aboutsummaryrefslogtreecommitdiff
path: root/os/config/roles/network
diff options
context:
space:
mode:
Diffstat (limited to 'os/config/roles/network')
-rw-r--r--os/config/roles/network/templates/rules.v627
1 files changed, 27 insertions, 0 deletions
diff --git a/os/config/roles/network/templates/rules.v6 b/os/config/roles/network/templates/rules.v6
index 50737a0..7cac66e 100644
--- a/os/config/roles/network/templates/rules.v6
+++ b/os/config/roles/network/templates/rules.v6
@@ -3,6 +3,10 @@
:FORWARD DROP [0:0]
:OUTPUT ACCEPT [0:0]
+# Declaring our chains
+-N DEUXFLEURS-TRUSTED-NET
+-N DEUXFLEURS-TRUSTED-PORT
+
# Internet Control Message Protocol
# (required)
-A INPUT -p icmp -j ACCEPT
@@ -21,6 +25,29 @@
-A INPUT -s ::1/128 -j ACCEPT
-A INPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
+# Who is part of our trusted net?
+# Max@Bruxelles
+-A DEUXFLEURS-TRUSTED-NET -s 2a02:1811:3606:4800::0/64 -j DEUXFLEURS-TRUSTED-PORT
+# Max@Suresnes
+-A DEUXFLEURS-TRUSTED-NET -s 2a01:e0a:183:7be2::0/64 -j DEUXFLEURS-TRUSTED-PORT
+# LX@Rennes
+-A DEUXFLEURS-TRUSTED-NET -s 2a02:8428:81d6:6901::0/64 -j DEUXFLEURS-TRUSTED-PORT
+# ADRN@Gandi
+-A DEUXFLEURS-TRUSTED-NET -s 2001:4b98:dc0:41:216:3eff:fe9b:1afb/128 -j DEUXFLEURS-TRUSTED-PORT
+# Quentin@Rennes
+-A DEUXFLEURS-TRUSTED-NET -s 2a01:e35:2fdc:dbe0::0/64 -j DEUXFLEURS-TRUSTED-PORT
+# Source address is not trusted
+-A DEUXFLEURS-TRUSTED-NET -j RETURN
+
+# What can do our trusted net?
+# Access garage basically
+-A DEUXFLEURS-TRUSTED-PORT -p tcp --dport 3901 -j ACCEPT
+# Port is not allowed
+-A DEUXFLEURS-TRUSTED-PORT -j RETURN
+
+# Let's check if the user comes from our trusted network
+-A INPUT -j DEUXFLEURS-TRUSTED-NET
+
COMMIT
*nat