From 2f71b578826149577ed9cecb9fb8ec4c427cdecf Mon Sep 17 00:00:00 2001 From: Valentin Samir Date: Wed, 3 Apr 2013 09:58:51 +0200 Subject: [PATCH] =?UTF-8?q?[firewall=5Fnew,=20config]=20On=20d=C3=A9place?= =?UTF-8?q?=20de=20la=20config=20de=20firewall=5Fnew=20=C3=A0=20config?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- gestion/config/config.py | 2 ++ gestion/config/firewall.py | 30 +++++++++++++++++++++++++++++- gestion/gen_confs/firewall_new.py | 13 +++++-------- 3 files changed, 36 insertions(+), 9 deletions(-) diff --git a/gestion/config/config.py b/gestion/config/config.py index d8fff273..0b423d62 100644 --- a/gestion/config/config.py +++ b/gestion/config/config.py @@ -276,6 +276,8 @@ file_pickle = { 4 : '/tmp/ipt_pickle', } blacklist_sanctions = ['upload', 'warez', 'p2p', 'autodisc_p2p','autodisc_virus','virus','autodisc_upload', 'bloq'] +if bl_carte_et_definitif: + blacklist_sanctions.append('carte_etudiant') blacklist_sanctions_soft = ['autodisc_virus','ipv6_ra','mail_invalide','virus', 'upload', 'warez', 'p2p', 'autodisc_p2p', 'autodisc_upload', 'bloq','carte_etudiant','chambre_invalide'] diff --git a/gestion/config/firewall.py b/gestion/config/firewall.py index 9d4abeac..e99a3ea9 100644 --- a/gestion/config/firewall.py +++ b/gestion/config/firewall.py @@ -5,6 +5,17 @@ import datetime +dev = { + 'komaz': { + 'out' : 'ens', + 'wifi' : 'crans.3', + 'fil' : 'crans', + 'app' : 'crans.21', + 'adm' : 'crans.2', + 'tun-ovh' : 'tun-ovh' + }, +} + #: Pour marquer les paquets mark = { 'https-radin': '0x3', 'https-gratuit' : '0x3', @@ -27,4 +38,21 @@ else: #: Débit maximal autorisé debit_max = 500 * 1024 / 8 # connexion de nuit et du week-end #: Est-ce qu'on est en connexion de jour ou de nuit/week-end ? - debit_jour = False \ No newline at end of file + debit_jour = False + + +reseaux_non_routables = [ '10.0.0.0/8', '172.16.0.0/12','198.18.0.0/15', + '169.254.0.0/16', '192.168.0.0/16', '224.0.0.0/4', '100.64.0.0/10', + '0.0.0.0/8','127.0.0.0/8','192.0.2.0/24','198.51.100.0/24','203.0.113.0/24', + ] + +ports_default = { + 'tcp' : { + 'input' : [ '22' ], + 'output' : [ ':24', '26:79', '80:134', '136', '140:444', '446:'] + }, + 'udp' : { + 'input' : [], + 'output' : [ ':136','140:'] + } +} diff --git a/gestion/gen_confs/firewall_new.py b/gestion/gen_confs/firewall_new.py index 5cb530b0..8eaf7e1d 100755 --- a/gestion/gen_confs/firewall_new.py +++ b/gestion/gen_confs/firewall_new.py @@ -485,10 +485,10 @@ class firewall_komaz(firewall_crans) : eth_adm = "crans.2" # Ports ouverts - ports_default = { 'tcp_EXT_VERS_CRANS' : [ '22' ], - 'tcp_CRANS_VERS_EXT': [ ':24', '26:79', '80:134', '136', '140:444', '446:'], - 'udp_EXT_VERS_CRANS' : [ ], - 'udp_CRANS_VERS_EXT': [ ':136','140:'] } + ports_default = { 'tcp_EXT_VERS_CRANS' : config.firewall.ports_default['tcp']['input'], + 'tcp_CRANS_VERS_EXT': config.firewall.ports_default['tcp']['output'], + 'udp_EXT_VERS_CRANS' : config.firewall.ports_default['udp']['input'], + 'udp_CRANS_VERS_EXT': config.firewall.ports_default['udp']['output'] } # on retire 445 et 135 en tcp car plein de mac se font deconnecter @@ -512,10 +512,7 @@ class firewall_komaz(firewall_crans) : ports_p2p = [ '412', '1214', '4662:4665' , '6346:6347', '6699', '6881:6889' ] - liste_reseaux_non_routables = [ '10.0.0.0/8', '172.16.0.0/12','198.18.0.0/15', - '169.254.0.0/16', '192.168.0.0/16', '224.0.0.0/4', '100.64.0.0/10', - '0.0.0.0/8','127.0.0.0/8','192.0.2.0/24','198.51.100.0/24','203.0.113.0/24', - '255.255.255.255/32'] + liste_reseaux_non_routables = config.firewall.reseaux_non_routables def reseaux_non_routables(self) : """ Construction de RESEAUX_NON_ROUTABLES_{DST,SRC} """