40 lines
660 B
Plaintext
40 lines
660 B
Plaintext
#! /sbin/nft -f
|
|
|
|
|
|
table inet firewall {
|
|
|
|
# Définition de la DMZ
|
|
|
|
set z_dmz {
|
|
type ipv4_addr
|
|
flags interval
|
|
elements = {193.48.225.224/27}
|
|
}
|
|
|
|
set dmz_allowed_tcp_in {
|
|
type ipv4_addr . inet_service
|
|
}
|
|
set dmz_allowed_tcp_out {
|
|
type ipv4_addr . inet_service
|
|
}
|
|
set dmz_allowed_udp_in {
|
|
type ipv4_addr . inet_service
|
|
}
|
|
set dmz_allowed_udp_out {
|
|
type ipv4_addr . inet_service
|
|
}
|
|
|
|
chain to_dmz {
|
|
#ip daddr . tcp dport @dmz_allowed_tcp_in accept
|
|
#ip daddr . udp dport @dmz_allowed_udp_in accept
|
|
accept
|
|
}
|
|
|
|
chain from_dmz {
|
|
#ip saddr . tcp dport != @dmz_allowed_tcp_out drop
|
|
#ip saddr . udp dport != @dmz_allowed_udp_out drop
|
|
}
|
|
|
|
}
|
|
|