louis.depres/gsb2023
1
0
Fork 0
Code Pull Requests Activity

modification

Browse Source
This commit is contained in:
root 2023-02-07 17:02:52 +01:00
parent 81478df279
commit 272ef9ac07
1 changed files with 7 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
roles/fw-ferm/files/ferm.conf.r-vp1
View File

@ -33,13 +33,12 @@ table filter {
# we provide DNS and SMTP services for the internal net # we provide DNS and SMTP services for the internal net
interface $DEV_PRIVATE saddr $NET_PRIVATE { interface $DEV_PRIVATE saddr $NET_PRIVATE {
proto (udp tcp) dport domain ACCEPT; proto (udp tcp) dport domain ACCEPT;
proto udp dport bootps ACCEPT; proto udp dport bootps ACCEPT;
} }
# interface réseau # interface réseau
interface $DEV_WORLD { interface $DEV_WORLD {
} }
# the rest is dropped by the above policy # the rest is dropped by the above policy
@ -47,8 +46,8 @@ table filter {
# outgoing connections are not limited # outgoing connections are not limited
chain OUTPUT {policy ACCEPT; chain OUTPUT {policy ACCEPT;
} }#FIN OUTPUT
}#FIN OUTPUT
chain FORWARD { chain FORWARD {
policy ACCEPT; policy ACCEPT;
@ -56,9 +55,9 @@ table filter {
# respond to ping # respond to ping
proto icmp icmp-type echo-request ACCEPT; proto icmp icmp-type echo-request ACCEPT;
# disallow ssh # disallow ssh
saddr proto tcp dport ssh DROP; saddr($DEV_VPN) proto tcp dport ssh DROP;
# allow ssh # allow ssh
daddr proto tcp dport ssh ACCEPT; daddr($DEV_VPN) proto tcp dport ssh ACCEPT;
} }
# connection tracking # connection tracking