Mise à jour de 'roles/firewall-vpn-r/files/ferm.conf'

This commit is contained in:
gadmin 2021-03-31 11:33:48 +02:00
parent abd94f520c
commit 53e5e4dc9e

View File

@ -23,15 +23,14 @@ table filter {
interface lo ACCEPT;
# allow SSH connections
#interface ($DEV_ADM) {
#interface ($DEV_VPN) {
proto tcp dport ssh ACCEPT;
#}
# allow DNS connections
#interface ($DEV_INT) {
proto udp sport domain ACCEPT;
proto udp dport domain ACCEPT;
#}
# allow IPsec
interface ($DEV_VPN) {
@ -62,38 +61,11 @@ table filter {
}
chain OUTPUT {
policy DROP;
# interface ($DEV_PUB) {
# Autoriser SSH
proto tcp sport ssh ACCEPT;
# Autoriser DNS
proto udp dport domain ACCEPT;
proto udp sport domain ACCEPT;
# Autoriser ipsec
proto udp dport 500 ACCEPT;
proto udp sport 500 ACCEPT;
# Autoriser nat-t-ike
proto udp dport 4500 ACCEPT;
proto udp sport 4500 ACCEPT;
# Autoriser supervision
proto udp dport 161 ACCEPT;
# Autoriser NTP
proto udp dport 123 ACCEPT;
# respond to ping
proto icmp ACCEPT;
# }
policy ACCEPT;
# connection tracking
#mod state state INVALID DROP;
mod state state (ESTABLISHED RELATED) ACCEPT;
# mod state state INVALID DROP;
# mod state state (ESTABLISHED RELATED) ACCEPT;
}
chain FORWARD {
policy ACCEPT;
@ -103,14 +75,3 @@ table filter {
mod state state (ESTABLISHED RELATED) ACCEPT;
}
}
# IPv6:
#domain ip6 {
# table filter {
# chain INPUT {
# policy ACCEPT;
# # ...
# }
# # ...
# }
#}