Skip to content
Snippets Groups Projects
Verified Commit d8b5321f authored by David Beniamine's avatar David Beniamine
Browse files

3zones based on 2zones amonecole

parent 9f8d1380
Branches
No related tags found
No related merge requests found
Show whitespace changes
Inline Side-by-side
eole/era/2zones-amonecole-cuques.xml eole/era/3zones-amonecole-cuques.xml
+ 34
3
View file @ d8b5321f
<?xml version="1.0" encoding="UTF-8" ?>
<firewall name="/usr/share/era/modeles/2zones-amonecole-cuques.xml" model="/usr/share/era/modeles/2zones-amonecole.xml" version="2.42">
<firewall name="/usr/share/era/modeles/3zones-amonecole-cuques.xml" model="/usr/share/era/modeles/3zones-amonecole.xml" version="2.42">
<zones>
</zones>
<include>
......@@ -54,10 +54,41 @@
</descendantes>
</flux>
<flux zoneA="bastion" zoneB="pedago">
<flux zoneA="bastion" zoneB="admin">
<montantes default_policy="0">
<directive service="apt-cacher-ng" priority="40" action="2" attrs="0" mark_operator="None" mark_value="" src_inv="0" dest_inv="0" serv_inv="0" libelle="pas de description" ipsec="0" accept="0">
<source name="pedago"/>
<source name="admin"/>
<destination name="bastion"/>
</directive>
</montantes>
<descendantes default_policy="1">
</descendantes>
</flux>
<flux zoneA="bastion" zoneB="admin">
<montantes default_policy="0">
<directive service="registry" priority="41" action="2" attrs="0" src_inv="0" dest_inv="0" serv_inv="0" libelle="pas de description" ipsec="0" accept="0">
<source name="admin"/>
<destination name="partage_eth2"/>
</directive>
</montantes>
<descendantes default_policy="1">
</descendantes>
</flux>
<flux zoneA="bastion" zoneB="admin">
<montantes default_policy="0">
<directive service="cups" priority="42" action="2" attrs="0" src_inv="0" dest_inv="0" serv_inv="0" libelle="pas de description" ipsec="0" accept="0">
<source name="admin"/>
<destination name="partage_eth2"/>
</directive>
</montantes>
<descendantes default_policy="1">
</descendantes>
</flux>
<flux zoneA="bastion" zoneB="admin">
<montantes default_policy="0">
<directive service="apt-cacher-ng" priority="40" action="2" attrs="0" mark_operator="None" mark_value="" src_inv="0" dest_inv="0" serv_inv="0" libelle="pas de description" ipsec="0" accept="0">
<source name="admin"/>
<destination name="bastion"/>
</directive>
</montantes>
......
eole/era/3zones-amonecole.xml 0 → 100644
+ 902
0
View file @ d8b5321f
<?xml version="1.0" encoding="UTF-8" ?>
<firewall name="Concatenated_Do_Not_Edit" netbios="1" qos="0" version="2.42">
<zones>
<zone interface="%%nom_zone_eth0" ip="%%adresse_ip_eth0" level="10" name="exterieur" netmask="%%adresse_netmask_eth0" network="%%adresse_network_eth0" />
<zone interface="lo" ip="127.0.0.1" level="100" name="bastion" netmask="255.255.255.255" network="0.0.0.0" />
<zone interface="%%nom_zone_eth1" ip="%%adresse_ip_eth1" level="40" name="pedago" netmask="%%adresse_netmask_eth1" network="%%adresse_network_eth1" />
<zone interface="%%nom_zone_eth2" ip="%%adresse_ip_eth2" level="40" name="admin" netmask="%%adresse_netmask_eth2" network="%%adresse_network_eth2" />
</zones><include>
</include><services>
<service id="11" libelle="service 8500" name="8500" ports="8500" protocol="tcp" tcpwrapper="" />
<service id="46" libelle="Acces web aux agents Zéphir" name="agents_zephir" ports="8090" protocol="tcp" tcpwrapper="" />
<service id="6" libelle="serveur de noms" name="dns-tcp" ports="53" protocol="tcp" tcpwrapper="" />
<service id="7" libelle="serveur de noms" name="dns-udp" ports="53" protocol="udp" tcpwrapper="" />
<service id="36" libelle="ead" name="ead" ports="4200" protocol="tcp" tcpwrapper="" />
<service id="83" libelle="ead-server" name="ead-server" ports="4201" protocol="tcp" tcpwrapper="" />
<service id="84" libelle="ead-fichier" name="ead-fichier" ports="4202" protocol="tcp" tcpwrapper="" />
<service id="73" libelle="port EAD du Scribe avec reverse proxy" name="ead-scribe" ports="%%revprox_ead_port" protocol="tcp" tcpwrapper="" />
<service id="echo-reply" libelle="règle icmp echo-reply" name="echo-reply" ports="0" protocol="ICMP" tcpwrapper="" />
<service id="echo-request" libelle="règle icmp echo-request" name="echo-request" ports="0" protocol="ICMP" tcpwrapper="" />
<service id="45" libelle="Service Eole SSO" name="eole-sso" ports="%%eolesso_port" protocol="tcp" tcpwrapper="" />
<service id="79" libelle="Redirection du service EoleSSO" name="revprox-sso" ports="8443" protocol="tcp" tcpwrapper="" />
<service id="51" libelle="protocole pour ipsec" name="esp" ports="0" protocol="esp" tcpwrapper="" />
<service id="78" libelle="transfert de fichiers sur le port 21" name="ftp" ports="21" protocol="tcp" tcpwrapper="" />
<service id="26" libelle="transfert de fichiers" name="ftp-tcp" ports="20-21" protocol="tcp" tcpwrapper="" />
<service id="29" libelle="service ftps" name="ftps" ports="989-990" protocol="tcp" tcpwrapper="" />
<service id="3" libelle="serveur web" name="http" ports="80" protocol="tcp" tcpwrapper="" />
<service id="5" libelle="serveur web sécurisé" name="https" ports="443" protocol="tcp" tcpwrapper="" />
<service id="21" libelle="service imap" name="imap" ports="143" protocol="tcp" tcpwrapper="" />
<service id="23" libelle="service imap4-ssl" name="imap4-ssl" ports="993" protocol="tcp" tcpwrapper="" />
<service id="15" libelle="service irc" name="irc" ports="194" protocol="tcp" tcpwrapper="" />
<service id="16" libelle="service ircs" name="ircs" ports="994" protocol="tcp" tcpwrapper="" />
<service id="13" libelle="service ircu" name="ircu" ports="6665-6669" protocol="tcp" tcpwrapper="" />
<service id="53" libelle="protocole pour ipsec" name="isakmp_4500" ports="4500" protocol="udp" tcpwrapper="" />
<service id="52" libelle="protocol pour ipsec" name="isakmp_500" ports="500" protocol="udp" tcpwrapper="" />
<service id="22" libelle="service d'annuaire" name="ldap" ports="389" protocol="tcp" tcpwrapper="slapd" />
<service id="24" libelle="service ldaps" name="ldaps" ports="636" protocol="tcp" tcpwrapper="slapd" />
<service id="86" libelle="Connexion management for LTSP" name="ldm" ports="9571" protocol="tcp" tcpwrapper="" />
<service id="54" libelle="port d'accès &#224; l'application lightsquid" name="lightsquid" ports="%%lightsquid_port" protocol="tcp" tcpwrapper="" />
<service id="72" libelle="ltspfsd" name="ltspfsd" ports="9220" protocol="tcp" tcpwrapper="" />
<service id="15" libelle="service mdqs" name="mdqs" ports="666" protocol="tcp" tcpwrapper="" />
<service id="17" libelle="service msnp" name="msnp" ports="1863" protocol="tcp" tcpwrapper="" />
<service id="71" libelle="nbd-client" name="nbd-client" ports="2000" protocol="tcp" tcpwrapper="" />
<service id="85" libelle="Server NBD for Eclair" name="nbd-server" ports="10809" protocol="tcp" tcpwrapper="" />
<service id="32" libelle="nouvelles" name="news" ports="2009" protocol="tcp" tcpwrapper="" />
<service id="30" libelle="service nntp" name="nntp" ports="119" protocol="tcp" tcpwrapper="" />
<service id="31" libelle="service nntps" name="nntps" ports="563" protocol="tcp" tcpwrapper="" />
<service id="43" libelle="Serveur d'authentification NuFw" name="nuauth" ports="4129" protocol="tcp" tcpwrapper="" />
<service id="28" libelle="service pftp" name="pftp" ports="662" protocol="tcp" tcpwrapper="" />
<service id="20" libelle="service pop" name="pop" ports="110" protocol="tcp" tcpwrapper="" />
<service id="25" libelle="service pop3s" name="pop3s" ports="995" protocol="tcp" tcpwrapper="" />
<service id="60" libelle="" name="portmap" ports="111" protocol="tcp" tcpwrapper="" />
<service id="61" libelle="" name="lockd" ports="4005" protocol="tcp" tcpwrapper="" />
<service id="62" libelle="" name="mountd" ports="4003" protocol="tcp" tcpwrapper="" />
<service id="48" libelle="administration posh" name="posh-admin" ports="7070" protocol="tcp" tcpwrapper="" />
<service id="4" libelle="service proxy" name="proxy" ports="3128" protocol="tcp" tcpwrapper="" />
<service id="12" libelle="proxy" name="proxy-8080" ports="8080" protocol="tcp" tcpwrapper="" />
<service id="70" libelle="pulseaudio" name="pulseaudio" ports="16001" protocol="tcp" tcpwrapper="" />
<service id="64" libelle="protocole RELP pour rsyslog" name="rsyslog_RELP" ports="20514" protocol="tcp" tcpwrapper="" />
<service id="65" libelle="protocole TCP pour rsyslog" name="rsyslog_TCP" ports="10514" protocol="tcp" tcpwrapper="" />
<service id="66" libelle="protocole UDP pour rsyslog" name="rsyslog_UDP" ports="514" protocol="udp" tcpwrapper="" />
<service id="38" libelle="samba tcp" name="samba-tcp" ports="137-139" protocol="tcp" tcpwrapper="" />
<service id="37" libelle="samba" name="samba-udp" ports="137-139" protocol="udp" tcpwrapper="" />
<service id="39" libelle="samba3" name="samba3" ports="445" protocol="tcp" tcpwrapper="" />
<service id="45" libelle="" name="scribe-controlevnc" ports="8789-8790" protocol="tcp" tcpwrapper="" />
<service id="36" libelle="service scribe sur les clients" name="scribe-service" ports="8788" protocol="tcp" tcpwrapper="" />
<service id="40" libelle="vnc 5800" name="scribe_vnc1" ports="5800" protocol="tcp" tcpwrapper="" />
<service id="41" libelle="vnc 5900" name="scribe_vnc2" ports="5900" protocol="tcp" tcpwrapper="" />
<service id="59" libelle="Serveur NFS" name="serveur_nfs" ports="2049" protocol="tcp" tcpwrapper="" />
<service id="27" libelle="service sftp" name="sftp" ports="115" protocol="tcp" tcpwrapper="" />
<service id="19" libelle="service mail" name="smtp" ports="25" protocol="tcp" tcpwrapper="" />
<service id="77" libelle="Service SMTP SSL" name="smtps" ports="465" protocol="tcp" tcpwrapper="" />
<service id="8" libelle="shell sécurisé" name="ssh" ports="22" protocol="tcp" tcpwrapper="sshd" />
<service id="58" libelle="serveur sympa internet" name="sympa-internet" ports="8787" protocol="tcp" tcpwrapper="" />
<service id="57" libelle="sympa domaine restreint" name="sympa-restreint" ports="8888" protocol="tcp" tcpwrapper="" />
<service id="18" libelle="service talk" name="talk" ports="517-518" protocol="tcp" tcpwrapper="" />
<service id="33" libelle="tous les ports en tcp" name="tcp" ports="0-65535" protocol="tcp" tcpwrapper="" />
<service id="tout" libelle="tous les services" name="tous" ports="0" protocol="TOUT" tcpwrapper="" />
<service id="34" libelle="tous les ports en udp" name="udp" ports="0-65535" protocol="udp" tcpwrapper="" />
<service id="9" libelle="appliquation web d'administration" name="webmin" ports="10000" protocol="tcp" tcpwrapper="" />
<service id="55" libelle="port 2eme instance de squid" name="proxy2" ports="%%proxy2_port" protocol="tcp" tcpwrapper="" />
<service id="56" libelle="serveur de temps" name="ntp" ports="123" protocol="udp" tcpwrapper="" />
<service id="63" libelle="Serveur jabber (XMPP)" name="xmpp" ports="5222" protocol="tcp" tcpwrapper="" />
<service id="81" libelle="Serveur jabber SSL (XMPP)" name="xmpp-ssl" ports="5223" protocol="tcp" tcpwrapper="" />
<service id="67" libelle="Proxy Cntlm" name="cntlm" ports="%%cntlm_port" protocol="tcp" tcpwrapper="" />
<service id="68" libelle="Accès &#224; gen_config depuis l'extérieur en https" name="gen_config" ports="7000" protocol="tcp" tcpwrapper="" />
<service id="70" libelle="" name="radius" ports="1812" protocol="udp" tcpwrapper="" />
<service id="74" libelle="" name="radius-acct" ports="1813" protocol="udp" tcpwrapper="" />
<service id="75" libelle="Accès aux serveurs TFTP" name="tftpd-hpa" ports="69" protocol="udp" tcpwrapper="in.tftpd" />
<service id="76" libelle="Interface CUPS" name="cups" ports="631" protocol="tcp" tcpwrapper="" />
<service id="82" libelle="Service d'impression Raw" name="raw" ports="9100" protocol="tcp" tcpwrapper="" />
<service id="80" libelle="Accès &#224; l'outil Gaspacho" name="gaspacho" ports="8080" protocol="tcp" tcpwrapper="" />
<groupe id="admin_amon" libelle="Port autorise pour l'administration distante d'Amon (ssh, ead, agents zephir)">
<service id="46" libelle="Acces web aux agents Zéphir" name="agents_zephir" ports="8090" protocol="tcp" tcpwrapper="" />
<service id="36" libelle="ead" name="ead" ports="4200" protocol="tcp" tcpwrapper="" />
<service id="54" libelle="port d'accès &#224; l'application lightsquid" name="lightsquid" ports="%%lightsquid_port" protocol="tcp" tcpwrapper="" />
<service id="echo-request" libelle="règle icmp echo-request" name="echo-request" ports="0" protocol="ICMP" tcpwrapper="" />
</groupe>
<groupe id="ead_server" libelle="Ports autorises pour l'administration distante d'Amon (backend ead)">
<service id="83" libelle="ead-server" name="ead-server" ports="4201" protocol="tcp" tcpwrapper="" />
<service id="84" libelle="ead-fichier" name="ead-fichier" ports="4202" protocol="tcp" tcpwrapper="" />
</groupe>
<groupe id="dns" libelle="dns tcp et udp">
<service id="7" libelle="serveur de noms" name="dns-udp" ports="53" protocol="udp" tcpwrapper="" />
<service id="6" libelle="serveur de noms" name="dns-tcp" ports="53" protocol="tcp" tcpwrapper="" />
</groupe>
<groupe id="eclair-dmz" libelle="Eclair en DMZ">
<service id="72" libelle="ltspfsd" name="ltspfsd" ports="9220" protocol="tcp" tcpwrapper="" />
<service id="71" libelle="nbd-client" name="nbd-client" ports="2000" protocol="tcp" tcpwrapper="" />
<service id="70" libelle="pulseaudio" name="pulseaudio" ports="16001" protocol="tcp" tcpwrapper="" />
<service id="41" libelle="vnc 5900" name="scribe_vnc2" ports="5900" protocol="tcp" tcpwrapper="" />
</groupe>
<groupe id="gr_forum" libelle="interdire l'utilisation des forums">
<service id="30" libelle="service nntp" name="nntp" ports="119" protocol="tcp" tcpwrapper="" />
<service id="31" libelle="service nntps" name="nntps" ports="563" protocol="tcp" tcpwrapper="" />
<service id="32" libelle="nouvelles" name="news" ports="2009" protocol="tcp" tcpwrapper="" />
</groupe>
<groupe id="gr_ftp" libelle="">
<service id="26" libelle="transfert de fichiers" name="ftp-tcp" ports="20-21" protocol="tcp" tcpwrapper="" />
<service id="29" libelle="service ftps" name="ftps" ports="989-990" protocol="tcp" tcpwrapper="" />
<service id="28" libelle="service pftp" name="pftp" ports="662" protocol="tcp" tcpwrapper="" />
<service id="27" libelle="service sftp" name="sftp" ports="115" protocol="tcp" tcpwrapper="" />
</groupe>
<groupe id="gr_irc" libelle="interdire l'utilisation des dialogues en direct (icq)">
<service id="18" libelle="service talk" name="talk" ports="517-518" protocol="tcp" tcpwrapper="" />
<service id="17" libelle="service msnp" name="msnp" ports="1863" protocol="tcp" tcpwrapper="" />
<service id="15" libelle="service mdqs" name="mdqs" ports="666" protocol="tcp" tcpwrapper="" />
<service id="16" libelle="service ircs" name="ircs" ports="994" protocol="tcp" tcpwrapper="" />
<service id="15" libelle="service irc" name="irc" ports="194" protocol="tcp" tcpwrapper="" />
<service id="13" libelle="service ircu" name="ircu" ports="6665-6669" protocol="tcp" tcpwrapper="" />
</groupe>
<groupe id="gr_messagerie" libelle="interdire l'utilisation des dialogues en direct (icq)">
<service id="21" libelle="service imap" name="imap" ports="143" protocol="tcp" tcpwrapper="" />
<service id="23" libelle="service imap4-ssl" name="imap4-ssl" ports="993" protocol="tcp" tcpwrapper="" />
<service id="22" libelle="service d'annuaire" name="ldap" ports="389" protocol="tcp" tcpwrapper="slapd" />
<service id="24" libelle="service ldaps" name="ldaps" ports="636" protocol="tcp" tcpwrapper="slapd" />
<service id="20" libelle="service pop" name="pop" ports="110" protocol="tcp" tcpwrapper="" />
<service id="25" libelle="service pop3s" name="pop3s" ports="995" protocol="tcp" tcpwrapper="" />
<service id="19" libelle="service mail" name="smtp" ports="25" protocol="tcp" tcpwrapper="" />
<service id="77" libelle="Service SMTP SSL" name="smtps" ports="465" protocol="tcp" tcpwrapper="" />
</groupe>
<groupe id="gr_smtp" libelle="smtp et smtps">
<service id="19" libelle="service mail" name="smtp" ports="25" protocol="tcp" tcpwrapper="" />
<service id="77" libelle="Service SMTP SSL" name="smtps" ports="465" protocol="tcp" tcpwrapper="" />
</groupe>
<groupe id="gr_pop" libelle="pop3 et pop3s">
<service id="20" libelle="service pop" name="pop" ports="110" protocol="tcp" tcpwrapper="" />
<service id="25" libelle="service pop3s" name="pop3s" ports="995" protocol="tcp" tcpwrapper="" />
</groupe>
<groupe id="gr_imap" libelle="imap et imap-ssl">
<service id="21" libelle="service imap" name="imap" ports="143" protocol="tcp" tcpwrapper="" />
<service id="23" libelle="service imap4-ssl" name="imap4-ssl" ports="993" protocol="tcp" tcpwrapper="" />
</groupe>
<groupe id="gr_redirection" libelle="Protocoles a rediriger vers le proxy">
<service id="3" libelle="serveur web" name="http" ports="80" protocol="tcp" tcpwrapper="" />
<service id="4" libelle="service proxy" name="proxy" ports="3128" protocol="tcp" tcpwrapper="" />
<service id="12" libelle="proxy" name="proxy-8080" ports="8080" protocol="tcp" tcpwrapper="" />
<service id="5" libelle="serveur web sécurisé" name="https" ports="443" protocol="tcp" tcpwrapper="" />
</groupe>
<groupe id="gr_redirection_proxy" libelle="Protocoles proxy a rediriger vers le proxy">
<service id="4" libelle="service proxy" name="proxy" ports="3128" protocol="tcp" tcpwrapper="" />
<service id="12" libelle="proxy" name="proxy-8080" ports="8080" protocol="tcp" tcpwrapper="" />
</groupe>
<groupe id="gr_redirection_http" libelle="Protocoles http a rediriger vers le proxy">
<service id="3" libelle="serveur web" name="http" ports="80" protocol="tcp" tcpwrapper="" />
<service id="4" libelle="service proxy" name="proxy" ports="3128" protocol="tcp" tcpwrapper="" />
<service id="12" libelle="proxy" name="proxy-8080" ports="8080" protocol="tcp" tcpwrapper="" />
</groupe>
<groupe id="gr_redirection_https" libelle="Https a redifiger vers le proxy">
<service id="5" libelle="serveur web sécurisé" name="https" ports="443" protocol="tcp" tcpwrapper="" />
</groupe>
<groupe id="gr_restreint" libelle="on ferme tout sauf l'utilisation du web par le proxy">
<service id="33" libelle="tous les ports en tcp" name="tcp" ports="0-65535" protocol="tcp" tcpwrapper="" />
<service id="34" libelle="tous les ports en udp" name="udp" ports="0-65535" protocol="udp" tcpwrapper="" />
</groupe>
<groupe id="ipsec" libelle="Services utilises pas ipsec">
<service id="51" libelle="protocole pour ipsec" name="esp" ports="0" protocol="esp" tcpwrapper="" />
<service id="53" libelle="protocole pour ipsec" name="isakmp_4500" ports="4500" protocol="udp" tcpwrapper="" />
<service id="52" libelle="protocol pour ipsec" name="isakmp_500" ports="500" protocol="udp" tcpwrapper="" />
</groupe>
<groupe id="nfs" libelle="Serveur NFS + portmap">
<service id="60" libelle="" name="portmap" ports="111" protocol="tcp" tcpwrapper="" />
<service id="61" libelle="" name="lockd" ports="4005" protocol="tcp" tcpwrapper="" />
<service id="62" libelle="" name="mountd" ports="4003" protocol="tcp" tcpwrapper="" />
<service id="59" libelle="Serveur NFS" name="serveur_nfs" ports="2049" protocol="tcp" tcpwrapper="" />
</groupe>
<groupe id="samba" libelle="samba proto">
<service id="37" libelle="samba" name="samba-udp" ports="137-139" protocol="udp" tcpwrapper="" />
<service id="38" libelle="samba tcp" name="samba-tcp" ports="137-139" protocol="tcp" tcpwrapper="" />
<service id="39" libelle="samba3" name="samba3" ports="445" protocol="tcp" tcpwrapper="" />
</groupe>
<groupe id="scribe-dmz-pedago" libelle="service Scribe DMZ vers pedago">
<service id="38" libelle="samba tcp" name="samba-tcp" ports="137-139" protocol="tcp" tcpwrapper="" />
<service id="37" libelle="samba" name="samba-udp" ports="137-139" protocol="udp" tcpwrapper="" />
<service id="39" libelle="samba3" name="samba3" ports="445" protocol="tcp" tcpwrapper="" />
<service id="36" libelle="service scribe sur les clients" name="scribe-service" ports="8788" protocol="tcp" tcpwrapper="" />
<service id="40" libelle="vnc 5800" name="scribe_vnc1" ports="5800" protocol="tcp" tcpwrapper="" />
<service id="41" libelle="vnc 5900" name="scribe_vnc2" ports="5900" protocol="tcp" tcpwrapper="" />
<service id="76" libelle="Interface CUPS" name="cups" ports="631" protocol="tcp" tcpwrapper="" />
<service id="82" libelle="Service d'impression Raw" name="raw" ports="9100" protocol="tcp" tcpwrapper="" />
</groupe>
<groupe id="scribe-pedago-dmz" libelle="client scribe vers la DMZ">
<service id="22" libelle="service d'annuaire" name="ldap" ports="389" protocol="tcp" tcpwrapper="slapd" />
<service id="24" libelle="service ldaps" name="ldaps" ports="636" protocol="tcp" tcpwrapper="slapd" />
<service id="38" libelle="samba tcp" name="samba-tcp" ports="137-139" protocol="tcp" tcpwrapper="" />
<service id="37" libelle="samba" name="samba-udp" ports="137-139" protocol="udp" tcpwrapper="" />
<service id="39" libelle="samba3" name="samba3" ports="445" protocol="tcp" tcpwrapper="" />
<service id="45" libelle="" name="scribe-controlevnc" ports="8789-8790" protocol="tcp" tcpwrapper="" />
<service id="40" libelle="vnc 5800" name="scribe_vnc1" ports="5800" protocol="tcp" tcpwrapper="" />
<service id="41" libelle="vnc 5900" name="scribe_vnc2" ports="5900" protocol="tcp" tcpwrapper="" />
</groupe>
<groupe id="scribe-dmz-admin" libelle="service Scribe DMZ vers admin">
<service id="38" libelle="samba tcp" name="samba-tcp" ports="137-139" protocol="tcp" tcpwrapper="" />
<service id="37" libelle="samba" name="samba-udp" ports="137-139" protocol="udp" tcpwrapper="" />
<service id="39" libelle="samba3" name="samba3" ports="445" protocol="tcp" tcpwrapper="" />
<service id="36" libelle="service scribe sur les clients" name="scribe-service" ports="8788" protocol="tcp" tcpwrapper="" />
<service id="40" libelle="vnc 5800" name="scribe_vnc1" ports="5800" protocol="tcp" tcpwrapper="" />
<service id="41" libelle="vnc 5900" name="scribe_vnc2" ports="5900" protocol="tcp" tcpwrapper="" />
<service id="76" libelle="Interface CUPS" name="cups" ports="631" protocol="tcp" tcpwrapper="" />
<service id="82" libelle="Service d'impression Raw" name="raw" ports="9100" protocol="tcp" tcpwrapper="" />
</groupe>
<groupe id="scribe-admin-dmz" libelle="client scribe vers la DMZ">
<service id="22" libelle="service d'annuaire" name="ldap" ports="389" protocol="tcp" tcpwrapper="slapd" />
<service id="24" libelle="service ldaps" name="ldaps" ports="636" protocol="tcp" tcpwrapper="slapd" />
<service id="38" libelle="samba tcp" name="samba-tcp" ports="137-139" protocol="tcp" tcpwrapper="" />
<service id="37" libelle="samba" name="samba-udp" ports="137-139" protocol="udp" tcpwrapper="" />
<service id="39" libelle="samba3" name="samba3" ports="445" protocol="tcp" tcpwrapper="" />
<service id="45" libelle="" name="scribe-controlevnc" ports="8789-8790" protocol="tcp" tcpwrapper="" />
<service id="40" libelle="vnc 5800" name="scribe_vnc1" ports="5800" protocol="tcp" tcpwrapper="" />
<service id="41" libelle="vnc 5900" name="scribe_vnc2" ports="5900" protocol="tcp" tcpwrapper="" />
</groupe>
<groupe id="scribe-posh" libelle="Ouverture des ports pour l'utilisation de nginx pour Posh">
<service id="3" libelle="serveur web" name="http" ports="80" protocol="tcp" tcpwrapper="" />
<service id="5" libelle="serveur web sécurisé" name="https" ports="443" protocol="tcp" tcpwrapper="" />
<service id="48" libelle="administration posh" name="posh-admin" ports="7070" protocol="tcp" tcpwrapper="" />
</groupe>
<groupe id="scribe_ext" libelle="services extranet scribe ">
<service id="26" libelle="transfert de fichiers" name="ftp-tcp" ports="20-21" protocol="tcp" tcpwrapper="" />
<service id="5" libelle="serveur web sécurisé" name="https" ports="443" protocol="tcp" tcpwrapper="" />
</groupe>
<groupe id="sympa" libelle="serveur sympa">
<service id="58" libelle="serveur sympa internet" name="sympa-internet" ports="8787" protocol="tcp" tcpwrapper="" />
<service id="57" libelle="sympa domaine restreint" name="sympa-restreint" ports="8888" protocol="tcp" tcpwrapper="" />
</groupe>
<groupe id="vnc" libelle="vnc">
<service id="40" libelle="vnc 5800" name="scribe_vnc1" ports="5800" protocol="tcp" tcpwrapper="" />
<service id="41" libelle="vnc 5900" name="scribe_vnc2" ports="5900" protocol="tcp" tcpwrapper="" />
</groupe>
<groupe id="gr_radius" libelle="Serveur radius (UDP)">
<service id="70" libelle="" name="radius" ports="1812" protocol="udp" tcpwrapper="" />
<service id="74" libelle="" name="radius-acct" ports="1813" protocol="udp" tcpwrapper="" />
</groupe>
<groupe id="amonecole-eclair" libelle="LTSP services">
<service id="86" libelle="Connexion management for LTSP" name="ldm" ports="9571" protocol="tcp" tcpwrapper="" />
<service id="85" libelle="Server NBD for Eclair" name="nbd-server" ports="10809" protocol="tcp" tcpwrapper="" />
<service id="8" libelle="shell sécurisé" name="ssh" ports="22" protocol="tcp" tcpwrapper="sshd" />
</groupe>
<groupe id="amonecole-eclair-partage" libelle="Services in partage container for Eclair">
<service id="75" libelle="Accès aux serveurs TFTP" name="tftpd-hpa" ports="69" protocol="udp" tcpwrapper="in.tftpd" />
</groupe>
</services><extremites>
<extremite container="" interface="" libelle="Zone entière" name="exterieur" netmask="%%adresse_netmask_eth0" subnet="1" type="" zone="exterieur">
<ip address="%%adresse_ip_eth0" />
</extremite>
<extremite container="" interface="" libelle="zone restreinte" name="exterieur_restreint" netmask="%%adresse_netmask_eth0" subnet="1" type="" zone="exterieur">
<ip address="%%adresse_network_eth0" />
</extremite>
<extremite container="" interface="" libelle="reseau autorise a se connecter a ssh" name="exterieur_ssh" netmask="%%netmask_ssh_eth0" subnet="1" type="" zone="exterieur">
<ip address="%%ip_ssh_eth0" />
</extremite>
<extremite container="" interface="" libelle="Zone entière" name="bastion" netmask="255.255.255.255" subnet="1" type="" zone="bastion">
<ip address="127.0.0.1" />
</extremite>
<extremite container="" interface="eth0" libelle="Bastion sur la zone exterieur" name="bastion_exterieur" netmask="255.255.255.255" subnet="0" type="normal" zone="bastion">
<ip address="%%adresse_ip_eth0" />
</extremite>
<extremite container="" interface="" libelle="reseau autorise a administrer depuis l'exterieur" name="exterieur_admin" netmask="%%netmask_admin_eth0" subnet="1" type="" zone="exterieur">
<ip address="%%ip_admin_eth0" />
</extremite>
<extremite container="" interface="" libelle="reseau autorise a acceder au backend EAD depuis l'exterieur" name="exterieur_backend_ead" netmask="%%netmask_frontend_ead_distant_eth0" subnet="1" type="" zone="exterieur">
<ip address="%%ip_frontend_ead_distant_eth0" />
</extremite>
<extremite container="" interface="" libelle="IP de bastion sur la zone exterieur" name="exterieur_bastion" netmask="255.255.255.255" subnet="0" type="" zone="exterieur">
<ip address="%%adresse_ip_eth0" />
</extremite>
<extremite container="internet" interface="containers" libelle="conteneur internet" name="internet" netmask="255.255.255.255" subnet="0" type="conteneur" zone="bastion">
<ip address="%%container_ip_internet" />
</extremite>
<extremite container="" interface="" libelle="reseau autorise a se connecter a ssh depuis le reseau pedagogique" name="pedago_ssh" netmask="%%netmask_ssh_eth1" subnet="1" type="" zone="pedago">
<ip address="%%ip_ssh_eth1" />
</extremite>
<extremite container="" interface="" libelle="" name="pedago_bastion" netmask="255.255.255.255" subnet="0" type="" zone="exterieur">
<ip address="%%adresse_ip_eth1" />
</extremite>
<extremite container="" interface="" libelle="zone restreinte" name="pedago_restreint" netmask="%%adresse_netmask_eth1" subnet="1" type="" zone="pedago">
<ip address="%%adresse_network_eth1" />
</extremite>
<extremite container="" interface="" libelle="Zone entière" name="pedago" netmask="%%adresse_netmask_eth1" subnet="1" type="" zone="pedago">
<ip address="%%adresse_ip_eth1" />
</extremite>
<extremite container="" interface="" libelle="reseau autorise a administrer depuis le reseau pedagogique" name="pedago_admin" netmask="%%netmask_admin_eth1" subnet="1" type="" zone="pedago">
<ip address="%%ip_admin_eth1" />
</extremite>
<extremite container="" interface="" libelle="reseau autorise a acceder au backend EAD depuis le reseau pedagogique" name="pedago_backend_ead" netmask="%%netmask_frontend_ead_distant_eth1" subnet="1" type="" zone="pedago">
<ip address="%%ip_frontend_ead_distant_eth1" />
</extremite>
<extremite container="internet" interface="eth1" libelle="eth1 dans le conteneur internet" name="internet_eth1" netmask="255.255.255.255" subnet="0" type="conteneur" zone="bastion">
<ip address="%%adresse_ip_eth1_proxy_link" />
</extremite>
<extremite container="" interface="" libelle="reseau autorise a se connecter a ssh depuis le reseau administratif" name="admin_ssh" netmask="%%netmask_ssh_eth2" subnet="1" type="" zone="admin">
<ip address="%%ip_ssh_eth2" />
</extremite>
<extremite container="" interface="" libelle="" name="admin_bastion" netmask="255.255.255.255" subnet="0" type="" zone="exterieur">
<ip address="%%adresse_ip_eth2" />
</extremite>
<extremite container="" interface="" libelle="zone restreinte" name="admin_restreint" netmask="%%adresse_netmask_eth2" subnet="1" type="" zone="admin">
<ip address="%%adresse_network_eth2" />
</extremite>
<extremite container="" interface="" libelle="Zone entière" name="admin" netmask="%%adresse_netmask_eth2" subnet="1" type="" zone="admin">
<ip address="%%adresse_ip_eth2" />
</extremite>
<extremite container="" interface="" libelle="reseau autorise a administrer depuis le reseau administratif" name="admin_admin" netmask="%%netmask_admin_eth2" subnet="1" type="" zone="admin">
<ip address="%%ip_admin_eth2" />
</extremite>
<extremite container="" interface="" libelle="reseau autorise a acceder au backend EAD depuis le reseau administratif" name="admin_backend_ead" netmask="%%netmask_frontend_ead_distant_eth2" subnet="1" type="" zone="admin">
<ip address="%%ip_frontend_ead_distant_eth2" />
</extremite>
<extremite container="internet" interface="eth2" libelle="eth2 dans le conteneur internet" name="internet_eth2" netmask="255.255.255.255" subnet="0" type="conteneur" zone="bastion">
<ip address="%%adresse_ip_eth2_proxy_link" />
</extremite>
<extremite container="" interface="" libelle="clients de l'agrégateur de logs en udp" name="clients_udp_rsyslog" netmask="%%netmask_client_logs_udp" subnet="0" type="" zone="exterieur">
<ip address="%%adresses_ip_clients_logs_udp" />
</extremite>
<extremite container="" interface="" libelle="clients de l'agrégateur de logs en tcp" name="clients_tcp_rsyslog" netmask="%%netmask_client_logs_tcp" subnet="0" type="" zone="exterieur">
<ip address="%%adresses_ip_clients_logs_tcp" />
</extremite>
<extremite container="" interface="" libelle="clients de l'agrégateur de logs en relp" name="clients_relp_rsyslog" netmask="%%netmask_client_logs_relp" subnet="0" type="" zone="exterieur">
<ip address="%%adresses_ip_clients_logs_relp" />
</extremite>
<extremite container="partage" interface="eth1" libelle="eth1 dans le conteneur partage" name="partage_eth1" netmask="255.255.255.255" subnet="0" type="conteneur" zone="bastion">
<ip address="%%adresse_ip_fichier_link" />
</extremite>
<extremite container="partage" interface="eth1" libelle="broadcast eth1 dans le conteneur partage" name="partage_eth1_broadcast" netmask="255.255.255.255" subnet="0" type="conteneur" zone="bastion">
<ip address="%%adresse_bcast_eth1_proxy_link" />
</extremite>
<extremite container="" interface="" libelle="Client NFS" name="client_nfs" netmask="255.255.255.255" subnet="0" type="normal" zone="pedago">
<ip address="%%adresses_ip_clients_nfs" />
</extremite>
<extremite container="partage" interface="containers" libelle="conteneur partage" name="partage" netmask="255.255.255.255" subnet="0" type="conteneur" zone="bastion">
<ip address="%%container_ip_partage" />
</extremite>
<extremite container="reseau" interface="containers" libelle="conteneur reseau" name="reseau" netmask="255.255.255.255" subnet="0" type="conteneur" zone="bastion">
<ip address="%%container_ip_reseau" />
</extremite>
<extremite container="bdd" interface="containers" libelle="conteneur bdd" name="bdd" netmask="255.255.255.255" subnet="0" type="conteneur" zone="bastion">
<ip address="%%container_ip_bdd" />
</extremite>
<extremite container="ltspserver" interface="containers" libelle="LTSP on internal bridge" name="ltspserver" netmask="255.255.255.255" subnet="0" type="conteneur" zone="bastion">
<ip address="%%container_ip_ltspserver" />
</extremite>
<extremite container="ltspserver" interface="eth0" libelle="LTSP server" name="ltspserver_eth0" netmask="255.255.255.255" subnet="0" type="conteneur" zone="bastion">
<ip address="%%adresse_ip_eclair_link" />
</extremite>
</extremites><ranges>
</ranges><user_groups>
</user_groups><applications>
</applications><qosclasses download="" upload="">
</qosclasses><flux-list>
<flux zoneA="bastion" zoneB="exterieur">
<montantes default_policy="0">
<directive accept="0" action="2" attrs="17" dest_inv="0" ipsec="0" libelle="ouverture de posh a travers de nginx" priority="1" serv_inv="0" service="scribe-posh" src_inv="0" tag="ActiverNGINX">
<source name="exterieur" />
<destination name="bastion" />
</directive>
<directive accept="0" action="2" attrs="17" dest_inv="0" ipsec="0" libelle="ouverture de l'EAD Scribe a travers de nginx" priority="2" serv_inv="0" service="ead-scribe" src_inv="0" tag="ead_scribe">
<source name="exterieur" />
<destination name="bastion" />
</directive>
<directive accept="0" action="2" attrs="17" dest_inv="0" ipsec="0" libelle="ssh exterieur vers Amon" priority="3" serv_inv="0" service="ssh" src_inv="0" tag="SSHDepuisEth0">
<source name="exterieur_ssh" />
<destination name="bastion" />
</directive>
<directive accept="0" action="2" attrs="17" dest_inv="0" ipsec="0" libelle="administration exterieure vers Amon" priority="4" serv_inv="0" service="admin_amon" src_inv="0" tag="AdminDepuisEth0">
<source name="exterieur_admin" />
<destination name="bastion" />
</directive>
<directive accept="0" action="2" attrs="17" dest_inv="0" ipsec="0" libelle="Acces backend EAD exterieure vers Amon" priority="5" serv_inv="0" service="ead_server" src_inv="0" tag="BackendEADDepuisEth0">
<source name="exterieur_backend_ead" />
<destination name="bastion" />
</directive>
<directive accept="0" action="2" attrs="17" dest_inv="0" ipsec="0" libelle="administration exterieure vers Amon" priority="6" serv_inv="0" service="lightsquid" src_inv="0" tag="lightsquid0">
<source name="exterieur_admin" />
<destination name="bastion" />
</directive>
<directive accept="0" action="2" attrs="17" dest_inv="0" ipsec="0" libelle="pas de description" priority="7" serv_inv="0" service="eole-sso" src_inv="0" tag="eole_sso">
<source name="exterieur" />
<destination name="bastion" />
</directive>
<directive accept="0" action="2" attrs="17" dest_inv="0" ipsec="0" libelle="redirection du service EoleSSO par le proxy inverse" priority="8" serv_inv="0" service="revprox-sso" src_inv="0" tag="revprox_sso">
<source name="exterieur" />
<destination name="bastion" />
</directive>
<directive accept="0" action="2" attrs="0" dest_inv="0" ipsec="0" libelle="Autoriser ipsec" priority="9" serv_inv="0" service="ipsec" src_inv="0">
<source name="exterieur" />
<destination name="bastion" />
</directive>
<directive accept="0" action="2" attrs="17" dest_inv="0" ipsec="0" libelle="gen_config exterieur vers Amon" priority="10" serv_inv="0" service="gen_config" src_inv="0" tag="SSHDepuisEth0">
<source name="exterieur_ssh" />
<destination name="bastion" />
</directive>
<directive accept="0" action="2" attrs="17" dest_inv="0" ipsec="0" libelle="pas de description" priority="11" serv_inv="0" service="rsyslog_RELP" src_inv="0" tag="ClientRsyslogRELP">
<source name="clients_relp_rsyslog" />
<destination name="bastion" />
</directive>
<directive accept="0" action="2" attrs="17" dest_inv="0" ipsec="0" libelle="pas de description" priority="12" serv_inv="0" service="rsyslog_TCP" src_inv="0" tag="ClientRsyslogTCP">
<source name="clients_tcp_rsyslog" />
<destination name="bastion" />
</directive>
<directive accept="0" action="2" attrs="17" dest_inv="0" ipsec="0" libelle="pas de description" priority="13" serv_inv="0" service="rsyslog_UDP" src_inv="0" tag="ClientRsyslogUDP">
<source name="clients_udp_rsyslog" />
<destination name="bastion" />
</directive>
<directive accept="0" action="2" attrs="1" dest_inv="0" ipsec="0" libelle="autoriser la reception des mails depuis exterieur" priority="14" serv_inv="0" service="smtp" src_inv="0" tag="autoriser la reception des mails depuis exterieur">
<source name="exterieur" />
<destination name="reseau" />
</directive>
<directive accept="0" action="2" attrs="17" dest_inv="0" ipsec="0" libelle="interface web sympa" priority="15" serv_inv="0" service="sympa-internet" src_inv="0" tag="AdminDepuisEth0">
<source name="exterieur_admin" />
<destination name="reseau" />
</directive>
</montantes>
<descendantes default_policy="1">
</descendantes>
</flux>
<flux zoneA="exterieur" zoneB="pedago">
<montantes default_policy="0">
</montantes>
<descendantes default_policy="1">
<directive accept="0" action="16" attrs="0" dest_inv="0" ipsec="0" libelle="pas de description" nat_extr="exterieur_bastion" nat_port="0" priority="1" serv_inv="0" service="tous" src_inv="0">
<source name="pedago_restreint" />
<destination name="exterieur" />
</directive>
<directive accept="0" action="1" attrs="1" dest_inv="0" ipsec="0" libelle="pedago -&gt; exterieur : interdire les protocoles de news, forums ..." priority="2" serv_inv="0" service="gr_forum" src_inv="0" tag="Interdiction des forums">
<source name="pedago" />
<destination name="exterieur" />
</directive>
<directive accept="0" action="1" attrs="1" dest_inv="0" ipsec="0" libelle="Interdire les connexions FTP" priority="3" serv_inv="0" service="gr_ftp" src_inv="0" tag="Interdire les connexions FTP">
<source name="pedago" />
<destination name="exterieur" />
</directive>
<directive accept="0" action="1" attrs="1" dest_inv="0" ipsec="0" libelle="pedago -&gt; exterieur : interdire les protocoles de discussion en ligne (irc ...)" priority="4" serv_inv="0" service="gr_irc" src_inv="0" tag="Interdire l'utilisation des dialogues en direct">
<source name="pedago" />
<destination name="exterieur" />
</directive>
<directive accept="0" action="1" attrs="1" dest_inv="0" ipsec="0" libelle="pedago -&gt; exterieur : interdire les protocoles de messagerie (pop, imap ...)" priority="5" serv_inv="0" service="gr_messagerie" src_inv="0" tag="Interdiction des protocoles de messagerie">
<source name="pedago" />
<destination name="exterieur" />
</directive>
<directive accept="0" action="1" attrs="1" dest_inv="0" ipsec="0" libelle="pedago -&gt; exterieur : tout interdire (sauf le web via le proxy)" priority="6" serv_inv="0" service="gr_restreint" src_inv="0" tag="Internet restreint">
<source name="pedago" />
<destination name="exterieur" />
</directive>
<directive accept="0" action="4" attrs="17" dest_inv="0" ipsec="0" libelle="Redirection des flux http avec proxy alternatif" nat_port="3128" priority="7" serv_inv="0" service="gr_redirection_proxy" src_inv="0" tag="ProxyBypass1">
<source name="pedago" />
<destination name="exterieur" />
<exception dest="0" eolvar="%%proxy_bypass_src_network_eth1/%%calc_classe(%%proxy_bypass_src_netmask_eth1)" ip="" name="" src="1" />
<exception dest="1" eolvar="%%proxy_bypass_network_eth1/%%calc_classe(%%proxy_bypass_netmask_eth1)" ip="" name="" src="0" />
<exception dest="1" eolvar="%%proxy_bypass_domain_eth1" ip="" name="" src="0" />
</directive>
<directive accept="0" action="4" attrs="17" dest_inv="1" ipsec="0" libelle="Redirection des flux http sans proxy" nat_port="81" priority="8" serv_inv="0" service="http" src_inv="0" tag="ProxyBypass1">
<source name="pedago" />
<destination name="exterieur_bastion" />
<exception dest="0" eolvar="%%proxy_bypass_src_network_eth1/%%calc_classe(%%proxy_bypass_src_netmask_eth1)" ip="" name="" src="1" />
<exception dest="1" eolvar="%%proxy_bypass_network_eth1/%%calc_classe(%%proxy_bypass_netmask_eth1)" ip="" name="" src="0" />
<exception dest="1" eolvar="%%proxy_bypass_domain_eth1" ip="" name="" src="0" />
</directive>
<directive accept="0" action="4" attrs="17" dest_inv="0" ipsec="0" libelle="Redirection des flux https sans proxy vers une page d'erreur" nat_port="82" priority="9" serv_inv="0" service="gr_redirection_https" src_inv="0" tag="ProxyBypass1">
<source name="pedago" />
<destination name="exterieur" />
<exception dest="0" eolvar="%%proxy_bypass_src_network_eth1/%%calc_classe(%%proxy_bypass_src_netmask_eth1)" ip="" name="" src="1" />
<exception dest="1" eolvar="%%proxy_bypass_network_eth1/%%calc_classe(%%proxy_bypass_netmask_eth1)" ip="" name="" src="0" />
<exception dest="1" eolvar="%%proxy_bypass_domain_eth1" ip="" name="" src="0" />
</directive>
<directive accept="0" action="4" attrs="17" dest_inv="0" ipsec="0" libelle="Redirection des flux http avec proxy alternatif" nat_port="3128" priority="10" serv_inv="0" service="gr_redirection_proxy" src_inv="0" tag="ForceProxy1">
<source name="pedago" />
<destination name="exterieur" />
<exception dest="0" eolvar="%%proxy_bypass_src_network_eth1/%%calc_classe(%%proxy_bypass_src_netmask_eth1)" ip="" name="" src="1" />
<exception dest="1" eolvar="%%proxy_bypass_domain_eth1" ip="" name="" src="0" />
</directive>
<directive accept="0" action="4" attrs="17" dest_inv="1" ipsec="0" libelle="Redirection des flux http sans proxy vers une page d'erreur" nat_port="81" priority="11" serv_inv="0" service="http" src_inv="0" tag="ForceProxy1">
<source name="pedago" />
<destination name="exterieur_bastion" />
<exception dest="0" eolvar="%%proxy_bypass_src_network_eth1/%%calc_classe(%%proxy_bypass_src_netmask_eth1)" ip="" name="" src="1" />
<exception dest="1" eolvar="%%proxy_bypass_domain_eth1" ip="" name="" src="0" />
</directive>
<directive accept="0" action="4" attrs="17" dest_inv="0" ipsec="0" libelle="Redirection des flux https sans proxy vers une page d'erreur" nat_port="82" priority="12" serv_inv="0" service="gr_redirection_https" src_inv="0" tag="ForceProxy1">
<source name="pedago" />
<destination name="exterieur" />
<exception dest="0" eolvar="%%proxy_bypass_src_network_eth1/%%calc_classe(%%proxy_bypass_src_netmask_eth1)" ip="" name="" src="1" />
<exception dest="1" eolvar="%%proxy_bypass_domain_eth1" ip="" name="" src="0" />
</directive>
</descendantes>
</flux>
<flux zoneA="bastion" zoneB="pedago">
<montantes default_policy="0">
<directive accept="0" action="2" attrs="17" dest_inv="0" ipsec="0" libelle="ssh pedago vers Amon" priority="1" serv_inv="0" service="ssh" src_inv="0" tag="SSHDepuisEth1">
<source name="pedago_ssh" />
<destination name="bastion" />
</directive>
<directive accept="0" action="2" attrs="17" dest_inv="0" ipsec="0" libelle="administration pedago vers Amon" priority="2" serv_inv="0" service="admin_amon" src_inv="0" tag="AdminDepuisEth1">
<source name="pedago_admin" />
<destination name="bastion" />
</directive>
<directive accept="0" action="2" attrs="17" dest_inv="0" ipsec="0" libelle="administration pedago vers Amon" priority="3" serv_inv="0" service="lightsquid" src_inv="0" tag="lightsquid1">
<source name="pedago_admin" />
<destination name="bastion" />
</directive>
<directive accept="0" action="2" attrs="0" dest_inv="0" ipsec="0" libelle="pas de description" priority="4" serv_inv="0" service="dns-tcp" src_inv="0">
<source name="pedago" />
<destination name="internet_eth1" />
</directive>
<directive accept="0" action="2" attrs="0" dest_inv="0" ipsec="0" libelle="pas de description" priority="5" serv_inv="0" service="dns-udp" src_inv="0">
<source name="pedago" />
<destination name="internet_eth1" />
</directive>
<directive accept="0" action="2" attrs="17" dest_inv="0" ipsec="0" libelle="autoriser l'acces a Nuauth" priority="6" serv_inv="0" service="nuauth" src_inv="0" tag="auth_nufw">
<source name="pedago" />
<destination name="bastion" />
</directive>
<directive accept="0" action="2" attrs="17" dest_inv="0" ipsec="0" libelle="pas de description" priority="7" serv_inv="0" service="eole-sso" src_inv="0" tag="eole_sso">
<source name="pedago" />
<destination name="bastion" />
</directive>
<directive accept="0" action="2" attrs="0" dest_inv="0" ipsec="0" libelle="pas de description" priority="8" serv_inv="0" service="proxy" src_inv="0">
<source name="pedago" />
<destination name="internet_eth1" />
</directive>
<directive accept="0" action="2" attrs="17" dest_inv="0" ipsec="0" libelle="pas de description" priority="9" serv_inv="0" service="proxy2" src_inv="0" tag="Activer squid2">
<source name="pedago" />
<destination name="internet_eth1" />
</directive>
<directive accept="0" action="2" attrs="17" dest_inv="0" ipsec="0" libelle="pas de description" priority="10" serv_inv="0" service="cntlm" src_inv="0" tag="cntlm">
<source name="pedago" />
<destination name="internet_eth1" />
</directive>
<directive accept="0" action="2" attrs="17" dest_inv="0" ipsec="0" libelle="gen_config pedago vers Amon" priority="11" serv_inv="0" service="gen_config" src_inv="0" tag="SSHDepuisEth1">
<source name="pedago_ssh" />
<destination name="bastion" />
</directive>
<directive accept="0" action="2" attrs="17" dest_inv="0" ipsec="0" libelle="Acces backend EAD pedago vers Amon" priority="12" serv_inv="0" service="ead_server" src_inv="0" tag="BackendEADDepuisEth1">
<source name="pedago_backend_ead" />
<destination name="bastion" />
</directive>
<directive accept="0" action="2" attrs="17" dest_inv="0" ipsec="0" libelle="raduis admin vers Amon" priority="13" serv_inv="0" service="gr_radius" src_inv="0" tag="ActiverRadiuseth1">
<source name="pedago" />
<destination name="bastion" />
</directive>
<directive accept="0" action="2" attrs="0" dest_inv="0" ipsec="0" libelle="Autorisation reverse proxy + WPAD" priority="14" serv_inv="0" service="http" src_inv="0">
<source name="pedago" />
<destination name="bastion_exterieur" />
</directive>
<directive accept="0" action="2" attrs="0" dest_inv="0" ipsec="0" libelle="Autoriser ntp depuis pedago" priority="15" serv_inv="0" service="ntp" src_inv="0">
<source name="pedago" />
<destination name="bastion" />
</directive>
<directive accept="0" action="2" attrs="17" dest_inv="0" ipsec="0" libelle="pas de description" priority="16" serv_inv="0" service="ldap" src_inv="0" tag="activer_ldap">
<source name="pedago" />
<destination name="bdd" />
</directive>
<directive accept="0" action="2" attrs="17" dest_inv="0" ipsec="0" libelle="pas de description" priority="17" serv_inv="0" service="ldaps" src_inv="0" tag="activer_ldaps">
<source name="pedago" />
<destination name="bdd" />
</directive>
<directive accept="0" action="2" attrs="17" dest_inv="0" ipsec="0" libelle="interface web sympa" priority="18" serv_inv="0" service="sympa-internet" src_inv="0" tag="AdminDepuisEth1">
<source name="pedago_admin" />
<destination name="reseau" />
</directive>
<directive accept="0" action="2" attrs="0" dest_inv="0" ipsec="0" libelle="interface web sympa" priority="19" serv_inv="0" service="sympa-restreint" src_inv="0">
<source name="pedago" />
<destination name="reseau" />
</directive>
<directive accept="0" action="2" attrs="17" dest_inv="0" ipsec="0" libelle="Activer NFS depuis les clients" priority="20" serv_inv="0" service="nfs" src_inv="0" tag="activer_nfs">
<source name="client_nfs" />
<destination name="bastion" />
</directive>
<directive accept="0" action="2" attrs="17" dest_inv="0" ipsec="0" libelle="pas de description" priority="21" serv_inv="0" service="imap" src_inv="0" tag="activer_courrier_imap">
<source name="pedago" />
<destination name="reseau" />
</directive>
<directive accept="0" action="2" attrs="17" dest_inv="0" ipsec="0" libelle="pas de description" priority="22" serv_inv="0" service="imap4-ssl" src_inv="0" tag="activer_courrier_imap">
<source name="pedago" />
<destination name="reseau" />
</directive>
<directive accept="0" action="2" attrs="17" dest_inv="0" ipsec="0" libelle="pas de description" priority="23" serv_inv="0" service="pop" src_inv="0" tag="activer_courrier_pop">
<source name="pedago" />
<destination name="reseau" />
</directive>
<directive accept="0" action="2" attrs="17" dest_inv="0" ipsec="0" libelle="pas de description" priority="24" serv_inv="0" service="pop3s" src_inv="0" tag="activer_courrier_pop">
<source name="pedago" />
<destination name="reseau" />
</directive>
<directive accept="0" action="2" attrs="0" dest_inv="0" ipsec="0" libelle="pas de description" priority="25" serv_inv="0" service="smtp" src_inv="0">
<source name="pedago" />
<destination name="reseau" />
</directive>
<directive accept="0" action="2" attrs="0" dest_inv="0" ipsec="0" libelle="pas de description" priority="26" serv_inv="0" service="smtps" src_inv="0">
<source name="pedago" />
<destination name="reseau" />
</directive>
<directive accept="0" action="2" attrs="17" dest_inv="0" ipsec="0" libelle="pas de description" priority="27" serv_inv="0" service="xmpp" src_inv="0" tag="activer_xmpp">
<source name="pedago" />
<destination name="reseau" />
</directive>
<directive accept="0" action="2" attrs="17" dest_inv="0" ipsec="0" libelle="pas de description" priority="28" serv_inv="0" service="xmpp-ssl" src_inv="0" tag="activer_xmpp">
<source name="pedago" />
<destination name="reseau" />
</directive>
<directive accept="0" action="2" attrs="17" dest_inv="0" ipsec="0" libelle="pas de description" priority="29" serv_inv="0" service="tftpd-hpa" src_inv="0" tag="activer_tftp">
<source name="pedago" />
<destination name="bdd" />
</directive>
<directive accept="0" action="2" attrs="17" dest_inv="0" ipsec="0" libelle="interface web CUPS" priority="30" serv_inv="0" service="cups" src_inv="0" tag="activer_cups1">
<source name="pedago_admin" />
<destination name="partage_eth1" />
</directive>
<directive accept="0" action="2" attrs="0" dest_inv="0" ipsec="0" libelle="Controle VNC" priority="31" serv_inv="0" service="scribe-controlevnc" src_inv="0">
<source name="pedago" />
<destination name="partage_eth1" />
</directive>
<directive accept="0" action="2" attrs="17" dest_inv="0" ipsec="0" libelle="Controle VNC" priority="32" serv_inv="0" service="ftp" src_inv="0" tag="activer_proftpd">
<source name="pedago" />
<destination name="partage_eth1" />
</directive>
<directive accept="0" action="2" attrs="0" dest_inv="0" ipsec="0" libelle="Controle VNC" priority="33" serv_inv="0" service="samba" src_inv="0">
<source name="pedago" />
<destination name="partage_eth1" />
</directive>
<directive accept="0" action="2" attrs="0" dest_inv="0" ipsec="0" libelle="Controle VNC" priority="34" serv_inv="0" service="samba" src_inv="0">
<source name="pedago" />
<destination name="partage_eth1_broadcast" />
</directive>
<directive accept="0" action="2" attrs="0" dest_inv="0" ipsec="0" libelle="Autorise le ping vers le conteneur" priority="35" serv_inv="0" service="echo-request" src_inv="0">
<source name="pedago" />
<destination name="partage_eth1" />
</directive>
<directive accept="0" action="2" attrs="0" dest_inv="0" ipsec="0" libelle="Autorise le ping vers le conteneur" priority="36" serv_inv="0" service="echo-request" src_inv="0">
<source name="pedago" />
<destination name="internet_eth1" />
</directive>
<directive accept="0" action="2" attrs="17" dest_inv="0" ipsec="0" libelle="Autoriser l'accès &#224; Gaspacho" priority="37" serv_inv="0" service="gaspacho" src_inv="0" tag="GaspachoEth1">
<source name="pedago" />
<destination name="partage_eth1" />
</directive>
<directive accept="0" action="2" attrs="17" dest_inv="0" ipsec="0" libelle="Open Eclair ports on AmonEcole" priority="38" serv_inv="0" service="amonecole-eclair" src_inv="0" tag="activer_eclair_amonecole">
<source name="pedago" />
<destination name="ltspserver_eth0" />
</directive>
<directive accept="0" action="2" attrs="17" dest_inv="0" ipsec="0" libelle="Open Gaspacho and TFTPD for Eclair on AmonEcole" priority="39" serv_inv="0" service="amonecole-eclair-partage" src_inv="0" tag="activer_eclair_amonecole">
<source name="pedago" />
<destination name="partage_eth1" />
</directive>
</montantes>
<descendantes default_policy="1">
</descendantes>
</flux>
<flux zoneA="exterieur" zoneB="admin">
<montantes default_policy="0">
</montantes>
<descendantes default_policy="1">
<directive accept="0" action="16" attrs="0" dest_inv="0" ipsec="0" libelle="pas de description" nat_extr="exterieur_bastion" nat_port="0" priority="1" serv_inv="0" service="tous" src_inv="0">
<source name="admin_restreint" />
<destination name="exterieur" />
</directive>
<directive accept="0" action="1" attrs="1" dest_inv="0" ipsec="0" libelle="admin -&gt; exterieur : interdire les protocoles de news, forums ..." priority="2" serv_inv="0" service="gr_forum" src_inv="0" tag="Interdiction des forums">
<source name="admin" />
<destination name="exterieur" />
</directive>
<directive accept="0" action="1" attrs="1" dest_inv="0" ipsec="0" libelle="Interdire les connexions FTP" priority="3" serv_inv="0" service="gr_ftp" src_inv="0" tag="Interdire les connexions FTP">
<source name="admin" />
<destination name="exterieur" />
</directive>
<directive accept="0" action="1" attrs="1" dest_inv="0" ipsec="0" libelle="admin -&gt; exterieur : interdire les protocoles de discussion en ligne (irc ...)" priority="4" serv_inv="0" service="gr_irc" src_inv="0" tag="Interdire l'utilisation des dialogues en direct">
<source name="admin" />
<destination name="exterieur" />
</directive>
<directive accept="0" action="1" attrs="1" dest_inv="0" ipsec="0" libelle="admin -&gt; exterieur : interdire les protocoles de messagerie (pop, imap ...)" priority="5" serv_inv="0" service="gr_messagerie" src_inv="0" tag="Interdiction des protocoles de messagerie">
<source name="admin" />
<destination name="exterieur" />
</directive>
<!--
<directive accept="0" action="1" attrs="1" dest_inv="0" ipsec="0" libelle="admin -&gt; exterieur : tout interdire (sauf le web via le proxy)" priority="6" serv_inv="0" service="gr_restreint" src_inv="0" tag="Internet restreint">
<source name="admin" />
<destination name="exterieur" />
</directive>
<directive accept="0" action="4" attrs="17" dest_inv="0" ipsec="0" libelle="Redirection des flux http avec proxy alternatif" nat_port="3128" priority="7" serv_inv="0" service="gr_redirection_proxy" src_inv="0" tag="ProxyBypass1">
<source name="admin" />
<destination name="exterieur" />
<exception dest="0" eolvar="%%proxy_bypass_src_network_eth2/%%calc_classe(%%proxy_bypass_src_netmask_eth2)" ip="" name="" src="1" />
<exception dest="1" eolvar="%%proxy_bypass_network_eth2/%%calc_classe(%%proxy_bypass_netmask_eth2)" ip="" name="" src="0" />
<exception dest="1" eolvar="%%proxy_bypass_domain_eth2" ip="" name="" src="0" />
</directive>
<directive accept="0" action="4" attrs="17" dest_inv="1" ipsec="0" libelle="Redirection des flux http sans proxy" nat_port="81" priority="8" serv_inv="0" service="http" src_inv="0" tag="ProxyBypass1">
<source name="admin" />
<destination name="exterieur_bastion" />
<exception dest="0" eolvar="%%proxy_bypass_src_network_eth2/%%calc_classe(%%proxy_bypass_src_netmask_eth2)" ip="" name="" src="1" />
<exception dest="1" eolvar="%%proxy_bypass_network_eth2/%%calc_classe(%%proxy_bypass_netmask_eth2)" ip="" name="" src="0" />
<exception dest="1" eolvar="%%proxy_bypass_domain_eth2" ip="" name="" src="0" />
</directive>
<directive accept="0" action="4" attrs="17" dest_inv="0" ipsec="0" libelle="Redirection des flux https sans proxy vers une page d'erreur" nat_port="82" priority="9" serv_inv="0" service="gr_redirection_https" src_inv="0" tag="ProxyBypass1">
<source name="admin" />
<destination name="exterieur" />
<exception dest="0" eolvar="%%proxy_bypass_src_network_eth2/%%calc_classe(%%proxy_bypass_src_netmask_eth2)" ip="" name="" src="1" />
<exception dest="1" eolvar="%%proxy_bypass_network_eth2/%%calc_classe(%%proxy_bypass_netmask_eth2)" ip="" name="" src="0" />
<exception dest="1" eolvar="%%proxy_bypass_domain_eth2" ip="" name="" src="0" />
</directive>
<directive accept="0" action="4" attrs="17" dest_inv="0" ipsec="0" libelle="Redirection des flux http avec proxy alternatif" nat_port="3128" priority="10" serv_inv="0" service="gr_redirection_proxy" src_inv="0" tag="ForceProxy1">
<source name="admin" />
<destination name="exterieur" />
<exception dest="0" eolvar="%%proxy_bypass_src_network_eth2/%%calc_classe(%%proxy_bypass_src_netmask_eth2)" ip="" name="" src="1" />
<exception dest="1" eolvar="%%proxy_bypass_domain_eth2" ip="" name="" src="0" />
</directive>
<directive accept="0" action="4" attrs="17" dest_inv="1" ipsec="0" libelle="Redirection des flux http sans proxy vers une page d'erreur" nat_port="81" priority="11" serv_inv="0" service="http" src_inv="0" tag="ForceProxy1">
<source name="admin" />
<destination name="exterieur_bastion" />
<exception dest="0" eolvar="%%proxy_bypass_src_network_eth2/%%calc_classe(%%proxy_bypass_src_netmask_eth2)" ip="" name="" src="1" />
<exception dest="1" eolvar="%%proxy_bypass_domain_eth2" ip="" name="" src="0" />
</directive>
<directive accept="0" action="4" attrs="17" dest_inv="0" ipsec="0" libelle="Redirection des flux https sans proxy vers une page d'erreur" nat_port="82" priority="12" serv_inv="0" service="gr_redirection_https" src_inv="0" tag="ForceProxy1">
<source name="admin" />
<destination name="exterieur" />
<exception dest="0" eolvar="%%proxy_bypass_src_network_eth2/%%calc_classe(%%proxy_bypass_src_netmask_eth2)" ip="" name="" src="1" />
<exception dest="1" eolvar="%%proxy_bypass_domain_eth2" ip="" name="" src="0" />
</directive>
-->
</descendantes>
</flux>
<flux zoneA="bastion" zoneB="admin">
<montantes default_policy="0">
<directive accept="0" action="2" attrs="17" dest_inv="0" ipsec="0" libelle="ssh admin vers Amon" priority="1" serv_inv="0" service="ssh" src_inv="0" tag="SSHDepuiseth2">
<source name="admin_ssh" />
<destination name="bastion" />
</directive>
<directive accept="0" action="2" attrs="17" dest_inv="0" ipsec="0" libelle="administration admin vers Amon" priority="2" serv_inv="0" service="admin_amon" src_inv="0" tag="AdminDepuiseth2">
<source name="admin_admin" />
<destination name="bastion" />
</directive>
<directive accept="0" action="2" attrs="17" dest_inv="0" ipsec="0" libelle="administration admin vers Amon" priority="3" serv_inv="0" service="lightsquid" src_inv="0" tag="lightsquid1">
<source name="admin_admin" />
<destination name="bastion" />
</directive>
<directive accept="0" action="2" attrs="0" dest_inv="0" ipsec="0" libelle="pas de description" priority="4" serv_inv="0" service="dns-tcp" src_inv="0">
<source name="admin" />
<destination name="internet_eth2" />
</directive>
<directive accept="0" action="2" attrs="0" dest_inv="0" ipsec="0" libelle="pas de description" priority="5" serv_inv="0" service="dns-udp" src_inv="0">
<source name="admin" />
<destination name="internet_eth2" />
</directive>
<directive accept="0" action="2" attrs="17" dest_inv="0" ipsec="0" libelle="autoriser l'acces a Nuauth" priority="6" serv_inv="0" service="nuauth" src_inv="0" tag="auth_nufw">
<source name="admin" />
<destination name="bastion" />
</directive>
<directive accept="0" action="2" attrs="17" dest_inv="0" ipsec="0" libelle="pas de description" priority="7" serv_inv="0" service="eole-sso" src_inv="0" tag="eole_sso">
<source name="admin" />
<destination name="bastion" />
</directive>
<directive accept="0" action="2" attrs="0" dest_inv="0" ipsec="0" libelle="pas de description" priority="8" serv_inv="0" service="proxy" src_inv="0">
<source name="admin" />
<destination name="internet_eth2" />
</directive>
<directive accept="0" action="2" attrs="17" dest_inv="0" ipsec="0" libelle="pas de description" priority="9" serv_inv="0" service="proxy2" src_inv="0" tag="Activer squid2">
<source name="admin" />
<destination name="internet_eth2" />
</directive>
<directive accept="0" action="2" attrs="17" dest_inv="0" ipsec="0" libelle="pas de description" priority="10" serv_inv="0" service="cntlm" src_inv="0" tag="cntlm">
<source name="admin" />
<destination name="internet_eth2" />
</directive>
<directive accept="0" action="2" attrs="17" dest_inv="0" ipsec="0" libelle="gen_config admin vers Amon" priority="11" serv_inv="0" service="gen_config" src_inv="0" tag="SSHDepuiseth2">
<source name="admin_ssh" />
<destination name="bastion" />
</directive>
<directive accept="0" action="2" attrs="17" dest_inv="0" ipsec="0" libelle="Acces backend EAD admin vers Amon" priority="12" serv_inv="0" service="ead_server" src_inv="0" tag="BackendEADDepuiseth2">
<source name="admin_backend_ead" />
<destination name="bastion" />
</directive>
<directive accept="0" action="2" attrs="17" dest_inv="0" ipsec="0" libelle="raduis admin vers Amon" priority="13" serv_inv="0" service="gr_radius" src_inv="0" tag="ActiverRadiuseth2">
<source name="admin" />
<destination name="bastion" />
</directive>
<directive accept="0" action="2" attrs="0" dest_inv="0" ipsec="0" libelle="Autorisation reverse proxy + WPAD" priority="14" serv_inv="0" service="http" src_inv="0">
<source name="admin" />
<destination name="bastion_exterieur" />
</directive>
<directive accept="0" action="2" attrs="0" dest_inv="0" ipsec="0" libelle="Autoriser ntp depuis admin" priority="15" serv_inv="0" service="ntp" src_inv="0">
<source name="admin" />
<destination name="bastion" />
</directive>
<directive accept="0" action="2" attrs="17" dest_inv="0" ipsec="0" libelle="pas de description" priority="16" serv_inv="0" service="ldap" src_inv="0" tag="activer_ldap">
<source name="admin" />
<destination name="bdd" />
</directive>
<directive accept="0" action="2" attrs="17" dest_inv="0" ipsec="0" libelle="pas de description" priority="17" serv_inv="0" service="ldaps" src_inv="0" tag="activer_ldaps">
<source name="admin" />
<destination name="bdd" />
</directive>
<directive accept="0" action="2" attrs="17" dest_inv="0" ipsec="0" libelle="interface web sympa" priority="18" serv_inv="0" service="sympa-internet" src_inv="0" tag="AdminDepuiseth2">
<source name="admin_admin" />
<destination name="reseau" />
</directive>
<directive accept="0" action="2" attrs="0" dest_inv="0" ipsec="0" libelle="interface web sympa" priority="19" serv_inv="0" service="sympa-restreint" src_inv="0">
<source name="admin" />
<destination name="reseau" />
</directive>
<directive accept="0" action="2" attrs="17" dest_inv="0" ipsec="0" libelle="Activer NFS depuis les clients" priority="20" serv_inv="0" service="nfs" src_inv="0" tag="activer_nfs">
<source name="client_nfs" />
<destination name="bastion" />
</directive>
<directive accept="0" action="2" attrs="17" dest_inv="0" ipsec="0" libelle="pas de description" priority="21" serv_inv="0" service="imap" src_inv="0" tag="activer_courrier_imap">
<source name="admin" />
<destination name="reseau" />
</directive>
<directive accept="0" action="2" attrs="17" dest_inv="0" ipsec="0" libelle="pas de description" priority="22" serv_inv="0" service="imap4-ssl" src_inv="0" tag="activer_courrier_imap">
<source name="admin" />
<destination name="reseau" />
</directive>
<directive accept="0" action="2" attrs="17" dest_inv="0" ipsec="0" libelle="pas de description" priority="23" serv_inv="0" service="pop" src_inv="0" tag="activer_courrier_pop">
<source name="admin" />
<destination name="reseau" />
</directive>
<directive accept="0" action="2" attrs="17" dest_inv="0" ipsec="0" libelle="pas de description" priority="24" serv_inv="0" service="pop3s" src_inv="0" tag="activer_courrier_pop">
<source name="admin" />
<destination name="reseau" />
</directive>
<directive accept="0" action="2" attrs="0" dest_inv="0" ipsec="0" libelle="pas de description" priority="25" serv_inv="0" service="smtp" src_inv="0">
<source name="admin" />
<destination name="reseau" />
</directive>
<directive accept="0" action="2" attrs="0" dest_inv="0" ipsec="0" libelle="pas de description" priority="26" serv_inv="0" service="smtps" src_inv="0">
<source name="admin" />
<destination name="reseau" />
</directive>
<directive accept="0" action="2" attrs="17" dest_inv="0" ipsec="0" libelle="pas de description" priority="27" serv_inv="0" service="xmpp" src_inv="0" tag="activer_xmpp">
<source name="admin" />
<destination name="reseau" />
</directive>
<directive accept="0" action="2" attrs="17" dest_inv="0" ipsec="0" libelle="pas de description" priority="28" serv_inv="0" service="xmpp-ssl" src_inv="0" tag="activer_xmpp">
<source name="admin" />
<destination name="reseau" />
</directive>
<directive accept="0" action="2" attrs="17" dest_inv="0" ipsec="0" libelle="pas de description" priority="29" serv_inv="0" service="tftpd-hpa" src_inv="0" tag="activer_tftp">
<source name="admin" />
<destination name="bdd" />
</directive>
<directive accept="0" action="2" attrs="17" dest_inv="0" ipsec="0" libelle="interface web CUPS" priority="30" serv_inv="0" service="cups" src_inv="0" tag="activer_cups1">
<source name="admin_admin" />
<destination name="partage_eth2" />
</directive>
<directive accept="0" action="2" attrs="0" dest_inv="0" ipsec="0" libelle="Controle VNC" priority="31" serv_inv="0" service="scribe-controlevnc" src_inv="0">
<source name="admin" />
<destination name="partage_eth2" />
</directive>
<directive accept="0" action="2" attrs="17" dest_inv="0" ipsec="0" libelle="Controle VNC" priority="32" serv_inv="0" service="ftp" src_inv="0" tag="activer_proftpd">
<source name="admin" />
<destination name="partage_eth2" />
</directive>
<directive accept="0" action="2" attrs="0" dest_inv="0" ipsec="0" libelle="Controle VNC" priority="33" serv_inv="0" service="samba" src_inv="0">
<source name="admin" />
<destination name="partage_eth2" />
</directive>
<directive accept="0" action="2" attrs="0" dest_inv="0" ipsec="0" libelle="Controle VNC" priority="34" serv_inv="0" service="samba" src_inv="0">
<source name="admin" />
<destination name="partage_eth2_broadcast" />
</directive>
<directive accept="0" action="2" attrs="0" dest_inv="0" ipsec="0" libelle="Autorise le ping vers le conteneur" priority="35" serv_inv="0" service="echo-request" src_inv="0">
<source name="admin" />
<destination name="partage_eth2" />
</directive>
<directive accept="0" action="2" attrs="0" dest_inv="0" ipsec="0" libelle="Autorise le ping vers le conteneur" priority="36" serv_inv="0" service="echo-request" src_inv="0">
<source name="admin" />
<destination name="internet_eth2" />
</directive>
<directive accept="0" action="2" attrs="17" dest_inv="0" ipsec="0" libelle="Autoriser l'accès &#224; Gaspacho" priority="37" serv_inv="0" service="gaspacho" src_inv="0" tag="Gaspachoeth2">
<source name="admin" />
<destination name="partage_eth2" />
</directive>
<directive accept="0" action="2" attrs="17" dest_inv="0" ipsec="0" libelle="Open Eclair ports on AmonEcole" priority="38" serv_inv="0" service="amonecole-eclair" src_inv="0" tag="activer_eclair_amonecole">
<source name="admin" />
<destination name="ltspserver_eth0" />
</directive>
<directive accept="0" action="2" attrs="17" dest_inv="0" ipsec="0" libelle="Open Gaspacho and TFTPD for Eclair on AmonEcole" priority="39" serv_inv="0" service="amonecole-eclair-partage" src_inv="0" tag="activer_eclair_amonecole">
<source name="admin" />
<destination name="partage_eth2" />
</directive>
</montantes>
<descendantes default_policy="1">
</descendantes>
</flux>
</flux-list></firewall>
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment