anthony.arnoux/gsb2023
1
0
Fork 0
forked from gadmin/gsb2023
Code Pull Requests Activity

ajout ferm vpn

Browse Source
This commit is contained in:
root 2023-02-03 09:21:56 +01:00
parent f9e48e7614
commit 851543db0a
1 changed files with 5 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
roles/fw-ferm/files/ferm2.conf
View File

@ -1,5 +1,3 @@
# -*- shell-script -*-
@def $DEV_VPN= wg0; @def $DEV_VPN= wg0;
table filter { table filter {
@ -12,23 +10,22 @@ table filter {
# allow local connections # allow local connections
interface lo ACCEPT; interface lo ACCEPT;
interface $DEV_VPN{
# respond to ping # respond to ping
proto icmp icmp-type echo-request ACCEPT; proto icmp icmp-type echo-request ACCEPT;
# disallow ssh # disallow ssh
saddr proto tcp dport ssh DROP; proto tcp dport ssh ACCEPT;
}
}#FIN INPUT }#FIN INPUT
# outgoing connections are not limited # outgoing connections are not limited
chain OUTPUT { chain OUTPUT {
policy ACCEPT; policy ACCEPT;
interface $DEV_VPN{
# allow ssh # allow ssh
daddr proto tcp dport ssh ACCEPT; proto tcp dport ssh DROP;
# respond to ping # respond to ping
proto icmp icmp-type echo-request ACCEPT; proto icmp icmp-type echo-request ACCEPT;
}
}#FIN OUTPUT }#FIN OUTPUT
chain FORWARD { chain FORWARD {