crans/scripts
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

firewall4: ipset d'ouvertures ip/port temporaires

Browse source
This commit is contained in:
Daniel STAN 2015-12-03 13:46:41 +01:00
parent fe6f71acbc
commit 7b26e38606
1 changed files with 4 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

4
gestion/gen_confs/firewall4/komaz.py
View file

@ -45,6 +45,9 @@ class firewall(base.firewall_routeur):
# Portail captif/blacklist soft: ipset des gens ayant cliqué pour continuer à naviguer # Portail captif/blacklist soft: ipset des gens ayant cliqué pour continuer à naviguer
self.ipset['confirmation'] = base.Ipset("CONFIRMATION", "hash:ip", "") self.ipset['confirmation'] = base.Ipset("CONFIRMATION", "hash:ip", "")
# Ouvertures de ports temporaires
self.ipset['ip_port_tmp'] = base.Ipset("IP-PORT-TMP", "hash:ip,port", "timeout 3600")
def blacklist_maj(self, ips): def blacklist_maj(self, ips):
"""Mise à jour des blacklistes""" """Mise à jour des blacklistes"""
self.blacklist_hard_maj(ips) self.blacklist_hard_maj(ips)
@ -490,6 +493,7 @@ class firewall(base.firewall_routeur):
if table == 'filter': if table == 'filter':
pretty_print(table, chain) pretty_print(table, chain)
self.add(table, chain, '-m set --match-set %s dst,dst -j ACCEPT' % self.ipset['ip_port_tmp'] )
for net in base.config.NETs['serveurs']: for net in base.config.NETs['serveurs']:
for proto in base.config.firewall.srv_ports_default.keys(): for proto in base.config.firewall.srv_ports_default.keys():
if base.config.firewall.srv_ports_default[proto]['output']: if base.config.firewall.srv_ports_default[proto]['output']: