gadmin/gsb2021
1
0
Fork 0
Code Issues 1 Pull Requests Projects Releases Wiki Activity

Mise à jour de 'roles/firewall-vpn-r/files/ferm.conf'

Browse Source
This commit is contained in:
gadmin 2021-03-31 11:51:22 +02:00
parent 53e5e4dc9e
commit 98890660f8
1 changed files with 2 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
roles/firewall-vpn-r/files/ferm.conf
View File

@ -9,7 +9,7 @@
@def $NET_ADM=192.168.99.112/24; @def $NET_ADM=192.168.99.112/24;
@def $NET_VPN=192.168.0.51/24; @def $NET_VPN=192.168.0.51/24;
@def $NET_EXT=192.168.1.2/30; @def $NET_EXT=192.168.1.2/24;
table filter { table filter {
chain INPUT { chain INPUT {
@ -23,9 +23,8 @@ table filter {
interface lo ACCEPT; interface lo ACCEPT;
# allow SSH connections # allow SSH connections
#interface ($DEV_VPN) {
proto tcp dport ssh ACCEPT; proto tcp dport ssh ACCEPT;
#}
# allow DNS connections # allow DNS connections
proto udp sport domain ACCEPT; proto udp sport domain ACCEPT;
@ -50,22 +49,13 @@ table filter {
# proto (udp tcp) dport domain ACCEPT; # proto (udp tcp) dport domain ACCEPT;
#} #}
# autoriser supervision
proto udp sport 161 ACCEPT;
# autoriser NTP # autoriser NTP
proto udp sport 123 ACCEPT; proto udp sport 123 ACCEPT;
# respond to ping
proto icmp mod limit limit 30/minut ACCEPT;
} }
chain OUTPUT { chain OUTPUT {
policy ACCEPT; policy ACCEPT;
# connection tracking
# mod state state INVALID DROP;
# mod state state (ESTABLISHED RELATED) ACCEPT;
} }
chain FORWARD { chain FORWARD {
policy ACCEPT; policy ACCEPT;