From 21a4c968b9d229a4fddd83598e5e3ef5fe124231 Mon Sep 17 00:00:00 2001
From: Valentin Samir <valentin.samir@crans.org>
Date: Fri, 18 Oct 2013 09:01:11 +0200
Subject: [PATCH] [firewall4] methode pour generer des regle pour autoriser le
 protocol 41

notemment entre deux bout d'un tunnel 6in4
---
 gestion/gen_confs/firewall4.py | 17 +++++++++++++++++
 1 file changed, 17 insertions(+)

diff --git a/gestion/gen_confs/firewall4.py b/gestion/gen_confs/firewall4.py
index 76307b45..2a30da70 100755
--- a/gestion/gen_confs/firewall4.py
+++ b/gestion/gen_confs/firewall4.py
@@ -536,6 +536,7 @@ class firewall_komaz(firewall_base_routeur):
         self.flush(table, chain)
         self.add(table, chain, '-i lo -j ACCEPT')
         self.add(table, chain, '-p icmp -j ACCEPT')
+        self.add(table, chain, '-j %s' % self.tunnel_6in4(table))
         self.add(table, chain, '-j %s' % self.admin_vlan(table))
         self.add(table, chain, '-i %s -j %s' % (dev['out'], blacklist_hard_chain))
         self.add(table, chain, '-o %s -j %s' % (dev['out'], blacklist_hard_chain))
@@ -565,6 +566,22 @@ class firewall_komaz(firewall_base_routeur):
         self.add(table, chain, '-j %s' % self.connexion_appartement(table))
         return
 
+    def tunnel_6in4(self, table=None, apply=False):
+        chain = 'TUNNEL_IPV6'
+
+        tunnels_ipv6 = [ ('216.66.84.42', '138.231.136.12') ]
+
+        if table == 'filter':
+            pretty_print(table, chain)
+            for sideA, sideB in tunnels_ipv6:
+                self.add(table, chain, '--proto 41 -s %s -d %s -j ACCEPT' % (sideA, sideB))
+                self.add(table, chain, '--proto 41 -s %s -d %s -j ACCEPT' % (sideB, sideA))
+            print OK
+
+        if apply:
+            self.apply(table, chain)
+        return chain
+
     def limit_ssh_connexion(self, table=None, apply=False):
         chain = 'LIMIT-SSH-CONNEXION'