#! /sbin/nft -f table inet firewall { # Définition de la DMZ set z_dmz { type ipv4_addr; flags interval elements = { # Si l'on souhaite ajouter des ranges d'ip c'est ici 193.48.225.224/27, } } set dmz_allowed_tcp_in { type ipv4_addr . inet_service flags interval elements = { } } set dmz_allowed_tcp_out { type ipv4_addr . inet_service flags interval elements = { } } set dmz_allowed_udp_in { type ipv4_addr . inet_service flags interval elements = { } } set dmz_allowed_udp_out { type ipv4_addr . inet_service flags interval elements = { } } chain to_dmz { ip daddr . tcp dport @dmz_allowed_tcp_in accept; ip daddr . udp dport @dmz_allowed_udp_in accept; drop; } chain from_dmz { not ip saddr . tcp dport @dmz_allowed_tcp_out drop; not ip saddr . udp dport @dmz_allowed_udp_out drop; } }