[firewall4] methode pour generer des regle pour autoriser le protocol 41

notemment entre deux bout d'un tunnel 6in4
2013-10-18 09:01:11 +02:00 · 2013-10-18 09:01:11 +02:00 · 21a4c968b9
commit 21a4c968b9
parent 0db7c9aad6
1 changed files with 17 additions and 0 deletions
--- a/gestion/gen_confs/firewall4.py
+++ b/gestion/gen_confs/firewall4.py
@ -536,6 +536,7 @@ class firewall_komaz(firewall_base_routeur):
        self.flush(table, chain)
        self.add(table, chain, '-i lo -j ACCEPT')
        self.add(table, chain, '-p icmp -j ACCEPT')
+        self.add(table, chain, '-j %s' % self.tunnel_6in4(table))
        self.add(table, chain, '-j %s' % self.admin_vlan(table))
        self.add(table, chain, '-i %s -j %s' % (dev['out'], blacklist_hard_chain))
        self.add(table, chain, '-o %s -j %s' % (dev['out'], blacklist_hard_chain))
@ -565,6 +566,22 @@ class firewall_komaz(firewall_base_routeur):
        self.add(table, chain, '-j %s' % self.connexion_appartement(table))
        return

+    def tunnel_6in4(self, table=None, apply=False):
+        chain = 'TUNNEL_IPV6'
+
+        tunnels_ipv6 = [ ('216.66.84.42', '138.231.136.12') ]
+
+        if table == 'filter':
+            pretty_print(table, chain)
+            for sideA, sideB in tunnels_ipv6:
+                self.add(table, chain, '--proto 41 -s %s -d %s -j ACCEPT' % (sideA, sideB))
+                self.add(table, chain, '--proto 41 -s %s -d %s -j ACCEPT' % (sideB, sideA))
+            print OK
+
+        if apply:
+            self.apply(table, chain)
+        return chain
+
    def limit_ssh_connexion(self, table=None, apply=False):
        chain = 'LIMIT-SSH-CONNEXION'