[firewall_new, ipset] Modifications pour pouvoir utiliser n'importequel set, optimisation pour wheezy

gestion/gen_confs/firewall_new.py

@@ -343,16 +343,16 @@ class firewall_crans :
         if ip.startswith("138.231.1"):
             if machine.__class__.__name__ == "MachineWifi" and hostname != 'gordon':
                 # Machine Wifi, c'est la mac de gordon
-                rules[self.mac_ip_set].append((ip,mac_wifi))
+                rules[self.mac_ip_set].append("%s,%s" %  (ip,mac_wifi))
             else:
                 # Machine fixe
-                rules[self.mac_ip_set].append((ip,machine.mac()))
+                rules[self.mac_ip_set].append("%s,%s" %  (ip,machine.mac()))
             if machine.__class__.__name__ == "MachineWifi" and hostname == 'komaz':
-                rules[self.mac_ip_set_wifi].append((ip,machine.mac()))
+                rules[self.mac_ip_set_wifi].append("%s,%s" % (ip,machine.mac()))
             elif machine.__class__.__name__ == "MachineWifi" and hostname != 'komaz':
-                rules[self.mac_ip_set_wifi].append((ip,mac_komaz))
+                rules[self.mac_ip_set_wifi].append("%s,%s" % (ip,mac_komaz))
         elif ip.startswith("10.231.136."):
-            rules[self.mac_ip_adm_set].append((ip,machine.mac()))
+            rules[self.mac_ip_adm_set].append("%s,%s" % (ip,machine.mac()))
     def mac_ip_gen(self):
         self.anim = anim('\tChaîne TEST_MAC-IP', len(self.__machines()))
         self.anim.reinit()

gestion/gen_confs/ipset.py

@@ -17,13 +17,12 @@
 
 import sys
 sys.path.append('/usr/scripts/gestion')
-sys.path.append('/usr/scripts/lc_ldap')
 
 import commands
 import lock
+import os
+
 
-import lc_ldap
-import secrets
 
 class IpsetError(Exception):
     # Gestion des erreurs d'ipset
@@ -36,10 +35,23 @@ class IpsetError(Exception):
 
 class Ipset(object):
     ipset="/usr/sbin/ipset"
+
+    def __str__(self):
+        return self.set
+
     def __init__(self,set,type,typeopt=''):
         self.set=set
         self.type=type
         self.typeopt=typeopt
+        self.squeeze = os.uname()[2] < '3'
+        try:
+            self.create()
+        except IpsetError as error:
+            if error.err_code != 256:
+                raise
+            elif not "already exists" in error.output:
+                raise
+            pass
 
     def call(self,cmd,arg=''):
         """Appel système à ipset"""
@@ -71,15 +83,19 @@ class Ipset(object):
     def restore(self,rules): 
         """ restore le set courrant"""
         rules_str=self.restore_format(rules)
-        create_str="-N %s %s %s" % (self.set,self.type,self.typeopt)
+        if self.squeeze:
-        str="%s\n%s\nCOMMIT\n" % (create_str,rules_str)
+            create_str="-N %s %s %s" % (self.set,self.type,self.typeopt)
+            str="%s\n%s\nCOMMIT\n" % (create_str,rules_str)
+        else:
+            str="%s\nCOMMIT\n" % rules_str
         path='/tmp/ipset_%s' % self.set
         f=open(path, 'w+')
         f.write(str)
         f.close()
         try:
             self.flush()
-            self.destroy()
+            if self.squeeze:
+                self.destroy()
         except IpsetError: pass
         cmd="cat %s | %s -R" % (path,self.ipset)
         status,output=commands.getstatusoutput(cmd)
@@ -94,5 +110,5 @@ class Ipset(object):
         self.call("-X")
 
     def restore_format(self,rules):
-        return '\n'.join(["-A %s %s,%s" % (self.set,ip,mac) for (ip,mac) in rules])
+        return '\n'.join(["-A %s %s" % (self.set,data) for data in rules])