[ipt,firewall6] Ajout blacklist pour carte etudiant et chambre invalide, on accepte les icmp NDP en output/input pour pouvoir envoyer des REJECT
Ignore-this: 58ba4a92e7be972ba8db8a4819df9174 darcs-hash:20121104152928-3a55a-5f42ca802a7c0016e5931dcdc1281f60a860da2d.gz
This commit is contained in:
Valentin Samir
parent
c71900a5ba
commit
327689a051
3 changed files with 16 additions and 6 deletions
|
|
@ -54,7 +54,7 @@ Filter_policy_template = """
|
|||
"""
|
||||
|
||||
dprefix = { 'fil' : 'fil', 'fil-v6' : 'fil', 'adm' : 'adm', 'wifi' : 'wifi',
|
||||
'wifi-v6' : 'wifi' }
|
||||
'wifi-v6' : 'wifi','personnel-ens':'personnel-ens' }
|
||||
|
||||
default_chains = [ 'PREROUTING', 'INPUT', 'FORWARD', 'OUTPUT', 'POSTROUTING' ]
|
||||
|
||||
|
|
@ -159,10 +159,12 @@ ACCEPT' % (dev, proto, ip, port))
|
|||
for type_m in mid.keys():
|
||||
if ident in range(mid[type_m][0], mid[type_m][1]):
|
||||
ip = ipv6_addr(machine.mac(), type_m)
|
||||
mac=machine.mac()
|
||||
break
|
||||
if ip:
|
||||
self.filter.blacklist_src('-s %s -j REJECT --reject-with \
|
||||
icmp6-adm-prohibited' % ip)
|
||||
self.filter.blacklist_src('-m mac --mac-source %s -j REJECT --reject-with icmp6-port-unreachable' % mac)
|
||||
#~ self.filter.blacklist_src('-s %s -j REJECT --reject-with \
|
||||
#~ icmp6-adm-prohibited' % ip)
|
||||
self.filter.blacklist_dst('-d %s -j REJECT --reject-with \
|
||||
icmp6-adm-prohibited' % ip)
|
||||
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue