From a116ae4538dc03deb8d0633c3b1e8f1e2378cf26 Mon Sep 17 00:00:00 2001
From: "jeremy.thomas" <thomasjeremy1220@gmail.com>
Date: Wed, 9 Apr 2025 17:35:51 +0200
Subject: [PATCH] Ajout du tp06

---
 sisr1/tp06-firewall/current_ruleset.nft | 17 +++++++++++++++++
 sisr1/tp06-firewall/fw_part1.nft        | 17 +++++++++++++++++
 sisr1/tp06-firewall/test_firewall.sh    |  7 +++++++
 3 files changed, 41 insertions(+)
 create mode 100644 sisr1/tp06-firewall/current_ruleset.nft
 create mode 100644 sisr1/tp06-firewall/fw_part1.nft
 create mode 100644 sisr1/tp06-firewall/test_firewall.sh

diff --git a/sisr1/tp06-firewall/current_ruleset.nft b/sisr1/tp06-firewall/current_ruleset.nft
new file mode 100644
index 0000000..dd75614
--- /dev/null
+++ b/sisr1/tp06-firewall/current_ruleset.nft
@@ -0,0 +1,17 @@
+define netif = enp0s3
+define lanif = enp0s8
+define dmzif = enp0s9
+ 
+table ip ipfilter {
+        chain routing {
+                type filter hook forward priority filter; policy accept;
+                icmp type echo-request iif { $netif, $dmzif } drop
+                icmp type { echo-reply, echo-request } accept
+                drop
+        }
+ 
+        chain system_in {
+                type filter hook input priority filter; policy accept;
+                icmp type echo-request iif { $netif, $dmzif } drop
+        }
+}
diff --git a/sisr1/tp06-firewall/fw_part1.nft b/sisr1/tp06-firewall/fw_part1.nft
new file mode 100644
index 0000000..dd75614
--- /dev/null
+++ b/sisr1/tp06-firewall/fw_part1.nft
@@ -0,0 +1,17 @@
+define netif = enp0s3
+define lanif = enp0s8
+define dmzif = enp0s9
+ 
+table ip ipfilter {
+        chain routing {
+                type filter hook forward priority filter; policy accept;
+                icmp type echo-request iif { $netif, $dmzif } drop
+                icmp type { echo-reply, echo-request } accept
+                drop
+        }
+ 
+        chain system_in {
+                type filter hook input priority filter; policy accept;
+                icmp type echo-request iif { $netif, $dmzif } drop
+        }
+}
diff --git a/sisr1/tp06-firewall/test_firewall.sh b/sisr1/tp06-firewall/test_firewall.sh
new file mode 100644
index 0000000..dbfb96c
--- /dev/null
+++ b/sisr1/tp06-firewall/test_firewall.sh
@@ -0,0 +1,7 @@
+#!/bin/bash
+ipfirewall=192.168.0.140
+dir=/root/firewall
+ruleset=current_ruleset.nft
+
+scp current_releset.nft root@$ipfirewall:$dir/$ruleset
+ssh root@$ipfirewall "bash $dir/refresh_firewall.sh"
\ No newline at end of file