1
|
<?xml version="1.0" encoding="UTF-8" ?>
|
2
|
|
3
|
<firewall name="/usr/share/era/modeles/4zones-scribe-nginx-creteil-gtb.xml" netbios="1" model="/usr/share/era/modeles/4zones-scribe-nginx-creteil.xml" qos="0" version="2.3">
|
4
|
<zones>
|
5
|
<zone name="vlan-gtb" level="20" ip="%%id_vlan_eth3[0].adresse_ip_vlan_eth3" network="%%id_vlan_eth3[0].adresse_network_vlan_eth3" netmask="%%id_vlan_eth3[0].adresse_netmask_vlan_eth3" interface="eth3.%%id_vlan_eth3[0]"/>
|
6
|
</zones>
|
7
|
<include></include>
|
8
|
<services>
|
9
|
<service name="rdp-3389" protocol="tcp" ports="3389" id="68" libelle="rdp-3389" />
|
10
|
</services>
|
11
|
<qosclasses upload="" download="">
|
12
|
</qosclasses>
|
13
|
<extremites>
|
14
|
<extremite zone="exterieur" name="source-acces-gtb" libelle="source-acces-gtb" netmask="%%netmask_source_ext_gtb" subnet="1">
|
15
|
<ip address="%%ip_source_ext_gtb"/>
|
16
|
</extremite>
|
17
|
<extremite zone="vlan-gtb" name="serveur-gtb" libelle="serveur-gtb" netmask="255.255.255.255" subnet="0">
|
18
|
<ip address="%%ip_serveur_gtb"/>
|
19
|
</extremite>
|
20
|
<extremite zone="vlan-gtb" name="vlan-gtb_restreint" libelle="zone restreinte" netmask="%%id_vlan_eth3[0].adresse_netmask_vlan_eth3" subnet="1">
|
21
|
<ip address="%%id_vlan_eth3[0].adresse_network_vlan_eth3"/>
|
22
|
</extremite>
|
23
|
<extremite zone="bastion" name="AliasEth0" libelle="AliasEth0" netmask="255.255.255.255" subnet="0">
|
24
|
<ip address="%%alias_ip_eth0"/>
|
25
|
</extremite>
|
26
|
<extremite zone="vlan-gtb" name="vlan-gtb" libelle="Zone entière" netmask="0.0.0.0" subnet="1">
|
27
|
<ip address="0.0.0.0"/>
|
28
|
</extremite>
|
29
|
</extremites>
|
30
|
<ranges>
|
31
|
</ranges>
|
32
|
<user_groups>
|
33
|
</user_groups>
|
34
|
<applications>
|
35
|
</applications>
|
36
|
<flux-list>
|
37
|
<flux zoneA="bastion" zoneB="exterieur">
|
38
|
<montantes default_policy="0">
|
39
|
<directive service="http" priority="11" action="8" attrs="0" nat_extr="serveur-gtb" nat_port="80" src_inv="0" dest_inv="0" serv_inv="0" libelle="pas de description" ipsec="0" accept="0">
|
40
|
<source name="source-acces-gtb"/>
|
41
|
<destination name="AliasEth0"/>
|
42
|
</directive>
|
43
|
<directive service="rdp-3389" priority="12" action="8" attrs="0" nat_extr="serveur-gtb" nat_port="3389" src_inv="0" dest_inv="0" serv_inv="0" libelle="pas de description" ipsec="0" accept="0">
|
44
|
<source name="source-acces-gtb"/>
|
45
|
<destination name="AliasEth0"/>
|
46
|
</directive>
|
47
|
</montantes>
|
48
|
<descendantes default_policy="1">
|
49
|
</descendantes>
|
50
|
</flux>
|
51
|
<flux zoneA="exterieur" zoneB="admin">
|
52
|
<montantes default_policy="0">
|
53
|
</montantes>
|
54
|
<descendantes default_policy="1">
|
55
|
</descendantes>
|
56
|
</flux>
|
57
|
<flux zoneA="bastion" zoneB="admin">
|
58
|
<montantes default_policy="0">
|
59
|
</montantes>
|
60
|
<descendantes default_policy="1">
|
61
|
</descendantes>
|
62
|
</flux>
|
63
|
<flux zoneA="exterieur" zoneB="pedago">
|
64
|
<montantes default_policy="0">
|
65
|
</montantes>
|
66
|
<descendantes default_policy="1">
|
67
|
</descendantes>
|
68
|
</flux>
|
69
|
<flux zoneA="admin" zoneB="pedago">
|
70
|
<montantes default_policy="0">
|
71
|
</montantes>
|
72
|
<descendantes default_policy="1">
|
73
|
</descendantes>
|
74
|
</flux>
|
75
|
<flux zoneA="bastion" zoneB="pedago">
|
76
|
<montantes default_policy="0">
|
77
|
</montantes>
|
78
|
<descendantes default_policy="1">
|
79
|
</descendantes>
|
80
|
</flux>
|
81
|
<flux zoneA="exterieur" zoneB="dmz">
|
82
|
<montantes default_policy="0">
|
83
|
</montantes>
|
84
|
<descendantes default_policy="1">
|
85
|
</descendantes>
|
86
|
</flux>
|
87
|
<flux zoneA="dmz" zoneB="pedago">
|
88
|
<montantes default_policy="0">
|
89
|
</montantes>
|
90
|
<descendantes default_policy="1">
|
91
|
</descendantes>
|
92
|
</flux>
|
93
|
<flux zoneA="bastion" zoneB="dmz">
|
94
|
<montantes default_policy="0">
|
95
|
</montantes>
|
96
|
<descendantes default_policy="1">
|
97
|
</descendantes>
|
98
|
</flux>
|
99
|
<flux zoneA="admin" zoneB="dmz">
|
100
|
<montantes default_policy="0">
|
101
|
</montantes>
|
102
|
<descendantes default_policy="1">
|
103
|
</descendantes>
|
104
|
</flux>
|
105
|
<flux zoneA="exterieur" zoneB="vlan-gtb">
|
106
|
<montantes default_policy="0">
|
107
|
</montantes>
|
108
|
<descendantes default_policy="1">
|
109
|
<directive service="tous" priority="1" action="16" attrs="0" nat_extr="AliasEth0" nat_port="0" src_inv="0" dest_inv="0" serv_inv="0" libelle="pas de description" ipsec="0" accept="0">
|
110
|
<source name="vlan-gtb_restreint"/>
|
111
|
<destination name="exterieur"/>
|
112
|
</directive>
|
113
|
</descendantes>
|
114
|
</flux>
|
115
|
<flux zoneA="dmz" zoneB="vlan-gtb">
|
116
|
<montantes default_policy="0">
|
117
|
</montantes>
|
118
|
<descendantes default_policy="1">
|
119
|
</descendantes>
|
120
|
</flux>
|
121
|
<flux zoneA="pedago" zoneB="vlan-gtb">
|
122
|
<montantes default_policy="0">
|
123
|
</montantes>
|
124
|
<descendantes default_policy="1">
|
125
|
</descendantes>
|
126
|
</flux>
|
127
|
<flux zoneA="admin" zoneB="vlan-gtb">
|
128
|
<montantes default_policy="0">
|
129
|
</montantes>
|
130
|
<descendantes default_policy="1">
|
131
|
</descendantes>
|
132
|
</flux>
|
133
|
<flux zoneA="bastion" zoneB="vlan-gtb">
|
134
|
<montantes default_policy="0">
|
135
|
<directive service="dns-tcp" priority="1" action="2" attrs="0" src_inv="0" dest_inv="0" serv_inv="0" libelle="pas de description" ipsec="0" accept="0">
|
136
|
<source name="vlan-gtb"/>
|
137
|
<destination name="internet"/>
|
138
|
</directive>
|
139
|
<directive service="dns-udp" priority="2" action="2" attrs="0" src_inv="0" dest_inv="0" serv_inv="0" libelle="pas de description" ipsec="0" accept="0">
|
140
|
<source name="vlan-gtb"/>
|
141
|
<destination name="internet"/>
|
142
|
</directive>
|
143
|
<directive service="eole-sso" priority="3" action="2" attrs="0" src_inv="0" dest_inv="0" serv_inv="0" libelle="pas de description" ipsec="0" accept="0">
|
144
|
<source name="vlan-gtb"/>
|
145
|
<destination name="bastion"/>
|
146
|
</directive>
|
147
|
<directive service="proxy" priority="4" action="2" attrs="0" src_inv="0" dest_inv="0" serv_inv="0" libelle="pas de description" ipsec="0" accept="0">
|
148
|
<source name="vlan-gtb"/>
|
149
|
<destination name="proxy"/>
|
150
|
</directive>
|
151
|
<directive tag="Activer squid2" service="proxy2" priority="5" action="2" attrs="17" src_inv="0" dest_inv="0" serv_inv="0" libelle="pas de description" ipsec="0" accept="0">
|
152
|
<source name="vlan-gtb"/>
|
153
|
<destination name="proxy"/>
|
154
|
</directive>
|
155
|
<directive tag="cntlm" service="cntlm" priority="6" action="2" attrs="17" src_inv="0" dest_inv="0" serv_inv="0" libelle="pas de description" ipsec="0" accept="0">
|
156
|
<source name="vlan-gtb"/>
|
157
|
<destination name="proxy"/>
|
158
|
</directive>
|
159
|
</montantes>
|
160
|
<descendantes default_policy="1">
|
161
|
</descendantes>
|
162
|
</flux>
|
163
|
</flux-list>
|
164
|
</firewall>
|