crans/scripts
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

[firewall] déplacement de adm_users dans config

Browse source 
darcs-hash:20100224211539-61eff-9562b7ea03066ebaa91a44b81380b8ef5edb7bbf.gz
This commit is contained in:
Stephane Glondu 2010-02-24 22:15:39 +01:00
parent 8b61ad1b11
commit 5c548afbc9
2 changed files with 6 additions and 5 deletions
Download patch file Download diff file Expand all files Collapse all files

3
gestion/config.py
View file

@ -482,6 +482,9 @@ file_pickle = { 4 : '/tmp/ipt_pickle',
blacklist_sanctions = ['upload', 'warez', 'p2p', 'autodisc_p2p', blacklist_sanctions = ['upload', 'warez', 'p2p', 'autodisc_p2p',
'autodisc_upload', 'bloq'] 'autodisc_upload', 'bloq']
adm_users = [ 'root', 'identd', 'daemon', 'postfix', 'freerad', 'amavis',
'nut', 'respbats', 'list', 'sqlgrey', 'ntpd', 'lp' ]
# Debit max sur le vlan de la connexion gratuite # Debit max sur le vlan de la connexion gratuite
debit_max_radin = 1000000 debit_max_radin = 1000000
debit_max_gratuit = 1000000 debit_max_gratuit = 1000000

8
gestion/gen_confs/firewall.py
View file

@ -35,7 +35,7 @@ from ldap_crans import AssociationCrans, Machine, MachineWifi, BorneWifi
from affich_tools import * from affich_tools import *
from commands import getstatusoutput from commands import getstatusoutput
from iptools import AddrInNet, NetSubnets, IpSubnet from iptools import AddrInNet, NetSubnets, IpSubnet
from config import NETs, mac_komaz, mac_wifi, mac_titanic, mac_g, conf_fw, p2p, vlans, debit_max_radin from config import NETs, mac_komaz, mac_wifi, mac_titanic, mac_g, conf_fw, p2p, vlans, debit_max_radin, adm_users
syslog.openlog('firewall') syslog.openlog('firewall')
debug = 1 debug = 1
@ -111,8 +111,6 @@ class firewall_crans :
zone_serveur = NETs['serveurs'][0] zone_serveur = NETs['serveurs'][0]
vlan_adm = NETs['adm'][0] vlan_adm = NETs['adm'][0]
adm_users = [ "root", "identd", "daemon", "postfix", "freerad", "amavis", "nut", "respbats", "list", "sqlgrey", "ntpd", "lp" ]
limit = " -m limit --limit 10/s --limit-burst 10 " limit = " -m limit --limit 10/s --limit-burst 10 "
log_template = '-m limit --limit 1/s --limit-burst 1 -j LOG --log-level notice --log-prefix ' log_template = '-m limit --limit 1/s --limit-burst 1 -j LOG --log-level notice --log-prefix '
filtre_flood = '-m hashlimit --hashlimit 20 --hashlimit-mode srcip --hashlimit-name flood' filtre_flood = '-m hashlimit --hashlimit 20 --hashlimit-mode srcip --hashlimit-name flood'
@ -1062,11 +1060,11 @@ class firewall_zamok(firewall_crans) :
eth_adm = "crans.2" eth_adm = "crans.2"
def serv_out_adm(self) : def serv_out_adm(self) :
self.anim = anim('\tOutput vers VLAN adm', len(self.adm_users)) self.anim = anim('\tOutput vers VLAN adm', len(adm_users))
# Supression des éventuelles règles # Supression des éventuelles règles
iptables("-t filter -F SERV_OUT_ADM") iptables("-t filter -F SERV_OUT_ADM")
for user in self.adm_users : for user in adm_users :
self.anim.cycle() self.anim.cycle()
try: try:
iptables("-A SERV_OUT_ADM -m owner --uid-owner %d -j ACCEPT" % pwd.getpwnam(user)[2]) iptables("-A SERV_OUT_ADM -m owner --uid-owner %d -j ACCEPT" % pwd.getpwnam(user)[2])