From e91517b95aa22544cfcb67bd3fcdd73e7cb84890 Mon Sep 17 00:00:00 2001 From: Thomas Chevalier Date: Thu, 19 May 2022 09:45:57 +0200 Subject: [PATCH] Adapt configuration from stallman --- config/networks/dmz.nft | 27 +++++++++------------------ config/networks/nerim.nft | 4 ++-- 2 files changed, 11 insertions(+), 20 deletions(-) diff --git a/config/networks/dmz.nft b/config/networks/dmz.nft index 5217309..9b242d1 100644 --- a/config/networks/dmz.nft +++ b/config/networks/dmz.nft @@ -4,28 +4,20 @@ table inet firewall { # helper set to quickly add a web server to the whitelist type ipv4_addr elements = { - # jarvis (librenms) - 193.54.193.11, - # fafnir (passbolt) - 193.54.193.23, - # thor (re2o) - 193.54.193.25, - # urdarbrunn (wiki) - 193.54.193.26, - # loki (contrôleur de bornes) - 193.54.193.27, - # brokkr (gitlab) - 193.54.193.31, - # verdandi (icinga) - 193.54.193.33, + 193.54.193.11, # jarvis (librenms) + 193.54.193.23, # fafnir (passbolt) + 193.54.193.25, # thor (re2o) + 193.54.193.26, # urdarbrunn (wiki) + 193.54.193.27, # loki (contrôleur de bornes) + 193.54.193.31, # brokkr (gitlab) + 193.54.193.33, # verdandi (icinga) } } set dmz_whitelist_tcp { type ipv4_addr . inet_service elements = { - # frigg (radius) - 193.54.193.20 . 1812, + 193.54.193.20 . 1812, # frigg (radius) 193.54.193.20 . 1813, } } @@ -33,8 +25,7 @@ table inet firewall { set dmz_whitelist_udp { type ipv4_addr . inet_service elements = { - # frigg (radius) - 193.54.193.20 . 1812, + 193.54.193.20 . 1812, # frigg (radius) 193.54.193.20 . 1813, } } diff --git a/config/networks/nerim.nft b/config/networks/nerim.nft index bb85012..6d891da 100644 --- a/config/networks/nerim.nft +++ b/config/networks/nerim.nft @@ -10,7 +10,7 @@ table inet firewall { chain fwd_yann_minecraft{ # Serveur minecraft Yann - dnat to 10.2.4.29:23456 + ip version 4 ip protocol tcp dnat to 10.2.4.29:23456 } chain fwd_fabien_pathier{ @@ -31,6 +31,6 @@ table inet firewall { } chain snat_nerim { - masquerade log prefix "masquerade:" + log prefix "masquerade:" masquerade } }