[gestion/gen_conf/firewall*] renommage de conf_fw en config.firewall

gestion/gen_confs/firewall.py

@@ -35,7 +35,8 @@ from ldap_crans import AssociationCrans, Machine, MachineWifi, BorneWifi
 from affich_tools import *
 from commands import getstatusoutput
 from iptools import AddrInNet, NetSubnets, IpSubnet
-from config import NETs, mac_komaz, mac_wifi, mac_titanic, conf_fw, p2p, vlans, debit_max_radin, adm_users
+from config import NETs, mac_komaz, mac_wifi, mac_titanic, p2p, vlans, debit_max_radin, adm_users
+import config.firewall
 syslog.openlog('firewall')
 
 debug = 1
@@ -516,12 +517,12 @@ class firewall_komaz(firewall_crans) :
         iptables("-t mangle -A PREROUTING -s %s -j RETURN" % self.zone_serveur)
         iptables("-t mangle -A PREROUTING -p tcp --destination-port 80 "
                  "-s %s -d ! %s -j MARK --set-mark %s" %
-                 (NETs['fil'][0], NETs['wifi'][0], conf_fw.mark['proxy']))
+                 (NETs['fil'][0], NETs['wifi'][0], config.firewall.mark['proxy']))
         iptables("-t mangle -A PREROUTING -m mark --mark %s -j ACCEPT" %
-                 conf_fw.mark['proxy'])
+                 config.firewall.mark['proxy'])
 
         # Parametres pour iptables/tc
-        mark = conf_fw.mark['bittorrent']
+        mark = config.firewall.mark['bittorrent']
         debit_adh = p2p.debit_adh
         debit_max = p2p.debit_max
         eth_ext = self.eth_ext
@@ -555,14 +556,14 @@ class firewall_komaz(firewall_crans) :
 
         # On crée les chaînes de sous-réseaux
         for net in NETs['all']:
-            for mask in conf_fw.mask:
+            for mask in config.firewall.mask:
                 for subnet in NetSubnets(net, mask):
-                    index = conf_fw.mask.index(mask)
+                    index = config.firewall.mask.index(mask)
                     if index == 0:
                         prev_chain = "POSTROUTING"
                     else:
                         ip = subnet.split('/')[0]
-                        prev_subnet = IpSubnet(ip, conf_fw.mask[index-1])
+                        prev_subnet = IpSubnet(ip, config.firewall.mask[index-1])
                         prev_chain = "SUBNET-%s" % prev_subnet
                     next_chain = "SUBNET-%s" % subnet
                     redirect_chain('mangle', prev_chain, next_chain, subnet)
@@ -612,7 +613,7 @@ class firewall_komaz(firewall_crans) :
 #                if not AddrInNet(ip, NETs['all']):
 #                    # Cas particulier d'une machine ayant une IP non CRANS
 #                    continue
-#                subnet = IpSubnet(machine.ip(), conf_fw.mask[-1])
+#                subnet = IpSubnet(machine.ip(), config.firewall.mask[-1])
 #                iptables("-t mangle -A SUBNET-%(subnet)s -o crans -d %(ip)s "
 #                         "-j CLASSIFY --set-class 1:%(class_id)s" % locals())
 #                iptables("-t mangle -A SUBNET-%(subnet)s -o ens   -s %(ip)s "
@@ -656,7 +657,7 @@ class firewall_komaz(firewall_crans) :
         iptables("-t nat -P OUTPUT ACCEPT")
 
         # Proxy transparent
-        iptables("-t nat -A PREROUTING -p tcp -m mark --mark %s " % conf_fw.mark['proxy'] +
+        iptables("-t nat -A PREROUTING -p tcp -m mark --mark %s " % config.firewall.mark['proxy'] +
                  "-j DNAT --to-destination 10.231.136.9:3128")
         print OK
 
@@ -683,7 +684,7 @@ class firewall_komaz(firewall_crans) :
         iptables("-A FORWARD -o %s -j CRANS_VERS_EXT" % self.eth_ext )
 
         # Proxy transparent
-        iptables("-I FORWARD -m mark --mark %s -j ACCEPT" % conf_fw.mark['proxy'])
+        iptables("-I FORWARD -m mark --mark %s -j ACCEPT" % config.firewall.mark['proxy'])
         print OK
 
     def classes_p2p_maj(self, ip_list):
@@ -708,7 +709,7 @@ class firewall_komaz(firewall_crans) :
             warn = ''
 
             # Parametres pour iptables/tc
-            mark = conf_fw.mark['bittorrent']
+            mark = config.firewall.mark['bittorrent']
             debit_adh = p2p.debit_adh
             debit_max = p2p.debit_max
             eth_ext = self.eth_ext
@@ -725,7 +726,7 @@ class firewall_komaz(firewall_crans) :
                     if not machines:
                         # Il faut supprimer cette entrée
                         iptables_option = '-D'
-                        subnet = IpSubnet(ip, conf_fw.mask[-1])
+                        subnet = IpSubnet(ip, config.firewall.mask[-1])
                         all_regles = iptables("-t mangle -L SUBNET-%(subnet)s -n" % locals()).split('\n')
                         regles = [line for line in all_regles if ip in line]
                         # On sélectionne la première qui doit contenir ce que l'on veut
@@ -739,7 +740,7 @@ class firewall_komaz(firewall_crans) :
                         machine = machines[0]
                         adherent = machine.proprietaire()
                         ip = machine.ip()
-                        subnet = IpSubnet(ip, conf_fw.mask[-1])
+                        subnet = IpSubnet(ip, config.firewall.mask[-1])
                         # On ne peut pas reprendre le numéro 1
                         class_id = int(adherent.id()) + 1
                         # On cree la classe et la qdisc s'il elles n'existent pas deja
@@ -1248,13 +1249,13 @@ class firewall_sable(firewall_rouge):
         iptables("-t mangle -i eth0.2 -A PREROUTING -p tcp --destination-port 3128 " +
                  "--destination 10.231.136.9 " +
                  "-m mac --mac-source %s " % mac_komaz +
-                 "-j MARK --set-mark %s" % conf_fw.mark['proxy'])
-        iptables("-t mangle -A PREROUTING -m mark --mark %s -j ACCEPT" % conf_fw.mark['proxy'])
+                 "-j MARK --set-mark %s" % config.firewall.mark['proxy'])
+        iptables("-t mangle -A PREROUTING -m mark --mark %s -j ACCEPT" % config.firewall.mark['proxy'])
 
         # On marque les paquets venant du vlan radin vers de l'https
         # pour qu'ils soient nattés
         iptables("-t mangle -A PREROUTING -i eth0.%d -p tcp -m tcp --dport 443 -j MARK --set-mark %s" %
-                 (vlans["radin"], conf_fw.mark["https-radin"]))
+                 (vlans["radin"], config.firewall.mark["https-radin"]))
 
     def filter_table(self):
         iptables("-t filter -F")
@@ -1268,7 +1269,7 @@ class firewall_sable(firewall_rouge):
     def nat_table(self):
         firewall_rouge.nat_table(self)
         # Proxy transparent pour le filiaire
-        iptables("-t nat -I PREROUTING -i eth0.2 -m mark --mark %s -j ACCEPT" % conf_fw.mark['proxy'])
+        iptables("-t nat -I PREROUTING -i eth0.2 -m mark --mark %s -j ACCEPT" % config.firewall.mark['proxy'])
 
         if_defaut = "eth0"
         if_radin = "eth0.%d" % vlans["radin"]
@@ -1287,7 +1288,7 @@ class firewall_sable(firewall_rouge):
             iptables("-t nat -i %s -A PREROUTING -p tcp --destination-port 443 -j ACCEPT" % interface)
 
         # Nat pour le https sur le vlan radin
-        iptables("-t nat -A POSTROUTING -m mark --mark %s -j MASQUERADE" % conf_fw.mark["https-radin"])
+        iptables("-t nat -A POSTROUTING -m mark --mark %s -j MASQUERADE" % config.firewall.mark["https-radin"])
 
         # Limite de débit sur le vlan radin
         try:
@@ -1366,7 +1367,7 @@ class firewall_gordon(firewall_crans) :
                  #~ "-d ! 138.231.136.0/21 " +
                  #~ ("-i %s " % self.eth_wifi) +
                  #~ "-p tcp -m tcp --dport 80 " +
-                 #~ "-j MARK --set-xmark %s/0xffffffff" % conf_fw.mark['proxy'])
+                 #~ "-j MARK --set-xmark %s/0xffffffff" % config.firewall.mark['proxy'])
         print OK
 
     def post_start_hook(self) :