From ceeaa7525f0d0e56aec596ecd43740845b49e42b Mon Sep 17 00:00:00 2001 From: Valentin Samir Date: Thu, 14 Mar 2013 17:26:39 +0100 Subject: [PATCH] [firewall_new,firewall6] Plus de filtrage p2p --- gestion/gen_confs/firewall6.py | 8 ++++---- gestion/gen_confs/firewall_new.py | 12 ++++++------ 2 files changed, 10 insertions(+), 10 deletions(-) diff --git a/gestion/gen_confs/firewall6.py b/gestion/gen_confs/firewall6.py index ba55c77a..cadf9a51 100755 --- a/gestion/gen_confs/firewall6.py +++ b/gestion/gen_confs/firewall6.py @@ -167,10 +167,10 @@ def main_router(): ip6tables.filter.forward('-i %s -j BLACKLIST_SRC' % dev_wifi) ip6tables.filter.forward('-i %s -j BLACKLIST_DST' % dev_ip6) - tracker_torrent(ip6tables) - ip6tables.filter.forward('-o %s -p udp -j TRACKER_TORRENT' % dev_ip6 ) - ip6tables.filter.forward('-o %s -p tcp -m string --algo kmp --string "GET /" -j TRACKER_TORRENT' % dev_ip6) - ip6tables.filter.forward('-o %s -p tcp -m string --algo kmp --string "get /" -j TRACKER_TORRENT' % dev_ip6) + #tracker_torrent(ip6tables) + #ip6tables.filter.forward('-o %s -p udp -j TRACKER_TORRENT' % dev_ip6 ) + #ip6tables.filter.forward('-o %s -p tcp -m string --algo kmp --string "GET /" -j TRACKER_TORRENT' % dev_ip6) + #ip6tables.filter.forward('-o %s -p tcp -m string --algo kmp --string "get /" -j TRACKER_TORRENT' % dev_ip6) ip6tables.filter.forward('-m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT') diff --git a/gestion/gen_confs/firewall_new.py b/gestion/gen_confs/firewall_new.py index 303842ee..463280b1 100755 --- a/gestion/gen_confs/firewall_new.py +++ b/gestion/gen_confs/firewall_new.py @@ -582,10 +582,10 @@ class firewall_komaz(firewall_crans) : # On marque les paquets bittorrent uniquement iptables("-t mangle -A PREROUTING -p tcp -j CONNMARK --restore-mark") #iptables("-t mangle -A PREROUTING -p tcp -m mark ! --mark 0x0 -j ACCEPT") - iptables("-t mangle -A PREROUTING -p tcp -m ipp2p --bit " - "-j MARK --set-mark %s" % mark) - iptables("-t mangle -A PREROUTING -p tcp -m mark --mark %s " - "-j CONNMARK --save-mark" % mark) + #iptables("-t mangle -A PREROUTING -p tcp -m ipp2p --bit " + # "-j MARK --set-mark %s" % mark) + #iptables("-t mangle -A PREROUTING -p tcp -m mark --mark %s " + # "-j CONNMARK --save-mark" % mark) warn = '' @@ -812,7 +812,7 @@ class firewall_komaz(firewall_crans) : iptables("-A FORWARD -i crans.3 -p tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu") iptables("-A FORWARD -i %s -j BLACKLIST_DST" % self.eth_ext ) iptables("-A FORWARD -o %s -j BLACKLIST_SRC" % self.eth_ext ) - iptables("-A FORWARD -o %s -s ! %s -d ! %s -j FILTRE_P2P" % (self.eth_ext,self.zone_serveur, self.zone_serveur) ) + #iptables("-A FORWARD -o %s -s ! %s -d ! %s -j FILTRE_P2P" % (self.eth_ext,self.zone_serveur, self.zone_serveur) ) # Appartement ENS iptables("-A FORWARD -i crans.21 -p tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu") @@ -981,7 +981,7 @@ class firewall_komaz(firewall_crans) : self.exception_catcher(self.crans_vers_ext) self.exception_catcher(self.ext_vers_crans) self.exception_catcher(self.test_mac_ip) - self.exception_catcher(self.filtre_p2p) + #self.exception_catcher(self.filtre_p2p) self.exception_catcher(self.qos) def serveurs_maj_list_to_do(self) :