[gestion/gen_confs] on supprime l'accès internet depuis zamok aux adhérents blacklistés

* zamok traite les blacklistes * ajout d'une méthode blackliste au firewall de zamok darcs-hash:20100529145721-bd074-d293e8d135311db33f47ea36fd19f798756ff048.gz
2010-05-29 16:57:21 +02:00 · 2010-05-29 16:57:21 +02:00 · 3b9cc8fed4
commit 3b9cc8fed4
parent 7d7fd2ee2e
2 changed files with 33 additions and 5 deletions
--- a/gestion/gen_confs/firewall.py
+++ b/gestion/gen_confs/firewall.py
@ -1114,6 +1114,31 @@ class firewall_zamok(firewall_crans) :
        self.exception_catcher(self.test_mac_ip)
        self.serv_out_adm()

+    def blacklist(self):
+        """Fondamentalement, bloque l'accès internet sur zamok aux
+        adhérents sanctionnés"""
+        self.filter_table()
+
+        blacklist_sanctions = ('upload', 'warez', 'p2p', 'autodisc_p2p', 'autodisc_upload', 'bloq')
+
+        # Recherche sur le champ ablacklist (clubs compris)
+        search = db.search('ablacklist=*&paiement=ok')
+        self.anim = anim("\tBlackliste des comptes Crans", len(search['adherent']))
+        for adh in search['adherent']:
+            self.anim.cycle()
+            sanctions = adh.blacklist_actif()
+            for s in blacklist_sanctions:
+                if s in sanctions:
+                    try:
+                        uid = adh.uidNumber()
+                        iptables("-A OUTPUT -m owner --uid-owner %s -d 138.231.136.1/21 -j ACCEPT" % uid)
+                        iptables("-A OUTPUT -m owner --uid-owner %s -d 138.231.144.1/21 -j ACCEPT" % uid)
+                        iptables("-A OUTPUT -m owner --uid-owner %s -j REJECT" % uid)
+                    finally:
+                        break
+        self.anim.reinit()
+        print OK
+
    def filter_table_tweaks(self) :
        self.anim = anim('\tRègles spécifiques à zamok')
        iptables("-P INPUT ACCEPT")
--- a/gestion/gen_confs/generate.py
+++ b/gestion/gen_confs/generate.py
@ -42,11 +42,11 @@ class base_reconfigure:
        'macip': [ 'rouge-macip', 'zamok-macip', 'sable-macip', 'komaz-macip', 'gordon-macip',
            'sable-blacklist_check' ],
 #        'droits': [ 'rouge-droits', 'ragnarok-droits' ],
-        'blacklist_upload': [ 'sable-blacklist_upload', 'komaz-blacklist' ],
-        'blacklist_p2p': [ 'sable-blacklist_p2p', 'komaz-blacklist' ],
-        'blacklist_autodisc_upload': [ 'sable-blacklist_autodisc_upload', 'komaz-blacklist'],
-        'blacklist_autodisc_p2p': [ 'sable-blacklist_autodisc_p2p', 'komaz-blacklist'],
-        'blacklist_bloq': [ 'komaz-blacklist', 'sable-blacklist_bloq' ],
+        'blacklist_upload': [ 'sable-blacklist_upload', 'komaz-blacklist', 'zamok-blacklist' ],
+        'blacklist_p2p': [ 'sable-blacklist_p2p', 'komaz-blacklist', 'zamok-blacklist' ],
+        'blacklist_autodisc_upload': [ 'sable-blacklist_autodisc_upload', 'komaz-blacklist', 'zamok-blacklist'],
+        'blacklist_autodisc_p2p': [ 'sable-blacklist_autodisc_p2p', 'komaz-blacklist', 'zamok-blacklist'],
+        'blacklist_bloq': [ 'komaz-blacklist', 'sable-blacklist_bloq', 'zamok-blacklist' ],
        'del_user': [ 'fx-del_user', 'rouge-del_user', 'zamok-del_user' ]
        }

@ -192,6 +192,9 @@ class zamok(base_reconfigure):
        from adherents import del_user
        self._do(del_user(args))

+    def blacklist(self):
+        from firewall import firewall_zamok
+        firewall_zamok().blacklist()

 class fx(base_reconfigure):
    def home(self, args):