diff --git a/sisr1/tp06-firewall/current_ruleset.nft b/sisr1/tp06-firewall/current_ruleset.nft
new file mode 100644
index 0000000..dd75614
--- /dev/null
+++ b/sisr1/tp06-firewall/current_ruleset.nft
@@ -0,0 +1,17 @@
+define netif = enp0s3
+define lanif = enp0s8
+define dmzif = enp0s9
+ 
+table ip ipfilter {
+        chain routing {
+                type filter hook forward priority filter; policy accept;
+                icmp type echo-request iif { $netif, $dmzif } drop
+                icmp type { echo-reply, echo-request } accept
+                drop
+        }
+ 
+        chain system_in {
+                type filter hook input priority filter; policy accept;
+                icmp type echo-request iif { $netif, $dmzif } drop
+        }
+}
diff --git a/sisr1/tp06-firewall/fw_part1.nft b/sisr1/tp06-firewall/fw_part1.nft
new file mode 100644
index 0000000..dd75614
--- /dev/null
+++ b/sisr1/tp06-firewall/fw_part1.nft
@@ -0,0 +1,17 @@
+define netif = enp0s3
+define lanif = enp0s8
+define dmzif = enp0s9
+ 
+table ip ipfilter {
+        chain routing {
+                type filter hook forward priority filter; policy accept;
+                icmp type echo-request iif { $netif, $dmzif } drop
+                icmp type { echo-reply, echo-request } accept
+                drop
+        }
+ 
+        chain system_in {
+                type filter hook input priority filter; policy accept;
+                icmp type echo-request iif { $netif, $dmzif } drop
+        }
+}
diff --git a/sisr1/tp06-firewall/test_firewall.sh b/sisr1/tp06-firewall/test_firewall.sh
new file mode 100644
index 0000000..dbfb96c
--- /dev/null
+++ b/sisr1/tp06-firewall/test_firewall.sh
@@ -0,0 +1,7 @@
+#!/bin/bash
+ipfirewall=192.168.0.140
+dir=/root/firewall
+ruleset=current_ruleset.nft
+
+scp current_releset.nft root@$ipfirewall:$dir/$ruleset
+ssh root@$ipfirewall "bash $dir/refresh_firewall.sh"
\ No newline at end of file