From 81f9ae2c9e948b3e2546aa747ab63272700357d2 Mon Sep 17 00:00:00 2001
From: Valentin Samir <samir@crans.org>
Date: Wed, 4 Jan 2012 13:52:16 +0100
Subject: [PATCH] =?UTF-8?q?[firewall=5Fnew]=20On=20bloque=20le=20d=C3=A9bi?=
 =?UTF-8?q?t=20=C3=A0=20debit=5Fmax=20d=C3=A8s=20le=20d=C3=A9but=20du=20re?=
 =?UTF-8?q?boot=20du=20firewall?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

darcs-hash:20120104125216-3a55a-8b823fa6ff3194eb9580da0f036279696c9bb8be.gz
---
 gestion/gen_confs/firewall_new.py | 11 ++++++++---
 1 file changed, 8 insertions(+), 3 deletions(-)

diff --git a/gestion/gen_confs/firewall_new.py b/gestion/gen_confs/firewall_new.py
index 39482600..26a1cf73 100755
--- a/gestion/gen_confs/firewall_new.py
+++ b/gestion/gen_confs/firewall_new.py
@@ -514,7 +514,7 @@ class firewall_komaz(firewall_crans) :
 
         # On marque les paquets bittorrent uniquement
         iptables("-t mangle -A PREROUTING -p tcp -j CONNMARK --restore-mark")
-        iptables("-t mangle -A PREROUTING -p tcp -m mark ! --mark 0x0 -j ACCEPT")
+        #iptables("-t mangle -A PREROUTING -p tcp -m mark ! --mark 0x0 -j ACCEPT")
         iptables("-t mangle -A PREROUTING -p tcp -m ipp2p --bit "
                  "-j MARK --set-mark %s" % mark)
         iptables("-t mangle -A PREROUTING -p tcp -m mark --mark %s "
@@ -570,6 +570,11 @@ class firewall_komaz(firewall_crans) :
                "htb rate %(debit_ftp)skbps ceil %(debit_max)skbps" % locals())
             tc("qdisc add dev %(interface)s parent 1:9997 "
                "handle 9997: sfq perturb 10" % locals())
+               
+            tc("class add dev %(interface)s parent 1:1 classid 1:9998 "
+                   "htb rate %(debit_adh)skbps ceil %(debit_max)skbps" % locals())
+            tc("qdisc add dev %(interface)s parent 1:9998 "
+                   "handle 9998: sfq perturb 10" % locals())
 
         # On construit ensuite les classes et qdisc pour chaque adhérent
         for adherent in adherents:
@@ -690,8 +695,8 @@ class firewall_komaz(firewall_crans) :
         # Proxy transparent, pour les deconnexion soft
         iptables("-I FORWARD -m mark --mark %s -j ACCEPT" % conf_fw.mark['proxy'])
         
-        iptables('-I FORWARD  -o ens -m state --state NEW -j LOG --log-prefix "LOG_ALL "')
-        iptables('-I FORWARD  -i ens -m state --state NEW -j LOG --log-prefix "LOG_ALL "')
+        iptables('-I FORWARD  -o %s -m state --state NEW -j LOG --log-prefix "LOG_ALL "' % self.eth_ext)
+        iptables('-I FORWARD  -i %s -m state --state NEW -j LOG --log-prefix "LOG_ALL "' % self.eth_ext)
         
         print OK