From 3b9cc8fed4d9fc30dd84635c9cfb4f7664c79099 Mon Sep 17 00:00:00 2001 From: Antoine Durand-Gasselin Date: Sat, 29 May 2010 16:57:21 +0200 Subject: [PATCH] =?UTF-8?q?[gestion/gen=5Fconfs]=20on=20supprime=20l'acc?= =?UTF-8?q?=C3=A8s=20internet=20depuis=20zamok=20aux=20adh=C3=A9rents=20bl?= =?UTF-8?q?acklist=C3=A9s?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * zamok traite les blacklistes * ajout d'une méthode blackliste au firewall de zamok darcs-hash:20100529145721-bd074-d293e8d135311db33f47ea36fd19f798756ff048.gz --- gestion/gen_confs/firewall.py | 25 +++++++++++++++++++++++++ gestion/gen_confs/generate.py | 13 ++++++++----- 2 files changed, 33 insertions(+), 5 deletions(-) diff --git a/gestion/gen_confs/firewall.py b/gestion/gen_confs/firewall.py index 16129f6a..86b98595 100644 --- a/gestion/gen_confs/firewall.py +++ b/gestion/gen_confs/firewall.py @@ -1114,6 +1114,31 @@ class firewall_zamok(firewall_crans) : self.exception_catcher(self.test_mac_ip) self.serv_out_adm() + def blacklist(self): + """Fondamentalement, bloque l'accès internet sur zamok aux + adhérents sanctionnés""" + self.filter_table() + + blacklist_sanctions = ('upload', 'warez', 'p2p', 'autodisc_p2p', 'autodisc_upload', 'bloq') + + # Recherche sur le champ ablacklist (clubs compris) + search = db.search('ablacklist=*&paiement=ok') + self.anim = anim("\tBlackliste des comptes Crans", len(search['adherent'])) + for adh in search['adherent']: + self.anim.cycle() + sanctions = adh.blacklist_actif() + for s in blacklist_sanctions: + if s in sanctions: + try: + uid = adh.uidNumber() + iptables("-A OUTPUT -m owner --uid-owner %s -d 138.231.136.1/21 -j ACCEPT" % uid) + iptables("-A OUTPUT -m owner --uid-owner %s -d 138.231.144.1/21 -j ACCEPT" % uid) + iptables("-A OUTPUT -m owner --uid-owner %s -j REJECT" % uid) + finally: + break + self.anim.reinit() + print OK + def filter_table_tweaks(self) : self.anim = anim('\tRègles spécifiques à zamok') iptables("-P INPUT ACCEPT") diff --git a/gestion/gen_confs/generate.py b/gestion/gen_confs/generate.py index 2d56368b..383825aa 100644 --- a/gestion/gen_confs/generate.py +++ b/gestion/gen_confs/generate.py @@ -42,11 +42,11 @@ class base_reconfigure: 'macip': [ 'rouge-macip', 'zamok-macip', 'sable-macip', 'komaz-macip', 'gordon-macip', 'sable-blacklist_check' ], # 'droits': [ 'rouge-droits', 'ragnarok-droits' ], - 'blacklist_upload': [ 'sable-blacklist_upload', 'komaz-blacklist' ], - 'blacklist_p2p': [ 'sable-blacklist_p2p', 'komaz-blacklist' ], - 'blacklist_autodisc_upload': [ 'sable-blacklist_autodisc_upload', 'komaz-blacklist'], - 'blacklist_autodisc_p2p': [ 'sable-blacklist_autodisc_p2p', 'komaz-blacklist'], - 'blacklist_bloq': [ 'komaz-blacklist', 'sable-blacklist_bloq' ], + 'blacklist_upload': [ 'sable-blacklist_upload', 'komaz-blacklist', 'zamok-blacklist' ], + 'blacklist_p2p': [ 'sable-blacklist_p2p', 'komaz-blacklist', 'zamok-blacklist' ], + 'blacklist_autodisc_upload': [ 'sable-blacklist_autodisc_upload', 'komaz-blacklist', 'zamok-blacklist'], + 'blacklist_autodisc_p2p': [ 'sable-blacklist_autodisc_p2p', 'komaz-blacklist', 'zamok-blacklist'], + 'blacklist_bloq': [ 'komaz-blacklist', 'sable-blacklist_bloq', 'zamok-blacklist' ], 'del_user': [ 'fx-del_user', 'rouge-del_user', 'zamok-del_user' ] } @@ -192,6 +192,9 @@ class zamok(base_reconfigure): from adherents import del_user self._do(del_user(args)) + def blacklist(self): + from firewall import firewall_zamok + firewall_zamok().blacklist() class fx(base_reconfigure): def home(self, args):