diff --git a/gestion/gen_confs/firewall_new.py b/gestion/gen_confs/firewall_new.py
index 811220c8..5832223f 100755
--- a/gestion/gen_confs/firewall_new.py
+++ b/gestion/gen_confs/firewall_new.py
@@ -702,7 +702,7 @@ class firewall_komaz(firewall_crans) :
 
         # Proxy transparent
         iptables("-t nat -A PREROUTING -p tcp -m mark --mark %s " % conf_fw.mark['proxy'] +
-                 "-j DNAT --to-destination 10.231.136.9:3128")
+                 "-j DNAT --to-destination 10.231.136.4:3128")
                  
         # Appartement ENS
         iptables("-t nat -A POSTROUTING -o ens -s %s -j SNAT --to 138.231.136.44" % NETs['personnel-ens'][0])
@@ -710,7 +710,7 @@ class firewall_komaz(firewall_crans) :
                  
         #Connection de secours
         iptables("-t nat -A PREROUTING -p tcp -m mark --mark %s " % conf_fw.mark['secours'] +
-                 "-j DNAT --to-destination 10.231.136.9:3128")
+                 "-j DNAT --to-destination 10.231.136.4:3129")
         print OK
 
     def filter_table(self) :
@@ -1085,8 +1085,8 @@ class firewall_komaz(firewall_crans) :
         blacklist = []
         blacklist_soft = []
 
-        # Recherche sur le champ ablacklist (clubs compris)
-        search = db.search('ablacklist=*&paiement=ok')
+        # Recherche sur le champ paiement seulement (clubs compris) et plus ablacklist pour capturer aussi les deconnection pour chambre invalide et carte étudiant
+        search = db.search('paiement=ok')
         self.anim = anim("\tBlackliste adhérents+clubs", 2*len(search['adherent']+search['club']))
         for entite in search['adherent'] + search['club']:
             self.anim.cycle()
@@ -1526,6 +1526,71 @@ class firewall_gordon(firewall_crans) :
             print OK
 
 
+"""
+Routeur
+"""
+
+class firewall_routeur(firewall_crans):
+    
+        # interfaces physiques
+    eth_pub = "eth0"
+    eth_adm = "eth1"
+    eth_accueil = "eth2"
+    eth_isolement = "eth3"
+    eth_appart = "eth4"
+
+    def filter_table(self) :
+        self.anim = anim('\tStructure de la table filter')
+        iptables('-N TEST_MAC-IP')
+        for net in NETs['fil'] + NETs['wifi']:
+            iptables("-A INPUT -s %s -i %s -j TEST_MAC-IP" % (net, self.eth_pub))
+        for net in NETs['adm']:
+            iptables("-A INPUT -s %s -i %s -j TEST_MAC-IP" % (net, self.eth_adm))
+        iptables("-P INPUT ACCEPT")
+        iptables("-P OUTPUT ACCEPT")
+        print OK
+
+    def filter_table_tweaks(self) :
+        iptables("-P INPUT ACCEPT")
+        iptables("-P FORWARD DROP")
+        for ip in accueil_route.keys():
+          for port in accueil_route[ip]:
+           iptables("-A FORWARD -p tcp -d %s --dport %s -j ACCEPT" % (ip,port))
+           iptables("-A FORWARD -p tcp -s %s --sport %s -j ACCEPT" % (ip,port))
+
+    def mangle_table(self):
+        iptables("-t mangle -F PREROUTING")
+
+
+    def nat_table(self):
+        #intranet et wiki pour le vlan accueil
+        for ip in accueil_route.keys():
+          for port in accueil_route[ip]:
+            iptables("-t nat -A PREROUTING -i %s -p tcp -d %s --dport %s -j ACCEPT" % (self.eth_accueil ,ip,port))
+            iptables("-t nat -A POSTROUTING -p tcp -s %s -d %s --dport %s -j MASQUERADE" % (NETs['accueil'][0],ip,port))
+
+        # Proxy transparent pour les vlans isolement et accueil
+        for interface in [self.eth_accueil, self.eth_isolement]:
+            iptables("-t nat -i %s -A PREROUTING -p tcp --destination-port 80 -j DNAT --to-destination 10.51.0.10" % interface)
+            iptables("-t nat -i %s -A PREROUTING -p tcp --destination-port 80 -j ACCEPT" % interface)
+            iptables("-t nat -i %s -A PREROUTING -p tcp --destination-port 443 -j ACCEPT" % interface)
+
+    def post_start_hook(self) :
+        self.anim = anim("\tMise en place du routage")
+        warn = ''
+        for cmd in [ 'echo 1 > /proc/sys/net/ipv4/ip_forward' ,
+            'echo 65536 > /proc/sys/net/ipv4/netfilter/ip_conntrack_max' ] :
+            status,output=getstatusoutput(cmd)
+            if status :
+                warn += output + '\n'
+        if warn :
+            print WARNING
+            if self.debug :
+                print warn
+        else :
+            print OK
+
+
 if __name__ == '__main__' :
     # Chaînes pouvant être recontruites
     fw = eval('firewall_%s()' % hostname)
diff --git a/gestion/gen_confs/generate.py b/gestion/gen_confs/generate.py
index 02604e60..3959a81e 100644
--- a/gestion/gen_confs/generate.py
+++ b/gestion/gen_confs/generate.py
@@ -328,6 +328,11 @@ class charybde(base_reconfigure):
         from gen_confs.bind import dns
         self._do(dns(), self._machines())
 
+class routeur(base_reconfigure):
+    def dns(self):
+        from gen_confs.bind import dns
+        self._do(dns(), self._machines())
+
 class ragnarok(base_reconfigure):
     __restart_wifi_update = False