[firewall_new] Gordon est passé sous squeeze, on ne peut plus rejeter ou droper de paquets dans nat, on bascule TEST_MAC-IP dans filter.

Ignore-this: 2e2f6d91be7acea713265a48f5d4aac4 darcs-hash:20120216180256-3a55a-90682b60023bc0f664ad71fde48d319e122ff381.gz
2012-02-16 19:02:56 +01:00 · 2012-02-16 19:02:56 +01:00 · 934dd3c502
commit 934dd3c502
parent 902ca066cd
1 changed files with 7 additions and 7 deletions
--- a/gestion/gen_confs/firewall_new.py
+++ b/gestion/gen_confs/firewall_new.py
@ -1418,17 +1418,17 @@ class firewall_gordon(firewall_crans) :

    def nat_table(self) :
        self.anim = anim('\tStructure de la table nat')
-        iptables('-t nat -N TEST_MAC-IP')
+        iptables('-t filter -N TEST_MAC-IP')

-        iptables("-t nat -P PREROUTING ACCEPT")
-        iptables("-t nat -A PREROUTING -i lo -j ACCEPT")
-        iptables("-t nat -A PREROUTING -d 224.0.0.0/4 -j DROP")
+        iptables("-t filter -P FORWARD ACCEPT")
+        iptables("-t filter -A FORWARD -i lo -j ACCEPT")
+        iptables("-t filter -A FORWARD -d 224.0.0.0/4 -j DROP")

        for net in NETs['fil'] + NETs['adm'] + NETs['wifi'] :
-            iptables("-t nat -A PREROUTING -s %s -j TEST_MAC-IP" % net)
+            iptables("-t filter -A FORWARD -s %s -j TEST_MAC-IP" % net)

-        iptables("-t nat -P PREROUTING ACCEPT")
-        iptables("-t nat -P OUTPUT ACCEPT")
+        iptables("-t filter -P FORWARD ACCEPT")
+        iptables("-t filter -P OUTPUT ACCEPT")
        print OK

    def filter_table_tweaks(self) :