diff --git a/sisr1/tp06-firewall/current_ruleset.nft b/sisr1/tp06-firewall/current_ruleset.nft
index e79bb83..6c8ff3d 100644
--- a/sisr1/tp06-firewall/current_ruleset.nft
+++ b/sisr1/tp06-firewall/current_ruleset.nft
@@ -8,35 +8,108 @@ define dmzip = 172.17.0.254
 
 define lan-ntw = 172.16.0.1-172.16.0.254
 define dmz-ntw = 172.17.0.1-172.17.0.254
- 
+
+define internal-dns-ip = 172.16.0.2
+define dns-forwarder-ip = 10.121.38.7
+
 table ip ipfilter{
+ 
+	#Chaines de filtrage
+ 
 	chain prerouting {
                 type filter hook prerouting priority filter; policy drop;
+			#Communication déjà établies
+		ct state established,related accept
+			#SSH
 		tcp dport 22 accept
+			#Requêtes HTTP/HTTPS depuis LAN
+		tcp dport {80,443} iif $lanif accept
+            #Requêtes externe du serveur DNS
+        ip saddr $internal-dns-ip ip daddr $dns-forwarder-ip accept
+			#Pings
 		icmp type echo-request iif $lanif accept
 		icmp type echo-reply iif {$lanif, $dmzif} accept
+			#Requêtes DNS depuis DMZ
+		ip saddr $dmz-ntw ip daddr $internal-dns-ip accept 
         }
 	chain system_in {
                 type filter hook input priority filter; policy drop;
+			#Communication déjà établies
+		ct state established,related accept
+			#SSH
 		tcp dport 22 accept
+			#Pings
 		icmp type echo-request iif $lanif accept
 		icmp type echo-reply accept
+			#Requêtes DNS depuis DMZ
+		udp dport 53 accept
+		tcp dport 53 accept
         }
  	chain routing {
                 type filter hook forward priority filter; policy drop;
+			#Communication déjà établies
+		ct state established,related accept
+			#Requêtes HTTP/HTTPS depuis LAN
+		tcp dport {80,443} iif $lanif accept
+        #Requêtes externe du serveur DNS
+            ip saddr $internal-dns-ip ip daddr $dns-forwarder-ip accept
+			#Pings
 		icmp type echo-request iif $lanif oif $dmzif accept
 		icmp type echo-reply iif $dmzif oif $lanif accept
+			#Requêtes DNS depuis DMZ
+		ip saddr $dmz-ntw ip daddr $internal-dns-ip accept 
         }
  	chain system_out {
                 type filter hook output priority filter; policy drop;
+			#Communication déjà établies
+		ct state established,related accept
+			#SSH
 		tcp sport 22 accept
+			#Proxy lycée
+		tcp dport 8080 accept
+			#DNS
+		udp dport 53 accept
+			#HTTP/HTTPS
+		tcp dport {80,443} accept
+			#FTP
+		tcp dport {20,21} accept
+			#Pings
 		icmp type echo-request accept
 		icmp type echo-reply oif $lanif accept
         }
 	chain postrouting {
                 type filter hook postrouting priority filter; policy drop;
+			#Communication déjà établies
+		ct state established,related accept
+			#SSH
 		tcp sport 22 accept
+			#Proxy lycée
+		tcp dport 8080 accept
+			#DNS
+		udp dport 53 accept
+			#HTTP/HTTPS 
+		tcp dport {80,443} accept
+			#FTP
+		tcp dport {20,21} accept
+            #Requêtes externe du serveur DNS
+        ip saddr $internal-dns-ip ip daddr $dns-forwarder-ip accept
+			#Pings
 		icmp type echo-request oif {$lanif, $dmzif} accept
 		icmp type echo-reply oif $lanif accept
+			#Requêtes DNS depuis DMZ
+		ip saddr $dmz-ntw ip daddr $internal-dns-ip accept 
         }
+ 
+	#Chaines pour la NAT
+ 
+	chain nat_prerouting {
+		type nat hook prerouting priority filter; policy accept;
+	}
+ 
+	chain nat_postrouting {
+		type nat hook postrouting priority filter; policy accept;
+				#Masquage des IP de la LAN sortant sur Internet
+			ip saddr $lan-ntw oif $netif snat $netip
+	}
+ 
 }
\ No newline at end of file
diff --git a/sisr1/tp06-firewall/fw_part4.nft b/sisr1/tp06-firewall/fw_part4.nft
new file mode 100644
index 0000000..1e127a6
--- /dev/null
+++ b/sisr1/tp06-firewall/fw_part4.nft
@@ -0,0 +1,54 @@
+define netif = enp0s3
+define lanif = enp0s8
+define dmzif = enp0s9
+
+define netip = 192.168.0.130
+define lanip = 172.16.0.254
+define dmzip = 172.17.0.254
+
+define lan-ntw = 172.16.0.1-172.16.0.254
+define dmz-ntw = 172.17.0.1-172.17.0.254
+
+table ip ipfilter {
+    chain prerouting {
+        type filter hook prerouting priority filter; policy drop;
+        ct state established,related accept
+        tcp dport 22 accept
+        icmp type echo-request iif $lanif accept
+        icmp type echo-reply iif {$lanif, $dmzif} accept
+    }
+    chain system_in {
+        type filter hook input priority filter; policy drop;
+        ct state established,related accept
+        tcp dport 22 accept
+        icmp type echo-request iif $lanif accept
+        icmp type echo-reply accept
+        udp sport 53 accept  # Ajout pour les réponses DNS
+    }
+    chain routing {
+        type filter hook forward priority filter; policy drop;
+        icmp type echo-request iif $lanif oif $dmzif accept
+        icmp type echo-reply iif $dmzif oif $lanif accept
+        udp sport 53 accept  # Ajout pour les réponses DNS
+    }
+    chain system_out {
+        type filter hook output priority filter; policy drop;
+        tcp sport 22 accept
+        udp dport 53 accept
+        tcp dport {80, 443} accept
+        tcp dport {20, 21} accept
+        tcp dport 8080 accept
+        icmp type echo-request accept
+        icmp type echo-reply oif $lanif accept
+    }
+    chain postrouting {
+        type filter hook postrouting priority filter; policy drop;
+        tcp sport 22 accept
+        udp dport 53 accept
+        tcp sport {80, 443} accept
+        tcp sport {20, 21} accept
+        tcp dport 8080 accept
+        icmp type echo-request oif {$lanif, $dmzif} accept
+        icmp type echo-reply oif $lanif accept
+    }
+}
diff --git a/sisr1/tp06-firewall/fw_part5.nft b/sisr1/tp06-firewall/fw_part5.nft
new file mode 100644
index 0000000..3f81411
--- /dev/null
+++ b/sisr1/tp06-firewall/fw_part5.nft
@@ -0,0 +1,106 @@
+define netif = enp0s3
+define lanif = enp0s8
+define dmzif = enp0s9
+
+define netip = 192.168.0.130
+define lanip = 172.16.0.254
+define dmzip = 172.17.0.254
+
+define lan-ntw = 172.16.0.1-172.16.0.254
+define dmz-ntw = 172.17.0.1-172.17.0.254
+
+define internal-dns-ip = 172.16.0.2
+define dns-forwarder-ip = 10.121.38.7
+
+table ip ipfilter{
+ 
+	#Chaines de filtrage
+ 
+	chain prerouting {
+                type filter hook prerouting priority filter; policy drop;
+			#Communication déjà établies
+		ct state established,related accept
+			#SSH
+		tcp dport 22 accept
+			#Requêtes HTTP/HTTPS depuis LAN
+		tcp dport {80,443} iif $lanif accept
+            #Requêtes externe du serveur DNS
+        ip saddr $internal-dns-ip ip daddr $dns-forwarder-ip accept
+			#Pings
+		icmp type echo-request iif $lanif accept
+		icmp type echo-reply iif {$lanif, $dmzif} accept
+        }
+	chain system_in {
+                type filter hook input priority filter; policy drop;
+			#Communication déjà établies
+		ct state established,related accept
+			#SSH
+		tcp dport 22 accept
+			#Pings
+		icmp type echo-request iif $lanif accept
+		icmp type echo-reply accept
+        }
+ 	chain routing {
+                type filter hook forward priority filter; policy drop;
+			#Communication déjà établies
+		ct state established,related accept
+			#Requêtes HTTP/HTTPS depuis LAN
+		tcp dport {80,443} iif $lanif accept
+        #Requêtes externe du serveur DNS
+            ip saddr $internal-dns-ip ip daddr $dns-forwarder-ip accept
+			#Pings
+		icmp type echo-request iif $lanif oif $dmzif accept
+		icmp type echo-reply iif $dmzif oif $lanif accept
+        }
+ 	chain system_out {
+                type filter hook output priority filter; policy drop;
+			#Communication déjà établies
+		ct state established,related accept
+			#SSH
+		tcp sport 22 accept
+			#Proxy lycée
+		tcp dport 8080 accept
+			#DNS
+		udp dport 53 accept
+			#HTTP/HTTPS
+		tcp dport {80,443} accept
+			#FTP
+		tcp dport {20,21} accept
+			#Pings
+		icmp type echo-request accept
+		icmp type echo-reply oif $lanif accept
+        }
+	chain postrouting {
+                type filter hook postrouting priority filter; policy drop;
+			#Communication déjà établies
+		ct state established,related accept
+			#SSH
+		tcp sport 22 accept
+			#Proxy lycée
+		tcp dport 8080 accept
+			#DNS
+		udp dport 53 accept
+			#HTTP/HTTPS 
+		tcp dport {80,443} accept
+			#FTP
+		tcp dport {20,21} accept
+            #Requêtes externe du serveur DNS
+        ip saddr $internal-dns-ip ip daddr $dns-forwarder-ip accept
+			#Pings
+		icmp type echo-request oif {$lanif, $dmzif} accept
+		icmp type echo-reply oif $lanif accept
+        }
+ 
+	#Chaines pour la NAT
+ 
+	chain nat_prerouting {
+		type nat hook prerouting priority filter; policy accept;
+	}
+ 
+	chain nat_postrouting {
+		type nat hook postrouting priority filter; policy accept;
+				#Masquage des IP de la LAN sortant sur Internet
+			ip saddr $lan-ntw oif $netif snat $netip
+	}
+ 
+}
\ No newline at end of file
diff --git a/sisr1/tp06-firewall/gitpush.sh b/sisr1/tp06-firewall/gitpush.sh
new file mode 100644
index 0000000..0eb5acc
--- /dev/null
+++ b/sisr1/tp06-firewall/gitpush.sh
@@ -0,0 +1,18 @@
+#!/bin/bash 
+# Permet de vérifier si un message a été passé en argument 
+if [ -z "$1" ]; then
+  read -p "Erreur : Entrez un message : " $message
+else 
+  message=$1
+
+   
+fi
+
+ # Ajout des fichiers modifiés
+git add .
+
+# Commit avec le message
+git commit -m "$message"
+
+# Push vers le dépôt Gitea 
+git push -u https://yann.lereuille@gitea.lyc-lecastel.fr/yann.lereuille/siotp.git
\ No newline at end of file