From c51d51270430ced038d39cd6cd901ea07f173aa5 Mon Sep 17 00:00:00 2001 From: Nicolas Dandrimont Date: Sat, 13 Feb 2010 00:14:08 +0100 Subject: [PATCH] =?UTF-8?q?[firewall]=20Stop=20aux=20fuites=20entre=20le?= =?UTF-8?q?=20vlan=20adm=20et=20le=20vlan=20par=20d=C3=A9faut...?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Ignore-this: 85a725f581127a82a3446e889ce9d952 darcs-hash:20100212231408-ffbb2-52290f63e2d797970d231bdaf9133d029dd7935a.gz --- gestion/gen_confs/firewall.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/gestion/gen_confs/firewall.py b/gestion/gen_confs/firewall.py index 54461ae1..5dfac087 100644 --- a/gestion/gen_confs/firewall.py +++ b/gestion/gen_confs/firewall.py @@ -666,13 +666,13 @@ class firewall_komaz(firewall_crans) : for chaine in [ 'ADMIN_VLAN', 'EXT_VERS_SERVEURS', 'SERVEURS_VERS_EXT' , 'EXT_VERS_CRANS', 'CRANS_VERS_EXT', 'BLACKLIST_SRC', 'BLACKLIST_DST' , 'FILTRE_P2P' ] : iptables('-N %s' % chaine) iptables("-A FORWARD -i lo -j ACCEPT") + iptables("-A FORWARD -i %s -d %s -j ADMIN_VLAN" % (self.eth_int, self.vlan_adm) ) iptables("-A FORWARD -p icmp -j ACCEPT") iptables("-A FORWARD -i %s -d %s -j REJECT" % (self.eth_ext, self.vlan_adm) ) iptables("-A FORWARD -i %s -j BLACKLIST_DST" % self.eth_ext ) iptables("-A FORWARD -o %s -j BLACKLIST_SRC" % self.eth_ext ) iptables("-A FORWARD -s ! %s -d ! %s -j FILTRE_P2P" % (self.zone_serveur, self.zone_serveur) ) iptables("-A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT") - iptables("-A FORWARD -i %s -d %s -j ADMIN_VLAN" % (self.eth_int, self.vlan_adm) ) iptables("-A FORWARD -i %s -d %s -j EXT_VERS_SERVEURS" % (self.eth_ext, self.zone_serveur) ) iptables("-A FORWARD -o %s -s %s -j SERVEURS_VERS_EXT" % (self.eth_ext, self.zone_serveur) ) iptables("-A FORWARD -i %s -j EXT_VERS_CRANS" % self.eth_ext )