From 3b3152ccd6e868862fc1ec9d310bd06ff0d3a772 Mon Sep 17 00:00:00 2001 From: pauget Date: Fri, 17 Jun 2005 23:40:42 +0200 Subject: [PATCH] Il faut aussi laisser sortir respbats pour interroger les switchs. Possibilit de resontruire la chaine SERV_OUT_ADM sans relanver tout le fw. darcs-hash:20050617214042-41617-b636252637b01d34df1b2ec995833c630bca456b.gz --- gestion/gen_confs/firewall.py | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/gestion/gen_confs/firewall.py b/gestion/gen_confs/firewall.py index 27dc742d..f61909a2 100755 --- a/gestion/gen_confs/firewall.py +++ b/gestion/gen_confs/firewall.py @@ -81,8 +81,7 @@ class firewall_crans : zone_serveur="138.231.136.0/28" vlan_adm="138.231.144.0/28" - adm_users = [ "root", "identd", "daemon", "postfix", "freerad", "amavis", "nut" ] - + adm_users = [ "root", "identd", "daemon", "postfix", "freerad", "amavis", "nut", "respbats" ] mac_wifi = '00:0c:f1:fa:f1:4b' mac_komaz = '00:01:02:b0:31:b6' @@ -739,6 +738,9 @@ class firewall_bleu(firewall_crans) : def serv_out_adm(self) : self.anim = anim(' Output vers VLAN adm', len(self.adm_users)) + # Supression des éventuelles règles + iptables("-t filter -F SERV_OUT_ADM") + for user in self.adm_users : self.anim.cycle() try: @@ -748,6 +750,7 @@ class firewall_bleu(firewall_crans) : iptables("-A SERV_OUT_ADM -p tcp --dport ldap -j ACCEPT") iptables("-A SERV_OUT_ADM -j DROP") + self.anim.reinit() print OK @@ -885,7 +888,7 @@ if __name__ == '__main__' : fw = eval('firewall_%s()' % hostname) chaines = [] for nom in dir(fw) : - if nom in [ 'log_chaines' , 'test_virus_flood', 'reseaux_non_routables', 'test_mac_ip' , 'blacklist' , 'ext_vers_serveurs' , 'serveurs_vers_ext', 'ext_vers_crans', 'crans_vers_ext' , 'filtre_p2p', 'admin_vlan' ] : + if nom in [ 'log_chaines' , 'test_virus_flood', 'reseaux_non_routables', 'test_mac_ip' , 'blacklist' , 'ext_vers_serveurs' , 'serveurs_vers_ext', 'ext_vers_crans', 'crans_vers_ext' , 'filtre_p2p', 'admin_vlan' , 'serv_out_adm'] : chaines.append(nom) def __usage(txt=None) :