From 826d00d26aee7bb060c147f9a3bf5d354c0adb2d Mon Sep 17 00:00:00 2001 From: dubost Date: Thu, 30 Aug 2007 23:19:38 +0200 Subject: [PATCH] Nouveaux vlan ADM + on laisse passer les IP en 10.231.136.* avant de lire les chaines non routables darcs-hash:20070830211938-c3cc4-26b5ee96d0ce970d9ff89fa9fc9449d651bee22e.gz --- gestion/gen_confs/firewall.py | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/gestion/gen_confs/firewall.py b/gestion/gen_confs/firewall.py index 0843e09e..25be5683 100755 --- a/gestion/gen_confs/firewall.py +++ b/gestion/gen_confs/firewall.py @@ -483,6 +483,8 @@ class firewall_komaz(firewall_crans) : def reseaux_non_routables(self) : """ Construction de RESEAUX_NON_ROUTABLES_{DST,SRC} """ self.anim = anim('\tFiltrage ip non routables',len(self.liste_reseaux_non_routables)) + iptables("-t nat -A RESEAUX_NON_ROUTABLES_DST -d 10.231.136.0/24 -j RETURN") + iptables("-t nat -A RESEAUX_NON_ROUTABLES_SRC -d 10.231.136.0/24 -j RETURN") for reseau in self.liste_reseaux_non_routables : iptables("-t nat -A RESEAUX_NON_ROUTABLES_DST -d %s -j DROP" % reseau) iptables("-t nat -A RESEAUX_NON_ROUTABLES_SRC -s %s -j DROP" % reseau) @@ -618,7 +620,7 @@ class firewall_komaz(firewall_crans) : # Proxy transparent iptables("-t nat -A PREROUTING -p tcp -m mark --mark %s " % conf_fw.mark['proxy'] + - "-j DNAT --to-destination 138.231.144.10:3128") + "-j DNAT --to-destination 10.231.136.10:3128") print OK def filter_table_tweaks(self) : @@ -1150,7 +1152,7 @@ class firewall_sila(firewall_rouge): # Pour le proxy transparent iptables("-t mangle -F PREROUTING") iptables("-t mangle -i crans.2 -A PREROUTING -p tcp --destination-port 3128 " + - "--destination 138.231.144.10 " + + "--destination 10.231.136.10 " + "-m mac --mac-source %s " % mac_komaz + "-j MARK --set-mark %s" % conf_fw.mark['proxy']) iptables("-t mangle -A PREROUTING -m mark --mark %s -j ACCEPT" % conf_fw.mark['proxy'])