clean dmz
This commit is contained in:
parent
a0178ca34c
commit
bca507a890
1 changed files with 11 additions and 20 deletions
|
@ -20,19 +20,19 @@ table inet firewall {
|
||||||
set dns {
|
set dns {
|
||||||
type ipv4_addr
|
type ipv4_addr
|
||||||
flags interval
|
flags interval
|
||||||
elements = { 193.48.225.248, 193.48.225.204, 193.48.225.213, 193.48.225.29 }
|
elements = { 193.48.225.204, 193.48.225.29 }
|
||||||
}
|
}
|
||||||
|
|
||||||
set www {
|
set www {
|
||||||
type ipv4_addr
|
type ipv4_addr
|
||||||
flags interval
|
flags interval
|
||||||
elements = { 193.48.225.241, 193.48.225.242, 193.48.225.243, 193.48.225.247, 193.48.225.200, 193.48.225.3, 193.48.225.32, 193.48.225.34, 193.48.225.225, 193.48.225.25, 193.48.225.36, 193.48.225.42, 193.48.225.60, 193.48.225.61, 193.48.225.62, 193.48.225.63, 193.48.225.45, 193.48.225.20, 193.48.225.101}
|
elements = { 193.48.225.241, 193.48.225.242, 193.48.225.34, 193.48.225.25, 193.48.225.36, 193.48.225.42, 193.48.225.60, 193.48.225.61, 193.48.225.62, 193.48.225.20, 193.48.225.101}
|
||||||
}
|
}
|
||||||
|
|
||||||
set irc {
|
set irc {
|
||||||
type ipv4_addr
|
type ipv4_addr
|
||||||
flags interval
|
flags interval
|
||||||
elements = {193.48.225.244}
|
elements = {}
|
||||||
}
|
}
|
||||||
|
|
||||||
set znc {
|
set znc {
|
||||||
|
@ -68,13 +68,13 @@ table inet firewall {
|
||||||
set video {
|
set video {
|
||||||
type ipv4_addr
|
type ipv4_addr
|
||||||
flags interval
|
flags interval
|
||||||
elements = { 193.48.225.240 }
|
elements = { }
|
||||||
}
|
}
|
||||||
|
|
||||||
set ldap {
|
set ldap {
|
||||||
type ipv4_addr
|
type ipv4_addr
|
||||||
flags interval
|
flags interval
|
||||||
elements = { 193.48.225.246, 193.48.225.248 }
|
elements = { 193.48.225.246}
|
||||||
}
|
}
|
||||||
|
|
||||||
set ldap_clients {
|
set ldap_clients {
|
||||||
|
@ -86,28 +86,21 @@ table inet firewall {
|
||||||
set mysql {
|
set mysql {
|
||||||
type ipv4_addr
|
type ipv4_addr
|
||||||
flags interval
|
flags interval
|
||||||
elements = {10.7.0.243}
|
elements = {}
|
||||||
}
|
}
|
||||||
|
|
||||||
set minecraft {
|
set minecraft {
|
||||||
type ipv4_addr
|
type ipv4_addr
|
||||||
flags interval
|
flags interval
|
||||||
elements = {193.48.225.202}
|
elements = {}
|
||||||
}
|
}
|
||||||
|
|
||||||
set latoilescoute {
|
set latoilescoute {
|
||||||
type ipv4_addr
|
type ipv4_addr
|
||||||
flags interval
|
flags interval
|
||||||
elements = {193.48.225.203}
|
elements = {}
|
||||||
}
|
}
|
||||||
|
|
||||||
set dns_rennais {
|
|
||||||
type ipv4_addr
|
|
||||||
flags interval
|
|
||||||
elements = {193.48.225.205}
|
|
||||||
|
|
||||||
}
|
|
||||||
|
|
||||||
set wireguard {
|
set wireguard {
|
||||||
type ipv4_addr
|
type ipv4_addr
|
||||||
flags interval
|
flags interval
|
||||||
|
@ -132,8 +125,6 @@ table inet firewall {
|
||||||
ip daddr @smtp tcp dport { 22, 25, 80, 443, 143, 993, 587} accept
|
ip daddr @smtp tcp dport { 22, 25, 80, 443, 143, 993, 587} accept
|
||||||
ip daddr @dns tcp dport { 22, 53 } accept
|
ip daddr @dns tcp dport { 22, 53 } accept
|
||||||
ip daddr @dns udp dport { 53 } accept
|
ip daddr @dns udp dport { 53 } accept
|
||||||
ip daddr @dns_rennais tcp dport { 22, 53 } accept
|
|
||||||
ip daddr @dns_rennais udp dport { 53 } accept
|
|
||||||
ip daddr @www tcp dport { 21, 22, 80, 443, 3000 } accept
|
ip daddr @www tcp dport { 21, 22, 80, 443, 3000 } accept
|
||||||
ip daddr @federez tcp dport { 22, 53, 80, 443, 389 } accept
|
ip daddr @federez tcp dport { 22, 53, 80, 443, 389 } accept
|
||||||
ip daddr @federez udp dport { 53, 636 } accept
|
ip daddr @federez udp dport { 53, 636 } accept
|
||||||
|
@ -145,14 +136,14 @@ table inet firewall {
|
||||||
ip daddr @video tcp dport { 5678 } accept
|
ip daddr @video tcp dport { 5678 } accept
|
||||||
ip daddr @wireguard udp dport { 51820 } accept
|
ip daddr @wireguard udp dport { 51820 } accept
|
||||||
ip saddr $monitoring udp dport { 161 } accept
|
ip saddr $monitoring udp dport { 161 } accept
|
||||||
|
|
||||||
ip daddr @minecraft tcp dport { 22, 25565 } accept
|
ip daddr @minecraft tcp dport { 22, 25565 } accept
|
||||||
ip daddr @minecraft udp dport { 22, 25565 } accept
|
ip daddr @minecraft udp dport { 22, 25565 } accept
|
||||||
ip daddr @latoilescoute udp dport { 22, 161, 16384-32768 } accept
|
ip daddr @latoilescoute udp dport { 22, 161, 16384-32768 } accept
|
||||||
ip daddr @latoilescoute tcp dport { 22 } accept
|
ip daddr @latoilescoute tcp dport { 22 } accept
|
||||||
ip saddr @ldap_clients ip daddr @ldap tcp dport { 389, 636 } accept
|
ip saddr @ldap_clients ip daddr @ldap tcp dport { 389, 636 } accept
|
||||||
ip saddr @ldap_clients ip daddr @ldap udp dport { 636 } accept
|
ip saddr @ldap_clients ip daddr @ldap udp dport { 636 } accept
|
||||||
|
|
||||||
ip daddr @radius udp dport { 1812, 1814 } accept
|
ip daddr @radius udp dport { 1812, 1814 } accept
|
||||||
ip daddr @dns_recursif udp dport { 53, 853, 443 } accept
|
ip daddr @dns_recursif udp dport { 53, 853, 443 } accept
|
||||||
ip daddr @dns_recursif tcp dport { 53, 853, 443 } accept
|
ip daddr @dns_recursif tcp dport { 53, 853, 443 } accept
|
||||||
|
|
Loading…
Reference in a new issue