ajout ferm vpn

roles/fw-ferm/files/ferm2.conf

@@ -1,5 +1,3 @@
-# -*- shell-script -*-
-
 @def $DEV_VPN= wg0;
 
 table filter {
@@ -12,23 +10,22 @@ table filter {
 
         # allow local connections
         interface lo ACCEPT;
-        interface $DEV_VPN{
+
         # respond to ping
         proto icmp icmp-type echo-request ACCEPT;
         # disallow ssh
-        saddr proto tcp dport ssh DROP;
+        proto tcp dport ssh ACCEPT;
-        }
+  
     }#FIN INPUT
 
     # outgoing connections are not limited
     chain OUTPUT {
         policy ACCEPT;
-        interface $DEV_VPN{
         # allow ssh
-        daddr proto tcp dport ssh ACCEPT;
+        proto tcp dport ssh DROP; 
         # respond to ping
         proto icmp icmp-type echo-request ACCEPT;
-        }
+
      }#FIN OUTPUT
 
     chain FORWARD {