ajout ferm.conf

nmap rvp2
ajout fichier test nmap
2023-01-27 09:43:16 +01:00 · 2023-01-27 09:37:04 +01:00 · 2023-01-27 09:15:49 +01:00
3 changed files with 83 additions and 0 deletions
--- a/roles/fw-ferm-1/nmap-rvp1.txt
+++ b/roles/fw-ferm-1/nmap-rvp1.txt
@ -0,0 +1,12 @@
+# CMD
+sudo nmap -pU:51820  192.168.0.51
+#Resultat
+Starting Nmap 7.80 ( https://nmap.org ) at 2023-01-27 09:02 CET
+Nmap scan report for 192.168.0.51
+Host is up (0.00030s latency).
+
+PORT      STATE    SERVICE
+51820/tcp filtered unknown
+MAC Address: 08:00:27:F0:E2:46 (Oracle VirtualBox virtual NIC)
+
+Nmap done: 1 IP address (1 host up) scanned in 0.36 seconds
--- a/roles/fw-ferm-2/ferm.conf
+++ b/roles/fw-ferm-2/ferm.conf
@ -0,0 +1,62 @@
+# -*- shell-script -*-
+#
+# Ferm script r-vp2
+
+@def $DEV_PRIVATE = enp0s9;
+@def $DEV_WORLD = enp0s8;
+
+@def $NET_PRIVATE = 172.16.0.0/24;
+
+table filter {
+    chain (INPUT OUTPUT){
+        # allow VPN
+	proto udp dport 51820 ACCEPT;
+}
+    chain INPUT {
+        policy DROP;
+
+        # connection tracking
+        mod state state INVALID DROP;
+        mod state state (ESTABLISHED RELATED) ACCEPT;
+
+        # allow local connections
+        interface lo ACCEPT;
+
+        # respond to ping
+        proto icmp icmp-type echo-request ACCEPT;
+
+        # allow SSH connections from the private network and from some
+        # well-known internet hosts
+        saddr ($NET_PRIVATE 81.209.165.42) proto tcp dport ssh ACCEPT;
+
+        # we provide DNS and SMTP services for the internal net
+        interface $DEV_PRIVATE saddr $NET_PRIVATE {
+            proto (udp tcp) dport domain ACCEPT;
+            proto udp dport bootps ACCEPT;
+        }
+
+        # interface réseau
+        interface $DEV_WORLD {
+
+        }
+
+        # the rest is dropped by the above policy
+    }#FIN INPUT
+
+    # outgoing connections are not limited
+    chain OUTPUT policy ACCEPT;
+
+    chain FORWARD {
+        policy ACCEPT;
+
+        # connection tracking
+        mod state state INVALID DROP;
+        mod state state (ESTABLISHED RELATED) ACCEPT;
+
+        # connections from the internal net to the internet or to other
+        # internal nets are allowed
+        interface $DEV_PRIVATE ACCEPT;
+
+        # the rest is dropped by the above policy
+    }
+}
--- a/roles/fw-ferm-2/nmap-rvp2.txt
+++ b/roles/fw-ferm-2/nmap-rvp2.txt
@ -0,0 +1,9 @@
+Starting Nmap 7.80 ( https://nmap.org ) at 2023-01-27 09:33 CET
+Nmap scan report for 192.168.0.52
+Host is up (0.00021s latency).
+
+PORT      STATE    SERVICE
+51820/tcp filtered unknown
+MAC Address: 08:00:27:31:FA:71 (Oracle VirtualBox virtual NIC)
+
+Nmap done: 1 IP address (1 host up) scanned in 0.36 seconds
Author	SHA1	Message	Date
root	01c2b76936	ajout ferm.conf	2023-01-27 09:43:16 +01:00
Johan Largy	a7f366a124	nmap rvp2	2023-01-27 09:37:04 +01:00
Mathis Laceppe	143c3878a3	ajout fichier test nmap	2023-01-27 09:15:49 +01:00