Home Explore Help
Register Sign In
deviproductions
/
firewall
2
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Browse Source

pubshare: add wg0 and allow ssh connections

Maximilian Ronniger 3 years ago
parent
3ba1239c27
commit
4571dfd56a
1 changed files with 21 additions and 3 deletions
Split View Show Diff Stats
  1. 21 3
      dpFirewalls.fwb

+ 21 - 3
dpFirewalls.fwb
View File 

@@ -1,6 +1,6 @@
 
 <?xml version="1.0" encoding="utf-8"?>
 
 <!DOCTYPE FWObjectDatabase SYSTEM "fwbuilder.dtd">
 
-<FWObjectDatabase xmlns="http://www.fwbuilder.org/1.0/" version="24" lastModified="1573816369" id="root">
 
+<FWObjectDatabase xmlns="http://www.fwbuilder.org/1.0/" version="24" lastModified="1653082361" id="root">
 
   <Library id="syslib000" color="#d4f8ff" name="Standard" comment="Standard objects" ro="True">
 
     <AnyNetwork id="sysid0" name="Any" comment="Any Network" ro="False" address="0.0.0.0" netmask="0.0.0.0"/>
 
     <AnyIPService id="sysid1" protocol_num="0" name="Any" comment="Any IP Service" ro="False"/>
 
@@ -29,6 +29,17 @@
 
         <IPv4 id="id3403X88798" name="mDNS" comment="" ro="False" address="224.0.0.251" netmask="0.0.0.0"/>
 
         <IPv4 id="id3410X88798" name="LLMNR" comment="Link-Local Multicast Name Resolution, RFC4795" ro="False" address="224.0.0.252" netmask="0.0.0.0"/>
 
         <IPv4 id="id3411X88798" name="Teredo" comment="" ro="False" address="224.0.0.253" netmask="0.0.0.0"/>
 
+        <IPv6 id="id3412X88798" name="All nodes" comment="RFC4291" ro="False" address="ff02::1" netmask="128"/>
 
+        <IPv6 id="id3413X88798" name="All routers" comment="RFC4291" ro="False" address="ff02::2" netmask="128"/>
 
+        <IPv6 id="id3414X88798" name="OSPF (all routers)" comment="RFC2328" ro="False" address="ff02::5" netmask="128"/>
 
+        <IPv6 id="id3415X88798" name="OSPF (designated routers)" comment="RFC2328" ro="False" address="ff02::6" netmask="128"/>
 
+        <IPv6 id="id3416X88798" name="RIP" comment="RFC2080" ro="False" address="ff02::9" netmask="128"/>
 
+        <IPv6 id="id3417X88798" name="EIGRP" comment="RFC7868" ro="False" address="ff02::a" netmask="128"/>
 
+        <IPv6 id="id3418X88798" name="PIM" comment="RFC2375" ro="False" address="ff02::d" netmask="128"/>
 
+        <IPv6 id="id3419X88798" name="MLDv2 reports" comment="RFC3810" ro="False" address="ff02::16" netmask="128"/>
 
+        <IPv6 id="id3420X88798" name="DHCPv6 (link-local)" comment="RFC3315" ro="False" address="ff02::1:2" netmask="128"/>
 
+        <IPv6 id="id3421X88798" name="LLMNR (link-local)" comment="RFC4795" ro="False" address="ff02::1:3" netmask="128"/>
 
+        <IPv6 id="id3422X88798" name="DHCP (site-local)" comment="RFC3315" ro="False" address="ff05::1:3" netmask="128"/>
 
       </ObjectGroup>
 
       <ObjectGroup id="stdid17" name="DNS Names" comment="" ro="False"/>
 
       <ObjectGroup id="stdid18" name="Address Tables" comment="" ro="False"/>
 
@@ -1590,7 +1601,7 @@
 
           <Option name="verify_interfaces">True</Option>
 
         </FirewallOptions>
 
       </Firewall>
 
-      <Firewall id="id2770X15287" host_OS="linux24" lastCompiled="1559915160" lastInstalled="1559915175" lastModified="1559915146" platform="iptables" name="pubshare" comment="" ro="False">
 
+      <Firewall id="id2770X15287" host_OS="linux24" lastCompiled="1559915160" lastInstalled="1559915175" lastModified="1653082442" platform="iptables" name="pubshare" comment="" ro="False">
 
         <NAT id="id2774X15287" name="NAT" comment="" ro="False" ipv4_rule_set="False" ipv6_rule_set="False" top_rule_set="True">
 
           <RuleSetOptions/>
 
         </NAT>
 
@@ -1683,6 +1694,7 @@
 
             </Src>
 
             <Dst neg="False">
 
               <ObjectRef ref="id2778X15287"/>
 
+              <ObjectRef ref="id7052X175962"/>
 
             </Dst>
 
             <Srv neg="False">
 
               <ServiceRef ref="tcp-SSH"/>
 
@@ -1855,7 +1867,7 @@
 
         <Routing id="id2776X15287" name="Routing" comment="" ro="False" ipv4_rule_set="False" ipv6_rule_set="False" top_rule_set="True">
 
           <RuleSetOptions/>
 
         </Routing>
 
-        <Interface id="id2778X15287" dedicated_failover="False" dyn="False" label="internet" mgmt="True" security_level="0" unnum="False" unprotected="False" name="eth0" comment="" ro="False">
 
+        <Interface id="id2778X15287" dedicated_failover="False" dyn="False" label="internet" mgmt="False" security_level="0" unnum="False" unprotected="False" name="eth0" comment="" ro="False">
 
           <IPv4 id="id2779X15287" name="pubshare:eth0:ip" comment="" ro="False" address="10.0.1.11" netmask="255.255.255.0"/>
 
           <InterfaceOptions/>
 
         </Interface>
 
@@ -1869,6 +1881,12 @@
 
             <Option name="type">ethernet</Option>
 
           </InterfaceOptions>
 
         </Interface>
 
+        <Interface id="id7052X175962" dedicated_failover="False" dyn="False" label="wireguard" mgmt="True" security_level="0" unnum="False" unprotected="False" name="wg0" comment="" ro="False">
 
+          <IPv4 id="id7139X175962" name="pubshare:wg0:ip" comment="" ro="False" address="10.64.7.123" netmask="255.255.255.128"/>
 
+          <InterfaceOptions>
 
+            <Option name="type">ethernet</Option>
 
+          </InterfaceOptions>
 
+        </Interface>
 
         <Management address="10.0.1.11">
 
           <SNMPManagement enabled="False" snmp_read_community="" snmp_write_community=""/>
 
           <FWBDManagement enabled="False" identity="" port="-1"/>