Crée un role routeur v6 et v4

main.py

@@ -187,6 +187,35 @@ class iptables:
                     print("Nat : priv" + nat_to_do['name'])
                 self.nat_prive_ip(nat_to_do)
 
+    def routeur(self, table):
+        """Methode appellée spécifiquement pour le parefeu v4/v6"""
+        if table == "filter":
+            self.base_filter()
+            if self.verbose:
+                print("Filter : filtrage ports 4")
+            self.filtrage_ports(ip_type='4')
+            if self.verbose:
+                print("Filter : filtage ports v6")
+            self.filtrage_ports(ip_type='6')
+            if self.verbose:
+                print("Filter : limit ssh connexion forward")
+            self.limit_ssh_connexion_forward()
+            if self.verbose:
+                print("Filter : limit connexion src ip")
+            self.limit_connexion_srcip()
+        elif table == "mangle":
+            if self.verbose:
+                print("Mangle : Mise en place des logs")
+            self.log()
+            if self.verbose:
+                print("Mangle : Réglage correct du MSS")
+            self.mss()
+        elif table == "nat":
+            for nat_to_do in self.nat_settings:
+                if self.verbose:
+                    print("Nat : priv" + nat_to_do['name'])
+                self.nat_prive_ip(nat_to_do)
+
     def portail(self, table):
         if table == "filter":
             self.base_filter()
@@ -254,7 +283,7 @@ class iptables:
         else:
             chain = "filter6"
 
-        self.init_filter(subtable, decision="-")
+        self.init_filter(subtable, decision="-", mode=ip_type)
         for interface in self.interfaces_settings['sortie']:
             self.jump_traficto("filter", interface, "FORWARD", subtable, mode=ip_type)
             self.jump_traficfrom("filter", interface, "FORWARD", subtable, mode=ip_type)
@@ -264,6 +293,8 @@ class iptables:
             if ip_type == '4':
                 self.add_in_subtable(chain, subtable, """-m iprange --%s-range %s-%s -p %s -m multiport --dports %s -j RETURN""" % (direction, subnet["domaine_ip_start"], subnet["domaine_ip_stop"], protocol, ports))
             if ip_type == '6':
+                if "None" in subnet["complete_prefixv6"]:
+                    return
                 self.add_in_subtable(chain, subtable, """-%s %s -p %s -m multiport --dports %s -j RETURN""" % (direction[0], subnet["complete_prefixv6"], protocol, ports))
 
         #Ajout des règles générales