diff --git a/gestion/gen_confs/firewall_crans.py b/gestion/gen_confs/firewall_crans.py index 9a562458..bf9f5c53 100755 --- a/gestion/gen_confs/firewall_crans.py +++ b/gestion/gen_confs/firewall_crans.py @@ -22,6 +22,7 @@ import sys sys.path.append('/usr/scripts/gestion') import syslog +import pwd from lock import * from ldap_crans import crans_ldap, ann_scol, machine, crans, invite from affich_tools import * @@ -73,7 +74,8 @@ class firewall_crans : zone_serveur="138.231.136.0/28" vlan_adm="138.231.144.0/28" - adm_uids = [ 0, 1, 38, 103, 105, 106, 111, 112 ] + adm_users = [ "root", "identd", "daemon", "postfix", "freerad", "clamav", "amavis" ] + mac_wifi = '00:0c:f1:fa:f1:4b' @@ -209,15 +211,6 @@ class firewall_crans : """ Arrête le firewall """ cprint("Arrêt du firewall",'gras') self.disable_route() - """ - if self.hostname == 'komaz': - self.anim = anim(" Arrêt routage") - status,output=getstatusoutput('echo 0 > /proc/sys/net/ipv4/ip_forward') - if status : - print ERREUR - else : - print OK - """ self.exception_catcher(self.__stop) cprint(" -> fin de la procédure d'arrêt",'vert') @@ -248,16 +241,24 @@ class firewall_crans : self.exception_catcher(procedure) def serv_out_adm(self) : - self.anim = anim(' Output vers VLAN adm', len(self.adm_uids)) - for uid in self.adm_uids : - self.anim.cycle() - iptables("-t nat -A SERV_OUT_ADM -m owner --uid-owner %d -j ACCEPT" % uid) + self.anim = anim(' Output vers VLAN adm', len(self.adm_users)) + for user in self.adm_users : + self.anim.cycle() + try: + iptables("-t nat -A SERV_OUT_ADM -m owner --uid-owner %d -j ACCEPT" % pwd.getpwnam(user)[2]) + except KeyError: + continue + except: + print "Erreur inattendue: ", sys.exc_info()[0] + + iptables("-t nat -A SERV_OUT_ADM -p tcp --dport ldap -j ACCEPT") + iptables("-t nat -A SERV_OUT_ADM -p udp --dport ldap -j ACCEPT") iptables("-t nat -A SERV_OUT_ADM -j DROP") self.anim.reinit() print OK def __test_mac_ip(self,machine): - ip=machine.ip() + ip=machine.ip() mac=machine.mac() if machine.ipsec(): # Machine wifi, c'est la mac de Nectaris