[config,firewall_new, firewall6] On pousse de la conf commune à firewall_new et firewall6 dans config

Ignore-this: d132731f820f32809f1690716ccff1da

darcs-hash:20121209173407-3a55a-73c9883fdebfe7aaf71f6bbb2a0fc83306f98fbc.gz

gestion/config.py

@@ -347,6 +347,15 @@ class virus:
 
 # Classe pour la détection du p2p #
 ###################################
+udp_torrent_tracker=[
+        'tracker.openbittorrent.com',
+        'tracker.ccc.de',
+        'tracker.istole.it',
+        'tracker.publicbt.com',
+        'tracker.1337x.org',
+        'fr33domtracker.h33t.com',
+        'tracker.torrentbox.com',
+        ]
 class p2p :
     # Limite de débit pour l'ensemble du p2p classifié, en octets/s
     # identique en upload et download

gestion/gen_confs/firewall6.py

@@ -27,6 +27,7 @@ sys.path.append('/usr/scripts/gestion')
 from ldap_crans import hostname
 from config import conf_fw, mid, prefix, role, file_pickle, open_ports
 from config import authorized_icmpv6, mac_wifi, adm_only, adm_users
+from config import udp_torrent_tracker
 from ipt import *
 
 # On invoque Ip6tables
@@ -132,14 +133,6 @@ def main_router():
     ip6tables.mangle.prerouting('-i %s -m state --state NEW -j LOG --log-prefix "LOG_ALL "' % dev_crans)
     ip6tables.mangle.prerouting('-i %s -m state --state NEW -j LOG --log-prefix "LOG_ALL "' %  dev_ip6 )
     
-    udp_torrent_tracker={
-        'tracker.openbittorrent.com':gethostbyname('tracker.openbittorrent.com')[1],
-        'tracker.ccc.de':gethostbyname('tracker.ccc.de')[1],
-        'tracker.istole.it':gethostbyname('tracker.istole.it')[1],
-        'tracker.publicbt.com':gethostbyname('tracker.publicbt.com')[1],
-        'tracker.1337x.org':gethostbyname('tracker.1337x.org')[1],
-        'fr33domtracker.h33t.com':gethostbyname('fr33domtracker.h33t.com')[1],
-        }
 
     # Les blacklistes
     # Si on les met après la règle conntrack, une connexion existante ne sera
@@ -164,8 +157,8 @@ def main_router():
     ip6tables.filter.tracker_torrent('-j REJECT --reject-with icmp6-adm-prohibited')
     ip6tables.filter.forward('-p tcp -m string --algo kmp --string "GET /" -j TRACKER_TORRENT')
     ip6tables.filter.forward('-p tcp -m string --algo kmp --string "get /" -j TRACKER_TORRENT')
-    for tracker in udp_torrent_tracker.keys():
-        for dest in udp_torrent_tracker[tracker]:
+    for tracker in udp_torrent_tracker:
+        for dest in gethostbyname(tracker)[1]:
             ip6tables.filter.forward('-p udp -d %s -j LOG --log-level notice --log-prefix "TRACKER:%s "' % (dest,(tracker[:20]) if len(tracker) > 20 else tracker))
             ip6tables.filter.forward('-p udp -d %s -j REJECT --reject-with icmp6-adm-prohibited' % dest)
     

gestion/gen_confs/firewall_new.py

@@ -37,7 +37,7 @@ from ldap_crans import AssociationCrans, Machine, MachineWifi, BorneWifi
 from affich_tools import *
 from commands import getstatusoutput
 from iptools import AddrInNet, NetSubnets, IpSubnet
-from config import NETs, mac_komaz, mac_wifi, mac_titanic, mac_g, conf_fw, p2p, vlans, debit_max_radin, adm_users, accueil_route, blacklist_sanctions, blacklist_sanctions_soft, periode_transitoire
+from config import NETs, mac_komaz, mac_wifi, mac_titanic, mac_g, conf_fw, p2p, vlans, debit_max_radin, adm_users, accueil_route, blacklist_sanctions, blacklist_sanctions_soft, periode_transitoire, udp_torrent_tracker
 from ipset import IpsetError, Ipset
 from lc_ldap import lc_ldap
 from ipt import gethostbyname
@@ -474,15 +474,6 @@ class firewall_komaz(firewall_crans) :
     filtres_p2p_bloq = [
             ]
             
-    udp_torrent_tracker={
-        'tracker.openbittorrent.com':gethostbyname('tracker.openbittorrent.com')[0],
-        'tracker.ccc.de':gethostbyname('tracker.ccc.de')[0],
-        'tracker.istole.it':gethostbyname('tracker.istole.it')[0],
-        'tracker.publicbt.com':gethostbyname('tracker.publicbt.com')[0],
-        'tracker.1337x.org':gethostbyname('tracker.1337x.org')[0],
-        'fr33domtracker.h33t.com':gethostbyname('fr33domtracker.h33t.com')[0],
-        }
-
 
     ports_p2p = [ '412', '1214', '4662:4665' , '6346:6347', '6699', '6881:6889' ]
 
@@ -1192,8 +1183,8 @@ class firewall_komaz(firewall_crans) :
             iptables('-A FILTRE_P2P -m ipp2p --%s -j REJECT --reject-with icmp-admin-prohibited' % filtre[0])
             self.anim.cycle()
         #on rejetes les trackeur udp les plus connus
-        for tracker in self.udp_torrent_tracker.keys():
-            for dest in self.udp_torrent_tracker[tracker]:
+        for tracker in udp_torrent_tracker:
+            for dest in gethostbyname(tracker)[0]:
                 iptables('-A FILTRE_P2P -p udp -d %s -j LOG --log-level notice --log-prefix "TRACKER:%s "' % (dest,(tracker[:20]) if len(tracker) > 20 else tracker))
                 iptables('-A FILTRE_P2P -p udp -d %s -j REJECT --reject-with icmp-admin-prohibited' % dest)