From 4cdbeca906b783d347094fa40586c61ac8c5e19a Mon Sep 17 00:00:00 2001
From: Olivier Huber <huber@crans.org>
Date: Sun, 29 Mar 2009 20:18:05 +0200
Subject: [PATCH] Ajout du vlan isolement dans le firewall

darcs-hash:20090329181805-8fbb1-22d28d7af4f5ff13a2d2c7667d6efe56d2b68b04.gz
---
 gestion/config.py             | 2 ++
 gestion/gen_confs/firewall.py | 3 ++-
 2 files changed, 4 insertions(+), 1 deletion(-)

diff --git a/gestion/config.py b/gestion/config.py
index a9ccfa58..6f85f957 100644
--- a/gestion/config.py
+++ b/gestion/config.py
@@ -402,6 +402,8 @@ vlans = {
     # VLan de la connexion gratuite
     'gratuit' : 6,
     'radin' : 6,
+    # Vlan isolement
+    'isolement' : 9,
     # VLan des appartements de l'ENS
     'appts': 21
     }
diff --git a/gestion/gen_confs/firewall.py b/gestion/gen_confs/firewall.py
index 6ab6e610..283a01cc 100644
--- a/gestion/gen_confs/firewall.py
+++ b/gestion/gen_confs/firewall.py
@@ -1230,9 +1230,10 @@ class firewall_sable(firewall_rouge):
         if_defaut = "eth0"
         if_radin = "eth0.%d" % vlans["radin"]
         if_accueil = "eth0.%d" % vlans["accueil"]
+        if_isolement = "eth0.%d" % vlans["isolement"]
 
         # Proxy transparent pour les vlans radin et accueil
-        for interface in [if_radin, if_accueil]:
+        for interface in [if_radin, if_accueil, if_isolement]:
             iptables("-t nat -i %s -A PREROUTING -p tcp --destination-port 80 -j DNAT --to-destination 10.51.0.1:3128" % interface)
             iptables("-t nat -i %s -A PREROUTING -p tcp --destination-port 3128 -j ACCEPT" % interface)
             iptables("-t nat -i %s -A PREROUTING -p tcp --destination-port 443 -j ACCEPT" % interface)