crans/scripts
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

[firewall_new, config] On déplace de la config de firewall_new à config

Browse source
This commit is contained in:
Valentin Samir 2013-04-03 09:58:51 +02:00
parent 2c55d403c5
commit 2f71b57882
3 changed files with 36 additions and 9 deletions
Download patch file Download diff file Expand all files Collapse all files

2
gestion/config/config.py
View file

@ -276,6 +276,8 @@ file_pickle = { 4 : '/tmp/ipt_pickle',
} }
blacklist_sanctions = ['upload', 'warez', 'p2p', 'autodisc_p2p','autodisc_virus','virus','autodisc_upload', 'bloq'] blacklist_sanctions = ['upload', 'warez', 'p2p', 'autodisc_p2p','autodisc_virus','virus','autodisc_upload', 'bloq']
if bl_carte_et_definitif:
blacklist_sanctions.append('carte_etudiant')
blacklist_sanctions_soft = ['autodisc_virus','ipv6_ra','mail_invalide','virus', blacklist_sanctions_soft = ['autodisc_virus','ipv6_ra','mail_invalide','virus',
'upload', 'warez', 'p2p', 'autodisc_p2p', 'autodisc_upload', 'bloq','carte_etudiant','chambre_invalide'] 'upload', 'warez', 'p2p', 'autodisc_p2p', 'autodisc_upload', 'bloq','carte_etudiant','chambre_invalide']

30
gestion/config/firewall.py
View file

@ -5,6 +5,17 @@
import datetime import datetime
dev = {
'komaz': {
'out' : 'ens',
'wifi' : 'crans.3',
'fil' : 'crans',
'app' : 'crans.21',
'adm' : 'crans.2',
'tun-ovh' : 'tun-ovh'
},
}
#: Pour marquer les paquets #: Pour marquer les paquets
mark = { 'https-radin': '0x3', mark = { 'https-radin': '0x3',
'https-gratuit' : '0x3', 'https-gratuit' : '0x3',
@ -27,4 +38,21 @@ else:
#: Débit maximal autorisé #: Débit maximal autorisé
debit_max = 500 * 1024 / 8 # connexion de nuit et du week-end debit_max = 500 * 1024 / 8 # connexion de nuit et du week-end
#: Est-ce qu'on est en connexion de jour ou de nuit/week-end ? #: Est-ce qu'on est en connexion de jour ou de nuit/week-end ?
debit_jour = False debit_jour = False
reseaux_non_routables = [ '10.0.0.0/8', '172.16.0.0/12','198.18.0.0/15',
'169.254.0.0/16', '192.168.0.0/16', '224.0.0.0/4', '100.64.0.0/10',
'0.0.0.0/8','127.0.0.0/8','192.0.2.0/24','198.51.100.0/24','203.0.113.0/24',
]
ports_default = {
'tcp' : {
'input' : [ '22' ],
'output' : [ ':24', '26:79', '80:134', '136', '140:444', '446:']
},
'udp' : {
'input' : [],
'output' : [ ':136','140:']
}
}

13
gestion/gen_confs/firewall_new.py
View file

@ -485,10 +485,10 @@ class firewall_komaz(firewall_crans) :
eth_adm = "crans.2" eth_adm = "crans.2"
# Ports ouverts # Ports ouverts
ports_default = { 'tcp_EXT_VERS_CRANS' : [ '22' ], ports_default = { 'tcp_EXT_VERS_CRANS' : config.firewall.ports_default['tcp']['input'],
'tcp_CRANS_VERS_EXT': [ ':24', '26:79', '80:134', '136', '140:444', '446:'], 'tcp_CRANS_VERS_EXT': config.firewall.ports_default['tcp']['output'],
'udp_EXT_VERS_CRANS' : [ ], 'udp_EXT_VERS_CRANS' : config.firewall.ports_default['udp']['input'],
'udp_CRANS_VERS_EXT': [ ':136','140:'] } 'udp_CRANS_VERS_EXT': config.firewall.ports_default['udp']['output'] }
# on retire 445 et 135 en tcp car plein de mac se font deconnecter # on retire 445 et 135 en tcp car plein de mac se font deconnecter
@ -512,10 +512,7 @@ class firewall_komaz(firewall_crans) :
ports_p2p = [ '412', '1214', '4662:4665' , '6346:6347', '6699', '6881:6889' ] ports_p2p = [ '412', '1214', '4662:4665' , '6346:6347', '6699', '6881:6889' ]
liste_reseaux_non_routables = [ '10.0.0.0/8', '172.16.0.0/12','198.18.0.0/15', liste_reseaux_non_routables = config.firewall.reseaux_non_routables
'169.254.0.0/16', '192.168.0.0/16', '224.0.0.0/4', '100.64.0.0/10',
'0.0.0.0/8','127.0.0.0/8','192.0.2.0/24','198.51.100.0/24','203.0.113.0/24',
'255.255.255.255/32']
def reseaux_non_routables(self) : def reseaux_non_routables(self) :
""" Construction de RESEAUX_NON_ROUTABLES_{DST,SRC} """ """ Construction de RESEAUX_NON_ROUTABLES_{DST,SRC} """