crans/scripts
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

[firewall] On permet aux serveurs d'être joignables sur le port 22

Browse source 
* Et on corrige deux typos dans utils.py
This commit is contained in:
Pierre-Elliott Bécue 2014-05-15 14:09:12 +02:00
parent eadc449a8e
commit 17e4baac12
3 changed files with 23 additions and 5 deletions
Download patch file Download diff file Expand all files Collapse all files

12
gestion/config/firewall.py
View file

@ -69,3 +69,15 @@ ports_default = {
'output' : [ ':136','140:'] 'output' : [ ':136','140:']
} }
} }
srv_ports_default = {
'tcp' : {
'input' : [ '22' ],
'output' : []
},
'udp' : {
'input' : [],
'output' : []
}
}

6
gestion/gen_confs/firewall4/komaz.py
View file

@ -428,6 +428,12 @@ class firewall(base.firewall_routeur):
if table == 'filter': if table == 'filter':
pretty_print(table, chain) pretty_print(table, chain)
for net in base.config.NETs['serveurs']:
for proto in base.config.firewall.srv_ports_default.keys():
if base.config.firewall.srv_ports_default[proto]['output']:
self.add(table, chain, '-p %s -s %s -m multiport --dports %s -j RETURN' % (proto, net, ','.join( format_port(port) for port in base.config.firewall.ports_default[proto]['output'])))
if base.config.firewall.srv_ports_default[proto]['input']:
self.add(table, chain, '-p %s -d %s -m multiport --dports %s -j RETURN' % (proto, net, ','.join( format_port(port) for port in base.config.firewall.ports_default[proto]['input'])))
for net in base.config.NETs['adherents'] + base.config.NETs['wifi-adh'] + base.config.NETs['personnel-ens']: for net in base.config.NETs['adherents'] + base.config.NETs['wifi-adh'] + base.config.NETs['personnel-ens']:
for proto in base.config.firewall.ports_default.keys(): for proto in base.config.firewall.ports_default.keys():
if base.config.firewall.ports_default[proto]['output']: if base.config.firewall.ports_default[proto]['output']:

4
gestion/gen_confs/firewall4/utils.py
View file

@ -200,7 +200,7 @@ class firewall_tools(object) :
if self.reloadable[func_name] in self.use_tc: if self.reloadable[func_name] in self.use_tc:
self.reloadable[func_name](run_tc=True) self.reloadable[func_name](run_tc=True)
anim('\tRestoration d\'iptables') anim('\tRestauration d\'iptables')
self.restore(noflush=True) self.restore(noflush=True)
print OK print OK
@ -255,7 +255,7 @@ class firewall_tools(object) :
self.filter_table() self.filter_table()
self.nat_table() self.nat_table()
anim('\tRestoration d\'iptables') anim('\tRestauration d\'iptables')
self.restore() self.restore()
print OK print OK
return return