centralisation

darcs-hash:20060403185036-4ec08-49da95347f3c7e0518745e46a85d57b69f97c788.gz
2006-04-03 20:50:36 +02:00 · 2006-04-03 20:50:36 +02:00 · 9045a9e87d
commit 9045a9e87d
parent 422fc9b4bd
1 changed files with 4 additions and 6 deletions
--- a/gestion/gen_confs/firewall.py
+++ b/gestion/gen_confs/firewall.py
@ -33,6 +33,7 @@ from ldap_crans import AssociationCrans, Machine, MachineWifi
 from affich_tools import *
 from commands import getstatusoutput
 from iptools import AddrInNet
+from config import mac_komaz, mac_wifi
 syslog.openlog('firewall')

 debug = 1
@ -85,9 +86,6 @@ class firewall_crans :

    adm_users = [ "root", "identd", "daemon", "postfix", "freerad", "amavis", "nut", "respbats", "list", "sqlgrey"]
                      
-    mac_wifi = '00:e0:81:58:d1:39'
-    mac_komaz = '00:01:02:b0:31:b6'
-
    limit = " -m limit --limit 10/s --limit-burst 10 "
    log_template = '-m limit --limit 1/s --limit-burst 1 -j LOG --log-level notice --log-prefix '
    filtre_flood =  '-m hashlimit --hashlimit 20 --hashlimit-mode srcip --hashlimit-name flood'
@ -223,7 +221,7 @@ class firewall_crans :
        if isinstance(machine, MachineWifi):
            # Machine wifi, c'est la mac de Nectaris
            iptables("-t nat %s TEST_MAC-IP -s "%(insert)+\
-            "%s -m mac --mac-source %s -j RETURN"%(ip, self.mac_wifi))
+            "%s -m mac --mac-source %s -j RETURN"%(ip, mac_wifi))
        else:
            # Machine fixe
            iptables("-t nat %s TEST_MAC-IP -s "%(insert)+\
@ -321,7 +319,7 @@ class firewall_crans :
                                # Il faut détruire cette entrée
                                iptables("-t nat -D TEST_MAC-IP -s %s -m mac --mac-source %s -j RETURN" % (ip, mac))
                            else :
-                                if (isinstance(machine, MachineWifi) and mac != self.mac_wifi) \
+                                if (isinstance(machine, MachineWifi) and mac != mac_wifi) \
                                   or (not isinstance(machine, MachineWifi) and mac != machine.mac()):
                                    # La correspondance MAC-IP est fausse => on ajoute la bonne règle
                                    self.__test_mac_ip(machine)
@ -905,7 +903,7 @@ class firewall_sila(firewall_rouge):
        iptables("-t mangle -F PREROUTING")
        iptables("-t mangle -i eth0.2 -A PREROUTING -p tcp --destination-port 3128 " + 
                 "--destination 138.231.144.10 " + 
-                 "-m mac --mac-source %s -j MARK --set-mark 2" % self.mac_komaz)
+                 "-m mac --mac-source %s -j MARK --set-mark 2" % mac_komaz)
    
 firewall_bleu = firewall_zamok