From 2458796188d4f89be3fc8ece07616a64dc490283 Mon Sep 17 00:00:00 2001 From: segaud Date: Mon, 16 May 2005 15:46:06 +0200 Subject: [PATCH] =?UTF-8?q?Komaz=20ne=20route=20pas=20les=20requ=C3=AAte?= =?UTF-8?q?=20de=20l'ext=C3=A9rier=20vers=20le=20vlan=20adm,?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit sauf les ping. On ne DROP pas, on REJECT, c'est plus joli. darcs-hash:20050516134606-f163d-da752aec60de6ac36eb9602dad0fc321d993ada5.gz --- gestion/gen_confs/firewall_komaz.py | 2 ++ 1 file changed, 2 insertions(+) diff --git a/gestion/gen_confs/firewall_komaz.py b/gestion/gen_confs/firewall_komaz.py index e08e1c82..91a21b77 100755 --- a/gestion/gen_confs/firewall_komaz.py +++ b/gestion/gen_confs/firewall_komaz.py @@ -83,6 +83,7 @@ class firewall_komaz : REJECT pour le reste """ zone_serveur="138.231.136.0/28" + vlan_adm="138.231.144.0/28" eth_ext = "eth2" eth_int = "eth0" # Ports ouverts @@ -236,6 +237,7 @@ class firewall_komaz : iptables("-A FORWARD -i lo -j ACCEPT") iptables("-A FORWARD -p icmp -j ACCEPT") + iptables("-A FORWARD -i %s -d %s -j REJECT" % (self.eth_ext, self.vlan_adm)) iptables("-A FORWARD -i %s -j BLACKLIST_DST" % self.eth_ext ) iptables("-A FORWARD -o %s -j BLACKLIST_SRC" % self.eth_ext ) iptables("-A FORWARD -s ! %s -d ! %s -j FILTRE_P2P" % (self.zone_serveur, self.zone_serveur) )