From bad450fe3c3c8f1be7d0972a27b4d75c2e1ef57c Mon Sep 17 00:00:00 2001
From: Gabriel Detraz <detraz@crans.org>
Date: Thu, 14 May 2015 10:12:43 +0200
Subject: [PATCH] Firewall : nat du vlan 12 derrier l'ip wififederez, ca marche

---
 gestion/gen_confs/firewall4/komaz.py | 26 ++++++++++++++++++++++++++
 1 file changed, 26 insertions(+)

diff --git a/gestion/gen_confs/firewall4/komaz.py b/gestion/gen_confs/firewall4/komaz.py
index 0e7e809c..101a503b 100644
--- a/gestion/gen_confs/firewall4/komaz.py
+++ b/gestion/gen_confs/firewall4/komaz.py
@@ -19,6 +19,7 @@ class firewall(base.firewall_routeur):
             'ssh_on_https' : self.ssh_on_https,
             'connexion_secours' : self.connexion_secours,
             'connexion_appartement' : self.connexion_appartement,
+            'connexion_wififederez' : self.connexion_wififederez,
             'blacklist_soft' : self.blacklist_soft,
             'blacklist_upload' : self.blacklist_upload,
             'reseaux_non_routable' : self.reseaux_non_routable,
@@ -112,6 +113,7 @@ class firewall(base.firewall_routeur):
             self.add(table, chain, '-s %s -j %s' % (net, mac_ip_chain))
         self.add(table, chain, '-j %s' % self.connexion_secours(table))
         self.add(table, chain, '-j %s' % self.connexion_appartement(table))
+        self.add(table, chain, '-j %s' % self.connexion_wififederez(table))
         self.add(table, chain, '-j %s' % self.ingress_filtering(table))
         self.add(table, chain, '-j %s' % self.limit_ssh_connexion(table))
         self.add(table, chain, '-i %s -j %s' % (dev['out'], self.filtrage_ports(table)))
@@ -128,6 +130,7 @@ class firewall(base.firewall_routeur):
         self.add(table, chain, '-j %s' % self.blacklist_soft(table))
 
         chain = 'POSTROUTING'
+        self.add(table, chain, '-j %s' % self.connexion_wififederez(table))
         self.add(table, chain, '-j %s' % self.connexion_appartement(table))
         return
 
@@ -297,6 +300,29 @@ class firewall(base.firewall_routeur):
             self.apply(table, chain)
         return chain
 
+    def connexion_wififederez(self, table=None, apply=False):
+        """PNAT le vlan wififederez derrière wififederez.crans.org"""
+        chain = 'CONNEXION-WIFIFEDEREZ'
+            
+        if table == 'nat': 
+            pretty_print(table, chain)
+            for dev_key in ['out', 'fil', 'wifi']:
+                for net in base.config.NETs['federez']:
+                    self.add(table, chain, '-o %s -s %s -j SNAT --to 138.231.136.77' % (dev[dev_key], net))
+            print OK
+            
+        if table == 'filter':
+            pretty_print(table, chain) 
+            for net in base.config.NETs['federez']:
+                self.add(table, chain, '-s %s -j ACCEPT' % net)
+                self.add(table, chain, '-d %s -j ACCEPT' % net)
+            print OK
+        
+        if apply:
+            self.apply(table, chain)
+        return chain
+
+
     def blacklist_soft_maj(self, ip_list):
         self.blacklist_soft(fill_ipset=True)
 #        for ip in ip_list: