/Slave communication.
EXCLUDE ENABLED NOLOG, INTRFACE:BRENNTAGBB IP:10.9.33.2,
IP:pid=TCP port=23 srcport=<All> ackfilt=0 stfilt=1, INTRFACE:<Any>,
Added by BRDCFG to allow transparent telnet proxy.
EXCLUDE ENABLED NOLOG, INTRFACE:BRENNTAGBB IP:10.9.33.2,
IP:pid=UDP port=53 srcport=<All> stfilt=1, INTRFACE:<Any>, Added by
BRDCFG to allow DNS proxy.
EXCLUDE ENABLED NOLOG, INTRFACE:BRENNTAGBB IP:10.9.33.2,
IP:pid=TCP port=53 srcport=<All> ackfilt=0 stfilt=1, INTRFACE:<Any>,
Added by BRDCFG to allow DNS proxy.
EXCLUDE ENABLED NOLOG, INTRFACE:BRENNTAGBB IP:10.9.33.2,
IP:pid=TCP port=554 srcport=<All> ackfilt=0 stfilt=1, INTRFACE:<Any>,Added by BRDCFG to allow RTSP proxy.
EXCLUDE ENABLED NOLOG, INTRFACE:BRENNTAGBB IP:10.9.33.2,
IP:pid=TCP port=7070 srcport=<All> ackfilt=0 stfilt=1, INTRFACE:<Any>,

Added by BRDCFG to allow Real Audio proxy.
EXCLUDE ENABLED NOLOG, INTRFACE:BRENNTAGBB IP:10.9.33.2,
IP:pid=TCP port=119 srcport=<All> ackfilt=0 stfilt=1, INTRFACE:<Any>,Added by BRDCFG to allow news proxy.
EXCLUDE ENABLED NOLOG, INTRFACE:BRENNTAGBB IP:10.9.33.2,
IP:pid=TCP port=110 srcport=<All> ackfilt=0 stfilt=1, INTRFACE:<Any>,Added by BRDCFG to allow mail proxy.
EXCLUDE ENABLED NOLOG, INTRFACE:BRENNTAGBB IP:10.9.33.2,
IP:pid=TCP port=25 srcport=<All> ackfilt=0 stfilt=1, INTRFACE:<Any>,
Added by BRDCFG to allow mail proxy.
EXCLUDE ENABLED NOLOG, INTRFACE:BRENNTAGBB IP:10.9.33.2,
IP:pid=TCP port=21 srcport=<All> ackfilt=0 stfilt=1, INTRFACE:<Any>,
Added by BRDCFG to allow FTP proxy.
EXCLUDE ENABLED NOLOG, INTRFACE:BRENNTAGBB IP:10.9.33.2,
IP:pid=TCP port=443 srcport=<All> ackfilt=0 stfilt=1, INTRFACE:<Any>,Added by BRDCFG to allow secure HTTP.
EXCLUDE ENABLED NOLOG, INTRFACE:BRENNTAGBB IP:10.9.33.2,
IP:pid=TCP port=80 srcport=<All> ackfilt=0 stfilt=1, INTRFACE:<Any>,
Added by BRDCFG to allow HTTP proxy.
EXCLUDE ENABLED NOLOG, INTRFACE:<Any>, IP:pid=TCP port=110
srcport=<All> ackfilt=0 stfilt=1, INTRFACE:INTERNET IP:internet.82,
Added by BRDCFG to allow mail proxy.
EXCLUDE ENABLED NOLOG, INTRFACE:<Any>, IP:pid=TCP port=25
srcport=<All> ackfilt=0 stfilt=1, INTRFACE:INTERNET IP:internet.82,
Added by BRDCFG to allow mail proxy.
EXCLUDE ENABLED NOLOG, INTRFACE:<Any>, IP:pid=57,
INTRFACE:INTERNET IP:internet.82, Added by BRDCFG to allow SKIP
Protocol for VPN.
EXCLUDE ENABLED NOLOG, INTRFACE:<Any>, IP:pid=UDP port=353
srcport=<All> stfilt=1, INTRFACE:INTERNET IP:internet.82, Added by
BRDCFG to allow VPN Client Keep-Alive & Disconnect.
EXCLUDE ENABLED NOLOG, INTRFACE:<Any>, IP:pid=TCP port=353
srcport=<All> ackfilt=0 stfilt=1, INTRFACE:INTERNET IP:internet.82,
Added by BRDCFG to allow VPN Client Authentication.
EXCLUDE ENABLED NOLOG, INTRFACE:<Any>, IP:pid=UDP port=2010
srcport=<All> stfilt=1, INTRFACE:INTERNET IP:internet.82, Added by
BRDCFG to allow VPN Master/Slave communication.
EXCLUDE ENABLED NOLOG, INTRFACE:<Any>, IP:pid=TCP port=213
srcport=<All> ackfilt=0 stfilt=1, INTRFACE:INTERNET IP:internet.82,
Added by BRDCFG to allow VPN Master/Slave communication.
EXCLUDE ENABLED NOLOG, INTRFACE:INTERNET IP:internet.82,
IP:pid=UDP port=2010 srcport=<All> stfilt=1, INTRFACE:<Any>, Added byBRDCFG to allow VPN Master/Slave communication.
EXCLUDE ENABLED NOLOG, INTRFACE:INTERNET IP:internet.82,
IP:pid=TCP port=213 srcport=<All> ackfilt=0 stfilt=1, INTRFACE:<Any>,Added by BRDCFG to allow VPN Master/Slave communication.
EXCLUDE ENABLED NOLOG, INTRFACE:INTERNET IP:internet.82,
IP:pid=TCP port=23 srcport=<All> ackfilt=0 stfilt=1, INTRFACE:<Any>,
Added by BRDCFG to allow transparent telnet proxy.
EXCLUDE ENABLED NOLOG, INTRFACE:INTERNET IP:internet.82,
IP:pid=UDP port=53 srcport=<All> stfilt=1, INTRFACE:<Any>, Added by
BRDCFG to allow DNS proxy.
EXCLUDE ENABLED NOLOG, INTRFACE:INTERNET IP:internet.82,
IP:pid=TCP port=53 srcport=<All> ackfilt=0 stfilt=1, INTRFACE:<Any>,
Added by BRDCFG to allow DNS proxy.
EXCLUDE ENABLED NOLOG, INTRFACE:INTERNET IP:internet.82,
IP:pid=TCP port=554 srcport=<All> ackfilt=0 stfilt=1, INTRFACE:<Any>,Added by BRDCFG to allow RTSP proxy.
EXCLUDE ENABLED NOLOG, INTRFACE:INTERNET IP:internet.82,
IP:pid=TCP port=7070 srcport=<All> ackfilt=0 stfilt=1, INTRFACE:<Any>,

Added by BRDCFG to allow Real Audio proxy.
EXCLUDE ENABLED NOLOG, INTRFACE:INTERNET IP:internet.82,
IP:pid=TCP port=119 srcport=<All> ackfilt=0 stfilt=1, INTRFACE:<Any>,Added by BRDCFG to allow news proxy.
EXCLUDE ENABLED NOLOG, INTRFACE:INTERNET IP:internet.82,
IP:pid=TCP port=110 srcport=<All> ackfilt=0 stfilt=1, INTRFACE:<Any>,Added by BRDCFG to allow mail proxy.
EXCLUDE ENABLED NOLOG, INTRFACE:INTERNET IP:internet.82,
IP:pid=TCP port=25 srcport=<All> ackfilt=0 stfilt=1, INTRFACE:<Any>,
Added by BRDCFG to allow mail proxy.
EXCLUDE ENABLED NOLOG, INTRFACE:INTERNET IP:internet.82,
IP:pid=TCP port=21 srcport=<All> ackfilt=0 stfilt=1, INTRFACE:<Any>,
Added by BRDCFG to allow FTP proxy.
EXCLUDE ENABLED NOLOG, INTRFACE:INTERNET IP:internet.82,
IP:pid=TCP port=443 srcport=<All> ackfilt=0 stfilt=1, INTRFACE:<Any>,Added by BRDCFG to allow secure HTTP.
EXCLUDE ENABLED NOLOG, INTRFACE:INTERNET IP:internet.82,
IP:pid=TCP port=80 srcport=<All> ackfilt=0 stfilt=1, INTRFACE:<Any>,
Added by BRDCFG to allow HTTP proxy.
FILTER ENABLED NOLOG, INTRFACE:BRENNTAGBB, IP:pid=IP,
INTRFACE:<Any>, Added by BRDCFG to block all IP packets.
FILTER ENABLED NOLOG, INTRFACE:<Any>, IP:pid=IP,
INTRFACE:BRENNTAGBB, Added by BRDCFG to block all IP packets.
FILTER ENABLED NOLOG, INTRFACE:INTERNET, IP:pid=IP,
INTRFACE:<Any>, Added by BRDCFG to block all IP packets.

PACKET-FILTER-LIST IPX, ENABLED, DENY
FILTER ENABLED NOLOG, INTRFACE:<Any>, IPX:pkt_type=FF socket=FFFFsrcsocket=FFFF, INTRFACE:INTERNET, Added by BRDCFG to block all IPX
packets.
FILTER ENABLED NOLOG, INTRFACE:INTERNET, IPX:pkt_type=FF
socket=FFFF srcsocket=FFFF, INTRFACE:<Any>, Added by BRDCFG to block
all IPX packets.
FILTER ENABLED NOLOG, INTRFACE:<Any>, IPX:pkt_type=FF socket=FFFFsrcsocket=FFFF, INTRFACE:BRENNTAGBB, Added by BRDCFG to block all IPXpackets.
FILTER ENABLED NOLOG, INTRFACE:BRENNTAGBB, IPX:pkt_type=FF
socket=FFFF srcsocket=FFFF, INTRFACE:<Any>, Added by BRDCFG to block
all IPX packets.

SERVICE-FILTER-LIST ADVERTISE, APPLETLK, DISABLED, DENY

SERVICE-FILTER-LIST ADVERTISE, IPX, ENABLED, DENY
FILTER ENABLED NOLOG, IPXSAP:FFFF, *, GROUP:<ANY>,
INTRFACE:INTERNET, Added by BRDCFG to block all IPX SAP traffic.
FILTER ENABLED NOLOG, IPXSAP:FFFF, *, GROUP:<ANY>,
INTRFACE:BRENNTAGBB, Added by BRDCFG to block all IPX SAP traffic.

SERVICE-FILTER-LIST ACCEPT, IPX, ENABLED, DENY
FILTER ENABLED NOLOG, IPXSAP:FFFF, *, GROUP:<ANY>,
INTRFACE:INTERNET, Added by BRDCFG to block all IPX SAP traffic.
FILTER ENABLED NOLOG, IPXSAP:FFFF, *, GROUP:<ANY>,
INTRFACE:BRENNTAGBB, Added by BRDCFG to block all IPX SAP traffic.

ROUTE-FILTER-LIST ADVERTISE, APPLETLK, DISABLED, DENY

ROUTE-FILTER-LIST ACCEPT, APPLETLK, DISABLED, DENY

ROUTE-FILTER-LIST ADVERTISE, OSPF, ENABLED, DENY
FILTER ENABLED NOLOG, GROUP:<ANY>, GROUP:<ANY>, m=, Added by
BRDCFG to block all IP OSPF traffic.

ROUTE-FILTER-LIST ADVERTISE, EGP, ENABLED, DENY
FILTER ENABLED NOLOG, GROUP:<ANY>, INTRFACE:INTERNET, m=, Added by

BRDCFG to block all IP EGP traffic.
FILTER ENABLED NOLOG, GROUP:<ANY>, INTRFACE:BRENNTAGBB, m=, Addedby BRDCFG to block all IP EGP traffic.

ROUTE-FILTER-LIST ACCEPT, EGP, ENABLED, DENY
FILTER ENABLED NOLOG, GROUP:<ANY>, INTRFACE:INTERNET, m=, Added by

BRDCFG to block all IP EGP traffic.
FILTER ENABLED NOLOG, GROUP:<ANY>, INTRFACE:BRENNTAGBB, m=, Addedby BRDCFG to block all IP EGP traffic.

ROUTE-FILTER-LIST ADVERTISE, IP, ENABLED, DENY
FILTER ENABLED NOLOG, GROUP:<ANY>, INTRFACE:INTERNET, m=, Added by

BRDCFG to block all IP RIP traffic.
FILTER ENABLED NOLOG, IP:192.168.33.0/255.255.255.0,
INTRFACE:<Any>, m=, VPN Administered Filter - Restrict Tunnel IP Addr FILTER ENABLED NOLOG, IP:62.0.0.0/255.0.0.0, INTRFACE:VPTUNNEL,
m=, VPN Administered Filter - Restrict Public IP Addr
FILTER ENABLED NOLOG, IP:internet.80/255.255.255.248,
INTRFACE:VPTUNNEL, m=, VPN Administered Filter - Restrict Public IP
Addr
FILTER ENABLED NOLOG, IP:0.0.0.0/0.0.0.0, INTRFACE:VPTUNNEL, m=,
VPN Administered Filter - Restrict Default Route
FILTER ENABLED NOLOG, GROUP:<ANY>, INTRFACE:BRENNTAGBB, m=, Addedby BRDCFG to block all IP RIP traffic.

ROUTE-FILTER-LIST ACCEPT, IP, ENABLED, DENY
FILTER ENABLED NOLOG, GROUP:<ANY>, INTRFACE:INTERNET, m=, Added by

BRDCFG to block all IP RIP traffic.
FILTER ENABLED NOLOG, GROUP:<ANY>, INTRFACE:BRENNTAGBB, m=, Addedby BRDCFG to block all IP RIP traffic.

ROUTE-FILTER-LIST ADVERTISE, IPX, ENABLED, DENY
FILTER ENABLED NOLOG, IPX:00000000/00000000, INTRFACE:INTERNET,
<none>, Added by BRDCFG to block all IPX RIP traffic.
FILTER ENABLED NOLOG, IPX:00000000/00000000, INTRFACE:BRENNTAGBB,<none>, Added by BRDCFG to block all IPX RIP traffic.

ROUTE-FILTER-LIST ACCEPT, IPX, ENABLED, DENY
FILTER ENABLED NOLOG, IPX:00000000/00000000, INTRFACE:INTERNET,
<none>, Added by BRDCFG to block all IPX RIP traffic.
FILTER ENABLED NOLOG, IPX:00000000/00000000, INTRFACE:BRENNTAGBB,<none>, Added by BRDCFG to block all IPX RIP traffic.

Can somebody explain what is wrong?

Kind regards,

Arjan