crans/scripts
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Detabification

Browse source 
darcs-hash:20050518120718-d1718-17ea21866f20174e8e15966e6d8b992b54cf482b.gz
This commit is contained in:
bernat 2005-05-18 14:07:18 +02:00
parent e5f7fd4ba0
commit 10e1bbff1c
1 changed files with 32 additions and 32 deletions
Download patch file Download diff file Expand all files Collapse all files

64
gestion/gen_confs/firewall_komaz.py
View file

@ -98,25 +98,25 @@ class firewall_komaz(firewall_crans) :
debug = 1 debug = 1
def nat_table_tweaks(self) : def nat_table_tweaks(self) :
self.anim = anim(' règles spécifiques à komaz') self.anim = anim(' règles spécifiques à komaz')
for chaine in [ 'LOG_VIRUS', 'LOG_FLOOD', 'TEST_VIRUS_FLOOD' ] : for chaine in [ 'LOG_VIRUS', 'LOG_FLOOD', 'TEST_VIRUS_FLOOD' ] :
iptables('-t nat -N %s' % chaine) iptables('-t nat -N %s' % chaine)
iptables("-t nat -I PREROUTING 4 -s ! %s -j TEST_VIRUS_FLOOD" % self.zone_serveur) iptables("-t nat -I PREROUTING 4 -s ! %s -j TEST_VIRUS_FLOOD" % self.zone_serveur)
iptables("-t nat -R PREROUTING 6 -i %s -j RESEAUX_NON_ROUTABLES_SRC" % self.eth_ext ) iptables("-t nat -R PREROUTING 6 -i %s -j RESEAUX_NON_ROUTABLES_SRC" % self.eth_ext )
iptables("-t nat -I PREROUTING 7 -d %s -j ACCEPT" % self.zone_serveur ) iptables("-t nat -I PREROUTING 7 -d %s -j ACCEPT" % self.zone_serveur )
iptables("-t nat -I PREROUTING 8 -s %s -j ACCEPT" % self.zone_serveur ) iptables("-t nat -I PREROUTING 8 -s %s -j ACCEPT" % self.zone_serveur )
iptables("-t nat -I PREROUTING 9 -i %s -j ACCEPT" % self.eth_ext ) iptables("-t nat -I PREROUTING 9 -i %s -j ACCEPT" % self.eth_ext )
print OK print OK
def filter_table_tweaks(self) : def filter_table_tweaks(self) :
self.anim = anim(' règles spécifiques à komaz') self.anim = anim(' règles spécifiques à komaz')
for chaine in [ 'EXT_VERS_SERVEURS', 'SERVEURS_VERS_EXT' , 'EXT_VERS_CRANS', 'CRANS_VERS_EXT', 'BLACKLIST_SRC', 'BLACKLIST_DST' , 'FILTRE_P2P' ] : for chaine in [ 'EXT_VERS_SERVEURS', 'SERVEURS_VERS_EXT' , 'EXT_VERS_CRANS', 'CRANS_VERS_EXT', 'BLACKLIST_SRC', 'BLACKLIST_DST' , 'FILTRE_P2P' ] :
iptables('-N %s' % chaine) iptables('-N %s' % chaine)
iptables("-A FORWARD -i lo -j ACCEPT") iptables("-A FORWARD -i lo -j ACCEPT")
iptables("-A FORWARD -p icmp -j ACCEPT") iptables("-A FORWARD -p icmp -j ACCEPT")
iptables("-A FORWARD -i %s -d %s -j REJECT" % (self.eth_ext, self.vlan_adm) ) iptables("-A FORWARD -i %s -d %s -j REJECT" % (self.eth_ext, self.vlan_adm) )
iptables("-A FORWARD -o %s -d %s -j REJECT" % (self.eth_int, self.vlan_adm) ) iptables("-A FORWARD -o %s -d %s -j REJECT" % (self.eth_int, self.vlan_adm) )
iptables("-A FORWARD -i %s -j BLACKLIST_DST" % self.eth_ext ) iptables("-A FORWARD -i %s -j BLACKLIST_DST" % self.eth_ext )
iptables("-A FORWARD -o %s -j BLACKLIST_SRC" % self.eth_ext ) iptables("-A FORWARD -o %s -j BLACKLIST_SRC" % self.eth_ext )
iptables("-A FORWARD -s ! %s -d ! %s -j FILTRE_P2P" % (self.zone_serveur, self.zone_serveur) ) iptables("-A FORWARD -s ! %s -d ! %s -j FILTRE_P2P" % (self.zone_serveur, self.zone_serveur) )
@ -137,13 +137,13 @@ class firewall_komaz(firewall_crans) :
'modprobe ip_conntrack_irc' ] : 'modprobe ip_conntrack_irc' ] :
status,output=getstatusoutput(cmd) status,output=getstatusoutput(cmd)
if status : if status :
warn += output + '\n' warn += output + '\n'
if warn : if warn :
print WARNING print WARNING
if self.debug : if self.debug :
print warn print warn
else : else :
print OK print OK
def disable_route(self) : def disable_route(self) :
self.anim = anim(" Arret routage") self.anim = anim(" Arret routage")
@ -154,24 +154,24 @@ class firewall_komaz(firewall_crans) :
print OK print OK
def start_fw_funcs(self) : def start_fw_funcs(self) :
self.exception_catcher(self.log_chaines) self.exception_catcher(self.log_chaines)
self.exception_catcher(self.test_virus_flood) self.exception_catcher(self.test_virus_flood)
self.exception_catcher(self.reseaux_non_routables) self.exception_catcher(self.reseaux_non_routables)
self.exception_catcher(self.blacklist) self.exception_catcher(self.blacklist)
self.exception_catcher(self.serveurs_vers_ext) self.exception_catcher(self.serveurs_vers_ext)
self.exception_catcher(self.ext_vers_serveurs) self.exception_catcher(self.ext_vers_serveurs)
self.exception_catcher(self.crans_vers_ext) self.exception_catcher(self.crans_vers_ext)
self.exception_catcher(self.ext_vers_crans) self.exception_catcher(self.ext_vers_crans)
self.exception_catcher(self.test_mac_ip) self.exception_catcher(self.test_mac_ip)
self.exception_catcher(self.filtre_p2p) self.exception_catcher(self.filtre_p2p)
def serveurs_maj_list_to_do(self) : def serveurs_maj_list_to_do(self) :
self.exception_catcher(self.serveurs_vers_ext) self.exception_catcher(self.serveurs_vers_ext)
self.exception_catcher(self.ext_vers_serveurs) self.exception_catcher(self.ext_vers_serveurs)
def adh_maj_list_to_do(self) : def adh_maj_list_to_do(self) :
self.exception_catcher(self.crans_vers_ext) self.exception_catcher(self.crans_vers_ext)
self.exception_catcher(self.ext_vers_crans) self.exception_catcher(self.ext_vers_crans)
def log_chaines(self) : def log_chaines(self) :
""" Construction des chaines de log (LOG_VIRUS et LOG_FLOOD) """ """ Construction des chaines de log (LOG_VIRUS et LOG_FLOOD) """
@ -326,7 +326,7 @@ class firewall_komaz(firewall_crans) :
print OK print OK
def serveurs_maj(self) : def serveurs_maj(self) :
self.exception_catcher(self.serveurs_vers_ext) self.exception_catcher(self.serveurs_vers_ext)