renommé : TP04/Scripts/.bash_history -> sio1/TP04/Scripts/.bash_history

renommé : TP04/Scripts/.bashrc -> sio1/TP04/Scripts/.bashrc renommé : TP04/Scripts/.lesshst -> sio1/TP04/Scripts/.lesshst renommé : TP04/Scripts/.profile -> sio1/TP04/Scripts/.profile renommé : TP04/Scripts/.ssh/id_rsa -> sio1/TP04/Scripts/.ssh/id_rsa renommé : TP04/Scripts/.ssh/id_rsa.pub -> sio1/TP04/Scripts/.ssh/id_rsa.pub renommé : TP04/Scripts/.ssh/known_hosts -> sio1/TP04/Scripts/.ssh/known_hosts renommé : TP04/Scripts/.ssh/known_hosts.old -> sio1/TP04/Scripts/.ssh/known_hosts.old renommé : TP04/Scripts/LeScript.sh -> sio1/TP04/Scripts/LeScript.sh renommé : TP04/Scripts/Users.csv -> sio1/TP04/Scripts/Users.csv renommé : TP04/Scripts/createLogins.sh -> sio1/TP04/Scripts/createLogins.sh renommé : TP04/Scripts/createUsers.sh -> sio1/TP04/Scripts/createUsers.sh renommé : TP04/Scripts/logins.csv -> sio1/TP04/Scripts/logins.csv renommé : TP04/Scripts/testlogin.csv -> sio1/TP04/Scripts/testlogin.csv renommé : siotp/sisr1/TP7/scriptsnft/current_ruleset.nft -> sio1/siotp/sisr1/TP7/scriptsnft/current_ruleset.nft renommé : siotp/sisr1/TP7/scriptsnft/fw_part1.nft -> sio1/siotp/sisr1/TP7/scriptsnft/fw_part1.nft renommé : siotp/sisr1/TP7/scriptsnft/fw_part2.nft -> sio1/siotp/sisr1/TP7/scriptsnft/fw_part2.nft renommé : siotp/sisr1/TP7/scriptsnft/fw_part3.nft -> sio1/siotp/sisr1/TP7/scriptsnft/fw_part3.nft renommé : siotp/sisr1/TP7/scriptsnft/fw_part4.nft -> sio1/siotp/sisr1/TP7/scriptsnft/fw_part4.nft renommé : siotp/sisr1/TP7/scriptsnft/fw_part5.nft -> sio1/siotp/sisr1/TP7/scriptsnft/fw_part5.nft renommé : siotp/sisr1/TP7/scriptsnft/fw_part6.nft -> sio1/siotp/sisr1/TP7/scriptsnft/fw_part6.nft renommé : siotp/sisr1/TP7/scriptsnft/fw_part7.nft -> sio1/siotp/sisr1/TP7/scriptsnft/fw_part7.nft renommé : siotp/sisr1/TP7/scriptsnft/old-current_ruleset.nft -> sio1/siotp/sisr1/TP7/scriptsnft/old-current_ruleset.nft renommé : siotp/sisr1/TP7/scriptsnft/refresh_firewall.sh -> sio1/siotp/sisr1/TP7/scriptsnft/refresh_firewall.sh renommé : siotp/sisr1/tp01-02/srv-dhcp/dhcpd.conf -> sio1/siotp/sisr1/tp01-02/srv-dhcp/dhcpd.conf renommé : siotp/sisr1/tp01-02/srv-dhcp/hosts -> sio1/siotp/sisr1/tp01-02/srv-dhcp/hosts renommé : siotp/sisr1/tp01-02/srv-dhcp/interfaces -> sio1/siotp/sisr1/tp01-02/srv-dhcp/interfaces renommé : siotp/sisr1/tp01-02/srv-dhcp/isc-dhcp-server -> sio1/siotp/sisr1/tp01-02/srv-dhcp/isc-dhcp-server renommé : siotp/sisr1/tp01-02/srv-dhcp/nat.sh -> sio1/siotp/sisr1/tp01-02/srv-dhcp/nat.sh renommé : siotp/sisr1/tp01-02/srv-dns1/db.sio1lab.lan -> sio1/siotp/sisr1/tp01-02/srv-dns1/db.sio1lab.lan renommé : siotp/sisr1/tp01-02/srv-dns1/db.sio1lab.lan.rev -> sio1/siotp/sisr1/tp01-02/srv-dns1/db.sio1lab.lan.rev renommé : siotp/sisr1/tp01-02/srv-dns1/named.conf -> sio1/siotp/sisr1/tp01-02/srv-dns1/named.conf renommé : siotp/sisr1/tp01-02/srv-dns1/named.conf.local -> sio1/siotp/sisr1/tp01-02/srv-dns1/named.conf.local renommé : siotp/sisr1/tp01-02/srv-dns1/named.conf.options -> sio1/siotp/sisr1/tp01-02/srv-dns1/named.conf.options renommé : siotp/sisr1/tp01-02/srv-dns2/db.sio1lab.lan -> sio1/siotp/sisr1/tp01-02/srv-dns2/db.sio1lab.lan renommé : siotp/sisr1/tp01-02/srv-dns2/db.sio1lab.lan.rev -> sio1/siotp/sisr1/tp01-02/srv-dns2/db.sio1lab.lan.rev renommé : siotp/sisr1/tp01-02/srv-dns2/named.conf.default-zones -> sio1/siotp/sisr1/tp01-02/srv-dns2/named.conf.default-zones renommé : siotp/sisr1/tp01-02/srv-dns2/named.conf.local -> sio1/siotp/sisr1/tp01-02/srv-dns2/named.conf.local renommé : siotp/sisr1/tp01-02/srv-dns2/named.conf.options -> sio1/siotp/sisr1/tp01-02/srv-dns2/named.conf.options renommé : siotp/sisr1/tp03/srv-admin/interfaces -> sio1/siotp/sisr1/tp03/srv-admin/interfaces renommé : siotp/sisr1/tp03/srv-admin/nat.sh -> sio1/siotp/sisr1/tp03/srv-admin/nat.sh renommé : siotp/sisr1/tp03/srv-dns2/bind/db.monlabo.lan -> sio1/siotp/sisr1/tp03/srv-dns2/bind/db.monlabo.lan renommé : siotp/sisr1/tp03/srv-dns2/bind/db.monlabo.lan.rev -> sio1/siotp/sisr1/tp03/srv-dns2/bind/db.monlabo.lan.rev renommé : siotp/sisr1/tp03/srv-dns2/bind/named.conf.local -> sio1/siotp/sisr1/tp03/srv-dns2/bind/named.conf.local renommé : siotp/sisr1/tp03/srv-dns2/bind/named.conf.options -> sio1/siotp/sisr1/tp03/srv-dns2/bind/named.conf.options renommé : siotp/sisr1/tp03/srv-service/bind/db.monlabo.lan -> sio1/siotp/sisr1/tp03/srv-service/bind/db.monlabo.lan renommé : siotp/sisr1/tp03/srv-service/bind/db.monlabo.lan.rev -> sio1/siotp/sisr1/tp03/srv-service/bind/db.monlabo.lan.rev renommé : siotp/sisr1/tp03/srv-service/bind/named.conf.local -> sio1/siotp/sisr1/tp03/srv-service/bind/named.conf.local renommé : siotp/sisr1/tp03/srv-service/bind/named.conf.options -> sio1/siotp/sisr1/tp03/srv-service/bind/named.conf.options renommé : siotp/sisr1/tp03/srv-service/dhcp/dhcpd.conf -> sio1/siotp/sisr1/tp03/srv-service/dhcp/dhcpd.conf renommé : siotp/sisr1/tp4/Users.csv -> sio1/siotp/sisr1/tp4/Users.csv renommé : siotp/sisr1/tp4/createLogins.sh -> sio1/siotp/sisr1/tp4/createLogins.sh renommé : siotp/sisr1/tp4/logins.csv -> sio1/siotp/sisr1/tp4/logins.csv renommé : squid/conf.d/debian.conf -> sio1/squid/conf.d/debian.conf renommé : squid/errorpage.css -> sio1/squid/errorpage.css renommé : squid/passwords -> sio1/squid/passwords renommé : squid/squid.conf -> sio1/squid/squid.conf renommé : squid/squid.conf.old -> sio1/squid/squid.conf.old renommé : squid/users -> sio1/squid/users
2024-09-09 17:49:54 +02:00
parent ee2d9a9ef2
commit 3009bf1f9b
59 changed files with 0 additions and 0 deletions
--- a/sio1/TP04/Scripts/.bash_history
+++ b/sio1/TP04/Scripts/.bash_history
@@ -0,0 +1,319 @@
+sudo apt-get install sudo mc tcpdump
+ apt-get install sudo mc tcpdump
+sudo cd 
+host dns
+exit
+nano /etc/ssh/sshd_config
+ip a
+systemctl restart ssh
+nano /etc/ssh/sshd_config
+ip r
+nano /etc/network/interfaces
+ssh-keygen
+ip a*
+ip a
+host dns
+host google.com
+host dns
+cat /etc/resolv.conf 
+dhclient
+cat /etc/resolv.conf 
+dhclient
+reboot
+ip a
+cat /etc/resolv.conf 
+host dns
+ping 172.16.0.1
+host srv-service
+nano /etc/resolv.conf 
+host srv-service
+host google.com
+host 172.16.0.254
+host 172.16.0.254
+logout
+ip a
+ifdown enp0s3
+ifup enp0s3
+ip a
+nano /etc/resolv.conf 
+host google.com
+ip a
+nano /etc/network/interfaces
+nano /etc/network/interfaces
+nano /etc/network/interfaces
+i^p a
+ip a
+touch createLogins.sh
+bash createLogins.sh 
+nano createLogins.sh 
+nano createLogins.sh 
+nano createLogins.sh 
+bash createLogins.sh 
+nano createLogins.sh 
+bash createLogins.sh 
+nano createLogins.sh 
+bash createLogins.sh 
+nano createLogins.sh 
+bash createLogins.sh 
+nano createLogins.sh 
+bash createLogins.sh 
+nano createLogins.sh 
+nano createLogins.sh 
+bash createLogins.sh 
+nano createLogins.sh 
+bash createLogins.sh 
+nano createLogins.sh 
+bash createLogins.sh 
+nano createLogins.sh 
+nano createLogins.sh 
+bash createLogins.sh 
+nano createLogins.sh 
+bash createLogins.sh 
+nano createLogins.sh 
+nano createLogins.sh 
+nano createLogins.sh 
+nano createLogins.sh 
+nano createLogins.sh 
+bash createLogins.sh 
+nano createLogins.sh 
+bash createLogins.sh 
+nano createLogins.sh 
+bash createLogins.sh 
+nano createLogins.sh 
+bash createLogins.sh 
+ls
+cat logins.csv 
+bash createLogins.sh 
+cat logins.csv 
+nano createLogins.sh 
+nano createLogins.sh 
+bash createLogins.sh 
+nano createLogins.sh 
+bash createLogins.sh 
+nano createLogins.sh 
+bash createLogins.sh 
+nano createLogins.sh 
+bash createLogins.sh 
+bash createLogins.sh
+nano createLogins.sh 
+ip a
+bash createLogins.sh
+ls
+ls
+ls -r
+ls -l
+ls -f
+bash createLogins.sh
+nano createLogins.sh 
+bash createLogins.sh
+ls /home/sio/
+ls
+ls -f
+ip a
+ls
+nano createLogins.sh 
+bash createLogins.sh 
+nano createLogins.sh 
+bash createLogins.sh 
+nano createLogins.sh 
+ls
+ls- l
+ls- r
+ls -l
+ls
+clear
+nano createLogins.sh 
+scp ~/Téléchargements/Users.csv root@192.168.0.30
+scp /Téléchargements/Users.csv root@192.168.0.30
+scp ~/Téléchargements/Users.csv root@192.168.0.30:etc/
+ls
+ls /etc/
+cp /etc/Users.csv ./
+ls
+bash createLogins.sh 
+nano createLogins.sh 
+bash createLogins.sh 
+nano createLogins.sh 
+ls
+cat logins.csv 
+nano createLogins.sh 
+touch createUsers.sh
+nano createUsers.sh 
+nano createLogins.sh 
+nano createUsers.sh 
+cat logins.csv 
+clear
+nano createUsers.sh 
+touch testlogin.csv
+nano testlogin.csv 
+nano logins.csv 
+nano testlogin.csv 
+nano logins.csv 
+nano testlogin.csv 
+nano logins.csv 
+nano testlogin.csv 
+nano createUsers.sh 
+nano /etc/group
+nano createUsers.sh 
+getent group
+nano createUsers.sh 
+bash createUsers.sh 
+nano createUsers.sh 
+nano testlogin.csv 
+nano createUsers.sh 
+bash createUsers.sh tcpdump
+nano createUsers.sh 
+nano createUsers.sh 
+bash createUsers.sh 1ertest
+nano createUsers.sh 
+bash createUsers.sh tcpdump
+nano createUsers.sh 
+man grep
+nano createUsers.sh 
+bash createUsers.sh tcpdump
+nano createUsers.sh 
+bash createUsers.sh tcpdump
+nano createUsers.sh 
+bash createUsers.sh tcpdump
+nano createUsers.sh 
+bash createUsers.sh tcpdump
+bash createUsers.sh gre1
+bash createUsers.sh gre1
+nano createUsers.sh 
+bash createLogins.sh 
+nano createLogins.sh 
+nano createUsers.sh
+ls
+nano createUsers.sh 
+nano createUsers.sh b
+nano createUsers.sh 
+nano createUsers.sh 
+bash createUsers.sh 
+bash createUsers.sh
+bash createUsers.sh 
+bash createUsers.sh
+bash createUsers.sh
+bash createUsers.sh
+bash createUsers.sh
+nano /etc/group
+nano testlogin.csv 
+cat temptp4.txt 
+cat temptp4.txt 
+cat temptp4.txt 
+cat temptp4.txt 
+nano createUsers.sh 
+nano createUsers.sh 
+nano createUsers.sh 
+nano /etc/group
+nano createUsers.sh 
+nano createUsers.sh 
+nano createUsers.sh 
+nano createUsers.sh 
+nano createUsers.sh 
+nano createUsers.sh 
+bash createUsers.sh 
+nano createUsers.sh 
+nano createUsers.sh 
+nano createUsers.sh 
+nano createUsers.sh 
+bash createUsers.sh 
+bash createUsers.sh
+nano createUsers.sh 
+bash createUsers.sh
+nano createUsers.sh 
+bash createUsers.sh
+getent Users
+cd /etc
+ls
+cat passwd
+cat /users
+cat /group
+cat group
+man usermod
+useradd anthonycon --gropups
+useradd anthonycon --groups
+useradd anthonycon --groups
+useradd anthonycon --groups
+useradd anthonycon --groups
+useradd anthonycon --groups
+useradd anthonycon --groups sio
+cat group
+cd
+nano createUsers.sh 
+nano createUsers.sh 
+nano createUsers.sh 
+nano createUsers.sh 
+bash createUsers.sh 
+nano createUsers.sh 
+nano createUsers.sh 
+bash createUsers.sh 
+nano createUsers.sh 
+bash createUsers.sh 
+bash createUsers.sh
+nano testlogin.csv 
+bash createUsers.sh
+nano testlogin.csv 
+nano createUsers.sh 
+bash createUsers.sh
+ls /home
+ls -l
+ls -l /home
+nano createUsers.sh 
+nano createUsers.sh 
+bash createUsers.sh
+bash createUsers.sh
+nano createUsers.sh 
+ip a
+nano create
+nano createUsers.sh 
+nano logins.csv 
+nano testlogin.csv 
+nano createUsers.sh 
+bash createUsers.sh 
+logout
+nano createUsers.sh
+logout
+ls -l /home
+nano createUsers.sh
+touch LeScript
+mv LeScript LeScript.sh
+nano LeScript.sh 
+nano LeScript.sh 
+nano LeScript.sh 
+bash LeScript.sh 
+nano LeScript.sh 
+nano createUsers.sh
+nano LeScript.sh 
+nano LeScript.sh 
+bash LeScript.sh 
+nano LeScript.sh 
+bash LeScript.sh 
+nano LeScript.sh 
+nano createUsers.sh 
+nano LeScript.sh 
+ls
+logout
+ip a
+nano LeScript.sh 
+ls
+nano LeScript.sh 
+nano LeScript.sh 
+nano createUsers.sh 
+man groupa
+nano LeScript.sh 
+nano LeScript.sh 
+ls
+nano LeScript.sh 
+nano LeScript.sh 
+bash LeScript.sh 
+nano LeScript.sh 
+bash LeScript.sh 
+ls
+nano LeScript.sh 
+bash LeScript.sh 
+nano LeScript.sh 
+bash LeScript.sh 
+bash createLogins.sh 
+nano createLogins.sh 
+
+nano LeScript.sh 
--- a/sio1/TP04/Scripts/.bashrc
+++ b/sio1/TP04/Scripts/.bashrc
@@ -0,0 +1,18 @@
+# ~/.bashrc: executed by bash(1) for non-login shells.
+
+# Note: PS1 and umask are already set in /etc/profile. You should not
+# need this unless you want different defaults for root.
+# PS1='${debian_chroot:+($debian_chroot)}\h:\w\$ '
+# umask 022
+
+# You may uncomment the following lines if you want `ls' to be colorized:
+# export LS_OPTIONS='--color=auto'
+# eval "$(dircolors)"
+# alias ls='ls $LS_OPTIONS'
+# alias ll='ls $LS_OPTIONS -l'
+# alias l='ls $LS_OPTIONS -lA'
+#
+# Some more alias to avoid making mistakes:
+# alias rm='rm -i'
+# alias cp='cp -i'
+# alias mv='mv -i'
--- a/sio1/TP04/Scripts/.lesshst
+++ b/sio1/TP04/Scripts/.lesshst
@@ -0,0 +1 @@
+.less-history-file:
--- a/sio1/TP04/Scripts/.profile
+++ b/sio1/TP04/Scripts/.profile
@@ -0,0 +1,9 @@
+# ~/.profile: executed by Bourne-compatible login shells.
+
+if [ "$BASH" ]; then
+  if [ -f ~/.bashrc ]; then
+    . ~/.bashrc
+  fi
+fi
+
+mesg n 2> /dev/null || true
--- a/sio1/TP04/Scripts/.ssh/id_rsa
+++ b/sio1/TP04/Scripts/.ssh/id_rsa
@@ -0,0 +1,39 @@
+-----BEGIN OPENSSH PRIVATE KEY-----
+b3BlbnNzaC1rZXktdjEAAAAACmFlczI1Ni1jdHIAAAAGYmNyeXB0AAAAGAAAABDN5LV/DY
+sSGO0EoTx088Q3AAAAEAAAAAEAAAGXAAAAB3NzaC1yc2EAAAADAQABAAABgQC0imYJ5Oqm
+SXlpzBSKm8dSF+vgWAdn8FIdzCO+wT2Vb+dSUaUwXm3KTbW+a/S9KGz6Vjd63pHZfkydS1
+EPGnp1U/jOdDuNXAOT/7TCoGcrDyEdAMUmxFA/cUMEDvpgpoEicsJZy03BCTcG1jCa5q7a
+MXpKDmSJoOg6DcS1emsYmli74x4PANOcN19cn69QHviLCxIFI+sanQUSXZwYRsYYcczRh0
+AAo3iIMzVDDZJ979wnpojdDRLtChxrnmGNSeIiHf0HZSft95cwjH8+YmyPuBg5k+olndYe
+QX9qAQDmP24yHOXBcxyRdvCN9o4o3Lg6XpzUV/1uU5eXegZc7fLKVPlnj7vGCp/8PzUMXY
+7VvVxF9ZRtzL8xBkCV5EaoDC7lESdSPKWrRyo8hMYfY/gb5dfJ8LGl9MxrV7B6Y36r+Gy7
+NgiiRQQbO6734wd/8ebrRP+1y8026NdFzIyL3R5j0Bj5jf8IZVL45UUPdmtd9SsZjgvkaz
+VUNZSPwbtgjzcAAAWQAjzsmxhg2n6J0V07BjFASeXnnhIDrdjegWrQhkkcyiTYktAg1CYC
+vpsDx2B8MoEBRBa3+nhDZr6FC5QO/PMi6FlskC+Gkrzn48qfozYQzPQkFZ7kFxugXkJVHe
+3VcQV829/7zusdyu/dSh1qLGv8FEdfIhUushP/6vEGLCAN+LM/qtStXtqzm2hvEviSPkMz
+gusyG5uWkFuCNE1JqwA4RvWZRFh0Y4kJXgfp43/8tR0SpAxoYZcE3EEw228lZoF/p2NOGs
+RcaQ7rffmlgPSvPpJpOvldVk7AfMeUb2hZRWL4WlLNa2h5KGgduql43BFTXWOr4J0HQnh5
+IXdM+vLDk1f3PkcSHM9DjiUbsTNYLrflf9ABEJDbv3dgf1yrXdOwwCxfeo8PqoL5pAg8qc
+iIH6Jaby7AEX07tAHHx/BlY3gBibbJtPZK8bOehbWE33sPtR5fPtTG6CU9PDZXzbx8iJxa
+I7kbrByMv5zz5pO/qVtTPfdJswMrUz38nE6/y38nHKSZesMpQ3WXip+T60g3V+OEjIO1lR
+H1B15waXTKsyBct+9DbdnnDKVUlYYB6BWgee3eilEO1xi5M8dM9hWfO/I/36smuzUBq9ff
+PFIFYsxH44vNNRwxnNjWnl9vvhCJKevr6nB0vdWAe18varCaQdA6cGQssAI2SWtPoRsWV0
+WxsbMs8oBEayUM7WP5zUlvAZgE6/zdzQR4zVl2JIws/kepNTeGq+UtGaRPqEsBcKSRIfnu
+jUr3g52eFx+HQasWZMyHubYeCB0+iVyggGUSRStQlAs5rvXVGcWH4Xx3xIrYqgDbuvlaGp
+py/jORJUvYOnNfNbmZ4BCrXtx4NhBKmUu1yqbn2abG40kcFJjVpL2fiOUdu10j1dT4BF7N
+kz+MT9laEMKxDgP1ZYzElqMREt1fCz3GFRE0qs0X7g8vxnk9EA3QKOTVsBvcehaEbXMoBd
+agHkZzexcwQjJXV0KtNj+HvjBMw2vCjoRSOElxzMrRflx/kjbKTTaeC15mUf5R7nbUJpSQ
+CTqjg/3fwKU/rr9nU3wXQe/505SFLbn0UEpJZWmapbogCVKnEJibT+uVjvTCXYW3+aZ866
+WLDReJj9IAjxiB97zpDz87GfR8rgnbZcnqpgAik6/5qAr8bCQAYmcDp+cMTjT82QIKAetZ
+G1g8dGghnC/7m73BCAxZqgtMDkqJrO6kgkuq4/ssuPdRAXZgSDVfJFrYWaNN1IFZaXAvlN
+8tdDqwkWpbhJNhmm63B94wwg0F1QMrEb/2fUOCtJaVwzxsAnYvxOBntoYoZzO15tPck75q
+ma+1jWBAPfZBeKKzKmDFGQMvX9Udm0T7/oDKDBWLDXCGq5VLkYqumEO5l7DUjNhBKkLN3/
+7ncXTz6q4KxPdz54svqemRnkpp69agd64bHbDPsIODyswHm22Ah7GxjialbR43TXF0Epmm
+Cz8IHMJQJgEw1RglnMx0lhPR5IPgnkO5MyotM5WUzSB7U8f6TY634jRJ5pax5kMRBPasr1
+v/dwH1aRUHgVtfx6AxegHr/enRf+Q/bIx1J6zpZYp9QqJIUZ7aimV7IRTQ7N617BF08+lT
+lNKvoG1/Xyqs3wBXwA/2uRg5OWqrmye3nQ4oNEmIyJNt+BFy0JEDYm8xOFHt4DbUk1U9xU
+avx4y1amwSx+hSE/jFBZjaosygVLoUI4U9oUV85GZQpwuszmp5m7omCoTMvNWSvbimbCy6
+VYRgUu8f99n8ta5NhFQeRlkJCaIntie0oUv2xMBzsOTmfEyAUwocRZJmyctYMn+uJUchmb
+d7IrzFW7JWvPAiBAfHc4E8kZlcU2m9FanWyibe49yyeQrDxseJhdwr0QIXf4NPG1OAfFCy
+qcSr13KeeidVOB5FyLeFb3r+Tr8=
+-----END OPENSSH PRIVATE KEY-----
--- a/sio1/TP04/Scripts/.ssh/id_rsa.pub
+++ b/sio1/TP04/Scripts/.ssh/id_rsa.pub
@@ -0,0 +1 @@
+ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQC0imYJ5OqmSXlpzBSKm8dSF+vgWAdn8FIdzCO+wT2Vb+dSUaUwXm3KTbW+a/S9KGz6Vjd63pHZfkydS1EPGnp1U/jOdDuNXAOT/7TCoGcrDyEdAMUmxFA/cUMEDvpgpoEicsJZy03BCTcG1jCa5q7aMXpKDmSJoOg6DcS1emsYmli74x4PANOcN19cn69QHviLCxIFI+sanQUSXZwYRsYYcczRh0AAo3iIMzVDDZJ979wnpojdDRLtChxrnmGNSeIiHf0HZSft95cwjH8+YmyPuBg5k+olndYeQX9qAQDmP24yHOXBcxyRdvCN9o4o3Lg6XpzUV/1uU5eXegZc7fLKVPlnj7vGCp/8PzUMXY7VvVxF9ZRtzL8xBkCV5EaoDC7lESdSPKWrRyo8hMYfY/gb5dfJ8LGl9MxrV7B6Y36r+Gy7NgiiRQQbO6734wd/8ebrRP+1y8026NdFzIyL3R5j0Bj5jf8IZVL45UUPdmtd9SsZjgvkazVUNZSPwbtgjzc= root@debtest
--- a/sio1/TP04/Scripts/.ssh/known_hosts
+++ b/sio1/TP04/Scripts/.ssh/known_hosts
@@ -0,0 +1,6 @@
+|1|VlH4rpkRpKXcwc5jujSyukPNPIo=|NodfXAiTzrYqYprzY6nswhXqtkg= ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIFCmDQVUioLfMp2EfFYoZWk08cTzxz57f9wotJNyrEe
+|1|4TzpEIZ54PspUVcKvQhybYxWGlA=|q1Y527vq5eXoA5SCrrGuc0DVavk= ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDcu1MvOXx5nN39xuBCyEasaAyAZS/URtbkdLD2+XD8ngwv4J++4A9yAbPzbh0uE+Lp9KygedIR6hJksLl6b2EfUUmtCDIswdiadSkh6QqM05f5mfV+MjB9+4HWXonjebrMtYFeEOLpgqG+YtRFs6cVzXiUMQ2q3jbE+I+ivxRfzdiFGaMZ5PFnDRKHSqg0HmBCyQ3ytWlBuYZj4/k2o7mjitZz2Eqq1Jhie/y2aqTPX9CfEPWy06QcCImOurkQWkvHiLiDZqU+5guj3u3ne5p2nZu3qjZoROBwxzkeuGbI5zTjIDcqA9jqNG4QzWqKxkKohqWUXjcJus2kxDk2R1UceElBQ/qmZWiMkEj5N6S3UJ7s278VRx42riAo8oTfojQwHNkcArQ0qeo9bnQXgqzuu0HrmDzEz47juQrUnLf5W4a6y75+knOsZVwI5Z1OGhdsvBzDNRgZ5Jz4Li3yZQgfRTODgZecLZt2Mw1WyTW+Et99I4+NI21yq0XdYYIus7c=
+|1|PPdVJ6gCrKfevKGNtBMzmQpHMmw=|CMNFJ7HJsDqTt1EdTpIw0IW/UGA= ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBDMsEaO28xNEWNh4zHy1BN3ZEbwsa1VysH+agH79NmTdWqm67BR6R6+Rqc5oWJaNFKDpJROU/6ncOoVM3Qk7MGU=
+|1|bcNjCJb/OpmfhuYIa9YCIFtN/P4=|DVHRinAYdbdDUIdDuRLFbmFvrwA= ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIObY4qQyaHJA5+Cvml7YgJvxe/w+A49n0BTnedm7YQ95
+|1|wByOqPeztDpwdk9iS2rBa8RlzQ4=|wi4qS71HNRkCWfSVnBl3NWF4GBs= ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCkLJJW8/CVfG2dGOJ6eEPvhizumun+bdOYVkons7YXW3ixwhunzb4G12clElTeTBFauv3wss3XOJqWnz4hb4f+UoHnhqTje2TryrldWATb1b2EuOUXi4/9wudrf+HZ90knc5zzp2c46yzqTil/rPW5npT+DfWeO6B1wS2jGGcwt67+aQ8gIyi/KdngscjNzg118usnpAh9cjh7eLovJ+wVNVMypKQw23PQKTfeXPsuhpfZtOmEg88sy1xbB44EzUygVGOeH+MLUATVHQzxNqU+oiEyn38TWi7czE97oDyMj1Kcso7Qm/1iFyYWFBiklmXgciqkAiQVImWID9vKecFWwbLoNjDr/OYnYQhUQgVyu1WkXxm753+y29oPqE6rcgwpglIgV6qDPNwkCBuGFIByRMwEuIRCPm6nn0kLj27jzr2s25OLK0BGtreGlJwpG5pP4/lNmCcaN0mqAIuPs8g3kTl3wYIQH4fKTrISi9CdTFRq34ftjEG/BlHBeEsKQS0=
+|1|US0isKOaYLfNV4urjajTCxhsTGM=|JG5zbJTADQ+FG+SpDgaxlk4dpbA= ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBKIehIUy61f8lSczNdHFQ92bVZpiGwB3FrOrD2tm5PLi6SWxlA6IiTlRZK1sjxvVV6fJqWlryC0iplvggJE+qoc=
--- a/sio1/TP04/Scripts/.ssh/known_hosts.old
+++ b/sio1/TP04/Scripts/.ssh/known_hosts.old
@@ -0,0 +1,4 @@
+|1|VlH4rpkRpKXcwc5jujSyukPNPIo=|NodfXAiTzrYqYprzY6nswhXqtkg= ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIFCmDQVUioLfMp2EfFYoZWk08cTzxz57f9wotJNyrEe
+|1|4TzpEIZ54PspUVcKvQhybYxWGlA=|q1Y527vq5eXoA5SCrrGuc0DVavk= ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDcu1MvOXx5nN39xuBCyEasaAyAZS/URtbkdLD2+XD8ngwv4J++4A9yAbPzbh0uE+Lp9KygedIR6hJksLl6b2EfUUmtCDIswdiadSkh6QqM05f5mfV+MjB9+4HWXonjebrMtYFeEOLpgqG+YtRFs6cVzXiUMQ2q3jbE+I+ivxRfzdiFGaMZ5PFnDRKHSqg0HmBCyQ3ytWlBuYZj4/k2o7mjitZz2Eqq1Jhie/y2aqTPX9CfEPWy06QcCImOurkQWkvHiLiDZqU+5guj3u3ne5p2nZu3qjZoROBwxzkeuGbI5zTjIDcqA9jqNG4QzWqKxkKohqWUXjcJus2kxDk2R1UceElBQ/qmZWiMkEj5N6S3UJ7s278VRx42riAo8oTfojQwHNkcArQ0qeo9bnQXgqzuu0HrmDzEz47juQrUnLf5W4a6y75+knOsZVwI5Z1OGhdsvBzDNRgZ5Jz4Li3yZQgfRTODgZecLZt2Mw1WyTW+Et99I4+NI21yq0XdYYIus7c=
+|1|PPdVJ6gCrKfevKGNtBMzmQpHMmw=|CMNFJ7HJsDqTt1EdTpIw0IW/UGA= ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBDMsEaO28xNEWNh4zHy1BN3ZEbwsa1VysH+agH79NmTdWqm67BR6R6+Rqc5oWJaNFKDpJROU/6ncOoVM3Qk7MGU=
+|1|bcNjCJb/OpmfhuYIa9YCIFtN/P4=|DVHRinAYdbdDUIdDuRLFbmFvrwA= ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIObY4qQyaHJA5+Cvml7YgJvxe/w+A49n0BTnedm7YQ95
--- a/sio1/TP04/Scripts/LeScript.sh
+++ b/sio1/TP04/Scripts/LeScript.sh
@@ -0,0 +1,8 @@
+#!/bin/bash
+echo "Entrer l'adresse IP !"
+read address
+scp ./createUsers.sh root@$address:/root
+scp ./logins.csv root@$address:/root
+ssh root@$address "bash /root/createUsers.sh"
+ssh root@$address "rm /root/createUsers.sh"
+ssh root@$address "rm /root/logins.csv"
--- a/sio1/TP04/Scripts/Users.csv
+++ b/sio1/TP04/Scripts/Users.csv
@@ -0,0 +1,30 @@
+Ermengarde,Berthelmot,eberthelmot0@webmd.com,Female,Accountant,
+Kassi,Bunker,kbunker1@xinhuanet.com,Female,Production,
+Moises,McCallum,mmccallum2@i2i.jp,Male,Production,
+Patrizio,Lune,plune3@upenn.edu,Male,Accountant,
+Blanch,Everix,beverix4@php.net,Female,Accountant,
+Stafani,Kibbel,skibbel5@marriott.com,Female,Production,
+Ignacius,Mosdell,imosdell6@cloudflare.com,Male,Management,
+Jeana,Waller-Bridge,jwallerbridge7@mapy.cz,Female,Management,
+Elroy,Dressel,edressel8@opera.com,Male,Production,
+Thea,Strettell,tstrettell9@nature.com,Female,Production,
+Solomon,Insoll,sinsolla@utexas.edu,Male,Accountant,
+Carri,Feedome,cfeedomeb@ask.com,Female,Accountant,
+Padraic,Chetwind,pchetwindc@last.fm,Male,Management,
+Solly,D'Ugo,sdugod@uiuc.edu,Male,Production,
+Konstanze,MacCostigan,kmaccostigane@seattletimes.com,Female,Accountant,
+Roxane,Powlesland,rpowleslandf@pcworld.com,Female,Management,
+Orelle,Kennealy,okennealyg@arstechnica.com,Female,Production,
+Sukey,Soitoux,ssoitouxh@shinystat.com,Female,Production,
+Nelli,Syce,nsycei@blogger.com,Female,Production,
+Clarisse,Shillam,cshillamj@dailymotion.com,Female,Production,
+Carin,Gueny,cguenyk@naver.com,Female,Management,
+Donny,Riepel,driepell@addtoany.com,Male,Production,
+Daniella,Ralfe,dralfem@wunderground.com,Female,Production,
+Lexy,Clynmans,lclynmansn@furl.net,Female,Production,
+Gardiner,Adamthwaite,gadamthwaiteo@spotify.com,Male,Production,
+Woodman,Lippett,wlippettp@purevolume.com,Male,Production,
+Nadya,Munnion,nmunnionq@flavors.me,Female,Production,
+Llewellyn,Habershon,lhabershonr@alibaba.com,Male,Production,
+Isaak,Greatrex,igreatrexs@seesaa.net,Male,Production,
+Darill,Frostdyke,dfrostdyket@cafepress.com,Male,Production,
--- a/sio1/TP04/Scripts/createLogins.sh
+++ b/sio1/TP04/Scripts/createLogins.sh
@@ -0,0 +1,17 @@
+#!/bin/bash
+#
+rm ./logins.csv
+while read line
+do
+touch ./temp.txt
+echo $line > ./temp.txt
+prenom=$(cut -d "," -f 1 ./temp.txt)
+nom=$(cut -d "," -f 2 ./temp.txt)
+initial=$(cut -c 1 ./temp.txt)
+id=$(echo $initial$nom | tr [:upper:] [:lower:])
+passwd=$(echo $RANDOM | md5sum | head -c 8)
+
+echo $id","$passwd","$prenom","$nom","$(cut -d "," -f 5 ./temp.txt)"," >> ./logins.csv
+
+rm ./temp.txt
+done < ./Users.csv
--- a/sio1/TP04/Scripts/createUsers.sh
+++ b/sio1/TP04/Scripts/createUsers.sh
@@ -0,0 +1,19 @@
+#!/bin/bash
+while read line
+do
+	touch ./temptp4.txt
+	echo $line > ./temptp4.txt
+	group=$(cut -d "," -f 5 ./temptp4.txt)
+	user=$(cut -d "," -f 1 ./temptp4.txt)
+	mdp=$(cut -d "," -f 2 ./temptp4.txt)
+	if grep -q $group /etc/group ; then
+		echo "ok"
+	else
+		echo "existe pas ; création"
+		groupadd -f $group
+	fi
+	useradd $user --create-home --groups $group --shell /bin/bash
+	echo "$user:$mdp" | chpasswd
+	rm ./temptp4.txt
+done < logins.csv
+
--- a/sio1/TP04/Scripts/logins.csv
+++ b/sio1/TP04/Scripts/logins.csv
@@ -0,0 +1,30 @@
+eberthelmot,26531516,Ermengarde,Berthelmot,Accountant,
+kbunker,900e4e1b,Kassi,Bunker,Production,
+mmccallum,91aa2192,Moises,McCallum,Production,
+plune,bf26a431,Patrizio,Lune,Accountant,
+beverix,1ecbd424,Blanch,Everix,Accountant,
+skibbel,63e581d2,Stafani,Kibbel,Production,
+imosdell,e247d728,Ignacius,Mosdell,Management,
+jwaller-bridge,ea178a13,Jeana,Waller-Bridge,Management,
+edressel,72001e83,Elroy,Dressel,Production,
+tstrettell,7600fc16,Thea,Strettell,Production,
+sinsoll,01b303e4,Solomon,Insoll,Accountant,
+cfeedome,66e6ab97,Carri,Feedome,Accountant,
+pchetwind,e4200d0c,Padraic,Chetwind,Management,
+sd'ugo,b3e00991,Solly,D'Ugo,Production,
+kmaccostigan,4185bf2f,Konstanze,MacCostigan,Accountant,
+rpowlesland,45e48289,Roxane,Powlesland,Management,
+okennealy,a354f4b4,Orelle,Kennealy,Production,
+ssoitoux,065022fc,Sukey,Soitoux,Production,
+nsyce,440a9fe0,Nelli,Syce,Production,
+cshillam,a60ba40e,Clarisse,Shillam,Production,
+cgueny,cc07a74d,Carin,Gueny,Management,
+driepel,c8e6358d,Donny,Riepel,Production,
+dralfe,94a56564,Daniella,Ralfe,Production,
+lclynmans,5fa49cab,Lexy,Clynmans,Production,
+gadamthwaite,c553a95c,Gardiner,Adamthwaite,Production,
+wlippett,c4d7d26f,Woodman,Lippett,Production,
+nmunnion,ae8d3333,Nadya,Munnion,Production,
+lhabershon,c24f8825,Llewellyn,Habershon,Production,
+igreatrex,516350fa,Isaak,Greatrex,Production,
+dfrostdyke,1e293f6b,Darill,Frostdyke,Production,
--- a/sio1/TP04/Scripts/testlogin.csv
+++ b/sio1/TP04/Scripts/testlogin.csv
@@ -0,0 +1,3 @@
+test1,1,prénom1,nom1,grp1
+test2,2,prénom2,nom2,grp1
+test3,3,prénom3,nom3,grp2
--- a/sio1/siotp/sisr1/TP7/scriptsnft/current_ruleset.nft
+++ b/sio1/siotp/sisr1/TP7/scriptsnft/current_ruleset.nft
@@ -0,0 +1,215 @@
+# Définition des interfaces avec un nom
+define netif = enp0s3
+define dmzif = enp0s8
+define lanif = enp0s9
+
+# Définition de l'IP du serveur web
+define srv = 172.16.0.1
+
+# Définition du réseau LAN
+define lan-ntw = 10.0.0.0/24
+
+# Définition de l'IP du proxy, du DNS, du port du proxy et du réseau DMZ pour ne pas à tout retaper
+define proxy = 10.121.38.1
+define dns = {10.121.38.7 , 10.121.38.8}
+define proxyport = 8080
+define dmznet = 172.16.0.1-172.16.0.254
+
+# Définition des IPs des cartes de la machine firewall
+define firewall = 192.168.0.120
+define ipdmz = 172.16.0.254
+define iplan = 10.0.0.254
+
+table ip ipfilter{
+
+	chain prerouting {
+                type filter hook prerouting priority filter; policy drop;
+
+		#Permet le passage des réponses aux requêtes acceptées
+		ct state established, related accept
+
+		#Accepte les réponses ping
+		icmp type echo-reply accept
+
+		#Accepte les requêtes de ping si elles viennent du LAN, à destination de la DMZ
+		icmp type echo-request iif {$lanif} ip daddr $dmznet accept
+
+		#Même chose que plus haut, mais à destination de l'IP de la carte LAN du firewall
+		icmp type echo-request iif {$lanif} ip daddr {$iplan} accept
+
+                #Autorise les requêtes ayant pour port de destination les ports FTP
+		tcp dport 20 accept
+                tcp dport 21 accept
+
+		#Autorise les requêtes HTTP/HTTPS venant de la LAN
+                tcp dport {80, 443} ip saddr $lan-ntw accept
+		tcp sport {80, 443} ip saddr $lan-ntw accept
+
+		#Autorise le SSH
+		tcp dport 22 accept
+
+		#Autorise les requêtes DNS depuis la DMZ et le LAN
+		udp sport 53 iif {$dmzif, $lanif} accept
+		udp dport 53 accept
+
+		#Autorise les requêtes provenant du proxy avec ports HTTP/HTTPS
+		ip saddr $proxy tcp dport {80, 443} accept
+
+		#Autorise les requêtes qui vont vers le serveur DNS
+		ip daddr $dns accept
+        }
+
+	chain system_in {
+                type filter hook input priority filter; policy drop;
+
+		#Permet le passage des réponses aux requêtes acceptées
+		ct state established, related accept
+
+		#Accepte les réponses ping
+		icmp type echo-reply accept
+
+		#Accepte les requêtes de ping si elles viennent du LAN
+		icmp type echo-request iif {$lanif} accept
+
+		#Autorise les requêtes ayant pour port de destination les ports FTP
+                tcp dport 20 accept
+                tcp dport 21 accept
+
+		#Autorise les requêtes HTTP/HTTPS
+                tcp dport {80, 443} accept
+
+		#Autorise le SSH
+                tcp dport 22 accept
+
+		#Autorise les requêtes DNS
+		udp sport 53 accept
+                udp dport 53 accept
+
+		#Autorise les requêtes provenant du proxy avec ports HTTP/HTTPS
+		ip saddr $proxy tcp dport {80, 443} accept
+        }
+
+ 	chain routing {
+                type filter hook forward priority filter; policy drop;
+
+		#Permet le passage des réponses aux requêtes acceptées
+		ct state established, related accept
+
+		#Accepte les requêtes de ping si elles viennent du LAN, à destination de la DMZ
+        	icmp type echo-request iif {$lanif} oif {$dmzif} accept
+
+		#Même chose que plus haut, mais à destination de l'IP de la carte LAN du firewall
+		icmp type echo-reply iif {$dmzif} oif {$lanif} accept
+
+		#Autorise les requêtes HTTP/HTTPS venant de la LAN
+                tcp dport {80, 443} ip saddr $lan-ntw accept
+		tcp sport {80, 443} ip saddr $lan-ntw accept
+
+		#Autorise le port forwarding pour la DMZ pour HTTP/HTTPS
+		tcp dport {80, 443} ip saddr $srv accept
+
+		#Autorise les requêtes DNS depuis la DMZ et le LAN
+		udp sport 53 iif {$lanif, $dmzif} accept
+		udp dport 53 accept
+
+		#Autorise les requêtes qui vont vers le serveur DNS
+		ip daddr $dns accept
+	}
+
+ 	chain system_out {
+                type filter hook output priority filter; policy drop;
+
+		#Autorise les requêtes qui vont vers le serveur DNS
+                ip daddr $dns accept
+
+		#Autorise les requêtes provenant du proxy, depuis le port 8080
+                ip daddr $proxy tcp dport $proxyport accept
+
+		#Accepte les requêtes de ping si elles viennent du LAN
+		icmp type echo-reply oif {$lanif} accept
+
+		#Accepte les requêtes ping
+		icmp type echo-request accept
+
+		#Autorise les requêtes ayant pour port de destination les ports FTP
+                tcp dport 20 accept
+		tcp sport 20 accept
+                tcp dport 21 accept
+		tcp sport 21 accept
+
+		#Autorise les requêtes provenant des ports HTTP/HTTPS
+                tcp dport {80, 443} accept
+		tcp sport {80, 443} accept
+
+		#Autorise le SSH
+		tcp sport 22 accept
+
+		#Autorise les requêtes DNS
+                udp sport 53 accept
+                udp dport 53 accept
+        }
+
+	chain postrouting {
+                type filter hook postrouting priority filter; policy drop;
+
+		#Permet le passage des réponses aux requêtes acceptées
+		ct state established, related accept
+
+		#Autorise les requêtes qui vont vers le serveur DNS
+		ip daddr $dns accept
+
+		#Autorise les requêtes allant vers le proxy avec le port 8080
+		ip daddr $proxy tcp dport $proxyport accept
+
+		#Autorise les requêtes ping venant des cartes LAN, DMZ et la carte en pont du firewall
+		icmp type echo-request ip saddr {$iplan, $ipdmz, $firewall} accept
+
+		#Autorise les réponses ping si elles viennent de la DMZ à destination du LAN
+		icmp type echo-reply iif {$dmzif}  oif {$lanif} accept
+
+		#Autorise les requêtes ping venant de la LAN à destination de la DMZ
+		icmp type echo-request iif {$lanif} oif {$dmzif} accept
+
+		#Autorise les requêtes ping ayant le LAN pour origine, à destination de la carte LAN du firewall
+		icmp type echo-request ip saddr $iplan oif $lanif accept
+
+		#Autorise les requêtes FTP
+                tcp dport 20 accept
+                tcp sport 20 accept
+                tcp dport 21 accept
+                tcp sport 21 accept
+
+		#Autorise les requêtes ayant pour ports HTTP et HTTPS comme ports de destination et de source
+                tcp dport {80, 443} accept
+		tcp sport {80, 443} accept
+
+		#Autorise le SSH
+		tcp sport 22 accept
+
+		#Autorise les requêtes DNS
+                udp sport 53 accept
+                udp dport 53 accept
+
+		#Autorise les requêtes provenant du DNS
+		ip daddr $dns accept
+	}
+
+	chain pre_nat {
+                type nat hook prerouting priority filter; policy accept;
+
+		#Autorise les requêtes HTTP vers la carte LAN du firewall
+		tcp dport 80 ip daddr $firewall dnat $srv:80
+		#Même chose mais pour HTTPS
+		tcp dport 443 ip daddr $firewall dnat $srv:443
+	}
+
+	chain post_nat {
+                type nat hook postrouting priority filter; policy accept;
+
+		#Autorise la NAT à destination du firewall si la requête vient du LAN et part vers Internet
+		ip saddr $lan-ntw oif $netif snat $firewall
+
+		#Même chose, mais si la requête provient de la DMZ
+		ip saddr $dmznet oif $netif snat $firewall
+	}
+ }
--- a/sio1/siotp/sisr1/TP7/scriptsnft/fw_part1.nft
+++ b/sio1/siotp/sisr1/TP7/scriptsnft/fw_part1.nft
@@ -0,0 +1,18 @@
+define netif = enp0s3
+define dmzif = enp0s8
+define lanif = enp0s9
+
+
+table ip ipfilter {
+	chain routing {
+		type filter hook forward priority filter; policy accept;
+		icmp type echo-request iif { "$netif", "$dmzif" } drop
+		icmp type { echo-reply, echo-request } accept
+		drop
+	}
+
+	chain system_in {
+		type filter hook input priority filter; policy accept;
+		icmp type echo-request iif { "$netif", "$dmzif" } drop
+	}
+}
--- a/sio1/siotp/sisr1/TP7/scriptsnft/fw_part2.nft
+++ b/sio1/siotp/sisr1/TP7/scriptsnft/fw_part2.nft
@@ -0,0 +1,34 @@
+define netif = enp0s3
+define dmzif = enp0s8
+define lanif = enp0s9
+
+
+table ip ipfilter {
+
+	chain prerouting {
+		type filter hook prerouting priority filter; policy drop;
+		tcp dport 22 accept
+	}
+
+	chain routing {
+		type filter hook forward priority filter; policy drop;
+		icmp type echo-request iif { $netif, $dmzif } drop
+		icmp type { echo-reply, echo-request } accept
+	}
+
+	chain system_in {
+		type filter hook input priority filter; policy drop;
+		icmp type echo-request iif { $netif, $dmzif } drop
+		tcp dport 22 accept
+	}
+
+	chain system_out {
+		type filter hook output priority filter; policy drop;
+		tcp sport 22 accept
+	}
+
+	chain postrouting {
+		type filter hook postrouting priority filter; policy drop;
+		tcp sport 22 accept
+	}
+}
--- a/sio1/siotp/sisr1/TP7/scriptsnft/fw_part3.nft
+++ b/sio1/siotp/sisr1/TP7/scriptsnft/fw_part3.nft
@@ -0,0 +1,41 @@
+define netif = enp0s3
+define dmzif = enp0s8
+define lanif = enp0s9
+define netip = 192.168.0.140
+define dmzip = 172.16.0.254
+define lanip = 10.0.0.254
+
+table ip ipfilter{
+	chain prerouting {
+		type filter hook prerouting priority filter; policy drop;
+		icmp type echo-request iif $lanif ip daddr 172.16.0.1-172.16.0.254 accept
+		icmp type echo-request iif $lanif ip daddr $lanip accept
+		icmp type echo-reply accept
+		tcp dport 22 accept
+	}
+	chain system_in {
+		type filter hook input priority filter; policy drop;
+		icmp type echo-request iif $lanif accept
+		icmp type echo-reply accept
+		tcp dport 22 accept
+	}
+	chain routing {
+		type filter hook forward priority filter; policy drop;
+		icmp type echo-request iif $lanif oif $dmzif accept
+		icmp type echo-reply iif $dmzif oif $lanif accept
+	}
+	chain system_out {
+		type filter hook output priority filter; policy drop;
+		icmp type echo-request accept
+		icmp type echo-reply oif $lanif accept
+		tcp sport 22 accept
+	}
+	chain postrouting {
+		type filter hook postrouting priority filter; policy drop;
+		icmp type echo-request ip saddr {$lanip , $dmzip , $netip } accept
+		icmp type echo-request iif $lanif oif $dmzif accept
+		icmp type echo-reply iif $dmzif oif $lanif accept
+		icmp type echo-reply ip saddr $lanip oif $lanif accept
+		tcp sport 22 accept
+	}
+}
--- a/sio1/siotp/sisr1/TP7/scriptsnft/fw_part4.nft
+++ b/sio1/siotp/sisr1/TP7/scriptsnft/fw_part4.nft
@@ -0,0 +1,68 @@
+define netif = enp0s3
+define dmzif = enp0s8
+define lanif = enp0s9
+
+define firewall = 192.168.0.140
+define ipdmz = 172.16.0.254
+define iplan = 10.0.0.254
+
+table ip ipfilter{
+	chain prerouting {
+                type filter hook prerouting priority filter; policy drop;
+		icmp type echo-reply accept
+		ct state established, related accept
+		icmp type echo-request iif {$lanif} ip daddr 172.16.0.1-172.16.0.254 accept
+		icmp type echo-request iif {$lanif} ip daddr {$iplan} accept
+                tcp dport 20 accept
+                tcp dport 21 accept
+                tcp dport {80, 443} accept
+		tcp dport 22 accept
+		ip saddr 10.121.38.1 tcp dport {80, 443} accept
+        }
+	chain system_in {
+                type filter hook input priority filter; policy drop;
+		icmp type echo-reply accept
+		icmp type echo-request iif {$lanif} accept
+		ct state established, related accept
+                tcp dport 20 accept
+                tcp dport 21 accept
+                tcp dport {80, 443} accept
+                tcp dport 22 accept
+		ip saddr 10.121.38.1 tcp dport {80, 443} accept
+        }
+ 	chain routing {
+                type filter hook forward priority filter; policy drop;
+        	icmp type echo-request iif {$lanif} oif {$dmzif} accept
+		icmp type echo-reply iif {$dmzif} oif {$lanif} accept
+	}
+ 	chain system_out {
+                type filter hook output priority filter; policy drop;
+                ip daddr 10.121.38.7-10.121.38.8 accept
+                ip daddr 10.121.38.1 tcp dport 8080 accept
+		icmp type echo-reply oif {$lanif} accept
+		icmp type echo-request accept
+                tcp dport 20 accept
+		tcp sport 20 accept
+                tcp dport 21 accept
+		tcp sport 21 accept
+                tcp dport {80, 443} accept
+		tcp sport {80, 443} accept
+		tcp sport 22 accept
+        }
+	chain postrouting {
+                type filter hook postrouting priority filter; policy drop;
+		ip daddr 10.121.38.7-10.121.38.8 accept
+		ip daddr 10.121.38.1 tcp dport 8080 accept
+		icmp type echo-request ip saddr {$iplan, $ipdmz, $firewall} accept
+		icmp type echo-reply iif {$dmzif}  oif {$lanif} accept
+		icmp type echo-request iif {$lanif} oif {$dmzif} accept
+		icmp type echo-request ip saddr $iplan oif $lanif accept
+                tcp dport 20 accept
+                tcp sport 20 accept
+                tcp dport 21 accept
+                tcp sport 21 accept
+                tcp dport {80, 443} accept
+                tcp sport {80, 443} accept
+		tcp sport 22 accept
+        }
+}
--- a/sio1/siotp/sisr1/TP7/scriptsnft/fw_part5.nft
+++ b/sio1/siotp/sisr1/TP7/scriptsnft/fw_part5.nft
@@ -0,0 +1,94 @@
+define netif = enp0s3
+define dmzif = enp0s8
+define lanif = enp0s9
+
+define firewall = 192.168.0.140
+define ipdmz = 172.16.0.254
+define iplan = 10.0.0.254
+
+define lan-ntw = 10.0.0.0/24
+
+define dns-server = {10.121.38.7 , 10.121.38.8}
+
+define proxy-lyc = 10.121.38.1
+define proxy-port = 8080
+
+table ip ipfilter{
+	chain prerouting {
+                type filter hook prerouting priority filter; policy drop;
+		icmp type echo-reply accept
+		ct state established, related accept
+		icmp type echo-request iif {$lanif} ip daddr 172.16.0.1-172.16.0.254 accept
+		icmp type echo-request iif {$lanif} ip daddr {$iplan} accept
+                tcp dport 20 accept
+                tcp dport 21 accept
+                tcp dport {80, 443} accept
+		tcp dport 22 accept
+		ip saddr $proxy-lyc tcp dport {80, 443} accept
+		ct state {established,related} accept
+		tcp sport {80,443} ip saddr $lan-ntw accept
+		tcp dport {80,443} ip saddr $lan-ntw accept
+        }
+
+	chain system_in {
+                type filter hook input priority filter; policy drop;
+		icmp type echo-reply accept
+		icmp type echo-request iif {$lanif} accept
+		ct state established, related accept
+                tcp dport 20 accept
+                tcp dport 21 accept
+                tcp dport {80, 443} accept
+                tcp dport 22 accept
+		ip saddr $proxy-lyc tcp dport {80, 443} accept
+        }
+ 	chain routing {
+                type filter hook forward priority filter; policy drop;
+        	icmp type echo-request iif {$lanif} oif {$dmzif} accept
+		icmp type echo-reply iif {$dmzif} oif {$lanif} accept
+		ct state {established,related} accept
+		tcp sport {80,443} ip saddr $lan-ntw accept
+		tcp dport {80,443} ip saddr $lan-ntw accept
+	}
+
+ 	chain system_out {
+                type filter hook output priority filter; policy drop;
+                ip daddr $dns-server accept
+                ip daddr $proxy-lyc tcp dport $proxy-port accept
+		icmp type echo-reply oif {$lanif} accept
+		icmp type echo-request accept
+                tcp dport 20 accept
+		tcp sport 20 accept
+                tcp dport 21 accept
+		tcp sport 21 accept
+                tcp dport {80, 443} accept
+		tcp sport {80, 443} accept
+		tcp sport 22 accept
+        }
+	chain postrouting {
+                type filter hook postrouting priority filter; policy drop;
+		ip daddr $dns-server accept
+		ip daddr $proxy-lyc tcp dport $proxy-port accept
+		icmp type echo-request ip saddr {$iplan, $ipdmz, $firewall} accept
+		icmp type echo-reply iif {$dmzif}  oif {$lanif} accept
+		icmp type echo-request iif {$lanif} oif {$dmzif} accept
+		icmp type echo-request ip saddr $iplan oif $lanif accept
+                tcp dport 20 accept
+                tcp sport 20 accept
+                tcp dport 21 accept
+                tcp sport 21 accept
+                tcp dport {80, 443} accept
+                tcp sport {80, 443} accept
+		tcp sport 22 accept
+        	ct state {established,related} accept
+	}
+}
+table ip nat {
+	chain prerouting {
+		type nat hook prerouting priority filter; policy accept;
+	}
+
+	chain postrouting {
+		type nat hook postrouting priority filter; policy accept;
+		ip saddr $lan-ntw oif $netif snat $firewall
+	}
+}
--- a/sio1/siotp/sisr1/TP7/scriptsnft/fw_part6.nft
+++ b/sio1/siotp/sisr1/TP7/scriptsnft/fw_part6.nft
@@ -0,0 +1,200 @@
+# Définition des interfaces avec un nom
+define netif = enp0s3
+define dmzif = enp0s8
+define lanif = enp0s9
+
+# Définition du réseau LAN
+define lan-ntw = 10.0.0.0/24
+
+# Définition de l'IP du proxy, du DNS, du port du proxy et du réseau DMZ pour ne pas à tout retaper
+define proxy = 10.121.38.1
+define dns = {10.121.38.7 , 10.121.38.8}
+define proxyport = 8080
+define dmznet = 172.16.0.1-172.16.0.254
+
+# Définition des IPs des cartes de la machine firewall
+define firewall = 192.168.0.140
+define ipdmz = 172.16.0.254
+define iplan = 10.0.0.254
+
+table ip ipfilter{
+
+	chain prerouting {
+                type filter hook prerouting priority filter; policy drop;
+
+		#Permet le passage des réponses aux requêtes acceptées
+		ct state established, related accept
+
+		#Accepte les réponses ping
+		icmp type echo-reply accept
+
+		#Accepte les requêtes de ping si elles viennent du LAN, à destination de la DMZ
+		icmp type echo-request iif {$lanif} ip daddr $dmznet accept
+
+		#Même chose que plus haut, mais à destination de l'IP de la carte LAN du firewall
+		icmp type echo-request iif {$lanif} ip daddr {$iplan} accept
+
+                #Autorise les requêtes ayant pour port de destination les ports FTP
+		tcp dport 20 accept
+                tcp dport 21 accept
+
+		#Autorise les requêtes HTTP/HTTPS venant de la LAN
+                tcp dport {80, 443} ip saddr $lan-ntw accept
+		tcp sport {80, 443} ip saddr $lan-ntw accept
+
+		#Autorise le SSH
+		tcp dport 22 accept
+
+		#Autorise les requêtes DNS depuis la DMZ et le LAN
+		udp sport 53 iif {$dmzif, $lanif} accept
+		udp dport 53 accept
+
+		#Autorise les requêtes provenant du proxy avec ports HTTP/HTTPS
+		ip saddr $proxy tcp dport {80, 443} accept
+
+		#Autorise les requêtes qui vont vers le serveur DNS
+		ip daddr $dns accept
+        }
+
+	chain system_in {
+                type filter hook input priority filter; policy drop;
+
+		#Permet le passage des réponses aux requêtes acceptées
+		ct state established, related accept
+
+		#Accepte les réponses ping
+		icmp type echo-reply accept
+
+		#Accepte les requêtes de ping si elles viennent du LAN
+		icmp type echo-request iif {$lanif} accept
+
+		#Autorise les requêtes ayant pour port de destination les ports FTP
+                tcp dport 20 accept
+                tcp dport 21 accept
+
+		#Autorise les requêtes HTTP/HTTPS
+                tcp dport {80, 443} accept
+
+		#Autorise le SSH
+                tcp dport 22 accept
+
+		#Autorise les requêtes DNS
+		udp sport 53 accept
+                udp dport 53 accept
+
+		#Autorise les requêtes provenant du proxy avec ports HTTP/HTTPS
+		ip saddr $proxy tcp dport {80, 443} accept
+        }
+
+ 	chain routing {
+                type filter hook forward priority filter; policy drop;
+
+		#Permet le passage des réponses aux requêtes acceptées
+		ct state established, related accept
+
+		#Accepte les requêtes de ping si elles viennent du LAN, à destination de la DMZ
+        	icmp type echo-request iif {$lanif} oif {$dmzif} accept
+
+		#Même chose que plus haut, mais à destination de l'IP de la carte LAN du firewall
+		icmp type echo-reply iif {$dmzif} oif {$lanif} accept
+
+		#Autorise les requêtes HTTP/HTTPS venant de la LAN
+                tcp dport {80, 443} ip saddr $lan-ntw accept
+		tcp sport {80, 443} ip saddr $lan-ntw accept
+
+		#Autorise les requêtes DNS depuis la DMZ et le LAN
+		udp sport 53 iif {$lanif, $dmzif} accept
+		udp dport 53 accept
+
+		#Autorise les requêtes qui vont vers le serveur DNS
+		ip daddr $dns accept
+	}
+
+ 	chain system_out {
+                type filter hook output priority filter; policy drop;
+
+		#Autorise les requêtes qui vont vers le serveur DNS
+                ip daddr $dns accept
+
+		#Autorise les requêtes provenant du proxy, depuis le port 8080
+                ip daddr $proxy tcp dport $proxyport accept
+
+		#Accepte les requêtes de ping si elles viennent du LAN
+		icmp type echo-reply oif {$lanif} accept
+
+		#Accepte les requêtes ping
+		icmp type echo-request accept
+
+		#Autorise les requêtes ayant pour port de destination les ports FTP
+                tcp dport 20 accept
+		tcp sport 20 accept
+                tcp dport 21 accept
+		tcp sport 21 accept
+
+		#Autorise les requêtes provenant des ports HTTP/HTTPS
+                tcp dport {80, 443} accept
+		tcp sport {80, 443} accept
+
+		#Autorise le SSH
+		tcp sport 22 accept
+
+		#Autorise les requêtes DNS
+                udp sport 53 accept
+                udp dport 53 accept
+        }
+
+	chain postrouting {
+                type filter hook postrouting priority filter; policy drop;
+
+		#Permet le passage des réponses aux requêtes acceptées
+		ct state established, related accept
+
+		#Autorise les requêtes qui vont vers le serveur DNS
+		ip daddr $dns accept
+
+		#Autorise les requêtes allant vers le proxy avec le port 8080
+		ip daddr $proxy tcp dport $proxyport accept
+
+		#Autorise les requêtes ping venant des cartes LAN, DMZ et la carte en pont du firewall
+		icmp type echo-request ip saddr {$iplan, $ipdmz, $firewall} accept
+
+		#Autorise les réponses ping si elles viennent de la DMZ à destination du LAN
+		icmp type echo-reply iif {$dmzif}  oif {$lanif} accept
+
+		#Autorise les requêtes ping venant de la LAN à destination de la DMZ
+		icmp type echo-request iif {$lanif} oif {$dmzif} accept
+
+		#Autorise les requêtes ping ayant le LAN pour origine, à destination de la carte LAN du firewall
+		icmp type echo-request ip saddr $iplan oif $lanif accept
+
+		#Autorise les requêtes FTP
+                tcp dport 20 accept
+                tcp sport 20 accept
+                tcp dport 21 accept
+                tcp sport 21 accept
+
+		#Autorise les requêtes ayant pour ports HTTP et HTTPS comme ports de destination et de source
+                tcp dport {80, 443} accept
+		tcp sport {80, 443} accept
+
+		#Autorise le SSH
+		tcp sport 22 accept
+
+		#Autorise les requêtes DNS
+                udp sport 53 accept
+                udp dport 53 accept
+
+		#Autorise les requêtes provenant du DNS
+		ip daddr $dns accept
+	}
+
+	chain pre_nat {
+                type nat hook prerouting priority filter; policy accept;
+	}
+
+	chain post_nat {
+                type nat hook postrouting priority filter; policy accept;
+		ip saddr $lan-ntw oif $netif snat $firewall
+		ip saddr $dmznet oif $netif snat $firewall
+	}
+}
--- a/sio1/siotp/sisr1/TP7/scriptsnft/fw_part7.nft
+++ b/sio1/siotp/sisr1/TP7/scriptsnft/fw_part7.nft
@@ -0,0 +1,215 @@
+# Définition des interfaces avec un nom
+define netif = enp0s3
+define dmzif = enp0s8
+define lanif = enp0s9
+
+# Définition de l'IP du serveur web
+define srv = 172.16.0.1
+
+# Définition du réseau LAN
+define lan-ntw = 10.0.0.0/24
+
+# Définition de l'IP du proxy, du DNS, du port du proxy et du réseau DMZ pour ne pas à tout retaper
+define proxy = 10.121.38.1
+define dns = {10.121.38.7 , 10.121.38.8}
+define proxyport = 8080
+define dmznet = 172.16.0.1-172.16.0.254
+
+# Définition des IPs des cartes de la machine firewall
+define firewall = 192.168.0.140
+define ipdmz = 172.16.0.254
+define iplan = 10.0.0.254
+
+table ip ipfilter{
+
+	chain prerouting {
+                type filter hook prerouting priority filter; policy drop;
+
+		#Permet le passage des réponses aux requêtes acceptées
+		ct state established, related accept
+
+		#Accepte les réponses ping
+		icmp type echo-reply accept
+
+		#Accepte les requêtes de ping si elles viennent du LAN, à destination de la DMZ
+		icmp type echo-request iif {$lanif} ip daddr $dmznet accept
+
+		#Même chose que plus haut, mais à destination de l'IP de la carte LAN du firewall
+		icmp type echo-request iif {$lanif} ip daddr {$iplan} accept
+
+                #Autorise les requêtes ayant pour port de destination les ports FTP
+		tcp dport 20 accept
+                tcp dport 21 accept
+
+		#Autorise les requêtes HTTP/HTTPS venant de la LAN
+                tcp dport {80, 443} ip saddr $lan-ntw accept
+		tcp sport {80, 443} ip saddr $lan-ntw accept
+
+		#Autorise le SSH
+		tcp dport 22 accept
+
+		#Autorise les requêtes DNS depuis la DMZ et le LAN
+		udp sport 53 iif {$dmzif, $lanif} accept
+		udp dport 53 accept
+
+		#Autorise les requêtes provenant du proxy avec ports HTTP/HTTPS
+		ip saddr $proxy tcp dport {80, 443} accept
+
+		#Autorise les requêtes qui vont vers le serveur DNS
+		ip daddr $dns accept
+        }
+
+	chain system_in {
+                type filter hook input priority filter; policy drop;
+
+		#Permet le passage des réponses aux requêtes acceptées
+		ct state established, related accept
+
+		#Accepte les réponses ping
+		icmp type echo-reply accept
+
+		#Accepte les requêtes de ping si elles viennent du LAN
+		icmp type echo-request iif {$lanif} accept
+
+		#Autorise les requêtes ayant pour port de destination les ports FTP
+                tcp dport 20 accept
+                tcp dport 21 accept
+
+		#Autorise les requêtes HTTP/HTTPS
+                tcp dport {80, 443} accept
+
+		#Autorise le SSH
+                tcp dport 22 accept
+
+		#Autorise les requêtes DNS
+		udp sport 53 accept
+                udp dport 53 accept
+
+		#Autorise les requêtes provenant du proxy avec ports HTTP/HTTPS
+		ip saddr $proxy tcp dport {80, 443} accept
+        }
+
+ 	chain routing {
+                type filter hook forward priority filter; policy drop;
+
+		#Permet le passage des réponses aux requêtes acceptées
+		ct state established, related accept
+
+		#Accepte les requêtes de ping si elles viennent du LAN, à destination de la DMZ
+        	icmp type echo-request iif {$lanif} oif {$dmzif} accept
+
+		#Même chose que plus haut, mais à destination de l'IP de la carte LAN du firewall
+		icmp type echo-reply iif {$dmzif} oif {$lanif} accept
+
+		#Autorise les requêtes HTTP/HTTPS venant de la LAN
+                tcp dport {80, 443} ip saddr $lan-ntw accept
+		tcp sport {80, 443} ip saddr $lan-ntw accept
+
+		#Autorise le port forwarding pour la DMZ pour HTTP/HTTPS
+		tcp dport {80, 443} ip saddr $srv accept
+
+		#Autorise les requêtes DNS depuis la DMZ et le LAN
+		udp sport 53 iif {$lanif, $dmzif} accept
+		udp dport 53 accept
+
+		#Autorise les requêtes qui vont vers le serveur DNS
+		ip daddr $dns accept
+	}
+
+ 	chain system_out {
+                type filter hook output priority filter; policy drop;
+
+		#Autorise les requêtes qui vont vers le serveur DNS
+                ip daddr $dns accept
+
+		#Autorise les requêtes provenant du proxy, depuis le port 8080
+                ip daddr $proxy tcp dport $proxyport accept
+
+		#Accepte les requêtes de ping si elles viennent du LAN
+		icmp type echo-reply oif {$lanif} accept
+
+		#Accepte les requêtes ping
+		icmp type echo-request accept
+
+		#Autorise les requêtes ayant pour port de destination les ports FTP
+                tcp dport 20 accept
+		tcp sport 20 accept
+                tcp dport 21 accept
+		tcp sport 21 accept
+
+		#Autorise les requêtes provenant des ports HTTP/HTTPS
+                tcp dport {80, 443} accept
+		tcp sport {80, 443} accept
+
+		#Autorise le SSH
+		tcp sport 22 accept
+
+		#Autorise les requêtes DNS
+                udp sport 53 accept
+                udp dport 53 accept
+        }
+
+	chain postrouting {
+                type filter hook postrouting priority filter; policy drop;
+
+		#Permet le passage des réponses aux requêtes acceptées
+		ct state established, related accept
+
+		#Autorise les requêtes qui vont vers le serveur DNS
+		ip daddr $dns accept
+
+		#Autorise les requêtes allant vers le proxy avec le port 8080
+		ip daddr $proxy tcp dport $proxyport accept
+
+		#Autorise les requêtes ping venant des cartes LAN, DMZ et la carte en pont du firewall
+		icmp type echo-request ip saddr {$iplan, $ipdmz, $firewall} accept
+
+		#Autorise les réponses ping si elles viennent de la DMZ à destination du LAN
+		icmp type echo-reply iif {$dmzif}  oif {$lanif} accept
+
+		#Autorise les requêtes ping venant de la LAN à destination de la DMZ
+		icmp type echo-request iif {$lanif} oif {$dmzif} accept
+
+		#Autorise les requêtes ping ayant le LAN pour origine, à destination de la carte LAN du firewall
+		icmp type echo-request ip saddr $iplan oif $lanif accept
+
+		#Autorise les requêtes FTP
+                tcp dport 20 accept
+                tcp sport 20 accept
+                tcp dport 21 accept
+                tcp sport 21 accept
+
+		#Autorise les requêtes ayant pour ports HTTP et HTTPS comme ports de destination et de source
+                tcp dport {80, 443} accept
+		tcp sport {80, 443} accept
+
+		#Autorise le SSH
+		tcp sport 22 accept
+
+		#Autorise les requêtes DNS
+                udp sport 53 accept
+                udp dport 53 accept
+
+		#Autorise les requêtes provenant du DNS
+		ip daddr $dns accept
+	}
+
+	chain pre_nat {
+                type nat hook prerouting priority filter; policy accept;
+
+		#Autorise les requêtes HTTP vers la carte LAN du firewall
+		tcp dport 80 ip daddr $firewall dnat $srv:80
+		#Même chose mais pour HTTPS
+		tcp dport 443 ip daddr $firewall dnat $srv:443
+	}
+
+	chain post_nat {
+                type nat hook postrouting priority filter; policy accept;
+
+		#Autorise la NAT à destination du firewall si la requête vient du LAN et part vers Internet
+		ip saddr $lan-ntw oif $netif snat $firewall
+
+		#Même chose, mais si la requête provient de la DMZ
+		ip saddr $dmznet oif $netif snat $firewall
+	}
+ }
--- a/sio1/siotp/sisr1/TP7/scriptsnft/old-current_ruleset.nft
+++ b/sio1/siotp/sisr1/TP7/scriptsnft/old-current_ruleset.nft
@@ -0,0 +1,106 @@
+define netif = enp0s3
+define dmzif = enp0s8
+define lanif = enp0s9
+
+define firewall = 192.168.0.140
+define ipdmz = 172.16.0.254
+define iplan = 10.0.0.254
+define ipsrvweb = 172.16.0.1
+
+define dmznet = 172.16.0.1-172.16.0.254
+define lan-ntw = 10.0.0.0/24
+
+define dns-server = {10.121.38.7 , 10.121.38.8}
+
+define proxy-lyc = 10.121.38.1
+define proxy-port = 8080
+
+table ip ipfilter{
+	chain prerouting {
+                type filter hook prerouting priority filter; policy drop;
+		icmp type echo-reply accept
+		ct state established, related accept
+		icmp type echo-request iif {$lanif} ip daddr 172.16.0.1-172.16.0.254 accept
+		icmp type echo-request iif {$lanif} ip daddr {$iplan} accept
+                tcp dport 20 accept
+                tcp dport 21 accept
+                tcp dport {80, 443} accept
+		tcp dport 22 accept
+		ip saddr $proxy-lyc tcp dport {80, 443} accept
+		ct state {established,related} accept
+		tcp sport {80,443} ip saddr $lan-ntw accept
+		tcp dport {80,443} ip saddr $lan-ntw accept
+		udp dport 53 accept
+        }
+
+	chain system_in {
+                type filter hook input priority filter; policy drop;
+		icmp type echo-reply accept
+		icmp type echo-request iif {$lanif} accept
+		ct state established, related accept
+                tcp dport 20 accept
+                tcp dport 21 accept
+                tcp dport {80, 443} accept
+                tcp dport 22 accept
+		ip saddr $proxy-lyc tcp dport {80, 443} accept
+        }
+ 	chain routing {
+                type filter hook forward priority filter; policy drop;
+        	icmp type echo-request iif {$lanif} oif {$dmzif} accept
+		icmp type echo-reply iif {$dmzif} oif {$lanif} accept
+		ct state {established,related} accept
+		tcp sport {80,443} ip saddr $lan-ntw accept
+		tcp dport {80,443} ip saddr $lan-ntw accept
+		udp dport 53 iif {$lanif, $dmzif} accept
+		# http et https vers srvweb
+		tcp dport {80, 443} ip daddr $ipsrvweb accept
+	}
+
+ 	chain system_out {
+                type filter hook output priority filter; policy drop;
+                ip daddr $dns-server accept
+                ip daddr $proxy-lyc tcp dport $proxy-port accept
+		icmp type echo-reply oif {$lanif} accept
+		icmp type echo-request accept
+                tcp dport 20 accept
+		tcp sport 20 accept
+                tcp dport 21 accept
+		tcp sport 21 accept
+                tcp dport {80, 443} accept
+		tcp sport {80, 443} accept
+		tcp sport 22 accept
+		udp dport 53 accept
+        }
+	chain postrouting {
+                type filter hook postrouting priority filter; policy drop;
+		ip daddr $dns-server accept
+		ip daddr $proxy-lyc tcp dport $proxy-port accept
+		icmp type echo-request ip saddr {$iplan, $ipdmz, $firewall} accept
+		icmp type echo-reply iif {$dmzif}  oif {$lanif} accept
+		icmp type echo-request iif {$lanif} oif {$dmzif} accept
+		icmp type echo-request ip saddr $iplan oif $lanif accept
+                tcp dport 20 accept
+                tcp sport 20 accept
+                tcp dport 21 accept
+                tcp sport 21 accept
+                tcp dport {80, 443} accept
+                tcp sport {80, 443} accept
+		tcp sport 22 accept
+        	ct state {established,related} accept
+		udp dport 53 accept
+	}
+}
+table ip nat {
+	chain prerouting {
+		type nat hook prerouting priority filter; policy accept;
+		# http et https du firewall vers srvweb
+		tcp dport 80 ip daddr $firewall dnat $ipsrvweb:80
+		tcp dport 443 ip daddr $firewall dnat $ipsrvweb:443
+	}
+
+	chain postrouting {
+		type nat hook postrouting priority filter; policy accept;
+		ip saddr $lan-ntw oif $netif snat $firewall
+		ip saddr $dmznet oif $netif snat $firewall
+	}
+}
--- a/sio1/siotp/sisr1/TP7/scriptsnft/refresh_firewall.sh
+++ b/sio1/siotp/sisr1/TP7/scriptsnft/refresh_firewall.sh
@@ -0,0 +1,7 @@
+#!/bin/bash
+# active le routage entre les interfaces réseau du firewall
+echo "1" > /proc/sys/net/ipv4/ip_forward
+#vide les règles actuelles du pare-feu
+nft flush ruleset
+#charge les règles du pare-feu présentes dans le fichier
+nft -f /root/scriptsnft/current_ruleset.nft
--- a/sio1/siotp/sisr1/tp01-02/srv-dhcp/dhcpd.conf
+++ b/sio1/siotp/sisr1/tp01-02/srv-dhcp/dhcpd.conf
@@ -0,0 +1,112 @@
+# dhcpd.conf
+#
+# Sample configuration file for ISC dhcpd
+#
+
+# option definitions common to all supported networks...
+#option domain-name "example.org";
+#option domain-name-servers ns1.example.org, ns2.example.org;
+
+default-lease-time 604800;
+max-lease-time 604800;
+
+# The ddns-updates-style parameter controls whether or not the server will
+# attempt to do a DNS update when a lease is confirmed. We default to the
+# behavior of the version 2 packages ('none', since DHCP v2 didn't
+# have support for DDNS.)
+ddns-update-style none;
+
+# If this DHCP server is the official DHCP server for the local
+# network, the authoritative directive should be uncommented.
+#authoritative;
+
+# Use this to send dhcp log messages to a different log file (you also
+# have to hack syslog.conf to complete the redirection).
+#log-facility local7;
+
+# No service will be given on this subnet, but declaring it helps the 
+# DHCP server to understand the network topology.
+
+subnet 192.168.2.0 netmask 255.255.255.0 {
+ range 192.168.2.140 192.168.2.169;
+}
+
+host xp-master {
+ hardware ethernet 08:00:27:77:70:0D;
+ fixed-address 192.168.2.222;
+}
+# This is a very basic subnet declaration.
+
+#subnet 10.254.239.0 netmask 255.255.255.224 {
+#  range 10.254.239.10 10.254.239.20;
+#  option routers rtr-239-0-1.example.org, rtr-239-0-2.example.org;
+#}
+
+# This declaration allows BOOTP clients to get dynamic addresses,
+# which we don't really recommend.
+
+#subnet 10.254.239.32 netmask 255.255.255.224 {
+#  range dynamic-bootp 10.254.239.40 10.254.239.60;
+#  option broadcast-address 10.254.239.31;
+#  option routers rtr-239-32-1.example.org;
+#}
+
+# A slightly different configuration for an internal subnet.
+#subnet 10.5.5.0 netmask 255.255.255.224 {
+#  range 10.5.5.26 10.5.5.30;
+option domain-name-servers 192.168.0.140, 192.168.0.142;
+#  option domain-name "internal.example.org";
+option routers 192.168.2.1;
+#  option broadcast-address 10.5.5.31;
+#  default-lease-time 600;
+#  max-lease-time 7200;
+#}
+
+# Hosts which require special configuration options can be listed in
+# host statements.   If no address is specified, the address will be
+# allocated dynamically (if possible), but the host-specific information
+# will still come from the host declaration.
+
+#host passacaglia {
+#  hardware ethernet 0:0:c0:5d:bd:95;
+#  filename "vmunix.passacaglia";
+#  server-name "toccata.example.com";
+#}
+
+# Fixed IP addresses can also be specified for hosts.   These addresses
+# should not also be listed as being available for dynamic assignment.
+# Hosts for which fixed IP addresses have been specified can boot using
+# BOOTP or DHCP.   Hosts for which no fixed address is specified can only
+# be booted with DHCP, unless there is an address range on the subnet
+# to which a BOOTP client is connected which has the dynamic-bootp flag
+# set.
+#host fantasia {
+#  hardware ethernet 08:00:07:26:c0:a5;
+#  fixed-address fantasia.example.com;
+#}
+
+# You can declare a class of clients and then do address allocation
+# based on that.   The example below shows a case where all clients
+# in a certain class get addresses on the 10.17.224/24 subnet, and all
+# other clients get addresses on the 10.0.29/24 subnet.
+
+#class "foo" {
+#  match if substring (option vendor-class-identifier, 0, 4) = "SUNW";
+#}
+
+#shared-network 224-29 {
+#  subnet 10.17.224.0 netmask 255.255.255.0 {
+#    option routers rtr-224.example.org;
+#  }
+#  subnet 10.0.29.0 netmask 255.255.255.0 {
+#    option routers rtr-29.example.org;
+#  }
+#  pool {
+#    allow members of "foo";
+#    range 10.17.224.10 10.17.224.250;
+#  }
+#  pool {
+#    deny members of "foo";
+#    range 10.0.29.10 10.0.29.230;
+#  }
+#}
--- a/sio1/siotp/sisr1/tp01-02/srv-dhcp/hosts
+++ b/sio1/siotp/sisr1/tp01-02/srv-dhcp/hosts
@@ -0,0 +1,8 @@
+127.0.0.1	localhost
+127.0.1.1	bookworm-jp.sio.lan	bookworm-jp
+192.168.0.35    bookworm-ge.sio.lan     bookworm-ge
+192.168.0.40    bookworm-jb.sio.lan     bookworm-jb
+# The following lines are desirable for IPv6 capable hosts
+::1     localhost ip6-localhost ip6-loopback
+ff02::1 ip6-allnodes
+ff02::2 ip6-allrouters
--- a/sio1/siotp/sisr1/tp01-02/srv-dhcp/interfaces
+++ b/sio1/siotp/sisr1/tp01-02/srv-dhcp/interfaces
@@ -0,0 +1,24 @@
+# This file describes the network interfaces available on your system
+# and how to activate them. For more information, see interfaces(5).
+
+source /etc/network/interfaces.d/*
+
+# The loopback network interface
+auto lo
+iface lo inet loopback
+
+# Interface fixe
+auto enp0s3
+iface enp0s3 inet static
+	address 192.168.0.141/24
+	gateway 192.168.0.1
+
+
+# The primary network interface
+#allow-hotplug enp0s3
+#iface enp0s3 inet dhcp
+
+# Interface fixe
+auto enp0s8
+iface enp0s8 inet static
+	address 192.168.2.1/24
--- a/sio1/siotp/sisr1/tp01-02/srv-dhcp/isc-dhcp-server
+++ b/sio1/siotp/sisr1/tp01-02/srv-dhcp/isc-dhcp-server
@@ -0,0 +1,18 @@
+# Defaults for isc-dhcp-server (sourced by /etc/init.d/isc-dhcp-server)
+
+# Path to dhcpd's config file (default: /etc/dhcp/dhcpd.conf).
+DHCPDv4_CONF=/etc/dhcp/dhcpd.conf
+#DHCPDv6_CONF=/etc/dhcp/dhcpd6.conf
+
+# Path to dhcpd's PID file (default: /var/run/dhcpd.pid).
+DHCPDv4_PID=/var/run/dhcpd.pid
+#DHCPDv6_PID=/var/run/dhcpd6.pid
+
+# Additional options to start dhcpd with.
+#	Don't use options -cf or -pf here; use DHCPD_CONF/ DHCPD_PID instead
+#OPTIONS=""
+
+# On what interfaces should the DHCP server (dhcpd) serve DHCP requests?
+#	Separate multiple interfaces with spaces, e.g. "eth0 eth1".
+INTERFACESv4="enp0s8"
+INTERFACESv6=""
--- a/sio1/siotp/sisr1/tp01-02/srv-dhcp/nat.sh
+++ b/sio1/siotp/sisr1/tp01-02/srv-dhcp/nat.sh
@@ -0,0 +1,6 @@
+#!/bin/bash
+sysctl net.ipv4.ip_forward=1
+nft add table basic_nat_table
+nft add chain basic_nat_table prerouting {type nat hook prerouting priority 0\; }
+nft add chain basic_nat_table postrouting {type nat hook postrouting priority 0\; }
+nft add rule basic_nat_table postrouting masquerade
--- a/sio1/siotp/sisr1/tp01-02/srv-dns1/db.sio1lab.lan
+++ b/sio1/siotp/sisr1/tp01-02/srv-dns1/db.sio1lab.lan
@@ -0,0 +1,28 @@
+;
+; BIND data file for local loopback interface
+;
+$TTL	604800
+@	IN	SOA	dns1.sio1lab.lan. root.sio1lab.lan. (
+			      2		; Serial
+			 604800		; Refresh
+			  86400		; Retry
+			2419200		; Expire
+			 604800 )	; Negative Cache TTL
+;
+@	IN	NS	deb-dns-jp.sio1lab.lan.
+	IN	NS	deb-dns2-jp.sio1lab.lan.
+	IN	A 192.168.0.140
+	IN	A 192.168.0.141
+deb-dns-jp	IN	A	192.168.0.140
+deb-dhcp-jp     IN      A       192.168.0.141
+deb-dns2-jp	IN	A	192.168.0.142
+deb-dns1-ge	IN	A	192.168.0.121
+deb-dns2-ge	IN	A	192.168.0.122
+deb-dhcp-ge	IN	A	192.168.0.120
+
+dhcp IN CNAME deb-dhcp-jp
+dns1 IN CNAME deb-dns-jp
+dns2 IN CNAME deb-dns2-jp
+dhcp2ge IN CNAME deb-dhcp-ge
+dns3ge IN CNAME deb-dns1-ge
+dns3ge IN CNAME deb-dns2-ge
--- a/sio1/siotp/sisr1/tp01-02/srv-dns1/db.sio1lab.lan.rev
+++ b/sio1/siotp/sisr1/tp01-02/srv-dns1/db.sio1lab.lan.rev
@@ -0,0 +1,30 @@
+;
+; BIND data file for local loopback interface
+;
+$TTL	604800
+@	IN	SOA	dns1.sio1lab.lan. root.sio1lab.lan. (
+			      2		; Serial
+			 604800		; Refresh
+			  86400		; Retry
+			2419200		; Expire
+			 604800 )	; Negative Cache TTL
+;
+@	IN	NS	deb-dns-jp.sio1lab.lan.
+	IN	NS	deb-dns2-jp.sio1lab.lan.
+deb-dns-jp	IN	A	192.168.0.140
+deb-dhcp-jp     IN      A       192.168.0.141
+deb-dns2-jp	IN	A	192.168.0.142
+deb-dhcp-ge	IN	A	192.168.0.120
+deb-dns1-ge	IN	A	192.168.0.121
+deb-dns2-ge	IN	A	192.168.0.122
+
+dhcp IN CNAME deb-dhcp-jp
+dns1 IN CNAME deb-dns-jp
+dns2 IN CNAME deb-dns2-jp
+dhcp2ge IN CNAME deb-dhcp-ge
+dns3ge IN CNAME deb-dns1-ge
+dns4ge IN CNAME deb-dns2-ge
+
+
+140 IN PTR deb-dns-jp.sio1lab.lan
+141 IN PTR deb-dhcp-jp.sio1lab.lan
--- a/sio1/siotp/sisr1/tp01-02/srv-dns1/named.conf
+++ b/sio1/siotp/sisr1/tp01-02/srv-dns1/named.conf
@@ -0,0 +1,11 @@
+// This is the primary configuration file for the BIND DNS server named.
+//
+// Please read /usr/share/doc/bind9/README.Debian for information on the
+// structure of BIND configuration files in Debian, *BEFORE* you customize
+// this configuration file.
+//
+// If you are just adding zones, please do that in /etc/bind/named.conf.local
+
+include "/etc/bind/named.conf.options";
+include "/etc/bind/named.conf.local";
+include "/etc/bind/named.conf.default-zones";
--- a/sio1/siotp/sisr1/tp01-02/srv-dns1/named.conf.local
+++ b/sio1/siotp/sisr1/tp01-02/srv-dns1/named.conf.local
@@ -0,0 +1,20 @@
+//
+// Do any local configuration here
+//
+
+// Consider adding the 1918 zones here, if they are not used in your
+// organization
+//include "/etc/bind/zones.rfc1918";
+
+// zone directe
+  zone "sio1lab.lan" {
+      type master;
+      file "/etc/bind/db.sio1lab.lan";
+};
+
+// zone inverse 
+	zone "0.168.192.in-addr.arpa" {
+      type master;
+      notify no;
+      file "/etc/bind/db.sio1lab.lan.rev";
+};
--- a/sio1/siotp/sisr1/tp01-02/srv-dns1/named.conf.options
+++ b/sio1/siotp/sisr1/tp01-02/srv-dns1/named.conf.options
@@ -0,0 +1,25 @@
+options {
+	directory "/var/cache/bind";
+
+	// If there is a firewall between you and nameservers you want
+	// to talk to, you may need to fix the firewall to allow multiple
+	// ports to talk.  See http://www.kb.cert.org/vuls/id/800113
+
+	// If your ISP provided one or more IP addresses for stable 
+	// nameservers, you probably want to use them as forwarders.  
+	// Uncomment the following block, and insert the addresses replacing 
+	// the all-0's placeholder.
+
+	 forwarders {
+		10.121.38.7;
+		10.121.38.8;
+	 };
+
+	//========================================================================
+	// If BIND logs error messages about the root key being expired,
+	// you will need to update your keys.  See https://www.isc.org/bind-keys
+	//========================================================================
+	dnssec-validation auto;
+
+	listen-on-v6 { any; };
+};
--- a/sio1/siotp/sisr1/tp01-02/srv-dns2/db.sio1lab.lan
+++ b/sio1/siotp/sisr1/tp01-02/srv-dns2/db.sio1lab.lan
@@ -0,0 +1,20 @@
+$ORIGIN .
+$TTL 604800	; 1 week
+sio1lab.lan		IN SOA	dns1.sio1lab.lan. root.sio1lab.lan. (
+				2          ; serial
+				604800     ; refresh (1 week)
+				86400      ; retry (1 day)
+				2419200    ; expire (4 weeks)
+				604800     ; minimum (1 week)
+				)
+			NS	deb-dns-jp.sio1lab.lan.
+			NS	deb-dns2-jp.sio1lab.lan.
+			A	192.168.0.140
+			A	192.168.0.141
+$ORIGIN sio1lab.lan.
+deb-dhcp-jp		A	192.168.0.141
+deb-dns-jp		A	192.168.0.140
+deb-dns2-jp		A	192.168.0.142
+dhcp			CNAME	deb-dhcp-jp
+dns1			CNAME	deb-dns-jp
+dns2			CNAME	deb-dns2-jp
--- a/sio1/siotp/sisr1/tp01-02/srv-dns2/db.sio1lab.lan.rev
+++ b/sio1/siotp/sisr1/tp01-02/srv-dns2/db.sio1lab.lan.rev
@@ -0,0 +1,20 @@
+$ORIGIN .
+$TTL 604800	; 1 week
+0.168.192.in-addr.arpa	IN SOA	dns1.sio1lab.lan. root.sio1lab.lan. (
+				2          ; serial
+				604800     ; refresh (1 week)
+				86400      ; retry (1 day)
+				2419200    ; expire (4 weeks)
+				604800     ; minimum (1 week)
+				)
+			NS	deb-dns-jp.sio1lab.lan.
+			NS	deb-dns2-jp.sio1lab.lan.
+$ORIGIN 0.168.192.in-addr.arpa.
+140			PTR	deb-dns-jp.sio1lab.lan
+141			PTR	deb-dhcp-jp.sio1lab.lan
+deb-dhcp-jp		A	192.168.0.141
+deb-dns-jp		A	192.168.0.140
+deb-dns2-jp		A	192.168.0.142
+dhcp			CNAME	deb-dhcp-jp
+dns1			CNAME	deb-dns-jp
+dns2			CNAME	deb-dns2-jp
--- a/sio1/siotp/sisr1/tp01-02/srv-dns2/named.conf.default-zones
+++ b/sio1/siotp/sisr1/tp01-02/srv-dns2/named.conf.default-zones
@@ -0,0 +1,30 @@
+// prime the server with knowledge of the root servers
+zone "." {
+	type hint;
+	file "/usr/share/dns/root.hints";
+};
+
+// be authoritative for the localhost forward and reverse zones, and for
+// broadcast zones as per RFC 1912
+
+zone "localhost" {
+	type master;
+	file "/etc/bind/db.local";
+};
+
+zone "127.in-addr.arpa" {
+	type master;
+	file "/etc/bind/db.127";
+};
+
+zone "0.in-addr.arpa" {
+	type master;
+	file "/etc/bind/db.0";
+};
+
+zone "255.in-addr.arpa" {
+	type master;
+	file "/etc/bind/db.255";
+};
+
+
--- a/sio1/siotp/sisr1/tp01-02/srv-dns2/named.conf.local
+++ b/sio1/siotp/sisr1/tp01-02/srv-dns2/named.conf.local
@@ -0,0 +1,24 @@
+//
+// Do any local configuration here
+//
+
+// Consider adding the 1918 zones here, if they are not used in your
+// organization
+//include "/etc/bind/zones.rfc1918";
+
+// zone directe
+  zone "sio1lab.lan" {
+      type slave;
+      file "/etc/bind/db.sio1lab.lan";
+      masters { 192.168.0.140; };
+      masterfile-format text;
+};
+
+// zone inverse 
+	zone "0.168.192.in-addr.arpa" {
+      type slave;
+      notify no;
+      file "/etc/bind/db.sio1lab.lan.rev";
+      masters { 192.168.0.140; };
+      masterfile-format text;
+};
--- a/sio1/siotp/sisr1/tp01-02/srv-dns2/named.conf.options
+++ b/sio1/siotp/sisr1/tp01-02/srv-dns2/named.conf.options
@@ -0,0 +1,24 @@
+options {
+	directory "/var/cache/bind";
+
+	// If there is a firewall between you and nameservers you want
+	// to talk to, you may need to fix the firewall to allow multiple
+	// ports to talk.  See http://www.kb.cert.org/vuls/id/800113
+
+	// If your ISP provided one or more IP addresses for stable 
+	// nameservers, you probably want to use them as forwarders.  
+	// Uncomment the following block, and insert the addresses replacing 
+	// the all-0's placeholder.
+
+	// forwarders {
+	// 	0.0.0.0;
+	// };
+
+	//========================================================================
+	// If BIND logs error messages about the root key being expired,
+	// you will need to update your keys.  See https://www.isc.org/bind-keys
+	//========================================================================
+	dnssec-validation auto;
+
+	listen-on-v6 { any; };
+};
--- a/sio1/siotp/sisr1/tp03/srv-admin/interfaces
+++ b/sio1/siotp/sisr1/tp03/srv-admin/interfaces
@@ -0,0 +1,23 @@
+# This file describes the network interfaces available on your system
+# and how to activate them. For more information, see interfaces(5).
+
+source /etc/network/interfaces.d/*
+
+# The loopback network interface
+auto lo
+iface lo inet loopback
+
+# interface fixe
+auto enp0s3
+iface enp0s3 inet static
+	address 192.168.0.140/24
+	gateway 192.168.0.1
+
+# interface interne fix
+auto enp0s8
+iface enp0s8 inet dhcp
+#	address 172.16.0.254/24
+
+# interface interne dhcp
+#allow-hotplug enp0s8
+#iface enp0s8 inet dhcp
--- a/sio1/siotp/sisr1/tp03/srv-admin/nat.sh
+++ b/sio1/siotp/sisr1/tp03/srv-admin/nat.sh
@@ -0,0 +1,6 @@
+#!/bin/bash
+sysctl net.ipv4.ip_forward=1
+nft add table basic_nat_table
+nft add chain basic_nat_table prerouting {type nat hook prerouting priority 0\; }
+nft add chain basic_nat_table postrouting {type nat hook postrouting priority 0\; }
+nft add rule basic_nat_table postrouting masquerade
--- a/sio1/siotp/sisr1/tp03/srv-dns2/bind/db.monlabo.lan
+++ b/sio1/siotp/sisr1/tp03/srv-dns2/bind/db.monlabo.lan
@@ -0,0 +1,26 @@
+$ORIGIN .
+$TTL 604800	; 1 week
+monlabo.lan		IN SOA	dns1.monlabo.lan. root.monlabo.lan. (
+				2          ; serial
+				604800     ; refresh (1 week)
+				86400      ; retry (1 day)
+				2419200    ; expire (4 weeks)
+				604800     ; minimum (1 week)
+				)
+			NS	srv-dns2.monlabo.lan.
+			NS	srv-service.monlabo.lan.
+			A	172.16.0.1
+$ORIGIN monlabo.lan.
+dhcp			CNAME	srv-service
+dns			CNAME	srv-service
+dns1			CNAME	srv-service
+dns2			CNAME	srv-dns2
+router			CNAME	srv-admin-jp
+srv-admin-jp		A	172.16.0.254
+srv-dns2		A	172.16.0.2
+srv-service		A	172.16.0.1
+srvadmin		CNAME	srv-admin-jp
+srvdhcp			CNAME	srv-service
+srvdns			CNAME	srv-service
+srvdns1			CNAME	srv-service
+srvdns2			CNAME	srv-dns2
--- a/sio1/siotp/sisr1/tp03/srv-dns2/bind/db.monlabo.lan.rev
+++ b/sio1/siotp/sisr1/tp03/srv-dns2/bind/db.monlabo.lan.rev
@@ -0,0 +1,18 @@
+$ORIGIN .
+$TTL 604800	; 1 week
+0.16.172.in-addr.arpa	IN SOA	dns1.monlabo.lan. root.monlabo.lan. (
+				2          ; serial
+				604800     ; refresh (1 week)
+				86400      ; retry (1 day)
+				2419200    ; expire (4 weeks)
+				604800     ; minimum (1 week)
+				)
+			NS	srv-dns2.monlabo.lan.
+			NS	srv-service.monlabo.lan.
+			A	172.16.0.1
+$ORIGIN 0.16.172.in-addr.arpa.
+1			PTR	srv-service.monlabo.lan
+2			PTR	srv-dns2.monlabo.lan
+254			PTR	srv-admin-jp.monlabo.lan
+srv-dns2		A	172.16.0.2
+srv-service		A	172.16.0.1
--- a/sio1/siotp/sisr1/tp03/srv-dns2/bind/named.conf.local
+++ b/sio1/siotp/sisr1/tp03/srv-dns2/bind/named.conf.local
@@ -0,0 +1,24 @@
+//
+// Do any local configuration here
+//
+
+// Consider adding the 1918 zones here, if they are not used in your
+// organization
+//include "/etc/bind/zones.rfc1918";
+
+// zone directe
+zone "monlabo.lan" {
+      type slave;
+      file "/etc/bind/db.monlabo.lan";
+      masters { 172.16.0.1; };
+      masterfile-format text;
+};
+
+// zone inverse 
+zone "0.16.172.in-addr.arpa" {
+      type slave;
+      notify no;
+      file "/etc/bind/db.monlabo.lan.rev";
+      masters { 172.16.0.1; };
+      masterfile-format text;
+};
--- a/sio1/siotp/sisr1/tp03/srv-dns2/bind/named.conf.options
+++ b/sio1/siotp/sisr1/tp03/srv-dns2/bind/named.conf.options
@@ -0,0 +1,25 @@
+options {
+	directory "/var/cache/bind";
+
+	// If there is a firewall between you and nameservers you want
+	// to talk to, you may need to fix the firewall to allow multiple
+	// ports to talk.  See http://www.kb.cert.org/vuls/id/800113
+
+	// If your ISP provided one or more IP addresses for stable 
+	// nameservers, you probably want to use them as forwarders.  
+	// Uncomment the following block, and insert the addresses replacing 
+	// the all-0's placeholder.
+
+	forwarders {
+	 	10.121.38.7;
+		10.121.38.8;
+	};
+
+	//========================================================================
+	// If BIND logs error messages about the root key being expired,
+	// you will need to update your keys.  See https://www.isc.org/bind-keys
+	//========================================================================
+	dnssec-validation auto;
+
+	listen-on-v6 { any; };
+};
--- a/sio1/siotp/sisr1/tp03/srv-service/bind/db.monlabo.lan
+++ b/sio1/siotp/sisr1/tp03/srv-service/bind/db.monlabo.lan
@@ -0,0 +1,29 @@
+;
+; BIND data file for local loopback interface
+;
+$TTL	604800
+@	IN	SOA	dns1.monlabo.lan. root.monlabo.lan. (
+			      2		; Serial
+			 604800		; Refresh
+			  86400		; Retry
+			2419200		; Expire
+			 604800 )	; Negative Cache TTL
+;
+@	IN	NS	srv-service.monlabo.lan.
+	IN	NS	srv-dns2.monlabo.lan.
+	IN	A 172.16.0.1
+srv-dns2	IN	A 172.16.0.2
+srv-service	IN	A	172.16.0.1
+srv-admin-jp IN A 172.16.0.254
+
+
+dhcp IN CNAME srv-service
+srvdns IN CNAME srv-service
+srvdns1 IN CNAME srv-service
+srvdhcp IN CNAME srv-service
+dns IN CNAME srv-service
+dns1 IN CNAME srv-service
+dns2 IN CNAME srv-dns2
+srvdns2 IN CNAME srv-dns2
+srvadmin IN CNAME srv-admin-jp
+router IN CNAME srv-admin-jp
--- a/sio1/siotp/sisr1/tp03/srv-service/bind/db.monlabo.lan.rev
+++ b/sio1/siotp/sisr1/tp03/srv-service/bind/db.monlabo.lan.rev
@@ -0,0 +1,21 @@
+;
+; BIND data file for local loopback interface
+;
+$TTL	604800
+@	IN	SOA	dns1.monlabo.lan. root.monlabo.lan. (
+			      2		; Serial
+			 604800		; Refresh
+			  86400		; Retry
+			2419200		; Expire
+			 604800 )	; Negative Cache TTL
+;
+@	IN	NS	srv-service.monlabo.lan.
+	IN	NS	srv-dns2.monlabo.lan.
+	IN	A 172.16.0.1
+srv-dns2	IN	A	172.16.0.2
+srv-service	IN	A	172.16.0.1
+;deb-dns2-jp	IN	A	192.168.0.142
+
+1	IN	PTR	srv-service.monlabo.lan
+254	IN	PTR	srv-admin-jp.monlabo.lan
+2	IN	PTR	srv-dns2.monlabo.lan
--- a/sio1/siotp/sisr1/tp03/srv-service/bind/named.conf.local
+++ b/sio1/siotp/sisr1/tp03/srv-service/bind/named.conf.local
@@ -0,0 +1,20 @@
+//
+// Do any local configuration here
+//
+
+// Consider adding the 1918 zones here, if they are not used in your
+// organization
+//include "/etc/bind/zones.rfc1918";
+
+// Zone directe
+	zone "monlabo.lan" {
+	type master;
+	file "/etc/bind/db.monlabo.lan";
+};
+
+// Zone inverse
+	zone "0.16.172.in-addr.arpa" {
+	type master;
+	notify no;
+	file "/etc/bind/db.monlabo.lan.rev";
+};
--- a/sio1/siotp/sisr1/tp03/srv-service/bind/named.conf.options
+++ b/sio1/siotp/sisr1/tp03/srv-service/bind/named.conf.options
@@ -0,0 +1,25 @@
+options {
+	directory "/var/cache/bind";
+
+	// If there is a firewall between you and nameservers you want
+	// to talk to, you may need to fix the firewall to allow multiple
+	// ports to talk.  See http://www.kb.cert.org/vuls/id/800113
+
+	// If your ISP provided one or more IP addresses for stable 
+	// nameservers, you probably want to use them as forwarders.  
+	// Uncomment the following block, and insert the addresses replacing 
+	// the all-0's placeholder.
+
+	 forwarders {
+		10.121.38.7;
+		10.121.38.8;
+	 };
+
+	//========================================================================
+	// If BIND logs error messages about the root key being expired,
+	// you will need to update your keys.  See https://www.isc.org/bind-keys
+	//========================================================================
+	dnssec-validation auto;
+
+	listen-on-v6 { any; };
+};
--- a/sio1/siotp/sisr1/tp03/srv-service/dhcp/dhcpd.conf
+++ b/sio1/siotp/sisr1/tp03/srv-service/dhcp/dhcpd.conf
@@ -0,0 +1,110 @@
+# dhcpd.conf
+#
+# Sample configuration file for ISC dhcpd
+#
+
+# option definitions common to all supported networks...
+#option domain-name "example.org";
+#option domain-name-servers ns1.example.org, ns2.example.org;
+
+default-lease-time 604800;
+max-lease-time 604800;
+
+# The ddns-updates-style parameter controls whether or not the server will
+# attempt to do a DNS update when a lease is confirmed. We default to the
+# behavior of the version 2 packages ('none', since DHCP v2 didn't
+# have support for DDNS.)
+ddns-update-style none;
+
+
+subnet 172.16.0.0 netmask 255.255.255.0 {
+range 172.16.0.100 172.16.0.200;
+option routers 172.16.0.254;
+option domain-name-servers 172.16.0.1, 172.16.0.2;
+option domain-name "monlabo.lan";
+}
+
+host srv-admin-jp {
+hardware ethernet 08:00:27:44:f2:e7;
+fixed-address 172.16.0.254;
+}
+host srv-dns2 {
+hardware ethernet 08:00:27:2b:f5:4c;
+fixed-address 172.16.0.2;
+option domain-name-servers 127.0.0.1;
+}
+# This is a very basic subnet declaration.
+
+#subnet 10.254.239.0 netmask 255.255.255.224 {
+#  range 10.254.239.10 10.254.239.20;
+#  option routers rtr-239-0-1.example.org, rtr-239-0-2.example.org;
+#}
+
+# This declaration allows BOOTP clients to get dynamic addresses,
+# which we don't really recommend.
+
+#subnet 10.254.239.32 netmask 255.255.255.224 {
+#  range dynamic-bootp 10.254.239.40 10.254.239.60;
+#  option broadcast-address 10.254.239.31;
+#  option routers rtr-239-32-1.example.org;
+#}
+
+# A slightly different configuration for an internal subnet.
+#subnet 10.5.5.0 netmask 255.255.255.224 {
+#  range 10.5.5.26 10.5.5.30;
+#  option domain-name-servers ns1.internal.example.org;
+#  option domain-name "internal.example.org";
+#  option routers 10.5.5.1;
+#  option broadcast-address 10.5.5.31;
+#  default-lease-time 600;
+#  max-lease-time 7200;
+#}
+
+# Hosts which require special configuration options can be listed in
+# host statements.   If no address is specified, the address will be
+# allocated dynamically (if possible), but the host-specific information
+# will still come from the host declaration.
+
+#host passacaglia {
+#  hardware ethernet 0:0:c0:5d:bd:95;
+#  filename "vmunix.passacaglia";
+#  server-name "toccata.example.com";
+#}
+
+# Fixed IP addresses can also be specified for hosts.   These addresses
+# should not also be listed as being available for dynamic assignment.
+# Hosts for which fixed IP addresses have been specified can boot using
+# BOOTP or DHCP.   Hosts for which no fixed address is specified can only
+# be booted with DHCP, unless there is an address range on the subnet
+# to which a BOOTP client is connected which has the dynamic-bootp flag
+# set.
+#host fantasia {
+#  hardware ethernet 08:00:07:26:c0:a5;
+#  fixed-address fantasia.example.com;
+#}
+
+# You can declare a class of clients and then do address allocation
+# based on that.   The example below shows a case where all clients
+# in a certain class get addresses on the 10.17.224/24 subnet, and all
+# other clients get addresses on the 10.0.29/24 subnet.
+
+#class "foo" {
+#  match if substring (option vendor-class-identifier, 0, 4) = "SUNW";
+#}
+
+#shared-network 224-29 {
+#  subnet 10.17.224.0 netmask 255.255.255.0 {
+#    option routers rtr-224.example.org;
+#  }
+#  subnet 10.0.29.0 netmask 255.255.255.0 {
+#    option routers rtr-29.example.org;
+#  }
+#  pool {
+#    allow members of "foo";
+#    range 10.17.224.10 10.17.224.250;
+#  }
+#  pool {
+#    deny members of "foo";
+#    range 10.0.29.10 10.0.29.230;
+#  }
+#}
--- a/sio1/siotp/sisr1/tp4/Users.csv
+++ b/sio1/siotp/sisr1/tp4/Users.csv
@@ -0,0 +1,30 @@
+Ermengarde,Berthelmot,eberthelmot0@webmd.com,Female,Accountant
+Kassi,Bunker,kbunker1@xinhuanet.com,Female,Production
+Moises,McCallum,mmccallum2@i2i.jp,Male,Production
+Patrizio,Lune,plune3@upenn.edu,Male,Accountant
+Blanch,Everix,beverix4@php.net,Female,Accountant
+Stafani,Kibbel,skibbel5@marriott.com,Female,Production
+Ignacius,Mosdell,imosdell6@cloudflare.com,Male,Management
+Jeana,Waller-Bridge,jwallerbridge7@mapy.cz,Female,Management
+Elroy,Dressel,edressel8@opera.com,Male,Production
+Thea,Strettell,tstrettell9@nature.com,Female,Production
+Solomon,Insoll,sinsolla@utexas.edu,Male,Accountant
+Carri,Feedome,cfeedomeb@ask.com,Female,Accountant
+Padraic,Chetwind,pchetwindc@last.fm,Male,Management
+Solly,D'Ugo,sdugod@uiuc.edu,Male,Production
+Konstanze,MacCostigan,kmaccostigane@seattletimes.com,Female,Accountant
+Roxane,Powlesland,rpowleslandf@pcworld.com,Female,Management
+Orelle,Kennealy,okennealyg@arstechnica.com,Female,Production
+Sukey,Soitoux,ssoitouxh@shinystat.com,Female,Production
+Nelli,Syce,nsycei@blogger.com,Female,Production
+Clarisse,Shillam,cshillamj@dailymotion.com,Female,Production
+Carin,Gueny,cguenyk@naver.com,Female,Management
+Donny,Riepel,driepell@addtoany.com,Male,Production
+Daniella,Ralfe,dralfem@wunderground.com,Female,Production
+Lexy,Clynmans,lclynmansn@furl.net,Female,Production
+Gardiner,Adamthwaite,gadamthwaiteo@spotify.com,Male,Production
+Woodman,Lippett,wlippettp@purevolume.com,Male,Production
+Nadya,Munnion,nmunnionq@flavors.me,Female,Production
+Llewellyn,Habershon,lhabershonr@alibaba.com,Male,Production
+Isaak,Greatrex,igreatrexs@seesaa.net,Male,Production
+Darill,Frostdyke,dfrostdyket@cafepress.com,Male,Production
--- a/sio1/siotp/sisr1/tp4/createLogins.sh
+++ b/sio1/siotp/sisr1/tp4/createLogins.sh
@@ -0,0 +1,16 @@
+#!/bin/bash
+#
+rm ./logins.csv
+while read line
+do
+echo $line > ./temp.txt
+prenom=$(cut -d "," -f 1 ./temp.txt)
+nom=$(cut -d "," -f 2 ./temp.txt)
+initial=$(cut -c 1 ./temp.txt)
+id=$(echo $initial$nom | tr [:upper:] [:lower:])
+passwd=$(echo $RANDOM | md5sum | head -c 8)
+
+echo $id","$passwd","$prenom","$nom","$(cut -d "," -f 5 ./temp.txt) >> ./logins.csv
+
+rm ./temp.txt
+done < ./Users.csv
--- a/sio1/siotp/sisr1/tp4/logins.csv
+++ b/sio1/siotp/sisr1/tp4/logins.csv
@@ -0,0 +1,30 @@
+eberthelmot,59155498,Ermengarde,Berthelmot,Accountant
+kbunker,b9068820,Kassi,Bunker,Production
+mmccallum,ee65d788,Moises,McCallum,Production
+plune,779b128e,Patrizio,Lune,Accountant
+beverix,40741acd,Blanch,Everix,Accountant
+skibbel,46353bb2,Stafani,Kibbel,Production
+imosdell,8ec4cdc3,Ignacius,Mosdell,Management
+jwaller-bridge,ac7367bb,Jeana,Waller-Bridge,Management
+edressel,1af39ab6,Elroy,Dressel,Production
+tstrettell,1f333d96,Thea,Strettell,Production
+sinsoll,9b14d3c8,Solomon,Insoll,Accountant
+cfeedome,acc2de2b,Carri,Feedome,Accountant
+pchetwind,fcf81634,Padraic,Chetwind,Management
+sd'ugo,a6d1382b,Solly,D'Ugo,Production
+kmaccostigan,d2531594,Konstanze,MacCostigan,Accountant
+rpowlesland,b5049d93,Roxane,Powlesland,Management
+okennealy,c03675ff,Orelle,Kennealy,Production
+ssoitoux,c4b0dc61,Sukey,Soitoux,Production
+nsyce,40b513f5,Nelli,Syce,Production
+cshillam,d963042c,Clarisse,Shillam,Production
+cgueny,965b0c91,Carin,Gueny,Management
+driepel,1fcb2d72,Donny,Riepel,Production
+dralfe,8c506545,Daniella,Ralfe,Production
+lclynmans,f107ef6e,Lexy,Clynmans,Production
+gadamthwaite,87b1a7a0,Gardiner,Adamthwaite,Production
+wlippett,c8829ebf,Woodman,Lippett,Production
+nmunnion,f874ffce,Nadya,Munnion,Production
+lhabershon,529dd157,Llewellyn,Habershon,Production
+igreatrex,70d37da4,Isaak,Greatrex,Production
+dfrostdyke,83578805,Darill,Frostdyke,Production
--- a/sio1/squid/conf.d/debian.conf
+++ b/sio1/squid/conf.d/debian.conf
@@ -0,0 +1,11 @@
+#
+# Squid configuration settings for Debian
+#
+
+# Logs are managed by logrotate on Debian
+logfile_rotate 0
+
+# For extra security Debian packages only allow
+# localhost to use the proxy on new installs
+#
+#http_access allow localnet
--- a/sio1/squid/errorpage.css
+++ b/sio1/squid/errorpage.css
@@ -0,0 +1,104 @@
+/*
+ * Copyright (C) 1996-2022 The Squid Software Foundation and contributors
+ *
+ * Squid software is distributed under GPLv2+ license and includes
+ * contributions from numerous individuals and organizations.
+ * Please see the COPYING and CONTRIBUTORS files for details.
+ */
+
+/*
+ Stylesheet for Squid Error pages
+ Adapted from design by Free CSS Templates
+ http://www.freecsstemplates.org
+ Released for free under a Creative Commons Attribution 2.5 License
+*/
+
+/* Page basics */
+* {
+	font-family: verdana, sans-serif;
+}
+
+html body {
+	margin: 0;
+	padding: 0;
+	background: #efefef;
+	font-size: 12px;
+	color: #1e1e1e;
+}
+
+/* Page displayed title area */
+#titles {
+	margin-left: 15px;
+	padding: 10px;
+	padding-left: 100px;
+	background: url('/squid-internal-static/icons/SN.png') no-repeat left;
+}
+
+/* initial title */
+#titles h1 {
+	color: #000000;
+}
+#titles h2 {
+	color: #000000;
+}
+
+/* special event: FTP success page titles */
+#titles ftpsuccess {
+	background-color:#00ff00;
+	width:100%;
+}
+
+/* Page displayed body content area */
+#content {
+	padding: 10px;
+	background: #ffffff;
+}
+
+/* General text */
+p {
+}
+
+/* error brief description */
+#error p {
+}
+
+/* some data which may have caused the problem */
+#data {
+}
+
+/* the error message received from the system or other software */
+#sysmsg {
+}
+
+pre {
+}
+
+/* special event: FTP / Gopher directory listing */
+#dirmsg {
+    font-family: courier, monospace;
+    color: black;
+    font-size: 10pt;
+}
+#dirlisting {
+    margin-left: 2%;
+    margin-right: 2%;
+}
+#dirlisting tr.entry td.icon,td.filename,td.size,td.date {
+    border-bottom: groove;
+}
+#dirlisting td.size {
+    width: 50px;
+    text-align: right;
+    padding-right: 5px;
+}
+
+/* horizontal lines */
+hr {
+	margin: 0;
+}
+
+/* page displayed footer area */
+#footer {
+	font-size: 9px;
+	padding-left: 10px;
+}
--- a/sio1/squid/passwords
+++ b/sio1/squid/passwords
@@ -0,0 +1 @@
+jarod:$apr1$hmMPcsLx$OIzvuRYJYyZ7m0mKwePXz.
--- a/sio1/squid/squid.conf
+++ b/sio1/squid/squid.conf
--- a/sio1/squid/squid.conf.old
+++ b/sio1/squid/squid.conf.old
--- a/sio1/squid/users
+++ b/sio1/squid/users
@@ -0,0 +1 @@
+jarod:$apr1$gIrAXZaM$x71Nx5bI50XB.2/LZZD3D.
				`@@ -0,0 +1 @@`
				ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQC0imYJ5OqmSXlpzBSKm8dSF+vgWAdn8FIdzCO+wT2Vb+dSUaUwXm3KTbW+a/S9KGz6Vjd63pHZfkydS1EPGnp1U/jOdDuNXAOT/7TCoGcrDyEdAMUmxFA/cUMEDvpgpoEicsJZy03BCTcG1jCa5q7aMXpKDmSJoOg6DcS1emsYmli74x4PANOcN19cn69QHviLCxIFI+sanQUSXZwYRsYYcczRh0AAo3iIMzVDDZJ979wnpojdDRLtChxrnmGNSeIiHf0HZSft95cwjH8+YmyPuBg5k+olndYeQX9qAQDmP24yHOXBcxyRdvCN9o4o3Lg6XpzUV/1uU5eXegZc7fLKVPlnj7vGCp/8PzUMXY7VvVxF9ZRtzL8xBkCV5EaoDC7lESdSPKWrRyo8hMYfY/gb5dfJ8LGl9MxrV7B6Y36r+Gy7NgiiRQQbO6734wd/8ebrRP+1y8026NdFzIyL3R5j0Bj5jf8IZVL45UUPdmtd9SsZjgvkazVUNZSPwbtgjzc= root@debtest
				`@@ -0,0 +1 @@`
				`jarod:$apr1$hmMPcsLx$OIzvuRYJYyZ7m0mKwePXz.`
				`@@ -0,0 +1 @@`
				`jarod:$apr1$gIrAXZaM$x71Nx5bI50XB.2/LZZD3D.`