crans/scripts
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

[firewall_new,firewall6] Plus de filtrage p2p

Browse source
This commit is contained in:
Valentin Samir 2013-03-14 17:26:39 +01:00
parent d88a7cabdc
commit ceeaa7525f
2 changed files with 10 additions and 10 deletions
Download patch file Download diff file Expand all files Collapse all files

12
gestion/gen_confs/firewall_new.py
View file

@ -582,10 +582,10 @@ class firewall_komaz(firewall_crans) :
# On marque les paquets bittorrent uniquement
iptables("-t mangle -A PREROUTING -p tcp -j CONNMARK --restore-mark")
#iptables("-t mangle -A PREROUTING -p tcp -m mark ! --mark 0x0 -j ACCEPT")
iptables("-t mangle -A PREROUTING -p tcp -m ipp2p --bit "
"-j MARK --set-mark %s" % mark)
iptables("-t mangle -A PREROUTING -p tcp -m mark --mark %s "
"-j CONNMARK --save-mark" % mark)
#iptables("-t mangle -A PREROUTING -p tcp -m ipp2p --bit "
# "-j MARK --set-mark %s" % mark)
#iptables("-t mangle -A PREROUTING -p tcp -m mark --mark %s "
# "-j CONNMARK --save-mark" % mark)
warn = ''
@ -812,7 +812,7 @@ class firewall_komaz(firewall_crans) :
iptables("-A FORWARD -i crans.3 -p tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu")
iptables("-A FORWARD -i %s -j BLACKLIST_DST" % self.eth_ext )
iptables("-A FORWARD -o %s -j BLACKLIST_SRC" % self.eth_ext )
iptables("-A FORWARD -o %s -s ! %s -d ! %s -j FILTRE_P2P" % (self.eth_ext,self.zone_serveur, self.zone_serveur) )
#iptables("-A FORWARD -o %s -s ! %s -d ! %s -j FILTRE_P2P" % (self.eth_ext,self.zone_serveur, self.zone_serveur) )
# Appartement ENS
iptables("-A FORWARD -i crans.21 -p tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu")
@ -981,7 +981,7 @@ class firewall_komaz(firewall_crans) :
self.exception_catcher(self.crans_vers_ext)
self.exception_catcher(self.ext_vers_crans)
self.exception_catcher(self.test_mac_ip)
self.exception_catcher(self.filtre_p2p)
#self.exception_catcher(self.filtre_p2p)
self.exception_catcher(self.qos)
def serveurs_maj_list_to_do(self) :