modification

roles/fw-ferm/files/ferm.conf.r-vp1

@@ -33,13 +33,12 @@ table filter {
         # we provide DNS and SMTP services for the internal net
         interface $DEV_PRIVATE saddr $NET_PRIVATE {
             proto (udp tcp) dport domain ACCEPT;
-            proto udp dport bootps ACCEPT; 
+            proto udp dport bootps ACCEPT;
         }
-        
 
-        # interface réseau 
+        # interface réseau
         interface $DEV_WORLD {
-            
+
         }
 
         # the rest is dropped by the above policy
@@ -47,8 +46,8 @@ table filter {
 
     # outgoing connections are not limited
     chain OUTPUT {policy ACCEPT;
-        }
-     }#FIN OUTPUT
+    }#FIN OUTPUT
+
     chain FORWARD {
         policy ACCEPT;
 
@@ -56,9 +55,9 @@ table filter {
             # respond to ping
             proto icmp icmp-type echo-request ACCEPT;
             # disallow ssh
-            saddr proto tcp dport ssh DROP;
+            saddr($DEV_VPN) proto tcp dport ssh DROP;
             # allow ssh
-            daddr proto tcp dport ssh ACCEPT;
+            daddr($DEV_VPN) proto tcp dport ssh ACCEPT;
 
         }
         # connection tracking