diff --git a/gestion/gen_confs/firewall4.py b/gestion/gen_confs/firewall4.py index 98586a3b..6ce75b14 100755 --- a/gestion/gen_confs/firewall4.py +++ b/gestion/gen_confs/firewall4.py @@ -1029,22 +1029,28 @@ class firewall_routeur(firewall_base): chain = 'CAPTIF-ROUTE' if table == 'filter': + pretty_print(table, chain) for ip in accueil_route.keys(): for type in accueil_route[ip].keys(): if type in ['udp', 'tcp']: self.add(table, chain, '-p %s -d %s -m multiport --dports %s -j ACCEPT' % (type, ip, ','.join(accueil_route[ip][type]))) self.add(table, chain, '-p %s -s %s -m multiport --sports %s -j ACCEPT' % (type, ip, ','.join(accueil_route[ip][type]))) self.add(table, chain, '-j REJECT') + print OK if table == 'nat': + pretty_print(table, chain) #intranet et wiki pour le vlan accueil for ip in accueil_route.keys(): for type in accueil_route[ip].keys(): if type in ['udp', 'tcp']: - self.add(table, chain, '-i %s -p %s -d %s -m multiport --dports %s -j MASQUERADE' % (dev['accueil'], type, ip, ','.join(accueil_route[ip][type]))) - self.add(table, chain, '-i %s -p %s -d %s -m multiport --dports %s -j MASQUERADE' % (dev['isolement'], type, ip, ','.join(accueil_route[ip][type]))) + for net in NETs['accueil']: + self.add(table, chain, '-s %s -p %s -d %s -m multiport --dports %s -j MASQUERADE' % (net, type, ip, ','.join(accueil_route[ip][type]))) + for net in NETs['isolement']: + self.add(table, chain, '-s %s -p %s -d %s -m multiport --dports %s -j MASQUERADE' % (net, type, ip, ','.join(accueil_route[ip][type]))) for net in NETs['personnel-ens']: self.add(table, chain, '-i %s -s %s -j MASQUERADE' % (dev['app'], net)) + print OK if apply: self.apply(table, chain) @@ -1055,6 +1061,7 @@ class firewall_routeur(firewall_base): chain = 'PORTAIL-CAPTIF' if table == 'nat': + pretty_print(table, chain) for ip in accueil_route.keys(): for type in accueil_route[ip].keys(): if type in ['udp', 'tcp']: