crans/scripts
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Firewall : nat du vlan 12 derrier l'ip wififederez, ca marche

Browse source
This commit is contained in:
Gabriel Detraz 2015-05-14 10:12:43 +02:00
parent 04b91024d9
commit bad450fe3c
1 changed files with 26 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

26
gestion/gen_confs/firewall4/komaz.py
View file

@ -19,6 +19,7 @@ class firewall(base.firewall_routeur):
'ssh_on_https' : self.ssh_on_https, 'ssh_on_https' : self.ssh_on_https,
'connexion_secours' : self.connexion_secours, 'connexion_secours' : self.connexion_secours,
'connexion_appartement' : self.connexion_appartement, 'connexion_appartement' : self.connexion_appartement,
'connexion_wififederez' : self.connexion_wififederez,
'blacklist_soft' : self.blacklist_soft, 'blacklist_soft' : self.blacklist_soft,
'blacklist_upload' : self.blacklist_upload, 'blacklist_upload' : self.blacklist_upload,
'reseaux_non_routable' : self.reseaux_non_routable, 'reseaux_non_routable' : self.reseaux_non_routable,
@ -112,6 +113,7 @@ class firewall(base.firewall_routeur):
self.add(table, chain, '-s %s -j %s' % (net, mac_ip_chain)) self.add(table, chain, '-s %s -j %s' % (net, mac_ip_chain))
self.add(table, chain, '-j %s' % self.connexion_secours(table)) self.add(table, chain, '-j %s' % self.connexion_secours(table))
self.add(table, chain, '-j %s' % self.connexion_appartement(table)) self.add(table, chain, '-j %s' % self.connexion_appartement(table))
self.add(table, chain, '-j %s' % self.connexion_wififederez(table))
self.add(table, chain, '-j %s' % self.ingress_filtering(table)) self.add(table, chain, '-j %s' % self.ingress_filtering(table))
self.add(table, chain, '-j %s' % self.limit_ssh_connexion(table)) self.add(table, chain, '-j %s' % self.limit_ssh_connexion(table))
self.add(table, chain, '-i %s -j %s' % (dev['out'], self.filtrage_ports(table))) self.add(table, chain, '-i %s -j %s' % (dev['out'], self.filtrage_ports(table)))
@ -128,6 +130,7 @@ class firewall(base.firewall_routeur):
self.add(table, chain, '-j %s' % self.blacklist_soft(table)) self.add(table, chain, '-j %s' % self.blacklist_soft(table))
chain = 'POSTROUTING' chain = 'POSTROUTING'
self.add(table, chain, '-j %s' % self.connexion_wififederez(table))
self.add(table, chain, '-j %s' % self.connexion_appartement(table)) self.add(table, chain, '-j %s' % self.connexion_appartement(table))
return return
@ -297,6 +300,29 @@ class firewall(base.firewall_routeur):
self.apply(table, chain) self.apply(table, chain)
return chain return chain
def connexion_wififederez(self, table=None, apply=False):
"""PNAT le vlan wififederez derrière wififederez.crans.org"""
chain = 'CONNEXION-WIFIFEDEREZ'
if table == 'nat':
pretty_print(table, chain)
for dev_key in ['out', 'fil', 'wifi']:
for net in base.config.NETs['federez']:
self.add(table, chain, '-o %s -s %s -j SNAT --to 138.231.136.77' % (dev[dev_key], net))
print OK
if table == 'filter':
pretty_print(table, chain)
for net in base.config.NETs['federez']:
self.add(table, chain, '-s %s -j ACCEPT' % net)
self.add(table, chain, '-d %s -j ACCEPT' % net)
print OK
if apply:
self.apply(table, chain)
return chain
def blacklist_soft_maj(self, ip_list): def blacklist_soft_maj(self, ip_list):
self.blacklist_soft(fill_ipset=True) self.blacklist_soft(fill_ipset=True)
# for ip in ip_list: # for ip in ip_list: