Ajout du tp06

sisr1/tp06-firewall/current_ruleset.nft

@@ -0,0 +1,17 @@
+define netif = enp0s3
+define lanif = enp0s8
+define dmzif = enp0s9
+ 
+table ip ipfilter {
+        chain routing {
+                type filter hook forward priority filter; policy accept;
+                icmp type echo-request iif { $netif, $dmzif } drop
+                icmp type { echo-reply, echo-request } accept
+                drop
+        }
+ 
+        chain system_in {
+                type filter hook input priority filter; policy accept;
+                icmp type echo-request iif { $netif, $dmzif } drop
+        }
+}

sisr1/tp06-firewall/fw_part1.nft

@@ -0,0 +1,17 @@
+define netif = enp0s3
+define lanif = enp0s8
+define dmzif = enp0s9
+ 
+table ip ipfilter {
+        chain routing {
+                type filter hook forward priority filter; policy accept;
+                icmp type echo-request iif { $netif, $dmzif } drop
+                icmp type { echo-reply, echo-request } accept
+                drop
+        }
+ 
+        chain system_in {
+                type filter hook input priority filter; policy accept;
+                icmp type echo-request iif { $netif, $dmzif } drop
+        }
+}

sisr1/tp06-firewall/test_firewall.sh

@@ -0,0 +1,7 @@
+#!/bin/bash
+ipfirewall=192.168.0.140
+dir=/root/firewall
+ruleset=current_ruleset.nft
+
+scp current_releset.nft root@$ipfirewall:$dir/$ruleset
+ssh root@$ipfirewall "bash $dir/refresh_firewall.sh"