From 9e16d81848ada6ab4fa866fd935c6b1c180b6bb7 Mon Sep 17 00:00:00 2001 From: Valentin Samir Date: Fri, 25 Jan 2013 19:40:40 +0100 Subject: [PATCH] =?UTF-8?q?[firewall=5Fnew,ipset]=20Lors=20de=20la=20g?= =?UTF-8?q?=C3=A9n=C3=A9ration=20du=20pare-feu,=20on=20restaure=20les=20ip?= =?UTF-8?q?sets=20plut=C3=B4t=20que=20d'ajouter=20les=20ips=20une=20=C3=A0?= =?UTF-8?q?=20une.?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Ignore-this: 29d8a044a6bfcc23724de9831213d1b darcs-hash:20130125184040-3a55a-cee42abc272c8710a20845b9f3c46189b22fdf5f.gz --- gestion/gen_confs/firewall_new.py | 29 ++++++++++++++++++++++++----- gestion/gen_confs/ipset.py | 21 +++++++++++++++++++++ 2 files changed, 45 insertions(+), 5 deletions(-) diff --git a/gestion/gen_confs/firewall_new.py b/gestion/gen_confs/firewall_new.py index 67995eb1..3a95444c 100755 --- a/gestion/gen_confs/firewall_new.py +++ b/gestion/gen_confs/firewall_new.py @@ -335,16 +335,35 @@ class firewall_crans : except IpsetError: pass + + def __mac_ip_gen(self,machine,rules): + ip = machine.ip() + if ip.startswith("138.231.1"): + if machine.__class__.__name__ == "MachineWifi" and hostname != 'gordon': + # Machine Wifi, c'est la mac de gordon + rules[self.mac_ip_set].append((ip,mac_wifi)) + else: + # Machine fixe + rules[self.mac_ip_set].append((ip,machine.mac())) + if machine.__class__.__name__ == "MachineWifi" and hostname == 'komaz': + rules[self.mac_ip_set_wifi].append((ip,machine.mac())) + elif machine.__class__.__name__ == "MachineWifi" and hostname != 'komaz': + rules[self.mac_ip_set_wifi].append((ip,mac_komaz)) + elif ip.startswith("10.231.136."): + rules[self.mac_ip_adm_set].append((ip,machine.mac())) def mac_ip_gen(self): self.anim = anim('\tChaƮne TEST_MAC-IP', len(self.__machines())) - self.mac_ip_set.flush() - self.mac_ip_set_wifi.flush() - self.mac_ip_adm_set.flush() - self.anim.reinit() + rules={ + self.mac_ip_set:[], + self.mac_ip_set_wifi:[], + self.mac_ip_adm_set:[], + } for machine in self.__machines(): self.anim.cycle() - self.__test_mac_ip(machine, flushed = True) + self.__mac_ip_gen(machine,rules) + for set,rules in rules.items(): + set.restore(rules) self.anim.reinit() print OK diff --git a/gestion/gen_confs/ipset.py b/gestion/gen_confs/ipset.py index a4322763..7cc0862e 100755 --- a/gestion/gen_confs/ipset.py +++ b/gestion/gen_confs/ipset.py @@ -68,6 +68,25 @@ class Ipset(object): def delete(self,ip): """Delete an IP""" self.call("-D",ip) + + def restore(self,rules): + """ restore le set courrant""" + rules_str=self.restore_format(rules) + create_str="-N %s %s %s" % (self.set,self.type,self.typeopt) + str="%s\n%s\nCOMMIT\n" % (create_str,rules_str) + path='/tmp/ipset_%s' % self.set + f=open(path, 'w+') + f.write(str) + f.close() + try: + self.flush() + self.destroy() + except IpsetError: pass + cmd="cat %s | %s -R" % (path,self.ipset) + status,output=commands.getstatusoutput(cmd) + if status: + raise IpsetError(cmd,status,output) + return output def flush(self): self.call("-F") @@ -75,4 +94,6 @@ class Ipset(object): def destroy(self): self.call("-X") + def restore_format(self,rules): + return '\n'.join(["-A %s %s,%s" % (self.set,ip,mac) for (ip,mac) in rules])