crans/scripts
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

[config,firewall_new, firewall6] On pousse de la conf commune à firewall_new et firewall6 dans config

Browse source 
Ignore-this: d132731f820f32809f1690716ccff1da

darcs-hash:20121209173407-3a55a-73c9883fdebfe7aaf71f6bbb2a0fc83306f98fbc.gz
This commit is contained in:
Valentin Samir 2012-12-09 18:34:07 +01:00
parent f8332851b4
commit 6e27d6a09a
3 changed files with 15 additions and 22 deletions
Download patch file Download diff file Expand all files Collapse all files

13
gestion/gen_confs/firewall6.py
View file

@ -27,6 +27,7 @@ sys.path.append('/usr/scripts/gestion')
from ldap_crans import hostname
from config import conf_fw, mid, prefix, role, file_pickle, open_ports
from config import authorized_icmpv6, mac_wifi, adm_only, adm_users
from config import udp_torrent_tracker
from ipt import *
# On invoque Ip6tables
@ -132,14 +133,6 @@ def main_router():
ip6tables.mangle.prerouting('-i %s -m state --state NEW -j LOG --log-prefix "LOG_ALL "' % dev_crans)
ip6tables.mangle.prerouting('-i %s -m state --state NEW -j LOG --log-prefix "LOG_ALL "' % dev_ip6 )
udp_torrent_tracker={
'tracker.openbittorrent.com':gethostbyname('tracker.openbittorrent.com')[1],
'tracker.ccc.de':gethostbyname('tracker.ccc.de')[1],
'tracker.istole.it':gethostbyname('tracker.istole.it')[1],
'tracker.publicbt.com':gethostbyname('tracker.publicbt.com')[1],
'tracker.1337x.org':gethostbyname('tracker.1337x.org')[1],
'fr33domtracker.h33t.com':gethostbyname('fr33domtracker.h33t.com')[1],
}
# Les blacklistes
# Si on les met après la règle conntrack, une connexion existante ne sera
@ -164,8 +157,8 @@ def main_router():
ip6tables.filter.tracker_torrent('-j REJECT --reject-with icmp6-adm-prohibited')
ip6tables.filter.forward('-p tcp -m string --algo kmp --string "GET /" -j TRACKER_TORRENT')
ip6tables.filter.forward('-p tcp -m string --algo kmp --string "get /" -j TRACKER_TORRENT')
for tracker in udp_torrent_tracker.keys():
for dest in udp_torrent_tracker[tracker]:
for tracker in udp_torrent_tracker:
for dest in gethostbyname(tracker)[1]:
ip6tables.filter.forward('-p udp -d %s -j LOG --log-level notice --log-prefix "TRACKER:%s "' % (dest,(tracker[:20]) if len(tracker) > 20 else tracker))
ip6tables.filter.forward('-p udp -d %s -j REJECT --reject-with icmp6-adm-prohibited' % dest)