nouveau fichier : bts_annee_2/cyber2/wordpress-lamp/README.md

nouveau fichier : bts_annee_2/cyber2/wordpress-lamp/compte-rendu-2024-09-30 nouveau fichier : bts_annee_2/cyber2/wordpress-lamp/compterendudistant.sh nouveau fichier : bts_annee_2/cyber2/wordpress-lamp/ferm.conf nouveau fichier : bts_annee_2/cyber2/wordpress-lamp/goss.yaml renommé : bts_annee_2/sisr2/seance_03/README.md -> bts_annee_2/sisr2/heartbeat_repa_charge/README.md renommé : bts_annee_2/sisr2/seance_03/hb1/inst-hb1.sh -> bts_annee_2/sisr2/heartbeat_repa_charge/hb1/inst-hb1.sh renommé : bts_annee_2/sisr2/seance_03/hb2/inst-hb2.sh -> bts_annee_2/sisr2/heartbeat_repa_charge/hb2/inst-hb2.sh renommé : bts_annee_2/sisr2/seance_03/vagrant/Vagrantfile_bookworm -> bts_annee_2/sisr2/heartbeat_repa_charge/vagrant/Vagrantfile_bookworm renommé : bts_annee_2/sisr2/seance_03/vagrant/Vagrantfile_rsync -> bts_annee_2/sisr2/heartbeat_repa_charge/vagrant/Vagrantfile_rsync renommé : bts_annee_2/sisr2/seance_04/README.md -> bts_annee_2/sisr2/lvs_haproxy/README.md renommé : bts_annee_2/sisr2/seance_04/lvs/haproxy.cfg -> bts_annee_2/sisr2/lvs_haproxy/lvs/haproxy.cfg renommé : bts_annee_2/sisr2/seance_04/lvs/ipvs.sh -> bts_annee_2/sisr2/lvs_haproxy/lvs/ipvs.sh
2024-10-03 10:22:26 +02:00
parent 7d2f5d2074
commit efddb08c77
13 changed files with 230 additions and 0 deletions
--- a/bts_annee_2/cyber2/wordpress-lamp/ferm.conf
+++ b/bts_annee_2/cyber2/wordpress-lamp/ferm.conf
@@ -0,0 +1,43 @@
+# -*- shell-script -*-
+#
+#  Configuration file for ferm(1).
+#
+domain (ip) {
+    table filter {
+        chain INPUT {
+            policy DROP;
+
+            # connection tracking
+            mod state state INVALID DROP;
+            mod state state (ESTABLISHED RELATED) ACCEPT;
+
+            # allow local packet
+            interface lo ACCEPT;
+
+            # respond to ping
+            proto icmp ACCEPT; 
+
+            # allow SSH connections
+            proto tcp dport ssh ACCEPT;
+        
+	    # autorise les connexions HTTP et HTTPS
+	    proto tcp dport (http https) ACCEPT;
+	}
+        chain OUTPUT {
+            policy ACCEPT;
+
+            # connection tracking
+            #mod state state INVALID DROP;
+            mod state state (ESTABLISHED RELATED) ACCEPT;
+        }
+        chain FORWARD {
+            policy DROP;
+
+            # connection tracking
+            mod state state INVALID DROP;
+            mod state state (ESTABLISHED RELATED) ACCEPT;
+        }
+    }
+}
+
+@include ferm.d/;