nathan.genret/firewall
1
0
Fork 0
forked from guillaume.emorine/siotp
Code Pull Requests Activity

Actualiser sisr1/tp07/files_firewall/current_ruleset_partie_5.nft

Browse Source 
Changement de la mise en forme, sera supprimé si le téléchargement du fichier ruine la mise en forme originale du code.
This commit is contained in:
guillaume.emorine 2024-04-08 09:38:17 +02:00
parent 6676b43753
commit 5374bb2491
1 changed files with 30 additions and 26 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

56
sisr1/tp07/files_firewall/current_ruleset_partie_5.nft
View File

@ -15,53 +15,57 @@ define iplan = 10.0.0.254
table ip ipfilter{ table ip ipfilter{
chain prerouting { chain prerouting {
type filter hook prerouting priority filter; policy drop; type filter hook prerouting priority filter; policy drop;
ct state established, related accept ct state established, related accept
icmp type echo-reply accept icmp type echo-reply accept
icmp type echo-request iif {$lanif} ip daddr $dmznet accept icmp type echo-request iif {$lanif} ip daddr $dmznet accept
icmp type echo-request iif {$lanif} ip daddr {$iplan} accept icmp type echo-request iif {$lanif} ip daddr {$iplan} accept
tcp dport 20 accept tcp dport 20 accept
tcp dport 21 accept tcp dport 21 accept
tcp dport {80, 443} ip saddr $lan-ntw accept tcp dport {80, 443} ip saddr $lan-ntw accept
tcp sport {80, 443} ip saddr $lan-ntw accept tcp sport {80, 443} ip saddr $lan-ntw accept
tcp dport 22 accept tcp dport 22 accept
ip saddr $proxy tcp dport {80, 443} accept ip saddr $proxy tcp dport {80, 443} accept
} }
chain system_in { chain system_in {
type filter hook input priority filter; policy drop; type filter hook input priority filter; policy drop;
ct state established, related accept ct state established, related accept
icmp type echo-reply accept icmp type echo-reply accept
icmp type echo-request iif {$lanif} accept icmp type echo-request iif {$lanif} accept
tcp dport 20 accept tcp dport 20 accept
tcp dport 21 accept tcp dport 21 accept
tcp dport {80, 443} accept tcp dport {80, 443} accept
tcp dport 22 accept tcp dport 22 accept
ip saddr $proxy tcp dport {80, 443} accept ip saddr $proxy tcp dport {80, 443} accept
} }
chain routing { chain routing {
type filter hook forward priority filter; policy drop; type filter hook forward priority filter; policy drop;
ct state established, related accept ct state established, related accept
icmp type echo-request iif {$lanif} oif {$dmzif} accept icmp type echo-request iif {$lanif} oif {$dmzif} accept
icmp type echo-reply iif {$dmzif} oif {$lanif} accept icmp type echo-reply iif {$dmzif} oif {$lanif} accept
tcp dport {80, 443} ip saddr $lan-ntw accept tcp dport {80, 443} ip saddr $lan-ntw accept
tcp sport {80, 443} ip saddr $lan-ntw accept tcp sport {80, 443} ip saddr $lan-ntw accept
} }
chain system_out { chain system_out {
type filter hook output priority filter; policy drop; type filter hook output priority filter; policy drop;
ip daddr $dns accept ip daddr $dns accept
ip daddr $proxy tcp dport $proxyport accept ip daddr $proxy tcp dport $proxyport accept
icmp type echo-reply oif {$lanif} accept icmp type echo-reply oif {$lanif} accept
icmp type echo-request accept icmp type echo-request accept
tcp dport 20 accept tcp dport 20 accept
tcp sport 20 accept tcp sport 20 accept
tcp dport 21 accept tcp dport 21 accept
tcp sport 21 accept tcp sport 21 accept
tcp dport {80, 443} accept tcp dport {80, 443} accept
tcp sport {80, 443} accept tcp sport {80, 443} accept
tcp sport 22 accept tcp sport 22 accept
} }
chain postrouting { chain postrouting {
type filter hook postrouting priority filter; policy drop; type filter hook postrouting priority filter; policy drop;
ct state established, related accept ct state established, related accept
ip daddr $dns accept ip daddr $dns accept
ip daddr $proxy tcp dport $proxyport accept ip daddr $proxy tcp dport $proxyport accept
@ -69,21 +73,21 @@ table ip ipfilter{
icmp type echo-reply iif {$dmzif} oif {$lanif} accept icmp type echo-reply iif {$dmzif} oif {$lanif} accept
icmp type echo-request iif {$lanif} oif {$dmzif} accept icmp type echo-request iif {$lanif} oif {$dmzif} accept
icmp type echo-request ip saddr $iplan oif $lanif accept icmp type echo-request ip saddr $iplan oif $lanif accept
tcp dport 20 accept tcp dport 20 accept
tcp sport 20 accept tcp sport 20 accept
tcp dport 21 accept tcp dport 21 accept
tcp sport 21 accept tcp sport 21 accept
tcp dport {80, 443} accept tcp dport {80, 443} accept
tcp sport {80, 443} accept tcp sport {80, 443} accept
tcp sport 22 accept tcp sport 22 accept
} }
chain pre_nat { chain pre_nat {
type nat hook prerouting priority filter; policy accept; type nat hook prerouting priority filter; policy accept;
} }
chain post_nat { chain post_nat {
type nat hook postrouting priority filter; policy accept; type nat hook postrouting priority filter; policy accept;
ip saddr $lan-ntw oif $netif snat $firewall ip saddr $lan-ntw oif $netif snat $firewall
} }
} }