From 10528470f393cf2850949a83bace639407e16f9e Mon Sep 17 00:00:00 2001 From: Stephane Glondu Date: Mon, 7 Jan 2008 00:59:50 +0100 Subject: [PATCH] Rgle spciale pour ovh dans le TEST_MAC-IP darcs-hash:20080106235950-61eff-b10dfdf132498034f1035b8bceeeed0a9ad967b6.gz --- gestion/config.py | 1 + gestion/gen_confs/firewall.py | 9 ++++++++- 2 files changed, 9 insertions(+), 1 deletion(-) diff --git a/gestion/config.py b/gestion/config.py index 88107007..aa70522f 100644 --- a/gestion/config.py +++ b/gestion/config.py @@ -43,6 +43,7 @@ cimetiere = '/home/cimetiere' ## Adresses mac utiles mac_komaz = '00:19:BB:31:3B:80' mac_wifi = '00:e0:81:58:d1:39' +mac_titanic = 'aa:73:65:63:6f:76' ## Serveur principal de cfengine cfengine_main = "vert.adm.crans.org" diff --git a/gestion/gen_confs/firewall.py b/gestion/gen_confs/firewall.py index 66f03369..2099f05e 100755 --- a/gestion/gen_confs/firewall.py +++ b/gestion/gen_confs/firewall.py @@ -35,7 +35,7 @@ from ldap_crans import AssociationCrans, Machine, MachineWifi from affich_tools import * from commands import getstatusoutput from iptools import AddrInNet, NetSubnets, IpSubnet -from config import NETs, mac_komaz, mac_wifi, conf_fw, p2p +from config import NETs, mac_komaz, mac_wifi, mac_titanic, conf_fw, p2p syslog.openlog('firewall') debug = 1 @@ -256,6 +256,13 @@ class firewall_crans : # Machine wifi, c'est la mac de Nectaris iptables("-t nat %s TEST_MAC-IP -s "%(insert)+\ "%s -m mac --mac-source %s -j RETURN"%(ip, mac_wifi)) + elif machine.nom() == "ovh.adm.crans.org": + # Pour ovh, on met les MACs de komaz et de titanic + # qui font proxy ARP + iptables("-t nat %s TEST_MAC-IP -s "%(insert)+\ + "%s -m mac --mac-source %s -j RETURN"%(ip, mac_komaz)) + iptables("-t nat %s TEST_MAC-IP -s "%(insert)+\ + "%s -m mac --mac-source %s -j RETURN"%(ip, mac_titanic)) else: # Machine fixe iptables("-t nat %s TEST_MAC-IP -s "%(insert)+\