From 81478df2793231ff335d5a8e076d35b6edd86d82 Mon Sep 17 00:00:00 2001
From: Johan Largy <johan.largy@ip-192-168-0-38>
Date: Fri, 3 Feb 2023 09:51:32 +0100
Subject: [PATCH] modif

---
 roles/fw-ferm/files/ferm.conf.r-vp1 | 20 +++++++++-----------
 1 file changed, 9 insertions(+), 11 deletions(-)

diff --git a/roles/fw-ferm/files/ferm.conf.r-vp1 b/roles/fw-ferm/files/ferm.conf.r-vp1
index 00249d7..f6ddd32 100644
--- a/roles/fw-ferm/files/ferm.conf.r-vp1
+++ b/roles/fw-ferm/files/ferm.conf.r-vp1
@@ -35,12 +35,6 @@ table filter {
             proto (udp tcp) dport domain ACCEPT;
             proto udp dport bootps ACCEPT; 
         }
-        interface $DEV_VPN{
-        # respond to ping
-        proto icmp icmp-type echo-request ACCEPT;
-        # disallow ssh
-        saddr proto tcp dport ssh DROP;
-        }           
         
 
         # interface réseau 
@@ -53,16 +47,20 @@ table filter {
 
     # outgoing connections are not limited
     chain OUTPUT {policy ACCEPT;
-        interface $DEV_VPN{
-        # allow ssh
-        daddr proto tcp dport ssh ACCEPT;
-        # respond to ping
-        proto icmp icmp-type echo-request ACCEPT;
         }
      }#FIN OUTPUT
     chain FORWARD {
         policy ACCEPT;
 
+        interface $DEV_VPN{
+            # respond to ping
+            proto icmp icmp-type echo-request ACCEPT;
+            # disallow ssh
+            saddr proto tcp dport ssh DROP;
+            # allow ssh
+            daddr proto tcp dport ssh ACCEPT;
+
+        }
         # connection tracking
         mod state state INVALID DROP;
         mod state state (ESTABLISHED RELATED) ACCEPT;