coimbrap
/
projet_serveur_krkn
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Ajout du protocole VRRP pour keepalived

master
Pierre Coimbra 2020-03-05 07:05:35 +01:00
parent 5edc573171
commit f129237a24
No known key found for this signature in database
GPG Key ID: F9C449C78F6FAEE6
1 changed files with 13 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
deploiement/sources/zone_dmz/ferm/haproxy_ferm.conf
View File

@ -14,7 +14,7 @@
# Depuis l'intérieur sur l'interface principale
@def $HAVE_FRONT_ACCESS = 1; #0 pour NON 1 pour OUI
@def $OPEN_PORT_FRONT_ACCESS = (80 443 8006);
@def $OPEN_PORT_FRONT_ACCESS = (22 80 443 8006);
@def $NEED_UDP_FRONT_ACCESS = 0; #0 pour NON 1 pour OUI
@def $UDP_OPEN_PORT_FRONT_ACCESS = (53);
@ -32,6 +32,10 @@
@def $UDP_OPEN_PORT_BACK_ACCESS = (53);
# Besoin de VRRP sur IF_VRRP
@def $NEED_VRRP = 1; #0 pour NON 1 pour OUI
@def $IF_VRRP = eth0;
table filter {
chain INPUT {
policy DROP;
@ -44,6 +48,10 @@ table filter {
interface $IF_FRONT proto tcp dport $OPEN_PORT_FRONT_REQUEST ACCEPT;
}
@if $NEED_VRRP {
interface $IF_VRRP proto vrrp ACCEPT;
}
@if $NEED_UDP_FRONT_REQUEST {
interface $IF_FRONT proto udp dport $UDP_OPEN_PORT_FRONT_REQUEST ACCEPT;
}
@ -71,6 +79,10 @@ table filter {
outerface $IF_FRONT proto tcp dport $OPEN_PORT_FRONT_ACCESS ACCEPT;
}
@if $NEED_VRRP {
outerface $IF_VRRP proto vrrp ACCEPT;
}
@if $NEED_UDP_FRONT_ACCESS {
outerface $IF_BACK proto udp dport $UDP_OPEN_PORT_FRONT_ACCESS ACCEPT;
}