Firewall : nat du vlan 12 derrier l'ip wififederez, ca marche

2015-05-14 10:12:43 +02:00 · 2015-05-14 10:12:43 +02:00 · bad450fe3c
commit bad450fe3c
parent 04b91024d9
1 changed files with 26 additions and 0 deletions
--- a/gestion/gen_confs/firewall4/komaz.py
+++ b/gestion/gen_confs/firewall4/komaz.py
@ -19,6 +19,7 @@ class firewall(base.firewall_routeur):
            'ssh_on_https' : self.ssh_on_https,
            'connexion_secours' : self.connexion_secours,
            'connexion_appartement' : self.connexion_appartement,
+            'connexion_wififederez' : self.connexion_wififederez,
            'blacklist_soft' : self.blacklist_soft,
            'blacklist_upload' : self.blacklist_upload,
            'reseaux_non_routable' : self.reseaux_non_routable,
@ -112,6 +113,7 @@ class firewall(base.firewall_routeur):
            self.add(table, chain, '-s %s -j %s' % (net, mac_ip_chain))
        self.add(table, chain, '-j %s' % self.connexion_secours(table))
        self.add(table, chain, '-j %s' % self.connexion_appartement(table))
+        self.add(table, chain, '-j %s' % self.connexion_wififederez(table))
        self.add(table, chain, '-j %s' % self.ingress_filtering(table))
        self.add(table, chain, '-j %s' % self.limit_ssh_connexion(table))
        self.add(table, chain, '-i %s -j %s' % (dev['out'], self.filtrage_ports(table)))
@ -128,6 +130,7 @@ class firewall(base.firewall_routeur):
        self.add(table, chain, '-j %s' % self.blacklist_soft(table))

        chain = 'POSTROUTING'
+        self.add(table, chain, '-j %s' % self.connexion_wififederez(table))
        self.add(table, chain, '-j %s' % self.connexion_appartement(table))
        return

@ -297,6 +300,29 @@ class firewall(base.firewall_routeur):
            self.apply(table, chain)
        return chain

+    def connexion_wififederez(self, table=None, apply=False):
+        """PNAT le vlan wififederez derrière wififederez.crans.org"""
+        chain = 'CONNEXION-WIFIFEDEREZ'
+            
+        if table == 'nat': 
+            pretty_print(table, chain)
+            for dev_key in ['out', 'fil', 'wifi']:
+                for net in base.config.NETs['federez']:
+                    self.add(table, chain, '-o %s -s %s -j SNAT --to 138.231.136.77' % (dev[dev_key], net))
+            print OK
+            
+        if table == 'filter':
+            pretty_print(table, chain) 
+            for net in base.config.NETs['federez']:
+                self.add(table, chain, '-s %s -j ACCEPT' % net)
+                self.add(table, chain, '-d %s -j ACCEPT' % net)
+            print OK
+        
+        if apply:
+            self.apply(table, chain)
+        return chain
+
+
    def blacklist_soft_maj(self, ip_list):
        self.blacklist_soft(fill_ipset=True)
 #        for ip in ip_list: