gadmin/gsb2023
0
0
Fork 1
Code Issues 1 Pull Requests Packages Projects Releases Wiki Activity

modif

Browse Source
This commit is contained in:
Johan Largy 2023-02-03 09:51:32 +01:00
parent 75126890b3
commit 81478df279
1 changed files with 9 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

20
roles/fw-ferm/files/ferm.conf.r-vp1
View File

@ -35,12 +35,6 @@ table filter {
proto (udp tcp) dport domain ACCEPT; proto (udp tcp) dport domain ACCEPT;
proto udp dport bootps ACCEPT; proto udp dport bootps ACCEPT;
} }
interface $DEV_VPN{
# respond to ping
proto icmp icmp-type echo-request ACCEPT;
# disallow ssh
saddr proto tcp dport ssh DROP;
}
# interface réseau # interface réseau
@ -53,16 +47,20 @@ table filter {
# outgoing connections are not limited # outgoing connections are not limited
chain OUTPUT {policy ACCEPT; chain OUTPUT {policy ACCEPT;
interface $DEV_VPN{
# allow ssh
daddr proto tcp dport ssh ACCEPT;
# respond to ping
proto icmp icmp-type echo-request ACCEPT;
} }
}#FIN OUTPUT }#FIN OUTPUT
chain FORWARD { chain FORWARD {
policy ACCEPT; policy ACCEPT;
interface $DEV_VPN{
# respond to ping
proto icmp icmp-type echo-request ACCEPT;
# disallow ssh
saddr proto tcp dport ssh DROP;
# allow ssh
daddr proto tcp dport ssh ACCEPT;
}
# connection tracking # connection tracking
mod state state INVALID DROP; mod state state INVALID DROP;
mod state state (ESTABLISHED RELATED) ACCEPT; mod state state (ESTABLISHED RELATED) ACCEPT;