From 9477bafd68cff1fb618d1d7fd5864f97c4621fc1 Mon Sep 17 00:00:00 2001 From: Valentin Samir Date: Sat, 9 Feb 2013 17:42:39 +0100 Subject: [PATCH] =?UTF-8?q?[firewall6]=20De=20l'ipv6=20sur=20le=20vlan=20?= =?UTF-8?q?=C3=A9v=C3=A8nement?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- gestion/gen_confs/firewall6.py | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/gestion/gen_confs/firewall6.py b/gestion/gen_confs/firewall6.py index 58169ed3..a53c18fd 100755 --- a/gestion/gen_confs/firewall6.py +++ b/gestion/gen_confs/firewall6.py @@ -64,6 +64,10 @@ def ports(dev_ip6, dev_list): # dev_ip6) # ip6tables.filter.forward('-i %s -p tcp --dport ssh -m state --state NEW \ #-j ACCEPT' % dev_ip6) + + # Ipv6 sur évènementiel, on ne laisse sortir que si ça vient de la mac d'ytrap-llatsni + ip6tables.filter.forward('-d 2a01:240:fe3d:d2::/64 -j ACCEPT') + ip6tables.filter.forward('-m mac --mac-source 00:00:6c:69:69:01 -s 2a01:240:fe3d:d2::/64 -j ACCEPT') for proto in open_ports.keys(): ip6tables.filter.forward('-i %s -p %s -m multiport --dports %s -j ACCEPT' % (dev_ip6, proto, open_ports[proto])) for type_machine in ['fil', 'fil-v6', 'wifi', 'wifi-v6']: