efddb08c77
nouveau fichier : bts_annee_2/cyber2/wordpress-lamp/compte-rendu-2024-09-30 nouveau fichier : bts_annee_2/cyber2/wordpress-lamp/compterendudistant.sh nouveau fichier : bts_annee_2/cyber2/wordpress-lamp/ferm.conf nouveau fichier : bts_annee_2/cyber2/wordpress-lamp/goss.yaml renommé : bts_annee_2/sisr2/seance_03/README.md -> bts_annee_2/sisr2/heartbeat_repa_charge/README.md renommé : bts_annee_2/sisr2/seance_03/hb1/inst-hb1.sh -> bts_annee_2/sisr2/heartbeat_repa_charge/hb1/inst-hb1.sh renommé : bts_annee_2/sisr2/seance_03/hb2/inst-hb2.sh -> bts_annee_2/sisr2/heartbeat_repa_charge/hb2/inst-hb2.sh renommé : bts_annee_2/sisr2/seance_03/vagrant/Vagrantfile_bookworm -> bts_annee_2/sisr2/heartbeat_repa_charge/vagrant/Vagrantfile_bookworm renommé : bts_annee_2/sisr2/seance_03/vagrant/Vagrantfile_rsync -> bts_annee_2/sisr2/heartbeat_repa_charge/vagrant/Vagrantfile_rsync renommé : bts_annee_2/sisr2/seance_04/README.md -> bts_annee_2/sisr2/lvs_haproxy/README.md renommé : bts_annee_2/sisr2/seance_04/lvs/haproxy.cfg -> bts_annee_2/sisr2/lvs_haproxy/lvs/haproxy.cfg renommé : bts_annee_2/sisr2/seance_04/lvs/ipvs.sh -> bts_annee_2/sisr2/lvs_haproxy/lvs/ipvs.sh
44 lines
1000 B
Bash
44 lines
1000 B
Bash
# -*- shell-script -*-
|
|
#
|
|
# Configuration file for ferm(1).
|
|
#
|
|
domain (ip) {
|
|
table filter {
|
|
chain INPUT {
|
|
policy DROP;
|
|
|
|
# connection tracking
|
|
mod state state INVALID DROP;
|
|
mod state state (ESTABLISHED RELATED) ACCEPT;
|
|
|
|
# allow local packet
|
|
interface lo ACCEPT;
|
|
|
|
# respond to ping
|
|
proto icmp ACCEPT;
|
|
|
|
# allow SSH connections
|
|
proto tcp dport ssh ACCEPT;
|
|
|
|
# autorise les connexions HTTP et HTTPS
|
|
proto tcp dport (http https) ACCEPT;
|
|
}
|
|
chain OUTPUT {
|
|
policy ACCEPT;
|
|
|
|
# connection tracking
|
|
#mod state state INVALID DROP;
|
|
mod state state (ESTABLISHED RELATED) ACCEPT;
|
|
}
|
|
chain FORWARD {
|
|
policy DROP;
|
|
|
|
# connection tracking
|
|
mod state state INVALID DROP;
|
|
mod state state (ESTABLISHED RELATED) ACCEPT;
|
|
}
|
|
}
|
|
}
|
|
|
|
@include ferm.d/;
|