[firewall_new, config] On déplace de la config de firewall_new à config

2013-04-03 09:58:51 +02:00 · 2013-04-03 09:58:51 +02:00 · 2f71b57882
commit 2f71b57882
parent 2c55d403c5
3 changed files with 36 additions and 9 deletions
--- a/gestion/config/config.py
+++ b/gestion/config/config.py
@ -276,6 +276,8 @@ file_pickle = { 4 : '/tmp/ipt_pickle',
              }

 blacklist_sanctions = ['upload', 'warez', 'p2p', 'autodisc_p2p','autodisc_virus','virus','autodisc_upload', 'bloq']
+if bl_carte_et_definitif:
+    blacklist_sanctions.append('carte_etudiant')
 blacklist_sanctions_soft  = ['autodisc_virus','ipv6_ra','mail_invalide','virus',
        'upload', 'warez', 'p2p', 'autodisc_p2p', 'autodisc_upload', 'bloq','carte_etudiant','chambre_invalide']

--- a/gestion/config/firewall.py
+++ b/gestion/config/firewall.py
@ -5,6 +5,17 @@

 import datetime

+dev = {
+    'komaz': {
+        'out' : 'ens',
+        'wifi' : 'crans.3',
+        'fil' : 'crans',
+        'app' : 'crans.21',
+        'adm' : 'crans.2',
+        'tun-ovh' : 'tun-ovh'
+    },
+}
+
 #: Pour marquer les paquets
 mark = { 'https-radin': '0x3',
         'https-gratuit' : '0x3',
@ -27,4 +38,21 @@ else:
    #: Débit maximal autorisé
    debit_max = 500 * 1024 / 8 # connexion de nuit et du week-end
    #: Est-ce qu'on est en connexion de jour ou de nuit/week-end ?
-    debit_jour = False
+    debit_jour = False
+
+
+reseaux_non_routables = [ '10.0.0.0/8', '172.16.0.0/12','198.18.0.0/15',
+        '169.254.0.0/16', '192.168.0.0/16', '224.0.0.0/4', '100.64.0.0/10',
+        '0.0.0.0/8','127.0.0.0/8','192.0.2.0/24','198.51.100.0/24','203.0.113.0/24',
+        ]
+
+ports_default = {
+    'tcp' : {
+        'input' :  [ '22' ],
+        'output' :  [ ':24', '26:79', '80:134', '136', '140:444', '446:']
+    },
+    'udp' : {
+        'input' :  [],
+        'output' :  [ ':136','140:']
+    }
+}
--- a/gestion/gen_confs/firewall_new.py
+++ b/gestion/gen_confs/firewall_new.py
@ -485,10 +485,10 @@ class firewall_komaz(firewall_crans) :
    eth_adm = "crans.2"

    # Ports ouverts
-    ports_default = { 'tcp_EXT_VERS_CRANS' : [ '22' ],
-                      'tcp_CRANS_VERS_EXT': [ ':24', '26:79', '80:134', '136', '140:444', '446:'],
-                      'udp_EXT_VERS_CRANS' : [ ],
-                      'udp_CRANS_VERS_EXT': [ ':136','140:'] }
+    ports_default = { 'tcp_EXT_VERS_CRANS' : config.firewall.ports_default['tcp']['input'],
+                      'tcp_CRANS_VERS_EXT': config.firewall.ports_default['tcp']['output'],
+                      'udp_EXT_VERS_CRANS' : config.firewall.ports_default['udp']['input'],
+                      'udp_CRANS_VERS_EXT': config.firewall.ports_default['udp']['output'] }


    # on retire 445 et 135 en tcp car plein de mac se font deconnecter
@ -512,10 +512,7 @@ class firewall_komaz(firewall_crans) :

    ports_p2p = [ '412', '1214', '4662:4665' , '6346:6347', '6699', '6881:6889' ]

-    liste_reseaux_non_routables = [ '10.0.0.0/8', '172.16.0.0/12','198.18.0.0/15',
-        '169.254.0.0/16', '192.168.0.0/16', '224.0.0.0/4', '100.64.0.0/10',
-        '0.0.0.0/8','127.0.0.0/8','192.0.2.0/24','198.51.100.0/24','203.0.113.0/24',
-        '255.255.255.255/32']
+    liste_reseaux_non_routables = config.firewall.reseaux_non_routables

    def reseaux_non_routables(self) :
        """ Construction de RESEAUX_NON_ROUTABLES_{DST,SRC} """