diff --git a/sisr1/tp07/files_firewall/current_ruleset_partie_4.nft b/sisr1/tp07/files_firewall/current_ruleset_partie_4.nft
index 30261d8..1d3d7ec 100644
--- a/sisr1/tp07/files_firewall/current_ruleset_partie_4.nft
+++ b/sisr1/tp07/files_firewall/current_ruleset_partie_4.nft
@@ -2,8 +2,10 @@ define netif = enp0s3
 define dmzif = enp0s8
 define lanif = enp0s9
 
+define lan-ntw = 10.0.0.0/24
+
 define proxy = 10.121.38.1
-defiine dns = {10.121.38.7 , 10.121.38.8}
+define dns = {10.121.38.7 , 10.121.38.8}
 define proxyport = 8080
 define dmznet = 172.16.0.1-172.16.0.254
 
diff --git a/sisr1/tp07/files_firewall/current_ruleset_partie_5.nft b/sisr1/tp07/files_firewall/current_ruleset_partie_5.nft
index 51a5385..d3c7f21 100644
--- a/sisr1/tp07/files_firewall/current_ruleset_partie_5.nft
+++ b/sisr1/tp07/files_firewall/current_ruleset_partie_5.nft
@@ -1,76 +1,89 @@
-table ip ipfilter {
+define netif = enp0s3
+define dmzif = enp0s8
+define lanif = enp0s9
+
+define lan-ntw = 10.0.0.0/24
+
+define proxy = 10.121.38.1
+define dns = {10.121.38.7 , 10.121.38.8}
+define proxyport = 8080
+define dmznet = 172.16.0.1-172.16.0.254
+
+define firewall = 192.168.0.120
+define ipdmz = 172.16.0.254
+define iplan = 10.0.0.254
+
+table ip ipfilter{
 	chain prerouting {
-		type filter hook prerouting priority filter; policy drop;
+                type filter hook prerouting priority filter; policy drop;
+		ct state established, related accept
 		icmp type echo-reply accept
-		ct state established,related accept
-		icmp type echo-request iif "enp0s9" ip daddr 172.16.0.1-172.16.0.254 accept
-		icmp type echo-request iif "enp0s9" ip daddr 10.0.0.254 accept
-		tcp dport 20 accept
-		tcp dport 21 accept
-		tcp dport { 80, 443 } accept
+		icmp type echo-request iif {$lanif} ip daddr $dmznet accept
+		icmp type echo-request iif {$lanif} ip daddr {$iplan} accept
+                tcp dport 20 accept
+                tcp dport 21 accept
+                tcp dport {80, 443} ip saddr $lan-ntw accept
+		tcp sport {80, 443} ip saddr $lan-ntw accept
 		tcp dport 22 accept
-		ip saddr 10.121.38.1 tcp dport { 80, 443 } accept
-	}
-
+		ip saddr $proxy tcp dport {80, 443} accept
+        }
 	chain system_in {
-		type filter hook input priority filter; policy drop;
+                type filter hook input priority filter; policy drop;
+		ct state established, related accept
 		icmp type echo-reply accept
-		icmp type echo-request iif "enp0s9" accept
-		ct state established,related accept
-		tcp dport 20 accept
-		tcp dport 21 accept
-		tcp dport { 80, 443 } accept
-		tcp dport 22 accept
-		ip saddr 10.121.38.1 tcp dport { 80, 443 } accept
+		icmp type echo-request iif {$lanif} accept
+                tcp dport 20 accept
+                tcp dport 21 accept
+                tcp dport {80, 443} accept
+                tcp dport 22 accept
+		ip saddr $proxy tcp dport {80, 443} accept
+        }
+ 	chain routing {
+                type filter hook forward priority filter; policy drop;
+		ct state established, related accept
+        	icmp type echo-request iif {$lanif} oif {$dmzif} accept
+		icmp type echo-reply iif {$dmzif} oif {$lanif} accept
+                tcp dport {80, 443} ip saddr $lan-ntw accept
+		tcp sport {80, 443} ip saddr $lan-ntw accept
 	}
-
-	chain routing {
-		type filter hook forward priority filter; policy drop;
-		icmp type echo-request iif "enp0s9" oif "enp0s8" accept
-		icmp type echo-reply iif "enp0s8" oif "enp0s9" accept
-	}
-
-	chain system_out {
-		type filter hook output priority filter; policy drop;
-		ip daddr { 10.121.38.7, 10.121.38.8 } accept
-		ip daddr 10.121.38.1 tcp dport 8080 accept
-		icmp type echo-reply oif "enp0s9" accept
+ 	chain system_out {
+                type filter hook output priority filter; policy drop;
+                ip daddr $dns accept
+                ip daddr $proxy tcp dport $proxyport accept
+		icmp type echo-reply oif {$lanif} accept
 		icmp type echo-request accept
-		tcp dport 20 accept
+                tcp dport 20 accept
 		tcp sport 20 accept
-		tcp dport 21 accept
+                tcp dport 21 accept
 		tcp sport 21 accept
-		tcp dport { 80, 443 } accept
-		tcp sport { 80, 443 } accept
+                tcp dport {80, 443} accept
+		tcp sport {80, 443} accept
 		tcp sport 22 accept
-	}
-
+        }
 	chain postrouting {
-		type filter hook postrouting priority filter; policy drop;
-		ip daddr { 10.121.38.7, 10.121.38.8 } accept
-		ip daddr 10.121.38.1 tcp dport 8080 accept
-		icmp type echo-request ip saddr { 10.0.0.254, 172.16.0.254, 192.168.0.120 } accept
-		icmp type echo-reply iif "enp0s8" oif "enp0s9" accept
-		icmp type echo-request iif "enp0s9" oif "enp0s8" accept
-		icmp type echo-request ip saddr 10.0.0.254 oif "enp0s9" accept
-		tcp dport 20 accept
-		tcp sport 20 accept
-		tcp dport 21 accept
-		tcp sport 21 accept
-		tcp dport { 80, 443 } accept
-		tcp sport { 80, 443 } accept
+                type filter hook postrouting priority filter; policy drop;
+		ct state established, related accept
+		ip daddr $dns accept
+		ip daddr $proxy tcp dport $proxyport accept
+		icmp type echo-request ip saddr {$iplan, $ipdmz, $firewall} accept
+		icmp type echo-reply iif {$dmzif}  oif {$lanif} accept
+		icmp type echo-request iif {$lanif} oif {$dmzif} accept
+		icmp type echo-request ip saddr $iplan oif $lanif accept
+                tcp dport 20 accept
+                tcp sport 20 accept
+                tcp dport 21 accept
+                tcp sport 21 accept
+                tcp dport {80, 443} accept
+		tcp sport {80, 443} accept
 		tcp sport 22 accept
 	}
 
-	chain nat_prerouting {
-		type nat hook prerouting priority filter; policy drop;
-		tcp dport { 80, 443 } accept
-		tcp dport 22 accept
+	chain pre_nat {
+                type nat hook prerouting priority filter; policy accept;
 	}
-	chain nat_postrouting {
-		type nat hook postrouting priority filter; policy drop;
-		tcp dport { 80, 443 } accept
-		tcp sport { 80, 443 } accept
-		tcp sport 22 accept
+
+	chain post_nat {
+                type nat hook postrouting priority filter; policy accept;
+		ip saddr $lan-ntw oif $netif snat $firewall
 	}
 }