From dc5eecd885dfe8f17142243f4820cb843b3aa46f Mon Sep 17 00:00:00 2001
From: Pierre Coimbra <pierre.coimbra@libmail.eu>
Date: Mon, 28 Oct 2019 14:18:04 +0100
Subject: [PATCH] Durcissement krkn

---
 infra/shorewall/shorewall_alpha.md | 8 +++++---
 1 file changed, 5 insertions(+), 3 deletions(-)

diff --git a/infra/shorewall/shorewall_alpha.md b/infra/shorewall/shorewall_alpha.md
index 835ed12..e087d6e 100644
--- a/infra/shorewall/shorewall_alpha.md
+++ b/infra/shorewall/shorewall_alpha.md
@@ -37,8 +37,6 @@ $FW     coro    ACCEPT
 krkn    net     ACCEPT
 ext     net     ACCEPT
 int     net     ACCEPT
-krkn    int     ACCEPT
-krkn    ext     ACCEPT
 
 ext     krkn    DROP      	info
 net	    all	    DROP	  	info
@@ -67,11 +65,15 @@ SSH(ACCEPT)     net             all
 SSH(ACCEPT)     $FW             int
 
 #Nécessaire pour l'initialisation du corosync
-ACCEPT		coro	        $FW		icmp
+ACCEPT		    coro	        $FW		        icmp
 
 ACCEPT          $FW             krkn            icmp
 ACCEPT          $FW             ext             icmp
 ACCEPT          $FW             net             icmp
+
+ACCEPT          krkn            int             tcp        80,443
+ACCEPT          krkn            ext             tcp        80,443
+ACCEPT          net             $FW             tcp        8006
 ```
 ### /etc/shorewall/snat
 Configuration SNAT permettant de faire du "masquerading", ainsi les paquets qui sortent des CT LXC ont comme IP source, l'IP de l'interface externe _eth0_.