[firewall_new] On bloque le débit à debit_max dès le début du reboot du firewall

darcs-hash:20120104125216-3a55a-8b823fa6ff3194eb9580da0f036279696c9bb8be.gz

gestion/gen_confs/firewall_new.py

@@ -514,7 +514,7 @@ class firewall_komaz(firewall_crans) :
 
         # On marque les paquets bittorrent uniquement
         iptables("-t mangle -A PREROUTING -p tcp -j CONNMARK --restore-mark")
-        iptables("-t mangle -A PREROUTING -p tcp -m mark ! --mark 0x0 -j ACCEPT")
+        #iptables("-t mangle -A PREROUTING -p tcp -m mark ! --mark 0x0 -j ACCEPT")
         iptables("-t mangle -A PREROUTING -p tcp -m ipp2p --bit "
                  "-j MARK --set-mark %s" % mark)
         iptables("-t mangle -A PREROUTING -p tcp -m mark --mark %s "
@@ -571,6 +571,11 @@ class firewall_komaz(firewall_crans) :
             tc("qdisc add dev %(interface)s parent 1:9997 "
                "handle 9997: sfq perturb 10" % locals())
                
+            tc("class add dev %(interface)s parent 1:1 classid 1:9998 "
+                   "htb rate %(debit_adh)skbps ceil %(debit_max)skbps" % locals())
+            tc("qdisc add dev %(interface)s parent 1:9998 "
+                   "handle 9998: sfq perturb 10" % locals())
+
         # On construit ensuite les classes et qdisc pour chaque adhérent
         for adherent in adherents:
             self.anim.cycle()
@@ -690,8 +695,8 @@ class firewall_komaz(firewall_crans) :
         # Proxy transparent, pour les deconnexion soft
         iptables("-I FORWARD -m mark --mark %s -j ACCEPT" % conf_fw.mark['proxy'])
         
-        iptables('-I FORWARD  -o ens -m state --state NEW -j LOG --log-prefix "LOG_ALL "')
+        iptables('-I FORWARD  -o %s -m state --state NEW -j LOG --log-prefix "LOG_ALL "' % self.eth_ext)
-        iptables('-I FORWARD  -i ens -m state --state NEW -j LOG --log-prefix "LOG_ALL "')
+        iptables('-I FORWARD  -i %s -m state --state NEW -j LOG --log-prefix "LOG_ALL "' % self.eth_ext)
         
         print OK