Home Explore Help
Register Sign In
itguru
/
firewall
3
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Browse Source

kvmhost02: allow web access to mail01 from web01

Maximilian Ronniger 5 years ago
parent
9e3d32dd7c
commit
51dfa7f273
1 changed files with 31 additions and 10 deletions
Split View Show Diff Stats
  1. 31 10
      itguru.at.fwb

+ 31 - 10
itguru.at.fwb
View File 

@@ -2452,7 +2452,7 @@
 
           <Option name="verify_interfaces">True</Option>
 
         </FirewallOptions>
 
       </Firewall>
 
-      <Firewall id="id8899X28426" host_OS="linux24" inactive="False" lastCompiled="1578494421" lastInstalled="1578494433" lastModified="1578494410" platform="iptables" version="" name="kvmhost02" comment="" ro="False">
 
+      <Firewall id="id8899X28426" host_OS="linux24" inactive="False" lastCompiled="1580240730" lastInstalled="1580240748" lastModified="1580240718" platform="iptables" version="" name="kvmhost02" comment="" ro="False">
 
         <NAT id="id13393X65696" name="NAT" comment="" ro="False" ipv4_rule_set="True" ipv6_rule_set="False" top_rule_set="True">
 
           <NATRule id="id13395X65696" disabled="False" group="outgoing NAT" position="0" action="Translate" comment="NAT all outgoing mail traffic to mail IP">
 
             <OSrc neg="False">
 
@@ -3397,7 +3397,28 @@
 
               <Option name="stateless">False</Option>
 
             </PolicyRuleOptions>
 
           </PolicyRule>
 
-          <PolicyRule id="id12867X6099" disabled="False" group="VMs" log="True" position="16" action="Accept" direction="Both" comment="allow gogs https">
 
+          <PolicyRule id="id12906X29020" disabled="False" group="VMs" log="True" position="16" action="Accept" direction="Both" comment="allow mailman traffic">
 
+            <Src neg="False">
 
+              <ObjectRef ref="id6626X5690"/>
 
+            </Src>
 
+            <Dst neg="False">
 
+              <ObjectRef ref="id8526X5690"/>
 
+            </Dst>
 
+            <Srv neg="False">
 
+              <ServiceRef ref="tcp-HTTP"/>
 
+            </Srv>
 
+            <Itf neg="False">
 
+              <ObjectRef ref="sysid0"/>
 
+            </Itf>
 
+            <When neg="False">
 
+              <IntervalRef ref="sysid2"/>
 
+            </When>
 
+            <PolicyRuleOptions>
 
+              <Option name="color">#C0BA44</Option>
 
+              <Option name="stateless">False</Option>
 
+            </PolicyRuleOptions>
 
+          </PolicyRule>
 
+          <PolicyRule id="id12867X6099" disabled="False" group="VMs" log="True" position="17" action="Accept" direction="Both" comment="allow gogs https">
 
             <Src neg="False">
 
               <ObjectRef ref="id9692X36891"/>
 
             </Src>
 
@@ -3418,7 +3439,7 @@
 
               <Option name="stateless">False</Option>
 
             </PolicyRuleOptions>
 
           </PolicyRule>
 
-          <PolicyRule id="id12109X65696" disabled="False" group="VMs" log="True" position="17" action="Accept" direction="Both" comment="TODO: use ldaps in future implementation">
 
+          <PolicyRule id="id12109X65696" disabled="False" group="VMs" log="True" position="18" action="Accept" direction="Both" comment="TODO: use ldaps in future implementation">
 
             <Src neg="False">
 
               <ObjectRef ref="id8526X5690"/>
 
             </Src>
 
@@ -3439,7 +3460,7 @@
 
               <Option name="color">#7694C0</Option>
 
             </PolicyRuleOptions>
 
           </PolicyRule>
 
-          <PolicyRule id="id12166X65696" disabled="False" group="VMs" log="True" position="18" action="Accept" direction="Both" comment="all web (app) servers are allowed to access the database.">
 
+          <PolicyRule id="id12166X65696" disabled="False" group="VMs" log="True" position="19" action="Accept" direction="Both" comment="all web (app) servers are allowed to access the database.">
 
             <Src neg="False">
 
               <ObjectRef ref="id13113X65696"/>
 
             </Src>
 
@@ -3459,7 +3480,7 @@
 
               <Option name="color">#7694C0</Option>
 
             </PolicyRuleOptions>
 
           </PolicyRule>
 
-          <PolicyRule id="id12224X65696" disabled="False" group="VMs" log="True" position="19" action="Accept" direction="Both" comment="">
 
+          <PolicyRule id="id12224X65696" disabled="False" group="VMs" log="True" position="20" action="Accept" direction="Both" comment="">
 
             <Src neg="False">
 
               <ObjectRef ref="sysid0"/>
 
             </Src>
 
@@ -3482,7 +3503,7 @@
 
               <Option name="stateless">False</Option>
 
             </PolicyRuleOptions>
 
           </PolicyRule>
 
-          <PolicyRule id="id9651X28426" disabled="False" group="VMs" log="True" position="20" action="Accept" direction="Both" comment="allow access to all VMs from Wireguard Network">
 
+          <PolicyRule id="id9651X28426" disabled="False" group="VMs" log="True" position="21" action="Accept" direction="Both" comment="allow access to all VMs from Wireguard Network">
 
             <Src neg="False">
 
               <ObjectRef ref="id11552X65696"/>
 
             </Src>
 
@@ -3503,7 +3524,7 @@
 
               <Option name="stateless">False</Option>
 
             </PolicyRuleOptions>
 
           </PolicyRule>
 
-          <PolicyRule id="id12762X6099" disabled="False" group="VMs" log="True" position="21" action="Accept" direction="Both" comment="setup icmp ping">
 
+          <PolicyRule id="id12762X6099" disabled="False" group="VMs" log="True" position="22" action="Accept" direction="Both" comment="setup icmp ping">
 
             <Src neg="False">
 
               <ObjectRef ref="id11343X65696"/>
 
             </Src>
 
@@ -3526,7 +3547,7 @@
 
               <Option name="stateless">False</Option>
 
             </PolicyRuleOptions>
 
           </PolicyRule>
 
-          <PolicyRule id="id9538X28426" disabled="False" group="outgoing traffic" log="True" position="22" action="Accept" direction="Outbound" comment="From the internal Network all connections are allowe the external networks.">
 
+          <PolicyRule id="id9538X28426" disabled="False" group="outgoing traffic" log="True" position="23" action="Accept" direction="Outbound" comment="From the internal Network all connections are allowe the external networks.">
 
             <Src neg="False">
 
               <ObjectRef ref="id11343X65696"/>
 
             </Src>
 
@@ -3547,7 +3568,7 @@
 
               <Option name="stateless">False</Option>
 
             </PolicyRuleOptions>
 
           </PolicyRule>
 
-          <PolicyRule id="id12677X6099" disabled="False" group="outgoing traffic" log="True" position="23" action="Accept" direction="Both" comment="From ipv6 Network">
 
+          <PolicyRule id="id12677X6099" disabled="False" group="outgoing traffic" log="True" position="24" action="Accept" direction="Both" comment="From ipv6 Network">
 
             <Src neg="False">
 
               <ObjectRef ref="id11367X65696"/>
 
             </Src>
 
@@ -3568,7 +3589,7 @@
 
               <Option name="stateless">False</Option>
 
             </PolicyRuleOptions>
 
           </PolicyRule>
 
-          <PolicyRule id="id11010X28426" disabled="False" group="" log="True" position="24" action="Deny" direction="Both" comment="">
 
+          <PolicyRule id="id11010X28426" disabled="False" group="" log="True" position="25" action="Deny" direction="Both" comment="">
 
             <Src neg="False">
 
               <ObjectRef ref="sysid0"/>
 
             </Src>