From 5c548afbc9faff3f9e068922db462c1a3d007251 Mon Sep 17 00:00:00 2001 From: Stephane Glondu Date: Wed, 24 Feb 2010 22:15:39 +0100 Subject: [PATCH] =?UTF-8?q?[firewall]=20d=C3=A9placement=20de=20adm=5Fuser?= =?UTF-8?q?s=20dans=20config?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit darcs-hash:20100224211539-61eff-9562b7ea03066ebaa91a44b81380b8ef5edb7bbf.gz --- gestion/config.py | 3 +++ gestion/gen_confs/firewall.py | 8 +++----- 2 files changed, 6 insertions(+), 5 deletions(-) diff --git a/gestion/config.py b/gestion/config.py index 4d187513..5fa05a5e 100644 --- a/gestion/config.py +++ b/gestion/config.py @@ -482,6 +482,9 @@ file_pickle = { 4 : '/tmp/ipt_pickle', blacklist_sanctions = ['upload', 'warez', 'p2p', 'autodisc_p2p', 'autodisc_upload', 'bloq'] +adm_users = [ 'root', 'identd', 'daemon', 'postfix', 'freerad', 'amavis', + 'nut', 'respbats', 'list', 'sqlgrey', 'ntpd', 'lp' ] + # Debit max sur le vlan de la connexion gratuite debit_max_radin = 1000000 debit_max_gratuit = 1000000 diff --git a/gestion/gen_confs/firewall.py b/gestion/gen_confs/firewall.py index 025da07d..ec2b26d9 100644 --- a/gestion/gen_confs/firewall.py +++ b/gestion/gen_confs/firewall.py @@ -35,7 +35,7 @@ from ldap_crans import AssociationCrans, Machine, MachineWifi, BorneWifi from affich_tools import * from commands import getstatusoutput from iptools import AddrInNet, NetSubnets, IpSubnet -from config import NETs, mac_komaz, mac_wifi, mac_titanic, mac_g, conf_fw, p2p, vlans, debit_max_radin +from config import NETs, mac_komaz, mac_wifi, mac_titanic, mac_g, conf_fw, p2p, vlans, debit_max_radin, adm_users syslog.openlog('firewall') debug = 1 @@ -111,8 +111,6 @@ class firewall_crans : zone_serveur = NETs['serveurs'][0] vlan_adm = NETs['adm'][0] - adm_users = [ "root", "identd", "daemon", "postfix", "freerad", "amavis", "nut", "respbats", "list", "sqlgrey", "ntpd", "lp" ] - limit = " -m limit --limit 10/s --limit-burst 10 " log_template = '-m limit --limit 1/s --limit-burst 1 -j LOG --log-level notice --log-prefix ' filtre_flood = '-m hashlimit --hashlimit 20 --hashlimit-mode srcip --hashlimit-name flood' @@ -1062,11 +1060,11 @@ class firewall_zamok(firewall_crans) : eth_adm = "crans.2" def serv_out_adm(self) : - self.anim = anim('\tOutput vers VLAN adm', len(self.adm_users)) + self.anim = anim('\tOutput vers VLAN adm', len(adm_users)) # Supression des éventuelles règles iptables("-t filter -F SERV_OUT_ADM") - for user in self.adm_users : + for user in adm_users : self.anim.cycle() try: iptables("-A SERV_OUT_ADM -m owner --uid-owner %d -j ACCEPT" % pwd.getpwnam(user)[2])