Mise à jour de 'roles/firewall-vpn-r/files/ferm.conf'

2021-03-31 11:33:48 +02:00 · 2021-03-31 11:33:48 +02:00 · 53e5e4dc9e
commit 53e5e4dc9e
parent abd94f520c
1 changed files with 6 additions and 45 deletions
--- a/roles/firewall-vpn-r/files/ferm.conf
+++ b/roles/firewall-vpn-r/files/ferm.conf
@ -23,15 +23,14 @@ table filter {
        interface lo ACCEPT;

        # allow SSH connections
-        #interface ($DEV_ADM) {
+        #interface ($DEV_VPN) {
 	proto tcp dport ssh ACCEPT;
 	#}

        # allow DNS connections
-        #interface ($DEV_INT) {
 	proto udp sport domain ACCEPT;
 	proto udp dport domain ACCEPT;
-	#}	
+		

        # allow IPsec
        interface ($DEV_VPN) {
@ -62,38 +61,11 @@ table filter {

    }
    chain OUTPUT {
-        policy DROP;
-#        interface ($DEV_PUB) {
-        
-	# Autoriser SSH
-        proto tcp sport ssh ACCEPT;
-
-	# Autoriser DNS
-        proto udp dport domain ACCEPT;
-        proto udp sport domain ACCEPT;
-	
-	# Autoriser ipsec
-        proto udp dport 500 ACCEPT;
-        proto udp sport 500 ACCEPT;
-	
-	# Autoriser nat-t-ike
-        proto udp dport 4500 ACCEPT;
-        proto udp sport 4500 ACCEPT;
-        
-	# Autoriser supervision
-        proto udp dport 161 ACCEPT;
-	
-	# Autoriser NTP
-        proto udp dport 123 ACCEPT;
-
-        # respond to ping
-        proto icmp ACCEPT; 
-
-#	}
+        policy ACCEPT;

        # connection tracking
-        #mod state state INVALID DROP;
-        mod state state (ESTABLISHED RELATED) ACCEPT;
+        # mod state state INVALID DROP;
+        # mod state state (ESTABLISHED RELATED) ACCEPT;
    }
    chain FORWARD {
        policy ACCEPT;
@ -103,14 +75,3 @@ table filter {
        mod state state (ESTABLISHED RELATED) ACCEPT;
    }
 }
-
-# IPv6:
-#domain ip6 {
-#    table filter {
-#        chain INPUT {
-#            policy ACCEPT;
-#            # ...
-#        }
-#        # ...
-#    }
-#}