push ferm.conf

roles/fw-ferm/files/ferm.conf.r-vp1

@@ -35,23 +35,22 @@ table filter {
             proto (udp tcp) dport domain ACCEPT;
             proto udp dport bootps ACCEPT;
         }
-
         # interface réseau
-        interface $DEV_WORLD {
-
-        }
 
         # the rest is dropped by the above policy
     }#FIN INPUT
 
     # outgoing connections are not limited
-    chain OUTPUT {policy ACCEPT;
+    chain OUTPUT {
+        policy ACCEPT;
+#	interface $DEV_VPN proto ssh dport 22 ACCEPT;
+
     }#FIN OUTPUT
 
     chain FORWARD {
         policy ACCEPT;
+
         proto icmp icmp-type echo-request ACCEPT;
-        }
         # connection tracking
         mod state state INVALID DROP;
         mod state state (ESTABLISHED RELATED) ACCEPT;