crans/scripts
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

[gestion/gen_confs] on supprime l'accès internet depuis zamok aux adhérents blacklistés

Browse source 
* zamok traite les blacklistes
 * ajout d'une méthode blackliste au firewall de zamok

darcs-hash:20100529145721-bd074-d293e8d135311db33f47ea36fd19f798756ff048.gz
This commit is contained in:
Antoine Durand-Gasselin 2010-05-29 16:57:21 +02:00
parent 7d7fd2ee2e
commit 3b9cc8fed4
2 changed files with 33 additions and 5 deletions
Download patch file Download diff file Expand all files Collapse all files

25
gestion/gen_confs/firewall.py
View file

@ -1114,6 +1114,31 @@ class firewall_zamok(firewall_crans) :
self.exception_catcher(self.test_mac_ip) self.exception_catcher(self.test_mac_ip)
self.serv_out_adm() self.serv_out_adm()
def blacklist(self):
"""Fondamentalement, bloque l'accès internet sur zamok aux
adhérents sanctionnés"""
self.filter_table()
blacklist_sanctions = ('upload', 'warez', 'p2p', 'autodisc_p2p', 'autodisc_upload', 'bloq')
# Recherche sur le champ ablacklist (clubs compris)
search = db.search('ablacklist=*&paiement=ok')
self.anim = anim("\tBlackliste des comptes Crans", len(search['adherent']))
for adh in search['adherent']:
self.anim.cycle()
sanctions = adh.blacklist_actif()
for s in blacklist_sanctions:
if s in sanctions:
try:
uid = adh.uidNumber()
iptables("-A OUTPUT -m owner --uid-owner %s -d 138.231.136.1/21 -j ACCEPT" % uid)
iptables("-A OUTPUT -m owner --uid-owner %s -d 138.231.144.1/21 -j ACCEPT" % uid)
iptables("-A OUTPUT -m owner --uid-owner %s -j REJECT" % uid)
finally:
break
self.anim.reinit()
print OK
def filter_table_tweaks(self) : def filter_table_tweaks(self) :
self.anim = anim('\tRègles spécifiques à zamok') self.anim = anim('\tRègles spécifiques à zamok')
iptables("-P INPUT ACCEPT") iptables("-P INPUT ACCEPT")

13
gestion/gen_confs/generate.py
View file

@ -42,11 +42,11 @@ class base_reconfigure:
'macip': [ 'rouge-macip', 'zamok-macip', 'sable-macip', 'komaz-macip', 'gordon-macip', 'macip': [ 'rouge-macip', 'zamok-macip', 'sable-macip', 'komaz-macip', 'gordon-macip',
'sable-blacklist_check' ], 'sable-blacklist_check' ],
# 'droits': [ 'rouge-droits', 'ragnarok-droits' ], # 'droits': [ 'rouge-droits', 'ragnarok-droits' ],
'blacklist_upload': [ 'sable-blacklist_upload', 'komaz-blacklist' ], 'blacklist_upload': [ 'sable-blacklist_upload', 'komaz-blacklist', 'zamok-blacklist' ],
'blacklist_p2p': [ 'sable-blacklist_p2p', 'komaz-blacklist' ], 'blacklist_p2p': [ 'sable-blacklist_p2p', 'komaz-blacklist', 'zamok-blacklist' ],
'blacklist_autodisc_upload': [ 'sable-blacklist_autodisc_upload', 'komaz-blacklist'], 'blacklist_autodisc_upload': [ 'sable-blacklist_autodisc_upload', 'komaz-blacklist', 'zamok-blacklist'],
'blacklist_autodisc_p2p': [ 'sable-blacklist_autodisc_p2p', 'komaz-blacklist'], 'blacklist_autodisc_p2p': [ 'sable-blacklist_autodisc_p2p', 'komaz-blacklist', 'zamok-blacklist'],
'blacklist_bloq': [ 'komaz-blacklist', 'sable-blacklist_bloq' ], 'blacklist_bloq': [ 'komaz-blacklist', 'sable-blacklist_bloq', 'zamok-blacklist' ],
'del_user': [ 'fx-del_user', 'rouge-del_user', 'zamok-del_user' ] 'del_user': [ 'fx-del_user', 'rouge-del_user', 'zamok-del_user' ]
} }
@ -192,6 +192,9 @@ class zamok(base_reconfigure):
from adherents import del_user from adherents import del_user
self._do(del_user(args)) self._do(del_user(args))
def blacklist(self):
from firewall import firewall_zamok
firewall_zamok().blacklist()
class fx(base_reconfigure): class fx(base_reconfigure):
def home(self, args): def home(self, args):