2019-06-01 14:02:49 +00:00
|
|
|
*filter
|
|
|
|
:INPUT DROP [0:0]
|
|
|
|
:FORWARD DROP [0:0]
|
|
|
|
:OUTPUT ACCEPT [0:0]
|
|
|
|
|
2020-10-28 15:55:11 +00:00
|
|
|
# Declaring our chains
|
|
|
|
-N DEUXFLEURS-TRUSTED-NET
|
|
|
|
-N DEUXFLEURS-TRUSTED-PORT
|
|
|
|
|
2020-10-22 16:29:37 +00:00
|
|
|
# Internet Control Message Protocol
|
|
|
|
# (required)
|
2020-10-22 15:57:02 +00:00
|
|
|
-A INPUT -p icmp -j ACCEPT
|
2020-10-22 16:29:37 +00:00
|
|
|
-A INPUT -p ipv6-icmp -j ACCEPT
|
2020-10-22 15:57:02 +00:00
|
|
|
|
2020-07-13 18:01:04 +00:00
|
|
|
# Administration
|
2020-10-22 15:57:02 +00:00
|
|
|
-A INPUT -p tcp --dport 22 -j ACCEPT
|
2020-07-13 18:01:04 +00:00
|
|
|
|
|
|
|
# Cluster
|
2022-03-09 15:54:19 +00:00
|
|
|
-A INPUT -s 2a01:e0a:260:b5b0::2 -j ACCEPT
|
|
|
|
-A INPUT -s 2a01:e0a:260:b5b0::3 -j ACCEPT
|
|
|
|
-A INPUT -s 2a01:e0a:260:b5b0::4 -j ACCEPT
|
2019-06-01 14:02:49 +00:00
|
|
|
|
2020-07-13 18:01:04 +00:00
|
|
|
# Local
|
2019-06-01 14:02:49 +00:00
|
|
|
-A INPUT -i docker0 -j ACCEPT
|
2020-10-22 15:57:02 +00:00
|
|
|
-A INPUT -s ::1/128 -j ACCEPT
|
2020-10-22 16:29:37 +00:00
|
|
|
-A INPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
|
2020-10-22 15:57:02 +00:00
|
|
|
|
2020-10-28 15:55:11 +00:00
|
|
|
# Who is part of our trusted net?
|
|
|
|
# Max@Bruxelles
|
|
|
|
-A DEUXFLEURS-TRUSTED-NET -s 2a02:1811:3606:4800::0/64 -j DEUXFLEURS-TRUSTED-PORT
|
|
|
|
# Max@Suresnes
|
|
|
|
-A DEUXFLEURS-TRUSTED-NET -s 2a01:e0a:183:7be2::0/64 -j DEUXFLEURS-TRUSTED-PORT
|
2020-10-28 16:55:03 +00:00
|
|
|
# Max@OVH
|
2021-09-28 14:51:45 +00:00
|
|
|
-A DEUXFLEURS-TRUSTED-NET -s 2001:41d0:a:307c:ac7c::0/64 -j DEUXFLEURS-TRUSTED-PORT
|
|
|
|
# Jill@Rennes
|
|
|
|
-A DEUXFLEURS-TRUSTED-NET -s 2a01:e0a:5e4:1d0::0/64 -j DEUXFLEURS-TRUSTED-PORT
|
2020-10-28 15:55:11 +00:00
|
|
|
# ADRN@Gandi
|
|
|
|
-A DEUXFLEURS-TRUSTED-NET -s 2001:4b98:dc0:41:216:3eff:fe9b:1afb/128 -j DEUXFLEURS-TRUSTED-PORT
|
|
|
|
# Quentin@Rennes
|
|
|
|
-A DEUXFLEURS-TRUSTED-NET -s 2a01:e35:2fdc:dbe0::0/64 -j DEUXFLEURS-TRUSTED-PORT
|
2021-04-05 16:28:45 +00:00
|
|
|
# Erwan@Rennes
|
|
|
|
-A DEUXFLEURS-TRUSTED-NET -s 2a01:e0a:260:b5b0::0/64 -j DEUXFLEURS-TRUSTED-PORT
|
2022-02-09 14:53:45 +00:00
|
|
|
# LX@Orsay
|
2022-05-08 22:10:08 +00:00
|
|
|
-A DEUXFLEURS-TRUSTED-NET -s 2a06:a004:3025:1::0/64 -j DEUXFLEURS-TRUSTED-PORT
|
2020-10-28 15:55:11 +00:00
|
|
|
# Source address is not trusted
|
|
|
|
-A DEUXFLEURS-TRUSTED-NET -j RETURN
|
|
|
|
|
|
|
|
# What can do our trusted net?
|
|
|
|
# Access garage basically
|
|
|
|
-A DEUXFLEURS-TRUSTED-PORT -p tcp --dport 3901 -j ACCEPT
|
|
|
|
# Port is not allowed
|
|
|
|
-A DEUXFLEURS-TRUSTED-PORT -j RETURN
|
|
|
|
|
|
|
|
# Let's check if the user comes from our trusted network
|
|
|
|
-A INPUT -j DEUXFLEURS-TRUSTED-NET
|
|
|
|
|
2019-06-01 14:02:49 +00:00
|
|
|
COMMIT
|
|
|
|
|
|
|
|
*nat
|
|
|
|
:PREROUTING ACCEPT [0:0]
|
|
|
|
:INPUT ACCEPT [0:0]
|
|
|
|
:OUTPUT ACCEPT [0:0]
|
|
|
|
:POSTROUTING ACCEPT [0:0]
|
|
|
|
COMMIT
|
|
|
|
|
|
|
|
*mangle
|
|
|
|
:PREROUTING ACCEPT [0:0]
|
|
|
|
:INPUT ACCEPT [0:0]
|
|
|
|
:FORWARD ACCEPT [0:0]
|
|
|
|
:OUTPUT ACCEPT [0:0]
|
|
|
|
:POSTROUTING ACCEPT [0:0]
|
|
|
|
COMMIT
|
2020-10-22 15:57:02 +00:00
|
|
|
|