rezometz/firewall
9
0
Fork 0
Code Issues Pull requests 1 Releases Wiki Activity

Add latoilescout and dns

Browse source
This commit is contained in:
Yoann Pétri 2020-05-01 01:40:39 +02:00 committed by root
parent 095d81c113
commit 5a314d6354
1 changed files with 12 additions and 5 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

17
zones/dmz.nft
View file

@ -20,13 +20,13 @@ table inet firewall {
set dns { set dns {
type ipv4_addr type ipv4_addr
flags interval flags interval
elements = { 193.48.225.248 } elements = { 193.48.225.248, 193.48.225.204 }
} }
set www { set www {
type ipv4_addr type ipv4_addr
flags interval flags interval
elements = { 193.48.225.241, 193.48.225.242, 193.48.225.243, 193.48.225.247, 193.48.225.200} elements = { 193.48.225.241, 193.48.225.242, 193.48.225.243, 193.48.225.247, 193.48.225.200, 193.48.225.3, 193.48.225.203 }
} }
set irc { set irc {
@ -95,6 +95,12 @@ table inet firewall {
elements = {193.48.225.202} elements = {193.48.225.202}
} }
set latoilescoute {
type ipv4_addr
flags interval
elements = {193.48.225.203}
}
chain to_dmz { chain to_dmz {
ip saddr 10.7.0.0/16 accept ip saddr 10.7.0.0/16 accept
@ -112,9 +118,10 @@ table inet firewall {
ip daddr @video tcp dport { 5678 } accept ip daddr @video tcp dport { 5678 } accept
ip saddr $monitoring udp dport { 161 } accept ip saddr $monitoring udp dport { 161 } accept
ip daddr @minecraft tcp dport { 25565 } accept ip daddr @minecraft tcp dport { 22, 25565 } accept
ip daddr @minecraft udp dport { 25565 } accept ip daddr @minecraft udp dport { 22, 25565 } accept
ip daddr @latoilescoute udp dport { 22 } accept
ip daddr @latoilescoute tcp dport { 22 } accept
ip saddr @ldap_clients ip daddr @ldap tcp dport { 389, 636 } accept ip saddr @ldap_clients ip daddr @ldap tcp dport { 389, 636 } accept
ip saddr @ldap_clients ip daddr @ldap udp dport { 636 } accept ip saddr @ldap_clients ip daddr @ldap udp dport { 636 } accept