crans/scripts
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

parefeu v4: portail captif pour blacklist soft

Browse source
This commit is contained in:
Daniel STAN 2014-09-30 23:38:40 +02:00
parent b74cc2b151
commit d947a60253
1 changed files with 4 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

4
gestion/gen_confs/firewall4/komaz.py
View file

@ -41,6 +41,9 @@ class firewall(base.firewall_routeur):
'upload' : base.Ipset("BLACKLIST-UPLOAD","ipmap","--from 138.231.136.0 --to 138.231.151.255"),
})
# Portail captif/blacklist soft: ipset des gens ayant cliqué pour continuer à naviguer
self.ipset['confirmation'] = base.Ipset("CONFIRMATION", "ipmap", "--from 138.231.136.0 --to 138.231.151.255")
def blacklist_maj(self, ips):
"""Mise à jour des blacklistes"""
self.blacklist_hard_maj(ips)
@ -335,6 +338,7 @@ class firewall(base.firewall_routeur):
pretty_print(table, chain)
for net in base.config.NETs['all']:
self.add(table, chain, '-d %s -j RETURN' % net)
self.add(table, chain, '-p tcp --dport 80 -m set --match-set %s src -j RETURN' % self.ipset['confirmation'] ) # Les gens qui ont cliqué -> fine !
self.add(table, chain, '-p tcp --dport 80 -m set --match-set %s src -j DNAT --to-destination 10.231.136.4:3128' % self.ipset['blacklist']['soft'] )
print OK