[firewall_new,ipset] Lors de la génération du pare-feu, on restaure les ipsets plutôt que d'ajouter les ips une à une.
Ignore-this: 29d8a044a6bfcc23724de9831213d1b darcs-hash:20130125184040-3a55a-cee42abc272c8710a20845b9f3c46189b22fdf5f.gz
This commit is contained in:
Valentin Samir
parent
14ac4f12ac
commit
9e16d81848
2 changed files with 45 additions and 5 deletions
|
|
@ -335,16 +335,35 @@ class firewall_crans :
|
||||||
except IpsetError:
|
except IpsetError:
|
||||||
pass
|
pass
|
||||||
|
|
||||||
|
|
||||||
|
def __mac_ip_gen(self,machine,rules):
|
||||||
|
ip = machine.ip()
|
||||||
|
if ip.startswith("138.231.1"):
|
||||||
|
if machine.__class__.__name__ == "MachineWifi" and hostname != 'gordon':
|
||||||
|
# Machine Wifi, c'est la mac de gordon
|
||||||
|
rules[self.mac_ip_set].append((ip,mac_wifi))
|
||||||
|
else:
|
||||||
|
# Machine fixe
|
||||||
|
rules[self.mac_ip_set].append((ip,machine.mac()))
|
||||||
|
if machine.__class__.__name__ == "MachineWifi" and hostname == 'komaz':
|
||||||
|
rules[self.mac_ip_set_wifi].append((ip,machine.mac()))
|
||||||
|
elif machine.__class__.__name__ == "MachineWifi" and hostname != 'komaz':
|
||||||
|
rules[self.mac_ip_set_wifi].append((ip,mac_komaz))
|
||||||
|
elif ip.startswith("10.231.136."):
|
||||||
|
rules[self.mac_ip_adm_set].append((ip,machine.mac()))
|
||||||
def mac_ip_gen(self):
|
def mac_ip_gen(self):
|
||||||
self.anim = anim('\tChaîne TEST_MAC-IP', len(self.__machines()))
|
self.anim = anim('\tChaîne TEST_MAC-IP', len(self.__machines()))
|
||||||
self.mac_ip_set.flush()
|
|
||||||
self.mac_ip_set_wifi.flush()
|
|
||||||
self.mac_ip_adm_set.flush()
|
|
||||||
|
|
||||||
self.anim.reinit()
|
self.anim.reinit()
|
||||||
|
rules={
|
||||||
|
self.mac_ip_set:[],
|
||||||
|
self.mac_ip_set_wifi:[],
|
||||||
|
self.mac_ip_adm_set:[],
|
||||||
|
}
|
||||||
for machine in self.__machines():
|
for machine in self.__machines():
|
||||||
self.anim.cycle()
|
self.anim.cycle()
|
||||||
self.__test_mac_ip(machine, flushed = True)
|
self.__mac_ip_gen(machine,rules)
|
||||||
|
for set,rules in rules.items():
|
||||||
|
set.restore(rules)
|
||||||
self.anim.reinit()
|
self.anim.reinit()
|
||||||
print OK
|
print OK
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -69,10 +69,31 @@ class Ipset(object):
|
||||||
"""Delete an IP"""
|
"""Delete an IP"""
|
||||||
self.call("-D",ip)
|
self.call("-D",ip)
|
||||||
|
|
||||||
|
def restore(self,rules):
|
||||||
|
""" restore le set courrant"""
|
||||||
|
rules_str=self.restore_format(rules)
|
||||||
|
create_str="-N %s %s %s" % (self.set,self.type,self.typeopt)
|
||||||
|
str="%s\n%s\nCOMMIT\n" % (create_str,rules_str)
|
||||||
|
path='/tmp/ipset_%s' % self.set
|
||||||
|
f=open(path, 'w+')
|
||||||
|
f.write(str)
|
||||||
|
f.close()
|
||||||
|
try:
|
||||||
|
self.flush()
|
||||||
|
self.destroy()
|
||||||
|
except IpsetError: pass
|
||||||
|
cmd="cat %s | %s -R" % (path,self.ipset)
|
||||||
|
status,output=commands.getstatusoutput(cmd)
|
||||||
|
if status:
|
||||||
|
raise IpsetError(cmd,status,output)
|
||||||
|
return output
|
||||||
|
|
||||||
def flush(self):
|
def flush(self):
|
||||||
self.call("-F")
|
self.call("-F")
|
||||||
|
|
||||||
def destroy(self):
|
def destroy(self):
|
||||||
self.call("-X")
|
self.call("-X")
|
||||||
|
|
||||||
|
def restore_format(self,rules):
|
||||||
|
return '\n'.join(["-A %s %s,%s" % (self.set,ip,mac) for (ip,mac) in rules])
|
||||||
|
|
||||||
|
|
|
||||||
Loading…
Add table
Add a link
Reference in a new issue