Komaz ne route pas les requête de l'extérier vers le vlan adm,

sauf les ping. On ne DROP pas, on REJECT, c'est plus joli. darcs-hash:20050516134606-f163d-da752aec60de6ac36eb9602dad0fc321d993ada5.gz
2005-05-16 15:46:06 +02:00 · 2005-05-16 15:46:06 +02:00 · 2458796188
commit 2458796188
parent 05c723e0c6
1 changed files with 2 additions and 0 deletions
--- a/gestion/gen_confs/firewall_komaz.py
+++ b/gestion/gen_confs/firewall_komaz.py
@ -83,6 +83,7 @@ class firewall_komaz :
                REJECT pour le reste
    """
    zone_serveur="138.231.136.0/28"
+    vlan_adm="138.231.144.0/28"
    eth_ext = "eth2"
    eth_int = "eth0"
    # Ports ouverts
@ -236,6 +237,7 @@ class firewall_komaz :
            
        iptables("-A FORWARD -i lo -j ACCEPT")
        iptables("-A FORWARD -p icmp -j ACCEPT")
+        iptables("-A FORWARD -i %s -d %s -j REJECT" % (self.eth_ext, self.vlan_adm))
        iptables("-A FORWARD -i %s -j BLACKLIST_DST" % self.eth_ext )
        iptables("-A FORWARD -o %s -j BLACKLIST_SRC" % self.eth_ext )
        iptables("-A FORWARD -s ! %s -d ! %s -j FILTRE_P2P" % (self.zone_serveur, self.zone_serveur) )