More rules, funny coment

ROUTER.sh

@@ -35,7 +35,7 @@ eden="193.138.212.1"
 # ==============================
 
 sudo ifconfig enp0s8 23.214.219.254 netmask 255.255.255.128
-sudo ifconfig enp0s9 192.168.10.254 netmask 255.255.255.128
+sudo ifconfig enp0s9 192.168.10.254 netmask 255.255.255.0
 sudo ifconfig enp0s3 87.248.214.97 netmask 255.255.255.0
 
 
@@ -49,15 +49,32 @@ iptables -P OUTPUT ACCEPT
 sudo iptables -A INPUT -i lo -j ACCEPT
 sudo iptables -A OUTPUT -o lo -j ACCEPT
 sudo iptables -t nat -A POSTROUTING -o enp0s3 -j MASQUERADE
-#DNS name resolution requests sent to outside servers and want a response:
+#DNS name resolution requests sent to outside servers and want a response:TODO:INPUT
 sudo iptables -A FORWARD -i enp0s3 -p udp --sport 53 -m state --state ESTABLISHED,RELATED -j ACCEPT
-#SSH connections to the router system that originate from the inside and want an answer:É preciso outra regra uma para a port enp0s9 e o ip do vpn
+#SSH connections to the router system that originate from the inside and want an answer:TODO:INPUT
-sudo iptables -A FORWARD -i enp0s9 -o enp0s3 -p tcp --dport 22 -m state --state ESTABLISHED,RELATED -j ACCEPT
+sudo iptables -A FORWARD -i enp0s3 -o enp0s9 -p tcp --dport 22 -m state --state ESTABLISHED,RELATED -j ACCEPT
-sudo iptables -A FORWARD -o enp0s3 -d 23.214.219.133 -p tcp --dport 22 -m state --state ESTABLISHED,RELATED -j ACCEPT
+sudo iptables -A FORWARD -i enp0s3 -d 23.214.219.133 -p tcp --dport 22 -m state --state ESTABLISHED,RELATED -j ACCEPT
 #The dns server should be able to resolve names using the internet (and others???)
 sudo iptables -A FORWARD -i enp0s8 -o enp0s3 -s 23.214.219.129 -p udp --dport 53 -j ACCEPT
-sudo iptables -A FORWARD -i enp0s8 -o enp0s3 -s 23.214.219.130 -p udp --dport 53 -j ACCEPT
+#The internal network should be able to send and recieve dns name resolutions to the dns server (1!)
+sudo iptables -A FORWARD -i enp0s9 -o enp0s8 -d 23.214.219.129 -p udp --dport 53 -j ACCEPT
+sudo iptables -A FORWARD -i enp0s8 -i enp0s9 -p udp --dport 53 -m state --state ESTABLISHED,RELATED -j ACCEPT
+#The dns and dns2 servers should be able to synchronize the contents of DNS zones. (protocol tcp port 53)
+sudo iptables -A FORWARD -i enp0s8 -o enp0s3 -d 193.137.16.75 -p tcp --dport 53 -j ACCEPT
+sudo iptables -A FORWARD -i enp0s3 -o enp0s8 -d 23.214.219.129 -p tcp --dport 53 -j ACCEPT
+#SMTP connections to the smtp server and returns
+sudo iptables -A FORWARD -i enp0s9 -o enp0s8 -d 23.214.219.131 -p tcp --dport 587 -j ACCEPT
+sudo iptables -A FORWARD -i enp0s8 -o enp0s9 -p tcp --dport 587 -m state --state ESTABLISHED,RELATED -j ACCEPT
+#POP and IMAP connections to the www server
+sudo iptables -A FORWARD -i enp0s9 -o enp0s8 -d 23.214.219.132 -p tcp --dport 80 -j ACCEPT
+sudo iptables -A FORWARD -i enp0s9 -o enp0s8 -d 23.214.219.132 -p tcp --dport 443 -j ACCEPT
+sudo iptables -A FORWARD -i enp0s8 -o enp0s9 -p tcp --dport 80 -m state --state ESTABLISHED,RELATED -j ACCEPT 
+sudo iptables -A FORWARD -i enp0s8 -o enp0s9 -p tcp --dport 443 -m state --state ESTABLISHED,RELATED -j ACCEPT
+#OpenVPN connections to the vpn-gw server
+sudo iptables -A FORWARD -i enp0s9 -o enp0s8 -d 23.214.219.133 -p udp --dport 1194 -j ACCEPT
+sudo iptables -A FORWARD -i enp0s8 -o enp0s9 -p udp --dport 1194 -j ACCEPT
+#VPN clients connected to the gateway vpn-gw ???? vpn should be able to acess ftp e datastore
 # Apartir daqui foi só para testar se as conecções funcionavam
 sudo iptables -A FORWARD -i enp0s8 -s 23.214.219.129 -p tcp --sport 22 
 # Unsure these will work
-sudo iptables -A FORWARD -i enp0s9 -s 23.214.219.131
+sudo iptables -A FORWARD -i enp0s9 -d 23.214.219.131