Compare commits
2 Commits
v0.0.5w-ml
...
v0.0.5y-jl
| Author | SHA1 | Date | |
|---|---|---|---|
| 75126890b3 | |||
| 851543db0a |
@ -4,7 +4,7 @@
|
|||||||
|
|
||||||
@def $DEV_PRIVATE = enp0s8;
|
@def $DEV_PRIVATE = enp0s8;
|
||||||
@def $DEV_WORLD = enp0s9;
|
@def $DEV_WORLD = enp0s9;
|
||||||
|
@def $DEV_VPN= wg0;
|
||||||
@def $NET_PRIVATE = 172.16.0.0/24;
|
@def $NET_PRIVATE = 172.16.0.0/24;
|
||||||
|
|
||||||
table filter {
|
table filter {
|
||||||
@ -35,6 +35,13 @@ table filter {
|
|||||||
proto (udp tcp) dport domain ACCEPT;
|
proto (udp tcp) dport domain ACCEPT;
|
||||||
proto udp dport bootps ACCEPT;
|
proto udp dport bootps ACCEPT;
|
||||||
}
|
}
|
||||||
|
interface $DEV_VPN{
|
||||||
|
# respond to ping
|
||||||
|
proto icmp icmp-type echo-request ACCEPT;
|
||||||
|
# disallow ssh
|
||||||
|
saddr proto tcp dport ssh DROP;
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
# interface réseau
|
# interface réseau
|
||||||
interface $DEV_WORLD {
|
interface $DEV_WORLD {
|
||||||
@ -45,8 +52,14 @@ table filter {
|
|||||||
}#FIN INPUT
|
}#FIN INPUT
|
||||||
|
|
||||||
# outgoing connections are not limited
|
# outgoing connections are not limited
|
||||||
chain OUTPUT policy ACCEPT;
|
chain OUTPUT {policy ACCEPT;
|
||||||
|
interface $DEV_VPN{
|
||||||
|
# allow ssh
|
||||||
|
daddr proto tcp dport ssh ACCEPT;
|
||||||
|
# respond to ping
|
||||||
|
proto icmp icmp-type echo-request ACCEPT;
|
||||||
|
}
|
||||||
|
}#FIN OUTPUT
|
||||||
chain FORWARD {
|
chain FORWARD {
|
||||||
policy ACCEPT;
|
policy ACCEPT;
|
||||||
|
|
||||||
|
|||||||
@ -4,7 +4,7 @@
|
|||||||
|
|
||||||
@def $DEV_PRIVATE = enp0s9;
|
@def $DEV_PRIVATE = enp0s9;
|
||||||
@def $DEV_WORLD = enp0s8;
|
@def $DEV_WORLD = enp0s8;
|
||||||
|
@def $DEV_VPN= wg0;
|
||||||
@def $NET_PRIVATE = 172.16.0.0/24;
|
@def $NET_PRIVATE = 172.16.0.0/24;
|
||||||
|
|
||||||
table filter {
|
table filter {
|
||||||
@ -34,7 +34,12 @@ table filter {
|
|||||||
proto (udp tcp) dport domain ACCEPT;
|
proto (udp tcp) dport domain ACCEPT;
|
||||||
proto udp dport bootps ACCEPT;
|
proto udp dport bootps ACCEPT;
|
||||||
}
|
}
|
||||||
|
interface $DEV_VPN{
|
||||||
|
# respond to ping
|
||||||
|
proto icmp icmp-type echo-request ACCEPT;
|
||||||
|
# disallow ssh
|
||||||
|
saddr proto tcp dport ssh ACCEPT;
|
||||||
|
}
|
||||||
# interface réseau
|
# interface réseau
|
||||||
interface $DEV_WORLD {
|
interface $DEV_WORLD {
|
||||||
|
|
||||||
@ -44,8 +49,14 @@ table filter {
|
|||||||
}#FIN INPUT
|
}#FIN INPUT
|
||||||
|
|
||||||
# outgoing connections are not limited
|
# outgoing connections are not limited
|
||||||
chain OUTPUT policy ACCEPT;
|
chain OUTPUT {policy ACCEPT;
|
||||||
|
interface $DEV_VPN{
|
||||||
|
# allow ssh
|
||||||
|
daddr proto tcp dport ssh DROP;
|
||||||
|
# respond to ping
|
||||||
|
proto icmp icmp-type echo-request ACCEPT;
|
||||||
|
}
|
||||||
|
}
|
||||||
chain FORWARD {
|
chain FORWARD {
|
||||||
policy ACCEPT;
|
policy ACCEPT;
|
||||||
|
|
||||||
|
|||||||
Reference in New Issue
Block a user