crans/scripts
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Acceptation des paquets sans owner en udp aussi.

Browse source 
darcs-hash:20050827105607-41617-f77c5e222ca7685783196834d6bdeb417168cd33.gz
This commit is contained in:
pauget 2005-08-27 12:56:07 +02:00
parent 8e81c68bde
commit 4ceb411ddf
1 changed files with 7 additions and 5 deletions
Download patch file Download diff file Expand all files Collapse all files

12
gestion/gen_confs/firewall.py
View file

@ -747,16 +747,18 @@ class firewall_bleu(firewall_crans) :
except KeyError:
continue
# LDAP toujour joignable
# LDAP et DNS toujours joignable
iptables("-A SERV_OUT_ADM -p tcp --dport ldap -j ACCEPT")
iptables("-A SERV_OUT_ADM -p tcp --dport domain -j ACCEPT")
iptables("-A SERV_OUT_ADM -p udp --dport domain -j ACCEPT")
# Pour le nfs (le paquet à laisser passer n'a pas d'owner)
iptables("-A SERV_OUT_ADM -p tcp -d vert.adm.crans.org -m owner ! --uid-owner 0 -j REJECT --reject-with icmp-net-prohibited")
iptables("-A SERV_OUT_ADM -p tcp -d vert.adm.crans.org -j ACCEPT")
iptables("-A SERV_OUT_ADM -d nfs.adm.crans.org -m owner ! --uid-owner 0 -j REJECT --reject-with icmp-net-prohibited")
iptables("-A SERV_OUT_ADM -d nfs.adm.crans.org -j ACCEPT")
# Rien d'autre ne passe
iptables("-A SERV_OUT_ADM -j REJECT --reject-with icmp-net-prohibited")
iptables("-A SERV_OUT_ADM -j REJECT --reject-with icmp-net-prohibited")
self.anim.reinit()
print OK