crans/scripts
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Modification de la gestion des serveurs.

Browse source 
darcs-hash:20041107155920-1d643-f4d828b06491da8c9b6d390c0e438dd99f56b47e.gz
This commit is contained in:
sabban 2004-11-07 16:59:20 +01:00
parent 5f91dc3a0b
commit 4b5d8a312d
1 changed files with 38 additions and 39 deletions
Download patch file Download diff file Expand all files Collapse all files

75
gestion/classe_firewall.py
View file

@ -21,9 +21,6 @@ import iptools,config,fileinput
from ldap_crans import * from ldap_crans import *
from config_firewall import * from config_firewall import *
from affich_tools import * from affich_tools import *
def test(pouet):
print pouet
os.system(pouet)
class ErrorArgument(Exception): class ErrorArgument(Exception):
""" """
@ -64,24 +61,25 @@ class ErrorNoSuchIp(ErrorIp):
pass pass
class firewall: class firewall:
zone_serveur="138.231.136.0/28"
def __init__(self): def __init__(self):
self.file_log=open("/var/log/fw.log","a") self.file_log=open("/var/log/fw.log","a")
def __init__(self): def __del__(self):
self.file_log.close() self.file_log.close()
def iptables(self,cmd): def iptables(self,cmd):
status,output=getstatusoutput(cmd) status,output=getstatusoutput(cmd)
if status: if status:
raise IptablesError(cmd,status,output) raise IptablesError(cmd,status,output)
self.file_log.write(cmd) self.file_log.write(time.time+": "+cmd)
def start(self): def start(self):
""" """
Construit le firewall Construit le firewall
Pas d'arguments Pas d'arguments
""" """
self.komaz self.komaz()
self.serveurs() self.serveurs()
self.filtrage_mac() self.filtrage_mac()
self.create_forward() self.create_forward()
@ -113,6 +111,39 @@ class firewall:
config.port_default["%s_output" % proto][i]+\ config.port_default["%s_output" % proto][i]+\
" -j ACCEPT") " -j ACCEPT")
def add_machines(self,machine):
__serveurs_vers_ext__(machine)
__ext_vers_serveurs__(machine)
__crans_vers_ext__(machine)
__ext_vers_crans__(machine)
def __serveurs_vers_ext(self,machine):
ip=machine.ip()
if AddrInNet(ip,self.zone_serveur):
for i in machine.portTCPout().split():
iptables("-t nat -A PREROUTING -d "+\
"%s -p tcp --dport %s -j ACCEPT"\
%(ip,i))
for i in machine.portUDPout().split():
iptables("-t nat -A PREROUTING -d "+\
"%s -p udp --dport %s -j ACCEPT"\
%(ip,i))
def __ext_vers_serveurs__(self,machine):
ip=machine.ip()
if AddrInNet(ip,self.zone_serveur):
for i in machine.portTCPin().split():
iptables("-t nat -A PREROUTING "+\
"-s %s -p tcp --dport %s -j ACCEPT"\
%(ip,i))
for i in machine.portUDPin().split():
iptables("-t nat -A PREROUTING "+\
"-s %s -p udp --dport %s -j ACCEPT"\
%(ip,i))
def __crans_vers_ext__(self,machine):
def __ext_vers_crans__(self,machine):
def del_entree(self,ip): def del_entree(self,ip):
""" """
@ -235,38 +266,6 @@ class firewall:
iptables("iptables -A OUTPUT -s 138.231.136.4 -p udp --dport %s"%i+\ iptables("iptables -A OUTPUT -s 138.231.136.4 -p udp --dport %s"%i+\
" -j ACCEPT") " -j ACCEPT")
def serveurs(self):
def fonction_utile(valeur):
return valeur
"""
Définit les chaînes relatives au serveur
Note: Ça marche pas si port{TCP,UDP}{in,out} est ''
Fred corrigera
"""
for serveur in serveurs_list:
ports=serveurs_ports[serveur]['portTCPin']
for i in ports.split(' '):
iptables("iptables -A FORWARD -d %s"%\
eval(fonction_utile(serveur))['ip']+\
" -p tcp --dport %s -j ACCEPT"%i)
ports=serveurs_ports[serveur]['portTCPout']
for i in ports.split(' '):
iptables("iptables -A FORWARD -s %s"%\
eval(fonction_utile(serveur))['ip']+\
" -p tcp --dport %s -j ACCEPT"%i)
ports=serveurs_ports[serveur]['portUDPin']
for i in ports.split(' '):
iptables("iptables -A FORWARD -d %s"%\
eval(fonction_utile(serveur))['ip']+\
" -p udp --dport %s -j ACCEPT"%i)
ports=serveurs_ports[serveur]['portUDPout']
for i in ports.split(' '):
iptables("iptables -A FORWARD -s %s"%\
eval(fonction_utile(serveur))['ip']+\
" -p udp --dport %s -j ACCEPT"%i)
for serveur in serveurs_list:
self.paire_macip(eval(fonction_utile(serveur))['ip'],\
eval(fonction_utile(serveur))['mac'])
def blacklist(self): def blacklist(self):
""" """