crans/scripts
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

[firewall_new] On met en place un filtre sur les tracker torrent, pour le moment, on ne fait que loguer pour tester

Browse source 
Ignore-this: c811541b345d19c9498291dd07e262b9

darcs-hash:20111126184859-3a55a-a4a5a80a91015ce0bc257d0393c7e468964ba3a7.gz
This commit is contained in:
Valentin Samir 2011-11-26 19:48:59 +01:00
parent c485f8635e
commit 39c3b022bc
1 changed files with 17 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

18
gestion/gen_confs/firewall_new.py
View file

@ -652,7 +652,7 @@ class firewall_komaz(firewall_crans) :
for chaine in [ 'ADMIN_VLAN', 'EXT_VERS_SERVEURS', 'SERVEURS_VERS_EXT',
'EXT_VERS_CRANS', 'CRANS_VERS_EXT', 'BLACKLIST_SRC',
'BLACKLIST_DST' , 'FILTRE_P2P', 'INGRESS_FILTERING',
'TEST_VIRUS_FLOOD', 'LOG_VIRUS', 'LOG_FLOOD' ] :
'TEST_VIRUS_FLOOD', 'LOG_VIRUS', 'LOG_FLOOD','LOG_TRACKER' ] :
iptables('-N %s' % chaine)
iptables("-A FORWARD -j INGRESS_FILTERING")
# on ne route pas les paquets n'appartenant pas à notre plage ip -- xhub
@ -680,8 +680,24 @@ class firewall_komaz(firewall_crans) :
# Proxy transparent
iptables("-I FORWARD -m mark --mark %s -j ACCEPT" % conf_fw.mark['proxy'])
iptables('-I FORWARD -o ens -m state --state NEW -j LOG --log-prefix "LOG_ALL "')
iptables('-I FORWARD -i ens -m state --state NEW -j LOG --log-prefix "LOG_ALL "')
#On log les requetes a des trackers torrents pour tester
iptables("-N TRACKER_FILTER")
iptables("-A TRACKER_FILTER -m string --algo kmp ! --string \"info_hash=\" -j ACCEPT")
iptables("-A TRACKER_FILTER -m string --algo kmp --string \"/scrape?\" -j LOG_TRACKER")
iptables("-A TRACKER_FILTER -m string --algo kmp ! --string \"peer_id=\" -j ACCEPT")
iptables("-A TRACKER_FILTER -m string --algo kmp ! --string \"port=\" -j ACCEPT")
iptables("-A TRACKER_FILTER -m string --algo kmp ! --string \"uploaded=\" -j ACCEPT")
iptables("-A TRACKER_FILTER -m string --algo kmp ! --string \"downloaded=\" -j ACCEPT")
iptables("-A TRACKER_FILTER -m string --algo kmp ! --string \"left=\" -j ACCEPT")
iptables("-A TRACKER_FILTER -j LOG_TRACKER")
iptables("-I FORWARD -p tcp -m string --algo kmp --string \"GET \" -j TRACKER_FILTER")
iptables("-I FORWARD -p tcp -m string --algo kmp --string \"get \" -j TRACKER_FILTER")
iptables("-I FORWARD -p udp -m string --algo kmp --hex-string \"|4500002c00004000|\" -j LOG_TRACKER")
iptables('-A LOG_TRACKER -j LOG --log-level notice --log-prefix "TRACKER_TORRENT: "')
print OK
def classes_p2p_maj(self, ip_list):