From e44c44f7d66c2cbafe32df6ea4cfb181eecab225 Mon Sep 17 00:00:00 2001 From: Valentin Samir Date: Fri, 14 Jun 2013 13:05:07 +0200 Subject: [PATCH] =?UTF-8?q?[firewall4]=20Passage=20dans=20filtrage=5Fports?= =?UTF-8?q?=20uniquement=20en=20entr=C3=A9e=20et=20sortie=20du=20r=C3=A9se?= =?UTF-8?q?au=20crans?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- gestion/gen_confs/firewall4.py | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/gestion/gen_confs/firewall4.py b/gestion/gen_confs/firewall4.py index 1395b131..d4c0efc9 100755 --- a/gestion/gen_confs/firewall4.py +++ b/gestion/gen_confs/firewall4.py @@ -552,7 +552,8 @@ class firewall_komaz(firewall_base_routeur): self.add(table, chain, '-j %s' % self.connexion_appartement(table)) self.add(table, chain, '-j %s' % self.ingress_filtering(table)) self.add(table, chain, '-j %s' % self.limit_ssh_connexion(table)) - self.add(table, chain, '-j %s' % self.filtrage_ports(table)) + self.add(table, chain, '-i %s -j %s' % (dev['out'], self.filtrage_ports(table))) + self.add(table, chain, '-o %s -j %s' % (dev['out'], self.filtrage_ports(table))) return def nat_table(self): @@ -873,9 +874,6 @@ class firewall_komaz(firewall_base_routeur): if config.firewall.ports_default[proto]['input']: self.add(table, chain, '-p %s -d %s -m multiport --dports %s -j RETURN' % (proto, net, ','.join( format_port(port) for port in config.firewall.ports_default[proto]['input']))) - # TODO faire un truc plus propre (config.py ?) -- b2moo - # syslog et https - self.add(table, chain, '-p udp -s 138.231.148.0/24 -m multiport --dports 443,514 -j RETURN') for machine in self.machines(): for ip in machine['ipHostNumber']: if 'portTCPout' in machine.attrs.keys():