From 3530aa6b7f4eaf4d5918231679f17d85d10138b0 Mon Sep 17 00:00:00 2001
From: Antoine Durand-Gasselin <adg@crans.org>
Date: Sun, 30 May 2010 15:22:03 +0200
Subject: [PATCH] [gen_confs/firewall.py] blacklistage sur zamok, corrections

darcs-hash:20100530132203-bd074-e0cb6111ff6f6f54d99c3ff1f63fc2b8587baba8.gz
---
 gestion/gen_confs/firewall.py | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/gestion/gen_confs/firewall.py b/gestion/gen_confs/firewall.py
index 86b98595..029770f6 100644
--- a/gestion/gen_confs/firewall.py
+++ b/gestion/gen_confs/firewall.py
@@ -1117,6 +1117,7 @@ class firewall_zamok(firewall_crans) :
     def blacklist(self):
         """Fondamentalement, bloque l'accès internet sur zamok aux
         adhérents sanctionnés"""
+        iptables("-F OUTPUT")
         self.filter_table()
 
         blacklist_sanctions = ('upload', 'warez', 'p2p', 'autodisc_p2p', 'autodisc_upload', 'bloq')
@@ -1131,6 +1132,7 @@ class firewall_zamok(firewall_crans) :
                 if s in sanctions:
                     try:
                         uid = adh.uidNumber()
+                        iptables("-A OUTPUT -m owner --uid-owner %s -d 127.0.0.1/8 -j ACCEPT" % uid)
                         iptables("-A OUTPUT -m owner --uid-owner %s -d 138.231.136.1/21 -j ACCEPT" % uid)
                         iptables("-A OUTPUT -m owner --uid-owner %s -d 138.231.144.1/21 -j ACCEPT" % uid)
                         iptables("-A OUTPUT -m owner --uid-owner %s -j REJECT" % uid)