From 6fb7134be69b556975e36e00b57f262a91234dda Mon Sep 17 00:00:00 2001 From: zaiken Date: Thu, 11 Jun 2020 22:19:23 +0200 Subject: [PATCH] Ajout des droits pour la VM des rennais (DNS) --- re2o.conf | 26 ++++++++++++++++++++++++++ zones/dmz.nft | 11 ++++++++++- 2 files changed, 36 insertions(+), 1 deletion(-) create mode 100644 re2o.conf diff --git a/re2o.conf b/re2o.conf new file mode 100644 index 0000000..9b00e25 --- /dev/null +++ b/re2o.conf @@ -0,0 +1,26 @@ + + ServerName re2o.rezometz.org + ServerAlias lorrabelle.rez + + LogLevel warn + ErrorLog ${APACHE_LOG_DIR}/re2o-error.log + CustomLog ${APACHE_LOG_DIR}/re2o-access.log combined + + # + # AuthType Basic + # AuthName "Password Required" + # AuthUserFile /usr/local/password + # Require valid-user + # #Require all granted + # + + #Alias /static /var/www/re2o/static_files + #Alias /media /var/www/re2o/media + + #WSGIScriptAlias / /var/www/re2o/re2o/wsgi.py + #WSGIProcessGroup re2o + #WSGIDaemonProcess re2o processes=2 threads=16 maximum-requests=1000 display-name=re2o + #WSGIPassAuthorization On + + DocumentRoot /var/www/html + diff --git a/zones/dmz.nft b/zones/dmz.nft index 71dd75a..da0a70e 100644 --- a/zones/dmz.nft +++ b/zones/dmz.nft @@ -101,12 +101,21 @@ table inet firewall { elements = {193.48.225.203} } + set dns_rennais { + type ipv4_addr + flags interval + elements = {193.48.225.205} + + } + chain to_dmz { ip saddr 10.7.0.0/16 accept ip daddr @smtp tcp dport { 22, 25, 80 } accept ip daddr @dns tcp dport { 22, 53 } accept ip daddr @dns udp dport { 53 } accept + ip daddr @dns_rennais tcp dport { 22, 53 } accept + ip daddr @dns_rennais udp dport { 53 } accept ip daddr @www tcp dport { 21, 22, 80, 443 } accept ip daddr @federez tcp dport { 22, 53, 80, 443, 389 } accept ip daddr @federez udp dport { 53, 636 } accept @@ -120,7 +129,7 @@ table inet firewall { ip daddr @minecraft tcp dport { 22, 25565 } accept ip daddr @minecraft udp dport { 22, 25565 } accept - ip daddr @latoilescoute udp dport { 22, 161 } accept + ip daddr @latoilescoute udp dport { 22, 161 } accept ip daddr @latoilescoute tcp dport { 22 } accept ip saddr @ldap_clients ip daddr @ldap tcp dport { 389, 636 } accept ip saddr @ldap_clients ip daddr @ldap udp dport { 636 } accept