[config,firewall,portail_captif] Blacklist virtuelle pour les gens non à jour du paiement
This commit is contained in:
Valentin Samir
parent
81eddeb0ff
commit
8e2fef80cb
3 changed files with 14 additions and 21 deletions
|
|
@ -315,11 +315,11 @@ file_pickle = { 4 : '/tmp/ipt_pickle',
|
||||||
6 : '/tmp/ip6t_pickle'
|
6 : '/tmp/ip6t_pickle'
|
||||||
}
|
}
|
||||||
|
|
||||||
blacklist_sanctions = ['warez', 'p2p', 'autodisc_p2p','autodisc_virus','virus', 'bloq']
|
blacklist_sanctions = ['warez', 'p2p', 'autodisc_p2p','autodisc_virus','virus', 'bloq', 'paiement']
|
||||||
if bl_carte_et_definitif:
|
if bl_carte_et_definitif:
|
||||||
blacklist_sanctions.append('carte_etudiant')
|
blacklist_sanctions.append('carte_etudiant')
|
||||||
blacklist_sanctions_soft = ['autodisc_virus','ipv6_ra','mail_invalide','virus',
|
blacklist_sanctions_soft = ['autodisc_virus','ipv6_ra','mail_invalide','virus',
|
||||||
'warez', 'p2p', 'autodisc_p2p', 'bloq','carte_etudiant','chambre_invalide']
|
'warez', 'p2p', 'autodisc_p2p', 'bloq','carte_etudiant','chambre_invalide', 'paiement']
|
||||||
blacklist_bridage_upload = ['autodisc_upload', 'upload']
|
blacklist_bridage_upload = ['autodisc_upload', 'upload']
|
||||||
|
|
||||||
adm_users = [ 'root', 'identd', 'daemon', 'postfix', 'freerad', 'amavis',
|
adm_users = [ 'root', 'identd', 'daemon', 'postfix', 'freerad', 'amavis',
|
||||||
|
|
|
||||||
|
|
@ -17,6 +17,7 @@ import lc_ldap.attributs
|
||||||
import socket
|
import socket
|
||||||
from ipset import IpsetError, Ipset
|
from ipset import IpsetError, Ipset
|
||||||
from iptools import AddrInNet, NetSubnets, IpSubnet, NetInNets
|
from iptools import AddrInNet, NetSubnets, IpSubnet, NetInNets
|
||||||
|
import netaddr
|
||||||
import subprocess
|
import subprocess
|
||||||
import syslog
|
import syslog
|
||||||
from affich_tools import anim, OK, cprint
|
from affich_tools import anim, OK, cprint
|
||||||
|
|
@ -83,25 +84,15 @@ class firewall_base(object) :
|
||||||
"""Renvois la liste de toutes les machines ayant une blackliste actives"""
|
"""Renvois la liste de toutes les machines ayant une blackliste actives"""
|
||||||
if self._blacklisted_machines:
|
if self._blacklisted_machines:
|
||||||
return self._blacklisted_machines
|
return self._blacklisted_machines
|
||||||
if self._machines:
|
self._blacklisted_machines = [ machine for machine in self.machines() if machine.blacklist_actif() ]
|
||||||
self._blacklisted_machines = [ machine for machine in self._machines if machine.blacklist_actif() ]
|
|
||||||
return self._blacklisted_machines
|
|
||||||
blacklisted = [ machine for machine in self.conn.search(u"blacklist=*",sizelimit=4096) if machine.blacklist_actif() ]
|
|
||||||
self._blacklisted_machines = set()
|
|
||||||
for item in blacklisted:
|
|
||||||
if isinstance(item, lc_ldap.objets.proprio):
|
|
||||||
self._blacklisted_machines = self._blacklisted_machines.union(item.machines())
|
|
||||||
elif isinstance(item, lc_ldap.objets.machine):
|
|
||||||
self._blacklisted_machines.add(item)
|
|
||||||
else:
|
|
||||||
print >> sys.stderr, 'Objet %s inconnu blacklisté' % a.__class__.__name__
|
|
||||||
return self._blacklisted_machines
|
return self._blacklisted_machines
|
||||||
|
|
||||||
def blacklisted_adherents(self):
|
def blacklisted_adherents(self, excepts=[]):
|
||||||
"""Renvois la liste de tous les adhérents ayant une blackliste active"""
|
"""Renvois la liste de tous les adhérents ayant une blackliste active"""
|
||||||
if self._blacklisted_adherents:
|
if self._blacklisted_adherents and self._blacklisted_adherents_type == set(excepts):
|
||||||
return self._blacklisted_adherents
|
return self._blacklisted_adherents
|
||||||
self._blacklisted_adherents = filter(lambda adh: adh.blacklist_actif(), self.adherents())
|
self._blacklisted_adherents = filter(lambda adh: adh.blacklist_actif(excepts), self.adherents())
|
||||||
|
self._blacklisted_adherents_type = set(excepts)
|
||||||
return self._blacklisted_adherents
|
return self._blacklisted_adherents
|
||||||
|
|
||||||
def add(self, table, chain, rule):
|
def add(self, table, chain, rule):
|
||||||
|
|
@ -253,6 +244,7 @@ class firewall_base(object) :
|
||||||
"""Démarre le pare-feu : génère les règles, puis les restore"""
|
"""Démarre le pare-feu : génère les règles, puis les restore"""
|
||||||
anim('\tChargement des machines')
|
anim('\tChargement des machines')
|
||||||
self.machines()
|
self.machines()
|
||||||
|
self.blacklisted_machines()
|
||||||
print OK
|
print OK
|
||||||
|
|
||||||
if squeeze:
|
if squeeze:
|
||||||
|
|
@ -348,7 +340,7 @@ class firewall_base(object) :
|
||||||
bl_hard_ips = set(
|
bl_hard_ips = set(
|
||||||
str(ip) for ips in
|
str(ip) for ips in
|
||||||
[
|
[
|
||||||
machine['ipHostNumber'] for machine in self.blacklisted_machines()
|
machine['ipHostNumber'] for machine in self.blacklisted_machines() if reduce(lambda x,y: x or y, ( ip.value in netaddr.IPNetwork(n) for n in config.NETs['all'] for ip in machine['ipHostNumber']))
|
||||||
if set([bl.value['type'] for bl in machine.blacklist_actif() ]).intersection(blacklist_sanctions)
|
if set([bl.value['type'] for bl in machine.blacklist_actif() ]).intersection(blacklist_sanctions)
|
||||||
]
|
]
|
||||||
for ip in ips
|
for ip in ips
|
||||||
|
|
@ -745,7 +737,7 @@ class firewall_komaz(firewall_base_routeur):
|
||||||
bl_soft_ips = set(
|
bl_soft_ips = set(
|
||||||
str(ip) for ips in
|
str(ip) for ips in
|
||||||
[
|
[
|
||||||
machine['ipHostNumber'] for machine in self.blacklisted_machines()
|
machine['ipHostNumber'] for machine in self.blacklisted_machines() if reduce(lambda x,y: x or y, ( ip.value in netaddr.IPNetwork(n) for n in config.NETs['all'] for ip in machine['ipHostNumber']))
|
||||||
if set([bl.value['type'] for bl in machine.blacklist_actif() ]).intersection(blacklist_sanctions_soft)
|
if set([bl.value['type'] for bl in machine.blacklist_actif() ]).intersection(blacklist_sanctions_soft)
|
||||||
]
|
]
|
||||||
for ip in ips
|
for ip in ips
|
||||||
|
|
@ -1085,7 +1077,7 @@ class firewall_zamok(firewall_base):
|
||||||
self.add(table, chain, '-d 127.0.0.1/8 -j RETURN')
|
self.add(table, chain, '-d 127.0.0.1/8 -j RETURN')
|
||||||
for net in NETs['all']:
|
for net in NETs['all']:
|
||||||
self.add(table, chain, '-d %s -j RETURN' % net)
|
self.add(table, chain, '-d %s -j RETURN' % net)
|
||||||
for adh in self.blacklisted_adherents():
|
for adh in self.blacklisted_adherents(['paiement']):
|
||||||
if 'uidNumber' in adh.attrs.keys():
|
if 'uidNumber' in adh.attrs.keys():
|
||||||
self.add(table, chain, '-m owner --uid-owner %s -j REJECT' % adh['uidNumber'][0])
|
self.add(table, chain, '-m owner --uid-owner %s -j REJECT' % adh['uidNumber'][0])
|
||||||
print OK
|
print OK
|
||||||
|
|
|
||||||
|
|
@ -45,6 +45,7 @@ deco={
|
||||||
'bloq':'ERR_CUSTOM_BLOQ.html',
|
'bloq':'ERR_CUSTOM_BLOQ.html',
|
||||||
|
|
||||||
'nouvelle_annee':'ERR_CUSTOM_NOUVELLE_ANNEE.html',
|
'nouvelle_annee':'ERR_CUSTOM_NOUVELLE_ANNEE.html',
|
||||||
|
'paiement': 'ERR_CUSTOM_NOUVELLE_ANNEE.html',
|
||||||
'proxy_local':'ERR_CUSTOM_PROXY_LOCAL.html',
|
'proxy_local':'ERR_CUSTOM_PROXY_LOCAL.html',
|
||||||
|
|
||||||
'virus':'ERR_CUSTOM_BL_VIRUS.html',
|
'virus':'ERR_CUSTOM_BL_VIRUS.html',
|
||||||
|
|
@ -62,7 +63,7 @@ blacklist_key = [
|
||||||
'p2p','autodisc_p2p','upload','autodisc_uplaod','warez',
|
'p2p','autodisc_p2p','upload','autodisc_uplaod','warez',
|
||||||
'carte_etudiant','chambre_invalide','mail_invalide',
|
'carte_etudiant','chambre_invalide','mail_invalide',
|
||||||
'bloq',
|
'bloq',
|
||||||
'nouvelle_annee','proxy_local',
|
'nouvelle_annee','proxy_local', 'paiement',
|
||||||
'inscrit'
|
'inscrit'
|
||||||
]
|
]
|
||||||
|
|
||||||
|
|
|
||||||
Loading…
Add table
Add a link
Reference in a new issue