From dd6d34986bc93f6fd4beb9dfad4a8e57d85a35fd Mon Sep 17 00:00:00 2001
From: root <root@ip-10-0-2-15>
Date: Wed, 5 Apr 2023 10:49:31 +0200
Subject: [PATCH] fw filtrage int ok

---
 roles/fw-ferm/files/ferm.conf.r-vp1 | 11 ++++++++---
 1 file changed, 8 insertions(+), 3 deletions(-)

diff --git a/roles/fw-ferm/files/ferm.conf.r-vp1 b/roles/fw-ferm/files/ferm.conf.r-vp1
index b9c27bb..0474864 100644
--- a/roles/fw-ferm/files/ferm.conf.r-vp1
+++ b/roles/fw-ferm/files/ferm.conf.r-vp1
@@ -4,10 +4,12 @@
 
 @def $DEV_PRIVATE = enp0s8;
 @def $DEV_WORLD = enp0s9;
+@def $DEV_WORLD = enp0s9;
 @def $DEV_VPN= wg0;
 @def $NET_PRIVATE = 172.16.0.0/24;
 
 table filter {
+
     chain (INPUT OUTPUT){
         # allow VPN
 	proto udp dport 51820 ACCEPT;
@@ -28,22 +30,22 @@ table filter {
 
         # allow SSH connections from the private network and from some
         # well-known internet hosts
-        saddr ($NET_PRIVATE 81.209.165.42) proto tcp dport ssh ACCEPT;
+        saddr ($NET_PRIVATE) proto tcp dport ssh ACCEPT;
 
         # we provide DNS and SMTP services for the internal net
         interface $DEV_PRIVATE saddr $NET_PRIVATE {
             proto (udp tcp) dport domain ACCEPT;
             proto udp dport bootps ACCEPT;
         }
-        # interface réseau
 
         # the rest is dropped by the above policy
+
     }#FIN INPUT
 
     # outgoing connections are not limited
+
     chain OUTPUT {
         policy ACCEPT;
-#	interface $DEV_VPN proto ssh dport 22 ACCEPT;
 
     }#FIN OUTPUT
 
@@ -59,6 +61,9 @@ table filter {
         # internal nets are allowed
         interface $DEV_PRIVATE ACCEPT;
 
+	interface $DEV_VPN daddr $NET_PRIVATE {
+ 	proto tcp dport ssh DROP;
+        }
         # the rest is dropped by the above policy
     }
 }