crans/scripts
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

[base, komaz, utils, zamok] Factorisation de code via l'ajout de la methode blacklisted_ips

Browse source 
De plus, on rend le code plus jolie en prenant en compte l'ajout récent de méthodes dans
lc_ldap.
This commit is contained in:
Valentin Samir 2014-02-19 19:35:57 +01:00
parent 63895c98d4
commit cd8ce5c729
4 changed files with 37 additions and 39 deletions
Download patch file Download diff file Expand all files Collapse all files

32
gestion/gen_confs/firewall4/komaz.py
View file

@ -298,7 +298,7 @@ class firewall(base.firewall_routeur):
# for ip in ip_list:
# machine = self.conn.search(u"ipHostNumber=%s" % ip)
# # Est-ce qu'il y a des blacklists soft parmis les blacklists de la machine
# if machine and set([bl.value['type'] for bl in machine[0].blacklist_actif() ]).intersection(base.config.blacklist_sanctions_soft):
# if machine and set([bl['type'] for bl in machine[0].blacklist_actif() ]).intersection(base.config.blacklist_sanctions_soft):
# try: self.ipset['blacklist']['soft'].add(ip)
# except IpsetError: pass
# else:
@ -312,15 +312,7 @@ class firewall(base.firewall_routeur):
if fill_ipset:
anim('\tRestoration de l\'ipset %s' % self.ipset['blacklist']['soft'])
# On récupère la liste de toutes les ips blacklistés soft
bl_soft_ips = set(
str(ip) for ips in
[
machine['ipHostNumber'] for machine in self.blacklisted_machines() if machine['ipHostNumber'] and reduce(lambda x,y: x or y, ( ip.value in base.netaddr.IPNetwork(n) for n in base.config.NETs['all'] for ip in machine['ipHostNumber']))
if set([bl.value['type'] for bl in machine.blacklist_actif() ]).intersection(base.config.blacklist_sanctions_soft)
]
for ip in ips
)
bl_soft_ips = self.blacklisted_ips(base.config.blacklist_sanctions_soft, base.config.NETs['all'])
self.ipset['blacklist']['soft'].restore(bl_soft_ips)
print OK
@ -348,7 +340,7 @@ class firewall(base.firewall_routeur):
# for ip in ip_list:
# machine = self.conn.search(u"ipHostNumber=%s" % ip)
# # Est-ce qu'il y a des blacklists pour upload parmis les blacklists de la machine
# if machine and set([bl.value['type'] for bl in machine[0].blacklist_actif() ]).intersection(blacklist_bridage_upload):
# if machine and set([bl['type'] for bl in machine[0].blacklist_actif() ]).intersection(blacklist_bridage_upload):
# try: self.ipset['blacklist']['upload'].add(ip)
# except IpsetError: pass
# else:
@ -362,15 +354,7 @@ class firewall(base.firewall_routeur):
if fill_ipset:
anim('\tRestoration de l\'ipset %s' % self.ipset['blacklist']['upload'])
# On récupère la liste de toutes les ips blacklistés pour upload
bl_upload_ips = set(
str(ip) for ips in
[
machine['ipHostNumber'] for machine in self.blacklisted_machines()
if set([bl.value['type'] for bl in machine.blacklist_actif() ]).intersection(base.config.blacklist_bridage_upload)
]
for ip in ips
)
bl_upload_ips = self.blacklisted_ips(base.config.blacklist_bridage_upload, base.config.NETs['all'])
self.ipset['blacklist']['upload'].restore(bl_upload_ips)
print OK
@ -446,13 +430,13 @@ class firewall(base.firewall_routeur):
for machine in self.machines():
for ip in machine['ipHostNumber']:
if 'portTCPout' in machine.attrs.keys():
if 'portTCPout' in machine:
add_ports(ip, machine, 'tcp', 'out')
if 'portUDPout' in machine.attrs.keys():
if 'portUDPout' in machine:
add_ports(ip, machine, 'udp', 'out')
if 'portTCPin' in machine.attrs.keys():
if 'portTCPin' in machine:
add_ports(ip, machine, 'tcp', 'in')
if 'portUDPin' in machine.attrs.keys():
if 'portUDPin' in machine:
add_ports(ip, machine, 'udp', 'in')
self.add(table, chain, '-j REJECT')