[firewall_new, ipset] Modifications pour pouvoir utiliser n'importequel set, optimisation pour wheezy

2013-04-03 09:59:35 +02:00 · 2013-04-03 09:59:35 +02:00 · 406a6033f7
commit 406a6033f7
parent 2f71b57882
2 changed files with 28 additions and 12 deletions
--- a/gestion/gen_confs/firewall_new.py
+++ b/gestion/gen_confs/firewall_new.py
@ -343,16 +343,16 @@ class firewall_crans :
        if ip.startswith("138.231.1"):
            if machine.__class__.__name__ == "MachineWifi" and hostname != 'gordon':
                # Machine Wifi, c'est la mac de gordon
-                rules[self.mac_ip_set].append((ip,mac_wifi))
+                rules[self.mac_ip_set].append("%s,%s" %  (ip,mac_wifi))
            else:
                # Machine fixe
-                rules[self.mac_ip_set].append((ip,machine.mac()))
+                rules[self.mac_ip_set].append("%s,%s" %  (ip,machine.mac()))
            if machine.__class__.__name__ == "MachineWifi" and hostname == 'komaz':
-                rules[self.mac_ip_set_wifi].append((ip,machine.mac()))
+                rules[self.mac_ip_set_wifi].append("%s,%s" % (ip,machine.mac()))
            elif machine.__class__.__name__ == "MachineWifi" and hostname != 'komaz':
-                rules[self.mac_ip_set_wifi].append((ip,mac_komaz))
+                rules[self.mac_ip_set_wifi].append("%s,%s" % (ip,mac_komaz))
        elif ip.startswith("10.231.136."):
-            rules[self.mac_ip_adm_set].append((ip,machine.mac()))
+            rules[self.mac_ip_adm_set].append("%s,%s" % (ip,machine.mac()))
    def mac_ip_gen(self):
        self.anim = anim('\tChaîne TEST_MAC-IP', len(self.__machines()))
        self.anim.reinit()
--- a/gestion/gen_confs/ipset.py
+++ b/gestion/gen_confs/ipset.py
@ -17,13 +17,12 @@

 import sys
 sys.path.append('/usr/scripts/gestion')
-sys.path.append('/usr/scripts/lc_ldap')

 import commands
 import lock
+import os
+

-import lc_ldap
-import secrets

 class IpsetError(Exception):
    # Gestion des erreurs d'ipset
@ -36,10 +35,23 @@ class IpsetError(Exception):

 class Ipset(object):
    ipset="/usr/sbin/ipset"
+
+    def __str__(self):
+        return self.set
+
    def __init__(self,set,type,typeopt=''):
        self.set=set
        self.type=type
        self.typeopt=typeopt
+        self.squeeze = os.uname()[2] < '3'
+        try:
+            self.create()
+        except IpsetError as error:
+            if error.err_code != 256:
+                raise
+            elif not "already exists" in error.output:
+                raise
+            pass

    def call(self,cmd,arg=''):
        """Appel système à ipset"""
@ -71,15 +83,19 @@ class Ipset(object):
    def restore(self,rules): 
        """ restore le set courrant"""
        rules_str=self.restore_format(rules)
-        create_str="-N %s %s %s" % (self.set,self.type,self.typeopt)
-        str="%s\n%s\nCOMMIT\n" % (create_str,rules_str)
+        if self.squeeze:
+            create_str="-N %s %s %s" % (self.set,self.type,self.typeopt)
+            str="%s\n%s\nCOMMIT\n" % (create_str,rules_str)
+        else:
+            str="%s\nCOMMIT\n" % rules_str
        path='/tmp/ipset_%s' % self.set
        f=open(path, 'w+')
        f.write(str)
        f.close()
        try:
            self.flush()
-            self.destroy()
+            if self.squeeze:
+                self.destroy()
        except IpsetError: pass
        cmd="cat %s | %s -R" % (path,self.ipset)
        status,output=commands.getstatusoutput(cmd)
@ -94,5 +110,5 @@ class Ipset(object):
        self.call("-X")

    def restore_format(self,rules):
-        return '\n'.join(["-A %s %s,%s" % (self.set,ip,mac) for (ip,mac) in rules])
+        return '\n'.join(["-A %s %s" % (self.set,data) for data in rules])