crans/scripts
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

[firewall] Stop aux fuites entre le vlan adm et le vlan par défaut...

Browse source 
Ignore-this: 85a725f581127a82a3446e889ce9d952

darcs-hash:20100212231408-ffbb2-52290f63e2d797970d231bdaf9133d029dd7935a.gz
This commit is contained in:
Nicolas Dandrimont 2010-02-13 00:14:08 +01:00
parent 668908a835
commit c51d512704
1 changed files with 1 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

2
gestion/gen_confs/firewall.py
View file

@ -666,13 +666,13 @@ class firewall_komaz(firewall_crans) :
for chaine in [ 'ADMIN_VLAN', 'EXT_VERS_SERVEURS', 'SERVEURS_VERS_EXT' , 'EXT_VERS_CRANS', 'CRANS_VERS_EXT', 'BLACKLIST_SRC', 'BLACKLIST_DST' , 'FILTRE_P2P' ] : for chaine in [ 'ADMIN_VLAN', 'EXT_VERS_SERVEURS', 'SERVEURS_VERS_EXT' , 'EXT_VERS_CRANS', 'CRANS_VERS_EXT', 'BLACKLIST_SRC', 'BLACKLIST_DST' , 'FILTRE_P2P' ] :
iptables('-N %s' % chaine) iptables('-N %s' % chaine)
iptables("-A FORWARD -i lo -j ACCEPT") iptables("-A FORWARD -i lo -j ACCEPT")
iptables("-A FORWARD -i %s -d %s -j ADMIN_VLAN" % (self.eth_int, self.vlan_adm) )
iptables("-A FORWARD -p icmp -j ACCEPT") iptables("-A FORWARD -p icmp -j ACCEPT")
iptables("-A FORWARD -i %s -d %s -j REJECT" % (self.eth_ext, self.vlan_adm) ) iptables("-A FORWARD -i %s -d %s -j REJECT" % (self.eth_ext, self.vlan_adm) )
iptables("-A FORWARD -i %s -j BLACKLIST_DST" % self.eth_ext ) iptables("-A FORWARD -i %s -j BLACKLIST_DST" % self.eth_ext )
iptables("-A FORWARD -o %s -j BLACKLIST_SRC" % self.eth_ext ) iptables("-A FORWARD -o %s -j BLACKLIST_SRC" % self.eth_ext )
iptables("-A FORWARD -s ! %s -d ! %s -j FILTRE_P2P" % (self.zone_serveur, self.zone_serveur) ) iptables("-A FORWARD -s ! %s -d ! %s -j FILTRE_P2P" % (self.zone_serveur, self.zone_serveur) )
iptables("-A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT") iptables("-A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT")
iptables("-A FORWARD -i %s -d %s -j ADMIN_VLAN" % (self.eth_int, self.vlan_adm) )
iptables("-A FORWARD -i %s -d %s -j EXT_VERS_SERVEURS" % (self.eth_ext, self.zone_serveur) ) iptables("-A FORWARD -i %s -d %s -j EXT_VERS_SERVEURS" % (self.eth_ext, self.zone_serveur) )
iptables("-A FORWARD -o %s -s %s -j SERVEURS_VERS_EXT" % (self.eth_ext, self.zone_serveur) ) iptables("-A FORWARD -o %s -s %s -j SERVEURS_VERS_EXT" % (self.eth_ext, self.zone_serveur) )
iptables("-A FORWARD -i %s -j EXT_VERS_CRANS" % self.eth_ext ) iptables("-A FORWARD -i %s -j EXT_VERS_CRANS" % self.eth_ext )