From 10a3b3ccb804781690a2fda3498c866b9041580e Mon Sep 17 00:00:00 2001
From: Guillaume Emorine <guillaume.emorine@debian>
Date: Thu, 4 Apr 2024 09:28:50 +0200
Subject: [PATCH] =?UTF-8?q?=09Renomm=C3=A9=C2=A0:=20=20=20=20=20=20=20=20?=
 =?UTF-8?q?=20sisr1/tp07/files=5Ffirewall/current=5Fruleset=5Fv1.nft=20->?=
 =?UTF-8?q?=20sisr1/tp07/files=5Ffirewall/current=5Fruleset=5Fpartie=5F1.n?=
 =?UTF-8?q?ft=20=09Nouveau=20fichier=C2=A0:=20sisr1/tp07/files=5Ffirewall/?=
 =?UTF-8?q?current=5Fruleset=5Fpartie=5F2.nft=20=09Nouveau=20fichier=C2=A0?=
 =?UTF-8?q?:=20sisr1/tp07/files=5Ffirewall/current=5Fruleset=5Fpartie=5F3.?=
 =?UTF-8?q?nft?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 ...et_v1.nft => current_ruleset_partie_1.nft} |  0
 .../current_ruleset_partie_2.nft              | 25 +++++++++++++
 .../current_ruleset_partie_3.nft              | 36 +++++++++++++++++++
 3 files changed, 61 insertions(+)
 rename sisr1/tp07/files_firewall/{current_ruleset_v1.nft => current_ruleset_partie_1.nft} (100%)
 create mode 100644 sisr1/tp07/files_firewall/current_ruleset_partie_2.nft
 create mode 100644 sisr1/tp07/files_firewall/current_ruleset_partie_3.nft

diff --git a/sisr1/tp07/files_firewall/current_ruleset_v1.nft b/sisr1/tp07/files_firewall/current_ruleset_partie_1.nft
similarity index 100%
rename from sisr1/tp07/files_firewall/current_ruleset_v1.nft
rename to sisr1/tp07/files_firewall/current_ruleset_partie_1.nft
diff --git a/sisr1/tp07/files_firewall/current_ruleset_partie_2.nft b/sisr1/tp07/files_firewall/current_ruleset_partie_2.nft
new file mode 100644
index 0000000..83875ea
--- /dev/null
+++ b/sisr1/tp07/files_firewall/current_ruleset_partie_2.nft
@@ -0,0 +1,25 @@
+define netif = enp0s3
+define dmzif = enp0s8
+define lanif = enp0s9
+
+table ip ipfilter{
+	chain prerouting {
+                type filter hook prerouting priority filter; policy drop;
+		tcp dport 22 accept
+        }
+	chain system_in {
+                type filter hook input priority filter; policy drop;
+		tcp dport 22 accept
+        }
+ 	chain routing {
+                type filter hook forward priority filter; policy drop;
+        }
+ 	chain system_out {
+                type filter hook output priority filter; policy drop;
+		tcp sport 22 accept
+        }
+	chain postrouting {
+                type filter hook postrouting priority filter; policy drop;
+		tcp sport 22 accept
+        }
+}
diff --git a/sisr1/tp07/files_firewall/current_ruleset_partie_3.nft b/sisr1/tp07/files_firewall/current_ruleset_partie_3.nft
new file mode 100644
index 0000000..0ffc2ba
--- /dev/null
+++ b/sisr1/tp07/files_firewall/current_ruleset_partie_3.nft
@@ -0,0 +1,36 @@
+define netif = enp0s3
+define dmzif = enp0s8
+define lanif = enp0s9
+
+table ip ipfilter{
+	chain prerouting {
+                type filter hook prerouting priority filter; policy drop;
+		icmp type echo-reply accept
+		icmp type echo-request iif {$lanif} accept
+		tcp dport 22 accept
+        }
+	chain system_in {
+                type filter hook input priority filter; policy drop;
+		icmp type echo-reply accept
+		icmp type echo-request iif {$lanif} accept
+                tcp dport 22 accept
+        }
+ 	chain routing {
+                type filter hook forward priority filter; policy drop;
+        	icmp type echo-request iif {$lanif} accept
+		icmp type echo-reply oif {$lanif} accept
+	}
+ 	chain system_out {
+                type filter hook output priority filter; policy drop;
+		icmp type echo-reply oif {$lanif} accept
+		icmp type echo-request accept
+		tcp sport 22 accept
+        }
+	chain postrouting {
+                type filter hook postrouting priority filter; policy drop;
+		icmp type echo-request ip saddr {192.168.0.120, 10.0.0.254, 172.16.0.254} accept
+		icmp type echo-reply oif {$lanif} accept
+		icmp type echo-request iif {$lanif} accept
+		tcp sport 22 accept
+        }
+}