From 7b26e38606836ee42ace2b5d0940fe4a48f39a26 Mon Sep 17 00:00:00 2001 From: Daniel STAN Date: Thu, 3 Dec 2015 13:46:41 +0100 Subject: [PATCH] firewall4: ipset d'ouvertures ip/port temporaires --- gestion/gen_confs/firewall4/komaz.py | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/gestion/gen_confs/firewall4/komaz.py b/gestion/gen_confs/firewall4/komaz.py index c4ca9cb3..d3f540fc 100644 --- a/gestion/gen_confs/firewall4/komaz.py +++ b/gestion/gen_confs/firewall4/komaz.py @@ -45,6 +45,9 @@ class firewall(base.firewall_routeur): # Portail captif/blacklist soft: ipset des gens ayant cliqué pour continuer à naviguer self.ipset['confirmation'] = base.Ipset("CONFIRMATION", "hash:ip", "") + # Ouvertures de ports temporaires + self.ipset['ip_port_tmp'] = base.Ipset("IP-PORT-TMP", "hash:ip,port", "timeout 3600") + def blacklist_maj(self, ips): """Mise à jour des blacklistes""" self.blacklist_hard_maj(ips) @@ -490,6 +493,7 @@ class firewall(base.firewall_routeur): if table == 'filter': pretty_print(table, chain) + self.add(table, chain, '-m set --match-set %s dst,dst -j ACCEPT' % self.ipset['ip_port_tmp'] ) for net in base.config.NETs['serveurs']: for proto in base.config.firewall.srv_ports_default.keys(): if base.config.firewall.srv_ports_default[proto]['output']: