Dplacement de la mthode ipsec.
Il ne faut plus utiliser m.ipsec() pour dterminer si m est une machine wifi. darcs-hash:20060313161212-68412-c18bb0100a5d2bc06988d8a19302616405364aca.gz
This commit is contained in:
glondu
parent
9cc6478e4e
commit
858702f0b2
4 changed files with 62 additions and 59 deletions
|
|
@ -28,7 +28,8 @@ sys.path.append('/usr/scripts/gestion')
|
|||
import syslog
|
||||
import pwd
|
||||
from lock import *
|
||||
from ldap_crans import crans_ldap, ann_scol, Machine, crans, invite, hostname
|
||||
from ldap_crans import crans_ldap, ann_scol, crans, invite, hostname
|
||||
from ldap_crans import Machine, MachineWifi
|
||||
from affich_tools import *
|
||||
from commands import getstatusoutput
|
||||
from iptools import AddrInNet
|
||||
|
|
@ -223,10 +224,10 @@ class firewall_crans :
|
|||
insert = '-I'
|
||||
else:
|
||||
insert = '-A'
|
||||
if machine.ipsec():
|
||||
if isinstance(machine, MachineWifi):
|
||||
# Machine wifi, c'est la mac de Nectaris
|
||||
iptables("-t nat %s TEST_MAC-IP -s "%(insert)+\
|
||||
"%s -m mac --mac-source %s -j ACCEPT"%(ip,self.mac_wifi))
|
||||
"%s -m mac --mac-source %s -j ACCEPT"%(ip, self.mac_wifi))
|
||||
else:
|
||||
# Machine fixe
|
||||
iptables("-t nat %s TEST_MAC-IP -s "%(insert)+\
|
||||
|
|
@ -322,8 +323,8 @@ class firewall_crans :
|
|||
# Il faut détruire cette entrée
|
||||
iptables("-t nat -D TEST_MAC-IP -s %s -m mac --mac-source %s -j ACCEPT" % (ip, mac))
|
||||
else :
|
||||
if ( machine.ipsec() and mac!=self.mac_wifi ) \
|
||||
or ( not machine.ipsec() and mac != machine.mac() ) :
|
||||
if (isinstance(machine, MachineWifi) and mac != self.mac_wifi) \
|
||||
or (not isinstance(machine, MachineWifi) and mac != machine.mac()):
|
||||
# La correspondance MAC-IP est fausse => on ajoute la bonne rčgle
|
||||
self.__test_mac_ip(machine)
|
||||
# Supression de l'ancienne ligne
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue