C'est quand mme mieux comme a.
darcs-hash:20041027212354-1d643-738982f40fb5bbbc04d9598fa089145645bcc627.gz
This commit is contained in:
sabban
parent
e7d67dca37
commit
507d0dfc85
1 changed files with 11 additions and 10 deletions
|
|
@ -20,9 +20,9 @@ import iptools,config,fileinput
|
||||||
from ldap_crans import *
|
from ldap_crans import *
|
||||||
from config_firewall import *
|
from config_firewall import *
|
||||||
from affich_tools import *
|
from affich_tools import *
|
||||||
def test(fredgroscon):
|
def test(pouet):
|
||||||
print fredgroscon
|
print pouet
|
||||||
os.system(fredgroscon)
|
os.system(pouet)
|
||||||
|
|
||||||
class ErrorArgument(Exception):
|
class ErrorArgument(Exception):
|
||||||
"""
|
"""
|
||||||
|
|
@ -115,7 +115,8 @@ class firewall:
|
||||||
chaine=tmp[1]
|
chaine=tmp[1]
|
||||||
count=0
|
count=0
|
||||||
if ip in line:
|
if ip in line:
|
||||||
os.system("iptables -D %s %i"%(chaine,count))
|
os.system("iptables -L")
|
||||||
|
test("iptables -D %s %i"%(chaine,count))
|
||||||
count=count-1
|
count=count-1
|
||||||
os.system("rm -f /tmp/firewall")
|
os.system("rm -f /tmp/firewall")
|
||||||
|
|
||||||
|
|
@ -349,31 +350,31 @@ class firewall:
|
||||||
wifi=False
|
wifi=False
|
||||||
while (i<len(config.NETs['wifi'])):
|
while (i<len(config.NETs['wifi'])):
|
||||||
if (iptools.AddrInNet(ip,config.NETs['all'][i])):
|
if (iptools.AddrInNet(ip,config.NETs['all'][i])):
|
||||||
os.system("iptables -I PREROUTING -s %s -m mac --mac-source "%ip+\
|
test("iptables -t nat -I PREROUTING -s %s -m mac --mac-source "%ip+\
|
||||||
"%s -j ACCEPT"%config.mac_wifi)
|
"%s -j ACCEPT"%config.mac_wifi)
|
||||||
wifi=True
|
wifi=True
|
||||||
i=i+1
|
i=i+1
|
||||||
if (not wifi):
|
if (not wifi):
|
||||||
os.system("iptables -I PREROUTING -s %s -m mac --mac-source %s -j ACCEPT"%\
|
test("iptables -t nat -I PREROUTING -s %s -m mac --mac-source %s -j ACCEPT"%\
|
||||||
(ip,search[0].mac()))
|
(ip,search[0].mac()))
|
||||||
if search[0].portTCPin()!='':
|
if search[0].portTCPin()!='':
|
||||||
ports=search[0].portTCPin()
|
ports=search[0].portTCPin()
|
||||||
for j in ports.split(' '):
|
for j in ports.split(' '):
|
||||||
os.system("iptables -I ADHERENTS_INPUT -d %s"%ip+\
|
test("iptables -I ADHERENTS_INPUT -d %s"%ip+\
|
||||||
" -p tcp --dport %s -j ACCEPT"%j)
|
" -p tcp --dport %s -j ACCEPT"%j)
|
||||||
if search[0].portTCPout()!='':
|
if search[0].portTCPout()!='':
|
||||||
ports=search[0].portTCPout()
|
ports=search[0].portTCPout()
|
||||||
for j in ports.split(' '):
|
for j in ports.split(' '):
|
||||||
os.system("iptables -I ADHERENTS_OUTPUT -d %s"%ip+\
|
test("iptables -I ADHERENTS_OUTPUT -d %s"%ip+\
|
||||||
" -p tcp --dport %s -j ACCEPT"%j)
|
" -p tcp --dport %s -j ACCEPT"%j)
|
||||||
if search[0].portUDPin()!='':
|
if search[0].portUDPin()!='':
|
||||||
ports=search[0].portUDPin()
|
ports=search[0].portUDPin()
|
||||||
for j in ports.split(' '):
|
for j in ports.split(' '):
|
||||||
os.system("iptables -I ADHERENTS_INPUT -d %s"%ip+\
|
test("iptables -I ADHERENTS_INPUT -d %s"%ip+\
|
||||||
" -p udp --dport %s -j ACCEPT"%j)
|
" -p udp --dport %s -j ACCEPT"%j)
|
||||||
if search[0].portUDPout()!='':
|
if search[0].portUDPout()!='':
|
||||||
ports=search[0].portUDPout()
|
ports=search[0].portUDPout()
|
||||||
for j in ports.split(' '):
|
for j in ports.split(' '):
|
||||||
os.system("iptables -I ADHERENTS_OUTPUT -d %s"%ip+\
|
test("iptables -I ADHERENTS_OUTPUT -d %s"%ip+\
|
||||||
" -p udp --dport %s -j ACCEPT"%j)
|
" -p udp --dport %s -j ACCEPT"%j)
|
||||||
|
|
||||||
|
|
|
||||||
Loading…
Add table
Add a link
Reference in a new issue