From 4b5d8a312d3e5ff371b812c26a3b336d426095df Mon Sep 17 00:00:00 2001 From: sabban Date: Sun, 7 Nov 2004 16:59:20 +0100 Subject: [PATCH] Modification de la gestion des serveurs. darcs-hash:20041107155920-1d643-f4d828b06491da8c9b6d390c0e438dd99f56b47e.gz --- gestion/classe_firewall.py | 77 +++++++++++++++++++------------------- 1 file changed, 38 insertions(+), 39 deletions(-) diff --git a/gestion/classe_firewall.py b/gestion/classe_firewall.py index 1b278983..15c908a8 100755 --- a/gestion/classe_firewall.py +++ b/gestion/classe_firewall.py @@ -21,9 +21,6 @@ import iptools,config,fileinput from ldap_crans import * from config_firewall import * from affich_tools import * -def test(pouet): - print pouet - os.system(pouet) class ErrorArgument(Exception): """ @@ -63,25 +60,26 @@ class ErrorNoSuchIp(ErrorIp): """ pass -class firewall: +class firewall: + zone_serveur="138.231.136.0/28" def __init__(self): self.file_log=open("/var/log/fw.log","a") - def __init__(self): + def __del__(self): self.file_log.close() def iptables(self,cmd): status,output=getstatusoutput(cmd) if status: raise IptablesError(cmd,status,output) - self.file_log.write(cmd) + self.file_log.write(time.time+": "+cmd) def start(self): """ Construit le firewall Pas d'arguments """ - self.komaz + self.komaz() self.serveurs() self.filtrage_mac() self.create_forward() @@ -113,6 +111,39 @@ class firewall: config.port_default["%s_output" % proto][i]+\ " -j ACCEPT") + def add_machines(self,machine): + __serveurs_vers_ext__(machine) + __ext_vers_serveurs__(machine) + __crans_vers_ext__(machine) + __ext_vers_crans__(machine) + + def __serveurs_vers_ext(self,machine): + ip=machine.ip() + if AddrInNet(ip,self.zone_serveur): + for i in machine.portTCPout().split(): + iptables("-t nat -A PREROUTING -d "+\ + "%s -p tcp --dport %s -j ACCEPT"\ + %(ip,i)) + for i in machine.portUDPout().split(): + iptables("-t nat -A PREROUTING -d "+\ + "%s -p udp --dport %s -j ACCEPT"\ + %(ip,i)) + + def __ext_vers_serveurs__(self,machine): + ip=machine.ip() + if AddrInNet(ip,self.zone_serveur): + for i in machine.portTCPin().split(): + iptables("-t nat -A PREROUTING "+\ + "-s %s -p tcp --dport %s -j ACCEPT"\ + %(ip,i)) + for i in machine.portUDPin().split(): + iptables("-t nat -A PREROUTING "+\ + "-s %s -p udp --dport %s -j ACCEPT"\ + %(ip,i)) + + def __crans_vers_ext__(self,machine): + + def __ext_vers_crans__(self,machine): def del_entree(self,ip): """ @@ -235,38 +266,6 @@ class firewall: iptables("iptables -A OUTPUT -s 138.231.136.4 -p udp --dport %s"%i+\ " -j ACCEPT") - def serveurs(self): - def fonction_utile(valeur): - return valeur - """ - Définit les chaînes relatives au serveur - Note: Ça marche pas si port{TCP,UDP}{in,out} est '' - Fred corrigera - """ - for serveur in serveurs_list: - ports=serveurs_ports[serveur]['portTCPin'] - for i in ports.split(' '): - iptables("iptables -A FORWARD -d %s"%\ - eval(fonction_utile(serveur))['ip']+\ - " -p tcp --dport %s -j ACCEPT"%i) - ports=serveurs_ports[serveur]['portTCPout'] - for i in ports.split(' '): - iptables("iptables -A FORWARD -s %s"%\ - eval(fonction_utile(serveur))['ip']+\ - " -p tcp --dport %s -j ACCEPT"%i) - ports=serveurs_ports[serveur]['portUDPin'] - for i in ports.split(' '): - iptables("iptables -A FORWARD -d %s"%\ - eval(fonction_utile(serveur))['ip']+\ - " -p udp --dport %s -j ACCEPT"%i) - ports=serveurs_ports[serveur]['portUDPout'] - for i in ports.split(' '): - iptables("iptables -A FORWARD -s %s"%\ - eval(fonction_utile(serveur))['ip']+\ - " -p udp --dport %s -j ACCEPT"%i) - for serveur in serveurs_list: - self.paire_macip(eval(fonction_utile(serveur))['ip'],\ - eval(fonction_utile(serveur))['mac']) def blacklist(self): """