crans/scripts
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Ajout du vlan isolement dans le firewall

Browse source 
darcs-hash:20090329181805-8fbb1-22d28d7af4f5ff13a2d2c7667d6efe56d2b68b04.gz
This commit is contained in:
Olivier Huber 2009-03-29 20:18:05 +02:00
parent a6d4730055
commit 4cdbeca906
2 changed files with 4 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

3
gestion/gen_confs/firewall.py
View file

@ -1230,9 +1230,10 @@ class firewall_sable(firewall_rouge):
if_defaut = "eth0"
if_radin = "eth0.%d" % vlans["radin"]
if_accueil = "eth0.%d" % vlans["accueil"]
if_isolement = "eth0.%d" % vlans["isolement"]
# Proxy transparent pour les vlans radin et accueil
for interface in [if_radin, if_accueil]:
for interface in [if_radin, if_accueil, if_isolement]:
iptables("-t nat -i %s -A PREROUTING -p tcp --destination-port 80 -j DNAT --to-destination 10.51.0.1:3128" % interface)
iptables("-t nat -i %s -A PREROUTING -p tcp --destination-port 3128 -j ACCEPT" % interface)
iptables("-t nat -i %s -A PREROUTING -p tcp --destination-port 443 -j ACCEPT" % interface)