modif

2023-02-03 09:51:32 +01:00 · 2023-02-03 09:51:32 +01:00 · 81478df279
commit 81478df279
parent 75126890b3
1 changed files with 9 additions and 11 deletions
--- a/roles/fw-ferm/files/ferm.conf.r-vp1
+++ b/roles/fw-ferm/files/ferm.conf.r-vp1
@ -35,12 +35,6 @@ table filter {
            proto (udp tcp) dport domain ACCEPT;
            proto udp dport bootps ACCEPT; 
        }
-        interface $DEV_VPN{
-        # respond to ping
-        proto icmp icmp-type echo-request ACCEPT;
-        # disallow ssh
-        saddr proto tcp dport ssh DROP;
-        }           
        

        # interface réseau 
@ -53,16 +47,20 @@ table filter {

    # outgoing connections are not limited
    chain OUTPUT {policy ACCEPT;
-        interface $DEV_VPN{
-        # allow ssh
-        daddr proto tcp dport ssh ACCEPT;
-        # respond to ping
-        proto icmp icmp-type echo-request ACCEPT;
        }
     }#FIN OUTPUT
    chain FORWARD {
        policy ACCEPT;

+        interface $DEV_VPN{
+            # respond to ping
+            proto icmp icmp-type echo-request ACCEPT;
+            # disallow ssh
+            saddr proto tcp dport ssh DROP;
+            # allow ssh
+            daddr proto tcp dport ssh ACCEPT;
+
+        }
        # connection tracking
        mod state state INVALID DROP;
        mod state state (ESTABLISHED RELATED) ACCEPT;