diff --git a/main.py b/main.py index a0b97c4..8d2f83b 100755 --- a/main.py +++ b/main.py @@ -187,6 +187,35 @@ class iptables: print("Nat : priv" + nat_to_do['name']) self.nat_prive_ip(nat_to_do) + def routeur(self, table): + """Methode appellée spécifiquement pour le parefeu v4/v6""" + if table == "filter": + self.base_filter() + if self.verbose: + print("Filter : filtrage ports 4") + self.filtrage_ports(ip_type='4') + if self.verbose: + print("Filter : filtage ports v6") + self.filtrage_ports(ip_type='6') + if self.verbose: + print("Filter : limit ssh connexion forward") + self.limit_ssh_connexion_forward() + if self.verbose: + print("Filter : limit connexion src ip") + self.limit_connexion_srcip() + elif table == "mangle": + if self.verbose: + print("Mangle : Mise en place des logs") + self.log() + if self.verbose: + print("Mangle : Réglage correct du MSS") + self.mss() + elif table == "nat": + for nat_to_do in self.nat_settings: + if self.verbose: + print("Nat : priv" + nat_to_do['name']) + self.nat_prive_ip(nat_to_do) + def portail(self, table): if table == "filter": self.base_filter() @@ -254,7 +283,7 @@ class iptables: else: chain = "filter6" - self.init_filter(subtable, decision="-") + self.init_filter(subtable, decision="-", mode=ip_type) for interface in self.interfaces_settings['sortie']: self.jump_traficto("filter", interface, "FORWARD", subtable, mode=ip_type) self.jump_traficfrom("filter", interface, "FORWARD", subtable, mode=ip_type) @@ -264,6 +293,8 @@ class iptables: if ip_type == '4': self.add_in_subtable(chain, subtable, """-m iprange --%s-range %s-%s -p %s -m multiport --dports %s -j RETURN""" % (direction, subnet["domaine_ip_start"], subnet["domaine_ip_stop"], protocol, ports)) if ip_type == '6': + if "None" in subnet["complete_prefixv6"]: + return self.add_in_subtable(chain, subtable, """-%s %s -p %s -m multiport --dports %s -j RETURN""" % (direction[0], subnet["complete_prefixv6"], protocol, ports)) #Ajout des règles générales