diff --git a/gestion/config/firewall.py b/gestion/config/firewall.py index 4b94a280..aedfa1d1 100644 --- a/gestion/config/firewall.py +++ b/gestion/config/firewall.py @@ -21,6 +21,7 @@ dev = { 'wifi' : 'crans.3', 'fil' : 'crans', 'app' : 'crans.21', + 'federez' : 'crans.12', 'adm' : 'crans.2', 'tun-soyouz' : 'tun-soyouz' }, @@ -67,6 +68,9 @@ bl_upload_debit_max = 60 #kbytes per second # Débit pour upload des gens en appartement ens appt_upload_max = 1 # mbytes per second +# Debit pour l'upload de federez-wifi +federez_upload_max = 10 #mbytes per second + # Debit appartement down max # TODO : mettre en place dans komaz.py appt_download_max = debit_max/10 diff --git a/gestion/gen_confs/firewall4/komaz.py b/gestion/gen_confs/firewall4/komaz.py index 101a503b..9f36dc41 100644 --- a/gestion/gen_confs/firewall4/komaz.py +++ b/gestion/gen_confs/firewall4/komaz.py @@ -303,21 +303,21 @@ class firewall(base.firewall_routeur): def connexion_wififederez(self, table=None, apply=False): """PNAT le vlan wififederez derrière wififederez.crans.org""" chain = 'CONNEXION-WIFIFEDEREZ' - - if table == 'nat': + + if table == 'nat': pretty_print(table, chain) for dev_key in ['out', 'fil', 'wifi']: for net in base.config.NETs['federez']: self.add(table, chain, '-o %s -s %s -j SNAT --to 138.231.136.77' % (dev[dev_key], net)) print OK - + if table == 'filter': - pretty_print(table, chain) + pretty_print(table, chain) for net in base.config.NETs['federez']: self.add(table, chain, '-s %s -j ACCEPT' % net) self.add(table, chain, '-d %s -j ACCEPT' % net) print OK - + if apply: self.apply(table, chain) return chain @@ -490,8 +490,10 @@ class firewall(base.firewall_routeur): debit_max = base.config.firewall.debit_max bl_upload_debit_max = base.config.firewall.bl_upload_debit_max appt_upload_max = base.config.firewall.appt_upload_max + federez_upload_max = base.config.firewall.federez_upload_max uplink_speed = '1024mbit' + if table == 'mangle': pretty_print(table, chain) # Pas de QoS vers/depuis la zone ENS @@ -519,6 +521,11 @@ class firewall(base.firewall_routeur): self.add(table, chain, '-o %s -d %s -j CLASSIFY --set-class 1:3' % (dev['app'], net)) self.add(table, chain, '-o %s -s %s -j CLASSIFY --set-class 1:2' % (dev['out'], net)) + # Classification pour federez wifi + for net in base.config.NETs['federez']: + self.add(table, chain, '-o %s -d %s -j CLASSIFY --set-class 1:5' % (dev['federez'], net)) + self.add(table, chain, '-o %s -s %s -j CLASSIFY --set-class 1:4' % (dev['out'], net)) + # Classification pour la voip self.add(table, chain, '-d sip.crans.org -j CLASSIFY --set-class 1:12') self.add(table, chain, '-s sip.crans.org -j CLASSIFY --set-class 1:12') @@ -577,6 +584,30 @@ class firewall(base.firewall_routeur): utils.tc('qdisc add dev %s parent 1:3 ' 'handle 3: sfq perturb 10' % dev[int_key]) + # Class du vlan wifi federez, on bride l'upload/download, à 10 mbytes/sec + + for int_key in ['federez']: + try: + utils.tc('qdisc del dev %s root' % dev[int_key]) + except utils.TcError: + pass + utils.tc('qdisc add dev %s root handle 1: htb r2q 1' % dev[int_key]) + + utils.tc("class add dev %s parent 1: classid 1:1 " + "htb rate %smbps ceil %smbps" % (dev[int_key], federez_upload_max, federez_upload_max)) + + # Classe pour l'upload wifi federez + utils.tc("class add dev %s parent 1:1 classid 1:4 " + "htb rate %smbps ceil %smbps" % (dev[int_key], federez_upload_max, federez_upload_max)) + utils.tc('qdisc add dev %s parent 1:4 ' + 'handle 2: sfq perturb 10' % dev[int_key]) + + # Classe pour le download wifi federez + utils.tc("class add dev %s parent 1: classid 1:5 " + "htb rate %smbit ceil %smbit" % (dev[int_key], debit_max/10, debit_max/2)) + utils.tc('qdisc add dev %s parent 1:5 ' + 'handle 3: sfq perturb 10' % dev[int_key]) + print OK if apply: