From 171912a1e06fdde8c7cc5b1073ab12b38e9d48d1 Mon Sep 17 00:00:00 2001 From: Valentin Samir Date: Sat, 14 Dec 2013 00:10:42 +0100 Subject: [PATCH] =?UTF-8?q?[firewall4/komaz]=20On=20ne=20laisse=20pas=20pa?= =?UTF-8?q?sser=20l'icmp=20vers=20les=20r=C3=A9seaux=20non=20routables?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- gestion/gen_confs/firewall4/komaz.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/gestion/gen_confs/firewall4/komaz.py b/gestion/gen_confs/firewall4/komaz.py index 54a51990..e1104e3d 100644 --- a/gestion/gen_confs/firewall4/komaz.py +++ b/gestion/gen_confs/firewall4/komaz.py @@ -96,6 +96,7 @@ class firewall(base.firewall_routeur): chain = 'FORWARD' self.flush(table, chain) self.add(table, chain, '-i lo -j ACCEPT') + self.add(table, chain, '-j %s' % self.reseaux_non_routable(table, fill_ipset=True)) self.add(table, chain, '-p icmp -j ACCEPT') self.add(table, chain, '-j %s' % self.admin_vlan(table)) self.add(table, chain, '-j %s' % blacklist_soft_chain) @@ -103,7 +104,6 @@ class firewall(base.firewall_routeur): self.add(table, chain, '-o %s -j %s' % (dev['out'], blacklist_hard_chain)) self.add(table, chain, '-m state --state RELATED,ESTABLISHED -j ACCEPT') self.add(table, chain, '-j %s' % self.tunnel_6in4(table)) - self.add(table, chain, '-j %s' % self.reseaux_non_routable(table, fill_ipset=True)) for net in base.config.NETs['all'] + base.config.NETs['adm'] + base.config.NETs['personnel-ens']: self.add(table, chain, '-s %s -j %s' % (net, mac_ip_chain)) self.add(table, chain, '-j %s' % self.connexion_secours(table))