crans/scripts
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

[firewall6] drop macAddress "<automatique>"

Browse source
This commit is contained in:
Daniel STAN 2014-02-23 19:30:38 +01:00
parent ce214d8bd8
commit 9d7d80d8d1
1 changed files with 8 additions and 3 deletions
Download patch file Download diff file Expand all files Collapse all files

11
gestion/ipt.py
View file

@ -30,6 +30,7 @@ from iptools import AddrInNet
from ridtools import Rid, find_rid_plage from ridtools import Rid, find_rid_plage
import subprocess import subprocess
import netaddr import netaddr
import ip6tools
blacklist_sanctions_ipv6 = list(blacklist_sanctions) blacklist_sanctions_ipv6 = list(blacklist_sanctions)
blacklist_sanctions_ipv6.extend(blacklist_sanctions_soft) blacklist_sanctions_ipv6.extend(blacklist_sanctions_soft)
@ -126,6 +127,8 @@ class Ip6tables(object):
def macip(self, mac, type_m): def macip(self, mac, type_m):
'''Fait la correspondance MAC-IP''' '''Fait la correspondance MAC-IP'''
if '<automatique>' == mac:
return
tab = {'serveurs' : 'fil' } tab = {'serveurs' : 'fil' }
if type_m in tab.keys(): type_m = tab[type_m] if type_m in tab.keys(): type_m = tab[type_m]
type_mm = re.sub('-', '', type_m) type_mm = re.sub('-', '', type_m)
@ -141,6 +144,8 @@ class Ip6tables(object):
'wifi-adh-v6' : 'extwifiv6', 'wifi-adh-v6' : 'extwifiv6',
'serveurs':'extfil' } 'serveurs':'extfil' }
ip = ipv6_addr(mac, type_machine) ip = ipv6_addr(mac, type_machine)
if not ip:
return
for proto in ['tcp', 'udp']: for proto in ['tcp', 'udp']:
for port in ports[proto]: for port in ports[proto]:
if port != ':': if port != ':':
@ -157,6 +162,8 @@ ACCEPT' % (dev, proto, ip, port))
'wifi-adh-v6' : 'cranswifiv6', 'wifi-adh-v6' : 'cranswifiv6',
'serveurs':'cransfil' } 'serveurs':'cransfil' }
ip = ipv6_addr(mac, type_machine) ip = ipv6_addr(mac, type_machine)
if not ip:
return
for proto in ['tcp', 'udp']: for proto in ['tcp', 'udp']:
for port in ports[proto]: for port in ports[proto]:
if port != ':': if port != ':':
@ -470,9 +477,7 @@ def check_ip_proto(ip_proto):
def ipv6_addr(mac, net): def ipv6_addr(mac, net):
''' Renvoie l'adresse ipv6 d'auto-configuration de la mac sur le réseau ''' ''' Renvoie l'adresse ipv6 d'auto-configuration de la mac sur le réseau '''
mac_s = mac.split(':') return ip6tools.mac_to_ipv6(prefix[dprefix[net]][0], mac)
eui = hex(int(mac_s[0],16) ^ 0x02)[2:] + ':'.join(mac_s[1:3]) + 'ff:fe' + ':'.join(mac_s[3:5]) + mac_s[5]
return re.sub(':/64', eui , prefix[dprefix[net]][0])
def mac_addr(ipv6): def mac_addr(ipv6):
''' Renvoie l'adresse mac de l'ipv6 d'auto-configuration ''' ''' Renvoie l'adresse mac de l'ipv6 d'auto-configuration '''