[firewall_new,firewall6] Plus de filtrage p2p

gestion/gen_confs/firewall6.py

@@ -167,10 +167,10 @@ def main_router():
     ip6tables.filter.forward('-i %s -j BLACKLIST_SRC' % dev_wifi)
     ip6tables.filter.forward('-i %s -j BLACKLIST_DST' % dev_ip6)
     
-    tracker_torrent(ip6tables)
+    #tracker_torrent(ip6tables)
-    ip6tables.filter.forward('-o %s -p udp -j TRACKER_TORRENT' % dev_ip6 )
+    #ip6tables.filter.forward('-o %s -p udp -j TRACKER_TORRENT' % dev_ip6 )
-    ip6tables.filter.forward('-o %s -p tcp -m string --algo kmp --string "GET /" -j TRACKER_TORRENT' % dev_ip6)
+    #ip6tables.filter.forward('-o %s -p tcp -m string --algo kmp --string "GET /" -j TRACKER_TORRENT' % dev_ip6)
-    ip6tables.filter.forward('-o %s -p tcp -m string --algo kmp --string "get /" -j TRACKER_TORRENT' % dev_ip6)
+    #ip6tables.filter.forward('-o %s -p tcp -m string --algo kmp --string "get /" -j TRACKER_TORRENT' % dev_ip6)
 
     
     ip6tables.filter.forward('-m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT')

gestion/gen_confs/firewall_new.py

@@ -582,10 +582,10 @@ class firewall_komaz(firewall_crans) :
         # On marque les paquets bittorrent uniquement
         iptables("-t mangle -A PREROUTING -p tcp -j CONNMARK --restore-mark")
         #iptables("-t mangle -A PREROUTING -p tcp -m mark ! --mark 0x0 -j ACCEPT")
-        iptables("-t mangle -A PREROUTING -p tcp -m ipp2p --bit "
+        #iptables("-t mangle -A PREROUTING -p tcp -m ipp2p --bit "
-                 "-j MARK --set-mark %s" % mark)
+        #         "-j MARK --set-mark %s" % mark)
-        iptables("-t mangle -A PREROUTING -p tcp -m mark --mark %s "
+        #iptables("-t mangle -A PREROUTING -p tcp -m mark --mark %s "
-                 "-j CONNMARK --save-mark" % mark)
+        #         "-j CONNMARK --save-mark" % mark)
 
         warn = ''
         
@@ -812,7 +812,7 @@ class firewall_komaz(firewall_crans) :
         iptables("-A FORWARD -i crans.3 -p tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu")
         iptables("-A FORWARD -i %s -j BLACKLIST_DST" % self.eth_ext )
         iptables("-A FORWARD -o %s -j BLACKLIST_SRC" % self.eth_ext )
-        iptables("-A FORWARD -o %s -s ! %s -d ! %s -j FILTRE_P2P" % (self.eth_ext,self.zone_serveur, self.zone_serveur) )
+        #iptables("-A FORWARD -o %s -s ! %s -d ! %s -j FILTRE_P2P" % (self.eth_ext,self.zone_serveur, self.zone_serveur) )
 
         # Appartement ENS
         iptables("-A FORWARD -i crans.21 -p tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu")
@@ -981,7 +981,7 @@ class firewall_komaz(firewall_crans) :
         self.exception_catcher(self.crans_vers_ext)
         self.exception_catcher(self.ext_vers_crans)
         self.exception_catcher(self.test_mac_ip)
-        self.exception_catcher(self.filtre_p2p)
+        #self.exception_catcher(self.filtre_p2p)
         self.exception_catcher(self.qos)
 
     def serveurs_maj_list_to_do(self) :