guillaume.emorine/siotp
Archived
2
1
Fork 1
Code Pull Requests Actions Packages Projects Releases 5 Activity

Modifié : sisr1/tp07/files_firewall/current_ruleset_partie_3.nft

Browse Source
This commit is contained in:
Guillaume Emorine
2024-04-04 11:00:59 +02:00
parent c1bf2198d4
commit eab740c071
1 changed files with 3 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
sisr1/tp07/files_firewall/current_ruleset_partie_3.nft
View File

@@ -1,6 +1,7 @@
define netif = enp0s3 define netif = enp0s3
define dmzif = enp0s8 define dmzif = enp0s8
define lanif = enp0s9 define lanif = enp0s9
define firewall = 192.168.0.120 define firewall = 192.168.0.120
define ipdmz = 172.16.0.254 define ipdmz = 172.16.0.254
define iplan = 10.0.0.254 define iplan = 10.0.0.254
@@ -9,8 +10,8 @@ table ip ipfilter{
chain prerouting { chain prerouting {
type filter hook prerouting priority filter; policy drop; type filter hook prerouting priority filter; policy drop;
icmp type echo-reply accept icmp type echo-reply accept
icmp type echo-request iif {$lanif} oif {$dmzif} accept icmp type echo-request iif {$lanif} ip daddr 172.16.0.1-172.16.0.254 accept
icmp type echo-request iif {$lanif} ip daddr {$iplan} icmp type echo-request iif {$lanif} ip daddr {$iplan} accept
tcp dport 22 accept tcp dport 22 accept
} }
chain system_in { chain system_in {