From c9148309de99cc0251ce8d804b2868b9c53621d0 Mon Sep 17 00:00:00 2001 From: Guillaume Emorine Date: Tue, 2 Apr 2024 17:02:18 +0200 Subject: [PATCH] =?UTF-8?q?=09Nouveau=20fichier=C2=A0:=20sisr1/tp07/files?= =?UTF-8?q?=5Ffirewall/current=5Fruleset.nft=20=09Nouveau=20fichier=C2=A0:?= =?UTF-8?q?=20sisr1/tp07/files=5Ffirewall/interfaces=20=09Nouveau=20fichie?= =?UTF-8?q?r=C2=A0:=20sisr1/tp07/files=5Ffirewall/refresh=5Ffirewall.sh=20?= =?UTF-8?q?=09Nouveau=20fichier=C2=A0:=20sisr1/tp07/files=5Ffirewall/resol?= =?UTF-8?q?v.conf=20=09Nouveau=20fichier=C2=A0:=20sisr1/tp07/files=5Fpclan?= =?UTF-8?q?/interfaces=20=09Nouveau=20fichier=C2=A0:=20sisr1/tp07/files=5F?= =?UTF-8?q?pclan/resolv.conf=20=09Nouveau=20fichier=C2=A0:=20sisr1/tp07/fi?= =?UTF-8?q?les=5Fpcnet/interfaces=20=09Nouveau=20fichier=C2=A0:=20sisr1/tp?= =?UTF-8?q?07/files=5Fpcnet/resolv.conf=20=09Nouveau=20fichier=C2=A0:=20si?= =?UTF-8?q?sr1/tp07/files=5Fsrvweb/interfaces=20=09Nouveau=20fichier=C2=A0?= =?UTF-8?q?:=20sisr1/tp07/files=5Fsrvweb/resolv.conf?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- sisr1/tp07/files_firewall/current_ruleset.nft | 13 ++++++++++ sisr1/tp07/files_firewall/interfaces | 25 +++++++++++++++++++ sisr1/tp07/files_firewall/refresh_firewall.sh | 7 ++++++ sisr1/tp07/files_firewall/resolv.conf | 4 +++ sisr1/tp07/files_pclan/interfaces | 14 +++++++++++ sisr1/tp07/files_pclan/resolv.conf | 4 +++ sisr1/tp07/files_pcnet/interfaces | 14 +++++++++++ sisr1/tp07/files_pcnet/resolv.conf | 4 +++ sisr1/tp07/files_srvweb/interfaces | 14 +++++++++++ sisr1/tp07/files_srvweb/resolv.conf | 4 +++ 10 files changed, 103 insertions(+) create mode 100644 sisr1/tp07/files_firewall/current_ruleset.nft create mode 100644 sisr1/tp07/files_firewall/interfaces create mode 100644 sisr1/tp07/files_firewall/refresh_firewall.sh create mode 100644 sisr1/tp07/files_firewall/resolv.conf create mode 100644 sisr1/tp07/files_pclan/interfaces create mode 100644 sisr1/tp07/files_pclan/resolv.conf create mode 100644 sisr1/tp07/files_pcnet/interfaces create mode 100644 sisr1/tp07/files_pcnet/resolv.conf create mode 100644 sisr1/tp07/files_srvweb/interfaces create mode 100644 sisr1/tp07/files_srvweb/resolv.conf diff --git a/sisr1/tp07/files_firewall/current_ruleset.nft b/sisr1/tp07/files_firewall/current_ruleset.nft new file mode 100644 index 0000000..5e456c3 --- /dev/null +++ b/sisr1/tp07/files_firewall/current_ruleset.nft @@ -0,0 +1,13 @@ +table ip ipfilter { + chain routing { + type filter hook forward priority filter; policy accept; + icmp type echo-request iif { "enp0s3", "enp0s8" } drop + icmp type { echo-reply, echo-request } accept + drop + } + + chain system_in { + type filter hook input priority filter; policy accept; + icmp type echo-request iif { "enp0s3", "enp0s8" } drop + } +} diff --git a/sisr1/tp07/files_firewall/interfaces b/sisr1/tp07/files_firewall/interfaces new file mode 100644 index 0000000..cab3445 --- /dev/null +++ b/sisr1/tp07/files_firewall/interfaces @@ -0,0 +1,25 @@ +# This file describes the network interfaces available on your system +# and how to activate them. For more information, see interfaces(5). + +source /etc/network/interfaces.d/* + +# The loopback network interface +auto lo +iface lo inet loopback + +# The primary network interface +allow-hotplug enp0s3 +iface enp0s3 inet static +address 192.168.0.120 +gateway 192.168.0.1 +pre-up bash /root/scriptsnft/refresh_firewall.sh + +# Second network interface : DMZ +allow-hotplug enp0s8 +iface enp0s8 inet static +address 172.16.0.254/24 + +# Third network interface : LAN +allow-hotplug enp0s9 +iface enp0s9 inet static +address 10.0.0.254/24 diff --git a/sisr1/tp07/files_firewall/refresh_firewall.sh b/sisr1/tp07/files_firewall/refresh_firewall.sh new file mode 100644 index 0000000..070243f --- /dev/null +++ b/sisr1/tp07/files_firewall/refresh_firewall.sh @@ -0,0 +1,7 @@ +#!/bin/bash +# active le routage entre les interfaces réseau du firewall +echo "1" > /proc/sys/net/ipv4/ip_forward +#vide les règles actuelles du pare-feu +nft flush ruleset +#charge les règles du pare-feu présentes dans le fichier +nft -f /root/scriptsnft/current_ruleset.nft diff --git a/sisr1/tp07/files_firewall/resolv.conf b/sisr1/tp07/files_firewall/resolv.conf new file mode 100644 index 0000000..04f8dc4 --- /dev/null +++ b/sisr1/tp07/files_firewall/resolv.conf @@ -0,0 +1,4 @@ +domain sio.lan +search sio.lan +nameserver 10.121.38.7 +nameserver 10.121.38.8 diff --git a/sisr1/tp07/files_pclan/interfaces b/sisr1/tp07/files_pclan/interfaces new file mode 100644 index 0000000..563707b --- /dev/null +++ b/sisr1/tp07/files_pclan/interfaces @@ -0,0 +1,14 @@ +# This file describes the network interfaces available on your system +# and how to activate them. For more information, see interfaces(5). + +source /etc/network/interfaces.d/* + +# The loopback network interface +auto lo +iface lo inet loopback + +# The primary network interface +allow-hotplug enp0s3 +iface enp0s3 inet static +address 10.0.0.1/24 +gateway 10.0.0.254 diff --git a/sisr1/tp07/files_pclan/resolv.conf b/sisr1/tp07/files_pclan/resolv.conf new file mode 100644 index 0000000..04f8dc4 --- /dev/null +++ b/sisr1/tp07/files_pclan/resolv.conf @@ -0,0 +1,4 @@ +domain sio.lan +search sio.lan +nameserver 10.121.38.7 +nameserver 10.121.38.8 diff --git a/sisr1/tp07/files_pcnet/interfaces b/sisr1/tp07/files_pcnet/interfaces new file mode 100644 index 0000000..05e785e --- /dev/null +++ b/sisr1/tp07/files_pcnet/interfaces @@ -0,0 +1,14 @@ +# This file describes the network interfaces available on your system +# and how to activate them. For more information, see interfaces(5). + +source /etc/network/interfaces.d/* + +# The loopback network interface +auto lo +iface lo inet loopback + +# The primary network interface +allow-hotplug enp0s3 +iface enp0s3 inet static +address 192.168.0.121 +gateway 192.168.0.120 diff --git a/sisr1/tp07/files_pcnet/resolv.conf b/sisr1/tp07/files_pcnet/resolv.conf new file mode 100644 index 0000000..04f8dc4 --- /dev/null +++ b/sisr1/tp07/files_pcnet/resolv.conf @@ -0,0 +1,4 @@ +domain sio.lan +search sio.lan +nameserver 10.121.38.7 +nameserver 10.121.38.8 diff --git a/sisr1/tp07/files_srvweb/interfaces b/sisr1/tp07/files_srvweb/interfaces new file mode 100644 index 0000000..9a67b8a --- /dev/null +++ b/sisr1/tp07/files_srvweb/interfaces @@ -0,0 +1,14 @@ +# This file describes the network interfaces available on your system +# and how to activate them. For more information, see interfaces(5). + +source /etc/network/interfaces.d/* + +# The loopback network interface +auto lo +iface lo inet loopback + +# The primary network interface +allow-hotplug enp0s3 +iface enp0s3 inet static +address 172.16.0.1/24 +gateway 172.16.0.254 diff --git a/sisr1/tp07/files_srvweb/resolv.conf b/sisr1/tp07/files_srvweb/resolv.conf new file mode 100644 index 0000000..04f8dc4 --- /dev/null +++ b/sisr1/tp07/files_srvweb/resolv.conf @@ -0,0 +1,4 @@ +domain sio.lan +search sio.lan +nameserver 10.121.38.7 +nameserver 10.121.38.8